cvss-suite 1.2.0 → 1.2.1

data/lib/cvss_suite/cvss31/cvss31_temporal.rb

@@ -14,44 +14,46 @@ require_relative '../cvss_metric'
 ##
 # This class represents a CVSS Temporal metric in version 3.1.
 
-class Cvss31Temporal < CvssMetric
-
-  ##
-  # Property of this metric
-
-  attr_reader :exploit_code_maturity, :remediation_level, :report_confidence
-
-  ##
-  # Returns score of this metric
-
-  def score
-    return 1.0 unless valid?
-    @exploit_code_maturity.score * @remediation_level.score * @report_confidence.score
-  end
-
-  private
-
-  def init_properties
-    @properties.push(@exploit_code_maturity =
-                      CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E', position: [8],
-                                       choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
-                                                 { name: 'Unproven', abbreviation: 'U', weight: 0.91 },
-                                                 { name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 },
-                                                 { name: 'Functional', abbreviation: 'F', weight: 0.97 },
-                                                 { name: 'High', abbreviation: 'H', weight: 1.0 }]))
-    @properties.push(@remediation_level =
-                      CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [9],
-                                       choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
-                                                 { name: 'Official Fix', abbreviation: 'O', weight: 0.95 },
-                                                 { name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 },
-                                                 { name: 'Workaround', abbreviation: 'W', weight: 0.97 },
-                                                 { name: 'Unavailable', abbreviation: 'U', weight: 1.0 }]))
-
-    @properties.push(@report_confidence =
-                      CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [10],
-                                       choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
-                                                 { name: 'Unknown', abbreviation: 'U', weight: 0.92 },
-                                                 { name: 'Reasonable', abbreviation: 'R', weight: 0.96 },
-                                                 { name: 'Confirmed', abbreviation: 'C', weight: 1.0 }]))
+module CvssSuite
+  class Cvss31Temporal < CvssMetric
+    ##
+    # Property of this metric
+
+    attr_reader :exploit_code_maturity, :remediation_level, :report_confidence
+
+    ##
+    # Returns score of this metric
+
+    def score
+      return 1.0 unless valid?
+
+      @exploit_code_maturity.score * @remediation_level.score * @report_confidence.score
+    end
+
+    private
+
+    def init_properties
+      @properties.push(@exploit_code_maturity =
+                         CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E', position: [8],
+                                          choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                    { name: 'Unproven', abbreviation: 'U', weight: 0.91 },
+                                                    { name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 },
+                                                    { name: 'Functional', abbreviation: 'F', weight: 0.97 },
+                                                    { name: 'High', abbreviation: 'H', weight: 1.0 }]))
+      @properties.push(@remediation_level =
+                         CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [9],
+                                          choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                    { name: 'Official Fix', abbreviation: 'O', weight: 0.95 },
+                                                    { name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 },
+                                                    { name: 'Workaround', abbreviation: 'W', weight: 0.97 },
+                                                    { name: 'Unavailable', abbreviation: 'U', weight: 1.0 }]))
+
+      @properties.push(@report_confidence =
+                         CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [10],
+                                          choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                    { name: 'Unknown', abbreviation: 'U', weight: 0.92 },
+                                                    { name: 'Reasonable', abbreviation: 'R', weight: 0.96 },
+                                                    { name: 'Confirmed', abbreviation: 'C', weight: 1.0 }]))
+    end
   end
-end
+end

data/lib/cvss_suite/cvss_metric.rb

@@ -11,43 +11,43 @@
 ##
 # This class represents any CVSS metric.
 
-class CvssMetric
-
-  ##
-  # Creates a new CVSS metric by +properties+
-
-  def initialize(selected_properties)
-    @properties = []
-    init_properties
-    extract_selected_choices_from selected_properties
-  end
+module CvssSuite
+  class CvssMetric
+    ##
+    # Creates a new CVSS metric by +properties+
+
+    def initialize(selected_properties)
+      @properties = []
+      init_properties
+      extract_selected_choices_from selected_properties
+    end
 
-  ##
-  # Returns if the metric is valid.
+    ##
+    # Returns if the metric is valid.
 
