#!/usr/bin/env python3 """ Vulnerability Matrix with CVSS Scoring Project Starlight Security Assessment Tool """ import json import datetime import math from typing import Dict, List, Optional, Any class CVSSCalculator: """CVSS v3.1 scoring calculator""" def __init__(self): self.base_metrics = { "AV": {"N": 0.85, "A": 0.62, "L": 0.55, "P": 0.2}, # Attack Vector "AC": {"L": 0.77, "H": 0.44}, # Attack Complexity "PR": {"N": 0.85, "L": 0.62, "H": 0.27}, # Privileges Required "UI": {"N": 0.85, "R": 0.62}, # User Interaction "S": {"U": 1.0, "C": 1.0}, # Scope "C": {"H": 0.56, "L": 0.22, "N": 0.0}, # Confidentiality "I": {"H": 0.56, "L": 0.22, "N": 0.0}, # Integrity "A": {"H": 0.56, "L": 0.22, "N": 0.0} # Availability } self.severity_ratings = { "NONE": (0.0, 0.0), "LOW": (0.1, 3.9), "MEDIUM": (4.0, 6.9), "HIGH": (7.0, 8.9), "CRITICAL": (9.0, 10.0) } def calculate_base_score(self, metrics: Dict[str, str]) -> float: """Calculate CVSS v3.1 base score""" try: # Extract metric values av = self.base_metrics["AV"][metrics["AV"]] ac = self.base_metrics["AC"][metrics["AC"]] pr = self.base_metrics["PR"][metrics["PR"]] ui = self.base_metrics["UI"][metrics["UI"]] scope = self.base_metrics["S"][metrics["S"]] c = self.base_metrics["C"][metrics["C"]] i = self.base_metrics["I"][metrics["I"]] a = self.base_metrics["A"][metrics["A"]] # Impact sub-score iss = 1 - ((1 - c) * (1 - i) * (1 - a)) if metrics["S"] == "U": # Unchanged scope impact = 6.42 * iss exploitability = 8.22 * av * ac * pr * ui else: # Changed scope impact = 7.52 * (iss - 0.029) - 3.25 * pow(iss - 0.02, 15) exploitability = 8.22 * av * ac * pr * ui # Base score calculation if impact <= 0: base_score = 0.0 elif metrics["S"] == "U": base_score = min(impact + exploitability, 10.0) else: base_score = min(1.08 * (impact + exploitability), 10.0) # Round to one decimal place return round(base_score * 10) / 10.0 except KeyError as e: return 0.0 def get_severity_rating(self, score: float) -> str: """Get severity rating based on CVSS score""" for rating, (min_score, max_score) in self.severity_ratings.items(): if min_score <= score <= max_score: return rating return "UNKNOWN" class VulnerabilityMatrix: """Comprehensive vulnerability matrix with risk ratings""" def __init__(self): self.cvss_calc = CVSSCalculator() self.vulnerabilities = [] def add_vulnerability(self, vuln_data: Dict[str, Any]) -> Dict[str, Any]: """Add vulnerability with calculated CVSS score""" cvss_metrics = vuln_data.get("cvss_metrics", {}) base_score = self.cvss_calc.calculate_base_score(cvss_metrics) severity = self.cvss_calc.get_severity_rating(base_score) vulnerability = { "id": vuln_data.get("id", f"VULN-{len(self.vulnerabilities) + 1:04d}"), "title": vuln_data.get("title", "Unknown Vulnerability"), "category": vuln_data.get("category", "General"), "affected_endpoint": vuln_data.get("endpoint", "Unknown"), "description": vuln_data.get("description", ""), "cvss_metrics": cvss_metrics, "cvss_base_score": base_score, "severity": severity, "attack_vector": cvss_metrics.get("AV", "N"), "attack_complexity": cvss_metrics.get("AC", "L"), "privileges_required": cvss_metrics.get("PR", "N"), "user_interaction": cvss_metrics.get("UI", "N"), "scope": cvss_metrics.get("S", "U"), "confidentiality_impact": cvss_metrics.get("C", "H"), "integrity_impact": cvss_metrics.get("I", "H"), "availability_impact": cvss_metrics.get("A", "H"), "remediation": vuln_data.get("remediation", ""), "references": vuln_data.get("references", []), "discovery_method": vuln_data.get("discovery_method", "Manual"), "discovered_date": vuln_data.get("discovered_date", datetime.datetime.now().isoformat()), "status": vuln_data.get("status", "Open"), "assignee": vuln_data.get("assignee", "Unassigned"), "due_date": vuln_data.get("due_date", ""), "risk_acceptance": vuln_data.get("risk_acceptance", False) } self.vulnerabilities.append(vulnerability) return vulnerability def generate_steganography_specific_vulns(self) -> List[Dict[str, Any]]: """Generate steganography-specific vulnerabilities""" stego_vulnerabilities = [ { "title": "SQL Injection in Image Analysis Endpoint", "category": "Injection", "endpoint": "/api/analyze", "description": "SQL injection vulnerability allows unauthorized data access and potential database manipulation through the image_id parameter.", "cvss_metrics": {"AV": "N", "AC": "L", "PR": "N", "UI": "N", "S": "C", "C": "H", "I": "H", "A": "L"}, "remediation": "Implement parameterized queries and input validation. Use prepared statements for all database operations.", "references": ["OWASP SQL Injection Prevention Cheat