cvss-suite 1.2.0 → 2.0.2

data/lib/cvss_suite/cvss31/cvss31_temporal.rb

@@ -11,47 +11,46 @@
 require_relative '../cvss_property'
 require_relative '../cvss_metric'
 
-##
-# This class represents a CVSS Temporal metric in version 3.1.
-
-class Cvss31Temporal < CvssMetric
-
-  ##
-  # Property of this metric
-
-  attr_reader :exploit_code_maturity, :remediation_level, :report_confidence
-
+module CvssSuite
   ##
-  # Returns score of this metric
-
-  def score
-    return 1.0 unless valid?
-    @exploit_code_maturity.score * @remediation_level.score * @report_confidence.score
-  end
-
-  private
-
-  def init_properties
-    @properties.push(@exploit_code_maturity =
-                      CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E', position: [8],
-                                       choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
-                                                 { name: 'Unproven', abbreviation: 'U', weight: 0.91 },
-                                                 { name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 },
-                                                 { name: 'Functional', abbreviation: 'F', weight: 0.97 },
-                                                 { name: 'High', abbreviation: 'H', weight: 1.0 }]))
-    @properties.push(@remediation_level =
-                      CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [9],
-                                       choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
-                                                 { name: 'Official Fix', abbreviation: 'O', weight: 0.95 },
-                                                 { name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 },
-                                                 { name: 'Workaround', abbreviation: 'W', weight: 0.97 },
-                                                 { name: 'Unavailable', abbreviation: 'U', weight: 1.0 }]))
-
-    @properties.push(@report_confidence =
-                      CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [10],
-                                       choices: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
-                                                 { name: 'Unknown', abbreviation: 'U', weight: 0.92 },
-                                                 { name: 'Reasonable', abbreviation: 'R', weight: 0.96 },
-                                                 { name: 'Confirmed', abbreviation: 'C', weight: 1.0 }]))
+  # This class represents a CVSS Temporal metric in version 3.1.
+  class Cvss31Temporal < CvssMetric
+    ##
+    # Property of this metric
+    attr_reader :exploit_code_maturity, :remediation_level, :report_confidence
+
+    ##
+    # Returns score of this metric
+    def score
+      return 1.0 unless valid?
+
+      @exploit_code_maturity.score * @remediation_level.score * @report_confidence.score
+    end
+
+    private
+
+    def init_properties
+      @properties.push(@exploit_code_maturity =
+                         CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E', position: [8],
+                                          values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                   { name: 'Unproven', abbreviation: 'U', weight: 0.91 },
+                                                   { name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 },
+                                                   { name: 'Functional', abbreviation: 'F', weight: 0.97 },
+                                                   { name: 'High', abbreviation: 'H', weight: 1.0 }]))
+      @properties.push(@remediation_level =
+                         CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [9],
+                                          values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                   { name: 'Official Fix', abbreviation: 'O', weight: 0.95 },
+                                                   { name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 },
+                                                   { name: 'Workaround', abbreviation: 'W', weight: 0.97 },
+                                                   { name: 'Unavailable', abbreviation: 'U', weight: 1.0 }]))
+
+      @properties.push(@report_confidence =
+                         CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [10],
+                                          values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                   { name: 'Unknown', abbreviation: 'U', weight: 0.92 },
+                                                   { name: 'Reasonable', abbreviation: 'R', weight: 0.96 },
+                                                   { name: 'Confirmed', abbreviation: 'C', weight: 1.0 }]))
+    end
   end
-end
+end

data/lib/cvss_suite/cvss_metric.rb

@@ -8,46 +8,42 @@
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
-##
-# This class represents any CVSS metric.
-
-class CvssMetric
-
+module CvssSuite
   ##
-  # Creates a new CVSS metric by +properties+
-
-  def initialize(selected_properties)
-    @properties = []
-    init_properties
-    extract_selected_choices_from selected_properties
-  end
-
-  ##
-  # Returns if the metric is valid.
-
-  def valid?
-    @properties.each do |property|
-      return false unless property.valid?
+  # This class represents any CVSS metric.
+  class CvssMetric
+    ##
+    # Creates a new CVSS metric by +properties+
+    def initialize(selected_properties)
+      @properties = []
+      init_properties
+      extract_selected_values_from selected_properties
     end
-    true
-  end
 
