cvss-suite 1.2.0 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/rspec.yml +23 -0
- data/.github/workflows/rubocop.yml +22 -0
- data/.rubocop.yml +47 -1
- data/.rubocop_todo.yml +59 -0
- data/CHANGES.md +61 -1
- data/CNAME +1 -0
- data/CODE_OF_CONDUCT.md +3 -2
- data/Gemfile +3 -2
- data/LICENSE.md +2 -1
- data/README.md +21 -18
- data/_config.yml +1 -0
- data/bin/console +3 -3
- data/cvss_suite.gemspec +23 -16
- data/lib/cvss_suite/cvss.rb +77 -98
- data/lib/cvss_suite/cvss2/cvss2.rb +53 -30
- data/lib/cvss_suite/cvss2/cvss2_base.rb +72 -77
- data/lib/cvss_suite/cvss2/cvss2_environmental.rb +55 -56
- data/lib/cvss_suite/cvss2/cvss2_temporal.rb +43 -43
- data/lib/cvss_suite/cvss3/cvss3.rb +42 -38
- data/lib/cvss_suite/cvss3/cvss3_base.rb +75 -77
- data/lib/cvss_suite/cvss3/cvss3_environmental.rb +162 -111
- data/lib/cvss_suite/cvss3/cvss3_temporal.rb +44 -44
- data/lib/cvss_suite/cvss31/cvss31.rb +39 -30
- data/lib/cvss_suite/cvss31/cvss31_base.rb +69 -70
- data/lib/cvss_suite/cvss31/cvss31_environmental.rb +162 -111
- data/lib/cvss_suite/cvss31/cvss31_temporal.rb +44 -44
- data/lib/cvss_suite/cvss_metric.rb +37 -38
- data/lib/cvss_suite/cvss_property.rb +69 -57
- data/lib/cvss_suite/errors.rb +4 -1
- data/lib/cvss_suite/helpers/cvss31_helper.rb +28 -0
- data/lib/cvss_suite/helpers/cvss3_helper.rb +24 -17
- data/lib/cvss_suite/invalid_cvss.rb +42 -47
- data/lib/cvss_suite/version.rb +4 -3
- data/lib/cvss_suite.rb +46 -15
- metadata +23 -29
- data/.travis.yml +0 -4
- data/lib/cvss_suite/helpers/extensions.rb +0 -56
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8d6c9f7e41ba7184e8140cf17c6fc0a1b2dced70a3a0e80a603700c2517f413c
|
4
|
+
data.tar.gz: 8277aaf7c847feb0d83adcf96f33e85dbbaa4916bb84fb3b1fad5fc1eb99ef57
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3640b87d41a2b7533b756b416e115e8cde0bb4459a8aefe325d0db82816b48dc0b3f32bd2d6c9dde4ab48ec0bec94efc8572e0c94412618070a45ab04012dd04
|
7
|
+
data.tar.gz: fe15648aa4362009d44ef9159e38f40494b09911582845b29732cb6c6512694c6bdf4d3b57ec412a6e9e76c783c197746dd76a2cce79ce298facad8f4a8ac334
|
@@ -0,0 +1,23 @@
|
|
1
|
+
name: RSpec
|
2
|
+
|
3
|
+
on: [push,pull_request]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
build:
|
7
|
+
|
8
|
+
runs-on: ubuntu-latest
|
9
|
+
strategy:
|
10
|
+
matrix:
|
11
|
+
ruby: [ '2.6', '2.7', '3.0', '3.1' ]
|
12
|
+
steps:
|
13
|
+
- uses: actions/checkout@v2
|
14
|
+
- name: Set up ${{ matrix.ruby }}
|
15
|
+
uses: ruby/setup-ruby@v1
|
16
|
+
with:
|
17
|
+
ruby-version: ${{ matrix.ruby }}
|
18
|
+
- name: Install gems
|
19
|
+
run: |
|
20
|
+
gem install bundler -v ">= 1.10"
|
21
|
+
bundle install --jobs 4 --retry 3
|
22
|
+
- name: Run tests
|
23
|
+
run: bundle exec rspec spec
|
@@ -0,0 +1,22 @@
|
|
1
|
+
name: Rubocop
|
2
|
+
|
3
|
+
on: [push,pull_request]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
build:
|
7
|
+
|
8
|
+
