Coverage for turvallisuusneuvonta/csaf/cvss/cvss.py: 100.00%
91 statements
« prev ^ index » next coverage.py v7.0.3, created at 2023-01-07 19:14 +0100
« prev ^ index » next coverage.py v7.0.3, created at 2023-01-07 19:14 +0100
1"""CSAF CVSS 2/3.0/3.1 proxy implementation."""
3from __future__ import annotations
5from enum import Enum
6from typing import Annotated, Optional
8from pydantic import BaseModel, Field
10from turvallisuusneuvonta.csaf.cvss.definitions import (
11 AccessComplexityType,
12 AccessVectorType,
13 AttackComplexityType,
14 AttackVectorType,
15 AuthenticationType,
16 CiaRequirementType,
17 CiaType,
18 CollateralDamagePotentialType,
19 ConfidenceType,
20 ExploitabilityType,
21 ExploitCodeMaturityType,
22 ModifiedAttackComplexityType,
23 ModifiedAttackVectorType,
24 ModifiedCiaType,
25 ModifiedPrivilegesRequiredType,
26 ModifiedScopeType,
27 ModifiedUserInteractionType,
28 PrivilegesRequiredType,
29 RemediationLevelType,
30 ReportConfidenceType,
31 ScopeType,
32 ScoreType,
33 SeverityType,
34 TargetDistributionType,
35 UserInteractionType,
36)
39class Version(Enum):
40 """
41 CVSS Version
42 """
44 two = '2.0'
45 three_zero = '3.0'
46 three_wun = '3.1'
49class CVSS2(BaseModel):
50 version: Annotated[Version, Field(description='CVSS Version')] = Version.two
51 vector_string: Annotated[
52 str,
53 Field(
54 alias='vector_string',
55 regex=(
56 '^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:'
57 '(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:'
58 '(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:'
59 '(L|M|H|ND))$'
60 ),
61 ),
62 ]
63 access_vector: Annotated[Optional[AccessVectorType], Field(alias='access_vector')] = None
64 access_complexity: Annotated[Optional[AccessComplexityType], Field(alias='access_complexity')] = None
65 authentication: Optional[AuthenticationType] = None
66 confidentiality_impact: Annotated[Optional[CiaType], Field(alias='confidentiality_impact')] = None
67 integrity_impact: Annotated[Optional[CiaType], Field(alias='integrity_impact')] = None
68 availability_impact: Annotated[Optional[CiaType], Field(alias='availability_impact')] = None
69 base_score: Annotated[ScoreType, Field(alias='base_score')]
70 exploitability: Optional[ExploitabilityType] = None
71 remediation_level: Annotated[Optional[RemediationLevelType], Field(alias='remediation_level')] = None
72 report_confidence: Annotated[Optional[ReportConfidenceType], Field(alias='report_confidence')] = None
73 temporal_score: Annotated[Optional[ScoreType], Field(alias='temporal_score')] = None
74 collateral_damage_potential: Annotated[
75 Optional[CollateralDamagePotentialType],
76 Field(alias='collateral_damage_potential'),
77 ] = None
78 target_distribution: Annotated[Optional[TargetDistributionType], Field(alias='target_distribution')] = None
79 confidentiality_requirement: Annotated[
80 Optional[CiaRequirementType], Field(alias='confidentiality_requirement')
81 ] = None
82 integrity_requirement: Annotated[Optional[CiaRequirementType], Field(alias='integrity_requirement')] = None
83 availability_requirement: Annotated[Optional[CiaRequirementType], Field(alias='availability_requirement')] = None
84 environmental_score: Annotated[Optional[ScoreType], Field(alias='environmental_score')] = None
87class CVSS30(BaseModel):
88 version: Annotated[Version, Field(description='CVSS Version')] = Version.three_zero
89 vector_string: Annotated[
90 str,
91 Field(
92 alias='vector_string',
93 regex=(
94 '^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|'
95 '[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|'
96 'AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|'
97 'MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$'
98 ),
99 ),
100 ]
101 attack_vector: Annotated[Optional[AttackVectorType], Field(alias='attack_vector')] = None
102 attack_complexity: Annotated[Optional[AttackComplexityType], Field(alias='attack_complexity')] = None
103 privileges_required: Annotated[Optional[PrivilegesRequiredType], Field(alias='privileges_required')] = None
104 user_interaction: Annotated[Optional[UserInteractionType], Field(alias='user_interaction')] = None
105 scope: Optional[ScopeType] = None
106 confidentiality_impact: Annotated[Optional[CiaType], Field(alias='confidentiality_impact')] = None
107 integrity_impact: Annotated[Optional[CiaType], Field(alias='integrity_impact')] = None
108 availability_impact: Annotated[Optional[CiaType], Field(alias='availability_impact')] = None
109 base_score: Annotated[ScoreType, Field(alias='base_score')]
110 base_severity: Annotated[SeverityType, Field(alias='base_severity')]
111 exploit_code_maturity: Annotated[Optional[ExploitCodeMaturityType], Field(alias='exploit_code_maturity')] = None
112 remediation_level: Annotated[Optional[RemediationLevelType], Field(alias='remediation_level')] = None
113 report_confidence: Annotated[Optional[ConfidenceType], Field(alias='report_confidence')] = None
114 temporal_score: Annotated[Optional[ScoreType], Field(alias='temporal_score')] = None
115 temporal_severity: Annotated[Optional[SeverityType], Field(alias='temporal_severity')] = None
