cvss-suite 1.2.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/rspec.yml +23 -0
  3. data/.rubocop.yml +6 -1
  4. data/.rubocop_todo.yml +124 -0
  5. data/CHANGES.md +24 -0
  6. data/README.md +5 -2
  7. data/_config.yml +1 -0
  8. data/bin/console +3 -3
  9. data/cvss_suite.gemspec +13 -13
  10. data/lib/cvss_suite.rb +7 -8
  11. data/lib/cvss_suite/cvss.rb +81 -85
  12. data/lib/cvss_suite/cvss2/cvss2.rb +34 -26
  13. data/lib/cvss_suite/cvss2/cvss2_base.rb +70 -73
  14. data/lib/cvss_suite/cvss2/cvss2_environmental.rb +49 -50
  15. data/lib/cvss_suite/cvss2/cvss2_temporal.rb +41 -39
  16. data/lib/cvss_suite/cvss3/cvss3.rb +34 -26
  17. data/lib/cvss_suite/cvss3/cvss3_base.rb +64 -65
  18. data/lib/cvss_suite/cvss3/cvss3_environmental.rb +108 -111
  19. data/lib/cvss_suite/cvss3/cvss3_temporal.rb +42 -40
  20. data/lib/cvss_suite/cvss31/cvss31.rb +35 -26
  21. data/lib/cvss_suite/cvss31/cvss31_base.rb +64 -65
  22. data/lib/cvss_suite/cvss31/cvss31_environmental.rb +109 -111
  23. data/lib/cvss_suite/cvss31/cvss31_temporal.rb +42 -40
  24. data/lib/cvss_suite/cvss_metric.rb +31 -31
  25. data/lib/cvss_suite/cvss_property.rb +56 -54
  26. data/lib/cvss_suite/helpers/cvss31_helper.rb +27 -0
  27. data/lib/cvss_suite/helpers/cvss3_helper.rb +20 -13
  28. data/lib/cvss_suite/invalid_cvss.rb +31 -32
  29. data/lib/cvss_suite/version.rb +1 -1
  30. metadata +10 -22
  31. data/.travis.yml +0 -4
  32. data/lib/cvss_suite/helpers/extensions.rb +0 -56
data/lib/cvss_suite/cvss2/cvss2.rb CHANGED
@@ -8,7 +8,7 @@
8
8
  # This work is licensed under the terms of the MIT license.
9
9
  # See the LICENSE.md file in the top-level directory.
10
10
 
11
- require_relative '../../../lib/cvss_suite/cvss'
11
+ require_relative '../cvss'
12
12
  require_relative 'cvss2_base'
13
13
  require_relative 'cvss2_temporal'
14
14
  require_relative 'cvss2_environmental'
@@ -16,37 +16,45 @@ require_relative 'cvss2_environmental'
16
16
  ##
17
17
  # This class represents a CVSS vector in version 2.
18
18
 
19
- class Cvss2 < Cvss
19
+ module CvssSuite
20
+ class Cvss2 < Cvss
21
+ ##
22
+ # Returns the Version of the CVSS vector.
20
23
 
21
- ##
22
- # Returns the Base Score of the CVSS vector.
24
+ def version
25
+ 2
26
+ end
23
27
 
24
- def base_score
25
- check_validity
26
- @base.score.round(1)
27
- end
28
+ ##
29
+ # Returns the Base Score of the CVSS vector.
28
30
 
29
- ##
30
- # Returns the Temporal Score of the CVSS vector.
31
+ def base_score
32
+ check_validity
33
+ @base.score.round(1)
34
+ end
31
35
 
32
- def temporal_score
33
- (base_score * @temporal.score).round(1)
34
- end
36
+ ##
37
+ # Returns the Temporal Score of the CVSS vector.
35
38
 
36
- ##
37
- # Returns the Environmental Score of the CVSS vector.
39
+ def temporal_score
40
+ (base_score * @temporal.score).round(1)
41
+ end
38
42
 
39
- def environmental_score
40
- return temporal_score unless @environmental.valid?
41
- (@environmental.score @base, @temporal.score).round(1)
42
- end
43
+ ##
44
+ # Returns the Environmental Score of the CVSS vector.
43
45
 
44
- private
46
+ def environmental_score
47
+ return temporal_score unless @environmental.valid?
45
48
 
