cvss-suite 1.2.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/rspec.yml +23 -0
- data/.github/workflows/rubocop.yml +22 -0
- data/.rubocop.yml +47 -1
- data/.rubocop_todo.yml +59 -0
- data/CHANGES.md +61 -1
- data/CNAME +1 -0
- data/CODE_OF_CONDUCT.md +3 -2
- data/Gemfile +3 -2
- data/LICENSE.md +2 -1
- data/README.md +21 -18
- data/_config.yml +1 -0
- data/bin/console +3 -3
- data/cvss_suite.gemspec +23 -16
- data/lib/cvss_suite/cvss.rb +77 -98
- data/lib/cvss_suite/cvss2/cvss2.rb +53 -30
- data/lib/cvss_suite/cvss2/cvss2_base.rb +72 -77
- data/lib/cvss_suite/cvss2/cvss2_environmental.rb +55 -56
- data/lib/cvss_suite/cvss2/cvss2_temporal.rb +43 -43
- data/lib/cvss_suite/cvss3/cvss3.rb +42 -38
- data/lib/cvss_suite/cvss3/cvss3_base.rb +75 -77
- data/lib/cvss_suite/cvss3/cvss3_environmental.rb +162 -111
- data/lib/cvss_suite/cvss3/cvss3_temporal.rb +44 -44
- data/lib/cvss_suite/cvss31/cvss31.rb +39 -30
- data/lib/cvss_suite/cvss31/cvss31_base.rb +69 -70
- data/lib/cvss_suite/cvss31/cvss31_environmental.rb +162 -111
- data/lib/cvss_suite/cvss31/cvss31_temporal.rb +44 -44
- data/lib/cvss_suite/cvss_metric.rb +37 -38
- data/lib/cvss_suite/cvss_property.rb +69 -57
- data/lib/cvss_suite/errors.rb +4 -1
- data/lib/cvss_suite/helpers/cvss31_helper.rb +28 -0
- data/lib/cvss_suite/helpers/cvss3_helper.rb +24 -17
- data/lib/cvss_suite/invalid_cvss.rb +42 -47
- data/lib/cvss_suite/version.rb +4 -3
- data/lib/cvss_suite.rb +46 -15
- metadata +23 -29
- data/.travis.yml +0 -4
- data/lib/cvss_suite/helpers/extensions.rb +0 -56
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8d6c9f7e41ba7184e8140cf17c6fc0a1b2dced70a3a0e80a603700c2517f413c
|
4
|
+
data.tar.gz: 8277aaf7c847feb0d83adcf96f33e85dbbaa4916bb84fb3b1fad5fc1eb99ef57
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3640b87d41a2b7533b756b416e115e8cde0bb4459a8aefe325d0db82816b48dc0b3f32bd2d6c9dde4ab48ec0bec94efc8572e0c94412618070a45ab04012dd04
|
7
|
+
data.tar.gz: fe15648aa4362009d44ef9159e38f40494b09911582845b29732cb6c6512694c6bdf4d3b57ec412a6e9e76c783c197746dd76a2cce79ce298facad8f4a8ac334
|
@@ -0,0 +1,23 @@
|
|
1
|
+
name: RSpec
|
2
|
+
|
3
|
+
on: [push,pull_request]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
build:
|
7
|
+
|
8
|
+
runs-on: ubuntu-latest
|
9
|
+
strategy:
|
10
|
+
matrix:
|
11
|
+
ruby: [ '2.6', '2.7', '3.0', '3.1' ]
|
12
|
+
steps:
|
13
|
+
- uses: actions/checkout@v2
|
14
|
+
- name: Set up ${{ matrix.ruby }}
|
15
|
+
uses: ruby/setup-ruby@v1
|
16
|
+
with:
|
17
|
+
ruby-version: ${{ matrix.ruby }}
|
18
|
+
- name: Install gems
|
19
|
+
run: |
|
20
|
+
gem install bundler -v ">= 1.10"
|
21
|
+
bundle install --jobs 4 --retry 3
|
22
|
+
- name: Run tests
|
23
|
+
run: bundle exec rspec spec
|
@@ -0,0 +1,22 @@
|
|
1
|
+
name: Rubocop
|
2
|
+
|
3
|
+
on: [push,pull_request]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
build:
|
7
|
+
|
8
|
+
runs-on: ubuntu-latest
|
9
|
+
|
10
|
+
steps:
|
11
|
+
- uses: actions/checkout@v2
|
12
|
+
- name: Set up Ruby 2.6
|
13
|
+
uses: ruby/setup-ruby@v1
|
14
|
+
with:
|
15
|
+
ruby-version: 2.6
|
16
|
+
- name: Install gems
|
17
|
+
run: |
|
18
|
+
gem update --system
|
19
|
+
gem install bundler -v ">= 1.10"
|
20
|
+
gem install rubocop
|
21
|
+
- name: Run checks
|
22
|
+
