NAME
CVSS::Base - Base class for CVSS
DESCRIPTION
These are base class for CVSS::v2, CVSS::v3 and CVSS::v4 classes.
METHODS
- $cvss->version
-
Return the CVSS version.
- $cvss->vector_string
-
Return the CVSS vector string.
- $cvss->metrics
-
Return the HASH of CVSS metrics.
SCORE & SEVERITY
- $cvss->scores
-
Return the HASH of calculated score (base, impact, temporal, etc.).
$scores = $cvss->scores; say Dumper($scores); # { "base" => "7.4", # "exploitability" => "1.6", # "impact" => "5.9" }
- $cvss->calculate_score
-
Performs the calculation of the score in accordance with the CVSS specification.
- $cvss->score_to_severity ( $score )
-
Convert the score in severity
- $cvss->base_score
-
Return the base score (0 - 10).
- $cvss->base_severity
-
Return the base severity (LOW, MEDIUM, HIGH or CRITICAL).
- $cvss->temporal_score
-
Return the temporal score (0 - 10) -- (CVSS 2.0/3.x)
- $cvss->temporal_severity
-
Return the temporal severity (LOW, MEDIUM, HIGH or CRITICAL) -- (CVSS 2.0/3.x)
- $cvss->environmental_score
-
Return the environmental score (0 - 10) -- (CVSS 2.0/3.x)
- $cvss->environmental_severity
-
Return the environmental severity (LOW, MEDIUM, HIGH or CRITICAL) -- (CVSS 2.0/3.x)
- $cvss->impact_score
-
Return the impact score (0 - 10) -- (CVSS 2.0/3.x)
- $cvss->exploitability_score
-
Return the exploitability score (0 - 10) -- (CVSS 2.0/3.x)
- $cvss->modified_impact_score
-
Return the modified impact score (0 - 10) -- (CVSS 2.0/3.x)
METRICS
- $cvss->M ( $metric )
-
Return the metric value (short)
say $cvss->M('AV'); # A
- $cvss->metric ( $metric )
-
Return the metric value (long)
say $cvss->metric('AV'); # ADJACENT_NETWORK
- $cvss->metric_group_is_set ( $group )
DATA REPRESENTATIONS
- $cvss->to_vector_string
-
Convert the CVSS object in vector string
say $cvss->to_vector_string; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H # or say $cvss; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- $cvss->to_xml
-
Convert the CVSS object in XML in according of CVSS XML Schema Definition.
https://nvd.nist.gov/schema/cvss-v2_0.2.xsd - XSD for CVSS v2.0
https://www.first.org/cvss/cvss-v3.0.xsd - XSD for CVSS v3.0
https://www.first.org/cvss/cvss-v3.1.xsd - XSD for CVSS v3.1
https://www.first.org/cvss/cvss-v4.0.xsd - XSD for CVSS v4.0
say $cvss->to_xml; # <?xml version="1.0" encoding="UTF-8"?> # <cvssv3.1 xmlns="https://www.first.org/cvss/cvss-v3.1.xsd" # xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" # xsi:schemaLocation="https://www.first.org/cvss/cvss-v3.1.xsd https://www.first.org/cvss/cvss-v3.1.xsd" # > # # <base_metrics> # <attack-vector>ADJACENT_NETWORK</attack-vector> # <attack-complexity>LOW</attack-complexity> # <privileges-required>LOW</privileges-required> # <user-interaction>REQUIRED</user-interaction> # <scope>UNCHANGED</scope> # <confidentiality-impact>HIGH</confidentiality-impact> # <integrity-impact>HIGH</integrity-impact> # <availability-impact>HIGH</availability-impact> # <base-score>7.4</base-score> # <base-severity>HIGH</base-severity> # </base_metrics> # # </cvssv3.1>
- $cvss->TO_JSON
-
Helper method for JSON modules (JSON, JSON::PP, JSON::XS, Mojo::JSON, etc).
Convert the CVSS object in JSON format in according of CVSS JSON Schema.
https://www.first.org/cvss/cvss-v2.0.json - JSON Schema for CVSS v2.0.
https://www.first.org/cvss/cvss-v3.0.json - JSON Schema for CVSS v3.0.
https://www.first.org/cvss/cvss-v3.1.json - JSON Schema for CVSS v3.1.
https://www.first.org/cvss/cvss-v4.0.json - JSON Schema for CVSS v4.0.
use Mojo::JSON qw(encode_json); say encode_json($cvss); # { # "attackComplexity" : "LOW", # "attackVector" : "ADJACENT_NETWORK", # "availabilityImpact" : "HIGH", # "baseScore" : 7.4, # "baseSeverity" : "HIGH", # "confidentialityImpact" : "HIGH", # "integrityImpact" : "HIGH", # "privilegesRequired" : "LOW", # "scope" : "UNCHANGED", # "userInteraction" : "REQUIRED", # "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", # "version" : "3.1" # }
CONSTANTS
- $cvss->ATTRIBUTES
-
Returns the HASH of all metrics in
{ "JSON name" => "metric", ... }
format. - $cvss->METRIC_GROUPS
-
Returns the HASH of the metric group (base, environmental, temporal, etc.) and its metrics.
- $cvss->METRIC_NAMES
-
Returns the HASH of the names of all metric values.
- $cvss->METRIC_VALUES
-
Returns the HASH of all metric values.
- $cvss->NOT_DEFINED_VALUE
-
Returns the NOT_DEFINED vector value (
ND
orX
). - $cvss->SCORE_SEVERITY
-
Returns the HASH of
{ severity => { min => score, max => score }, ... }
used byscore_to_severity
. - $cvss->VECTOR_STRING_REGEX
-
Return the Vector String REGEX.
SEE ALSO
SUPPORT
Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-CVSS/issues. You will be notified automatically of any progress on your issue.
Source Code
This is open source software. The code repository is available for public review and contribution under the terms of the license.
https://github.com/giterlizzi/perl-CVSS
git clone https://github.com/giterlizzi/perl-CVSS.git
AUTHOR
Giuseppe Di Terlizzi <gdt@cpan.org>
LICENSE AND COPYRIGHT
This software is copyright (c) 2023-2024 by Giuseppe Di Terlizzi.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.