-  ##
-  # Returns number of properties for this metric.
+    ##
+    # Returns if the metric is valid.
+    def valid?
+      @properties.each do |property|
+        return false unless property.valid?
+      end
+      true
+    end
 
-  def count
-    @properties.count
-  end
+    ##
+    # Returns number of properties for this metric.
+    def count
+      @properties.count
+    end
 
-  private
+    private
 
-  def extract_selected_choices_from(selected_properties)
-    selected_properties.each do |selected_property|
-      property = @properties.detect {
-          |p| p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
-      }
-      property.set_selected_choice selected_property[:selected] unless property.nil?
+    def extract_selected_values_from(selected_properties)
+      selected_properties.each do |selected_property|
+        property = @properties.detect do |p|
+          p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
+        end
+        property&.set_selected_value selected_property[:selected]
+      end
     end
   end
-
-end
+end

data/lib/cvss_suite/cvss_property.rb

@@ -8,78 +8,79 @@
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
-##
-# This class represents a CVSS property of a CVSS metric.
-
-class CvssProperty
-
+module CvssSuite
   ##
-  # Creates a new CVSS property by a +property+.
-  #
-  # +Property+ needs to consist of a name, a abbreviation, the possible positions in the CVSS vector, a weight, and the
-  # available choices for the property.
-
-  def initialize(property)
-    @property = property
-    @property[:default_choice] ||= 'Not Available'
-  end
+  # This class represents a CVSS property of a CVSS metric.
+  class CvssProperty
+    ##
+    # Creates a new CVSS property by a +property+.
+    #
+    # +Property+ needs to consist of a name, a abbreviation,
+    # the possible positions in the CVSS vector, a weight, and the
+    # available values for the property.
+
+    def initialize(property)
+      @property = property
+      @property[:default_value] ||= 'Not Available'
+    end
 
-  ##
-  # Returns the full name of the property.
+    ##
+    # Returns the full name of the property.
 
-  def name
-    @property[:name]
-  end
+    def name
+      @property[:name]
+    end
 
-  ##
-  # Returns the abbreviation of the property.
+    ##
+    # Returns the abbreviation of the property.
 
-  def abbreviation
-    @property[:abbreviation]
-  end
+    def abbreviation
+      @property[:abbreviation]
+    end
 
-  ##
-  # Returns all available choices of the property.
+    ##
+    # Returns all available values of the property.
 
-  def choices
-    @property[:choices]
-  end
+    def values
+      @property[:values]
+    end
 
-  ##
-  # Returns the possible positions in the CVSS vector of the property.
+    ##
+    # Returns the possible positions in the CVSS vector of the property.
 
-  def position
-    @property[:position]
-  end
+    def position
+      @property[:position]
+    end
 
-  ##
-  # Returns the selected choice of the property.
+    ##
+    # Returns the selected value of the property.
 
-  def selected_choice
-    @selected_choice || @property[:default_choice]
-  end
+    def selected_value
+      @selected_value || @property[:default_value]
+    end
 
-  ##
-  # Returns true if the property is valid.
+    ##
+    # Returns true if the property is valid.
 
-  def valid?
-    !@selected_choice.nil?
-  end
+    def valid?
+      !@selected_value.nil?
+    end
 
-  ##
-  # Returns the score of the selected choice.
+    ##
+    # Returns the score of the selected value.
 
-  def score
-    @selected_choice[:weight]
-  end
+    def score
+      @selected_value[:weight]
+    end
 
-  ##
-  # Sets the selected choice by a +choice+.
+    ##
+    # Sets the selected value by a +value+.
 
-  def set_selected_choice(selected_choice)
-    choices.each do |choice|
-      choice[:selected] = selected_choice.eql?(choice[:abbreviation])
+    def set_selected_value(selected_value)
+      values.each do |value|
+        value[:selected] = selected_value.eql?(value[:abbreviation])
+      end
+      @selected_value = values.detect { |value| value[:selected] }
     end
-    @selected_choice = choices.detect { |choice| choice[:selected] }
   end
-end
+end

data/lib/cvss_suite/errors.rb

@@ -19,10 +19,12 @@ module CvssSuite
 
       def initialize(message)
         @message = message
+        super
       end
     end
 
     class InvalidVector < RuntimeError; end
+
     class InvalidParentClass < ArgumentError; end
   end
 end