-  def valid?
-    @properties.each do |property|
-      return false unless property.valid?
+    def valid?
+      @properties.each do |property|
+        return false unless property.valid?
+      end
+      true
     end
-    true
-  end
 
-  ##
-  # Returns number of properties for this metric.
+    ##
+    # Returns number of properties for this metric.
 
-  def count
-    @properties.count
-  end
+    def count
+      @properties.count
+    end
 
-  private
+    private
 
-  def extract_selected_choices_from(selected_properties)
-    selected_properties.each do |selected_property|
-      property = @properties.detect {
-          |p| p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
-      }
-      property.set_selected_choice selected_property[:selected] unless property.nil?
+    def extract_selected_choices_from(selected_properties)
+      selected_properties.each do |selected_property|
+        property = @properties.detect do |p|
+          p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
+        end
+        property.set_selected_choice selected_property[:selected] unless property.nil?
+      end
     end
   end
-
-end
+end

data/lib/cvss_suite/cvss_property.rb

@@ -11,75 +11,77 @@
 ##
 # This class represents a CVSS property of a CVSS metric.
 
-class CvssProperty
-
-  ##
-  # Creates a new CVSS property by a +property+.
-  #
-  # +Property+ needs to consist of a name, a abbreviation, the possible positions in the CVSS vector, a weight, and the
-  # available choices for the property.
-
-  def initialize(property)
-    @property = property
-    @property[:default_choice] ||= 'Not Available'
-  end
+module CvssSuite
+  class CvssProperty
+    ##
+    # Creates a new CVSS property by a +property+.
+    #
+    # +Property+ needs to consist of a name, a abbreviation,
+    # the possible positions in the CVSS vector, a weight, and the
+    # available choices for the property.
+
+    def initialize(property)
+      @property = property
+      @property[:default_choice] ||= 'Not Available'
+    end
 
-  ##
-  # Returns the full name of the property.
+    ##
+    # Returns the full name of the property.
 
-  def name
-    @property[:name]
-  end
+    def name
+      @property[:name]
+    end
 
-  ##
-  # Returns the abbreviation of the property.
+    ##
+    # Returns the abbreviation of the property.
 
-  def abbreviation
-    @property[:abbreviation]
-  end
+    def abbreviation
+      @property[:abbreviation]
+    end
 
-  ##
-  # Returns all available choices of the property.
+    ##
+    # Returns all available choices of the property.
 
-  def choices
-    @property[:choices]
-  end
+    def choices
+      @property[:choices]
+    end
 
-  ##
-  # Returns the possible positions in the CVSS vector of the property.
+    ##
+    # Returns the possible positions in the CVSS vector of the property.
 
-  def position
-    @property[:position]
-  end
+    def position
+      @property[:position]
+    end
 
-  ##
-  # Returns the selected choice of the property.
+    ##
+    # Returns the selected choice of the property.
 
-  def selected_choice
-    @selected_choice || @property[:default_choice]
-  end
+    def selected_choice
+      @selected_choice || @property[:default_choice]
+    end
 
-  ##
-  # Returns true if the property is valid.
+    ##
+    # Returns true if the property is valid.
 
-  def valid?
-    !@selected_choice.nil?
-  end
+    def valid?
+      !@selected_choice.nil?
+    end
 
-  ##
-  # Returns the score of the selected choice.
+    ##
+    # Returns the score of the selected choice.
 
-  def score
-    @selected_choice[:weight]
-  end
+    def score
+      @selected_choice[:weight]
+    end
 
-  ##
-  # Sets the selected choice by a +choice+.
+    ##
+    # Sets the selected choice by a +choice+.
 
-  def set_selected_choice(selected_choice)
-    choices.each do |choice|
-      choice[:selected] = selected_choice.eql?(choice[:abbreviation])
+    def set_selected_choice(selected_choice)
+      choices.each do |choice|
+        choice[:selected] = selected_choice.eql?(choice[:abbreviation])
+      end
+      @selected_choice = choices.detect { |choice| choice[:selected] }
     end
-    @selected_choice = choices.detect { |choice| choice[:selected] }
   end
-end
+end

