use CVSS;
# OO-interface
# Method 1 - Use params
$cvss = CVSS->new(
version => '3.1',
metrics => {
AV => 'A',
AC => 'L',
PR => 'L',
UI => 'R',
S => 'U',
C => 'H',
I => 'H',
A => 'H',
}
);
# Method 2 - Decode and parse the vector string
use CVSS;
$cvss = CVSS->from_vector_string('CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H');
say $cvss->base_score; # 7.4
# Method 3 - Builder
use CVSS;
$cvss = CVSS->new(version => '3.1');
$cvss->attackVector('ADJACENT_NETWORK');
$cvss->attackComplexity('LOW');
$cvss->privilegesRequired('LOW');
$cvss->userInteraction('REQUIRED');
$cvss->scope('UNCHANGED');
$cvss->confidentialityImpact('HIGH');
$cvss->integrityImpact('HIGH');
$cvss->availabilityImpact('HIGH');
$cvss->calculate_score;
# Common methods
# Convert the CVSS object in "vector string"
say $cvss; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
# Get metric value
say $cvss->AV; # A
say $cvss->attackVector; # ADJACENT_NETWORK
# Get the base score
say $cvss->base_score; # 7.4
# Get all scores
say Dumper($cvss->scores);
# { "base" => "7.4",
# "exploitability" => "1.6",
# "impact" => "5.9" }
# Get the base severity
say $cvss->base_severity # HIGH
# Convert CVSS in XML in according of CVSS XML Schema Definition
$xml = $cvss->to_xml;
# Convert CVSS in JSON in according of CVSS JSON Schema
$json = encode_json($cvss);
# exported functions
use CVSS qw(decode_cvss encode_cvss)
$cvss = decode_cvss('CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H');
say $cvss->base_score; # 7.4
$vector_string = encode_cvss(version => '3.1', metrics => {...});
say $cvss_string; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HGet the base score:
$ cvss CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H --base-score
7.4Get the base severity:
$ cvss CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H --base-severity
HIGHParses the provided vector string and returns the JSON representation:
$ cvss CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H --json | jq
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}Parses the provided vector string and returns the XML representation:
$ cvss CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H --xml
<?xml version="1.0" encoding="UTF-8"?>
<cvssv3.1 xmlns="https://www.first.org/cvss/cvss-v3.1.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://www.first.org/cvss/cvss-v3.1.xsd https://www.first.org/cvss/cvss-v3.1.xsd"
>
<base_metrics>
<attack-vector>ADJACENT_NETWORK</attack-vector>
<attack-complexity>LOW</attack-complexity>
<privileges-required>LOW</privileges-required>
<user-interaction>REQUIRED</user-interaction>
<scope>UNCHANGED</scope>
<confidentiality-impact>HIGH</confidentiality-impact>
<integrity-impact>HIGH</integrity-impact>
<availability-impact>HIGH</availability-impact>
<base-score>7.4</base-score>
<base-severity>HIGH</base-severity>
</base_metrics>
</cvssv3.1>Using Makefile.PL:
To install CVSS distribution, run the following commands.
perl Makefile.PL
make
make test
make install
Using App::cpanminus:
cpanm CVSS
perldoc CVSS- https://metacpan.org/release/CVSS
- [FIRST] CVSS Data Representations (https://www.first.org/cvss/data-representations)
- [FIRST] CVSS v4.0 Specification (https://www.first.org/cvss/v4.0/specification-document)
- [FIRST] CVSS v3.1 Specification (https://www.first.org/cvss/v3.1/specification-document)
- [FIRST] CVSS v3.0 Specification (https://www.first.org/cvss/v3.0/specification-document)
- [FIRST] CVSS v2.0 Complete Guide (https://www.first.org/cvss/v2/guide)
- Copyright 2007-2024 © FIRST.org - Forum of Incident Response and Security Teams, Inc.
- Copyright 2023-2024 © Giuseppe Di Terlizzi