texlive[64985] Master: cvss (10nov22)
commits+karl at tug.org
commits+karl at tug.org
Thu Nov 10 21:21:57 CET 2022
Revision: 64985
http://tug.org/svn/texlive?view=revision&revision=64985
Author: karl
Date: 2022-11-10 21:21:57 +0100 (Thu, 10 Nov 2022)
Log Message:
-----------
cvss (10nov22)
Modified Paths:
--------------
trunk/Master/tlpkg/bin/tlpkg-ctan-check
trunk/Master/tlpkg/tlpsrc/collection-mathscience.tlpsrc
Added Paths:
-----------
trunk/Master/texmf-dist/doc/latex/cvss/
trunk/Master/texmf-dist/doc/latex/cvss/LICENSE
trunk/Master/texmf-dist/doc/latex/cvss/README.md
trunk/Master/texmf-dist/doc/latex/cvss/cvss.pdf
trunk/Master/texmf-dist/source/latex/cvss/
trunk/Master/texmf-dist/source/latex/cvss/cvss.dtx
trunk/Master/texmf-dist/source/latex/cvss/cvss.ins
trunk/Master/texmf-dist/tex/latex/cvss/
trunk/Master/texmf-dist/tex/latex/cvss/cvss.sty
trunk/Master/tlpkg/tlpsrc/cvss.tlpsrc
Added: trunk/Master/texmf-dist/doc/latex/cvss/LICENSE
===================================================================
--- trunk/Master/texmf-dist/doc/latex/cvss/LICENSE (rev 0)
+++ trunk/Master/texmf-dist/doc/latex/cvss/LICENSE 2022-11-10 20:21:57 UTC (rev 64985)
@@ -0,0 +1,416 @@
+The LaTeX Project Public License
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
+LPPL Version 1.3c 2008-05-04
+
+Copyright 1999 2002-2008 LaTeX3 Project
+ Everyone is allowed to distribute verbatim copies of this
+ license document, but modification of it is not allowed.
+
+
+PREAMBLE
+========
+
+The LaTeX Project Public License (LPPL) is the primary license under
+which the LaTeX kernel and the base LaTeX packages are distributed.
+
+You may use this license for any work of which you hold the copyright
+and which you wish to distribute. This license may be particularly
+suitable if your work is TeX-related (such as a LaTeX package), but
+it is written in such a way that you can use it even if your work is
+unrelated to TeX.
+
+The section `WHETHER AND HOW TO DISTRIBUTE WORKS UNDER THIS LICENSE',
+below, gives instructions, examples, and recommendations for authors
+who are considering distributing their works under this license.
+
+This license gives conditions under which a work may be distributed
+and modified, as well as conditions under which modified versions of
+that work may be distributed.
+
+We, the LaTeX3 Project, believe that the conditions below give you
+the freedom to make and distribute modified versions of your work
+that conform with whatever technical specifications you wish while
+maintaining the availability, integrity, and reliability of
+that work. If you do not see how to achieve your goal while
+meeting these conditions, then read the document `cfgguide.tex'
+and `modguide.tex' in the base LaTeX distribution for suggestions.
+
+
+DEFINITIONS
+===========
+
+In this license document the following terms are used:
+
+ `Work'
+ Any work being distributed under this License.
+
+ `Derived Work'
+ Any work that under any applicable law is derived from the Work.
+
+ `Modification'
+ Any procedure that produces a Derived Work under any applicable
+ law -- for example, the production of a file containing an
+ original file associated with the Work or a significant portion of
+ such a file, either verbatim or with modifications and/or
+ translated into another language.
+
+ `Modify'
+ To apply any procedure that produces a Derived Work under any
+ applicable law.
+
+ `Distribution'
+ Making copies of the Work available from one person to another, in
+ whole or in part. Distribution includes (but is not limited to)
+ making any electronic components of the Work accessible by
+ file transfer protocols such as FTP or HTTP or by shared file
+ systems such as Sun's Network File System (NFS).
+
+ `Compiled Work'
+ A version of the Work that has been processed into a form where it
+ is directly usable on a computer system. This processing may
+ include using installation facilities provided by the Work,
+ transformations of the Work, copying of components of the Work, or
+ other activities. Note that modification of any installation
+ facilities provided by the Work constitutes modification of the Work.
+
+ `Current Maintainer'
+ A person or persons nominated as such within the Work. If there is
+ no such explicit nomination then it is the `Copyright Holder' under
+ any applicable law.
+
+ `Base Interpreter'
+ A program or process that is normally needed for running or
+ interpreting a part or the whole of the Work.
+
+ A Base Interpreter may depend on external components but these
+ are not considered part of the Base Interpreter provided that each
+ external component clearly identifies itself whenever it is used
+ interactively. Unless explicitly specified when applying the
+ license to the Work, the only applicable Base Interpreter is a
+ `LaTeX-Format' or in the case of files belonging to the
+ `LaTeX-format' a program implementing the `TeX language'.
+
+
+
+CONDITIONS ON DISTRIBUTION AND MODIFICATION
+===========================================
+
+1. Activities other than distribution and/or modification of the Work
+are not covered by this license; they are outside its scope. In
+particular, the act of running the Work is not restricted and no
+requirements are made concerning any offers of support for the Work.
+
+2. You may distribute a complete, unmodified copy of the Work as you
+received it. Distribution of only part of the Work is considered
+modification of the Work, and no right to distribute such a Derived
+Work may be assumed under the terms of this clause.
+
+3. You may distribute a Compiled Work that has been generated from a
+complete, unmodified copy of the Work as distributed under Clause 2
+above, as long as that Compiled Work is distributed in such a way that
+the recipients may install the Compiled Work on their system exactly
+as it would have been installed if they generated a Compiled Work
+directly from the Work.
+
+4. If you are the Current Maintainer of the Work, you may, without
+restriction, modify the Work, thus creating a Derived Work. You may
+also distribute the Derived Work without restriction, including
+Compiled Works generated from the Derived Work. Derived Works
+distributed in this manner by the Current Maintainer are considered to
+be updated versions of the Work.
+
+5. If you are not the Current Maintainer of the Work, you may modify
+your copy of the Work, thus creating a Derived Work based on the Work,
+and compile this Derived Work, thus creating a Compiled Work based on
+the Derived Work.
+
+6. If you are not the Current Maintainer of the Work, you may
+distribute a Derived Work provided the following conditions are met
+for every component of the Work unless that component clearly states
+in the copyright notice that it is exempt from that condition. Only
+the Current Maintainer is allowed to add such statements of exemption
+to a component of the Work.
+
+ a. If a component of this Derived Work can be a direct replacement
+ for a component of the Work when that component is used with the
+ Base Interpreter, then, wherever this component of the Work
+ identifies itself to the user when used interactively with that
+ Base Interpreter, the replacement component of this Derived Work
+ clearly and unambiguously identifies itself as a modified version
+ of this component to the user when used interactively with that
+ Base Interpreter.
+
+ b. Every component of the Derived Work contains prominent notices
+ detailing the nature of the changes to that component, or a
+ prominent reference to another file that is distributed as part
+ of the Derived Work and that contains a complete and accurate log
+ of the changes.
+
+ c. No information in the Derived Work implies that any persons,
+ including (but not limited to) the authors of the original version
+ of the Work, provide any support, including (but not limited to)
+ the reporting and handling of errors, to recipients of the
+ Derived Work unless those persons have stated explicitly that
+ they do provide such support for the Derived Work.
+
+ d. You distribute at least one of the following with the Derived Work:
+
+ 1. A complete, unmodified copy of the Work;
+ if your distribution of a modified component is made by
+ offering access to copy the modified component from a
+ designated place, then offering equivalent access to copy
+ the Work from the same or some similar place meets this
+ condition, even though third parties are not compelled to
+ copy the Work along with the modified component;
+
+ 2. Information that is sufficient to obtain a complete,
+ unmodified copy of the Work.
+
+7. If you are not the Current Maintainer of the Work, you may
+distribute a Compiled Work generated from a Derived Work, as long as
+the Derived Work is distributed to all recipients of the Compiled
+Work, and as long as the conditions of Clause 6, above, are met with
+regard to the Derived Work.
+
+8. The conditions above are not intended to prohibit, and hence do not
+apply to, the modification, by any method, of any component so that it
+becomes identical to an updated version of that component of the Work as
+it is distributed by the Current Maintainer under Clause 4, above.
+
+9. Distribution of the Work or any Derived Work in an alternative
+format, where the Work or that Derived Work (in whole or in part) is
+then produced by applying some process to that format, does not relax or
+nullify any sections of this license as they pertain to the results of
+applying that process.
+
+10. a. A Derived Work may be distributed under a different license
+ provided that license itself honors the conditions listed in
+ Clause 6 above, in regard to the Work, though it does not have
+ to honor the rest of the conditions in this license.
+
+ b. If a Derived Work is distributed under a different license, that
+ Derived Work must provide sufficient documentation as part of
+ itself to allow each recipient of that Derived Work to honor the
+ restrictions in Clause 6 above, concerning changes from the Work.
+
+11. This license places no restrictions on works that are unrelated to
+the Work, nor does this license place any restrictions on aggregating
+such works with the Work by any means.
+
+12. Nothing in this license is intended to, or may be used to, prevent
+complete compliance by all parties with all applicable laws.
+
+
+NO WARRANTY
+===========
+
+There is no warranty for the Work. Except when otherwise stated in
+writing, the Copyright Holder provides the Work `as is', without
+warranty of any kind, either expressed or implied, including, but not
+limited to, the implied warranties of merchantability and fitness for a
+particular purpose. The entire risk as to the quality and performance
+of the Work is with you. Should the Work prove defective, you assume
+the cost of all necessary servicing, repair, or correction.
+
+In no event unless required by applicable law or agreed to in writing
+will The Copyright Holder, or any author named in the components of the
+Work, or any other party who may distribute and/or modify the Work as
+permitted above, be liable to you for damages, including any general,
+special, incidental or consequential damages arising out of any use of
+the Work or out of inability to use the Work (including, but not limited
+to, loss of data, data being rendered inaccurate, or losses sustained by
+anyone as a result of any failure of the Work to operate with any other
+programs), even if the Copyright Holder or said author or said other
+party has been advised of the possibility of such damages.
+
+
+MAINTENANCE OF THE WORK
+=======================
+
+The Work has the status `author-maintained' if the Copyright Holder
+explicitly and prominently states near the primary copyright notice in
+the Work that the Work can only be maintained by the Copyright Holder
+or simply that it is `author-maintained'.
