cvss-suite 1.2.0 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6aacfd5bb6fb48310c6c6c5cb2821a247971ef6115cb7c4c86dddb4335d8dafd
-  data.tar.gz: 5c881abb0186de84cb10596ff12333a9e8934ed290b8fe762471aaf82f008177
+  metadata.gz: 792fd7bf771ac83da4c5a4ee81cfce2e5ce42edf32d3a8d84ecdccdb8df1f555
+  data.tar.gz: 6bc9148983a577d0e26ed5b19407ba6a366070e46166aae1a0b440c2328a59e4
 SHA512:
-  metadata.gz: 293c41865c1905f2ca44a34d7298813484312af93deb77f443411222df307df80f4a40781af2137b05f561e66fd8317196b5a8512ea82c21d565d4eb221492ff
-  data.tar.gz: 3c33b092a180ca728add5bcb4380881789f98652cf5476eb841ee23ee8b38a72e56cd7be916cfb297aa644d470830280826086561850c4625228a06e43bb82f2
+  metadata.gz: ce3abc3c7f0c6eeaa02b3739da79e61445936bc8ee2e0c066252c06477022ec1aaf752ca18400727aac8f81f3627f96cb89fd932df261168d156f000da860db6
+  data.tar.gz: c0ef0261fec46ae6340bf52f04e1739ffd92915b76039027fb98cf06db9ecd5e99472d31b54068c49618607ebdef6fd98e1b8a70bd2a7a097799d2321c17fe21

data/.github/workflows/rspec.yml

@@ -0,0 +1,23 @@
+name: RSpec
+
+on: [push,pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby: [ '2.4', '2.5', '2.6', '2.7' ]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up ${{ matrix.ruby }}
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: Build
+      run: |
+        gem install bundler -v ">= 1.10"
+        bundle install --jobs 4 --retry 3
+    - name: Run tests
+      run: bundle exec rspec spec

data/.rubocop.yml

@@ -1,2 +1,7 @@
+inherit_from: .rubocop_todo.yml
+
 Metrics/LineLength:
-  Max: 120
+  Max: 120
+
+Style/FrozenStringLiteralComment:
+  Enabled: false

data/.rubocop_todo.yml

@@ -0,0 +1,124 @@
+# `rubocop --auto-gen-config`
+# on 2020-05-05 17:47:10 +0200 using RuboCop version 0.82.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+Lint/IneffectiveAccessModifier:
+  Exclude:
+    - 'lib/cvss_suite.rb'
+
+# Offense count: 1
+# Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
+Lint/UselessAccessModifier:
+  Exclude:
+    - 'lib/cvss_suite.rb'
+
+# Offense count: 3
+Lint/UselessAssignment:
+  Exclude:
+    - 'lib/cvss_suite/cvss.rb'
+    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
+    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+
+# Offense count: 8
+# Configuration parameters: IgnoredMethods.
+Metrics/AbcSize:
+  Max: 35
+
+# Offense count: 5
+# Configuration parameters: CountComments, ExcludedMethods.
+# ExcludedMethods: refine
+Metrics/BlockLength:
+  Max: 50
+
+# Offense count: 2
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 102
+
+# Offense count: 2
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 101
+
+# Offense count: 1
+# Configuration parameters: IgnoredMethods.
+Metrics/CyclomaticComplexity:
+  Max: 9
+
+# Offense count: 13
+# Configuration parameters: CountComments, ExcludedMethods.
+Metrics/MethodLength:
+  Max: 63
+
+# Offense count: 1
+# Configuration parameters: CountKeywordArgs.
+Metrics/ParameterLists:
+  Max: 6
+
+# Offense count: 1
+# Configuration parameters: IgnoredMethods.
+Metrics/PerceivedComplexity:
+  Max: 10
+
+# Offense count: 1
+Naming/AccessorMethodName:
+  Exclude:
+    - 'lib/cvss_suite/cvss_property.rb'
+
+# Offense count: 31
+# Configuration parameters: AllowedChars.
+Style/AsciiComments:
+  Enabled: false
+
+# Offense count: 20
+Style/Documentation:
+  Enabled: false
+
+# Offense count: 2
+# Configuration parameters: MinBodyLength.
+Style/GuardClause:
+  Exclude:
+    - 'lib/cvss_suite/helpers/extensions.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/IfUnlessModifier:
+  Exclude:
+    - 'lib/cvss_suite.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: literals, strict
+Style/MutableConstant:
+  Exclude:
+    - 'lib/cvss_suite.rb'
+    - 'lib/cvss_suite/version.rb'
+
+# Offense count: 8
+# Cop supports --auto-correct.
+# Configuration parameters: Strict.
+Style/NumericLiterals:
+  MinDigits: 7
+
+# Offense count: 3
+# Cop supports --auto-correct.
+# Configuration parameters: AutoCorrect, EnforcedStyle, IgnoredMethods.
+# SupportedStyles: predicate, comparison
+Style/NumericPredicate:
+  Exclude:
+    - 'spec/**/*'
+    - 'lib/cvss_suite/cvss2/cvss2_base.rb'
+    - 'lib/cvss_suite/helpers/extensions.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods.
+# AllowedMethods: present?, blank?, presence, try, try!
+Style/SafeNavigation:
+  Exclude:
+    - 'lib/cvss_suite/cvss_metric.rb'