runs-on: ubuntu-latest
|
9
|
+
|
10
|
+
steps:
|
11
|
+
- uses: actions/checkout@v2
|
12
|
+
- name: Set up Ruby 2.6
|
13
|
+
uses: ruby/setup-ruby@v1
|
14
|
+
with:
|
15
|
+
ruby-version: 2.6
|
16
|
+
- name: Install gems
|
17
|
+
run: |
|
18
|
+
gem update --system
|
19
|
+
gem install bundler -v ">= 1.10"
|
20
|
+
gem install rubocop
|
21
|
+
- name: Run checks
|
22
|
+
run: rubocop -F --fail-level C -f s
|
data/.rubocop.yml
CHANGED
@@ -1,2 +1,48 @@
|
|
1
|
+
inherit_from: .rubocop_todo.yml
|
2
|
+
|
3
|
+
AllCops:
|
4
|
+
TargetRubyVersion: 2.6
|
5
|
+
SuggestExtensions: false
|
6
|
+
|
1
7
|
Metrics/LineLength:
|
2
|
-
Max: 120
|
8
|
+
Max: 120
|
9
|
+
Exclude:
|
10
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
11
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
12
|
+
|
13
|
+
Metrics/ClassLength:
|
14
|
+
Exclude:
|
15
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
16
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
17
|
+
|
18
|
+
Metrics/MethodLength:
|
19
|
+
Exclude:
|
20
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
21
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
22
|
+
|
23
|
+
Metrics/BlockLength:
|
24
|
+
Exclude:
|
25
|
+
- 'spec/cvss2/cvss2_spec.rb'
|
26
|
+
- 'spec/cvss3/cvss3_spec.rb'
|
27
|
+
- 'spec/cvss31/cvss31_spec.rb'
|
28
|
+
|
29
|
+
Style/IfUnlessModifier:
|
30
|
+
Exclude:
|
31
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
32
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
33
|
+
|
34
|
+
Style/GuardClause:
|
35
|
+
Exclude:
|
36
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
37
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
38
|
+
|
39
|
+
Style/ConditionalAssignment:
|
40
|
+
Exclude:
|
41
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
42
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
43
|
+
|
44
|
+
Style/FrozenStringLiteralComment:
|
45
|
+
Enabled: false
|
46
|
+
|
47
|
+
Style/AsciiComments:
|
48
|
+
Enabled: false
|
data/.rubocop_todo.yml
ADDED
@@ -0,0 +1,59 @@
|
|
1
|
+
# This configuration was generated by
|
2
|
+
# `rubocop --auto-gen-config`
|
3
|
+
# on 2020-05-05 17:47:10 +0200 using RuboCop version 0.82.0.
|
4
|
+
# The point is for the user to remove these configuration records
|
5
|
+
# one by one as the offenses are removed from the code base.
|
6
|
+
# Note that changes in the inspected code, or installation of new
|
7
|
+
# versions of RuboCop, may require this file to be generated again.
|
8
|
+
|
9
|
+
# Offense count: 1
|
10
|
+
Lint/IneffectiveAccessModifier:
|
11
|
+
Exclude:
|
12
|
+
- 'lib/cvss_suite.rb'
|
13
|
+
|
14
|
+
# Offense count: 1
|
15
|
+
# Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
|
16
|
+
Lint/UselessAccessModifier:
|
17
|
+
Exclude:
|
18
|
+
- 'lib/cvss_suite.rb'
|
19
|
+
|
20
|
+
# Offense count: 8
|
21
|
+
# Configuration parameters: IgnoredMethods.
|
22
|
+
Metrics/AbcSize:
