cvss-suite 1.1.1 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 67b9524624c103f1410747cc5601fc6c51bdaeb3
-  data.tar.gz: 92eb12a5d7266cdfcef91ee3d6090d59d493b8c8
+SHA256:
+  metadata.gz: d4f32e67e6919d58fbd35bc9af64a0af838e484ecfc28d17f83ebc623df9cff5
+  data.tar.gz: fc758c191bfbbd12e24e15d8b2d4fe1e012e4597ea0fcc28972bbe4bb9d8f66d
 SHA512:
-  metadata.gz: c575ffb21ee0c1742911641921e3d661bbe421e77cb073080281b98bc2133fe8aaab4ac5ab521455a9253794a91a58d71ebdeddaa7ce70127e718856f0cfa0b3
-  data.tar.gz: af23d1944795b0eb5eb4172ad742199f9f8aefc22cf17563c61e22ac6883848aa38d7564896ed84d2360e4becec28ca9abe84c71cb714ac933e511e2e302c392
+  metadata.gz: e6af1a297fb42858352914040f4d7d75923e3d6e88ed0ae14b85243252d58d169a8eddc900fd0ad1f5506a86bfc24f576e8d321fd7f2b4a01afa040ac9861ebc
+  data.tar.gz: fcb7590bd3fbe1eef4c8d5ea4f72e1cf04db96005034f74f9e764cb3853f1e0d39d73a6ba3c77416be69853f01a3c248d880997ae474534f5c8f2e7724a86ff6

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,21 @@
+---
+name: Bug report
+about: Create a report to help us improve
+
+---
+
+### Subject of the issue
+Describe your issue here.
+
+### Your environment
+* version of cvss-suite gem
+* version of ruby
+
+### Steps to reproduce
+Tell us how to reproduce this issue. Please provide a working demo.
+
+### Expected behaviour
+Tell us what should happen.
+
+### Actual behaviour
+Tell us what happens instead.

data/.github/ISSUE_TEMPLATE/custom.md

@@ -0,0 +1,7 @@
+---
+name: Custom issue template
+about: Describe this issue template's purpose here.
+
+---
+
+

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

data/.github/workflows/rspec.yml

@@ -0,0 +1,23 @@
+name: RSpec
+
+on: [push,pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby: [ '2.4', '2.5', '2.6', '2.7' ]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up ${{ matrix.ruby }}
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: Install gems
+      run: |
+        gem install bundler -v ">= 1.10"
+        bundle install --jobs 4 --retry 3
+    - name: Run tests
+      run: bundle exec rspec spec

data/.github/workflows/rubocop.yml

@@ -0,0 +1,21 @@
+name: Rubocop
+
+on: [push,pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.7
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.7
+    - name: Install gems
+      run: |
+        gem install bundler -v ">= 1.10"
+        gem install rubocop
+    - name: Run checks
+      run: rubocop -F --fail-level C -f s

data/.gitignore

@@ -10,3 +10,4 @@
 /tmp/
 .idea/
 /*.gem
+.ruby-version

data/.rubocop.yml

@@ -1,2 +1,46 @@
+inherit_from: .rubocop_todo.yml
+
+AllCops:
+  TargetRubyVersion: 2.4
+
 Metrics/LineLength:
-  Max: 120
+  Max: 120
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Metrics/ClassLength:
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Metrics/MethodLength:
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/cvss3/cvss3_spec.rb'
+    - 'spec/cvss31/cvss31_spec.rb'
+
+Style/IfUnlessModifier:
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Style/GuardClause:
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Style/ConditionalAssignment:
+  Exclude:
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Style/AsciiComments:
+  Enabled: false

data/.rubocop_todo.yml

@@ -0,0 +1,59 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2020-05-05 17:47:10 +0200 using RuboCop version 0.82.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+Lint/IneffectiveAccessModifier:
+  Exclude:
+    - 'lib/cvss_suite.rb'
+
+# Offense count: 1
+# Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
+Lint/UselessAccessModifier:
+  Exclude:
+    - 'lib/cvss_suite.rb'
+
+# Offense count: 8
+# Configuration parameters: IgnoredMethods.
+Metrics/AbcSize:
+  Max: 35
+
+# Offense count: 5
+# Configuration parameters: CountComments, ExcludedMethods.
+# ExcludedMethods: refine
+Metrics/BlockLength:
+  Max: 58
+
+# Offense count: 2
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 101
+
+# Offense count: 1
+# Configuration parameters: IgnoredMethods.
+Metrics/CyclomaticComplexity:
+  Max: 9
+
+# Offense count: 13
+# Configuration parameters: CountComments, ExcludedMethods.
+Metrics/MethodLength:
+  Max: 63
+
+# Offense count: 1
+# Configuration parameters: CountKeywordArgs.
+Metrics/ParameterLists:
+  Max: 6
+
+# Offense count: 1
+# Configuration parameters: IgnoredMethods.
+Metrics/PerceivedComplexity:
+  Max: 10
+
+# Offense count: 1
+Naming/AccessorMethodName:
+  Exclude:
+    - 'lib/cvss_suite/cvss_property.rb'