run: rubocop -F --fail-level C -f s
|
data/.rubocop.yml
CHANGED
@@ -1,2 +1,48 @@
|
|
1
|
+
inherit_from: .rubocop_todo.yml
|
2
|
+
|
3
|
+
AllCops:
|
4
|
+
TargetRubyVersion: 2.6
|
5
|
+
SuggestExtensions: false
|
6
|
+
|
1
7
|
Metrics/LineLength:
|
2
|
-
Max: 120
|
8
|
+
Max: 120
|
9
|
+
Exclude:
|
10
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
11
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
12
|
+
|
13
|
+
Metrics/ClassLength:
|
14
|
+
Exclude:
|
15
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
16
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
17
|
+
|
18
|
+
Metrics/MethodLength:
|
19
|
+
Exclude:
|
20
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
21
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
22
|
+
|
23
|
+
Metrics/BlockLength:
|
24
|
+
Exclude:
|
25
|
+
- 'spec/cvss2/cvss2_spec.rb'
|
26
|
+
- 'spec/cvss3/cvss3_spec.rb'
|
27
|
+
- 'spec/cvss31/cvss31_spec.rb'
|
28
|
+
|
29
|
+
Style/IfUnlessModifier:
|
30
|
+
Exclude:
|
31
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
32
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
33
|
+
|
34
|
+
Style/GuardClause:
|
35
|
+
Exclude:
|
36
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
37
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
38
|
+
|
39
|
+
Style/ConditionalAssignment:
|
40
|
+
Exclude:
|
41
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
42
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
43
|
+
|
44
|
+
Style/FrozenStringLiteralComment:
|
45
|
+
Enabled: false
|
46
|
+
|
47
|
+
Style/AsciiComments:
|
48
|
+
Enabled: false
|
data/.rubocop_todo.yml
ADDED
@@ -0,0 +1,59 @@
|
|
1
|
+
# This configuration was generated by
|
2
|
+
# `rubocop --auto-gen-config`
|
3
|
+
# on 2020-05-05 17:47:10 +0200 using RuboCop version 0.82.0.
|
4
|
+
# The point is for the user to remove these configuration records
|
5
|
+
# one by one as the offenses are removed from the code base.
|
6
|
+
# Note that changes in the inspected code, or installation of new
|
7
|
+
# versions of RuboCop, may require this file to be generated again.
|
8
|
+
|
9
|
+
# Offense count: 1
|
10
|
+
Lint/IneffectiveAccessModifier:
|
11
|
+
Exclude:
|
12
|
+
- 'lib/cvss_suite.rb'
|
13
|
+
|
14
|
+
# Offense count: 1
|
15
|
+
# Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
|
16
|
+
Lint/UselessAccessModifier:
|
17
|
+
Exclude:
|
18
|
+
- 'lib/cvss_suite.rb'
|
19
|
+
|
20
|
+
# Offense count: 8
|
21
|
+
# Configuration parameters: IgnoredMethods.
|
22
|
+
Metrics/AbcSize:
|
23
|
+
Max: 35
|
24
|
+
|
25
|
+
# Offense count: 5
|
26
|
+
# Configuration parameters: CountComments, ExcludedMethods.
|
27
|
+
# ExcludedMethods: refine
|
28
|
+
Metrics/BlockLength:
|
29
|
+
Max: 58
|
30
|
+
|
31
|
+
# Offense count: 2
|
32
|
+
# Configuration parameters: CountComments.
|
33
|
+
Metrics/ClassLength:
|
34
|
+
Max: 101
|
35
|
+
|
36
|
+
# Offense count: 1
|
37
|
+
# Configuration parameters: IgnoredMethods.
|
38
|
+
Metrics/CyclomaticComplexity:
|
39
|
+
Max: 9
|
40
|
+
|
41
|
+
# Offense count: 13
|
42
|
+
# Configuration parameters: CountComments, ExcludedMethods.
|
43
|
+
Metrics/MethodLength:
|
44
|
+
Max: 63
|
45
|
+
|
46
|
+
# Offense count: 1
|
47
|
+
# Configuration parameters: CountKeywordArgs.
|
48
|
+
Metrics/ParameterLists:
|
49
|
+
Max: 6
|
50
|
+
|
51
|
+
# Offense count: 1
|
52
|
+
# Configuration parameters: IgnoredMethods.
|
53
|
+
Metrics/PerceivedComplexity:
|
54
|
+
Max: 10
|
55
|
+
|
56
|
+
# Offense count: 1
|
57
|
+
Naming/AccessorMethodName:
|
58
|
+
Exclude:
|
59
|
+
- 'lib/cvss_suite/cvss_property.rb'
|
data/CHANGES.md
CHANGED
@@ -2,6 +2,66 @@
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
4
4
|
|
5
|
+
## [3.1.0] - 2022-09-27
|
6
|
+
|
7
|
+
### Fixes
|
8
|
+
* Metrics are no longer order-dependent. Fixes [#30](https://github.com/0llirocks/cvss-suite/issues/30)
|
9
|
+
|
10
|
+
### Improvements
|
11
|
+
* Temporal and Environmental metrics can now be partly omitted instead of setting them to X.
|
12
|
+
|
13
|
+
## [3.0.1] - 2022-03-13
|
14
|
+
|
15
|
+
### Notes
|
16
|
+
* Updated specification reference due to [Removing the edit linkset form](https://blog.rubygems.org/2019/03/08/and-then-there-was-one-metadata-links.html) and [Unable to edit gem online](https://github.com/rubygems/rubygems.org/issues/1899)
|
17
|
+
|
18
|
+
## [3.0.0] - 2022-03-13
|
19
|
+
|
20
|
+
### Breaking Changes
|
21
|
+
* Ruby >= 2.6 is now required
|
22
|
+
|
23
|
+
### Notes
|
24
|
+
* Moved repository to its new home
|
25
|
+
|
26
|
+
## [2.0.2] - 2020-12-05
|
27
|
+
|
28
|
+
### Fixes
|
29
|
+
* CVSS v2 now returns the correct severity values based on NVD recommendation
|
30
|
+
* CVSS v2 now supports vectors which are enclosed in parenthesis e.g. (AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
31
|
+
|
32
|
+
## [2.0.1] - 2020-07-19
|
33
|
+
|
34
|
+
### Fixes
|
35
|
+
Fixed an error that resulted in incorrect environmental score if modified attributes were not defined.
|
36
|
+
|
37
|
+
## [2.0.0] - 2020-05-10
|
38
|
+
|
39
|
+
### Breaking Changes
|
40
|
+
* Ruby >= 2.4 is now required
|
41
|
+
* Renamed choice/choices to value/values
|
42
|
+
|
43
|
+
### Improvements
|
44
|
+
* Added CvssSuite module to every class (thanks to @fwininger)
|
45
|
+
* Removed override for integer and float (thanks to @fwininger)
|
46
|
+
* Added rubocop to development environment (thanks to @fwininger)
|
47
|
+
|
48
|
+
### Notes
|
49
|
+
Adding CvssSuite module everywhere means it’s no longer possible to access a class without it. Since this only affects the undocumented and ‚internal‘ classes this should not affect you. If you’re using them, stop it.
|
50
|
+
|
51
|
+
Still works:
|
52
|
+
|
53
|
+
```ruby
|
54
|
+
cvss = CvssSuite.new('string')
|
55
|
+
```
|
56
|
+
|
57
|
+
Won’t work anymore (without any code change):
|
58
|
+
|
59
|
+
```ruby
|
60
|
+
cvss = Cvss31.new('string')
|
61
|
+
```
|
62
|
+
|
63
|
+
This would need to be CvssSuite::Cvss31.new('string') to work. Or you could include the whole namespace.
|
64
|
+
|
5
65
|
## [1.2.0] - 2019-07-02
|
6
66
|
|
7
67
|
### Notes
|
@@ -71,4 +131,4 @@ Tried to fix an error. It turned out to be a local problem. Due to this I increa
|
|
71
131
|
|
72
132
|
## [1.0.0] - 2016-04-15
|
73
133
|
### Initial release
|
74
|
-
First release of this gem.
|
134
|
+
First release of this gem.
|
data/CNAME
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
cvss-suite.0lli.rocks
|
data/CODE_OF_CONDUCT.md
CHANGED
@@ -1,8 +1,9 @@
|
|
1
1
|
CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
|
3
|
-
Copyright (c) Siemens AG
|
3
|
+
Copyright (c) 2016-2022 Siemens AG
|
4
|
+
Copyright (c) 2022 0llirocks
|
4
5
|
|
5
|
-
Authors:
|
6
|
+
Authors: 0llirocks <http://0lli.rocks>
|
6
7
|
|
7
8
|
This work is licensed under the terms of the MIT license.
|
8
9
|
See the LICENSE.md file in the top-level directory.
