cvss-suite 1.1.0 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
- data/.github/ISSUE_TEMPLATE/custom.md +7 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +17 -0
- data/.github/workflows/rspec.yml +23 -0
- data/.gitignore +1 -0
- data/.rubocop.yml +39 -1
- data/.rubocop_todo.yml +124 -0
- data/CHANGES.md +63 -2
- data/PULL_REQUEST_TEMPLATE.md +24 -0
- data/README.md +32 -9
- data/_config.yml +1 -0
- data/bin/console +3 -3
- data/cvss_suite.gemspec +14 -13
- data/lib/cvss_suite.rb +12 -6
- data/lib/cvss_suite/cvss.rb +85 -61
- data/lib/cvss_suite/cvss2/cvss2.rb +34 -26
- data/lib/cvss_suite/cvss2/cvss2_base.rb +70 -73
- data/lib/cvss_suite/cvss2/cvss2_environmental.rb +49 -50
- data/lib/cvss_suite/cvss2/cvss2_temporal.rb +41 -39
- data/lib/cvss_suite/cvss3/cvss3.rb +34 -26
- data/lib/cvss_suite/cvss3/cvss3_base.rb +64 -65
- data/lib/cvss_suite/cvss3/cvss3_environmental.rb +159 -107
- data/lib/cvss_suite/cvss3/cvss3_temporal.rb +42 -40
- data/lib/cvss_suite/cvss31/cvss31.rb +61 -0
- data/lib/cvss_suite/cvss31/cvss31_base.rb +94 -0
- data/lib/cvss_suite/cvss31/cvss31_environmental.rb +196 -0
- data/lib/cvss_suite/cvss31/cvss31_temporal.rb +59 -0
- data/lib/cvss_suite/cvss_metric.rb +31 -31
- data/lib/cvss_suite/cvss_property.rb +56 -54
- data/lib/cvss_suite/helpers/cvss31_helper.rb +27 -0
- data/lib/cvss_suite/helpers/cvss3_helper.rb +20 -13
- data/lib/cvss_suite/invalid_cvss.rb +31 -32
- data/lib/cvss_suite/version.rb +2 -2
- metadata +20 -25
- data/.travis.yml +0 -4
- data/lib/cvss_suite/helpers/extensions.rb +0 -32
@@ -11,43 +11,43 @@
|
|
11
11
|
##
|
12
12
|
# This class represents any CVSS metric.
|
13
13
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
14
|
+
module CvssSuite
|
15
|
+
class CvssMetric
|
16
|
+
##
|
17
|
+
# Creates a new CVSS metric by +properties+
|
18
|
+
|
19
|
+
def initialize(selected_properties)
|
20
|
+
@properties = []
|
21
|
+
init_properties
|
22
|
+
extract_selected_choices_from selected_properties
|
23
|
+
end
|
24
24
|
|
25
|
-
|
26
|
-
|
25
|
+
##
|
26
|
+
# Returns if the metric is valid.
|
27
27
|
|
28
|
-
|
29
|
-
|
30
|
-
|
28
|
+
def valid?
|
29
|
+
@properties.each do |property|
|
30
|
+
return false unless property.valid?
|
31
|
+
end
|
32
|
+
true
|
31
33
|
end
|
32
|
-
true
|
33
|
-
end
|
34
34
|
|
35
|
-
|
36
|
-
|
35
|
+
##
|
36
|
+
# Returns number of properties for this metric.
|
37
37
|
|
38
|
-
|
39
|
-
|
40
|
-
|
38
|
+
def count
|
39
|
+
@properties.count
|
40
|
+
end
|
41
41
|
|
42
|
-
|
42
|
+
private
|
43
43
|
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
44
|
+
def extract_selected_choices_from(selected_properties)
|
45
|
+
selected_properties.each do |selected_property|
|
46
|
+
property = @properties.detect do |p|
|
47
|
+
p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
|
48
|
+
end
|
49
|
+
property.set_selected_choice selected_property[:selected] unless property.nil?
