cvss-suite 1.1.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. checksums.yaml +5 -5
  2. data/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
  3. data/.github/ISSUE_TEMPLATE/custom.md +7 -0
  4. data/.github/ISSUE_TEMPLATE/feature_request.md +17 -0
  5. data/.github/workflows/rspec.yml +23 -0
  6. data/.gitignore +1 -0
  7. data/.rubocop.yml +39 -1
  8. data/.rubocop_todo.yml +124 -0
  9. data/CHANGES.md +63 -2
  10. data/PULL_REQUEST_TEMPLATE.md +24 -0
  11. data/README.md +32 -9
  12. data/_config.yml +1 -0
  13. data/bin/console +3 -3
  14. data/cvss_suite.gemspec +14 -13
  15. data/lib/cvss_suite.rb +12 -6
  16. data/lib/cvss_suite/cvss.rb +85 -61
  17. data/lib/cvss_suite/cvss2/cvss2.rb +34 -26
  18. data/lib/cvss_suite/cvss2/cvss2_base.rb +70 -73
  19. data/lib/cvss_suite/cvss2/cvss2_environmental.rb +49 -50
  20. data/lib/cvss_suite/cvss2/cvss2_temporal.rb +41 -39
  21. data/lib/cvss_suite/cvss3/cvss3.rb +34 -26
  22. data/lib/cvss_suite/cvss3/cvss3_base.rb +64 -65
  23. data/lib/cvss_suite/cvss3/cvss3_environmental.rb +159 -107
  24. data/lib/cvss_suite/cvss3/cvss3_temporal.rb +42 -40
  25. data/lib/cvss_suite/cvss31/cvss31.rb +61 -0
  26. data/lib/cvss_suite/cvss31/cvss31_base.rb +94 -0
  27. data/lib/cvss_suite/cvss31/cvss31_environmental.rb +196 -0
  28. data/lib/cvss_suite/cvss31/cvss31_temporal.rb +59 -0
  29. data/lib/cvss_suite/cvss_metric.rb +31 -31
  30. data/lib/cvss_suite/cvss_property.rb +56 -54
  31. data/lib/cvss_suite/helpers/cvss31_helper.rb +27 -0
  32. data/lib/cvss_suite/helpers/cvss3_helper.rb +20 -13
  33. data/lib/cvss_suite/invalid_cvss.rb +31 -32
  34. data/lib/cvss_suite/version.rb +2 -2
  35. metadata +20 -25
  36. data/.travis.yml +0 -4
  37. data/lib/cvss_suite/helpers/extensions.rb +0 -32
@@ -11,43 +11,43 @@
11
11
  ##
12
12
  # This class represents any CVSS metric.
13
13
 
14
- class CvssMetric
15
-
16
- ##
17
- # Creates a new CVSS metric by +properties+
18
-
19
- def initialize(selected_properties)
20
- @properties = []
21
- init_properties
22
- extract_selected_choices_from selected_properties
23
- end
14
+ module CvssSuite
15
+ class CvssMetric
16
+ ##
17
+ # Creates a new CVSS metric by +properties+
18
+
19
+ def initialize(selected_properties)
20
+ @properties = []
21
+ init_properties
22
+ extract_selected_choices_from selected_properties
23
+ end
24
24
 
25
- ##
26
- # Returns if the metric is valid.
25
+ ##
26
+ # Returns if the metric is valid.
27
27
 
28
- def valid?
29
- @properties.each do |property|
30
- return false unless property.valid?
28
+ def valid?
29
+ @properties.each do |property|
30
+ return false unless property.valid?
31
+ end
32
+ true
31
33
  end
32
- true
33
- end
34
34
 
35
- ##
36
- # Returns number of properties for this metric.
35
+ ##
36
+ # Returns number of properties for this metric.
37
37
 
38
- def count
39
- @properties.count
40
- end
38
+ def count
39
+ @properties.count
40
+ end
41
41
 
42
- private
42
+ private
43
43
 
44
- def extract_selected_choices_from(selected_properties)
45
- selected_properties.each do |selected_property|
46
- property = @properties.detect {
47
- |p| p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
48
- }
49
- property.set_selected_choice selected_property[:selected] unless property.nil?
44
+ def extract_selected_choices_from(selected_properties)
45
+ selected_properties.each do |selected_property|
46
+ property = @properties.detect do |p|
47
+ p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
48
+ end
49
+ property.set_selected_choice selected_property[:selected] unless property.nil?
50
+ end
50
51
  end
51
52
  end
52
-
53
- end
53
+ end
@@ -11,75 +11,77 @@
11
11
  ##
12
12
  # This class represents a CVSS property of a CVSS metric.
13
13
 