46
- def init_metrics
47
- @base = Cvss2Base.new(@properties)
48
- @temporal = Cvss2Temporal.new(@properties)
49
- @environmental = Cvss2Environmental.new(@properties)
50
- end
49
+ (@environmental.score @base, @temporal.score).round(1)
50
+ end
51
+
52
+ private
51
53
 
52
- end
54
+ def init_metrics
55
+ @base = Cvss2Base.new(@properties)
56
+ @temporal = Cvss2Temporal.new(@properties)
57
+ @environmental = Cvss2Environmental.new(@properties)
58
+ end
59
+ end
60
+ end
data/lib/cvss_suite/cvss2/cvss2_base.rb CHANGED
@@ -14,78 +14,75 @@ require_relative '../cvss_metric'
14
14
  ##
15
15
  # This class represents a CVSS Base metric in version 2.
16
16
 
17
- class Cvss2Base < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :access_vector, :access_complexity, :authentication,
23
- :confidentiality_impact, :integrity_impact, :availability_impact
24
-
25
- ##
26
- # Returns the base score of the CVSS vector. The calculation is based on formula version 2.10 .
27
- # See CVSS documentation for further information https://www.first.org/cvss/v2/guide#i3.2.1 .
28
- #
29
- # Takes +Security+ +Requirement+ +Impacts+ for calculating environmental score.
30
-
31
- def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
32
-
33
- impact = calc_impact sr_cr_score, sr_ir_score, sr_ar_score
34
-
35
- exploitability = calc_exploitability
36
-
37
- additional_impact = (impact == 0 ? 0 : 1.176)
38
-
39
- ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
40
-
17
+ module CvssSuite
18
+ class Cvss2Base < CvssMetric
19
+ ##
20
+ # Property of this metric
21
+
22
+ attr_reader :access_vector, :access_complexity, :authentication,
23
+ :confidentiality_impact, :integrity_impact, :availability_impact
24
+
25
+ ##
26
+ # Returns the base score of the CVSS vector. The calculation is based on formula version 2.10 .
27
+ # See CVSS documentation for further information https://www.first.org/cvss/v2/guide#i3.2.1 .
28
+ #
29
+ # Takes +Security+ +Requirement+ +Impacts+ for calculating environmental score.
30
+
31
+ def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
32
+ impact = calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
33
+
34
+ exploitability = calc_exploitability
35
+
36
+ additional_impact = (impact == 0 ? 0 : 1.176)
37
+
38
+ ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
39
+ end
40
+
41
+ private
42
+
43
+ def init_properties
44
+ @properties.push(@access_vector =
45
+ CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
46
+ choices: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
47
+ { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
48
+ { name: 'Local', abbreviation: 'L', weight: 0.395 }]))
49
+ @properties.push(@access_complexity =
50
+ CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
51
+ choices: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
52
+ { name: 'Medium', abbreviation: 'M', weight: 0.61 },
53
+ { name: 'High', abbreviation: 'H', weight: 0.35 }]))
54
+ @properties.push(@authentication =
55
+ CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
56
+ choices: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
57
+ { name: 'Single', abbreviation: 'S', weight: 0.56 },
58
+ { name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
59
+ @properties.push(@confidentiality_impact =
60
+ CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
61
+ choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
62
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
63
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
64
+ @properties.push(@integrity_impact =
65
+ CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
66
+ choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
67
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
68
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
69
+ @properties.push(@availability_impact =
70
+ CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
71
+ choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
72
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
73
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
74
+ end
75
+
76
+ def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
77
+ confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score
78
+ integrity_score = 1 - @integrity_impact.score * sr_ir_score
79
+ availability_score = 1 - @availability_impact.score * sr_ar_score
80
+
81
+ [10, 10.41 * (1 - confidentiality_score * integrity_score * availability_score)].min
82
+ end
83
+
84
+ def calc_exploitability
85
+ 20 * @access_vector.score * @access_complexity.score * @authentication.score
86
+ end
41
87
  end
42
-
43
- private
44
-
45
- def init_properties
46
- @properties.push(@access_vector =
47
- CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
48
- choices: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
49
- { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
50
- { name: 'Local', abbreviation: 'L', weight: 0.395 }]))
51
- @properties.push(@access_complexity =
52
- CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
53
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
54
- { name: 'Medium', abbreviation: 'M', weight: 0.61 },
55
- { name: 'High', abbreviation: 'H', weight: 0.35 }]))
56
- @properties.push(@authentication =
57
- CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
58
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
59
- { name: 'Single', abbreviation: 'S', weight: 0.56 },
60
- { name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
61
- @properties.push(@confidentiality_impact =
62
- CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
63
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
64
- { name: 'Partial', abbreviation: 'P', weight: 0.275 },
65
- { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
66
- @properties.push(@integrity_impact =
67
- CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
68
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
69
- { name: 'Partial', abbreviation: 'P', weight: 0.275 },
70
- { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
71
- @properties.push(@availability_impact =
72
- CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
73
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0},
74
- { name: 'Partial', abbreviation: 'P', weight: 0.275},
75
- { name: 'Complete', abbreviation: 'C', weight: 0.66}]))
76
- end
77
-
78
- def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
79
- confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score
80
- integrity_score = 1 - @integrity_impact.score * sr_ir_score
81
- availability_score = 1 - @availability_impact.score * sr_ar_score
82
-
83
- [10, 10.41 * (1-confidentiality_score*integrity_score*availability_score)].min
84
- end
85
-
86
- def calc_exploitability
87
- 20 * @access_vector.score * @access_complexity.score * @authentication.score
88
- end
89
-
90
88
  end
91
-
data/lib/cvss_suite/cvss2/cvss2_environmental.rb CHANGED
@@ -14,61 +14,60 @@ require_relative '../cvss_metric'
14
14
  ##
15
15
  # This class represents a CVSS Environmental metric in version 2.
16
16
 