|
50
|
+
end
|
50
51
|
end
|
51
52
|
end
|
52
|
-
|
53
|
-
end
|
53
|
+
end
|
@@ -11,75 +11,77 @@
|
|
11
11
|
##
|
12
12
|
# This class represents a CVSS property of a CVSS metric.
|
13
13
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
14
|
+
module CvssSuite
|
15
|
+
class CvssProperty
|
16
|
+
##
|
17
|
+
# Creates a new CVSS property by a +property+.
|
18
|
+
#
|
19
|
+
# +Property+ needs to consist of a name, a abbreviation,
|
20
|
+
# the possible positions in the CVSS vector, a weight, and the
|
21
|
+
# available choices for the property.
|
22
|
+
|
23
|
+
def initialize(property)
|
24
|
+
@property = property
|
25
|
+
@property[:default_choice] ||= 'Not Available'
|
26
|
+
end
|
26
27
|
|
27
|
-
|
28
|
-
|
28
|
+
##
|
29
|
+
# Returns the full name of the property.
|
29
30
|
|
30
|
-
|
31
|
-
|
32
|
-
|
31
|
+
def name
|
32
|
+
@property[:name]
|
33
|
+
end
|
33
34
|
|
34
|
-
|
35
|
-
|
35
|
+
##
|
36
|
+
# Returns the abbreviation of the property.
|
36
37
|
|
37
|
-
|
38
|
-
|
39
|
-
|
38
|
+
def abbreviation
|
39
|
+
@property[:abbreviation]
|
40
|
+
end
|
40
41
|
|
41
|
-
|
42
|
-
|
42
|
+
##
|
43
|
+
# Returns all available choices of the property.
|
43
44
|
|
44
|
-
|
45
|
-
|
46
|
-
|
45
|
+
def choices
|
46
|
+
@property[:choices]
|
47
|
+
end
|
47
48
|
|
48
|
-
|
49
|
-
|
49
|
+
##
|
50
|
+
# Returns the possible positions in the CVSS vector of the property.
|
50
51
|
|
51
|
-
|
52
|
-
|
53
|
-
|
52
|
+
def position
|
53
|
+
@property[:position]
|
54
|
+
end
|
54
55
|
|
55
|
-
|
56
|
-
|
56
|
+
##
|
57
|
+
# Returns the selected choice of the property.
|
57
58
|
|
58
|
-
|
59
|
-
|
60
|
-
|
59
|
+
def selected_choice
|
60
|
+
@selected_choice || @property[:default_choice]
|
61
|
+
end
|
61
62
|
|
62
|
-
|
63
|
-
|
63
|
+
##
|
64
|
+
# Returns true if the property is valid.
|
64
65
|
|
65
|
-
|
66
|
-
|
67
|
-
|
66
|
+
def valid?
|
67
|
+
!@selected_choice.nil?
|
68
|
+
end
|
68
69
|
|
69
|
-
|
70
|
-
|
70
|
+
##
|
71
|
+
# Returns the score of the selected choice.
|
71
72
|
|
72
|
-
|
73
|
-
|
74
|
-
|
73
|
+
def score
|
74
|
+
@selected_choice[:weight]
|
75
|
+
end
|
75
76
|
|
76
|
-
|
77
|
-
|
77
|
+
##
|
78
|
+
# Sets the selected choice by a +choice+.
|
78
79
|
|
79
|
-
|
80
|
-
|
81
|
-
|
80
|
+
def set_selected_choice(selected_choice)
|
81
|
+
choices.each do |choice|
|
82
|
+
choice[:selected] = selected_choice.eql?(choice[:abbreviation])
|
83
|
+
end
|
84
|
+
@selected_choice = choices.detect { |choice| choice[:selected] }
|
82
85
|
end
|
83
|
-
@selected_choice = choices.detect { |choice| choice[:selected] }
|
84
86
|
end
|
85
|
-
end
|
87
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
|
+
#
|
3
|
+
# Copyright (c) Siemens AG, 2016
|
4
|
+
#
|
5
|
+
# Authors:
|
6
|
+
# Oliver Hambörger <oliver.hamboerger@siemens.com>
|
7
|
+
#
|
8
|
+
# This work is licensed under the terms of the MIT license.
|
9
|
+
# See the LICENSE.md file in the top-level directory.
|
10
|
+
|
11
|
+
module CvssSuite
|
12
|
+
##
|
13
|
+
# This module includes methods which are used by the CVSS 3 classes.
|
14
|
+
module Cvss31Helper
|
15
|
+
##
|
16
|
+
# Since CVSS 3 all float values are rounded up, therefore this method is used
|
17
|
+
# instead of the mathematically correct method round().
|
18
|
+
def self.round_up(float)
|
19
|
+
output = (float * 100_000).round
|
20
|
+
if (output % 10_000).zero?