+
+The Work has the status `maintained' if there is a Current Maintainer
+who has indicated in the Work that they are willing to receive error
+reports for the Work (for example, by supplying a valid e-mail
+address). It is not required for the Current Maintainer to acknowledge
+or act upon these error reports.
+
+The Work changes from status `maintained' to `unmaintained' if there
+is no Current Maintainer, or the person stated to be Current
+Maintainer of the work cannot be reached through the indicated means
+of communication for a period of six months, and there are no other
+significant signs of active maintenance.
+
+You can become the Current Maintainer of the Work by agreement with
+any existing Current Maintainer to take over this role.
+
+If the Work is unmaintained, you can become the Current Maintainer of
+the Work through the following steps:
+
+ 1. Make a reasonable attempt to trace the Current Maintainer (and
+ the Copyright Holder, if the two differ) through the means of
+ an Internet or similar search.
+
+ 2. If this search is successful, then enquire whether the Work
+ is still maintained.
+
+ a. If it is being maintained, then ask the Current Maintainer
+ to update their communication data within one month.
+
+ b. If the search is unsuccessful or no action to resume active
+ maintenance is taken by the Current Maintainer, then announce
+ within the pertinent community your intention to take over
+ maintenance. (If the Work is a LaTeX work, this could be
+ done, for example, by posting to comp.text.tex.)
+
+ 3a. If the Current Maintainer is reachable and agrees to pass
+ maintenance of the Work to you, then this takes effect
+ immediately upon announcement.
+
+ b. If the Current Maintainer is not reachable and the Copyright
+ Holder agrees that maintenance of the Work be passed to you,
+ then this takes effect immediately upon announcement.
+
+ 4. If you make an `intention announcement' as described in 2b. above
+ and after three months your intention is challenged neither by
+ the Current Maintainer nor by the Copyright Holder nor by other
+ people, then you may arrange for the Work to be changed so as
+ to name you as the (new) Current Maintainer.
+
+ 5. If the previously unreachable Current Maintainer becomes
+ reachable once more within three months of a change completed
+ under the terms of 3b) or 4), then that Current Maintainer must
+ become or remain the Current Maintainer upon request provided
+ they then update their communication data within one month.
+
+A change in the Current Maintainer does not, of itself, alter the fact
+that the Work is distributed under the LPPL license.
+
+If you become the Current Maintainer of the Work, you should
+immediately provide, within the Work, a prominent and unambiguous
+statement of your status as Current Maintainer. You should also
+announce your new status to the same pertinent community as
+in 2b) above.
+
+
+WHETHER AND HOW TO DISTRIBUTE WORKS UNDER THIS LICENSE
+======================================================
+
+This section contains important instructions, examples, and
+recommendations for authors who are considering distributing their
+works under this license. These authors are addressed as `you' in
+this section.
+
+Choosing This License or Another License
+----------------------------------------
+
+If for any part of your work you want or need to use *distribution*
+conditions that differ significantly from those in this license, then
+do not refer to this license anywhere in your work but, instead,
+distribute your work under a different license. You may use the text
+of this license as a model for your own license, but your license
+should not refer to the LPPL or otherwise give the impression that
+your work is distributed under the LPPL.
+
+The document `modguide.tex' in the base LaTeX distribution explains
+the motivation behind the conditions of this license. It explains,
+for example, why distributing LaTeX under the GNU General Public
+License (GPL) was considered inappropriate. Even if your work is
+unrelated to LaTeX, the discussion in `modguide.tex' may still be
+relevant, and authors intending to distribute their works under any
+license are encouraged to read it.
+
+A Recommendation on Modification Without Distribution
+-----------------------------------------------------
+
+It is wise never to modify a component of the Work, even for your own
+personal use, without also meeting the above conditions for
+distributing the modified component. While you might intend that such
+modifications will never be distributed, often this will happen by
+accident -- you may forget that you have modified that component; or
+it may not occur to you when allowing others to access the modified
+version that you are thus distributing it and violating the conditions
+of this license in ways that could have legal implications and, worse,
+cause problems for the community. It is therefore usually in your
+best interest to keep your copy of the Work identical with the public
+one. Many works provide ways to control the behavior of that work
+without altering any of its licensed components.
+
+How to Use This License
+-----------------------
+
+To use this license, place in each of the components of your work both
+an explicit copyright notice including your name and the year the work
+was authored and/or last substantially modified. Include also a
+statement that the distribution and/or modification of that
+component is constrained by the conditions in this license.
+
+Here is an example of such a notice and statement:
+
+ %% pig.dtx
+ %% Copyright 2005 M. Y. Name
+ %
+ % This work may be distributed and/or modified under the
+ % conditions of the LaTeX Project Public License, either version 1.3
+ % of this license or (at your option) any later version.
+ % The latest version of this license is in
+ % http://www.latex-project.org/lppl.txt
+ % and version 1.3 or later is part of all distributions of LaTeX
+ % version 2005/12/01 or later.
+ %
+ % This work has the LPPL maintenance status `maintained'.
+ %
+ % The Current Maintainer of this work is M. Y. Name.
+ %
+ % This work consists of the files pig.dtx and pig.ins
+ % and the derived file pig.sty.
+
+Given such a notice and statement in a file, the conditions
+given in this license document would apply, with the `Work' referring
+to the three files `pig.dtx', `pig.ins', and `pig.sty' (the last being
+generated from `pig.dtx' using `pig.ins'), the `Base Interpreter'
+referring to any `LaTeX-Format', and both `Copyright Holder' and
+`Current Maintainer' referring to the person `M. Y. Name'.
+
+If you do not want the Maintenance section of LPPL to apply to your
+Work, change `maintained' above into `author-maintained'.
+However, we recommend that you use `maintained', as the Maintenance
+section was added in order to ensure that your Work remains useful to
+the community even when you can no longer maintain and support it
+yourself.
+
+Derived Works That Are Not Replacements
+---------------------------------------
+
+Several clauses of the LPPL specify means to provide reliability and
+stability for the user community. They therefore concern themselves
+with the case that a Derived Work is intended to be used as a
+(compatible or incompatible) replacement of the original Work. If
+this is not the case (e.g., if a few lines of code are reused for a
+completely different task), then clauses 6b and 6d shall not apply.
+
+
+Important Recommendations
+-------------------------
+
+ Defining What Constitutes the Work
+
+ The LPPL requires that distributions of the Work contain all the
+ files of the Work. It is therefore important that you provide a
+ way for the licensee to determine which files constitute the Work.
+ This could, for example, be achieved by explicitly listing all the
+ files of the Work near the copyright notice of each file or by
+ using a line such as:
+
+ % This work consists of all files listed in manifest.txt.
+
+ in that place. In the absence of an unequivocal list it might be
+ impossible for the licensee to determine what is considered by you
+ to comprise the Work and, in such a case, the licensee would be
+ entitled to make reasonable conjectures as to which files comprise
+ the Work.
+
Added: trunk/Master/texmf-dist/doc/latex/cvss/README.md
===================================================================
--- trunk/Master/texmf-dist/doc/latex/cvss/README.md (rev 0)
+++ trunk/Master/texmf-dist/doc/latex/cvss/README.md 2022-11-10 20:21:57 UTC (rev 64985)
@@ -0,0 +1,16 @@
+# CVSS-latex
+
+This LaTeX package allows anyone to use and nicely print the CVSS base score for a given CVSS string.
+
+
+## To-do
+
+- Fix the expansion error preventing nested commands like `\category{\computeCVSS{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}}`
+- Add support for CVSS complete string
+- Add CVSS values as variables (future CVSS version)
+- Add support for full CVSS vector (temporal and environmental score)
+
+
+
+## Licence
+This package is licensed under the [LPPL-1.3c](https://www.latex-project.org/lppl/lppl-1-3c/).
Property changes on: trunk/Master/texmf-dist/doc/latex/cvss/README.md
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: trunk/Master/texmf-dist/doc/latex/cvss/cvss.pdf
===================================================================
(Binary files differ)
Index: trunk/Master/texmf-dist/doc/latex/cvss/cvss.pdf
===================================================================
--- trunk/Master/texmf-dist/doc/latex/cvss/cvss.pdf 2022-11-10 20:14:47 UTC (rev 64984)
+++ trunk/Master/texmf-dist/doc/latex/cvss/cvss.pdf 2022-11-10 20:21:57 UTC (rev 64985)
Property changes on: trunk/Master/texmf-dist/doc/latex/cvss/cvss.pdf
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/pdf
\ No newline at end of property
Added: trunk/Master/texmf-dist/source/latex/cvss/cvss.dtx
===================================================================
--- trunk/Master/texmf-dist/source/latex/cvss/cvss.dtx (rev 0)
+++ trunk/Master/texmf-dist/source/latex/cvss/cvss.dtx 2022-11-10 20:21:57 UTC (rev 64985)
@@ -0,0 +1,898 @@
+% \iffalse meta-comment
+%<*internal>
+\iffalse
+%</internal>
+%<*readme>
+----------------------------------------------------------------
+cvss --- A Package to compute and display CVSS base scores
+E-mail: pierre at vivegnis.be
+Released under the LaTeX Project Public License v1.3c or later
+See http://www.latex-project.org/lppl.txt
+----------------------------------------------------------------
+
+The LaTeX package allows a user to compute the CVSS base score for
+an input CVSS vector, as well as other artifacts (CVSS level etc)
+%</readme>
+%<*internal>
+\fi
+\def\nameofplainTeX{plain}
+\ifx\fmtname\nameofplainTeX\else
+ \expandafter\begingroup
+\fi
+%</internal>
+%<*install>
+\input docstrip.tex
+\keepsilent
+\askforoverwritefalse
+\preamble
+----------------------------------------------------------------
+cvss --- A package to compute and display CVSS base scores
+E-mail: pierre at vivegnis.be
+Released under the LaTeX Project Public License v1.3c or later
+See http://www.latex-project.org/lppl.txt
+----------------------------------------------------------------
+
+\endpreamble
+\postamble
+
+Copyright (C) 2022 by Pierre VIVEGNIS <pierre at vivegnis.be>
+
+This work may be distributed and/or modified under the
+conditions of the LaTeX Project Public License (LPPL), either
+version 1.3c of this license or (at your option) any later
+version. The latest version of this license is in the file:
+
+http://www.latex-project.org/lppl.txt
+
+This work is "maintained" (as per LPPL maintenance status) by
+Pierre VIVEGNIS.
+
+This work consists of the file cvss.dtx
+and the derived files cvss.ins,
+ cvss.pdf and
+ cvss.sty.