17
- class Cvss2Environmental < CvssMetric
17
+ module CvssSuite
18
+ class Cvss2Environmental < CvssMetric
19
+ ##
20
+ # Property of this metric
18
21
 
19
- ##
20
- # Property of this metric
22
+ attr_reader :collateral_damage_potential, :target_distribution, :security_requirements_cr,
23
+ :security_requirements_ir, :security_requirements_ar
21
24
 
22
- attr_reader :collateral_damage_potential, :target_distribution, :security_requirements_cr,
23
- :security_requirements_ir, :security_requirements_ar
25
+ ##
26
+ # Returns score of this metric
24
27
 
25
- ##
26
- # Returns score of this metric
28
+ def score(base, temporal_score)
29
+ base_score = (base.score @security_requirements_cr.score, @security_requirements_ir.score, @security_requirements_ar.score).round(1)
27
30
 
28
- def score(base, temporal_score)
29
- base_score = (base.score @security_requirements_cr.score, @security_requirements_ir.score, @security_requirements_ar.score).round(1)
31
+ adjusted_temporal = (base_score * temporal_score).round(1)
32
+ (adjusted_temporal + (10 - adjusted_temporal) * @collateral_damage_potential.score) * @target_distribution.score
33
+ end
30
34
 
31
- adjusted_temporal = (base_score * temporal_score).round(1)
32
- (adjusted_temporal + (10 - adjusted_temporal) * @collateral_damage_potential.score) * @target_distribution.score
35
+ private
33
36
 
