cvss-suite 1.2.0 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -11,47 +11,46 @@
11
11
  require_relative '../cvss_property'
12
12
  require_relative '../cvss_metric'
13
13
 
14
- ##
15
- # This class represents a CVSS Temporal metric in version 3.1.
16
-
17
- class Cvss31Temporal < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :exploit_code_maturity, :remediation_level, :report_confidence
23
-
14
+ module CvssSuite
24
15
  ##
25
- # Returns score of this metric
26
-
27
- def score
28
- return 1.0 unless valid?
29
- @exploit_code_maturity.score * @remediation_level.score * @report_confidence.score
30
- end
31
-
32
- private
33
-
34
- def init_properties
35
- @properties.push(@exploit_code_maturity =
36
- CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E', position: [8],
37
- choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
38
- { name: 'Unproven', abbreviation: 'U', weight: 0.91 },
39
- { name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 },
40
- { name: 'Functional', abbreviation: 'F', weight: 0.97 },
41
- { name: 'High', abbreviation: 'H', weight: 1.0 }]))
42
- @properties.push(@remediation_level =
43
- CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [9],
44
- choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
45
- { name: 'Official Fix', abbreviation: 'O', weight: 0.95 },
46
- { name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 },
47
- { name: 'Workaround', abbreviation: 'W', weight: 0.97 },
48
- { name: 'Unavailable', abbreviation: 'U', weight: 1.0 }]))
49
-
50
- @properties.push(@report_confidence =
51
- CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [10],
52
- choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
53
- { name: 'Unknown', abbreviation: 'U', weight: 0.92 },
54
- { name: 'Reasonable', abbreviation: 'R', weight: 0.96 },
55
- { name: 'Confirmed', abbreviation: 'C', weight: 1.0 }]))
16
+ # This class represents a CVSS Temporal metric in version 3.1.
17
+ class Cvss31Temporal < CvssMetric
18
+ ##
19
+ # Property of this metric
20
+ attr_reader :exploit_code_maturity, :remediation_level, :report_confidence
21
+
22
+ ##
23
+ # Returns score of this metric
24
+ def score
25
+ return 1.0 unless valid?
26
+
27
+ @exploit_code_maturity.score * @remediation_level.score * @report_confidence.score
28
+ end
29
+
30
+ private
31
+
32
+ def init_properties
33
+ @properties.push(@exploit_code_maturity =
34
+ CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E', position: [8],
35
+ values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
36
+ { name: 'Unproven', abbreviation: 'U', weight: 0.91 },
37
+ { name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 },
38
+ { name: 'Functional', abbreviation: 'F', weight: 0.97 },
39
+ { name: 'High', abbreviation: 'H', weight: 1.0 }]))
40
+ @properties.push(@remediation_level =
41
+ CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [9],
42
+ values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
43
+ { name: 'Official Fix', abbreviation: 'O', weight: 0.95 },
44
+ { name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 },
45
+ { name: 'Workaround', abbreviation: 'W', weight: 0.97 },
46
+ { name: 'Unavailable', abbreviation: 'U', weight: 1.0 }]))
47
+
48
+ @properties.push(@report_confidence =
49
+ CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [10],
50
+ values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
51
+ { name: 'Unknown', abbreviation: 'U', weight: 0.92 },
52
+ { name: 'Reasonable', abbreviation: 'R', weight: 0.96 },
53
+ { name: 'Confirmed', abbreviation: 'C', weight: 1.0 }]))
54
+ end
56
55
  end
57
- end
56
+ end
@@ -8,46 +8,42 @@
8
8
  # This work is licensed under the terms of the MIT license.
9
9
  # See the LICENSE.md file in the top-level directory.
10
10
 
11
- ##
12
- # This class represents any CVSS metric.
13
-
14
- class CvssMetric
15
-
11
+ module CvssSuite
16
12
  ##
17
- # Creates a new CVSS metric by +properties+
18
-
19
- def initialize(selected_properties)
20
- @properties = []
21
- init_properties
22
- extract_selected_choices_from selected_properties
23
- end
24
-
25
- ##
26
- # Returns if the metric is valid.
27
-
28
- def valid?
29
- @properties.each do |property|
30
- return false unless property.valid?
13
+ # This class represents any CVSS metric.
14
+ class CvssMetric
15
+ ##
16
+ # Creates a new CVSS metric by +properties+
17
+ def initialize(selected_properties)
18
+ @properties = []
19
+ init_properties
20
+ extract_selected_values_from selected_properties
31
21
  end
32
- true
33
- end
34
22
 
35
- ##
36
- # Returns number of properties for this metric.
23
+ ##
24
+ # Returns if the metric is valid.
25
+ def valid?
26
+ @properties.each do |property|
27
+ return false unless property.valid?
28
+ end
29
+ true
30
+ end
37
31
 
38
- def count
39
- @properties.count
40
- end
32
+ ##
33
+ # Returns number of properties for this metric.
34
+ def count
35
+ @properties.count
36
+ end
41
37
 
