cvss-suite 1.1.1 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
- data/.github/ISSUE_TEMPLATE/custom.md +7 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +17 -0
- data/.github/workflows/rspec.yml +23 -0
- data/.github/workflows/rubocop.yml +21 -0
- data/.gitignore +1 -0
- data/.rubocop.yml +45 -1
- data/.rubocop_todo.yml +59 -0
- data/CHANGES.md +61 -1
- data/PULL_REQUEST_TEMPLATE.md +24 -0
- data/README.md +43 -16
- data/_config.yml +1 -0
- data/bin/console +3 -3
- data/cvss_suite.gemspec +14 -13
- data/lib/cvss_suite.rb +13 -11
- data/lib/cvss_suite/cvss.rb +85 -73
- data/lib/cvss_suite/cvss2/cvss2.rb +39 -36
- data/lib/cvss_suite/cvss2/cvss2_base.rb +69 -75
- data/lib/cvss_suite/cvss2/cvss2_environmental.rb +52 -54
- data/lib/cvss_suite/cvss2/cvss2_temporal.rb +40 -41
- data/lib/cvss_suite/cvss3/cvss3.rb +39 -36
- data/lib/cvss_suite/cvss3/cvss3_base.rb +72 -75
- data/lib/cvss_suite/cvss3/cvss3_environmental.rb +159 -109
- data/lib/cvss_suite/cvss3/cvss3_temporal.rb +41 -42
- data/lib/cvss_suite/cvss31/cvss31.rb +60 -0
- data/lib/cvss_suite/cvss31/cvss31_base.rb +93 -0
- data/lib/cvss_suite/cvss31/cvss31_environmental.rb +194 -0
- data/lib/cvss_suite/cvss31/cvss31_temporal.rb +56 -0
- data/lib/cvss_suite/cvss_metric.rb +31 -35
- data/lib/cvss_suite/cvss_property.rb +57 -56
- data/lib/cvss_suite/helpers/cvss31_helper.rb +27 -0
- data/lib/cvss_suite/helpers/cvss3_helper.rb +21 -15
- data/lib/cvss_suite/invalid_cvss.rb +37 -45
- data/lib/cvss_suite/version.rb +2 -2
- metadata +21 -25
- data/.travis.yml +0 -4
- data/lib/cvss_suite/helpers/extensions.rb +0 -32
@@ -8,46 +8,42 @@
|
|
8
8
|
# This work is licensed under the terms of the MIT license.
|
9
9
|
# See the LICENSE.md file in the top-level directory.
|
10
10
|
|
11
|
-
|
12
|
-
# This class represents any CVSS metric.
|
13
|
-
|
14
|
-
class CvssMetric
|
15
|
-
|
11
|
+
module CvssSuite
|
16
12
|
##
|
17
|
-
#
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
##
|
26
|
-
# Returns if the metric is valid.
|
27
|
-
|
28
|
-
def valid?
|
29
|
-
@properties.each do |property|
|
30
|
-
return false unless property.valid?
|
13
|
+
# This class represents any CVSS metric.
|
14
|
+
class CvssMetric
|
15
|
+
##
|
16
|
+
# Creates a new CVSS metric by +properties+
|
17
|
+
def initialize(selected_properties)
|
18
|
+
@properties = []
|
19
|
+
init_properties
|
20
|
+
extract_selected_values_from selected_properties
|
31
21
|
end
|
32
|
-
true
|
33
|
-
end
|
34
22
|
|
35
|
-
|
36
|
-
|
23
|
+
##
|
24
|
+
# Returns if the metric is valid.
|
25
|
+
def valid?
|
26
|
+
@properties.each do |property|
|
27
|
+
return false unless property.valid?
|
28
|
+
end
|
29
|
+
true
|
30
|
+
end
|
37
31
|
|
38
|
-
|
39
|
-
|
40
|
-
|
32
|
+
##
|
33
|
+
# Returns number of properties for this metric.
|
34
|
+
def count
|
35
|
+
@properties.count
|
36
|
+
end
|
41
37
|
|
42
|
-
|
38
|
+
private
|
43
39
|
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
40
|
+
def extract_selected_values_from(selected_properties)
|
41
|
+
selected_properties.each do |selected_property|
|
42
|
+
property = @properties.detect do |p|
|
43
|
+
p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
|
44
|
+
end
|
45
|
+
property&.set_selected_value selected_property[:selected]