34
- end
35
-
36
- private
37
-
38
- def init_properties
39
- @properties.push(@collateral_damage_potential =
40
- CvssProperty.new(name: 'Collateral Damage Potential', abbreviation: 'CDP', position: [6, 9],
41
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
42
- { name: 'Low', abbreviation: 'L', weight: 0.1 },
43
- { name: 'Low-Medium', abbreviation: 'LM', weight: 0.3 },
44
- { name: 'Medium-High', abbreviation: 'MH', weight: 0.4 },
45
- { name: 'High', abbreviation: 'H', weight: 0.5 },
46
- { name: 'Not Defined', abbreviation: 'ND', weight: 0.0 }]))
47
- @properties.push(@target_distribution =
48
- CvssProperty.new(name: 'Target Distribution', abbreviation: 'TD', position: [7, 10],
49
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
50
- { name: 'Low', abbreviation: 'L', weight: 0.25 },
51
- { name: 'Medium', abbreviation: 'M', weight: 0.75 },
52
- { name: 'High', abbreviation: 'H', weight: 1.0 },
53
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
54
- @properties.push(@security_requirements_cr =
55
- CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
56
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
57
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
58
- { name: 'High', abbreviation: 'H', weight: 1.51 },
59
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
60
- @properties.push(@security_requirements_ir =
61
- CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
62
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
63
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
64
- { name: 'High', abbreviation: 'H', weight: 1.51 },
65
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
66
- @properties.push(@security_requirements_ar =
67
- CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
68
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
69
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
70
- { name: 'High', abbreviation: 'H', weight: 1.51 },
71
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
37
+ def init_properties
38
+ @properties.push(@collateral_damage_potential =
39
+ CvssProperty.new(name: 'Collateral Damage Potential', abbreviation: 'CDP', position: [6, 9],
40
+ choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
41
+ { name: 'Low', abbreviation: 'L', weight: 0.1 },
42
+ { name: 'Low-Medium', abbreviation: 'LM', weight: 0.3 },
43
+ { name: 'Medium-High', abbreviation: 'MH', weight: 0.4 },
44
+ { name: 'High', abbreviation: 'H', weight: 0.5 },
45
+ { name: 'Not Defined', abbreviation: 'ND', weight: 0.0 }]))
46
+ @properties.push(@target_distribution =
47
+ CvssProperty.new(name: 'Target Distribution', abbreviation: 'TD', position: [7, 10],
48
+ choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
49
+ { name: 'Low', abbreviation: 'L', weight: 0.25 },
50
+ { name: 'Medium', abbreviation: 'M', weight: 0.75 },
51
+ { name: 'High', abbreviation: 'H', weight: 1.0 },
52
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
53
+ @properties.push(@security_requirements_cr =
54
+ CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
55
+ choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
56
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
57
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
58
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
59
+ @properties.push(@security_requirements_ir =
60
+ CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
61
+ choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
62
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
63
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
64
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
65
+ @properties.push(@security_requirements_ar =
66
+ CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
67
+ choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
68
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
69
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
70
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
71
+ end
72
72
  end
73
73
  end
74
-
data/lib/cvss_suite/cvss2/cvss2_temporal.rb CHANGED
@@ -14,44 +14,46 @@ require_relative '../cvss_metric'
14
14
  ##
15
15
  # This class represents a CVSS Temporal metric in version 2.
16
16
 
17
- class Cvss2Temporal < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :exploitability, :remediation_level, :report_confidence
23
-
24
- ##
25
- # Returns score of this metric
26
-
27
- def score
28
- return 1 unless valid?
29
- @exploitability.score * @remediation_level.score * @report_confidence.score
30
- end
31
-
32
- private
33
-
34
- def init_properties
35
- @properties.push(@exploitability =
36
- CvssProperty.new(name: 'Exploitability', abbreviation: 'E', position: [6],
37
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
38
- { name: 'Unproven', abbreviation: 'U', weight: 0.85 },
39
- { name: 'Proof-of-Concept', abbreviation: 'POC', weight: 0.9 },
40
- { name: 'Functional', abbreviation: 'F', weight: 0.95 },
41
- { name: 'High', abbreviation: 'H', weight: 1 }]))
42
- @properties.push(@remediation_level =
43
- CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [7],
44
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
45
- { name: 'Official Fix', abbreviation: 'OF', weight: 0.87 },
46
- { name: 'Temporary Fix', abbreviation: 'TF', weight: 0.9 },
47
- { name: 'Workaround', abbreviation: 'W', weight: 0.95 },
48
- { name: 'Unavailable', abbreviation: 'U', weight: 1 }]))
49
-
50
- @properties.push(@report_confidence =
51
- CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [8],
52
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
53
- { name: 'Unconfirmed', abbreviation: 'UC', weight: 0.9 },
54
- { name: 'Uncorroborated', abbreviation: 'UR', weight: 0.95 },
55
- { name: 'Confirmed', abbreviation: 'C', weight: 1 }]))
17
+ module CvssSuite
18
+ class Cvss2Temporal < CvssMetric
19
+ ##
20
+ # Property of this metric
21
+
22
+ attr_reader :exploitability, :remediation_level, :report_confidence
23
+
24
+ ##
25
+ # Returns score of this metric
26
+
27
+ def score
28
+ return 1 unless valid?
29
+
30
+ @exploitability.score * @remediation_level.score * @report_confidence.score
31
+ end
32
+
33
+ private
34
+
35
+ def init_properties
36
+ @properties.push(@exploitability =
37
+ CvssProperty.new(name: 'Exploitability', abbreviation: 'E', position: [6],
38
+ choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
39
+ { name: 'Unproven', abbreviation: 'U', weight: 0.85 },
40
+ { name: 'Proof-of-Concept', abbreviation: 'POC', weight: 0.9 },
41
+ { name: 'Functional', abbreviation: 'F', weight: 0.95 },
42
+ { name: 'High', abbreviation: 'H', weight: 1 }]))
43
+ @properties.push(@remediation_level =
44
+ CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [7],
45
+ choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
46
+ { name: 'Official Fix', abbreviation: 'OF', weight: 0.87 },
47
+ { name: 'Temporary Fix', abbreviation: 'TF', weight: 0.9 },
48
+ { name: 'Workaround', abbreviation: 'W', weight: 0.95 },
49
+ { name: 'Unavailable', abbreviation: 'U', weight: 1 }]))
50
+
51
+ @properties.push(@report_confidence =
52
+ CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [8],
53
+ choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
54
+ { name: 'Unconfirmed', abbreviation: 'UC', weight: 0.9 },
55
+ { name: 'Uncorroborated', abbreviation: 'UR', weight: 0.95 },
56
+ { name: 'Confirmed', abbreviation: 'C', weight: 1 }]))
57
+ end
56
58
  end
57
59
  end
data/lib/cvss_suite/cvss3/cvss3.rb CHANGED
@@ -8,7 +8,7 @@
8
8
  # This work is licensed under the terms of the MIT license.
9
9
  # See the LICENSE.md file in the top-level directory.
10
10
 