116 confidentiality_requirement: Annotated[
117 Optional[CiaRequirementType], Field(alias='confidentiality_requirement')
118 ] = None
119 integrity_requirement: Annotated[Optional[CiaRequirementType], Field(alias='integrity_requirement')] = None
120 availability_requirement: Annotated[Optional[CiaRequirementType], Field(alias='availability_requirement')] = None
121 modified_attack_vector: Annotated[Optional[ModifiedAttackVectorType], Field(alias='modified_attack_vector')] = None
122 modified_attack_complexity: Annotated[
123 Optional[ModifiedAttackComplexityType], Field(alias='modified_attack_complexity')
124 ] = None
125 modified_privileges_required: Annotated[
126 Optional[ModifiedPrivilegesRequiredType],
127 Field(alias='modified_privileges_required'),
128 ] = None
129 modified_user_interaction: Annotated[
130 Optional[ModifiedUserInteractionType], Field(alias='modified_user_interaction')
131 ] = None
132 modified_scope: Annotated[Optional[ModifiedScopeType], Field(alias='modified_scope')] = None
133 modified_confidentiality_impact: Annotated[
134 Optional[ModifiedCiaType], Field(alias='modified_confidentiality_impact')
135 ] = None
136 modified_integrity_impact: Annotated[Optional[ModifiedCiaType], Field(alias='modified_integrity_impact')] = None
137 modified_availability_impact: Annotated[
138 Optional[ModifiedCiaType], Field(alias='modified_availability_impact')
139 ] = None
140 environmental_score: Annotated[Optional[ScoreType], Field(alias='environmental_score')] = None
141 environmental_severity: Annotated[Optional[SeverityType], Field(alias='environmental_severity')] = None
144class CVSS31(BaseModel):
145 version: Annotated[Version, Field(description='CVSS Version')] = Version.three_wun
146 vector_string: Annotated[
147 str,
148 Field(
149 alias='vector_string',
150 regex=(
151 '^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:'
152 '[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*'
153 '(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:'
154 '[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$'
155 ),
156 ),
157 ]
158 attack_vector: Annotated[Optional[AttackVectorType], Field(alias='attack_vector')] = None
159 attack_complexity: Annotated[Optional[AttackComplexityType], Field(alias='attack_complexity')] = None
160 privileges_required: Annotated[Optional[PrivilegesRequiredType], Field(alias='privileges_required')] = None
161 user_interaction: Annotated[Optional[UserInteractionType], Field(alias='user_interaction')] = None
162 scope: Optional[ScopeType] = None
163 confidentiality_impact: Annotated[Optional[CiaType], Field(alias='confidentiality_impact')] = None
164 integrity_impact: Annotated[Optional[CiaType], Field(alias='integrity_impact')] = None
165 availability_impact: Annotated[Optional[CiaType], Field(alias='availability_impact')] = None
166 base_score: Annotated[ScoreType, Field(alias='base_score')]
167 base_severity: Annotated[SeverityType, Field(alias='base_severity')]
168 exploit_code_maturity: Annotated[Optional[ExploitCodeMaturityType], Field(alias='exploit_code_maturity')] = None
169 remediation_level: Annotated[Optional[RemediationLevelType], Field(alias='remediation_level')] = None
170 report_confidence: Annotated[Optional[ConfidenceType], Field(alias='report_confidence')] = None
171 temporal_score: Annotated[Optional[ScoreType], Field(alias='temporal_score')] = None
172 temporal_severity: Annotated[Optional[SeverityType], Field(alias='temporal_severity')] = None
173 confidentiality_requirement: Annotated[
174 Optional[CiaRequirementType], Field(alias='confidentiality_requirement')
175 ] = None
176 integrity_requirement: Annotated[Optional[CiaRequirementType], Field(alias='integrity_requirement')] = None
177 availability_requirement: Annotated[Optional[CiaRequirementType], Field(alias='availability_requirement')] = None
178 modified_attack_vector: Annotated[Optional[ModifiedAttackVectorType], Field(alias='modified_attack_vector')] = None
179 modified_attack_complexity: Annotated[
180 Optional[ModifiedAttackComplexityType], Field(alias='modified_attack_complexity')
181 ] = None
182 modified_privileges_required: Annotated[
183 Optional[ModifiedPrivilegesRequiredType],
184 Field(alias='modified_privileges_required'),
185 ] = None
186 modified_user_interaction: Annotated[
187 Optional[ModifiedUserInteractionType], Field(alias='modified_user_interaction')
188 ] = None
189 modified_scope: Annotated[Optional[ModifiedScopeType], Field(alias='modified_scope')] = None
190 modified_confidentiality_impact: Annotated[
191 Optional[ModifiedCiaType], Field(alias='modified_confidentiality_impact')
192 ] = None
193 modified_integrity_impact: Annotated[Optional[ModifiedCiaType], Field(alias='modified_integrity_impact')] = None
194 modified_availability_impact: Annotated[
195 Optional[ModifiedCiaType], Field(alias='modified_availability_impact')
196 ] = None
197 environmental_score: Annotated[Optional[ScoreType], Field(alias='environmental_score')] = None
198 environmental_severity: Annotated[Optional[SeverityType], Field(alias='environmental_severity')] = None