|
46
|
+
end
|
50
47
|
end
|
51
48
|
end
|
52
|
-
|
53
|
-
end
|
49
|
+
end
|
@@ -8,78 +8,79 @@
|
|
8
8
|
# This work is licensed under the terms of the MIT license.
|
9
9
|
# See the LICENSE.md file in the top-level directory.
|
10
10
|
|
11
|
-
|
12
|
-
# This class represents a CVSS property of a CVSS metric.
|
13
|
-
|
14
|
-
class CvssProperty
|
15
|
-
|
11
|
+
module CvssSuite
|
16
12
|
##
|
17
|
-
#
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
13
|
+
# This class represents a CVSS property of a CVSS metric.
|
14
|
+
class CvssProperty
|
15
|
+
##
|
16
|
+
# Creates a new CVSS property by a +property+.
|
17
|
+
#
|
18
|
+
# +Property+ needs to consist of a name, a abbreviation,
|
19
|
+
# the possible positions in the CVSS vector, a weight, and the
|
20
|
+
# available values for the property.
|
21
|
+
|
22
|
+
def initialize(property)
|
23
|
+
@property = property
|
24
|
+
@property[:default_value] ||= 'Not Available'
|
25
|
+
end
|
26
26
|
|
27
|
-
|
28
|
-
|
27
|
+
##
|
28
|
+
# Returns the full name of the property.
|
29
29
|
|
30
|
-
|
31
|
-
|
32
|
-
|
30
|
+
def name
|
31
|
+
@property[:name]
|
32
|
+
end
|
33
33
|
|
34
|
-
|
35
|
-
|
34
|
+
##
|
35
|
+
# Returns the abbreviation of the property.
|
36
36
|
|
37
|
-
|
38
|
-
|
39
|
-
|
37
|
+
def abbreviation
|
38
|
+
@property[:abbreviation]
|
39
|
+
end
|
40
40
|
|
41
|
-
|
42
|
-
|
41
|
+
##
|
42
|
+
# Returns all available values of the property.
|
43
43
|
|
44
|
-
|
45
|
-
|
46
|
-
|
44
|
+
def values
|
45
|
+
@property[:values]
|
46
|
+
end
|
47
47
|
|
48
|
-
|
49
|
-
|
48
|
+
##
|
49
|
+
# Returns the possible positions in the CVSS vector of the property.
|
50
50
|
|
51
|
-
|
52
|
-
|
53
|
-
|
51
|
+
def position
|
52
|
+
@property[:position]
|
53
|
+
end
|
54
54
|
|
55
|
-
|
56
|
-
|
55
|
+
##
|
56
|
+
# Returns the selected value of the property.
|
57
57
|
|
58
|
-
|
59
|
-
|
60
|
-
|
58
|
+
def selected_value
|
59
|
+
@selected_value || @property[:default_value]
|
60
|
+
end
|
61
61
|
|
62
|
-
|
63
|
-
|
62
|
+
##
|
63
|
+
# Returns true if the property is valid.
|
64
64
|
|
65
|
-
|
66
|
-
|
67
|
-
|
65
|
+
def valid?
|
66
|
+
!@selected_value.nil?
|
67
|
+
end
|
68
68
|
|
69
|
-
|
70
|
-
|
69
|
+
##
|
70
|
+
# Returns the score of the selected value.
|
71
71
|
|
72
|
-
|
73
|
-
|
74
|
-
|
72
|
+
def score
|
73
|
+
@selected_value[:weight]
|
74
|
+
end
|
75
75
|
|
76
|
-
|
77
|
-
|
76
|
+
##
|
77
|
+
# Sets the selected value by a +value+.
|
78
78
|
|
79
|
-
|
80
|
-
|
81
|
-
|
79
|
+
def set_selected_value(selected_value)
|
80
|
+
values.each do |value|
|
81
|
+
value[:selected] = selected_value.eql?(value[:abbreviation])
|
82
|
+
end
|
83
|
+
@selected_value = values.detect { |value| value[:selected] }
|
82
84
|
end
|
83
|
-
@selected_choice = choices.detect { |choice| choice[:selected] }
|
84
85
|
end
|
85
|
-
end
|
86
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
|
+
#
|
3
|
+
# Copyright (c) Siemens AG, 2016
|
4
|
+
#
|
5
|
+
# Authors:
|
6
|
+
# Oliver Hambörger <oliver.hamboerger@siemens.com>
|
7
|
+
#
|
8
|
+
# This work is licensed under the terms of the MIT license.
|
9
|
+
# See the LICENSE.md file in the top-level directory.
|
10
|
+
|
11
|
+
module CvssSuite
|
12
|
+
##
|
13
|
+
# This module includes methods which are used by the CVSS 3 classes.
|
14
|
+
module Cvss31Helper
|
15
|
+
##
|
16
|
+
# Since CVSS 3 all float values are rounded up, therefore this method is used
|
17
|
+
# instead of the mathematically correct method round().
|
18
|
+
def self.round_up(float)
|
19
|
+
output = (float * 100_000).round
|
20
|
+
if (output % 10_000).zero?
