NAME

CVSS::Base - Base class for CVSS

DESCRIPTION

These are base class for CVSS::v2, CVSS::v3 and CVSS::v4 classes.

METHODS

$cvss->version

Return the CVSS version.

$cvss->vector_string

Return the CVSS vector string.

$cvss->metrics

Return the HASH of CVSS metrics.

SCORE & SEVERITY

$cvss->scores

Return the HASH of calculated score (base, impact, temporal, etc.).

$scores = $cvss->scores;

say Dumper($scores);

# { "base"           => "7.4",
#   "exploitability" => "1.6",
#   "impact"         => "5.9" }
$cvss->calculate_score

Performs the calculation of the score in accordance with the CVSS specification.

$cvss->score_to_severity ( $score )

Convert the score in severity

$cvss->base_score

Return the base score (0 - 10).

$cvss->base_severity

Return the base severity (LOW, MEDIUM, HIGH or CRITICAL).

$cvss->temporal_score

Return the temporal score (0 - 10) -- (CVSS 2.0/3.x)

$cvss->temporal_severity

Return the temporal severity (LOW, MEDIUM, HIGH or CRITICAL) -- (CVSS 2.0/3.x)

$cvss->environmental_score

Return the environmental score (0 - 10) -- (CVSS 2.0/3.x)

$cvss->environmental_severity

Return the environmental severity (LOW, MEDIUM, HIGH or CRITICAL) -- (CVSS 2.0/3.x)

$cvss->impact_score

Return the impact score (0 - 10) -- (CVSS 2.0/3.x)

$cvss->exploitability_score

Return the exploitability score (0 - 10) -- (CVSS 2.0/3.x)

$cvss->modified_impact_score

Return the modified impact score (0 - 10) -- (CVSS 2.0/3.x)

METRICS

$cvss->M ( $metric )

Return the metric value (short)

say $cvss->M('AV'); # A
$cvss->metric ( $metric )

Return the metric value (long)

say $cvss->metric('AV'); # ADJACENT_NETWORK
$cvss->metric_group_is_set ( $group )

DATA REPRESENTATIONS

$cvss->to_vector_string

Convert the CVSS object in vector string

say $cvss->to_vector_string; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

# or

say $cvss; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
$cvss->to_xml

Convert the CVSS object in XML in according of CVSS XML Schema Definition.

  • https://nvd.nist.gov/schema/cvss-v2_0.2.xsd - XSD for CVSS v2.0

  • https://www.first.org/cvss/cvss-v3.0.xsd - XSD for CVSS v3.0

  • https://www.first.org/cvss/cvss-v3.1.xsd - XSD for CVSS v3.1

  • https://www.first.org/cvss/cvss-v4.0.xsd - XSD for CVSS v4.0

say $cvss->to_xml;

# <?xml version="1.0" encoding="UTF-8"?>
# <cvssv3.1 xmlns="https://www.first.org/cvss/cvss-v3.1.xsd"
#   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
#   xsi:schemaLocation="https://www.first.org/cvss/cvss-v3.1.xsd https://www.first.org/cvss/cvss-v3.1.xsd"
#   >
# 
#   <base_metrics>
#     <attack-vector>ADJACENT_NETWORK</attack-vector>
#     <attack-complexity>LOW</attack-complexity>
#     <privileges-required>LOW</privileges-required>
#     <user-interaction>REQUIRED</user-interaction>
#     <scope>UNCHANGED</scope>
#     <confidentiality-impact>HIGH</confidentiality-impact>
#     <integrity-impact>HIGH</integrity-impact>
#     <availability-impact>HIGH</availability-impact>
#     <base-score>7.4</base-score>
#     <base-severity>HIGH</base-severity>
#   </base_metrics>
# 
# </cvssv3.1>
$cvss->TO_JSON

Helper method for JSON modules (JSON, JSON::PP, JSON::XS, Mojo::JSON, etc).

Convert the CVSS object in JSON format in according of CVSS JSON Schema.

  • https://www.first.org/cvss/cvss-v2.0.json - JSON Schema for CVSS v2.0.

  • https://www.first.org/cvss/cvss-v3.0.json - JSON Schema for CVSS v3.0.

  • https://www.first.org/cvss/cvss-v3.1.json - JSON Schema for CVSS v3.1.

  • https://www.first.org/cvss/cvss-v4.0.json - JSON Schema for CVSS v4.0.

use Mojo::JSON qw(encode_json);

say encode_json($cvss);

# {
#    "attackComplexity" : "LOW",
#    "attackVector" : "ADJACENT_NETWORK",
#    "availabilityImpact" : "HIGH",
#    "baseScore" : 7.4,
#    "baseSeverity" : "HIGH",
#    "confidentialityImpact" : "HIGH",
#    "integrityImpact" : "HIGH",
#    "privilegesRequired" : "LOW",
#    "scope" : "UNCHANGED",
#    "userInteraction" : "REQUIRED",
#    "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
#    "version" : "3.1"
# }

CONSTANTS

$cvss->ATTRIBUTES

Returns the HASH of all metrics in { "JSON name" => "metric", ... } format.

$cvss->METRIC_GROUPS

Returns the HASH of the metric group (base, environmental, temporal, etc.) and its metrics.

$cvss->METRIC_NAMES

Returns the HASH of the names of all metric values.

$cvss->METRIC_VALUES

Returns the HASH of all metric values.

$cvss->NOT_DEFINED_VALUE

Returns the NOT_DEFINED vector value (ND or X).

$cvss->SCORE_SEVERITY

Returns the HASH of { severity => { min => score, max => score }, ... } used by score_to_severity.

$cvss->VECTOR_STRING_REGEX

Return the Vector String REGEX.

SEE ALSO

CVSS::v2, CVSS::v3, CVSS::v4

SUPPORT

Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-CVSS/issues. You will be notified automatically of any progress on your issue.

Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

https://github.com/giterlizzi/perl-CVSS

git clone https://github.com/giterlizzi/perl-CVSS.git

AUTHOR

  • Giuseppe Di Terlizzi <gdt@cpan.org>

LICENSE AND COPYRIGHT

This software is copyright (c) 2023-2024 by Giuseppe Di Terlizzi.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.