14
- class CvssProperty
15
-
16
- ##
17
- # Creates a new CVSS property by a +property+.
18
- #
19
- # +Property+ needs to consist of a name, a abbreviation, the possible positions in the CVSS vector, a weight, and the
20
- # available choices for the property.
21
-
22
- def initialize(property)
23
- @property = property
24
- @property[:default_choice] ||= 'Not Available'
25
- end
14
+ module CvssSuite
15
+ class CvssProperty
16
+ ##
17
+ # Creates a new CVSS property by a +property+.
18
+ #
19
+ # +Property+ needs to consist of a name, a abbreviation,
20
+ # the possible positions in the CVSS vector, a weight, and the
21
+ # available choices for the property.
22
+
23
+ def initialize(property)
24
+ @property = property
25
+ @property[:default_choice] ||= 'Not Available'
26
+ end
26
27
 
27
- ##
28
- # Returns the full name of the property.
28
+ ##
29
+ # Returns the full name of the property.
29
30
 
30
- def name
31
- @property[:name]
32
- end
31
+ def name
32
+ @property[:name]
33
+ end
33
34
 
34
- ##
35
- # Returns the abbreviation of the property.
35
+ ##
36
+ # Returns the abbreviation of the property.
36
37
 
37
- def abbreviation
38
- @property[:abbreviation]
39
- end
38
+ def abbreviation
39
+ @property[:abbreviation]
40
+ end
40
41
 
41
- ##
42
- # Returns all available choices of the property.
42
+ ##
43
+ # Returns all available choices of the property.
43
44
 
44
- def choices
45
- @property[:choices]
46
- end
45
+ def choices
46
+ @property[:choices]
47
+ end
47
48
 
48
- ##
49
- # Returns the possible positions in the CVSS vector of the property.
49
+ ##
50
+ # Returns the possible positions in the CVSS vector of the property.
50
51
 
51
- def position
52
- @property[:position]
53
- end
52
+ def position
53
+ @property[:position]
54
+ end
54
55
 
55
- ##
56
- # Returns the selected choice of the property.
56
+ ##
57
+ # Returns the selected choice of the property.
57
58
 
58
- def selected_choice
59
- @selected_choice || @property[:default_choice]
60
- end
59
+ def selected_choice
60
+ @selected_choice || @property[:default_choice]
61
+ end
61
62
 
62
- ##
63
- # Returns true if the property is valid.
63
+ ##
64
+ # Returns true if the property is valid.
64
65
 
65
- def valid?
66
- !@selected_choice.nil?
67
- end
66
+ def valid?
67
+ !@selected_choice.nil?
68
+ end
68
69
 
69
- ##
70
- # Returns the score of the selected choice.
70
+ ##
71
+ # Returns the score of the selected choice.
71
72
 
72
- def score
73
- @selected_choice[:weight]
74
- end
73
+ def score
74
+ @selected_choice[:weight]
75
+ end
75
76
 
76
- ##
77
- # Sets the selected choice by a +choice+.
77
+ ##
78
+ # Sets the selected choice by a +choice+.
78
79
 
79
- def set_selected_choice(selected_choice)
80
- choices.each do |choice|
81
- choice[:selected] = selected_choice.eql?(choice[:abbreviation])
80
+ def set_selected_choice(selected_choice)
81
+ choices.each do |choice|
82
+ choice[:selected] = selected_choice.eql?(choice[:abbreviation])
83
+ end
84
+ @selected_choice = choices.detect { |choice| choice[:selected] }
82
85
  end
83
- @selected_choice = choices.detect { |choice| choice[:selected] }
84
86
  end
85
- end
87
+ end
@@ -0,0 +1,27 @@
1
+ # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
+ #
3
+ # Copyright (c) Siemens AG, 2016
4
+ #
5
+ # Authors:
6
+ # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ #
8
+ # This work is licensed under the terms of the MIT license.
9
+ # See the LICENSE.md file in the top-level directory.
10
+
11
+ module CvssSuite
12
+ ##
13
+ # This module includes methods which are used by the CVSS 3 classes.
14
+ module Cvss31Helper
15
+ ##
16
+ # Since CVSS 3 all float values are rounded up, therefore this method is used
17
+ # instead of the mathematically correct method round().
18
+ def self.round_up(float)
19
+ output = (float * 100_000).round
20
+ if (output % 10_000).zero?
21
+ output / 100_000.0
22
+ else
23
+ ((output / 10_000).floor + 1) / 10.0
24
+ end
25
+ end
26
+ end
27
+ end
@@ -11,19 +11,26 @@
11
11
  ##
12
12
  # This module includes methods which are used by the CVSS 3 classes.
13
13
 