|
21
|
+
output / 100_000.0
|
22
|
+
else
|
23
|
+
((output / 10_000).floor + 1) / 10.0
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -11,19 +11,26 @@
|
|
11
11
|
##
|
12
12
|
# This module includes methods which are used by the CVSS 3 classes.
|
13
13
|
|
14
|
-
module
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
14
|
+
module CvssSuite
|
15
|
+
module Cvss3Helper
|
16
|
+
##
|
17
|
+
# Since CVSS 3 all float values are rounded up, therefore this method is used
|
18
|
+
# instead of the mathematically correct method round().
|
19
|
+
def self.round_up(float)
|
20
|
+
float.ceil(1).to_f
|
21
|
+
end
|
19
22
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
privilege_score =
|
23
|
+
##
|
24
|
+
# Since CVSS 3 the Privilege Required score depends on the selected choice of the Scope metric.
|
25
|
+
# This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score.
|
26
|
+
def self.privileges_required_score(privileges_required, scope)
|
27
|
+
changed = scope.selected_choice[:name] == 'Changed'
|
28
|
+
privilege_score = privileges_required.score
|
29
|
+
if changed
|
30
|
+
privilege_score = 0.68 if privileges_required.selected_choice[:name] == 'Low'
|
31
|
+
privilege_score = 0.50 if privileges_required.selected_choice[:name] == 'High'
|
32
|
+
end
|
33
|
+
privilege_score
|
26
34
|
end
|
27
|
-
privilege_score
|
28
35
|
end
|
29
|
-
end
|
36
|
+
end
|
@@ -11,47 +11,46 @@
|
|
11
11
|
# ##
|
12
12
|
# # This class represents a invalid CVSS vector.
|
13
13
|
|
14
|
-
|
14
|
+
module CvssSuite
|
15
|
+
class InvalidCvss < Cvss
|
16
|
+
##
|
17
|
+
# Creates a new invalid CVSS vector.
|
15
18
|
|
16
|
-
|
17
|
-
# Creates a new invalid CVSS vector.
|
19
|
+
def initialize; end
|
18
20
|
|
19
|
-
|
20
|
-
|
21
|
+
##
|
22
|
+
# Since this is an invalid CVSS vector, it always returns false.
|
21
23
|
|
22
|
-
|
23
|
-
|
24
|
+
def valid?
|
25
|
+
false
|
26
|
+
end
|
24
27
|
|
25
|
-
|
26
|
-
|
27
|
-
end
|
28
|
+
##
|
29
|
+
# Since this is an invalid CVSS vector, it always throws an exception.
|
28
30
|
|
29
|
-
|
30
|
-
|
31
|
+
def version
|
32
|
+
check_validity
|
33
|
+
end
|
31
34
|
|
32
|
-
|
33
|
-
|
34
|
-
end
|
35
|
+
##
|
36
|
+
# Since this is an invalid CVSS vector, it always throws an exception.
|
35
37
|
|
36
|
-
|
37
|
-
|
38
|
+
def base_score
|
39
|
+
check_validity
|
40
|
+
end
|
38
41
|
|
39
|
-
|
40
|
-
|
41
|
-
end
|
42
|
+
##
|
43
|
+
# Since this is an invalid CVSS vector, it always throws an exception.
|
42
44
|
|
43
|
-
|
44
|
-
|
45
|
+
def temporal_score
|
46
|
+
check_validity
|
47
|
+
end
|
45
48
|
|
46
|
-
|
47
|
-
|
48
|
-
end
|
49
|
-
|
50
|
-
##
|
51
|
-
# Since this is an invalid CVSS vector, it always throws an exception.
|
49
|
+
##
|
50
|
+
# Since this is an invalid CVSS vector, it always throws an exception.
|
52
51
|
|
53
|
-
|
54
|
-
|
52
|
+
def environmental_score
|
53
|
+
check_validity
|
54
|
+
end
|
55
55
|
end
|
56
|
-
|
57
|
-
end
|
56
|
+
end
|
data/lib/cvss_suite/version.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) Siemens AG,