data/lib/cvss_suite/helpers/cvss31_helper.rb

@@ -0,0 +1,27 @@
+# CVSS-Suite, a Ruby gem to manage the CVSS vector
+#
+# Copyright (c) Siemens AG, 2016
+#
+# Authors:
+#   Oliver Hambörger <oliver.hamboerger@siemens.com>
+#
+# This work is licensed under the terms of the MIT license.
+# See the LICENSE.md file in the top-level directory.
+
+module CvssSuite
+  ##
+  # This module includes methods which are used by the CVSS 3 classes.
+  module Cvss31Helper
+    ##
+    # Since CVSS 3 all float values are rounded up, therefore this method is used
+    # instead of the mathematically correct method round().
+    def self.round_up(float)
+      output = (float * 100_000).round
+      if (output % 10_000).zero?
+        output / 100_000.0
+      else
+        ((output / 10_000).floor + 1) / 10.0
+      end
+    end
+  end
+end

data/lib/cvss_suite/helpers/cvss3_helper.rb

@@ -11,19 +11,26 @@
 ##
 # This module includes methods which are used by the CVSS 3 classes.
 
-module Cvss3Helper
-
-  ##
-  # Since CVSS 3 the Privilege Required score depends on the selected choice of the Scope metric.
-  # This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score.
+module CvssSuite
+  module Cvss3Helper
+    ##
+    # Since CVSS 3 all float values are rounded up, therefore this method is used
+    # instead of the mathematically correct method round().
+    def self.round_up(float)
+      float.ceil(1).to_f
+    end
 
-  def self.privileges_required_score(privileges_required, scope)
-    changed =  scope.selected_choice[:name] == 'Changed'
-    privilege_score = privileges_required.score
-    if changed
-      privilege_score = 0.68 if privileges_required.selected_choice[:name] == 'Low'
-      privilege_score = 0.50 if privileges_required.selected_choice[:name] == 'High'
+    ##
+    # Since CVSS 3 the Privilege Required score depends on the selected choice of the Scope metric.
+    # This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score.
+    def self.privileges_required_score(privileges_required, scope)
+      changed = scope.selected_choice[:name] == 'Changed'
+      privilege_score = privileges_required.score
+      if changed
+        privilege_score = 0.68 if privileges_required.selected_choice[:name] == 'Low'
+        privilege_score = 0.50 if privileges_required.selected_choice[:name] == 'High'
+      end
+      privilege_score
     end
-    privilege_score
   end
-end
+end

data/lib/cvss_suite/invalid_cvss.rb

@@ -11,47 +11,46 @@
 # ##
 # # This class represents a invalid CVSS vector.
 
-class InvalidCvss < Cvss
+module CvssSuite
+  class InvalidCvss < Cvss
+    ##
+    # Creates a new invalid CVSS vector.
 
-  ##
-  # Creates a new invalid CVSS vector.
+    def initialize; end
 
-  def initialize
-  end
+    ##
+    # Since this is an invalid CVSS vector, it always returns false.
 
-  ##
-  # Since this is an invalid CVSS vector, it always returns false.
+    def valid?
+      false
+    end
 
-  def valid?
-    false
-  end
+    ##
+    # Since this is an invalid CVSS vector, it always throws an exception.
 
-  ##
-  # Since this is an invalid CVSS vector, it always throws an exception.
+    def version
+      check_validity
+    end
 
-  def version
-    check_validity
-  end
+    ##
+    # Since this is an invalid CVSS vector, it always throws an exception.
 
-  ##
-  # Since this is an invalid CVSS vector, it always throws an exception.
+    def base_score
+      check_validity
+    end
 
-  def base_score
-    check_validity
-  end
+    ##
+    # Since this is an invalid CVSS vector, it always throws an exception.
 
-  ##
-  # Since this is an invalid CVSS vector, it always throws an exception.
+    def temporal_score
+      check_validity
+    end
 
-  def temporal_score
-    check_validity
-  end
-
-  ##
-  # Since this is an invalid CVSS vector, it always throws an exception.
+    ##
+    # Since this is an invalid CVSS vector, it always throws an exception.
 
-  def environmental_score
-    check_validity
+    def environmental_score
+      check_validity
+    end
   end
-
-end
+end

data/lib/cvss_suite/version.rb

@@ -9,5 +9,5 @@
 # See the LICENSE.md file in the top-level directory.
 
 module CvssSuite
-  VERSION = "1.2.0"
+  VERSION = '1.2.1'
 end