|
23
|
+
Max: 35
|
24
|
+
|
25
|
+
# Offense count: 5
|
26
|
+
# Configuration parameters: CountComments, ExcludedMethods.
|
27
|
+
# ExcludedMethods: refine
|
28
|
+
Metrics/BlockLength:
|
29
|
+
Max: 58
|
30
|
+
|
31
|
+
# Offense count: 2
|
32
|
+
# Configuration parameters: CountComments.
|
33
|
+
Metrics/ClassLength:
|
34
|
+
Max: 101
|
35
|
+
|
36
|
+
# Offense count: 1
|
37
|
+
# Configuration parameters: IgnoredMethods.
|
38
|
+
Metrics/CyclomaticComplexity:
|
39
|
+
Max: 9
|
40
|
+
|
41
|
+
# Offense count: 13
|
42
|
+
# Configuration parameters: CountComments, ExcludedMethods.
|
43
|
+
Metrics/MethodLength:
|
44
|
+
Max: 63
|
45
|
+
|
46
|
+
# Offense count: 1
|
47
|
+
# Configuration parameters: CountKeywordArgs.
|
48
|
+
Metrics/ParameterLists:
|
49
|
+
Max: 6
|
50
|
+
|
51
|
+
# Offense count: 1
|
52
|
+
# Configuration parameters: IgnoredMethods.
|
53
|
+
Metrics/PerceivedComplexity:
|
54
|
+
Max: 10
|
55
|
+
|
56
|
+
# Offense count: 1
|
57
|
+
Naming/AccessorMethodName:
|
58
|
+
Exclude:
|
59
|
+
- 'lib/cvss_suite/cvss_property.rb'
|
data/CHANGES.md
CHANGED
@@ -2,6 +2,66 @@
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
4
4
|
|
5
|
+
## [3.1.0] - 2022-09-27
|
6
|
+
|
7
|
+
### Fixes
|
8
|
+
* Metrics are no longer order-dependent. Fixes [#30](https://github.com/0llirocks/cvss-suite/issues/30)
|
9
|
+
|
10
|
+
### Improvements
|
11
|
+
* Temporal and Environmental metrics can now be partly omitted instead of setting them to X.
|
12
|
+
|
13
|
+
## [3.0.1] - 2022-03-13
|
14
|
+
|
15
|
+
### Notes
|
16
|
+
* Updated specification reference due to [Removing the edit linkset form](https://blog.rubygems.org/2019/03/08/and-then-there-was-one-metadata-links.html) and [Unable to edit gem online](https://github.com/rubygems/rubygems.org/issues/1899)
|
17
|
+
|
18
|
+
## [3.0.0] - 2022-03-13
|
19
|
+
|
20
|
+
### Breaking Changes
|
21
|
+
* Ruby >= 2.6 is now required
|
22
|
+
|
23
|
+
### Notes
|
24
|
+
* Moved repository to its new home
|
25
|
+
|
26
|
+
## [2.0.2] - 2020-12-05
|
27
|
+
|
28
|
+
### Fixes
|
29
|
+
* CVSS v2 now returns the correct severity values based on NVD recommendation
|
30
|
+
* CVSS v2 now supports vectors which are enclosed in parenthesis e.g. (AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
31
|
+
|
32
|
+
## [2.0.1] - 2020-07-19
|
33
|
+
|
34
|
+
### Fixes
|
35
|
+
Fixed an error that resulted in incorrect environmental score if modified attributes were not defined.
|
36
|
+
|
37
|
+
## [2.0.0] - 2020-05-10
|
38
|
+
|
39
|
+
### Breaking Changes
|
40
|
+
* Ruby >= 2.4 is now required
|
41
|
+
* Renamed choice/choices to value/values
|
42
|
+
|
43
|
+
### Improvements
|
44
|
+
* Added CvssSuite module to every class (thanks to @fwininger)
|
45
|
+
* Removed override for integer and float (thanks to @fwininger)
|
46
|
+
* Added rubocop to development environment (thanks to @fwininger)
|
47
|
+
|
48
|
+
### Notes
|
49
|
+
Adding CvssSuite module everywhere means it’s no longer possible to access a class without it. Since this only affects the undocumented and ‚internal‘ classes this should not affect you. If you’re using them, stop it.
