cvss-suite 1.2.0 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/rspec.yml +23 -0
  3. data/.github/workflows/rubocop.yml +21 -0
  4. data/.rubocop.yml +47 -1
  5. data/.rubocop_todo.yml +59 -0
  6. data/CHANGES.md +40 -1
  7. data/README.md +16 -11
  8. data/_config.yml +1 -0
  9. data/bin/console +3 -3
  10. data/cvss_suite.gemspec +14 -14
  11. data/lib/cvss_suite.rb +10 -14
  12. data/lib/cvss_suite/cvss.rb +93 -95
  13. data/lib/cvss_suite/cvss2/cvss2.rb +50 -28
  14. data/lib/cvss_suite/cvss2/cvss2_base.rb +69 -75
  15. data/lib/cvss_suite/cvss2/cvss2_environmental.rb +52 -54
  16. data/lib/cvss_suite/cvss2/cvss2_temporal.rb +40 -41
  17. data/lib/cvss_suite/cvss3/cvss3.rb +39 -36
  18. data/lib/cvss_suite/cvss3/cvss3_base.rb +72 -75
  19. data/lib/cvss_suite/cvss3/cvss3_environmental.rb +159 -109
  20. data/lib/cvss_suite/cvss3/cvss3_temporal.rb +41 -42
  21. data/lib/cvss_suite/cvss31/cvss31.rb +36 -28
  22. data/lib/cvss_suite/cvss31/cvss31_base.rb +66 -68
  23. data/lib/cvss_suite/cvss31/cvss31_environmental.rb +159 -109
  24. data/lib/cvss_suite/cvss31/cvss31_temporal.rb +41 -42
  25. data/lib/cvss_suite/cvss_metric.rb +31 -35
  26. data/lib/cvss_suite/cvss_property.rb +57 -56
  27. data/lib/cvss_suite/errors.rb +2 -0
  28. data/lib/cvss_suite/helpers/cvss31_helper.rb +27 -0
  29. data/lib/cvss_suite/helpers/cvss3_helper.rb +21 -15
  30. data/lib/cvss_suite/invalid_cvss.rb +39 -45
  31. data/lib/cvss_suite/version.rb +2 -2
  32. metadata +12 -23
  33. data/.travis.yml +0 -4
  34. data/lib/cvss_suite/helpers/extensions.rb +0 -56
data/lib/cvss_suite/cvss2/cvss2.rb CHANGED
@@ -8,45 +8,67 @@
8
8
  # This work is licensed under the terms of the MIT license.
9
9
  # See the LICENSE.md file in the top-level directory.
10
10
 
11
- require_relative '../../../lib/cvss_suite/cvss'
11
+ require_relative '../cvss'
12
12
  require_relative 'cvss2_base'
13
13
  require_relative 'cvss2_temporal'
14
14
  require_relative 'cvss2_environmental'
15
15
 
16
- ##
17
- # This class represents a CVSS vector in version 2.
16
+ module CvssSuite
17
+ ##
18
+ # This class represents a CVSS vector in version 2.
19
+ class Cvss2 < Cvss
20
+ ##
21
+ # Returns the Version of the CVSS vector.
22
+ def version
23
+ 2
24
+ end
18
25
 
19
- class Cvss2 < Cvss
26
+ # Returns the severity of the CVSSv2 vector.
27
+ # https://nvd.nist.gov/vuln-metrics/cvss
28
+ def severity
29
+ check_validity
20
30
 
21
- ##
22
- # Returns the Base Score of the CVSS vector.
31
+ score = overall_score
23
32
 
24
- def base_score
25
- check_validity
26
- @base.score.round(1)
27
- end
33
+ case score
34
+ when 0.0..3.9
35
+ 'Low'
36
+ when 4.0..6.9
37
+ 'Medium'
38
+ when 7.0..10.0
39
+ 'High'
40
+ else
41
+ 'None'
42
+ end
43
+ end
28
44
 
29
- ##
30
- # Returns the Temporal Score of the CVSS vector.
45
+ ##
46
+ # Returns the Base Score of the CVSS vector.
47
+ def base_score
48
+ check_validity
49
+ @base.score.round(1)
50
+ end
31
51
 
32
- def temporal_score
33
- (base_score * @temporal.score).round(1)
34
- end
52
+ ##
53
+ # Returns the Temporal Score of the CVSS vector.
54
+ def temporal_score
55
+ (base_score * @temporal.score).round(1)
56
+ end
35
57
 
36
- ##
37
- # Returns the Environmental Score of the CVSS vector.
58
+ ##
59
+ # Returns the Environmental Score of the CVSS vector.
60
+ def environmental_score
61
+ return temporal_score unless @environmental.valid?
38
62
 
