Coverage for turvallisuusneuvonta/csaf/cvss/cvss.py: 100.00%

91 statements  

« prev     ^ index     » next       coverage.py v7.0.3, created at 2023-01-07 19:14 +0100

1"""CSAF CVSS 2/3.0/3.1 proxy implementation.""" 

2 

3from __future__ import annotations 

4 

5from enum import Enum 

6from typing import Annotated, Optional 

7 

8from pydantic import BaseModel, Field 

9 

10from turvallisuusneuvonta.csaf.cvss.definitions import ( 

11 AccessComplexityType, 

12 AccessVectorType, 

13 AttackComplexityType, 

14 AttackVectorType, 

15 AuthenticationType, 

16 CiaRequirementType, 

17 CiaType, 

18 CollateralDamagePotentialType, 

19 ConfidenceType, 

20 ExploitabilityType, 

21 ExploitCodeMaturityType, 

22 ModifiedAttackComplexityType, 

23 ModifiedAttackVectorType, 

24 ModifiedCiaType, 

25 ModifiedPrivilegesRequiredType, 

26 ModifiedScopeType, 

27 ModifiedUserInteractionType, 

28 PrivilegesRequiredType, 

29 RemediationLevelType, 

30 ReportConfidenceType, 

31 ScopeType, 

32 ScoreType, 

33 SeverityType, 

34 TargetDistributionType, 

35 UserInteractionType, 

36) 

37 

38 

39class Version(Enum): 

40 """ 

41 CVSS Version 

42 """ 

43 

44 two = '2.0' 

45 three_zero = '3.0' 

46 three_wun = '3.1' 

47 

48 

49class CVSS2(BaseModel): 

50 version: Annotated[Version, Field(description='CVSS Version')] = Version.two 

51 vector_string: Annotated[ 

52 str, 

53 Field( 

54 alias='vector_string', 

55 regex=( 

56 '^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:' 

57 '(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:' 

58 '(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:' 

59 '(L|M|H|ND))$' 

60 ), 

61 ), 

62 ] 

63 access_vector: Annotated[Optional[AccessVectorType], Field(alias='access_vector')] = None 

64 access_complexity: Annotated[Optional[AccessComplexityType], Field(alias='access_complexity')] = None 

65 authentication: Optional[AuthenticationType] = None 

66 confidentiality_impact: Annotated[Optional[CiaType], Field(alias='confidentiality_impact')] = None 

67 integrity_impact: Annotated[Optional[CiaType], Field(alias='integrity_impact')] = None 

68 availability_impact: Annotated[Optional[CiaType], Field(alias='availability_impact')] = None 

69 base_score: Annotated[ScoreType, Field(alias='base_score')] 

70 exploitability: Optional[ExploitabilityType] = None 

71 remediation_level: Annotated[Optional[RemediationLevelType], Field(alias='remediation_level')] = None 

72 report_confidence: Annotated[Optional[ReportConfidenceType], Field(alias='report_confidence')] = None 

73 temporal_score: Annotated[Optional[ScoreType], Field(alias='temporal_score')] = None 

74 collateral_damage_potential: Annotated[ 

75 Optional[CollateralDamagePotentialType], 

76 Field(alias='collateral_damage_potential'), 

77 ] = None 

78 target_distribution: Annotated[Optional[TargetDistributionType], Field(alias='target_distribution')] = None 

79 confidentiality_requirement: Annotated[ 

80 Optional[CiaRequirementType], Field(alias='confidentiality_requirement') 

81 ] = None 

82 integrity_requirement: Annotated[Optional[CiaRequirementType], Field(alias='integrity_requirement')] = None 

83 availability_requirement: Annotated[Optional[CiaRequirementType], Field(alias='availability_requirement')] = None 

84 environmental_score: Annotated[Optional[ScoreType], Field(alias='environmental_score')] = None 

85 

86 

87class CVSS30(BaseModel): 

88 version: Annotated[Version, Field(description='CVSS Version')] = Version.three_zero 

89 vector_string: Annotated[ 

90 str, 

91 Field( 

92 alias='vector_string', 

93 regex=( 

94 '^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|' 

95 '[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|' 

96 'AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|' 

97 'MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$' 

98 ), 

99 ), 

100 ] 

101 attack_vector: Annotated[Optional[AttackVectorType], Field(alias='attack_vector')] = None 

102 attack_complexity: Annotated[Optional[AttackComplexityType], Field(alias='attack_complexity')] = None 

103 privileges_required: Annotated[Optional[PrivilegesRequiredType], Field(alias='privileges_required')] = None 

104 user_interaction: Annotated[Optional[UserInteractionType], Field(alias='user_interaction')] = None 

105 scope: Optional[ScopeType] = None 

106 confidentiality_impact: Annotated[Optional[CiaType], Field(alias='confidentiality_impact')] = None 

107 integrity_impact: Annotated[Optional[CiaType], Field(alias='integrity_impact')] = None 

108 availability_impact: Annotated[Optional[CiaType], Field(alias='availability_impact')] = None 

109 base_score: Annotated[ScoreType, Field(alias='base_score')] 

110 base_severity: Annotated[SeverityType, Field(alias='base_severity')] 

111 exploit_code_maturity: Annotated[Optional[ExploitCodeMaturityType], Field(alias='exploit_code_maturity')] = None 

112 remediation_level: Annotated[Optional[RemediationLevelType], Field(alias='remediation_level')] = None 

113 report_confidence: Annotated[Optional[ConfidenceType], Field(alias='report_confidence')] = None 

114 temporal_score: Annotated[Optional[ScoreType], Field(alias='temporal_score')] = None 