|
50
|
+
|
51
|
+
Still works:
|
52
|
+
|
53
|
+
```ruby
|
54
|
+
cvss = CvssSuite.new('string')
|
55
|
+
```
|
56
|
+
|
57
|
+
Won’t work anymore (without any code change):
|
58
|
+
|
59
|
+
```ruby
|
60
|
+
cvss = Cvss31.new('string')
|
61
|
+
```
|
62
|
+
|
63
|
+
This would need to be CvssSuite::Cvss31.new('string') to work. Or you could include the whole namespace.
|
64
|
+
|
5
65
|
## [1.2.0] - 2019-07-02
|
6
66
|
|
7
67
|
### Notes
|
@@ -71,4 +131,4 @@ Tried to fix an error. It turned out to be a local problem. Due to this I increa
|
|
71
131
|
|
72
132
|
## [1.0.0] - 2016-04-15
|
73
133
|
### Initial release
|
74
|
-
First release of this gem.
|
134
|
+
First release of this gem.
|
data/CNAME
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
cvss-suite.0lli.rocks
|
data/CODE_OF_CONDUCT.md
CHANGED
@@ -1,8 +1,9 @@
|
|
1
1
|
CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
|
3
|
-
Copyright (c) Siemens AG
|
3
|
+
Copyright (c) 2016-2022 Siemens AG
|
4
|
+
Copyright (c) 2022 0llirocks
|
4
5
|
|
5
|
-
Authors:
|
6
|
+
Authors: 0llirocks <http://0lli.rocks>
|
6
7
|
|
7
8
|
This work is licensed under the terms of the MIT license.
|
8
9
|
See the LICENSE.md file in the top-level directory.
|
data/Gemfile
CHANGED
@@ -1,9 +1,10 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) Siemens AG
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
4
|
+
# Copyright (c) 2022 0llirocks
|
4
5
|
#
|
5
6
|
# Authors:
|
6
|
-
#
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
7
8
|
#
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
data/LICENSE.md
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
The MIT License (MIT)
|
2
2
|
|
3
|
-
Copyright (c) 2016 Siemens AG
|
3
|
+
Copyright (c) 2016-2022 Siemens AG
|
4
|
+
Copyright (c) 2022 0llirocks
|
4
5
|
|
5
6
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
6
7
|
this software and associated documentation files (the "Software"), to deal in
|
data/README.md
CHANGED
@@ -1,10 +1,11 @@
|
|
1
|
-
# CvssSuite
|
1
|
+
# CvssSuite for Ruby
|
2
2
|
|
3
3
|
[![Gem Version](http://img.shields.io/gem/v/cvss-suite.svg)](https://rubygems.org/gems/cvss-suite)
|
4
|
-
[![Ruby Version](https://img.shields.io/badge/Ruby-2.
|
4
|
+
[![Ruby Version](https://img.shields.io/badge/Ruby-2.6-brightgreen.svg)](https://rubygems.org/gems/cvss-suite)
|
5
5
|
[![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/v2/guide)
|
6
6
|
[![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/v3.0/user-guide)
|
7
7
|
[![Cvss Support](https://img.shields.io/badge/CVSS-v3.1-brightgreen.svg)](https://www.first.org/cvss/v3.1/user-guide)
|
8
|
+
[![RSpec](https://github.com/0llirocks/cvss-suite/workflows/RSpec/badge.svg)](https://github.com/0llirocks/cvss-suite/actions)
|
8
9
|
|
9
10
|
This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
|
10
11
|
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
|
@@ -25,6 +26,14 @@ Or install it yourself as:
|
|
25
26
|
|
26
27
|
$ gem install cvss-suite
|
27
28
|
|
29
|
+
## Version 2.x
|
30
|
+
|
31
|
+
If you are still using CvssSuite 2.x please refer to the [specific branch](https://github.com/0llirocks/cvss-suite/tree/2.x) for documentation and changelog.
|
32
|
+
|
33
|
+
## Version 1.x
|
34
|
+
|
35
|
+
If you are still using CvssSuite 1.x please refer to the [specific branch](https://github.com/0llirocks/cvss-suite/tree/1.x) for documentation and changelog.