42
- private
38
+ private
43
39
 
44
- def extract_selected_choices_from(selected_properties)
45
- selected_properties.each do |selected_property|
46
- property = @properties.detect {
47
- |p| p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
48
- }
49
- property.set_selected_choice selected_property[:selected] unless property.nil?
40
+ def extract_selected_values_from(selected_properties)
41
+ selected_properties.each do |selected_property|
42
+ property = @properties.detect do |p|
43
+ p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
44
+ end
45
+ property&.set_selected_value selected_property[:selected]
46
+ end
50
47
  end
51
48
  end
52
-
53
- end
49
+ end
@@ -8,78 +8,79 @@
8
8
  # This work is licensed under the terms of the MIT license.
9
9
  # See the LICENSE.md file in the top-level directory.
10
10
 
11
- ##
12
- # This class represents a CVSS property of a CVSS metric.
13
-
14
- class CvssProperty
15
-
11
+ module CvssSuite
16
12
  ##
17
- # Creates a new CVSS property by a +property+.
18
- #
19
- # +Property+ needs to consist of a name, a abbreviation, the possible positions in the CVSS vector, a weight, and the
20
- # available choices for the property.
21
-
22
- def initialize(property)
23
- @property = property
24
- @property[:default_choice] ||= 'Not Available'
25
- end
13
+ # This class represents a CVSS property of a CVSS metric.
14
+ class CvssProperty
15
+ ##
16
+ # Creates a new CVSS property by a +property+.
17
+ #
18
+ # +Property+ needs to consist of a name, a abbreviation,
19
+ # the possible positions in the CVSS vector, a weight, and the
20
+ # available values for the property.
21
+
22
+ def initialize(property)
23
+ @property = property
24
+ @property[:default_value] ||= 'Not Available'
25
+ end
26
26
 
27
- ##
28
- # Returns the full name of the property.
27
+ ##
28
+ # Returns the full name of the property.
29
29
 
30
- def name
31
- @property[:name]
32
- end
30
+ def name
31
+ @property[:name]
32
+ end
33
33
 
34
- ##
35
- # Returns the abbreviation of the property.
34
+ ##
35
+ # Returns the abbreviation of the property.
36
36
 
37
- def abbreviation
38
- @property[:abbreviation]
39
- end
37
+ def abbreviation
38
+ @property[:abbreviation]
39
+ end
40
40
 
41
- ##
42
- # Returns all available choices of the property.
41
+ ##
42
+ # Returns all available values of the property.
43
43
 
44
- def choices
45
- @property[:choices]
46
- end
44
+ def values
45
+ @property[:values]
46
+ end
47
47
 
48
- ##
49
- # Returns the possible positions in the CVSS vector of the property.
48
+ ##
49
+ # Returns the possible positions in the CVSS vector of the property.
50
50
 
51
- def position
52
- @property[:position]
53
- end
51
+ def position
52
+ @property[:position]
53
+ end
54
54
 
55
- ##
56
- # Returns the selected choice of the property.
55
+ ##
56
+ # Returns the selected value of the property.
57
57
 
58
- def selected_choice
59
- @selected_choice || @property[:default_choice]
60
- end
58
+ def selected_value
59
+ @selected_value || @property[:default_value]
60
+ end
61
61
 
62
- ##
63
- # Returns true if the property is valid.
62
+ ##
63
+ # Returns true if the property is valid.
64
64
 
65
- def valid?
66
- !@selected_choice.nil?
67
- end
65
+ def valid?
66
+ !@selected_value.nil?
67
+ end
68
68
 
69
- ##
70
- # Returns the score of the selected choice.
69
+ ##
70
+ # Returns the score of the selected value.
71
71
 
72
- def score
73
- @selected_choice[:weight]
74
- end
72
+ def score
73
+ @selected_value[:weight]
74
+ end
75
75
 
76
- ##
77
- # Sets the selected choice by a +choice+.
76
+ ##
77
+ # Sets the selected value by a +value+.
78
78
 
79
- def set_selected_choice(selected_choice)
80
- choices.each do |choice|
81
- choice[:selected] = selected_choice.eql?(choice[:abbreviation])
79
+ def set_selected_value(selected_value)
80
+ values.each do |value|
81
+ value[:selected] = selected_value.eql?(value[:abbreviation])
82
+ end
83
+ @selected_value = values.detect { |value| value[:selected] }
82
84
  end
83
- @selected_choice = choices.detect { |choice| choice[:selected] }
84
85
  end
85
- end
86
+ end
@@ -19,10 +19,12 @@ module CvssSuite
19
19
 
20
20
  def initialize(message)
21
21
  @message = message
22
+ super
22
23
  end
23
24
  end
24
25
 