+
+\endpostamble
+\usedir{tex/latex/cvss}
+\generate{
+ \file{\jobname.sty}{\from{\jobname.dtx}{package}}
+}
+%</install>
+%<install>\endbatchfile
+%<*internal>
+\usedir{source/latex/cvss}
+\generate{
+ \file{\jobname.ins}{\from{\jobname.dtx}{install}}
+}
+\nopreamble\nopostamble
+\usedir{doc/latex/cvss}
+\generate{
+ \file{README.txt}{\from{\jobname.dtx}{readme}}
+}
+\ifx\fmtname\nameofplainTeX
+ \expandafter\endbatchfile
+\else
+ \expandafter\endgroup
+\fi
+%</internal>
+%<*package>
+\NeedsTeXFormat{LaTeX2e}
+\ProvidesPackage{cvss}[2022/11/03 First Release]
+%</package>
+%<*driver>
+\documentclass{l3doc}
+\usepackage{\jobname}
+\EnableCrossrefs
+\CodelineIndex
+\RecordChanges
+\setlength{\parindent}{0pt}
+\begin{document}
+ \DocInput{\jobname.dtx}
+ \PrintChanges
+ \PrintIndex
+\end{document}
+%</driver>
+% \fi
+%
+% \begin{documentation}
+%
+%\GetFileInfo{\jobname.sty}
+%
+%\title{
+% The \textsf{cvss} package\thanks{
+% This file describes version \fileversion, last revised \filedate.
+% }
+%}
+%\author{
+% Pierre VIVEGNIS\thanks{E-mail: pierre at vivegnis.be}
+%}
+%\date{Released \filedate}
+%
+%\maketitle
+% \tableofcontents
+%
+% \section{Introduction}
+%
+% The \textsf{cvss} package allows the user to compute CVSS3.1 base scores and use them in documents. The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental.
+%
+% This packages only deal with Base score. Temporal and Environental scores will be part of a future release.
+%
+% More information can be found at \texttt{https://www.first.org/cvss/specification-document}.
+%
+% \section{Acknowledgements}
+%
+% I want to thank Alexander Lill who first created a cvss project in \LaTeX (available at \texttt{https://github.com/AlexanderLill/cvss3tex}).
+%
+% \section{Usage}
+%
+% The goal of this package is to compute the CVSS base score for an input CVSS vector, and to give the user macro to output it in 3 different forms
+% \begin{itemize}
+% \item The CVSS \textbf{score} (fron 0.0 to 10)
+% \item the \textbf{level} (None, Info, Low, Medium, High or Critical)
+% \item the \textbf{colored level}
+% \item the \textbf{tag} which is a colored frame around the level
+% \end{itemize}
+%
+% All macros are expandable, which makes them usable in any context.
+%
+% The macros of this packages are divided in 2 categories:
+% \begin{itemize}
+% \item \textbf{direct macros} : that will take as input the CVSS base score and give you the result
+% \item \textbf{indirect macros} : that are intermediary, in the way that they only compute a form based on the precedent one.
+% \end{itemize}
+%
+% \subsection{Direct Macros}
+% \begin{function}{\cvssScore}
+ % \begin{syntax}
+ % \cs{cvssScore} \Arg{CVSS string}
+ % \end{syntax}
+% This is the main macro of this package, responsible for computing the base CVSS 3.1 score of an \marg{input vector} (without \texttt{CVSS3.1/}). The output of this macro is a floating point CVSS score, for example \texttt{5.4}.
+% \end{function}
+%
+% \noindent\llap{\bfseries \textcolor{red}{Important!}\qquad}\indent
+% \textbf{The CVSS vector string must be stripped from the \texttt{CVSS3.1/}!}
+%
+%
+% \begin{verbatim}
+% \cvssScore{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}
+% \end{verbatim}
+%
+% This will output the following CVSS base score: \texttt{\cvssScore{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}}
+%
+%
+% \begin{function}{\cvssScorepretty}
+ % \begin{syntax}
+ % \cs{cvssScorepretty} \Arg{CVSS string}
+ % \end{syntax}
+ % This macro will print a \textbf{colored} base CVSS 3.1 score of an \marg{input vector} (without \texttt{CVSS3.1/}). The output of this macro is a floating point CVSS score.
+ % \end{function}
+%
+% \begin{verbatim}
+% \cvssScorepretty{AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N}
+% \end{verbatim}
+%
+% This will output the following CVSS score: \cvssScorepretty{AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N}
+%
+%
+% \begin{function}{\cvssLevel}
+ % \begin{syntax}
+ % \cs{cvssLevel} \Arg{CVSS string}
+ % \end{syntax}
+% This macro will output the CVSS level from an \marg{input vector} (without \texttt{CVSS3.1/}), for example \texttt{Info}.
+% \end{function}
+%
+% \begin{verbatim}
+% \cvssLevel{AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N}
+% \end{verbatim}
+%
+% This will output the following CVSS level: \cvssLevel{AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N}
+%
+%
+% \begin{function}{\cvssLevelpretty}
+ % \begin{syntax}
+ % \cs{cvssLevelpretty} \Arg{CVSS string}
+ % \end{syntax}
+% This macro will output the \textbf{colored} CVSS level from an \marg{input vector} (without \texttt{CVSS3.1/}).
+% \end{function}
+%
+% \begin{verbatim}
+% \cvssLevelpretty{AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N}
+% \end{verbatim}
+%
+% This will output the following CVSS level: \cvssLevelpretty{AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N}
+%
+%
+% \begin{function}{\cvssTag}
+ % \begin{syntax}
+ % \cs{cvssTag} \Arg{CVSS string}
+ % \end{syntax}
+% This macro will output a colored tag with the CVSS level inside, from an \marg{input vector} (without \texttt{CVSS3.1/}).
+% \end{function}
+%
+% \begin{verbatim}
+% \cvssTag{AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N}
+% \end{verbatim}
+%
+% This will output the following CVSS level: \cvssTag{AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N}.
+%
+%
+% \begin{function}{\cvssPrint}
+ % \begin{syntax}
+ % \cs{cvssPrint} \Arg{CVSS string}
+ % \end{syntax}
+ % This macro will print all details of a CVSS string: colored level, score, and hyperlink to FIRST calculator, from an \marg{input vector} (without \texttt{CVSS3.1/}).
+ % \end{function}
+%
+% \begin{verbatim}
+% \cvssPrint{AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H}
+% \end{verbatim}
+%
+% This will output the following CVSS level:
+%
+% \cvssPrint{AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H}
+%
+%
+%
+% \subsection{Indirect Macros}
+%
+% \changes{v1.0}{2022/11/03}{First public release}
+%
+% \begin{function}{\category}
+ % \begin{syntax}
+ % \cs{category} \Arg{CVSS score}
+ % \end{syntax}
+% This macro will output the CVSS category (None, Info, Low, Medium, High or Critical) based on the input CVSS vector passed as argument \marg{numerical score}. The mandatory argument is a floating point CVSS score, for example \texttt{5.4}.
+% \end{function}
+%
+% \begin{verbatim}
+% \category{9.9}
+% \end{verbatim}
+%
+% This will output the following scope: \category{9.9}.
+%
+%
+% \begin{function}{\cvssFrame}
+ % \begin{syntax}
+ % \cs{cvssFrame} \Arg{CVSS score}
+ % \end{syntax}
+ % This macro will output a CVSS tag based on a CVSS \textbf{level} passed as argument. The mandatory argument must be one of the defined CVSS levels (None, Info, Low, Medium, High or Critical), for example \texttt{Info}.
+ % \end{function}
+%
+% \begin{verbatim}
+% \cvssFrame{High}
+% \end{verbatim}
+%
+% This will output the following tag: \cvssFrame{High}.
+%
+%
+
+% \section{Examples}
+%
+% \subsection{Direct Form}
+
+%\begin{minipage}{.75\textwidth}
+ % \begin{verbatim}
+%\\cvssScore{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}
+ % \end{verbatim}
+ %\end{minipage}%
+%\begin{minipage}{0.25\textwidth}
+%\cvssScore{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}
+ %\end{minipage}
+
+%\begin{minipage}{.75\textwidth}
+ % \begin{verbatim}
+%\\cvssLevel{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}
+ % \end{verbatim}
+ %\end{minipage}%
+%\begin{minipage}{0.25\textwidth}
+%\cvssLevel{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}
+ %\end{minipage}
+
+
+%\begin{minipage}{.75\textwidth}
+ % \begin{verbatim}
+%\\cvssLevelpretty{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H}
+ % \end{verbatim}
+ %\end{minipage}%
+%\begin{minipage}{0.25\textwidth}
+%\cvssLevelpretty{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H}
+ %\end{minipage}
+
+%\begin{minipage}{.75\textwidth}
+ % \begin{verbatim}
+%\\cvssTag{AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H}
+ % \end{verbatim}
+ %\end{minipage}%
+%\begin{minipage}{0.25\textwidth}
+%\cvssTag{AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H}
+ %\end{minipage}
+
+%
+% The vuln has a \textbf{\cvssLevel{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}}-level and we can output it inline.
+%\subsection{Imbricated Form}
+
+%\begin{minipage}{.5\textwidth}
+ % \begin{verbatim}
+ %\cvssFrame{Low}
+ % \end{verbatim}
+ %\end{minipage}%
+%\begin{minipage}{0.5\textwidth}
+ %\cvssFrame{Low}
+%\end{minipage}
+
+%\begin{minipage}{.5\textwidth}
+% \begin{verbatim}
+ %\category{9.9}
+% \end{verbatim}
+%\end{minipage}%
+%\begin{minipage}{0.5\textwidth}
+ %\category{9.9}
+%\end{minipage}
+%
+% We can even combine them:
+% \begin{verbatim}
+%\\category{\cvssScore{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}}
+% \end{verbatim}
+%
+%And this outputs: \category{\cvssScore{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}}
+%
+% \begin{verbatim}
+%\\cvssFrame{\category{\cvssScore{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}}}
+% \end{verbatim}
+% And the result is: %\cvssFrame{\category{\cvssScore{AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N}}}
+%
+%\subsection{Test Computations}
+% \begin{verbatim}
+% Should be 7.3: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L}
+%
+% Should be 8.3: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L}
+%
+% Should be 9.9: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H}
+%
+% Should be 9.9: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L}
+%
+% Should be 7.2: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N}
+%
+% Should be 7.1: \cvssScore{AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L}
+%
+% Should be 5.8: \cvssScore{AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L}
+%
+% Should be 5.5: \cvssScore{AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L}
+%
+% Should be 5.1: \cvssScore{AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L}
+%
+% Should be 4.3: \cvssScore{AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L}
+%
+% Should be 2.4: \cvssScore{AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N}
+%
+% Should be 0.0: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N}
+% \end{verbatim}
+%
+% And the results of the computations:
+%
+%Should be 7.3: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L}
+%
+%Should be 8.3: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L}%
+%
+%Should be 9.9: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H}%
+%
+%Should be 9.9: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L}%
+%
+%Should be 7.2: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N}%
+%
+%Should be 7.1: \cvssScore{AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L}%
+%
+%Should be 5.8: \cvssScore{AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L}%
+%
+%Should be 5.5: \cvssScore{AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L}%
+%
+%Should be 5.1: \cvssScore{AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L}%
+%
+%Should be 4.3: \cvssScore{AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L}%
+%
+%Should be 2.4: \cvssScore{AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N}
+%
+%Should be 0.0: \cvssScore{AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N}
+%
+% \end{documentation}
+%\newpage
+% \StopEventually{\setlength\IndexMin{200pt} \PrintIndex }
+% \begin{implementation}
+% \section{Implementation}
+% \subsection{Initial set up}
+%
+% Load the essential support (\pkg{expl3}, \pkg{tcolorbox}, \pkg{xstring} and \pkg{hyperref}).