39
- def environmental_score
40
- return temporal_score unless @environmental.valid?
41
- (@environmental.score @base, @temporal.score).round(1)
42
- end
63
+ (@environmental.score @base, @temporal.score).round(1)
64
+ end
43
65
 
44
- private
66
+ private
45
67
 
46
- def init_metrics
47
- @base = Cvss2Base.new(@properties)
48
- @temporal = Cvss2Temporal.new(@properties)
49
- @environmental = Cvss2Environmental.new(@properties)
68
+ def init_metrics
69
+ @base = Cvss2Base.new(@properties)
70
+ @temporal = Cvss2Temporal.new(@properties)
71
+ @environmental = Cvss2Environmental.new(@properties)
72
+ end
50
73
  end
51
-
52
- end
74
+ end
data/lib/cvss_suite/cvss2/cvss2_base.rb CHANGED
@@ -11,81 +11,75 @@
11
11
  require_relative '../cvss_property'
12
12
  require_relative '../cvss_metric'
13
13
 
14
- ##
15
- # This class represents a CVSS Base metric in version 2.
16
-
17
- class Cvss2Base < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :access_vector, :access_complexity, :authentication,
23
- :confidentiality_impact, :integrity_impact, :availability_impact
24
-
14
+ module CvssSuite
25
15
  ##
26
- # Returns the base score of the CVSS vector. The calculation is based on formula version 2.10 .
27
- # See CVSS documentation for further information https://www.first.org/cvss/v2/guide#i3.2.1 .
28
- #
29
- # Takes +Security+ +Requirement+ +Impacts+ for calculating environmental score.
30
-
31
- def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
32
-
33
- impact = calc_impact sr_cr_score, sr_ir_score, sr_ar_score
34
-
35
- exploitability = calc_exploitability
36
-
37
- additional_impact = (impact == 0 ? 0 : 1.176)
38
-
39
- ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
40
-
16
+ # This class represents a CVSS Base metric in version 2.
17
+ class Cvss2Base < CvssMetric
18
+ ##
19
+ # Property of this metric
20
+ attr_reader :access_vector, :access_complexity, :authentication,
21
+ :confidentiality_impact, :integrity_impact, :availability_impact
22
+
23
+ ##
24
+ # Returns the base score of the CVSS vector. The calculation is based on formula version 2.10 .
25
+ # See CVSS documentation for further information https://www.first.org/cvss/v2/guide#i3.2.1 .
26
+ #
27
+ # Takes +Security+ +Requirement+ +Impacts+ for calculating environmental score.
28
+ def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
29
+ impact = calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
30
+
31
+ exploitability = calc_exploitability
32
+
33
+ additional_impact = (impact.zero? ? 0 : 1.176)
34
+
35
+ ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
36
+ end
37
+
38
+ private
39
+
40
+ def init_properties
41
+ @properties.push(@access_vector =
42
+ CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
43
+ values: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
44
+ { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
45
+ { name: 'Local', abbreviation: 'L', weight: 0.395 }]))
46
+ @properties.push(@access_complexity =
47
+ CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
48
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
49
+ { name: 'Medium', abbreviation: 'M', weight: 0.61 },
50
+ { name: 'High', abbreviation: 'H', weight: 0.35 }]))
51
+ @properties.push(@authentication =
52
+ CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
53
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
54
+ { name: 'Single', abbreviation: 'S', weight: 0.56 },
55
+ { name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
56
+ @properties.push(@confidentiality_impact =
57
+ CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
58
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
59
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
60
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
61
+ @properties.push(@integrity_impact =
62
+ CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
63
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
64
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
65
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
66
+ @properties.push(@availability_impact =
67
+ CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
68
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
69
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
70
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
71
+ end
72
+
73
+ def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
74
+ confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score
75
+ integrity_score = 1 - @integrity_impact.score * sr_ir_score
76
+ availability_score = 1 - @availability_impact.score * sr_ar_score
77
+
78
+ [10, 10.41 * (1 - confidentiality_score * integrity_score * availability_score)].min
79
+ end
80
+
81
+ def calc_exploitability
82
+ 20 * @access_vector.score * @access_complexity.score * @authentication.score
83
+ end
41
84
  end
42
-
43
- private
44
-
45
- def init_properties
46
- @properties.push(@access_vector =
47
- CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
48
- choices: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
49
- { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
50
- { name: 'Local', abbreviation: 'L', weight: 0.395 }]))
51
- @properties.push(@access_complexity =
52
- CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
53
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
54
- { name: 'Medium', abbreviation: 'M', weight: 0.61 },
55
- { name: 'High', abbreviation: 'H', weight: 0.35 }]))
56
- @properties.push(@authentication =
57
- CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
58
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
59
- { name: 'Single', abbreviation: 'S', weight: 0.56 },
60
- { name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
61
- @properties.push(@confidentiality_impact =
62
- CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
63
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
64
- { name: 'Partial', abbreviation: 'P', weight: 0.275 },
65
- { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
66
- @properties.push(@integrity_impact =
67
- CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
68
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
69
- { name: 'Partial', abbreviation: 'P', weight: 0.275 },
70
- { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
71
- @properties.push(@availability_impact =
72
- CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
73
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0},
74
- { name: 'Partial', abbreviation: 'P', weight: 0.275},
75
- { name: 'Complete', abbreviation: 'C', weight: 0.66}]))
76
- end
77
-
78
- def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
79
- confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score
80
- integrity_score = 1 - @integrity_impact.score * sr_ir_score
81
- availability_score = 1 - @availability_impact.score * sr_ar_score
82
-
83
- [10, 10.41 * (1-confidentiality_score*integrity_score*availability_score)].min
84
- end
85
-
86
- def calc_exploitability
87
- 20 * @access_vector.score * @access_complexity.score * @authentication.score
88
- end
89
-
90
85
  end
91
-
data/lib/cvss_suite/cvss2/cvss2_environmental.rb CHANGED
@@ -11,64 +11,62 @@
11
11
  require_relative '../cvss_property'
12
12
  require_relative '../cvss_metric'
13
13
 
