cvss-suite 1.1.1 → 1.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 67b9524624c103f1410747cc5601fc6c51bdaeb3
-  data.tar.gz: 92eb12a5d7266cdfcef91ee3d6090d59d493b8c8
+SHA256:
+  metadata.gz: '09094d21733286857b9b006672aa297d88858737f58656b2b48627d23bce3e69'
+  data.tar.gz: 524220ad72a9e052adc3742d3b32d1df3d66f0f5bf0a0c8cfd83265bf5e58d09
 SHA512:
-  metadata.gz: c575ffb21ee0c1742911641921e3d661bbe421e77cb073080281b98bc2133fe8aaab4ac5ab521455a9253794a91a58d71ebdeddaa7ce70127e718856f0cfa0b3
-  data.tar.gz: af23d1944795b0eb5eb4172ad742199f9f8aefc22cf17563c61e22ac6883848aa38d7564896ed84d2360e4becec28ca9abe84c71cb714ac933e511e2e302c392
+  metadata.gz: 9d871c1e5397598c1261c293524abee855f5c925e62c1e57aeb07473c7ec00c4c98c7ec146623b3a1e9737d0a0016a33098ac539c872762c88502f123501c69e
+  data.tar.gz: 3fed8bb40cab71f344a6bd339b50c75120942595ffbed2e4b4f0d534ef778ac0619681e648c95a74fac59615a748dd8a94931f0934744948a20ce7306b050e17

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,21 @@
+---
+name: Bug report
+about: Create a report to help us improve
+
+---
+
+### Subject of the issue
+Describe your issue here.
+
+### Your environment
+* version of cvss-suite gem
+* version of ruby
+
+### Steps to reproduce
+Tell us how to reproduce this issue. Please provide a working demo.
+
+### Expected behaviour
+Tell us what should happen.
+
+### Actual behaviour
+Tell us what happens instead.

data/.github/ISSUE_TEMPLATE/custom.md

@@ -0,0 +1,7 @@
+---
+name: Custom issue template
+about: Describe this issue template's purpose here.
+
+---
+
+

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

data/.github/workflows/rspec.yml

@@ -0,0 +1,23 @@
+name: RSpec
+
+on: [push,pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby: [ '2.4', '2.5', '2.6', '2.7' ]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up ${{ matrix.ruby }}
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: Build
+      run: |
+        gem install bundler -v ">= 1.10"
+        bundle install --jobs 4 --retry 3
+    - name: Run tests
+      run: bundle exec rspec spec

data/.gitignore

@@ -10,3 +10,4 @@
 /tmp/
 .idea/
 /*.gem
+.ruby-version

data/.rubocop.yml

@@ -1,2 +1,40 @@
+inherit_from: .rubocop_todo.yml
+
 Metrics/LineLength:
-  Max: 120
+  Max: 120
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Metrics/ClassLength:
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Metrics/MethodLength:
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/cvss3/cvss3_spec.rb'
+    - 'spec/cvss31/cvss31_spec.rb'
+
+Style/IfUnlessModifier:
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Style/GuardClause:
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Style/ConditionalAssignment:
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Style/FrozenStringLiteralComment:
+  Enabled: false