+% \begin{macrocode}
+\RequirePackage{expl3}
+\RequirePackage[skins]{tcolorbox}
+\tcbuselibrary{xparse}
+\RequirePackage{xstring}
+\RequirePackage{hyperref}
+% \end{macrocode}
+%
+% Then, we define the thresholds:
+% \begin{macrocode}
+% These are the thresholds
+\def\scoreLow{0.1}
+\def\scoreMed{4.0}
+\def\scoreHigh{7.0}
+\def\scoreCrit{9.0}
+% \end{macrocode}
+% And finally the colors for each level (taken from the FIRST CVSS calulator website\footnote{Available at \url{https://www.first.org/cvss/calculator/3.1}})
+% \begin{macrocode}
+\definecolor{color at cvss@None}{RGB}{83, 170, 51}
+\definecolor{color at cvss@Low}{RGB}{255, 203, 13}
+\definecolor{color at cvss@Medium}{RGB}{249, 160, 9}
+\definecolor{color at cvss@High}{RGB}{223, 61, 3}
+\definecolor{color at cvss@Critical}{RGB}{204, 5, 0}
+% \end{macrocode}
+%
+% \subsection{Round up function}
+%
+% First we defined the \texttt{roundup} function\footnote{This function was inspired by the following posts: \url{https://tex.stackexchange.com/a/615358/28926}} according to the precision mentionned by FIRST (\url{https://www.first.org/cvss/specification-document Appendix A}).
+% .
+% \begin{macrocode}
+\ExplSyntaxOn
+%
+\cs_new:Npn \__CVSS_roundup:n #1 {
+ \fp_eval:n { ceil(#1,1) }
+ \fp_compare:nT { ceil(#1,1)=ceil(#1,0) } {.0}
+}
+% \end{macrocode}
+%
+% \subsection{Error messages}
+% We define some error message to help with the troubleshooting
+%
+% \begin{macrocode}
+\msg_new:nnn { CVSS } { invalid-option }{ Value~'#2'~invalid~for~#1~#3.}
+\msg_new:nnn { CVSS } { invalid-structure } { CVSS~metric~#1~is~not~correct~(#2)~#3.}
+\msg_new:nnn { CVSS } { invalid-length } { CVSS~vector~"#1"~is~badly~formatted~#2.}
+% \end{macrocode}%
+%
+%
+% \subsection{CVSS metrics parsing}
+%
+% Then we can define the numerical values for each of the CVSS metric (Attack Vector, Attack Complexity, ...).
+% This is done by checking the string value of the argument, and outputting the correpsondant value.
+% For each function, a error message is thrown if the value is not one acceptable for that metric.
+%
+% \subsubsection{Attack Vector}
+% The value for the Attack Vector can only by either \texttt{N} (None), \texttt{A} (Adjacent), \texttt{L} (Local) or \texttt{P} (Physical).
+%
+%\begin{macro}{\__CVSS_parseAV}
+% \begin{macrocode}
+\cs_new:Npn \__CVSS_parseAV:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % Network
+ { A } { 0.62 } % Adjacent
+ { L } { 0.55 } % Local
+ { P } { 0.2 } % Physical
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseAV } {#1} {\msg_line_context:} }
+}
+% \end{macrocode}%
+%\end{macro}
+%
+% \subsubsection{Attack Complexity}
+% The value for the Attack Complexity metric can only by either \texttt{L} (Low) or \texttt{H} (High).
+%
+%\begin{macro}{\__CVSS_parseAC}
+% \begin{macrocode}
+\cs_new:Npn \__CVSS_parseAC:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { H } { 0.44 } % High
+ { L } { 0.77 } % Low
+
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseAC } {#1} {\msg_line_context:} }
+}
+% \end{macrocode}
+%\end{macro}
+%
+% \subsubsection{Privileges Required}
+% The value for the Privilged Required metric can only by either \texttt{N} (None), \texttt{L} (Low) or \texttt{H} (High).
+% Hoever since the computation is different wheter the Scope is changed or not, we've defined 2 functions.
+%
+% 3 Internal macros are thus used, one per choice (Scope unchanged and Scope change), plus the function to choose which one to take into account.
+%
+%\begin{macro}{\__CVSS_parsePRScopeUnchanged}
+% \begin{macrocode}
+\cs_new:Npn \__CVSS_parsePRScopeUnchanged:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % None
+ { L } { 0.62 } % Low
+ { H } { 0.27 } % High
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parsePRScopeUnchanged } {#1} {\msg_line_context:} }
+}
+% \end{macrocode}%
+%\end{macro}
+%\begin{macro}{\__CVSS_parsePRScopeChanged}
+% \begin{macrocode}
+\cs_new:Npn \__CVSS_parsePRScopeChanged:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % None
+ { L } { 0.68 } % Low
+ { H } { 0.50 } % High
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parsePRScopeChanged } {#1} {\msg_line_context:} }
+}
+% \end{macrocode}%
+%\end{macro}
+%\begin{macro}{\__CVSS_parsePR}
+% \begin{macrocode}
+\cs_new:Npn \__CVSS_parsePR:nn #1#2
+{
+ % #1 Privilege Required
+ % #2 Scope
+ \str_case_e:nnF {#2}
+ {
+ { U } { \exp_args:Ne \__CVSS_parsePRScopeUnchanged:n {#1} }
+ { C } { \exp_args:Ne \__CVSS_parsePRScopeChanged:n {#1} }
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parsePR } {#1} {\msg_line_context:} }
+}
+% \end{macrocode}%
+%\end{macro}
+%
+% \subsubsection{User Interaction}
+% The value for the User Interaction metric can only by either \texttt{N} (None) or \texttt{R} (Required).
+%
+%\begin{macro}{\__CVSS_parseUI}
+% \begin{macrocode}
+\cs_new:Npn \__CVSS_parseUI:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % None
+ { R } { 0.62 } % Required
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseUI } {#1} {\msg_line_context:} }
+}
+
+% \end{macrocode}
+%\end{macro}
+%
+% \subsubsection{Confidentiality, Integrity and Availability}
+% The value for the Confidentiality, Integrity or Availability metrics can only by either \texttt{N} (None), \texttt{L} (Low) or \texttt{H} (High).
+% Since the values are the same for the 3 metrics, we've grouped them together.