data/lib/cvss_suite/helpers/cvss31_helper.rb

@@ -0,0 +1,27 @@
+# CVSS-Suite, a Ruby gem to manage the CVSS vector
+#
+# Copyright (c) Siemens AG, 2016
+#
+# Authors:
+#   Oliver Hambörger <oliver.hamboerger@siemens.com>
+#
+# This work is licensed under the terms of the MIT license.
+# See the LICENSE.md file in the top-level directory.
+
+module CvssSuite
+  ##
+  # This module includes methods which are used by the CVSS 3 classes.
+  module Cvss31Helper
+    ##
+    # Since CVSS 3 all float values are rounded up, therefore this method is used
+    # instead of the mathematically correct method round().
+    def self.round_up(float)
+      output = (float * 100_000).round
+      if (output % 10_000).zero?
+        output / 100_000.0
+      else
+        ((output / 10_000).floor + 1) / 10.0
+      end
+    end
+  end
+end

data/lib/cvss_suite/helpers/cvss3_helper.rb

@@ -8,22 +8,28 @@
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
-##
-# This module includes methods which are used by the CVSS 3 classes.
-
-module Cvss3Helper
-
+module CvssSuite
   ##
-  # Since CVSS 3 the Privilege Required score depends on the selected choice of the Scope metric.
-  # This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score.
+  # This module includes methods which are used by the CVSS 3 classes.
+  module Cvss3Helper
+    ##
+    # Since CVSS 3 all float values are rounded up, therefore this method is used
+    # instead of the mathematically correct method round().
+    def self.round_up(float)
+      float.ceil(1).to_f
+    end
 
-  def self.privileges_required_score(privileges_required, scope)
-    changed =  scope.selected_choice[:name] == 'Changed'
-    privilege_score = privileges_required.score
-    if changed
-      privilege_score = 0.68 if privileges_required.selected_choice[:name] == 'Low'
-      privilege_score = 0.50 if privileges_required.selected_choice[:name] == 'High'
+    ##
+    # Since CVSS 3 the Privilege Required score depends on the selected value of the Scope metric.
+    # This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score.
+    def self.privileges_required_score(privileges_required, scope)
+      changed = scope.selected_value[:name] == 'Changed'
+      privilege_score = privileges_required.score
+      if changed
+        privilege_score = 0.68 if privileges_required.selected_value[:name] == 'Low'
+        privilege_score = 0.50 if privileges_required.selected_value[:name] == 'High'
+      end
+      privilege_score
     end
-    privilege_score
   end
-end
+end

data/lib/cvss_suite/invalid_cvss.rb

@@ -8,50 +8,44 @@
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
-# ##
-# # This class represents a invalid CVSS vector.
-
-class InvalidCvss < Cvss
-
-  ##
-  # Creates a new invalid CVSS vector.
-
-  def initialize
-  end
-
-  ##
-  # Since this is an invalid CVSS vector, it always returns false.
-
-  def valid?
-    false
-  end
-
-  ##
-  # Since this is an invalid CVSS vector, it always throws an exception.
-
-  def version
-    check_validity
-  end
-
-  ##
-  # Since this is an invalid CVSS vector, it always throws an exception.
-
-  def base_score
-    check_validity
-  end
-
+module CvssSuite
   ##
-  # Since this is an invalid CVSS vector, it always throws an exception.
-
-  def temporal_score
-    check_validity
-  end
-
-  ##
-  # Since this is an invalid CVSS vector, it always throws an exception.
-
-  def environmental_score
-    check_validity
+  # This class represents a invalid CVSS vector.
+  class InvalidCvss < Cvss
+    # rubocop:disable Lint/MissingSuper
+    ##
+    # Creates a new invalid CVSS vector.
+    def initialize; end
+    # rubocop:enable Lint/MissingSuper
+
+    ##
+    # Since this is an invalid CVSS vector, it always returns false.
+    def valid?
+      false
+    end
+
+    ##
+    # Since this is an invalid CVSS vector, it always throws an exception.
+    def version
+      check_validity
+    end
+
+    ##
+    # Since this is an invalid CVSS vector, it always throws an exception.
+    def base_score
+      check_validity
+    end
+
+    ##
+    # Since this is an invalid CVSS vector, it always throws an exception.
+    def temporal_score
+      check_validity
+    end
+
+    ##
+    # Since this is an invalid CVSS vector, it always throws an exception.
+    def environmental_score
+      check_validity
+    end
   end
-
-end
+end