|
data/Gemfile
CHANGED
@@ -1,9 +1,10 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) Siemens AG
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
4
|
+
# Copyright (c) 2022 0llirocks
|
4
5
|
#
|
5
6
|
# Authors:
|
6
|
-
#
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
7
8
|
#
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
data/LICENSE.md
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
The MIT License (MIT)
|
2
2
|
|
3
|
-
Copyright (c) 2016 Siemens AG
|
3
|
+
Copyright (c) 2016-2022 Siemens AG
|
4
|
+
Copyright (c) 2022 0llirocks
|
4
5
|
|
5
6
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
6
7
|
this software and associated documentation files (the "Software"), to deal in
|
data/README.md
CHANGED
@@ -1,10 +1,11 @@
|
|
1
|
-
# CvssSuite
|
1
|
+
# CvssSuite for Ruby
|
2
2
|
|
3
3
|
[](https://rubygems.org/gems/cvss-suite)
|
4
|
-
[](https://rubygems.org/gems/cvss-suite)
|
5
5
|
[](https://www.first.org/cvss/v2/guide)
|
6
6
|
[](https://www.first.org/cvss/v3.0/user-guide)
|
7
7
|
[](https://www.first.org/cvss/v3.1/user-guide)
|
8
|
+
[](https://github.com/0llirocks/cvss-suite/actions)
|
8
9
|
|
9
10
|
This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
|
10
11
|
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
|
@@ -25,6 +26,14 @@ Or install it yourself as:
|
|
25
26
|
|
26
27
|
$ gem install cvss-suite
|
27
28
|
|
29
|
+
## Version 2.x
|
30
|
+
|
31
|
+
If you are still using CvssSuite 2.x please refer to the [specific branch](https://github.com/0llirocks/cvss-suite/tree/2.x) for documentation and changelog.
|
32
|
+
|
33
|
+
## Version 1.x
|
34
|
+
|
35
|
+
If you are still using CvssSuite 1.x please refer to the [specific branch](https://github.com/0llirocks/cvss-suite/tree/1.x) for documentation and changelog.
|
36
|
+
|
28
37
|
## Usage
|
29
38
|
|
30
39
|
```ruby
|
@@ -61,15 +70,15 @@ overall_score = cvss.overall_score # 3.2
|
|
61
70
|
access_vector = cvss.base.access_vector.name # 'Access Vector'
|
62
71
|
remediation_level = cvss.temporal.remediation_level.name # 'Remediation Level'
|
63
72
|
|
64
|
-
access_vector.
|
65
|
-
|
66
|
-
|
67
|
-
|
73
|
+
access_vector.values.each do |value|
|
74
|
+
value[:name] # 'Local', 'Adjacent Network', 'Network'
|
75
|
+
value[:abbreviation] # 'L', 'A', 'N'
|
76
|
+
value[:selected] # false, true, false
|
68
77
|
end
|
69
78
|
|
70
79
|
# Selected options
|
71
|
-
cvss.base.access_vector.
|
72
|
-
cvss.temporal.remediation_level.
|
80
|
+
cvss.base.access_vector.selected_value[:name] # Adjacent Network
|
81
|
+
cvss.temporal.remediation_level.selected_value[:name] # Temporary Fix
|
73
82
|
|
74
83
|
# Exceptions
|
75
84
|
|
@@ -91,23 +100,17 @@ valid = cvss.valid? # false
|
|
91
100
|
cvss.base_score # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!
|
92
101
|
```
|
93
102
|
|
94
|
-
## Notable Features
|
95
|
-
|
96
|
-
Properties (Access Vector, Remediation Level, etc) do have a position attribute, with this they can be ordered the same way they appear in the vector.
|
97
|
-
|
98
103
|
## Known Issues
|
99
104
|
|
100
|
-
Currently it is not possible to leave an attribute blank instead of ND/X. If you don't have a value for an attribute, please use ND/X instead.
|
101
|
-
|
102
|
-
Because the documentation isn't clear on how to calculate the score if Modified Scope (CVSS 3.0 Environmental) is not defined, Modified Scope has to have a valid value (S/U).
|
103
|
-
|
104
105
|
There is a possibility of implementations generating different scores (+/- 0,1) due to small floating-point inaccuracies. This can happen due to differences in floating point arithmetic between different languages and hardware platforms.
|
105
106
|
|
106
107
|
## Changelog
|
107
108
|
|
108
|
-
[Click here to see all changes.](https://
|
109
|
+
[Click here to see all changes.](https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md)
|
109
110
|
|
110
111
|
## Contributing
|
111
112
|
|
112
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
113
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/0llirocks/cvss-suite. This project is intended to be a safe, welcoming space for collaboration.