data/CHANGES.md

@@ -2,6 +2,66 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [2.0.1] - 2020-07-19
+
+### Fixes
+Fixed an error that resulted in incorrect environmental score if modified attributes were not defined.
+
+## [2.0.0] - 2020-05-10
+
+### Breaking Changes
+* Ruby >= 2.4 is now required
+* Renamed choice/choices to value/values
+
+### Improvements
+* Added CvssSuite module to every class (thanks to @fwininger)
+* Removed override for integer and float (thanks to @fwininger)
+* Added rubocop to development environment (thanks to @fwininger)
+
+### Notes
+Adding CvssSuite module everywhere means it’s no longer possible to access a class without it. Since this only affects the undocumented and ‚internal‘ classes this should not affect you. If you’re using them, stop it.
+
+Still works:
+
+```ruby
+cvss = CvssSuite.new('string')
+```
+
+Won’t work anymore (without any code change):
+
+```ruby
+cvss = Cvss31.new('string')
+```
+
+This would need to be CvssSuite::Cvss31.new('string') to work. Or you could include the whole namespace.
+
+## [1.2.0] - 2019-07-02
+
+### Notes
+Because version 2.0 of this gem will include breaking changes, please make sure to include this gem in your gemfile as shown below to not automatically update to version 2.0.
+
+```ruby
+gem 'cvss-suite', '~> 1.2'
+```
+
+### Improvements
+* Added Severity
+* Added CVSS 3.1
+* CVSS 3.0 vectors now return 3.0 instead of 3 as version
+
+### Changes in CVSS 3.1 [Source] (https://www.first.org/cvss/v3.1/user-guide)
+* The Temporal Score for all vulnerabilities which have a Base Score of 2.5, 5.0 or 10.0, Exploit Code Maturity (E) of High (H), Remediation Level (RL) of Unavailable (U) and Report Confidence (RC) of Unknown (U) is 0.1 lower in CVSS v3.1 than for 3.0.
+* Some combinations of metrics have Environmental Scores that differ when scored with CVSS v3.1 rather than v3.0. This is due to a combination of the redefinition of Roundup and the change to the ModifiedImpact sub-formula. Less than 7% of metric combinations are 0.1 higher in CVSS v3.1 than v3.0, and less than 1% are 0.1 lower. No Environmental Scores differ by more than 0.1.
+* Other implementations of the CVSS formulas may see different scoring changes between CVSS v3.0 and v3.1 if they previously generated different CVSS v3.0 scores due to the problems that the CVSS v3.1 formula changes are intended to fix.
+
+## [1.1.2] - 2018-12-28
+
+### Fixes
+Replaced Fixnum by Integer to improve compatibility with newer versions of Ruby.
+
+### Improvements
+Added example for CVSS v3 to README.
+
 ## [1.1.1] - 2018-10-18
 
 ### Fixes
@@ -44,4 +104,4 @@ Tried to fix an error. It turned out to be a local problem. Due to this I increa
 
 ## [1.0.0] - 2016-04-15
 ### Initial release
-First release of this gem.
+First release of this gem.

data/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,24 @@
+## Proposed changes
+
+Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request. If it fixes a bug or resolves a feature request, be sure to link to that issue.
+
+## Types of changes
+
+What types of changes does your code introduce to CvssSuite?
+_Put an `x` in the boxes that apply_
+
+- [ ] Bugfix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+
+## Checklist
+
+_Put an `x` in the boxes that apply. You can also fill these out after creating the PR._
+
+- [ ] Unit tests pass locally with my changes
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] I have added necessary documentation (if appropriate)
+
+## Further comments
+
+If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

data/README.md

@@ -1,9 +1,11 @@
-# CvssSuite
+# CvssSuite for Ruby
 
 [![Gem Version](http://img.shields.io/gem/v/cvss-suite.svg)](https://rubygems.org/gems/cvss-suite)
-[![Ruby Version](https://img.shields.io/badge/Ruby-2.x-brightgreen.svg)](https://rubygems.org/gems/cvss-suite)
-[![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/cvss-v2-guide.pdf)
-[![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/cvss-v3-guide.pdf)
+[![Ruby Version](https://img.shields.io/badge/Ruby-2.4-brightgreen.svg)](https://rubygems.org/gems/cvss-suite)
+[![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/v2/guide)
+[![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/v3.0/user-guide)
+[![Cvss Support](https://img.shields.io/badge/CVSS-v3.1-brightgreen.svg)](https://www.first.org/cvss/v3.1/user-guide)
+[![RSpec](https://github.com/siemens/cvss-suite/workflows/RSpec/badge.svg)](https://github.com/siemens/cvss-suite/actions)
 