|
36
|
+
|
28
37
|
## Usage
|
29
38
|
|
30
39
|
```ruby
|
@@ -61,15 +70,15 @@ overall_score = cvss.overall_score # 3.2
|
|
61
70
|
access_vector = cvss.base.access_vector.name # 'Access Vector'
|
62
71
|
remediation_level = cvss.temporal.remediation_level.name # 'Remediation Level'
|
63
72
|
|
64
|
-
access_vector.
|
65
|
-
|
66
|
-
|
67
|
-
|
73
|
+
access_vector.values.each do |value|
|
74
|
+
value[:name] # 'Local', 'Adjacent Network', 'Network'
|
75
|
+
value[:abbreviation] # 'L', 'A', 'N'
|
76
|
+
value[:selected] # false, true, false
|
68
77
|
end
|
69
78
|
|
70
79
|
# Selected options
|
71
|
-
cvss.base.access_vector.
|
72
|
-
cvss.temporal.remediation_level.
|
80
|
+
cvss.base.access_vector.selected_value[:name] # Adjacent Network
|
81
|
+
cvss.temporal.remediation_level.selected_value[:name] # Temporary Fix
|
73
82
|
|
74
83
|
# Exceptions
|
75
84
|
|
@@ -91,23 +100,17 @@ valid = cvss.valid? # false
|
|
91
100
|
cvss.base_score # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!
|
92
101
|
```
|
93
102
|
|
94
|
-
## Notable Features
|
95
|
-
|
96
|
-
Properties (Access Vector, Remediation Level, etc) do have a position attribute, with this they can be ordered the same way they appear in the vector.
|
97
|
-
|
98
103
|
## Known Issues
|
99
104
|
|
100
|
-
Currently it is not possible to leave an attribute blank instead of ND/X. If you don't have a value for an attribute, please use ND/X instead.
|
101
|
-
|
102
|
-
Because the documentation isn't clear on how to calculate the score if Modified Scope (CVSS 3.0 Environmental) is not defined, Modified Scope has to have a valid value (S/U).
|
103
|
-
|
104
105
|
There is a possibility of implementations generating different scores (+/- 0,1) due to small floating-point inaccuracies. This can happen due to differences in floating point arithmetic between different languages and hardware platforms.
|
105
106
|
|
106
107
|
## Changelog
|
107
108
|
|
108
|
-
[Click here to see all changes.](https://
|
109
|
+
[Click here to see all changes.](https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md)
|
109
110
|
|
110
111
|
## Contributing
|
111
112
|
|
112
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
113
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/0llirocks/cvss-suite. This project is intended to be a safe, welcoming space for collaboration.
|
113
114
|
|
115
|
+
## References
|
116
|
+
[CvssSuite for .NET](https://cvsssuite.0lli.rocks)
|
data/_config.yml
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
theme: jekyll-theme-cayman
|
data/bin/console
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require 'bundler/setup'
|
4
|
+
require 'cvss_suite'
|
5
5
|
|
6
6
|
# You can add fixtures and/or initialization code here to make experimenting
|
7
7
|
# with your gem easier. You can also use a different console, if you like.
|
@@ -10,5 +10,5 @@ require "cvss_suite"
|
|
10
10
|
# require "pry"
|
11
11
|
# Pry.start
|
12
12
|
|
13
|
-
require
|
13
|
+
require 'irb'
|
14
14
|
IRB.start
|
data/cvss_suite.gemspec
CHANGED
@@ -1,15 +1,17 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) Siemens AG
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
4
|
+
# Copyright (c) 2022 0llirocks
|
4
5
|
#
|
5
6
|
# Authors:
|
6
|
-
#
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
7
8
|
#
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
10
11
|
|
11
12
|
# coding: utf-8
|
12
|
-
|
13
|
+
|
14
|
+
lib = File.expand_path('lib', __dir__)
|
13
15
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
14
16
|
require 'cvss_suite/version'
|
15
17
|
|
@@ -17,24 +19,29 @@ Gem::Specification.new do |spec|
|
|
17
19
|
spec.name = 'cvss-suite'
|
18
20
|
spec.version = CvssSuite::VERSION
|
19
21
|
spec.license = 'MIT'
|
20
|
-
spec.authors = [
|
21
|
-
|
22
|
+
spec.authors = ['0llirocks']
|
23
|
+
|
24
|
+
spec.summary = 'Ruby gem for processing cvss vectors.'