115 temporal_severity: Annotated[Optional[SeverityType], Field(alias='temporal_severity')] = None 

116 confidentiality_requirement: Annotated[ 

117 Optional[CiaRequirementType], Field(alias='confidentiality_requirement') 

118 ] = None 

119 integrity_requirement: Annotated[Optional[CiaRequirementType], Field(alias='integrity_requirement')] = None 

120 availability_requirement: Annotated[Optional[CiaRequirementType], Field(alias='availability_requirement')] = None 

121 modified_attack_vector: Annotated[Optional[ModifiedAttackVectorType], Field(alias='modified_attack_vector')] = None 

122 modified_attack_complexity: Annotated[ 

123 Optional[ModifiedAttackComplexityType], Field(alias='modified_attack_complexity') 

124 ] = None 

125 modified_privileges_required: Annotated[ 

126 Optional[ModifiedPrivilegesRequiredType], 

127 Field(alias='modified_privileges_required'), 

128 ] = None 

129 modified_user_interaction: Annotated[ 

130 Optional[ModifiedUserInteractionType], Field(alias='modified_user_interaction') 

131 ] = None 

132 modified_scope: Annotated[Optional[ModifiedScopeType], Field(alias='modified_scope')] = None 

133 modified_confidentiality_impact: Annotated[ 

134 Optional[ModifiedCiaType], Field(alias='modified_confidentiality_impact') 

135 ] = None 

136 modified_integrity_impact: Annotated[Optional[ModifiedCiaType], Field(alias='modified_integrity_impact')] = None 

137 modified_availability_impact: Annotated[ 

138 Optional[ModifiedCiaType], Field(alias='modified_availability_impact') 

139 ] = None 

140 environmental_score: Annotated[Optional[ScoreType], Field(alias='environmental_score')] = None 

141 environmental_severity: Annotated[Optional[SeverityType], Field(alias='environmental_severity')] = None 

142 

143 

144class CVSS31(BaseModel): 

145 version: Annotated[Version, Field(description='CVSS Version')] = Version.three_wun 

146 vector_string: Annotated[ 

147 str, 

148 Field( 

149 alias='vector_string', 

150 regex=( 

151 '^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:' 

152 '[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*' 

153 '(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:' 

154 '[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$' 

155 ), 

156 ), 

157 ] 

158 attack_vector: Annotated[Optional[AttackVectorType], Field(alias='attack_vector')] = None 

159 attack_complexity: Annotated[Optional[AttackComplexityType], Field(alias='attack_complexity')] = None 

160 privileges_required: Annotated[Optional[PrivilegesRequiredType], Field(alias='privileges_required')] = None 

161 user_interaction: Annotated[Optional[UserInteractionType], Field(alias='user_interaction')] = None 

162 scope: Optional[ScopeType] = None 

163 confidentiality_impact: Annotated[Optional[CiaType], Field(alias='confidentiality_impact')] = None 

164 integrity_impact: Annotated[Optional[CiaType], Field(alias='integrity_impact')] = None 

165 availability_impact: Annotated[Optional[CiaType], Field(alias='availability_impact')] = None 

166 base_score: Annotated[ScoreType, Field(alias='base_score')] 

167 base_severity: Annotated[SeverityType, Field(alias='base_severity')] 

168 exploit_code_maturity: Annotated[Optional[ExploitCodeMaturityType], Field(alias='exploit_code_maturity')] = None 

169 remediation_level: Annotated[Optional[RemediationLevelType], Field(alias='remediation_level')] = None 

170 report_confidence: Annotated[Optional[ConfidenceType], Field(alias='report_confidence')] = None 

171 temporal_score: Annotated[Optional[ScoreType], Field(alias='temporal_score')] = None 

172 temporal_severity: Annotated[Optional[SeverityType], Field(alias='temporal_severity')] = None 

173 confidentiality_requirement: Annotated[ 

174 Optional[CiaRequirementType], Field(alias='confidentiality_requirement') 

175 ] = None 

176 integrity_requirement: Annotated[Optional[CiaRequirementType], Field(alias='integrity_requirement')] = None 

177 availability_requirement: Annotated[Optional[CiaRequirementType], Field(alias='availability_requirement')] = None 

178 modified_attack_vector: Annotated[Optional[ModifiedAttackVectorType], Field(alias='modified_attack_vector')] = None 

179 modified_attack_complexity: Annotated[ 

180 Optional[ModifiedAttackComplexityType], Field(alias='modified_attack_complexity') 

181 ] = None 

182 modified_privileges_required: Annotated[ 

183 Optional[ModifiedPrivilegesRequiredType], 

184 Field(alias='modified_privileges_required'), 

185 ] = None 

186 modified_user_interaction: Annotated[ 

187 Optional[ModifiedUserInteractionType], Field(alias='modified_user_interaction') 

188 ] = None 

189 modified_scope: Annotated[Optional[ModifiedScopeType], Field(alias='modified_scope')] = None 

190 modified_confidentiality_impact: Annotated[ 

191 Optional[ModifiedCiaType], Field(alias='modified_confidentiality_impact') 

192 ] = None 

193 modified_integrity_impact: Annotated[Optional[ModifiedCiaType], Field(alias='modified_integrity_impact')] = None 

194 modified_availability_impact: Annotated[ 

195 Optional[ModifiedCiaType], Field(alias='modified_availability_impact') 

196 ] = None 

197 environmental_score: Annotated[Optional[ScoreType], Field(alias='environmental_score')] = None 

198 environmental_severity: Annotated[Optional[SeverityType], Field(alias='environmental_severity')] = None