+%
+%\begin{macro}{\__CVSS_parseCIA}
+% \begin{macrocode}
+
+\cs_new:Npn \__CVSS_parseCIA:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { H } { 0.56 }
+ { L } { 0.22 }
+ { N } { 0.00 }
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseCIA } {#1} {\msg_line_context:} }
+}
+% \end{macrocode}
+%\end{macro}
+%
+% \subsection{CVSS computation}
+% \subsubsection{Impact Sub Score (ISS)}
+% The value for the Impact Sub-Score (ISS) is conmputed from the Confidentiality, Availability and Integrity values, as follows
+%\begin{equation}
+% ISS = 1 - \Bigr[ (1 - \text{Confidentiality}) \times (1 - \text{Integrity}) \times (1 - \text{Availability}) \Bigr]
+%\end{equation}
+%
+% This equation is then translated into \TeX code :
+%
+%\begin{macro}{\__CVSS_calcISS}
+% \begin{macrocode}
+\cs_new:Npn \__CVSS_calcISS:nnn #1#2#3
+{
+ % #1 Confidentiality Impact %High H, Low L, None N
+ % #2 Integrity Impact %High H, Low L, None N
+ % #3 Availability Impact %High H, Low L, None N
+ 1 - ( (1 - (\__CVSS_parseCIA:n {#1})) * (1 - (\__CVSS_parseCIA:n {#2})) * (1 - (\__CVSS_parseCIA:n {#3})) )
+}
+% \end{macrocode}
+%\end{macro}
+%
+% \subsubsection{Impact}
+% The calculations for the impact depends whether the scope is changed or not, and will be computed differently:
+% \begin{equation}
+% \text{Impact} \rightarrow
+% \begin{cases}
+% \text{Scope Unchanged} & 6.42 \times ISS\\
+% \text{Scope Changed} & 7.52 \times (ISS - 0.029) - 3.25 \times (ISS - 0.02)^{15}\\
+% \end{cases}
+% \end{equation}
+%
+% This gives the following implementation:
+%
+%\begin{macro}{\__CVSS_calcImpact}
+% \begin{macrocode}
+\cs_new:Npn \__CVSS_calcImpact:nn #1#2
+{
+ % #1 = Scope
+ % #2 = ISS
+ % Scope Unchanged 6.42 × ISS
+ % Scope Changed 7.52 × [ISS-0.029] - 3.25 × [ISS-0.02]15
+ \str_case_e:nnF {#1}
+ {
+ { U } { \fp_eval:n { 6.42 * (#2) } } % Scope UNCHANGED
+ { C } { \fp_eval:n { 7.52 * ( (#2) - 0.029 ) - 3.25 * ( (#2) - 0.02 )^15 } } % Scope CHANGED
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { calcISC } {#1} {\msg_line_context:} }
+}%
+% \end{macrocode}
+%\end{macro}
+%
+% \subsubsection{Exploitability}
+% The equation to compute the exploitability is the following:
+% \begin{equation}
+% 8.22 \times \text{AttackVector} \times \text{AttackComplexity} \times \text{PrivilegesRequired} \times \text{UserInteraction}
+% \end{equation}
+%
+% This gives the following implementation:
+%
+%\begin{macro}{\__CVSS_calcExploitability}
+% \begin{macrocode}
+\cs_new:Npn \__CVSS_calcExploitability:nnnnn #1#2#3#4#5
+{
+ % #1 Attack Vector
+ % #2 Attack Complexity
+ % #3 Privileges Required
+ % #4 User Interaction
+ % #5 Scope
+ % 8.22 × AttackVector × AttackComplexity × PrivilegeRequired × UserInteraction
+ 8.22 * (\__CVSS_parseAV:n {#1}) * (\__CVSS_parseAC:n {#2}) * (\__CVSS_parsePR:nn {#3}{#5}) * (\__CVSS_parseUI:n {#4})%
+}
+% \end{macrocode}
+%\end{macro}
+%
+% \subsubsection{CVSS Base Score}
+% Now that all the pre-requisites are calculated, we can compute the CVSS base score as follows:
+% \begin{equation}
+% \text{Base Score} =
+% \begin{cases}
+% 0 & \text{if Impact $\geq 0$ } \\
+% Roundup \Bigr( min \bigr[(\text{Impact} + \text{Exploitability}), 10\bigr]\Bigr) & \text{if Scope is Unchanged} \\
+% Roundup \Bigr(min \bigr[1.08 \times (\text{Impact} + \text{Exploitability}), 10\bigr]\Bigr) & \text{if Scope is changed}
+% \end{cases}
+%\end{equation}
+%
+% This gives the following implementation:
+%
+%\begin{macro}{\__CVSS_cvssBaseScore}
+% \begin{macrocode}
+\cs_new:Npn \__CVSS_cvssBaseScore:nnnnnnnn #1#2#3#4#5#6#7#8 {
+ % #1 Attack Vector %Network N, Adjacent A, Local L, Physical P
+ % #2 Attack Complexity %Low L, High H
+ % #3 Privileges Required %None N, Low L, High H
+ % #4 User Interaction %None N, Required R
+ % #5 Scope %Unchanged U, Changed C
+ % #6 Confidentiality Impact %High H, Low L, None N
+ % #7 Integrity Impact %High H, Low L, None N
+ % #8 Availability Impact %High H, Low L, None N
+ %
+ \fp_compare:nTF { \exp_args:Ne \__CVSS_calcImpact:nn {#5}{\exp_args:Ne \__CVSS_calcISS:nnn {#6}{#7}{#8}} <= 0 }
+ % IF ISC <=0
+ {
+ % ISC <=0
+ 0.0
+ }{
+ % ISC > 0
+ \str_case_e:nnF {#5}
+ {
+ { U } { % SCOPE UNCHANGED
+ \fp_eval:n { \__CVSS_roundup:n { min( ((\__CVSS_calcImpact:nn {#5}{\__CVSS_calcISS:nnn {#6}{#7}{#8}}) + (\__CVSS_calcExploitability:nnnnn {#1}{#2}{#3}{#4}{#5})), 10) } }%
+ }
+ { C } { % SCOPE CHANGED
+ \fp_eval:n { \__CVSS_roundup:n { min( (1.08 * ((\__CVSS_calcImpact:nn {#5}{\__CVSS_calcISS:nnn {#6}{#7}{#8}}) + (\__CVSS_calcExploitability:nnnnn {#1}{#2}{#3}{#4}{#5}))), 10) } }%
+ }
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseScope } {#1} {\msg_line_context:} }
+ }%
+}
+% \end{macrocode}
+%\end{macro}
+%
+% \subsubsection{CVSS Base Score}
+% Now we can use a macro to check the validity of the CVSS string and \textbf{finally} call \texttt{\textbackslash{}__CVSS_cvssBaseScore} internally.
+% This is the most important macro of this whole package, and is expandable.
+%
+%\begin{macro}{\cvssScore}
+% \begin{macrocode}
+\NewExpandableDocumentCommand \cvssScore { m }{%
+
+ % Check that there are 35 chars
+ \int_compare:nNnTF { \str_count_ignore_spaces:n {#1} } = {35}{}{
+ \msg_error:nnxx{CVSS}{invalid-length}{#1}{\msg_line_context:}
+ }
+ % Check AV value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {1} {3}} {AV:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{AV}{\str_range:nnn {#1} {1} {3}}{\msg_line_context:}
+ }
+
+ % Check AC value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {5} {8}} {/AC:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{AC}{\str_range:nnn {#1} {5} {8}}{\msg_line_context:}
+ }
+
+
+ % Check PR value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {10} {13}} {/PR:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{PR}{\str_range:nnn {#1} {10} {13}}{\msg_line_context:}
+ }
+
+ % Check UI value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {15} {18}} {/UI:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{UI}{\str_range:nnn {#1} {15} {18}}{\msg_line_context:}
+ }
+
+ % Check S value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {20} {22}} {/S:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{S}{\str_range:nnn {#1} {20} {22}}{\msg_line_context:}
+ }
+
+ % Check I value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {24} {26}} {/C:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{C}{\str_range:nnn {#1} {24} {26}}{\msg_line_context:}
+ }
+
+ % Check I value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {28} {30}} {/I:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{I}{\str_range:nnn {#1} {28} {30}}{\msg_line_context:}
+ }
+
+ % Check A value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {32} {34}} {/A:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{A}{\str_range:nnn {#1} {32} {34}}{\msg_line_context:}
+ }
+
+ \exp_args:Ne \__CVSS_cvssBaseScore:nnnnnnnn
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 4 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 9 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 14 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 19 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 23 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 27 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 31 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 35 } }
+
+}%
+\ExplSyntaxOff
+% \end{macrocode}
+%\end{macro}
+%
+% \subsection{CVSS levels}
+% Since we can compute the numerical score of a given CVSS string, we can now get the classification of a CVSS vector using the
+% FIRST terminology :
+%\begin{table}[!ht]
+% \centering
+% \begin{tabular}{cc}
+% \hline
+% \textbf{Rating} & \textbf{CVSS Score} \\ \hline
+% None & $0.0$ \\
+% Low & $0.1 - 3.9$ \\
+% Medium & $4.0 - 6.9$ \\
+% High & $7.0 - 8.9$ \\
+% Critical & $9.0 - 10.0$ \\ \hline
+% \end{tabular}
+%\end{table}
+%
+% Then we can build our switch case to assign a level to the numerical CVSS score
+%\begin{macro}{\category}
+% This macro will output a CVSS level based on the numerical CVSS score.
+% \begin{macrocode}
+\ExplSyntaxOn
+\NewExpandableDocumentCommand \category { m }{%
+ \fp_compare:nNnTF {#1}<{\scoreLow}{None}
+ {
+ \fp_compare:nNnTF{#1}<{\scoreMed}{Low}
+ {
+ \fp_compare:nNnTF{#1}<{\scoreHigh}{Medium}
+ {
+ \fp_compare:nNnTF{#1}<{\scoreCrit}{High}
+ {Critical}
+ }%
+ }%
+ }%
+}%
+\ExplSyntaxOff
+% \end{macrocode}
+% We can even have a colored version of the score.
+%\begin{macro}{\cvssScorepretty}
+% This macro will output the \textbf{colored} CVSS level based on the CVSS vector.
+% \begin{macrocode}
+\newcommand{\cvssScorepretty}[1]{%
+ \def\CVSScategory{\category{\cvssScore{#1}}}%
+ \textcolor{color at cvss@\CVSScategory}{\cvssScore{#1}}%
+}%
+% \end{macrocode}
+%\end{macro}
+%\end{macro}
+% We have also built a macro that will output the CVSS level based on the CVSS string, that combines \texttt{\textbackslash{}cvssScore} and \texttt{\textbackslash{}category}:
+%\begin{macro}{\cvssLevel}
+% This macro will output a CVSS level based on the numerical CVSS score.
+% \begin{macrocode}
+\newcommand{\cvssLevel}[1]{%
+ \def\CVSSscore{\cvssScore{#1}}%
+ \category{\CVSSscore}%
+}%
+% \end{macrocode}
+%\end{macro}
+% And we can even have a colored version of this level.
+%\begin{macro}{\cvssLevelpretty}
+% This macro will output the \textbf{colored} CVSS level based on the numerical CVSS score.
+% \begin{macrocode}
+\newcommand{\cvssLevelpretty}[1]{%
+ \def\CVSScategory{\category{\cvssScore{#1}}}%
+ \textcolor{color at cvss@\CVSScategory}{\CVSScategory}%
+}%
+% \end{macrocode}
+%\end{macro}
+% \subsection{Fancy prints}
+% \subsubsection{Framed CVSS Level}
+% For nice display of the CVSS score we created also tags, that can be used to highlight the CVSS score.
+%\begin{macro}{\cvssFrame}
+% First, we define \texttt{cvssFrame}, a type of \texttt{tcolorbox} we are going to use:
+% \begin{macrocode}
+\DeclareTotalTCBox{\cvssFrame}{m}{
+ enhanced,nobeforeafter,
+ tcbox raise base,
+ boxrule=0.4pt,
+ top=0mm,bottom=0mm,right=1mm,left=1mm,
+ arc=1pt,
+ boxsep=2pt,
+ colframe=color at cvss@#1,
+ colback=tcbcolframe,
+ coltext=black,
+}{#1}%
+
+\MakeRobust\cvssFrame
+% \end{macrocode}
+%\end{macro}
+%
+% Then we can call this box in conjunction with \texttt{cvssScore}.
+%\begin{macro}{\cvssTag}
+% This macro will output the \textbf{colored} CVSS level based on the numerical CVSS score.
+% \begin{macrocode}
+\newcommand{\cvssTag}[1]{%
+ \def\CVSSscore{\cvssScore{#1}}%
+ \cvssFrame{\category{\CVSSscore}}%
+}%
+% \end{macrocode}
+%\end{macro}
+%
+% \subsubsection{Full CVSS display}
+% We can even have a nice all-in display of the category, the scrore and a hyperlink to the FIRST calculator using a combination of all the functions we've defined:
+%\begin{macro}{\cvssPrint}
+% This macro will output the \textbf{colored} CVSS level based on the numerical CVSS score.