data/.rubocop_todo.yml

@@ -0,0 +1,124 @@
+# `rubocop --auto-gen-config`
+# on 2020-05-05 17:47:10 +0200 using RuboCop version 0.82.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+Lint/IneffectiveAccessModifier:
+  Exclude:
+    - 'lib/cvss_suite.rb'
+
+# Offense count: 1
+# Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
+Lint/UselessAccessModifier:
+  Exclude:
+    - 'lib/cvss_suite.rb'
+
+# Offense count: 3
+Lint/UselessAssignment:
+  Exclude:
+    - 'lib/cvss_suite/cvss.rb'
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+# Offense count: 8
+# Configuration parameters: IgnoredMethods.
+Metrics/AbcSize:
+  Max: 35
+
+# Offense count: 5
+# Configuration parameters: CountComments, ExcludedMethods.
+# ExcludedMethods: refine
+Metrics/BlockLength:
+  Max: 50
+
+# Offense count: 2
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 102
+
+# Offense count: 2
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 101
+
+# Offense count: 1
+# Configuration parameters: IgnoredMethods.
+Metrics/CyclomaticComplexity:
+  Max: 9
+
+# Offense count: 13
+# Configuration parameters: CountComments, ExcludedMethods.
+Metrics/MethodLength:
+  Max: 63
+
+# Offense count: 1
+# Configuration parameters: CountKeywordArgs.
+Metrics/ParameterLists:
+  Max: 6
+
+# Offense count: 1
+# Configuration parameters: IgnoredMethods.
+Metrics/PerceivedComplexity:
+  Max: 10
+
+# Offense count: 1
+Naming/AccessorMethodName:
+  Exclude:
+    - 'lib/cvss_suite/cvss_property.rb'
+
+# Offense count: 31
+# Configuration parameters: AllowedChars.
+Style/AsciiComments:
+  Enabled: false
+
+# Offense count: 20
+Style/Documentation:
+  Enabled: false
+
+# Offense count: 2
+# Configuration parameters: MinBodyLength.
+Style/GuardClause:
+  Exclude:
+    - 'lib/cvss_suite/helpers/extensions.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/IfUnlessModifier:
+  Exclude:
+    - 'lib/cvss_suite.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: literals, strict
+Style/MutableConstant:
+  Exclude:
+    - 'lib/cvss_suite.rb'
+    - 'lib/cvss_suite/version.rb'
+
+# Offense count: 8
+# Cop supports --auto-correct.
+# Configuration parameters: Strict.
+Style/NumericLiterals:
+  MinDigits: 7
+
+# Offense count: 3
+# Cop supports --auto-correct.
+# Configuration parameters: AutoCorrect, EnforcedStyle, IgnoredMethods.
+# SupportedStyles: predicate, comparison
+Style/NumericPredicate:
+  Exclude:
+    - 'spec/**/*'
+    - 'lib/cvss_suite/cvss2/cvss2_base.rb'
+    - 'lib/cvss_suite/helpers/extensions.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods.
+# AllowedMethods: present?, blank?, presence, try, try!
+Style/SafeNavigation:
+  Exclude:
+    - 'lib/cvss_suite/cvss_metric.rb'

data/CHANGES.md

@@ -2,6 +2,68 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.2.3] - 2020-12-05
+
+### Fixes
+* CVSS v2 now returns the correct severity values based on NVD recommendation
+* CVSS v2 now supports vectors which are enclosed in parenthesis e.g. (AV:N/AC:L/Au:N/C:P/I:P/A:P)
+
+## [1.2.2] - 2020-07-19
+
+### Fixes
+Fixed an error that resulted in incorrect environmental score if modified attributes were not defined.
+
+## [1.2.1] - 2020-05-10
+
+### Improvements
+* Added CvssSuite module to every class (thanks to @fwininger)
+* Removed override for integer and float (thanks to @fwininger)
+* Added rubocop to development environment (thanks to @fwininger)
+
+### Notes
+Adding CvssSuite module everywhere means it’s no longer possible to access a class without it. Since this only affects the undocumented and ‚internal‘ classes this should not affect you. If you’re using them, stop it.
+
+Still works:
+
+```ruby
+cvss = CvssSuite.new('string')
+```
+
+Won’t work anymore (without any code change):
+
+```ruby
+cvss = Cvss31.new('string')
+```
+
+This would need to be CvssSuite::Cvss31.new('string') to work. Or you could include the whole namespace.
+
+## [1.2.0] - 2019-07-02
+
+### Notes
+Because version 2.0 of this gem will include breaking changes, please make sure to include this gem in your gemfile as shown below to not automatically update to version 2.0.
+
+```ruby
+gem 'cvss-suite', '~> 1.2'
+```
+
+### Improvements
+* Added Severity
+* Added CVSS 3.1
+* CVSS 3.0 vectors now return 3.0 instead of 3 as version
+
+### Changes in CVSS 3.1 [Source] (https://www.first.org/cvss/v3.1/user-guide)
+* The Temporal Score for all vulnerabilities which have a Base Score of 2.5, 5.0 or 10.0, Exploit Code Maturity (E) of High (H), Remediation Level (RL) of Unavailable (U) and Report Confidence (RC) of Unknown (U) is 0.1 lower in CVSS v3.1 than for 3.0.
+* Some combinations of metrics have Environmental Scores that differ when scored with CVSS v3.1 rather than v3.0. This is due to a combination of the redefinition of Roundup and the change to the ModifiedImpact sub-formula. Less than 7% of metric combinations are 0.1 higher in CVSS v3.1 than v3.0, and less than 1% are 0.1 lower. No Environmental Scores differ by more than 0.1.
+* Other implementations of the CVSS formulas may see different scoring changes between CVSS v3.0 and v3.1 if they previously generated different CVSS v3.0 scores due to the problems that the CVSS v3.1 formula changes are intended to fix.
+
+## [1.1.2] - 2018-12-28
+
+### Fixes
+Replaced Fixnum by Integer to improve compatibility with newer versions of Ruby.
+
+### Improvements
+Added example for CVSS v3 to README.
+
 ## [1.1.1] - 2018-10-18
 