data/CHANGES.md

@@ -2,6 +2,30 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.2.1] - 2020-05-10
+
+### Improvements
+* Added CvssSuite module to every class (thanks to @fwininger)
+* Removed override for integer and float (thanks to @fwininger)
+* Added rubocop to development environment (thanks to @fwininger)
+
+### Notes
+Adding CvssSuite module everywhere means it’s no longer possible to access a class without it. Since this only affects the undocumented and ‚internal‘ classes this should not affect you. If you’re using them, stop it.
+
+Still works:
+
+```ruby
+cvss = CvssSuite.new('string')
+```
+
+Won’t work anymore (without any code change):
+
+```ruby
+cvss = Cvss31.new('string')
+```
+
+This would need to be CvssSuite::Cvss31.new('string') to work. Or you could include the whole namespace.
+
 ## [1.2.0] - 2019-07-02
 
 ### Notes

data/README.md

@@ -1,10 +1,11 @@
-# CvssSuite
+# CvssSuite for Ruby
 
 [![Gem Version](http://img.shields.io/gem/v/cvss-suite.svg)](https://rubygems.org/gems/cvss-suite)
 [![Ruby Version](https://img.shields.io/badge/Ruby-2.x-brightgreen.svg)](https://rubygems.org/gems/cvss-suite)
 [![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/v2/guide)
 [![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/v3.0/user-guide)
 [![Cvss Support](https://img.shields.io/badge/CVSS-v3.1-brightgreen.svg)](https://www.first.org/cvss/v3.1/user-guide)
+![RSpec](https://github.com/siemens/cvss-suite/workflows/RSpec/badge.svg)
 
 This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
 Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
@@ -105,9 +106,11 @@ There is a possibility of implementations generating different scores (+/- 0,1)
 
 ## Changelog
 
-[Click here to see all changes.](https://raw.githubusercontent.com/siemens/cvss-suite/master/CHANGES.md)
+[Click here to see all changes.](https://github.com/siemens/cvss-suite/blob/1.x/CHANGES.md)
 
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/siemens/cvss-suite. This project is intended to be a safe, welcoming space for collaboration.
 
+## References
+[CvssSuite for .NET](https://github.com/oliverhamboerger/CvssSuite)

data/_config.yml

@@ -0,0 +1 @@
+theme: jekyll-theme-cayman

data/bin/console

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
-require "bundler/setup"
-require "cvss_suite"
+require 'bundler/setup'
+require 'cvss_suite'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
@@ -10,5 +10,5 @@ require "cvss_suite"
 # require "pry"
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start

data/cvss_suite.gemspec

@@ -9,7 +9,8 @@
 # See the LICENSE.md file in the top-level directory.
 
 # coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'cvss_suite/version'
 
@@ -17,24 +18,23 @@ Gem::Specification.new do |spec|
   spec.name          = 'cvss-suite'
   spec.version       = CvssSuite::VERSION
   spec.license       = 'MIT'
-  spec.authors       = ["Oliver Hamboerger"]
-  spec.email         = ["oliver.hamboerger@siemens.com"]
+  spec.authors       = ['Oliver Hamboerger']
+  spec.email         = ['oliver.hamboerger@siemens.com']
 
-  spec.summary       = %q{Ruby gem for processing cvss vectors.}
-  spec.description   = %q{This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
-Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.}
-  spec.homepage      = "https://siemens.github.io/cvss-suite/"
+  spec.summary       = 'Ruby gem for processing cvss vectors.'
+  spec.description   = 'This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
+Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.'
+  spec.homepage      = 'https://siemens.github.io/cvss-suite/'
 
   spec.required_ruby_version = '>= 2.0.0'
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_development_dependency "bundler", "~> 1.10"
-  spec.add_development_dependency "rspec", "~> 3.4"
-  spec.add_development_dependency "rspec-its", "~> 1.2"
-  spec.add_development_dependency "rdoc", "~> 4.2"
-  spec.add_development_dependency "simplecov", "~> 0.11.2"
+  spec.add_development_dependency 'bundler', '>= 1.10'
+  spec.add_development_dependency 'rspec', '~> 3.4'
+  spec.add_development_dependency 'rspec-its', '~> 1.2'
+  spec.add_development_dependency 'simplecov', '~> 0.11'
 end

data/lib/cvss_suite.rb

@@ -12,7 +12,6 @@ require 'cvss_suite/cvss2/cvss2'
 require 'cvss_suite/cvss3/cvss3'
 require 'cvss_suite/cvss31/cvss31'
 require 'cvss_suite/version'
-require 'cvss_suite/helpers/extensions'
 require 'cvss_suite/errors'
 require 'cvss_suite/invalid_cvss'
 
@@ -21,9 +20,9 @@ require 'cvss_suite/invalid_cvss'
 
 module CvssSuite
   CVSS_VECTOR_BEGINNINGS = [
-    {:string => 'AV:', :version => 2}, 
-    {:string => 'CVSS:3.0/', :version => 3.0},
-    {:string => 'CVSS:3.1/', :version => 3.1}
+    { string: 'AV:', version: 2 },
+    { string: 'CVSS:3.0/', version: 3.0 },
+    { string: 'CVSS:3.1/', version: 3.1 }
   ]
 
   ##
@@ -31,14 +30,15 @@ module CvssSuite
 
   def self.new(vector)
     return InvalidCvss.new unless vector.is_a? String
+
     @vector_string = vector
     case version
     when 2
-      Cvss2.new(@vector_string, version)
+      Cvss2.new(@vector_string)
     when 3.0
-      Cvss3.new(@vector_string, version)
+      Cvss3.new(@vector_string)
     when 3.1
-      Cvss31.new(@vector_string, version)
+      Cvss31.new(@vector_string)
     else
       InvalidCvss.new
     end
@@ -53,5 +53,4 @@ module CvssSuite
       end
     end
   end
-
 end

data/lib/cvss_suite/cvss.rb

@@ -11,115 +11,111 @@
 ##
 # This class represents any CVSS vector. Do not instantiate this class!
 
-class Cvss
+module CvssSuite
+  class Cvss
+    ##
+    # Metric of a CVSS vector.
 
-  ##
-  # Metric of a CVSS vector.
+    attr_reader :base, :temporal, :environmental
 
-  attr_reader :base, :temporal, :environmental
+    ##
+    # Returns the vector itself.
 
-  ##
-  # Returns version of current CVSS vector.
+    attr_reader :vector
 
-  attr_reader :version
+    ##
+    # Creates a new CVSS vector by a +vector+.
+    #
+    # Raises an exception if it is called on Cvss class.
 