 This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
 Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
@@ -23,17 +25,36 @@ And then execute:
 Or install it yourself as:
 
     $ gem install cvss-suite
+    
+## Version 1.x
+
+If your still using CvssSuite 1.x please refer to the [specific branch](https://github.com/siemens/cvss-suite/tree/1.x) for documentation and changelog.
 
 ## Usage
 
 ```ruby
 require 'cvss_suite'
 
+cvss3 = CvssSuite.new('CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H')
+
+vector = cvss3.vector       # 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H'
+version = cvss3.version     # 3.0
+valid = cvss3.valid?        # true
+severity = cvss3.severity   # 'High'
+
+cvss31 = CvssSuite.new('CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H/E:H/RL:U/RC:U')
+
+vector = cvss31.vector     # 'CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H/E:H/RL:U/RC:U'
+version = cvss31.version   # 3.1
+valid = cvss31.valid?      # true
+severity = cvss31.severity # 'Medium'
+
 cvss = CvssSuite.new('AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M')
 
-vector = cvss.vector    # 'AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M'
-version = cvss.version  # 2
-valid = cvss.valid?     # true
+vector = cvss.vector       # 'AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M'
+version = cvss.version     # 2
+valid = cvss.valid?        # true
+severity = cvss.severity   # 'Low'
 
 # Scores
 base_score = cvss.base_score                        # 4.9
@@ -45,15 +66,15 @@ overall_score = cvss.overall_score                  # 3.2
 access_vector = cvss.base.access_vector.name                # 'Access Vector'
 remediation_level = cvss.temporal.remediation_level.name    # 'Remediation Level'
 
-access_vector.choices.each do |choice|
-    choice[:name]           # 'Local', 'Adjacent Network', 'Network'
-    choice[:abbreviation]   # 'L', 'A', 'N'
-    choice[:selected]       # false, true, false
+access_vector.values.each do |value|
+    value[:name]           # 'Local', 'Adjacent Network', 'Network'
+    value[:abbreviation]   # 'L', 'A', 'N'
+    value[:selected]       # false, true, false
 end
 
 # Selected options
-cvss.base.access_vector.selected_choice[:name]          # Adjacent Network
-cvss.temporal.remediation_level.selected_choice[:name]  # Temporary Fix
+cvss.base.access_vector.selected_value[:name]          # Adjacent Network
+cvss.temporal.remediation_level.selected_value[:name]  # Temporary Fix
 
 # Exceptions
 
@@ -67,7 +88,7 @@ valid = cvss.valid?     # false
 version = cvss.version  # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!
 cvss.base_score         # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!
 
-CvssSuite.new()                        # will throw a ArgumentError
+CvssSuite.new()         # will throw a ArgumentError
 
 cvss = CvssSuite.new('AV:N/AC:P/C:P/AV:U/RL:OF/RC:C')   # invalid vector, authentication is missing
 version = cvss.version  # 2
@@ -81,11 +102,17 @@ Properties (Access Vector, Remediation Level, etc) do have a position attribute,
 
 ## Known Issues
 
-Currently it is not possible to leave a attribute blank instead of ND/X. If you don't have a value for a attribute, please use ND/X instead.
+Currently it is not possible to leave an attribute blank instead of ND/X. If you don't have a value for an attribute, please use ND/X instead.
+
+There is a possibility of implementations generating different scores (+/- 0,1) due to small floating-point inaccuracies. This can happen due to differences in floating point arithmetic between different languages and hardware platforms.
+
+## Changelog
 
-Because the documentation isn't clear on how to calculate the score if Modified Scope (CVSS 3.0 Environmental) is not defined, Modified Scope has to have a valid value (S/U).
+[Click here to see all changes.](https://github.com/siemens/cvss-suite/blob/master/CHANGES.md)
 
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/siemens/cvss-suite. This project is intended to be a safe, welcoming space for collaboration.
 
+## References
+[CvssSuite for .NET](https://github.com/oliverhamboerger/CvssSuite)

data/_config.yml

@@ -0,0 +1 @@
+theme: jekyll-theme-cayman

data/bin/console

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
-require "bundler/setup"
-require "cvss_suite"
+require 'bundler/setup'
+require 'cvss_suite'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
@@ -10,5 +10,5 @@ require "cvss_suite"
 # require "pry"
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start