14
- ##
15
- # This class represents a CVSS Environmental metric in version 2.
16
-
17
- class Cvss2Environmental < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :collateral_damage_potential, :target_distribution, :security_requirements_cr,
23
- :security_requirements_ir, :security_requirements_ar
24
-
14
+ module CvssSuite
25
15
  ##
26
- # Returns score of this metric
27
-
28
- def score(base, temporal_score)
29
- base_score = (base.score @security_requirements_cr.score, @security_requirements_ir.score, @security_requirements_ar.score).round(1)
16
+ # This class represents a CVSS Environmental metric in version 2.
17
+ class Cvss2Environmental < CvssMetric
18
+ ##
19
+ # Property of this metric
20
+ attr_reader :collateral_damage_potential, :target_distribution, :security_requirements_cr,
21
+ :security_requirements_ir, :security_requirements_ar
30
22
 
31
- adjusted_temporal = (base_score * temporal_score).round(1)
32
- (adjusted_temporal + (10 - adjusted_temporal) * @collateral_damage_potential.score) * @target_distribution.score
23
+ ##
24
+ # Returns score of this metric
25
+ def score(base, temporal_score)
26
+ base_score = base.score(@security_requirements_cr.score,
27
+ @security_requirements_ir.score,
28
+ @security_requirements_ar.score).round(1)
33
29
 
34
- end
30
+ adjusted_temporal = (base_score * temporal_score).round(1)
31
+ (adjusted_temporal + (10 - adjusted_temporal) * @collateral_damage_potential.score) * @target_distribution.score
32
+ end
35
33
 
36
- private
34
+ private
37
35
 
38
- def init_properties
39
- @properties.push(@collateral_damage_potential =
40
- CvssProperty.new(name: 'Collateral Damage Potential', abbreviation: 'CDP', position: [6, 9],
41
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
42
- { name: 'Low', abbreviation: 'L', weight: 0.1 },
43
- { name: 'Low-Medium', abbreviation: 'LM', weight: 0.3 },
44
- { name: 'Medium-High', abbreviation: 'MH', weight: 0.4 },
45
- { name: 'High', abbreviation: 'H', weight: 0.5 },
46
- { name: 'Not Defined', abbreviation: 'ND', weight: 0.0 }]))
47
- @properties.push(@target_distribution =
48
- CvssProperty.new(name: 'Target Distribution', abbreviation: 'TD', position: [7, 10],
49
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
50
- { name: 'Low', abbreviation: 'L', weight: 0.25 },
51
- { name: 'Medium', abbreviation: 'M', weight: 0.75 },
52
- { name: 'High', abbreviation: 'H', weight: 1.0 },
53
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
54
- @properties.push(@security_requirements_cr =
55
- CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
56
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
57
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
58
- { name: 'High', abbreviation: 'H', weight: 1.51 },
59
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
60
- @properties.push(@security_requirements_ir =
61
- CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
62
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
63
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
64
- { name: 'High', abbreviation: 'H', weight: 1.51 },
65
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
66
- @properties.push(@security_requirements_ar =
67
- CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
68
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
69
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
70
- { name: 'High', abbreviation: 'H', weight: 1.51 },
71
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
36
+ def init_properties
37
+ @properties.push(@collateral_damage_potential =
38
+ CvssProperty.new(name: 'Collateral Damage Potential', abbreviation: 'CDP', position: [6, 9],
39
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
40
+ { name: 'Low', abbreviation: 'L', weight: 0.1 },
41
+ { name: 'Low-Medium', abbreviation: 'LM', weight: 0.3 },
42
+ { name: 'Medium-High', abbreviation: 'MH', weight: 0.4 },
43
+ { name: 'High', abbreviation: 'H', weight: 0.5 },
44
+ { name: 'Not Defined', abbreviation: 'ND', weight: 0.0 }]))
45
+ @properties.push(@target_distribution =
46
+ CvssProperty.new(name: 'Target Distribution', abbreviation: 'TD', position: [7, 10],
47
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
48
+ { name: 'Low', abbreviation: 'L', weight: 0.25 },
49
+ { name: 'Medium', abbreviation: 'M', weight: 0.75 },
50
+ { name: 'High', abbreviation: 'H', weight: 1.0 },
51
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
52
+ @properties.push(@security_requirements_cr =
53
+ CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
54
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
55
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
56
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
57
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
58
+ @properties.push(@security_requirements_ir =
59
+ CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
60
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
61
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
62
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
63
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
64
+ @properties.push(@security_requirements_ar =
65
+ CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
66
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
67
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
68
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
69
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
70
+ end
72
71
  end
73
72
  end
74
-
data/lib/cvss_suite/cvss2/cvss2_temporal.rb CHANGED
@@ -11,47 +11,46 @@
11
11
  require_relative '../cvss_property'
12
12
  require_relative '../cvss_metric'
13
13
 