Sheet", "CWE-89"] }, { "title": "Malicious File Upload Bypass", "category": "File Upload", "endpoint": "/api/upload", "description": "File upload functionality allows execution of arbitrary code through insufficient file type validation.", "cvss_metrics": {"AV": "N", "AC": "L", "PR": "L", "UI": "N", "S": "C", "C": "H", "I": "H", "A": "H"}, "remediation": "Implement strict file type validation, scan uploaded files for malicious content, store files outside web root.", "references": ["OWASP File Upload Cheat Sheet", "CWE-434"] }, { "title": "Broken Access Control in Results Endpoint", "category": "Access Control", "endpoint": "/api/results", "description": "Users can access other users' steganography analysis results through ID enumeration.", "cvss_metrics": {"AV": "N", "AC": "L", "PR": "L", "UI": "N", "S": "U", "C": "H", "I": "N", "A": "N"}, "remediation": "Implement proper authorization checks for all resources. Use session-based access control.", "references": ["OWASP Access Control Cheat Sheet", "CWE-200"] }, { "title": "Server-Side Request Forgery (SSRF)", "category": "SSRF", "endpoint": "/api/process", "description": "Application can be tricked into making requests to internal network resources.", "cvss_metrics": {"AV": "N", "AC": "L", "PR": "L", "UI": "N", "S": "C", "C": "H", "I": "L", "A": "L"}, "remediation": "Validate and sanitize all URL parameters. Implement URL whitelist and block private IP ranges.", "references": ["OWASP SSRF Prevention Cheat Sheet", "CWE-918"] }, { "title": "Weak Cryptographic Implementation", "category": "Cryptographic Failures", "endpoint": "Multiple", "description": "MD5 used for password hashing and weak encryption for sensitive data storage.", "cvss_metrics": {"AV": "N", "AC": "L", "PR": "N", "UI": "N", "S": "U", "C": "H", "I": "N", "A": "N"}, "remediation": "Replace MD5 with bcrypt or Argon2 for password hashing. Use AES-256 for data encryption.", "references": ["OWASP Password Storage Cheat Sheet", "CWE-327"] }, { "title": "Cross-Site Scripting (XSS) in Results Display", "category": "XSS", "endpoint": "/api/results", "description": "Reflected XSS vulnerability allows execution of JavaScript in victim's browser.", "cvss_metrics": {"AV": "N", "AC": "L", "PR": "N", "UI": "R", "S": "C", "C": "L", "I": "L", "A": "N"}, "remediation": "Implement proper output encoding and Content Security Policy. Validate all user input.", "references": ["OWASP XSS Prevention Cheat Sheet", "CWE-79"] }, { "title": "Missing Security Headers", "category": "Security Misconfiguration", "endpoint": "All endpoints", "description": "Critical security headers missing, exposing application to various attacks.", "cvss_metrics": {"AV": "N", "AC": "L", "PR": "N", "UI": "N", "S": "U", "C": "L", "I": "L", "A": "N"}, "remediation": "Implement X-Frame-Options, CSP, HSTS, X-Content-Type-Options headers.", "references": ["OWASP Secure Headers Project", "CWE-693"] }, { "title": "Outdated Image Processing Library", "category": "Vulnerable Components", "endpoint": "Image processing modules", "description": "Vulnerable version of Pillow library exposes system to buffer overflow attacks.", "cvss_metrics": {"AV": "N", "AC": "L", "PR": "N", "UI": "N", "S": "U", "C": "H", "I": "H", "A": "H"}, "remediation": "Update Pillow library to latest version. Implement regular dependency scanning.", "references": ["CVE-2020-5313", "CWE-119"] }, { "title": "Weak Authentication Mechanism", "category": "Authentication Failures", "endpoint": "/auth/login", "description": "No account lockout mechanism allows brute force attacks on user accounts.", "cvss_metrics": {"AV": "N", "AC": "L", "PR": "N", "UI": "N", "S": "U", "C": "H", "I": "L", "A": "N"}, "remediation": "Implement account lockout after failed attempts. Add rate limiting and CAPTCHA.", "references": ["OWASP Authentication Cheat Sheet", "CWE-307"] }, { "title": "Insufficient Logging and Monitoring", "category": "Logging Failures", "endpoint": "System-wide", "description": "Security events not properly logged, making intrusion detection impossible.", "cvss_metrics": {"AV": "N", "AC": "L", "PR": "N", "UI": "N", "S": "U", "C": "N", "I": "N", "A": "N"}, "remediation": "Implement comprehensive logging for authentication, authorization, and security events.", "references": ["OWASP Logging Vocabulary Cheat Sheet", "CWE-778"] } ] return stego_vulnerabilities def generate_risk_matrix(self) -> Dict[str, Any]: """Generate risk assessment matrix""" # Categorize vulnerabilities by severity critical = [v for v in self.vulnerabilities if v["severity"] == "CRITICAL"] high = [v for v in self.vulnerabilities if