 ### Fixes

data/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,24 @@
+## Proposed changes
+
+Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request. If it fixes a bug or resolves a feature request, be sure to link to that issue.
+
+## Types of changes
+
+What types of changes does your code introduce to CvssSuite?
+_Put an `x` in the boxes that apply_
+
+- [ ] Bugfix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+
+## Checklist
+
+_Put an `x` in the boxes that apply. You can also fill these out after creating the PR._
+
+- [ ] Unit tests pass locally with my changes
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] I have added necessary documentation (if appropriate)
+
+## Further comments
+
+If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

data/README.md

@@ -1,13 +1,20 @@
-# CvssSuite
+# CvssSuite for Ruby
 
 [![Gem Version](http://img.shields.io/gem/v/cvss-suite.svg)](https://rubygems.org/gems/cvss-suite)
 [![Ruby Version](https://img.shields.io/badge/Ruby-2.x-brightgreen.svg)](https://rubygems.org/gems/cvss-suite)
-[![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/cvss-v2-guide.pdf)
-[![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/cvss-v3-guide.pdf)
+[![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/v2/guide)
+[![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/v3.0/user-guide)
+[![Cvss Support](https://img.shields.io/badge/CVSS-v3.1-brightgreen.svg)](https://www.first.org/cvss/v3.1/user-guide)
+![RSpec](https://github.com/siemens/cvss-suite/workflows/RSpec/badge.svg)
 
 This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
 Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
 
+## :warning: End of life :warning:
+
+This version of the gem is no longer supported, please update to a higher version.
+Please read the [changelog of 2.0.0](https://github.com/siemens/cvss-suite/blob/master/CHANGES.md#200---2020-05-10) for breaking changes.
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -29,11 +36,26 @@ Or install it yourself as:
 ```ruby
 require 'cvss_suite'
 
+cvss3 = CvssSuite.new('CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H')
+
+vector = cvss3.vector       # 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H'
+version = cvss3.version     # 3.0
+valid = cvss3.valid?        # true
+severity = cvss3.severity   # 'High'
+
+cvss31 = CvssSuite.new('CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H/E:H/RL:U/RC:U')
+
+vector = cvss31.vector     # 'CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H/E:H/RL:U/RC:U'
+version = cvss31.version   # 3.1
+valid = cvss31.valid?      # true
+severity = cvss31.severity # 'Medium'
+
 cvss = CvssSuite.new('AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M')
 
-vector = cvss.vector    # 'AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M'
-version = cvss.version  # 2
-valid = cvss.valid?     # true
+vector = cvss.vector       # 'AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M'
+version = cvss.version     # 2
+valid = cvss.valid?        # true
+severity = cvss.severity   # 'Low'
 
 # Scores
 base_score = cvss.base_score                        # 4.9
@@ -67,7 +89,7 @@ valid = cvss.valid?     # false
 version = cvss.version  # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!
 cvss.base_score         # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!
 
-CvssSuite.new()                        # will throw a ArgumentError
+CvssSuite.new()         # will throw a ArgumentError
 
 cvss = CvssSuite.new('AV:N/AC:P/C:P/AV:U/RL:OF/RC:C')   # invalid vector, authentication is missing
 version = cvss.version  # 2
@@ -81,11 +103,17 @@ Properties (Access Vector, Remediation Level, etc) do have a position attribute,
 
 ## Known Issues
 
-Currently it is not possible to leave a attribute blank instead of ND/X. If you don't have a value for a attribute, please use ND/X instead.
+Currently it is not possible to leave an attribute blank instead of ND/X. If you don't have a value for an attribute, please use ND/X instead.
+
+There is a possibility of implementations generating different scores (+/- 0,1) due to small floating-point inaccuracies. This can happen due to differences in floating point arithmetic between different languages and hardware platforms.
+
+## Changelog
 
-Because the documentation isn't clear on how to calculate the score if Modified Scope (CVSS 3.0 Environmental) is not defined, Modified Scope has to have a valid value (S/U).
+[Click here to see all changes.](https://github.com/siemens/cvss-suite/blob/1.x/CHANGES.md)
 
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/siemens/cvss-suite. This project is intended to be a safe, welcoming space for collaboration.
 
+## References
+[CvssSuite for .NET](https://github.com/oliverhamboerger/CvssSuite)

data/_config.yml

@@ -0,0 +1 @@
+theme: jekyll-theme-cayman

data/bin/console

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
-require "bundler/setup"
-require "cvss_suite"
+require 'bundler/setup'
+require 'cvss_suite'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
@@ -10,5 +10,5 @@ require "cvss_suite"
 # require "pry"
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start