|
21
|
+
output / 100_000.0
|
22
|
+
else
|
23
|
+
((output / 10_000).floor + 1) / 10.0
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -8,22 +8,28 @@
|
|
8
8
|
# This work is licensed under the terms of the MIT license.
|
9
9
|
# See the LICENSE.md file in the top-level directory.
|
10
10
|
|
11
|
-
|
12
|
-
# This module includes methods which are used by the CVSS 3 classes.
|
13
|
-
|
14
|
-
module Cvss3Helper
|
15
|
-
|
11
|
+
module CvssSuite
|
16
12
|
##
|
17
|
-
#
|
18
|
-
|
13
|
+
# This module includes methods which are used by the CVSS 3 classes.
|
14
|
+
module Cvss3Helper
|
15
|
+
##
|
16
|
+
# Since CVSS 3 all float values are rounded up, therefore this method is used
|
17
|
+
# instead of the mathematically correct method round().
|
18
|
+
def self.round_up(float)
|
19
|
+
float.ceil(1).to_f
|
20
|
+
end
|
19
21
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
privilege_score =
|
22
|
+
##
|
23
|
+
# Since CVSS 3 the Privilege Required score depends on the selected value of the Scope metric.
|
24
|
+
# This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score.
|
25
|
+
def self.privileges_required_score(privileges_required, scope)
|
26
|
+
changed = scope.selected_value[:name] == 'Changed'
|
27
|
+
privilege_score = privileges_required.score
|
28
|
+
if changed
|
29
|
+
privilege_score = 0.68 if privileges_required.selected_value[:name] == 'Low'
|
30
|
+
privilege_score = 0.50 if privileges_required.selected_value[:name] == 'High'
|
31
|
+
end
|
32
|
+
privilege_score
|
26
33
|
end
|
27
|
-
privilege_score
|
28
34
|
end
|
29
|
-
end
|
35
|
+
end
|
@@ -8,50 +8,42 @@
|
|
8
8
|
# This work is licensed under the terms of the MIT license.
|
9
9
|
# See the LICENSE.md file in the top-level directory.
|
10
10
|
|
11
|
-
|
12
|
-
# # This class represents a invalid CVSS vector.
|
13
|
-
|
14
|
-
class InvalidCvss < Cvss
|
15
|
-
|
16
|
-
##
|
17
|
-
# Creates a new invalid CVSS vector.
|
18
|
-
|
19
|
-
def initialize
|
20
|
-
end
|
21
|
-
|
22
|
-
##
|
23
|
-
# Since this is an invalid CVSS vector, it always returns false.
|
24
|
-
|
25
|
-
def valid?
|
26
|
-
false
|
27
|
-
end
|
28
|
-
|
29
|
-
##
|
30
|
-
# Since this is an invalid CVSS vector, it always throws an exception.
|
31
|
-
|
32
|
-
def version
|
33
|
-
check_validity
|
34
|
-
end
|
35
|
-
|
36
|
-
##
|
37
|
-
# Since this is an invalid CVSS vector, it always throws an exception.
|
38
|
-
|
39
|
-
def base_score
|
40
|
-
check_validity
|
41
|
-
end
|
42
|
-
|
11
|
+
module CvssSuite
|
43
12
|
##
|
44
|
-
#
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
13
|
+
# This class represents a invalid CVSS vector.
|
14
|
+
class InvalidCvss < Cvss
|
15
|
+
##
|
16
|
+
# Creates a new invalid CVSS vector.
|
17
|
+
def initialize; end
|
18
|
+
|
19
|
+
##
|
20
|
+
# Since this is an invalid CVSS vector, it always returns false.
|
21
|
+
def valid?
|
22
|
+
false
|
23
|
+
end
|
24
|
+
|
25
|
+
##
|
26
|
+
# Since this is an invalid CVSS vector, it always throws an exception.
|
27
|
+
def version
|
28
|
+
check_validity
|
29
|
+
end
|
30
|
+
|
31
|
+
##
|
32
|
+
# Since this is an invalid CVSS vector, it always throws an exception.
|
33
|
+
def base_score
|
34
|
+
check_validity
|
35
|
+
end
|
36
|
+
|
37
|
+
##
|
38
|
+
# Since this is an invalid CVSS vector, it always throws an exception.
|
39
|
+
def temporal_score
|
40
|
+
check_validity
|
41
|
+
end
|
42
|
+
|
43
|
+
##
|
44
|
+
# Since this is an invalid CVSS vector, it always throws an exception.
|
45
|
+
def environmental_score
|
46
|
+
check_validity
|
47
|
+
end
|
55
48
|
end
|
56
|
-
|
57
|
-
end
|
49
|
+
end
|
data/lib/cvss_suite/version.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) Siemens AG,