v["severity"] == "HIGH"] medium = [v for v in self.vulnerabilities if v["severity"] == "MEDIUM"] low = [v for v in self.vulnerabilities if v["severity"] == "LOW"] # Calculate risk scores total_vulns = len(self.vulnerabilities) risk_score = (len(critical) * 9 + len(high) * 7 + len(medium) * 4 + len(low) * 1) / max(total_vulns, 1) return { "vulnerability_count": { "total": total_vulns, "critical": len(critical), "high": len(high), "medium": len(medium), "low": len(low) }, "overall_risk_score": round(risk_score, 2), "risk_level": self.cvss_calc.get_severity_rating(risk_score), "priority_order": { "immediate": [v["id"] for v in critical], "high_priority": [v["id"] for v in high], "medium_priority": [v["id"] for v in medium], "low_priority": [v["id"] for v in low] }, "affected_components": self._analyze_affected_components(), "attack_surface_analysis": self._analyze_attack_surface() } def _analyze_affected_components(self) -> Dict[str, Any]: """Analyze affected application components""" components = {} for vuln in self.vulnerabilities: endpoint = vuln["affected_endpoint"] if endpoint not in components: components[endpoint] = { "vulnerabilities": [], "highest_severity": "LOW", "total_risk": 0.0 } components[endpoint]["vulnerabilities"].append(vuln["id"]) # Update highest severity severity_order = ["CRITICAL", "HIGH", "MEDIUM", "LOW"] current_index = severity_order.index(components[endpoint]["highest_severity"]) vuln_index = severity_order.index(vuln["severity"]) if vuln_index < current_index: components[endpoint]["highest_severity"] = vuln["severity"] components[endpoint]["total_risk"] += vuln["cvss_base_score"] return components def _analyze_attack_surface(self) -> Dict[str, Any]: """Analyze attack surface by vulnerability category""" categories = {} for vuln in self.vulnerabilities: category = vuln["category"] if category not in categories: categories[category] = { "count": 0, "vulnerabilities": [], "average_cvss": 0.0, "highest_cvss": 0.0 } categories[category]["count"] += 1 categories[category]["vulnerabilities"].append(vuln["id"]) # Update CVSS scores if vuln["cvss_base_score"] > categories[category]["highest_cvss"]: categories[category]["highest_cvss"] = vuln["cvss_base_score"] # Calculate average total_score = sum(v["cvss_base_score"] for v in self.vulnerabilities if v["category"] == category) categories[category]["average_cvss"] = round(total_score / categories[category]["count"], 1) return categories def main(): """Generate comprehensive vulnerability matrix""" matrix = VulnerabilityMatrix() # Add steganography-specific vulnerabilities stego_vulns = matrix.generate_steganography_specific_vulns() for vuln_data in stego_vulns: matrix.add_vulnerability(vuln_data) # Generate risk matrix risk_matrix = matrix.generate_risk_matrix() # Compile final report vulnerability_report = { "report_metadata": { "timestamp": datetime.datetime.now().isoformat(), "target": "Project Starlight Steganography Detection System", "assessment_type": "Vulnerability Matrix with CVSS v3.1 Scoring", "total_vulnerabilities_assessed": len(matrix.vulnerabilities) }, "vulnerability_matrix": { "vulnerabilities": matrix.vulnerabilities, "risk_assessment": risk_matrix, "cvss_scoring_methodology": "CVSS v3.1 Base Score Calculation", "severity_distribution": { "critical_percentage": round((risk_matrix["vulnerability_count"]["critical"] / len(matrix.vulnerabilities)) * 100, 1), "high_percentage": round((risk_matrix["vulnerability_count"]["high"] / len(matrix.vulnerabilities)) * 100, 1), "medium_percentage": round((risk_matrix["vulnerability_count"]["medium"] / len(matrix.vulnerabilities)) * 100, 1), "low_percentage": round((risk_matrix["vulnerability_count"]["low"] / len(matrix.vulnerabilities)) * 100, 1) } }, "remediation_roadmap": { "immediate_actions": [ "Patch all CRITICAL vulnerabilities", "Implement input validation for injection prevention", "Fix broken access control mechanisms" ], "short_term_goals": [ "Address HIGH severity issues within 30 days", "Implement comprehensive security headers", "Update vulnerable third-party components" ], "long_term_improvements": [ "Establish secure development lifecycle", "Implement continuous security monitoring", "Regular security assessments and penetration testing" ] }, "compliance_mapping": { "OWASP_Top_10": ["A01", "A02", "A03", "A05", "A06", "A07"], "CWE_Top_25": ["CWE-89", "CWE-434", "CWE-200", "CWE-918", "CWE-327"], "NIST_Cybersecurity_Framework": ["PR.AC", "PR.DS", "PR.PT", "DE.CM", "RS.AN"] } } return vulnerability_report if __name__ == "__main__": report = main() print(json.dumps(report, indent=2))