14
- ##
15
- # This class represents a CVSS Temporal metric in version 2.
16
-
17
- class Cvss2Temporal < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :exploitability, :remediation_level, :report_confidence
23
-
14
+ module CvssSuite
24
15
  ##
25
- # Returns score of this metric
26
-
27
- def score
28
- return 1 unless valid?
29
- @exploitability.score * @remediation_level.score * @report_confidence.score
30
- end
31
-
32
- private
33
-
34
- def init_properties
35
- @properties.push(@exploitability =
36
- CvssProperty.new(name: 'Exploitability', abbreviation: 'E', position: [6],
37
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
38
- { name: 'Unproven', abbreviation: 'U', weight: 0.85 },
39
- { name: 'Proof-of-Concept', abbreviation: 'POC', weight: 0.9 },
40
- { name: 'Functional', abbreviation: 'F', weight: 0.95 },
41
- { name: 'High', abbreviation: 'H', weight: 1 }]))
42
- @properties.push(@remediation_level =
43
- CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [7],
44
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
45
- { name: 'Official Fix', abbreviation: 'OF', weight: 0.87 },
46
- { name: 'Temporary Fix', abbreviation: 'TF', weight: 0.9 },
47
- { name: 'Workaround', abbreviation: 'W', weight: 0.95 },
48
- { name: 'Unavailable', abbreviation: 'U', weight: 1 }]))
49
-
50
- @properties.push(@report_confidence =
51
- CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [8],
52
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
53
- { name: 'Unconfirmed', abbreviation: 'UC', weight: 0.9 },
54
- { name: 'Uncorroborated', abbreviation: 'UR', weight: 0.95 },
55
- { name: 'Confirmed', abbreviation: 'C', weight: 1 }]))
16
+ # This class represents a CVSS Temporal metric in version 2.
17
+ class Cvss2Temporal < CvssMetric
18
+ ##
19
+ # Property of this metric
20
+ attr_reader :exploitability, :remediation_level, :report_confidence
21
+
22
+ ##
23
+ # Returns score of this metric
24
+ def score
25
+ return 1 unless valid?
26
+
27
+ @exploitability.score * @remediation_level.score * @report_confidence.score
28
+ end
29
+
30
+ private
31
+
32
+ def init_properties
33
+ @properties.push(@exploitability =
34
+ CvssProperty.new(name: 'Exploitability', abbreviation: 'E', position: [6],
35
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
36
+ { name: 'Unproven', abbreviation: 'U', weight: 0.85 },
37
+ { name: 'Proof-of-Concept', abbreviation: 'POC', weight: 0.9 },
38
+ { name: 'Functional', abbreviation: 'F', weight: 0.95 },
39
+ { name: 'High', abbreviation: 'H', weight: 1 }]))
40
+ @properties.push(@remediation_level =
41
+ CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [7],
42
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
43
+ { name: 'Official Fix', abbreviation: 'OF', weight: 0.87 },
44
+ { name: 'Temporary Fix', abbreviation: 'TF', weight: 0.9 },
45
+ { name: 'Workaround', abbreviation: 'W', weight: 0.95 },
46
+ { name: 'Unavailable', abbreviation: 'U', weight: 1 }]))
47
+
48
+ @properties.push(@report_confidence =
49
+ CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [8],
50
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
51
+ { name: 'Unconfirmed', abbreviation: 'UC', weight: 0.9 },
52
+ { name: 'Uncorroborated', abbreviation: 'UR', weight: 0.95 },
53
+ { name: 'Confirmed', abbreviation: 'C', weight: 1 }]))
54
+ end
56
55
  end
57
56
  end