Getting Started
This guide will help you get started with CVSS Parser in 5 minutes.
Installation
Install CVSS Parser using Go modules:
bash
go get github.com/scagogogo/cvssYour First Program
Create a new Go file main.go:
go
package main
import (
"fmt"
"log"
"github.com/scagogogo/cvss-parser/pkg/cvss"
"github.com/scagogogo/cvss-parser/pkg/parser"
)
func main() {
// 1. Create parser
vectorStr := "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
p := parser.NewCvss3xParser(vectorStr)
// 2. Parse CVSS vector
cvssVector, err := p.Parse()
if err != nil {
log.Fatalf("Parse failed: %v", err)
}
// 3. Create calculator
calculator := cvss.NewCalculator(cvssVector)
// 4. Calculate score
score, err := calculator.Calculate()
if err != nil {
log.Fatalf("Calculation failed: %v", err)
}
// 5. Get severity rating
severity := calculator.GetSeverityRating(score)
// 6. Output results
fmt.Printf("CVSS Vector: %s\n", vectorStr)
fmt.Printf("Base Score: %.1f\n", score)
fmt.Printf("Severity: %s\n", severity)
}Run the program:
bash
go run main.goOutput:
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score: 9.8
Severity: CriticalCore Concepts
1. CVSS Vector
A CVSS vector is a string describing vulnerability characteristics:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS:3.1- Version identifierAV:N- Attack Vector: NetworkAC:L- Attack Complexity: LowPR:N- Privileges Required: NoneUI:N- User Interaction: NoneS:U- Scope: UnchangedC:H- Confidentiality Impact: HighI:H- Integrity Impact: HighA:H- Availability Impact: High
2. Parser
The parser converts CVSS vector strings into structured objects:
go
// Create parser
parser := parser.NewCvss3xParser(vectorString)
// Parse vector
cvssVector, err := parser.Parse()3. Calculator
The calculator computes CVSS scores based on parsed vectors:
go
// Create calculator
calculator := cvss.NewCalculator(cvssVector)
// Calculate score
score, err := calculator.Calculate()Common Features
Parse Different Vector Types
go
// Base vector
basic := "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
// Vector with temporal metrics
temporal := "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C"
// Vector with environmental metrics
environmental := "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/CR:H/IR:H/AR:H"
vectors := []string{basic, temporal, environmental}
for _, vectorStr := range vectors {
p := parser.NewCvss3xParser(vectorStr)
vector, err := p.Parse()
if err != nil {
log.Printf("Parse failed %s: %v", vectorStr, err)
continue
}
calculator := cvss.NewCalculator(vector)
score, _ := calculator.Calculate()
fmt.Printf("Vector: %s\n", vectorStr)
fmt.Printf("Score: %.1f\n", score)
fmt.Printf("Severity: %s\n\n", calculator.GetSeverityRating(score))
}Get Detailed Information
go
// Get vector details
fmt.Printf("CVSS Version: %d.%d\n", cvssVector.MajorVersion, cvssVector.MinorVersion)
fmt.Printf("Attack Vector: %s\n", cvssVector.Cvss3xBase.AttackVector.GetLongValue())
fmt.Printf("Attack Complexity: %s\n", cvssVector.Cvss3xBase.AttackComplexity.GetLongValue())Vector Comparison
go
// Parse two vectors
vector1, _ := parser.NewCvss3xParser("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H").Parse()
vector2, _ := parser.NewCvss3xParser("CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L").Parse()
// Calculate distance
distCalc := cvss.NewDistanceCalculator(vector1, vector2)
distance := distCalc.EuclideanDistance()
fmt.Printf("Vector distance: %.3f\n", distance)JSON Serialization
go
import "encoding/json"
// Serialize to JSON
jsonData, err := json.MarshalIndent(cvssVector, "", " ")
if err != nil {
log.Fatal(err)
}
fmt.Println(string(jsonData))
// Deserialize from JSON
var newVector cvss.Cvss3x
err = json.Unmarshal(jsonData, &newVector)
if err != nil {
log.Fatal(err)
}Error Handling
CVSS Parser provides detailed error information:
go
vector, err := parser.Parse()
if err != nil {
switch e := err.(type) {
case *parser.ParseError:
fmt.Printf("Parse error: %s\n", e.Error())
fmt.Printf("Error position: %d\n", e.Position)
case *parser.ValidationError:
fmt.Printf("Validation error: %s\n", e.Error())
fmt.Printf("Invalid metric: %s\n", e.Metric)
default:
fmt.Printf("Unknown error: %v\n", err)
}
}Severity Levels
CVSS scores correspond to severity levels:
| Score Range | Severity Level | Description |
|---|---|---|
| 0.0 | None | No impact |
| 0.1-3.9 | Low | Low risk |
| 4.0-6.9 | Medium | Medium risk |
| 7.0-8.9 | High | High risk |
| 9.0-10.0 | Critical | Critical risk |
go
score := 7.5
severity := calculator.GetSeverityRating(score)
fmt.Printf("Score %.1f corresponds to severity: %s\n", score, severity) // HighPerformance Tips
1. Reuse Parsers
go
// Good practice: reuse parser
parser := parser.NewCvss3xParser("")
for _, vectorStr := range vectors {
parser.SetVector(vectorStr)
vector, err := parser.Parse()
// Process vector...
}2. Batch Processing
go
func processBatch(vectors []string) []float64 {
results := make([]float64, len(vectors))
for i, vectorStr := range vectors {
p := parser.NewCvss3xParser(vectorStr)
vector, err := p.Parse()
if err != nil {
continue
}
calculator := cvss.NewCalculator(vector)
score, err := calculator.Calculate()
if err != nil {
continue
}
results[i] = score
}
return results
}Next Steps
Now that you've mastered the basics, you can continue learning:
- Detailed API Documentation - Learn about all available APIs
- Example Code - See more practical usage examples
- CVSS Package Deep Dive - Understand core functionality
- Best Practices - Production environment recommendations
Getting Help
If you encounter issues:
- Check the FAQ
- Browse GitHub Issues
- Join Community Discussions