+% \begin{macrocode}
+\newcommand{\cvssPrint}[1]{%
+ \def\CVSSscore{\cvssScore{#1}}
+ \cvssFrame{\category{\CVSSscore}} \quad \CVSSscore \quad%
+ \href{https://www.first.org/cvss/calculator/3.1\#CVSS:3.1/#1}{CVSS:3.1/#1}
+}%
+% \end{macrocode}
+%\end{macro}
+
+% \end{implementation}
+% \Finale
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\endinput
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\ No newline at end of file
Property changes on: trunk/Master/texmf-dist/source/latex/cvss/cvss.dtx
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: trunk/Master/texmf-dist/source/latex/cvss/cvss.ins
===================================================================
--- trunk/Master/texmf-dist/source/latex/cvss/cvss.ins (rev 0)
+++ trunk/Master/texmf-dist/source/latex/cvss/cvss.ins 2022-11-10 20:21:57 UTC (rev 64985)
@@ -0,0 +1,403 @@
+%%
+%% This is file `cvss.ins',
+%% generated with the docstrip utility.
+%%
+%% The original source files were:
+%%
+%% cvss.dtx (with options: `install')
+%% ----------------------------------------------------------------
+%% cvss --- A package to compute and display CVSS base scores
+%% E-mail: pierre at vivegnis.be
+%% Released under the LaTeX Project Public License v1.3c or later
+%% See http://www.latex-project.org/lppl.txt
+%% ----------------------------------------------------------------
+%%
+\input docstrip.tex
+\keepsilent
+\askforoverwritefalse
+\preamble
+----------------------------------------------------------------
+cvss --- A package to compute and display CVSS base scores
+E-mail: pierre at vivegnis.be
+Released under the LaTeX Project Public License v1.3c or later
+See http://www.latex-project.org/lppl.txt
+----------------------------------------------------------------
+
+\endpreamble
+\postamble
+
+Copyright (C) 2022 by Pierre VIVEGNIS <pierre at vivegnis.be>
+
+This work may be distributed and/or modified under the
+conditions of the LaTeX Project Public License (LPPL), either
+version 1.3c of this license or (at your option) any later
+version. The latest version of this license is in the file:
+
+http://www.latex-project.org/lppl.txt
+
+This work is "maintained" (as per LPPL maintenance status) by
+Pierre VIVEGNIS.
+
+This work consists of the file cvss.dtx
+and the derived files cvss.ins,
+ cvss.pdf and
+ cvss.sty.
+
+\endpostamble
+\usedir{tex/latex/cvss}
+\generate{
+ \file{\jobname.sty}{\from{\jobname.dtx}{package}}
+}
+\endbatchfile
+ % \begin{syntax}
+ % \cs{cvssScore} \Arg{CVSS string}
+ % \end{syntax}
+ % \begin{syntax}
+ % \cs{cvssScorepretty} \Arg{CVSS string}
+ % \end{syntax}
+ % This macro will print a \textbf{colored} base CVSS 3.1 score of an \marg{input vector} (without \texttt{CVSS3.1/}). The output of this macro is a floating point CVSS score.
+ % \end{function}
+ % \begin{syntax}
+ % \cs{cvssLevel} \Arg{CVSS string}
+ % \end{syntax}
+ % \begin{syntax}
+ % \cs{cvssLevelpretty} \Arg{CVSS string}
+ % \end{syntax}
+ % \begin{syntax}
+ % \cs{cvssTag} \Arg{CVSS string}
+ % \end{syntax}
+ % \begin{syntax}
+ % \cs{cvssPrint} \Arg{CVSS string}
+ % \end{syntax}
+ % This macro will print all details of a CVSS string: colored level, score, and hyperlink to FIRST calculator, from an \marg{input vector} (without \texttt{CVSS3.1/}).
+ % \end{function}
+ % \begin{syntax}
+ % \cs{category} \Arg{CVSS score}
+ % \end{syntax}
+ % \begin{syntax}
+ % \cs{cvssFrame} \Arg{CVSS score}
+ % \end{syntax}
+ % This macro will output a CVSS tag based on a CVSS \textbf{level} passed as argument. The mandatory argument must be one of the defined CVSS levels (None, Info, Low, Medium, High or Critical), for example \texttt{Info}.
+ % \end{function}
+
+
+ % \begin{verbatim}
+ % \end{verbatim}
+ %\end{minipage}%
+ %\end{minipage}
+
+ % \begin{verbatim}
+ % \end{verbatim}
+ %\end{minipage}%
+ %\end{minipage}
+
+ % \begin{verbatim}
+ % \end{verbatim}
+ %\end{minipage}%
+ %\end{minipage}
+
+ % \begin{verbatim}
+ % \end{verbatim}
+ %\end{minipage}%
+ %\end{minipage}
+
+
+ % \begin{verbatim}
+ %\cvssFrame{Low}
+ % \end{verbatim}
+ %\end{minipage}%
+ %\cvssFrame{Low}
+
+ %\category{9.9}
+ %\category{9.9}
+\RequirePackage{expl3}
+\RequirePackage[skins]{tcolorbox}
+\tcbuselibrary{xparse}
+\RequirePackage{xstring}
+\RequirePackage{hyperref}
+\def\scoreLow{0.1}
+\def\scoreMed{4.0}
+\def\scoreHigh{7.0}
+\def\scoreCrit{9.0}
+\definecolor{color at cvss@None}{RGB}{83, 170, 51}
+\definecolor{color at cvss@Low}{RGB}{255, 203, 13}
+\definecolor{color at cvss@Medium}{RGB}{249, 160, 9}
+\definecolor{color at cvss@High}{RGB}{223, 61, 3}
+\definecolor{color at cvss@Critical}{RGB}{204, 5, 0}
+\ExplSyntaxOn
+\cs_new:Npn \__CVSS_roundup:n #1 {
+ \fp_eval:n { ceil(#1,1) }
+ \fp_compare:nT { ceil(#1,1)=ceil(#1,0) } {.0}
+}
+\msg_new:nnn { CVSS } { invalid-option }{ Value~'#2'~invalid~for~#1~#3.}
+\msg_new:nnn { CVSS } { invalid-structure } { CVSS~metric~#1~is~not~correct~(#2)~#3.}
+\msg_new:nnn { CVSS } { invalid-length } { CVSS~vector~"#1"~is~badly~formatted~#2.}
+\cs_new:Npn \__CVSS_parseAV:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % Network
+ { A } { 0.62 } % Adjacent
+ { L } { 0.55 } % Local
+ { P } { 0.2 } % Physical
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseAV } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_parseAC:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { H } { 0.44 } % High
+ { L } { 0.77 } % Low
+
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseAC } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_parsePRScopeUnchanged:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % None
+ { L } { 0.62 } % Low
+ { H } { 0.27 } % High
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parsePRScopeUnchanged } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_parsePRScopeChanged:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % None
+ { L } { 0.68 } % Low
+ { H } { 0.50 } % High
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parsePRScopeChanged } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_parsePR:nn #1#2
+{
+ % #1 Privilege Required
+ % #2 Scope
+ \str_case_e:nnF {#2}
+ {
+ { U } { \exp_args:Ne \__CVSS_parsePRScopeUnchanged:n {#1} }
+ { C } { \exp_args:Ne \__CVSS_parsePRScopeChanged:n {#1} }
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parsePR } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_parseUI:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % None
+ { R } { 0.62 } % Required
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseUI } {#1} {\msg_line_context:} }
+}
+
+
+\cs_new:Npn \__CVSS_parseCIA:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { H } { 0.56 }
+ { L } { 0.22 }
+ { N } { 0.00 }
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseCIA } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_calcISS:nnn #1#2#3
+{
+ % #1 Confidentiality Impact %High H, Low L, None N
+ % #2 Integrity Impact %High H, Low L, None N
+ % #3 Availability Impact %High H, Low L, None N
+ 1 - ( (1 - (\__CVSS_parseCIA:n {#1})) * (1 - (\__CVSS_parseCIA:n {#2})) * (1 - (\__CVSS_parseCIA:n {#3})) )
+}
+\cs_new:Npn \__CVSS_calcImpact:nn #1#2
+{
+ % #1 = Scope
+ % #2 = ISS
+ % Scope Unchanged 6.42 × ISS
+ % Scope Changed 7.52 × [ISS-0.029] - 3.25 × [ISS-0.02]15
+ \str_case_e:nnF {#1}
+ {
+ { U } { \fp_eval:n { 6.42 * (#2) } } % Scope UNCHANGED
+ { C } { \fp_eval:n { 7.52 * ( (#2) - 0.029 ) - 3.25 * ( (#2) - 0.02 )^15 } } % Scope CHANGED
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { calcISC } {#1} {\msg_line_context:} }
+}%
+\cs_new:Npn \__CVSS_calcExploitability:nnnnn #1#2#3#4#5
+{
+ % #1 Attack Vector
+ % #2 Attack Complexity
+ % #3 Privileges Required
+ % #4 User Interaction
+ % #5 Scope
