Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/giterlizzi/perl-cvss

Perl extension for CVSS (Common Vulnerability Scoring System) 2.0/3.x/4.0
https://github.com/giterlizzi/perl-cvss

cvss cvss2 cvss3 cvss4 perl security security-tools securtity-cli

Last synced: about 2 months ago
JSON representation

Perl extension for CVSS (Common Vulnerability Scoring System) 2.0/3.x/4.0

Host: GitHub
URL: https://github.com/giterlizzi/perl-cvss
Owner: giterlizzi
License: artistic-2.0
Created: 2024-07-24T23:10:40.000Z (5 months ago)
Default Branch: main
Last Pushed: 2024-08-16T20:48:48.000Z (5 months ago)
Last Synced: 2024-10-13T11:23:06.520Z (3 months ago)
Topics: cvss, cvss2, cvss3, cvss4, perl, security, security-tools, securtity-cli
Language: Perl
Homepage: https://metacpan.org/dist/CVSS
Size: 170 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- Changelog: Changes
- License: LICENSE

Awesome Lists containing this project

README

        [![Release](https://img.shields.io/github/release/giterlizzi/perl-CVSS.svg)](https://github.com/giterlizzi/perl-CVSS/releases) [![Actions Status](https://github.com/giterlizzi/perl-CVSS/workflows/linux/badge.svg)](https://github.com/giterlizzi/perl-CVSS/actions) [![License](https://img.shields.io/github/license/giterlizzi/perl-CVSS.svg)](https://github.com/giterlizzi/perl-CVSS) [![Starts](https://img.shields.io/github/stars/giterlizzi/perl-CVSS.svg)](https://github.com/giterlizzi/perl-CVSS) [![Forks](https://img.shields.io/github/forks/giterlizzi/perl-CVSS.svg)](https://github.com/giterlizzi/perl-CVSS) [![Issues](https://img.shields.io/github/issues/giterlizzi/perl-CVSS.svg)](https://github.com/giterlizzi/perl-CVSS/issues) [![Coverage Status](https://coveralls.io/repos/github/giterlizzi/perl-CVSS/badge.svg)](https://coveralls.io/github/giterlizzi/perl-CVSS)

# CVSS - Perl extension for CVSS (Common Vulnerability Scoring System) 2.0/3.x/4.0

## Synopsis

```.pl

use CVSS;

# OO-interface

# Method 1 - Use params

$cvss = CVSS->new(

  version => '3.1',

  metrics => {

      AV => 'A',

      AC => 'L',

      PR => 'L',

      UI => 'R',

      S => 'U',

      C => 'H',

      I => 'H',

      A => 'H',

  }

);

# Method 2 - Decode and parse the vector string

use CVSS;

$cvss = CVSS->from_vector_string('CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H');

say $cvss->base_score; # 7.4

# Method 3 - Builder

use CVSS;

$cvss = CVSS->new(version => '3.1');

$cvss->attackVector('ADJACENT_NETWORK');

$cvss->attackComplexity('LOW');

$cvss->privilegesRequired('LOW');

$cvss->userInteraction('REQUIRED');

$cvss->scope('UNCHANGED');

$cvss->confidentialityImpact('HIGH');

$cvss->integrityImpact('HIGH');

$cvss->availabilityImpact('HIGH');

$cvss->calculate_score;

# Common methods

# Convert the CVSS object in "vector string"

say $cvss; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

# Get metric value

say $cvss->AV; # A

say $cvss->attackVector; # ADJACENT_NETWORK

# Get the base score

say $cvss->base_score; # 7.4

# Get all scores

say Dumper($cvss->scores);

# { "base"           => "7.4",

#   "exploitability" => "1.6",

#   "impact"         => "5.9" }

# Get the base severity

say $cvss->base_severity # HIGH

# Convert CVSS in XML in according of CVSS XML Schema Definition

$xml = $cvss->to_xml;

# Convert CVSS in JSON in according of CVSS JSON Schema

$json = encode_json($cvss);

# exported functions

use CVSS qw(decode_cvss encode_cvss)

$cvss = decode_cvss('CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H');

say $cvss->base_score;  # 7.4

$vector_string = encode_cvss(version => '3.1', metrics => {...});

say $cvss_string; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

```

## cvss command-line-interface

Get the base score:

```console

$ cvss CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H --base-score

7.4

```

Get the base severity:

```console

$ cvss CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H --base-severity

HIGH

```

Parses the provided vector string and returns the JSON representation:

```console

$ cvss CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H --json | jq

{

  "attackComplexity": "LOW",

  "attackVector": "ADJACENT_NETWORK",

  "availabilityImpact": "HIGH",

  "baseScore": 7.4,

  "baseSeverity": "HIGH",

  "confidentialityImpact": "HIGH",

  "integrityImpact": "HIGH",

  "privilegesRequired": "LOW",

  "scope": "UNCHANGED",

  "userInteraction": "REQUIRED",

  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",

  "version": "3.1"

}

```

Parses the provided vector string and returns the XML representation:

```console

$ cvss CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H --xml

  

    ADJACENT_NETWORK

    LOW

    LOW

    REQUIRED

    UNCHANGED

    HIGH

    HIGH

    HIGH

    7.4

    HIGH

  

```

## Install

Using Makefile.PL:

To install `CVSS` distribution, run the following commands.

    perl Makefile.PL

    make

    make test

    make install

Using `App::cpanminus`:

    cpanm CVSS

## Documentation

- `perldoc CVSS`

- https://metacpan.org/release/CVSS

- [FIRST] CVSS Data Representations (https://www.first.org/cvss/data-representations)

- [FIRST] CVSS v4.0 Specification (https://www.first.org/cvss/v4.0/specification-document)

- [FIRST] CVSS v3.1 Specification (https://www.first.org/cvss/v3.1/specification-document)

- [FIRST] CVSS v3.0 Specification (https://www.first.org/cvss/v3.0/specification-document)

- [FIRST] CVSS v2.0 Complete Guide (https://www.first.org/cvss/v2/guide)

## Copyright

- Copyright 2007-2024 © FIRST.org - Forum of Incident Response and Security Teams, Inc.

- Copyright 2023-2024 © Giuseppe Di Terlizzi