25
26
  class InvalidVector < RuntimeError; end
27
+
26
28
  class InvalidParentClass < ArgumentError; end
27
29
  end
28
30
  end
@@ -0,0 +1,27 @@
1
+ # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
+ #
3
+ # Copyright (c) Siemens AG, 2016
4
+ #
5
+ # Authors:
6
+ # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ #
8
+ # This work is licensed under the terms of the MIT license.
9
+ # See the LICENSE.md file in the top-level directory.
10
+
11
+ module CvssSuite
12
+ ##
13
+ # This module includes methods which are used by the CVSS 3 classes.
14
+ module Cvss31Helper
15
+ ##
16
+ # Since CVSS 3 all float values are rounded up, therefore this method is used
17
+ # instead of the mathematically correct method round().
18
+ def self.round_up(float)
19
+ output = (float * 100_000).round
20
+ if (output % 10_000).zero?
21
+ output / 100_000.0
22
+ else
23
+ ((output / 10_000).floor + 1) / 10.0
24
+ end
25
+ end
26
+ end
27
+ end
@@ -8,22 +8,28 @@
8
8
  # This work is licensed under the terms of the MIT license.
9
9
  # See the LICENSE.md file in the top-level directory.
10
10
 
11
- ##
12
- # This module includes methods which are used by the CVSS 3 classes.
13
-
14
- module Cvss3Helper
15
-
11
+ module CvssSuite
16
12
  ##
17
- # Since CVSS 3 the Privilege Required score depends on the selected choice of the Scope metric.
18
- # This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score.
13
+ # This module includes methods which are used by the CVSS 3 classes.
14
+ module Cvss3Helper
15
+ ##
16
+ # Since CVSS 3 all float values are rounded up, therefore this method is used
17
+ # instead of the mathematically correct method round().
18
+ def self.round_up(float)
19
+ float.ceil(1).to_f
20
+ end
19
21
 
20
- def self.privileges_required_score(privileges_required, scope)
21
- changed = scope.selected_choice[:name] == 'Changed'
22
- privilege_score = privileges_required.score
23
- if changed
24
- privilege_score = 0.68 if privileges_required.selected_choice[:name] == 'Low'
25
- privilege_score = 0.50 if privileges_required.selected_choice[:name] == 'High'
22
+ ##
23
+ # Since CVSS 3 the Privilege Required score depends on the selected value of the Scope metric.
24
+ # This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score.
25
+ def self.privileges_required_score(privileges_required, scope)
26
+ changed = scope.selected_value[:name] == 'Changed'
27
+ privilege_score = privileges_required.score
28
+ if changed
29
+ privilege_score = 0.68 if privileges_required.selected_value[:name] == 'Low'
30
+ privilege_score = 0.50 if privileges_required.selected_value[:name] == 'High'
31
+ end
32
+ privilege_score
26
33
  end
27
- privilege_score
28
34
  end
29
- end
35
+ end
@@ -8,50 +8,44 @@
8
8
  # This work is licensed under the terms of the MIT license.
9
9
  # See the LICENSE.md file in the top-level directory.
10
10
 
11
- # ##
12
- # # This class represents a invalid CVSS vector.
13
-
14
- class InvalidCvss < Cvss
15
-
16
- ##
17
- # Creates a new invalid CVSS vector.
18
-
19
- def initialize
20
- end
21
-
22
- ##
23
- # Since this is an invalid CVSS vector, it always returns false.
24
-
25
- def valid?
26
- false
27
- end
28
-
29
- ##
30
- # Since this is an invalid CVSS vector, it always throws an exception.
31
-
32
- def version
33
- check_validity
34
- end
35
-
36
- ##
37
- # Since this is an invalid CVSS vector, it always throws an exception.
38
-
39
- def base_score
40
- check_validity
41
- end
42
-
11
+ module CvssSuite
43
12
  ##
44
- # Since this is an invalid CVSS vector, it always throws an exception.
45
-
46
- def temporal_score
47
- check_validity
48
- end
49
-
50
- ##
51
- # Since this is an invalid CVSS vector, it always throws an exception.
52
-
53
- def environmental_score
54
- check_validity
13
+ # This class represents a invalid CVSS vector.
14
+ class InvalidCvss < Cvss
15
+ # rubocop:disable Lint/MissingSuper
16
+ ##
17
+ # Creates a new invalid CVSS vector.
18
+ def initialize; end
19
+ # rubocop:enable Lint/MissingSuper
20
+
21
+ ##
22
+ # Since this is an invalid CVSS vector, it always returns false.
23
+ def valid?
24
+ false
25
+ end
26
+
27
+ ##
28
+ # Since this is an invalid CVSS vector, it always throws an exception.
29
+ def version
30
+ check_validity
31
+ end
32
+
33
+ ##
34
+ # Since this is an invalid CVSS vector, it always throws an exception.
35
+ def base_score
36
+ check_validity
37
+ end
38
+
39
+ ##
40
+ # Since this is an invalid CVSS vector, it always throws an exception.
41
+ def temporal_score
42
+ check_validity
43
+ end
44
+
45
+ ##
46
+ # Since this is an invalid CVSS vector, it always throws an exception.
47
+ def environmental_score
48
+ check_validity
49
+ end
55
50
  end
56
-
57
- end
51
+ end