11
- require_relative '../../../lib/cvss_suite/cvss'
11
+ require_relative '../cvss'
12
12
  require_relative 'cvss3_base'
13
13
  require_relative 'cvss3_temporal'
14
14
  require_relative 'cvss3_environmental'
@@ -16,37 +16,45 @@ require_relative 'cvss3_environmental'
16
16
  ##
17
17
  # This class represents a CVSS vector in version 3.0.
18
18
 
19
- class Cvss3 < Cvss
19
+ module CvssSuite
20
+ class Cvss3 < Cvss
21
+ ##
22
+ # Returns the Version of the CVSS vector.
20
23
 
21
- ##
22
- # Returns the Base Score of the CVSS vector.
24
+ def version
25
+ 3.0
26
+ end
23
27
 
24
- def base_score
25
- check_validity
26
- @base.score.round_up(1)
27
- end
28
+ ##
29
+ # Returns the Base Score of the CVSS vector.
28
30
 
29
- ##
30
- # Returns the Temporal Score of the CVSS vector.
31
+ def base_score
32
+ check_validity
33
+ Cvss3Helper.round_up(@base.score)
34
+ end
31
35
 
32
- def temporal_score
33
- (@base.score.round_up(1) * @temporal.score).round_up(1)
34
- end
36
+ ##
37
+ # Returns the Temporal Score of the CVSS vector.
35
38
 
36
- ##
37
- # Returns the Environmental Score of the CVSS vector.
39
+ def temporal_score
40
+ Cvss3Helper.round_up(Cvss3Helper.round_up(@base.score) * @temporal.score)
41
+ end
38
42
 
39
- def environmental_score
40
- return temporal_score unless @environmental.valid?
41
- (@environmental.score @temporal.score).round_up(1)
42
- end
43
+ ##
44
+ # Returns the Environmental Score of the CVSS vector.
43
45
 
44
- private
46
+ def environmental_score
47
+ return temporal_score unless @environmental.valid?
45
48
 
46
- def init_metrics
47
- @base = Cvss3Base.new(@properties)
48
- @temporal = Cvss3Temporal.new(@properties)
49
- @environmental = Cvss3Environmental.new(@properties)
50
- end
49
+ Cvss3Helper.round_up(@environmental.score(@temporal.score))
50
+ end
51
+
52
+ private
51
53
 
52
- end
54
+ def init_metrics
55
+ @base = Cvss3Base.new(@properties)
56
+ @temporal = Cvss3Temporal.new(@properties)
57
+ @environmental = Cvss3Environmental.new(@properties)
58
+ end
59
+ end
60
+ end