14
- module Cvss3Helper
15
-
16
- ##
17
- # Since CVSS 3 the Privilege Required score depends on the selected choice of the Scope metric.
18
- # This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score.
14
+ module CvssSuite
15
+ module Cvss3Helper
16
+ ##
17
+ # Since CVSS 3 all float values are rounded up, therefore this method is used
18
+ # instead of the mathematically correct method round().
19
+ def self.round_up(float)
20
+ float.ceil(1).to_f
21
+ end
19
22
 
20
- def self.privileges_required_score(privileges_required, scope)
21
- changed = scope.selected_choice[:name] == 'Changed'
22
- privilege_score = privileges_required.score
23
- if changed
24
- privilege_score = 0.68 if privileges_required.selected_choice[:name] == 'Low'
25
- privilege_score = 0.50 if privileges_required.selected_choice[:name] == 'High'
23
+ ##
24
+ # Since CVSS 3 the Privilege Required score depends on the selected choice of the Scope metric.
25
+ # This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score.
26
+ def self.privileges_required_score(privileges_required, scope)
27
+ changed = scope.selected_choice[:name] == 'Changed'
28
+ privilege_score = privileges_required.score
29
+ if changed
30
+ privilege_score = 0.68 if privileges_required.selected_choice[:name] == 'Low'
31
+ privilege_score = 0.50 if privileges_required.selected_choice[:name] == 'High'
32
+ end
33
+ privilege_score
26
34
  end
27
- privilege_score
28
35
  end
29
- end
36
+ end
@@ -11,47 +11,46 @@
11
11
  # ##
12
12
  # # This class represents a invalid CVSS vector.
13
13
 
14
- class InvalidCvss < Cvss
14
+ module CvssSuite
15
+ class InvalidCvss < Cvss
16
+ ##
17
+ # Creates a new invalid CVSS vector.
15
18
 
16
- ##
17
- # Creates a new invalid CVSS vector.
19
+ def initialize; end
18
20
 
19
- def initialize
20
- end
21
+ ##
22
+ # Since this is an invalid CVSS vector, it always returns false.
21
23
 
22
- ##
23
- # Since this is an invalid CVSS vector, it always returns false.
24
+ def valid?
25
+ false
26
+ end
24
27
 
25
- def valid?
26
- false
27
- end
28
+ ##
29
+ # Since this is an invalid CVSS vector, it always throws an exception.
28
30
 
29
- ##
30
- # Since this is an invalid CVSS vector, it always throws an exception.
31
+ def version
32
+ check_validity
33
+ end
31
34
 
32
- def version
33
- check_validity
34
- end
35
+ ##
36
+ # Since this is an invalid CVSS vector, it always throws an exception.
35
37
 
36
- ##
37
- # Since this is an invalid CVSS vector, it always throws an exception.
38
+ def base_score
39
+ check_validity
40
+ end
38
41
 
39
- def base_score
40
- check_validity
41
- end
42
+ ##
43
+ # Since this is an invalid CVSS vector, it always throws an exception.
42
44
 
43
- ##
44
- # Since this is an invalid CVSS vector, it always throws an exception.
45
+ def temporal_score
46
+ check_validity
47
+ end
45
48
 
46
- def temporal_score
47
- check_validity
48
- end
49
-
50
- ##
51
- # Since this is an invalid CVSS vector, it always throws an exception.
49
+ ##
50
+ # Since this is an invalid CVSS vector, it always throws an exception.
52
51
 
53
- def environmental_score
54
- check_validity
52
+ def environmental_score
53
+ check_validity
54
+ end
55
55
  end
56
-
57
- end
56
+ end
@@ -1,6 +1,6 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) Siemens AG, 2016
3
+ # Copyright (c) Siemens AG, 2019
4
4
  #
5
5
  # Authors:
6
6
  # Oliver Hambörger <oliver.hamboerger@siemens.com>
@@ -9,5 +9,5 @@
9
9
  # See the LICENSE.md file in the top-level directory.
10
10
 