+ % 8.22 × AttackVector × AttackComplexity × PrivilegeRequired × UserInteraction
+ 8.22 * (\__CVSS_parseAV:n {#1}) * (\__CVSS_parseAC:n {#2}) * (\__CVSS_parsePR:nn {#3}{#5}) * (\__CVSS_parseUI:n {#4})%
+}
+\cs_new:Npn \__CVSS_cvssBaseScore:nnnnnnnn #1#2#3#4#5#6#7#8 {
+ % #1 Attack Vector %Network N, Adjacent A, Local L, Physical P
+ % #2 Attack Complexity %Low L, High H
+ % #3 Privileges Required %None N, Low L, High H
+ % #4 User Interaction %None N, Required R
+ % #5 Scope %Unchanged U, Changed C
+ % #6 Confidentiality Impact %High H, Low L, None N
+ % #7 Integrity Impact %High H, Low L, None N
+ % #8 Availability Impact %High H, Low L, None N
+ %
+ \fp_compare:nTF { \exp_args:Ne \__CVSS_calcImpact:nn {#5}{\exp_args:Ne \__CVSS_calcISS:nnn {#6}{#7}{#8}} <= 0 }
+ % IF ISC <=0
+ {
+ % ISC <=0
+ 0.0
+ }{
+ % ISC > 0
+ \str_case_e:nnF {#5}
+ {
+ { U } { % SCOPE UNCHANGED
+ \fp_eval:n { \__CVSS_roundup:n { min( ((\__CVSS_calcImpact:nn {#5}{\__CVSS_calcISS:nnn {#6}{#7}{#8}}) + (\__CVSS_calcExploitability:nnnnn {#1}{#2}{#3}{#4}{#5})), 10) } }%
+ }
+ { C } { % SCOPE CHANGED
+ \fp_eval:n { \__CVSS_roundup:n { min( (1.08 * ((\__CVSS_calcImpact:nn {#5}{\__CVSS_calcISS:nnn {#6}{#7}{#8}}) + (\__CVSS_calcExploitability:nnnnn {#1}{#2}{#3}{#4}{#5}))), 10) } }%
+ }
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseScope } {#1} {\msg_line_context:} }
+ }%
+}
+\NewExpandableDocumentCommand \cvssScore { m }{%
+
+ % Check that there are 35 chars
+ \int_compare:nNnTF { \str_count_ignore_spaces:n {#1} } = {35}{}{
+ \msg_error:nnxx{CVSS}{invalid-length}{#1}{\msg_line_context:}
+ }
+ % Check AV value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {1} {3}} {AV:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{AV}{\str_range:nnn {#1} {1} {3}}{\msg_line_context:}
+ }
+
+ % Check AC value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {5} {8}} {/AC:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{AC}{\str_range:nnn {#1} {5} {8}}{\msg_line_context:}
+ }
+
+ % Check PR value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {10} {13}} {/PR:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{PR}{\str_range:nnn {#1} {10} {13}}{\msg_line_context:}
+ }
+
+ % Check UI value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {15} {18}} {/UI:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{UI}{\str_range:nnn {#1} {15} {18}}{\msg_line_context:}
+ }
+
+ % Check S value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {20} {22}} {/S:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{S}{\str_range:nnn {#1} {20} {22}}{\msg_line_context:}
+ }
+
+ % Check I value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {24} {26}} {/C:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{C}{\str_range:nnn {#1} {24} {26}}{\msg_line_context:}
+ }
+
+ % Check I value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {28} {30}} {/I:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{I}{\str_range:nnn {#1} {28} {30}}{\msg_line_context:}
+ }
+
+ % Check A value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {32} {34}} {/A:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{A}{\str_range:nnn {#1} {32} {34}}{\msg_line_context:}
+ }
+
+ \exp_args:Ne \__CVSS_cvssBaseScore:nnnnnnnn
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 4 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 9 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 14 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 19 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 23 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 27 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 31 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 35 } }
+
+}%
+\ExplSyntaxOff
+\ExplSyntaxOn
+\NewExpandableDocumentCommand \category { m }{%
+ \fp_compare:nNnTF {#1}<{\scoreLow}{None}
+ {
+ \fp_compare:nNnTF{#1}<{\scoreMed}{Low}
+ {
+ \fp_compare:nNnTF{#1}<{\scoreHigh}{Medium}
+ {
+ \fp_compare:nNnTF{#1}<{\scoreCrit}{High}
+ {Critical}
+ }%
+ }%
+ }%
+}%
+\ExplSyntaxOff
+\newcommand{\cvssScorepretty}[1]{%
+ \def\CVSScategory{\category{\cvssScore{#1}}}%
+ \textcolor{color at cvss@\CVSScategory}{\cvssScore{#1}}%
+}%
+\newcommand{\cvssLevel}[1]{%
+ \def\CVSSscore{\cvssScore{#1}}%
+ \category{\CVSSscore}%
+}%
+\newcommand{\cvssLevelpretty}[1]{%
+ \def\CVSScategory{\category{\cvssScore{#1}}}%
+ \textcolor{color at cvss@\CVSScategory}{\CVSScategory}%
+}%
+\DeclareTotalTCBox{\cvssFrame}{m}{
+ enhanced,nobeforeafter,
+ tcbox raise base,
+ boxrule=0.4pt,
+ top=0mm,bottom=0mm,right=1mm,left=1mm,
+ arc=1pt,
+ boxsep=2pt,
+ colframe=color at cvss@#1,
+ colback=tcbcolframe,
+ coltext=black,
+}{#1}%
+
+\MakeRobust\cvssFrame
+\newcommand{\cvssTag}[1]{%
+ \def\CVSSscore{\cvssScore{#1}}%
+ \cvssFrame{\category{\CVSSscore}}%
+}%
+\newcommand{\cvssPrint}[1]{%
+ \def\CVSSscore{\cvssScore{#1}}
+ \cvssFrame{\category{\CVSSscore}} \quad \CVSSscore \quad%
+ \href{https://www.first.org/cvss/calculator/3.1\#CVSS:3.1/#1}{CVSS:3.1/#1}
+}%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%
+%% Copyright (C) 2022 by Pierre VIVEGNIS <pierre at vivegnis.be>
+%%
+%% This work may be distributed and/or modified under the
+%% conditions of the LaTeX Project Public License (LPPL), either
+%% version 1.3c of this license or (at your option) any later
+%% version. The latest version of this license is in the file:
+%%
+%% http://www.latex-project.org/lppl.txt
+%%
+%% This work is "maintained" (as per LPPL maintenance status) by
+%% Pierre VIVEGNIS.
+%%
+%% This work consists of the file cvss.dtx
+%% and the derived files cvss.ins,
+%% cvss.pdf and
+%% cvss.sty.
+%%
+%%
+%% End of file `cvss.ins'.
Added: trunk/Master/texmf-dist/tex/latex/cvss/cvss.sty
===================================================================
--- trunk/Master/texmf-dist/tex/latex/cvss/cvss.sty (rev 0)
+++ trunk/Master/texmf-dist/tex/latex/cvss/cvss.sty 2022-11-10 20:21:57 UTC (rev 64985)
@@ -0,0 +1,368 @@
+%%
+%% This is file `cvss.sty',
+%% generated with the docstrip utility.
+%%
+%% The original source files were:
+%%
+%% cvss.dtx (with options: `package')
+%% ----------------------------------------------------------------
+%% cvss --- A package to compute and display CVSS base scores
+%% E-mail: pierre at vivegnis.be
+%% Released under the LaTeX Project Public License v1.3c or later
+%% See http://www.latex-project.org/lppl.txt
+%% ----------------------------------------------------------------
+%%
+\NeedsTeXFormat{LaTeX2e}
+\ProvidesPackage{cvss}[2022/11/03 First Release]
+ % \begin{syntax}
+ % \cs{cvssScore} \Arg{CVSS string}
+ % \end{syntax}
+ % \begin{syntax}
+ % \cs{cvssScorepretty} \Arg{CVSS string}
+ % \end{syntax}
+ % This macro will print a \textbf{colored} base CVSS 3.1 score of an \marg{input vector} (without \texttt{CVSS3.1/}). The output of this macro is a floating point CVSS score.
+ % \end{function}
+ % \begin{syntax}
+ % \cs{cvssLevel} \Arg{CVSS string}
+ % \end{syntax}
+ % \begin{syntax}
+ % \cs{cvssLevelpretty} \Arg{CVSS string}
+ % \end{syntax}
+ % \begin{syntax}
+ % \cs{cvssTag} \Arg{CVSS string}
+ % \end{syntax}
+ % \begin{syntax}
+ % \cs{cvssPrint} \Arg{CVSS string}
+ % \end{syntax}
+ % This macro will print all details of a CVSS string: colored level, score, and hyperlink to FIRST calculator, from an \marg{input vector} (without \texttt{CVSS3.1/}).
+ % \end{function}
+ % \begin{syntax}
+ % \cs{category} \Arg{CVSS score}
+ % \end{syntax}
+ % \begin{syntax}
+ % \cs{cvssFrame} \Arg{CVSS score}
+ % \end{syntax}
+ % This macro will output a CVSS tag based on a CVSS \textbf{level} passed as argument. The mandatory argument must be one of the defined CVSS levels (None, Info, Low, Medium, High or Critical), for example \texttt{Info}.