-  ##
-  # Returns the vector itself.
+    def initialize(vector)
+      raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if self.class == Cvss
 
-  attr_reader :vector
-
-  ##
-  # Creates a new CVSS vector by a +vector+ and a +version+.
-  #
-  # Raises an exception if it is called on Cvss class.
-
-  def initialize(vector, version)
-    raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if self.class == Cvss
-    @version = version
-    @vector = vector
-    @properties = []
-    extract_metrics
-    init_metrics
-  end
+      @vector = vector
+      @properties = []
+      extract_metrics
+      init_metrics
+    end
 
-  ##
-  # Returns if CVSS vector is valid.
+    ##
+    # Returns if CVSS vector is valid.
 
-  def valid?
-    if @amount_of_properties == required_amount_of_properties
+    def valid?
+      if @amount_of_properties == required_amount_of_properties
         base = @base.valid?
         temporal = @base.valid? && @temporal.valid?
         environmental = @base.valid? && @environmental.valid?
         full = @base.valid? && @temporal.valid? && @environmental.valid?
         base || temporal || environmental || full
-    else
-      false
+      else
+        false
+      end
     end
-  end
 
-  ##
-  # Returns the severity of the CVSS vector.
-
-  def severity
-    check_validity
-    
-    score = overall_score
-
-    if 0.0 == score
-      "None"
-    elsif (0.1..3.9).include? score
-     "Low"
-    elsif (4.0..6.9).include? score
-     "Medium"
-    elsif (7.0..8.9).include? score
-     "High"
-    elsif (9.0..10.0).include? score
-     "Critical"
-    else
-     "None"
+    ##
+    # Returns the severity of the CVSS vector.
+
+    def severity
+      check_validity
+
+      score = overall_score
+
+      if score == 0.0
+        'None'
+      elsif (0.1..3.9).include? score
+        'Low'
+      elsif (4.0..6.9).include? score
+        'Medium'
+      elsif (7.0..8.9).include? score
+        'High'
+      elsif (9.0..10.0).include? score
+        'Critical'
+      else
+        'None'
+      end
     end
-  end
 
-  ##
-  # Returns the Overall Score of the CVSS vector.
+    ##
+    # Returns the Overall Score of the CVSS vector.
 
-  def overall_score
-    check_validity
-    return temporal_score if @temporal.valid? && !@environmental.valid?
-    return environmental_score if @environmental.valid?
-    base_score
-  end
+    def overall_score
+      check_validity
+      return temporal_score if @temporal.valid? && !@environmental.valid?
+      return environmental_score if @environmental.valid?
 
-  private
+      base_score
+    end
 
-  def extract_metrics
-    properties = prepared_vector.split('/')
-    @amount_of_properties = properties.size
-    properties.each_with_index do |property, index|
-      property = property.split(':')
-      @properties.push({ name: property[0], selected: property[1], position: index })
+    private
+
+    def extract_metrics
+      properties = prepared_vector.split('/')
+      @amount_of_properties = properties.size
+      properties.each_with_index do |property, index|
+        property = property.split(':')
+        @properties.push({ name: property[0], selected: property[1], position: index })
+      end
     end
-  end
 
-  def check_validity
-    raise CvssSuite::Errors::InvalidVector, 'Vector is not valid!' unless valid?
-  end
+    def check_validity
+      raise CvssSuite::Errors::InvalidVector, 'Vector is not valid!' unless valid?
+    end
 
-  def prepared_vector
-    start_of_vector = @vector.index('AV')
+    def prepared_vector
+      start_of_vector = @vector.index('AV')
 
-    if start_of_vector.nil?
-      String.new
-    else
-      @vector[start_of_vector..-1]
+      if start_of_vector.nil?
+        ''
+      else
+        @vector[start_of_vector..-1]
+      end
     end
-  end
 
-  def required_amount_of_properties
-    total = @base.count if @base.valid?
-    total += @temporal.count if @temporal.valid?
-    total += @environmental.count if @environmental.valid?
-    total ||= 0
+    def required_amount_of_properties
+      total = @base.count if @base.valid?
+      total += @temporal.count if @temporal.valid?
+      total += @environmental.count if @environmental.valid?
+      total ||= 0
+    end
   end
-
-end
+end