11
11
  module CvssSuite
12
- VERSION = "1.1.0"
12
+ VERSION = '1.2.2'
13
13
  end
metadata CHANGED
@@ -1,27 +1,27 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cvss-suite
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oliver Hamboerger
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-10-17 00:00:00.000000000 Z
11
+ date: 2020-07-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
19
  version: '1.10'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
26
  version: '1.10'
27
27
  - !ruby/object:Gem::Dependency
@@ -52,34 +52,20 @@ dependencies:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '1.2'
55
- - !ruby/object:Gem::Dependency
56
- name: rdoc
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - "~>"
60
- - !ruby/object:Gem::Version
61
- version: '4.2'
62
- type: :development
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - "~>"
67
- - !ruby/object:Gem::Version
68
- version: '4.2'
69
55
  - !ruby/object:Gem::Dependency
70
56
  name: simplecov
71
57
  requirement: !ruby/object:Gem::Requirement
72
58
  requirements:
73
59
  - - "~>"
74
60
  - !ruby/object:Gem::Version
75
- version: 0.11.2
61
+ version: '0.11'
76
62
  type: :development
77
63
  prerelease: false
78
64
  version_requirements: !ruby/object:Gem::Requirement
79
65
  requirements:
80
66
  - - "~>"
81
67
  - !ruby/object:Gem::Version
82
- version: 0.11.2
68
+ version: '0.11'
83
69
  description: |-
84
70
  This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
85
71
  Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
@@ -89,15 +75,21 @@ executables: []
89
75
  extensions: []
90
76
  extra_rdoc_files: []
91
77
  files:
78
+ - ".github/ISSUE_TEMPLATE/bug_report.md"
79
+ - ".github/ISSUE_TEMPLATE/custom.md"
80
+ - ".github/ISSUE_TEMPLATE/feature_request.md"
81
+ - ".github/workflows/rspec.yml"
92
82
  - ".gitignore"
93
83
  - ".rspec"
94
84
  - ".rubocop.yml"
95
- - ".travis.yml"
85
+ - ".rubocop_todo.yml"
96
86
  - CHANGES.md
97
87
  - CODE_OF_CONDUCT.md
98
88
  - Gemfile
99
89
  - LICENSE.md
90
+ - PULL_REQUEST_TEMPLATE.md
100
91
  - README.md
92
+ - _config.yml
101
93
  - bin/console
102
94
  - bin/setup
103
95
  - cvss_suite.gemspec
@@ -111,11 +103,15 @@ files:
111
103
  - lib/cvss_suite/cvss3/cvss3_base.rb
112
104
  - lib/cvss_suite/cvss3/cvss3_environmental.rb
113
105
  - lib/cvss_suite/cvss3/cvss3_temporal.rb
106
+ - lib/cvss_suite/cvss31/cvss31.rb
107
+ - lib/cvss_suite/cvss31/cvss31_base.rb
108
+ - lib/cvss_suite/cvss31/cvss31_environmental.rb
109
+ - lib/cvss_suite/cvss31/cvss31_temporal.rb
114
110
  - lib/cvss_suite/cvss_metric.rb
115
111
  - lib/cvss_suite/cvss_property.rb
116
112
  - lib/cvss_suite/errors.rb
113
+ - lib/cvss_suite/helpers/cvss31_helper.rb
117
114
  - lib/cvss_suite/helpers/cvss3_helper.rb
118
- - lib/cvss_suite/helpers/extensions.rb
119
115
  - lib/cvss_suite/invalid_cvss.rb
120
116
  - lib/cvss_suite/version.rb
121
117
  homepage: https://siemens.github.io/cvss-suite/
@@ -130,15 +126,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
130
126
  requirements:
131
127
  - - ">="
132
128
  - !ruby/object:Gem::Version
133
- version: '0'
129
+ version: 2.0.0
134
130
  required_rubygems_version: !ruby/object:Gem::Requirement
135
131
  requirements:
136
132
  - - ">="
137
133
  - !ruby/object:Gem::Version
138
134
  version: '0'
139
135
  requirements: []
140
- rubyforge_project:
141
- rubygems_version: 2.5.1
136
+ rubygems_version: 3.0.3
142
137
  signing_key:
143
138
  specification_version: 4
144
139
  summary: Ruby gem for processing cvss vectors.