|
3
|
+
# Copyright (c) Siemens AG, 2019
|
4
4
|
#
|
5
5
|
# Authors:
|
6
6
|
# Oliver Hambörger <oliver.hamboerger@siemens.com>
|
@@ -9,5 +9,5 @@
|
|
9
9
|
# See the LICENSE.md file in the top-level directory.
|
10
10
|
|
11
11
|
module CvssSuite
|
12
|
-
VERSION =
|
12
|
+
VERSION = '1.2.2'
|
13
13
|
end
|
metadata
CHANGED
@@ -1,27 +1,27 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cvss-suite
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oliver Hamboerger
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-07-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '1.10'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '1.10'
|
27
27
|
- !ruby/object:Gem::Dependency
|
@@ -52,34 +52,20 @@ dependencies:
|
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '1.2'
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: rdoc
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - "~>"
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: '4.2'
|
62
|
-
type: :development
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - "~>"
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: '4.2'
|
69
55
|
- !ruby/object:Gem::Dependency
|
70
56
|
name: simplecov
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
72
58
|
requirements:
|
73
59
|
- - "~>"
|
74
60
|
- !ruby/object:Gem::Version
|
75
|
-
version: 0.11
|
61
|
+
version: '0.11'
|
76
62
|
type: :development
|
77
63
|
prerelease: false
|
78
64
|
version_requirements: !ruby/object:Gem::Requirement
|
79
65
|
requirements:
|
80
66
|
- - "~>"
|
81
67
|
- !ruby/object:Gem::Version
|
82
|
-
version: 0.11
|
68
|
+
version: '0.11'
|
83
69
|
description: |-
|
84
70
|
This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
|
85
71
|
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
|
@@ -89,15 +75,21 @@ executables: []
|
|
89
75
|
extensions: []
|
90
76
|
extra_rdoc_files: []
|
91
77
|
files:
|
78
|
+
- ".github/ISSUE_TEMPLATE/bug_report.md"
|
79
|
+
- ".github/ISSUE_TEMPLATE/custom.md"
|
80
|
+
- ".github/ISSUE_TEMPLATE/feature_request.md"
|
81
|
+
- ".github/workflows/rspec.yml"
|
92
82
|
- ".gitignore"
|
93
83
|
- ".rspec"
|
94
84
|
- ".rubocop.yml"
|
95
|
-
- ".
|
85
|
+
- ".rubocop_todo.yml"
|
96
86
|
- CHANGES.md
|
97
87
|
- CODE_OF_CONDUCT.md
|
98
88
|
- Gemfile
|
99
89
|
- LICENSE.md
|
90
|
+
- PULL_REQUEST_TEMPLATE.md
|
100
91
|
- README.md
|
92
|
+
- _config.yml
|
101
93
|
- bin/console
|
102
94
|
- bin/setup
|
103
95
|
- cvss_suite.gemspec
|
@@ -111,11 +103,15 @@ files:
|
|
111
103
|
- lib/cvss_suite/cvss3/cvss3_base.rb
|
112
104
|
- lib/cvss_suite/cvss3/cvss3_environmental.rb
|
113
105
|
- lib/cvss_suite/cvss3/cvss3_temporal.rb
|
106
|
+
- lib/cvss_suite/cvss31/cvss31.rb
|
107
|
+
- lib/cvss_suite/cvss31/cvss31_base.rb
|
108
|
+
- lib/cvss_suite/cvss31/cvss31_environmental.rb
|
109
|
+
- lib/cvss_suite/cvss31/cvss31_temporal.rb
|
114
110
|
- lib/cvss_suite/cvss_metric.rb
|
115
111
|
- lib/cvss_suite/cvss_property.rb
|
116
112
|
- lib/cvss_suite/errors.rb
|
113
|
+
- lib/cvss_suite/helpers/cvss31_helper.rb
|
117
114
|
- lib/cvss_suite/helpers/cvss3_helper.rb
|
118
|
-
- lib/cvss_suite/helpers/extensions.rb
|
119
115
|
- lib/cvss_suite/invalid_cvss.rb
|
120
116
|
- lib/cvss_suite/version.rb
|
121
117
|
homepage: https://siemens.github.io/cvss-suite/
|
@@ -130,15 +126,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
130
126
|
requirements:
|
131
127
|
- - ">="
|
132
128
|
- !ruby/object:Gem::Version
|
133
|
-
version:
|
129
|
+
version: 2.0.0
|
134
130
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
135
131
|
requirements:
|
136
132
|
- - ">="
|
137
133
|
- !ruby/object:Gem::Version
|
138
134
|
version: '0'
|
139
135
|
requirements: []
|
140
|
-
|
141
|
-
rubygems_version: 2.5.1
|
136
|
+
rubygems_version: 3.0.3
|
142
137
|
signing_key:
|
143
138
|
specification_version: 4
|
144
139
|
summary: Ruby gem for processing cvss vectors.
|