NAME

CVSS - Perl extension for CVSS (Common Vulnerability Scoring System) 2.0/3.x/4.0

SYNOPSIS

use CVSS;

# OO-interface

# Method 1 - Use params

$cvss = CVSS->new(
  version => '3.1',
  metrics => {
      AV => 'A',
      AC => 'L',
      PR => 'L',
      UI => 'R',
      S => 'U',
      C => 'H',
      I => 'H',
      A => 'H',
  }
);


# Method 2 - Decode and parse the vector string

use CVSS;

$cvss = CVSS->from_vector_string('CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H');

say $cvss->base_score; # 7.4


# Method 3 - Builder

use CVSS 

$cvss = CVSS->new(version => '3.1');
$cvss->attackVector('ADJACENT_NETWORK');
$cvss->attackComplexity('LOW');
$cvss->privilegesRequired('LOW');
$cvss->userInteraction('REQUIRED');
$cvss->scope('UNCHANGED');
$cvss->confidentialityImpact('HIGH');
$cvss->integrityImpact('HIGH');
$cvss->availabilityImpact('HIGH');

$cvss->calculate_score;


# Common methods

# Convert the CVSS object in "vector string"
say $cvss; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

# Get metric value
say $cvss->AV; # A
say $cvss->attackVector; # ADJACENT_NETWORK

# Get the base score
say $cvss->base_score; # 7.4

# Get all scores
say Dumper($cvss->scores);

# { "base"           => "7.4",
#   "exploitability" => "1.6",
#   "impact"         => "5.9" }

# Get the base severity
say $cvss->base_severity # HIGH

# Convert CVSS in XML in according of CVSS XML Schema Definition
$xml = $cvss->to_xml;

# Convert CVSS in JSON in according of CVSS JSON Schema
$json = encode_json($cvss);


# exported functions

use CVSS qw(decode_cvss encode_cvss)

$cvss = decode_cvss('CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H');
say $cvss->base_score;  # 7.4

$vector_string = encode_cvss(version => '3.1', metrics => {...});
say $cvss_string; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

DESCRIPTION

This module calculates the CVSS (Common Vulnerability Scoring System) scores (basic, temporal, and environmental), convert the "vector string" and returns the CVSS object in JSON or XML.

The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

https://www.first.org/cvss/

FUNCTIONAL INTERFACE

They are exported by default:

$vector_string = encode_cvss(%params)

Converts the given CVSS params to "vector string". Croaks on error.

This function call is functionally identical to:

$vector_string = CVSS->new(%params)->to_string;

$cvss = decode_cvss($vector_string)

Converts the given "vector string" to CVSS. Croaks on error.

This function call is functionally identical to:

$cvss = CVSS->from_vector_string($vector_string);

$xml = cvss_to_xml($vector_string)

Convert the given "vector string" to XML. Croaks on error.

This function call is functionally identical to:

$xml = $cvss->to_xml;

OBJECT-ORIENTED INTERFACE

$cvss = CVSS->new(%params)

Creates a new CVSS instance using the provided parameters (version, metric or vector_string) and returns the CVSS subclass that matches the selected CVSS version (2.0, 3.0, 3.1 or 4.0):

+--------------+----------+
| CVSS version | Class    |
+--------------+----------+
| 2.0          | CVSS::v2 |
| 3.0          | CVSS::v3 |
| 3.1          | CVSS::v3 |
| 4.0          | CVSS::v4 |
+--------------+----------+

$cvss = CVSS->from_vector_string($vector_string);

Converts the given "vector string" to CVSS. Croaks on error

SUPPORT

Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-CVSS/issues. You will be notified automatically of any progress on your issue.

Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

https://github.com/giterlizzi/perl-CVSS

git clone https://github.com/giterlizzi/perl-CVSS.git

AUTHOR

Giuseppe Di Terlizzi <gdt@cpan.org>

LICENSE AND COPYRIGHT

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install CVSS, copy and paste the appropriate command in to your terminal.

cpanm

cpanm CVSS

CPAN shell

perl -MCPAN -e shell
install CVSS

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

FUNCTIONAL INTERFACE

OBJECT-ORIENTED INTERFACE

SEE ALSO

SUPPORT

Bugs / Feature Requests

Source Code

AUTHOR

LICENSE AND COPYRIGHT

Module Install Instructions