+ % \end{function}
+
+
+ % \begin{verbatim}
+ % \end{verbatim}
+ %\end{minipage}%
+ %\end{minipage}
+
+ % \begin{verbatim}
+ % \end{verbatim}
+ %\end{minipage}%
+ %\end{minipage}
+
+ % \begin{verbatim}
+ % \end{verbatim}
+ %\end{minipage}%
+ %\end{minipage}
+
+ % \begin{verbatim}
+ % \end{verbatim}
+ %\end{minipage}%
+ %\end{minipage}
+
+
+ % \begin{verbatim}
+ %\cvssFrame{Low}
+ % \end{verbatim}
+ %\end{minipage}%
+ %\cvssFrame{Low}
+
+ %\category{9.9}
+ %\category{9.9}
+\RequirePackage{expl3}
+\RequirePackage[skins]{tcolorbox}
+\tcbuselibrary{xparse}
+\RequirePackage{xstring}
+\RequirePackage{hyperref}
+\def\scoreLow{0.1}
+\def\scoreMed{4.0}
+\def\scoreHigh{7.0}
+\def\scoreCrit{9.0}
+\definecolor{color at cvss@None}{RGB}{83, 170, 51}
+\definecolor{color at cvss@Low}{RGB}{255, 203, 13}
+\definecolor{color at cvss@Medium}{RGB}{249, 160, 9}
+\definecolor{color at cvss@High}{RGB}{223, 61, 3}
+\definecolor{color at cvss@Critical}{RGB}{204, 5, 0}
+\ExplSyntaxOn
+\cs_new:Npn \__CVSS_roundup:n #1 {
+ \fp_eval:n { ceil(#1,1) }
+ \fp_compare:nT { ceil(#1,1)=ceil(#1,0) } {.0}
+}
+\msg_new:nnn { CVSS } { invalid-option }{ Value~'#2'~invalid~for~#1~#3.}
+\msg_new:nnn { CVSS } { invalid-structure } { CVSS~metric~#1~is~not~correct~(#2)~#3.}
+\msg_new:nnn { CVSS } { invalid-length } { CVSS~vector~"#1"~is~badly~formatted~#2.}
+\cs_new:Npn \__CVSS_parseAV:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % Network
+ { A } { 0.62 } % Adjacent
+ { L } { 0.55 } % Local
+ { P } { 0.2 } % Physical
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseAV } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_parseAC:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { H } { 0.44 } % High
+ { L } { 0.77 } % Low
+
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseAC } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_parsePRScopeUnchanged:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % None
+ { L } { 0.62 } % Low
+ { H } { 0.27 } % High
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parsePRScopeUnchanged } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_parsePRScopeChanged:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % None
+ { L } { 0.68 } % Low
+ { H } { 0.50 } % High
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parsePRScopeChanged } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_parsePR:nn #1#2
+{
+ % #1 Privilege Required
+ % #2 Scope
+ \str_case_e:nnF {#2}
+ {
+ { U } { \exp_args:Ne \__CVSS_parsePRScopeUnchanged:n {#1} }
+ { C } { \exp_args:Ne \__CVSS_parsePRScopeChanged:n {#1} }
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parsePR } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_parseUI:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { N } { 0.85 } % None
+ { R } { 0.62 } % Required
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseUI } {#1} {\msg_line_context:} }
+}
+
+
+\cs_new:Npn \__CVSS_parseCIA:n #1
+{
+ \str_case_e:nnF {#1}
+ {
+ { H } { 0.56 }
+ { L } { 0.22 }
+ { N } { 0.00 }
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseCIA } {#1} {\msg_line_context:} }
+}
+\cs_new:Npn \__CVSS_calcISS:nnn #1#2#3
+{
+ % #1 Confidentiality Impact %High H, Low L, None N
+ % #2 Integrity Impact %High H, Low L, None N
+ % #3 Availability Impact %High H, Low L, None N
+ 1 - ( (1 - (\__CVSS_parseCIA:n {#1})) * (1 - (\__CVSS_parseCIA:n {#2})) * (1 - (\__CVSS_parseCIA:n {#3})) )
+}
+\cs_new:Npn \__CVSS_calcImpact:nn #1#2
+{
+ % #1 = Scope
+ % #2 = ISS
+ % Scope Unchanged 6.42 × ISS
+ % Scope Changed 7.52 × [ISS-0.029] - 3.25 × [ISS-0.02]15
+ \str_case_e:nnF {#1}
+ {
+ { U } { \fp_eval:n { 6.42 * (#2) } } % Scope UNCHANGED
+ { C } { \fp_eval:n { 7.52 * ( (#2) - 0.029 ) - 3.25 * ( (#2) - 0.02 )^15 } } % Scope CHANGED
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { calcISC } {#1} {\msg_line_context:} }
+}%
+\cs_new:Npn \__CVSS_calcExploitability:nnnnn #1#2#3#4#5
+{
+ % #1 Attack Vector
+ % #2 Attack Complexity
+ % #3 Privileges Required
+ % #4 User Interaction
+ % #5 Scope
+ % 8.22 × AttackVector × AttackComplexity × PrivilegeRequired × UserInteraction
+ 8.22 * (\__CVSS_parseAV:n {#1}) * (\__CVSS_parseAC:n {#2}) * (\__CVSS_parsePR:nn {#3}{#5}) * (\__CVSS_parseUI:n {#4})%
+}
+\cs_new:Npn \__CVSS_cvssBaseScore:nnnnnnnn #1#2#3#4#5#6#7#8 {
+ % #1 Attack Vector %Network N, Adjacent A, Local L, Physical P
+ % #2 Attack Complexity %Low L, High H
+ % #3 Privileges Required %None N, Low L, High H
+ % #4 User Interaction %None N, Required R
+ % #5 Scope %Unchanged U, Changed C
+ % #6 Confidentiality Impact %High H, Low L, None N
+ % #7 Integrity Impact %High H, Low L, None N
+ % #8 Availability Impact %High H, Low L, None N
+ %
+ \fp_compare:nTF { \exp_args:Ne \__CVSS_calcImpact:nn {#5}{\exp_args:Ne \__CVSS_calcISS:nnn {#6}{#7}{#8}} <= 0 }
+ % IF ISC <=0
+ {
+ % ISC <=0
+ 0.0
+ }{
+ % ISC > 0
+ \str_case_e:nnF {#5}
+ {
+ { U } { % SCOPE UNCHANGED
+ \fp_eval:n { \__CVSS_roundup:n { min( ((\__CVSS_calcImpact:nn {#5}{\__CVSS_calcISS:nnn {#6}{#7}{#8}}) + (\__CVSS_calcExploitability:nnnnn {#1}{#2}{#3}{#4}{#5})), 10) } }%
+ }
+ { C } { % SCOPE CHANGED
+ \fp_eval:n { \__CVSS_roundup:n { min( (1.08 * ((\__CVSS_calcImpact:nn {#5}{\__CVSS_calcISS:nnn {#6}{#7}{#8}}) + (\__CVSS_calcExploitability:nnnnn {#1}{#2}{#3}{#4}{#5}))), 10) } }%
+ }
+ }
+ { \msg_error:nnxxx { CVSS } { invalid-option } { parseScope } {#1} {\msg_line_context:} }
+ }%
+}
+\NewExpandableDocumentCommand \cvssScore { m }{%
+
+ % Check that there are 35 chars
+ \int_compare:nNnTF { \str_count_ignore_spaces:n {#1} } = {35}{}{
+ \msg_error:nnxx{CVSS}{invalid-length}{#1}{\msg_line_context:}
+ }
+ % Check AV value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {1} {3}} {AV:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{AV}{\str_range:nnn {#1} {1} {3}}{\msg_line_context:}
+ }
+
+ % Check AC value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {5} {8}} {/AC:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{AC}{\str_range:nnn {#1} {5} {8}}{\msg_line_context:}
+ }
+
+ % Check PR value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {10} {13}} {/PR:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{PR}{\str_range:nnn {#1} {10} {13}}{\msg_line_context:}
+ }
+
+ % Check UI value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {15} {18}} {/UI:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{UI}{\str_range:nnn {#1} {15} {18}}{\msg_line_context:}
+ }
+
+ % Check S value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {20} {22}} {/S:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{S}{\str_range:nnn {#1} {20} {22}}{\msg_line_context:}
+ }
+
+ % Check I value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {24} {26}} {/C:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{C}{\str_range:nnn {#1} {24} {26}}{\msg_line_context:}
+ }
+
+ % Check I value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {28} {30}} {/I:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{I}{\str_range:nnn {#1} {28} {30}}{\msg_line_context:}
+ }
+
+ % Check A value
+ \str_if_eq:eeTF {\str_range:nnn {#1} {32} {34}} {/A:}
+ {} {
+ \msg_error:nnxxx{CVSS}{invalid-structure}{A}{\str_range:nnn {#1} {32} {34}}{\msg_line_context:}
+ }
+
+ \exp_args:Ne \__CVSS_cvssBaseScore:nnnnnnnn
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 4 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 9 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 14 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 19 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 23 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 27 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 31 } }
+ { \str_use:N \str_item_ignore_spaces:nn { #1 }{ 35 } }
+
+}%
+\ExplSyntaxOff
+\ExplSyntaxOn
+\NewExpandableDocumentCommand \category { m }{%
+ \fp_compare:nNnTF {#1}<{\scoreLow}{None}
+ {
+ \fp_compare:nNnTF{#1}<{\scoreMed}{Low}
+ {
+ \fp_compare:nNnTF{#1}<{\scoreHigh}{Medium}
+ {
+ \fp_compare:nNnTF{#1}<{\scoreCrit}{High}
+ {Critical}
+ }%
+ }%
+ }%
+}%
+\ExplSyntaxOff
+\newcommand{\cvssScorepretty}[1]{%
+ \def\CVSScategory{\category{\cvssScore{#1}}}%
+ \textcolor{color at cvss@\CVSScategory}{\cvssScore{#1}}%
+}%
+\newcommand{\cvssLevel}[1]{%
+ \def\CVSSscore{\cvssScore{#1}}%
+ \category{\CVSSscore}%
+}%
+\newcommand{\cvssLevelpretty}[1]{%
+ \def\CVSScategory{\category{\cvssScore{#1}}}%
+ \textcolor{color at cvss@\CVSScategory}{\CVSScategory}%
+}%
+\DeclareTotalTCBox{\cvssFrame}{m}{
+ enhanced,nobeforeafter,
+ tcbox raise base,
+ boxrule=0.4pt,
+ top=0mm,bottom=0mm,right=1mm,left=1mm,
+ arc=1pt,
+ boxsep=2pt,
+ colframe=color at cvss@#1,
+ colback=tcbcolframe,
+ coltext=black,
+}{#1}%
+
+\MakeRobust\cvssFrame
+\newcommand{\cvssTag}[1]{%
+ \def\CVSSscore{\cvssScore{#1}}%
+ \cvssFrame{\category{\CVSSscore}}%
+}%
+\newcommand{\cvssPrint}[1]{%
+ \def\CVSSscore{\cvssScore{#1}}
+ \cvssFrame{\category{\CVSSscore}} \quad \CVSSscore \quad%
+ \href{https://www.first.org/cvss/calculator/3.1\#CVSS:3.1/#1}{CVSS:3.1/#1}
+}%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%
+%% Copyright (C) 2022 by Pierre VIVEGNIS <pierre at vivegnis.be>
+%%
+%% This work may be distributed and/or modified under the
+%% conditions of the LaTeX Project Public License (LPPL), either
+%% version 1.3c of this license or (at your option) any later
+%% version. The latest version of this license is in the file:
+%%
+%% http://www.latex-project.org/lppl.txt
+%%
+%% This work is "maintained" (as per LPPL maintenance status) by
+%% Pierre VIVEGNIS.
+%%
+%% This work consists of the file cvss.dtx
+%% and the derived files cvss.ins,
+%% cvss.pdf and
+%% cvss.sty.
+%%
+%%
+%% End of file `cvss.sty'.
Property changes on: trunk/Master/texmf-dist/tex/latex/cvss/cvss.sty
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Modified: trunk/Master/tlpkg/bin/tlpkg-ctan-check
===================================================================
--- trunk/Master/tlpkg/bin/tlpkg-ctan-check 2022-11-10 20:14:47 UTC (rev 64984)
+++ trunk/Master/tlpkg/bin/tlpkg-ctan-check 2022-11-10 20:21:57 UTC (rev 64985)
@@ -233,7 +233,7 @@
ctable ctablestack ctex ctex-faq
cuprum cursolatex cuisine
currency currfile currvita curve curve2e curves
- custom-bib customdice cutwin cv cv4tw cweb-latex
+ custom-bib customdice cutwin cv cv4tw cvss cweb-latex
cyber cybercic cyklop cyrillic cyrplain
dad dancers dantelogo darkmode
dashbox dashrule dashundergaps dataref datax datatool
Modified: trunk/Master/tlpkg/tlpsrc/collection-mathscience.tlpsrc
===================================================================
--- trunk/Master/tlpkg/tlpsrc/collection-mathscience.tlpsrc 2022-11-10 20:14:47 UTC (rev 64984)
+++ trunk/Master/tlpkg/tlpsrc/collection-mathscience.tlpsrc 2022-11-10 20:21:57 UTC (rev 64985)
@@ -66,6 +66,7 @@
depend correctmathalign
depend cryptocode
depend csassignments
+depend cvss
depend decision-table
depend delim
depend delimseasy
Added: trunk/Master/tlpkg/tlpsrc/cvss.tlpsrc
===================================================================
More information about the tex-live-commits
mailing list.