|
25
|
+
spec.description = 'This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
|
26
|
+
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.'
|
22
27
|
|
23
|
-
spec.
|
24
|
-
|
25
|
-
|
26
|
-
|
28
|
+
spec.metadata = {
|
29
|
+
'bug_tracker_uri' => 'https://github.com/0llirocks/cvss-suite/issues',
|
30
|
+
'changelog_uri' => 'https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md',
|
31
|
+
'documentation_uri' => "https://www.rubydoc.info/gems/cvss-suite/#{CvssSuite::VERSION}",
|
32
|
+
'homepage_uri' => 'https://cvss-suite.0lli.rocks',
|
33
|
+
'source_code_uri' => 'https://github.com/0llirocks/cvss-suite'
|
34
|
+
}
|
27
35
|
|
28
|
-
spec.required_ruby_version = '>= 2.
|
36
|
+
spec.required_ruby_version = '>= 2.6.0'
|
29
37
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
30
38
|
spec.bindir = 'exe'
|
31
39
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
32
40
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
33
|
-
spec.require_paths = [
|
41
|
+
spec.require_paths = ['lib']
|
34
42
|
|
35
|
-
spec.add_development_dependency
|
36
|
-
spec.add_development_dependency
|
37
|
-
spec.add_development_dependency
|
38
|
-
spec.add_development_dependency
|
39
|
-
spec.add_development_dependency "simplecov", "~> 0.11.2"
|
43
|
+
spec.add_development_dependency 'bundler', '>= 1.10'
|
44
|
+
spec.add_development_dependency 'rspec', '~> 3.4'
|
45
|
+
spec.add_development_dependency 'rspec-its', '~> 1.2'
|
46
|
+
spec.add_development_dependency 'simplecov', '~> 0.18'
|
40
47
|
end
|
data/lib/cvss_suite/cvss.rb
CHANGED
@@ -1,125 +1,104 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) Siemens AG
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
4
|
+
# Copyright (c) 2022 0llirocks
|
4
5
|
#
|
5
6
|
# Authors:
|
6
|
-
#
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
7
8
|
#
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
10
11
|
|
11
|
-
|
12
|
-
# This class represents any CVSS vector. Do not instantiate this class!
|
13
|
-
|
14
|
-
class Cvss
|
15
|
-
|
16
|
-
##
|
17
|
-
# Metric of a CVSS vector.
|
18
|
-
|
19
|
-
attr_reader :base, :temporal, :environmental
|
20
|
-
|
21
|
-
##
|
22
|
-
# Returns version of current CVSS vector.
|
23
|
-
|
24
|
-
attr_reader :version
|
25
|
-
|
12
|
+
module CvssSuite
|
26
13
|
##
|
27
|
-
#
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
14
|
+
# This class represents any CVSS vector. Do not instantiate this class!
|
15
|
+
class Cvss
|
16
|
+
##
|
17
|
+
# Metric of a CVSS vector.
|
18
|
+
attr_reader :base, :temporal, :environmental
|
19
|
+
|
20
|
+
##
|
21
|
+
# Returns the vector itself.
|
22
|
+
attr_reader :vector
|
23
|
+
|
24
|
+
##
|
25
|
+
# Creates a new CVSS vector by a +vector+.
|
26
|
+
#
|
27
|
+
# Raises an exception if it is called on Cvss class.
|
28
|
+
def initialize(vector)
|
29
|
+
raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if instance_of? Cvss
|
30
|
+
|
31
|
+
@vector = vector
|
32
|
+
@properties = []
|
33
|
+
extract_metrics
|
34
|
+
init_metrics
|
35
|
+
end
|
47
36
|
|
48
|
-
|
49
|
-
if
|
37
|
+
##
|
38
|
+
# Returns if CVSS vector is valid.
|
39
|
+
def valid?