|
3
|
+
# Copyright (c) Siemens AG, 2019
|
4
4
|
#
|
5
5
|
# Authors:
|
6
6
|
# Oliver Hambörger <oliver.hamboerger@siemens.com>
|
@@ -9,5 +9,5 @@
|
|
9
9
|
# See the LICENSE.md file in the top-level directory.
|
10
10
|
|
11
11
|
module CvssSuite
|
12
|
-
VERSION =
|
12
|
+
VERSION = '2.0.1'.freeze
|
13
13
|
end
|
metadata
CHANGED
@@ -1,27 +1,27 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cvss-suite
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oliver Hamboerger
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-07-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '1.10'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '1.10'
|
27
27
|
- !ruby/object:Gem::Dependency
|
@@ -52,34 +52,20 @@ dependencies:
|
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '1.2'
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: rdoc
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - "~>"
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: '4.2'
|
62
|
-
type: :development
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - "~>"
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: '4.2'
|
69
55
|
- !ruby/object:Gem::Dependency
|
70
56
|
name: simplecov
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
72
58
|
requirements:
|
73
59
|
- - "~>"
|
74
60
|
- !ruby/object:Gem::Version
|
75
|
-
version: 0.
|
61
|
+
version: '0.18'
|
76
62
|
type: :development
|
77
63
|
prerelease: false
|
78
64
|
version_requirements: !ruby/object:Gem::Requirement
|
79
65
|
requirements:
|
80
66
|
- - "~>"
|
81
67
|
- !ruby/object:Gem::Version
|
82
|
-
version: 0.
|
68
|
+
version: '0.18'
|
83
69
|
description: |-
|
84
70
|
This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
|
85
71
|
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
|
@@ -89,15 +75,22 @@ executables: []
|
|
89
75
|
extensions: []
|
90
76
|
extra_rdoc_files: []
|
91
77
|
files:
|
78
|
+
- ".github/ISSUE_TEMPLATE/bug_report.md"
|
79
|
+
- ".github/ISSUE_TEMPLATE/custom.md"
|
80
|
+
- ".github/ISSUE_TEMPLATE/feature_request.md"
|
81
|
+
- ".github/workflows/rspec.yml"
|
82
|
+
- ".github/workflows/rubocop.yml"
|
92
83
|
- ".gitignore"
|
93
84
|
- ".rspec"
|
94
85
|
- ".rubocop.yml"
|
95
|
-
- ".
|
86
|
+
- ".rubocop_todo.yml"
|
96
87
|
- CHANGES.md
|
97
88
|
- CODE_OF_CONDUCT.md
|
98
89
|
- Gemfile
|
99
90
|
- LICENSE.md
|
91
|
+
- PULL_REQUEST_TEMPLATE.md
|
100
92
|
- README.md
|
93
|
+
- _config.yml
|
101
94
|
- bin/console
|
102
95
|
- bin/setup
|
103
96
|
- cvss_suite.gemspec
|
@@ -111,11 +104,15 @@ files:
|
|
111
104
|
- lib/cvss_suite/cvss3/cvss3_base.rb
|
112
105
|
- lib/cvss_suite/cvss3/cvss3_environmental.rb
|
113
106
|
- lib/cvss_suite/cvss3/cvss3_temporal.rb
|
107
|
+
- lib/cvss_suite/cvss31/cvss31.rb
|
108
|
+
- lib/cvss_suite/cvss31/cvss31_base.rb
|
109
|
+
- lib/cvss_suite/cvss31/cvss31_environmental.rb
|
110
|
+
- lib/cvss_suite/cvss31/cvss31_temporal.rb
|
114
111
|
- lib/cvss_suite/cvss_metric.rb
|
115
112
|
- lib/cvss_suite/cvss_property.rb
|
116
113
|
- lib/cvss_suite/errors.rb
|
114
|
+
- lib/cvss_suite/helpers/cvss31_helper.rb
|
117
115
|
- lib/cvss_suite/helpers/cvss3_helper.rb
|
118
|
-
- lib/cvss_suite/helpers/extensions.rb
|
119
116
|
- lib/cvss_suite/invalid_cvss.rb
|
120
117
|
- lib/cvss_suite/version.rb
|
121
118
|
homepage: https://siemens.github.io/cvss-suite/
|
@@ -130,15 +127,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
130
127
|
requirements:
|
131
128
|
- - ">="
|
132
129
|
- !ruby/object:Gem::Version
|
133
|
-
version:
|
130
|
+
version: 2.4.0
|
134
131
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
135
132
|
requirements:
|
136
133
|
- - ">="
|
137
134
|
- !ruby/object:Gem::Version
|
138
135
|
version: '0'
|
139
136
|
requirements: []
|
140
|
-
|
141
|
-
rubygems_version: 2.5.1
|
137
|
+
rubygems_version: 3.0.3
|
142
138
|
signing_key:
|
143
139
|
specification_version: 4
|
144
140
|
summary: Ruby gem for processing cvss vectors.
|