def get_y_labels(self):
max_value = self.max_value()
min_value = self.min_value()
range = max_value - min_value
top_pad = (range / 20.0) or 10
scale_range = (max_value + top_pad) - min_value
scale_division = self.scale_divisions or (scale_range / 10.0)
if self.scale_integers:
scale_division = min(1, round(scale_division))
# maxvalue = maxvalue%scale_division == 0 ?
# maxvalue : maxvalue + scale_division
labels = tuple(float_range(min_value, max_value, scale_division))
return labels
def get_data_values(self, axis): min_value, max_value, scale_division = self.data_range(axis) return tuple(float_range(*self.data_range(axis)))
def calculate_final(self):
print('Calculating Final')
writer = csv.writer(
open(self.OUTPUT_DIR + self.CONF["settings"]["csv_output"],
'w+',
newline=''))
header = [
"Plugin ID", "Name", "# Affected", "First Seen", "CVSS Score",
"sevScore", "Risk Score", "Attack Surface", "Protection",
"Availability", "Impact Score", "Final Score", "Class",
"Out of Band", "Synopsis", "Comments"
]
writer.writerow(header)
critical_types = self.CONF["settings"]['thresholds'][
"critical_types"].split(",")
outofband_types = self.CONF["settings"]['thresholds'][
"outofband_types"].split(",")
for qid in self.vuln_data.keys():
plugin = self.vuln_data[qid]
row = [qid]
outofband = "no"
risk_weight = self.weights["overall"]["risk"]
impact_weight = self.weights["overall"]["impact"]
final_score = (risk_weight * float(plugin['analysis']['risk_score'])) + \
(impact_weight * float(plugin['analysis']['impact_score']))
plugin['analysis']['final_score'] = round(final_score, 3)
critical_threshold = self.CONF["settings"]["thresholds"][
"critical"]
high_threshold = self.CONF["settings"]["thresholds"]["high"]
medium_threshold = self.CONF["settings"]["thresholds"]["medium"]
if float_range(final_score,
float(critical_threshold.split("-")[0]),
float(critical_threshold.split("-")[1])):
classification = "critical"
elif float_range(final_score, float(high_threshold.split("-")[1]),
float(critical_threshold.split("-")[0])):
for vuln_type in critical_types:
if vuln_type in plugin['analysis']['types']:
classification = "critical"
break
else:
classification = "high"
elif float_range(final_score, float(high_threshold.split("-")[0]),
float(high_threshold.split("-")[1])):
classification = "high"
elif float_range(final_score,
float(medium_threshold.split("-")[0]),
float(medium_threshold.split("-")[1])):
classification = "medium"
else:
classification = "low"
self.vuln_data[qid]['analysis']['class'] = classification
if classification == "critical":
for vuln_type in outofband_types:
if vuln_type in plugin['analysis']['types']:
if plugin['exploitability'] == "Yes":
outofband = "yes"
plugin['analysis']['outofband'] = outofband
row.append(plugin['title'])
row.append(len(plugin['hosts']))
row.append(plugin['first_seen'])
row.append(plugin['cvss'])
row.append(plugin['analysis']['sev_score'])
row.append(plugin['analysis']['risk_score'])
row.append(plugin['analysis']['attack_surface'])
row.append(plugin['analysis']['protection'])
row.append(plugin['analysis']['availability'])
row.append(plugin['analysis']['impact_score'])
row.append(round(plugin['analysis']['final_score'], 3))
row.append(classification)
row.append(outofband)
row.append(plugin['threat'] + plugin['impact'])
writer.writerow(row)
print('Calculate Final Complete')
def get_x_values(self): result = self.get_x_timescale_division_values() if result: return result return tuple(float_range(*self.x_range()))