|
40
|
+
if @amount_of_properties >= required_amount_of_properties
|
50
41
|
base = @base.valid?
|
51
42
|
temporal = @base.valid? && @temporal.valid?
|
52
43
|
environmental = @base.valid? && @environmental.valid?
|
53
44
|
full = @base.valid? && @temporal.valid? && @environmental.valid?
|
54
45
|
base || temporal || environmental || full
|
55
|
-
|
56
|
-
|
46
|
+
else
|
47
|
+
false
|
48
|
+
end
|
57
49
|
end
|
58
|
-
end
|
59
|
-
|
60
|
-
##
|
61
|
-
# Returns the severity of the CVSS vector.
|
62
|
-
|
63
|
-
def severity
|
64
|
-
check_validity
|
65
|
-
|
66
|
-
score = overall_score
|
67
50
|
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
51
|
+
##
|
52
|
+
# Returns the severity of the CVSS vector.
|
53
|
+
def severity
|
54
|
+
check_validity
|
55
|
+
|
56
|
+
score = overall_score
|
57
|
+
|
58
|
+
if score <= 0.0
|
59
|
+
'None'
|
60
|
+
elsif (0.1..3.9).cover? score
|
61
|
+
'Low'
|
62
|
+
elsif (4.0..6.9).cover? score
|
63
|
+
'Medium'
|
64
|
+
elsif (7.0..8.9).cover? score
|
65
|
+
'High'
|
66
|
+
elsif (9.0..10.0).cover? score
|
67
|
+
'Critical'
|
68
|
+
else
|
69
|
+
'None'
|
70
|
+
end
|
80
71
|
end
|
81
|
-
end
|
82
|
-
|
83
|
-
##
|
84
|
-
# Returns the Overall Score of the CVSS vector.
|
85
72
|
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
73
|
+
##
|
74
|
+
# Returns the Overall Score of the CVSS vector.
|
75
|
+
def overall_score
|
76
|
+
check_validity
|
77
|
+
return temporal_score if @temporal.valid? && !@environmental.valid?
|
78
|
+
return environmental_score if @environmental.valid?
|
92
79
|
|
93
|
-
|
94
|
-
|
95
|
-
def extract_metrics
|
96
|
-
properties = prepared_vector.split('/')
|
97
|
-
@amount_of_properties = properties.size
|
98
|
-
properties.each_with_index do |property, index|
|
99
|
-
property = property.split(':')
|
100
|
-
@properties.push({ name: property[0], selected: property[1], position: index })
|
80
|
+
base_score
|
101
81
|
end
|
102
|
-
end
|
103
82
|
|
104
|
-
|
105
|
-
raise CvssSuite::Errors::InvalidVector, 'Vector is not valid!' unless valid?
|
106
|
-
end
|
83
|
+
private
|
107
84
|
|
108
|
-
|
109
|
-
|
85
|
+
def extract_metrics
|
86
|
+
properties = @vector.split('/')
|
87
|
+
@amount_of_properties = properties.size
|
88
|
+
properties.each_with_index do |property, index|
|
89
|
+
property = property.split(':')
|
90
|
+
@properties.push({ name: property[0], selected: property[1], position: index })
|
91
|
+
end
|
92
|
+
@properties = [] if @properties.group_by { |p| p[:name] }.select { |_k, v| v.size > 1 }.length.positive?
|
93
|
+
end
|
110
94
|
|
111
|
-
|
112
|
-
|
113
|
-
else
|
114
|
-
@vector[start_of_vector..-1]
|
95
|
+
def check_validity
|
96
|
+
raise CvssSuite::Errors::InvalidVector, 'Vector is not valid!' unless valid?
|
115
97
|
end
|
116
|
-
end
|
117
98
|
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
total ||= 0
|
99
|
+
def required_amount_of_properties
|
100
|
+
total = @base.count
|
101
|
+
total || 0
|
102
|
+
end
|
123
103
|
end
|
124
|
-
|
125
|
-
end
|
104
|
+
end
|