|
113
114
|
|
115
|
+
## References
|
116
|
+
[CvssSuite for .NET](https://cvsssuite.0lli.rocks)
|
data/_config.yml
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
theme: jekyll-theme-cayman
|
data/bin/console
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require 'bundler/setup'
|
4
|
+
require 'cvss_suite'
|
5
5
|
|
6
6
|
# You can add fixtures and/or initialization code here to make experimenting
|
7
7
|
# with your gem easier. You can also use a different console, if you like.
|
@@ -10,5 +10,5 @@ require "cvss_suite"
|
|
10
10
|
# require "pry"
|
11
11
|
# Pry.start
|
12
12
|
|
13
|
-
require
|
13
|
+
require 'irb'
|
14
14
|
IRB.start
|
data/cvss_suite.gemspec
CHANGED
@@ -1,15 +1,17 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) Siemens AG
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
4
|
+
# Copyright (c) 2022 0llirocks
|
4
5
|
#
|
5
6
|
# Authors:
|
6
|
-
#
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
7
8
|
#
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
10
11
|
|
11
12
|
# coding: utf-8
|
12
|
-
|
13
|
+
|
14
|
+
lib = File.expand_path('lib', __dir__)
|
13
15
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
14
16
|
require 'cvss_suite/version'
|
15
17
|
|
@@ -17,24 +19,29 @@ Gem::Specification.new do |spec|
|
|
17
19
|
spec.name = 'cvss-suite'
|
18
20
|
spec.version = CvssSuite::VERSION
|
19
21
|
spec.license = 'MIT'
|
20
|
-
spec.authors = [
|
21
|
-
|
22
|
+
spec.authors = ['0llirocks']
|
23
|
+
|
24
|
+
spec.summary = 'Ruby gem for processing cvss vectors.'
|
25
|
+
spec.description = 'This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
|
26
|
+
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.'
|
22
27
|
|
23
|
-
spec.
|
24
|
-
|
25
|
-
|
26
|
-
|
28
|
+
spec.metadata = {
|
29
|
+
'bug_tracker_uri' => 'https://github.com/0llirocks/cvss-suite/issues',
|
30
|
+
'changelog_uri' => 'https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md',
|
31
|
+
'documentation_uri' => "https://www.rubydoc.info/gems/cvss-suite/#{CvssSuite::VERSION}",
|
32
|
+
'homepage_uri' => 'https://cvss-suite.0lli.rocks',
|
33
|
+
'source_code_uri' => 'https://github.com/0llirocks/cvss-suite'
|
34
|
+
}
|
27
35
|
|
28
|
-
spec.required_ruby_version = '>= 2.
|
36
|
+
spec.required_ruby_version = '>= 2.6.0'
|
29
37
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
30
38
|
spec.bindir = 'exe'
|
31
39
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
32
40
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
33
|
-
spec.require_paths = [
|
41
|
+
spec.require_paths = ['lib']
|
34
42
|
|
35
|
-
spec.add_development_dependency
|
36
|
-
spec.add_development_dependency
|
37
|
-
spec.add_development_dependency
|
38
|
-
spec.add_development_dependency
|
39
|
-
spec.add_development_dependency "simplecov", "~> 0.11.2"
|
43
|
+
spec.add_development_dependency 'bundler', '>= 1.10'
|
44
|
+
spec.add_development_dependency 'rspec', '~> 3.4'
|
45
|
+
spec.add_development_dependency 'rspec-its', '~> 1.2'
|
46
|
+
spec.add_development_dependency 'simplecov', '~> 0.18'
|
40
47
|
end
|
data/lib/cvss_suite/cvss.rb
CHANGED
@@ -1,125 +1,104 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) Siemens AG
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
4
|
+
# Copyright (c) 2022 0llirocks
|
4
5
|
#
|
5
6
|
# Authors:
|
6
|
-
#
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
7
8
|
#
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
10
11
|
|
11
|
-
|
12
|
-
# This class represents any CVSS vector. Do not instantiate this class!
|
13
|
-
|
14
|
-
class Cvss
|
15
|
-
|
16
|
-
##
|
17
|
-
# Metric of a CVSS vector.
|
18
|
-
|
19
|
-
attr_reader :base, :temporal, :environmental
|
20
|
-
|
21
|
-
##
|
22
|
-
# Returns version of current CVSS vector.
|
23
|
-
|
24
|
-
attr_reader :version
|
25
|
-
|
12
|
+
module CvssSuite
|
26
13
|
##
|
27
|
-
#
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
14
|
+
# This class represents any CVSS vector. Do not instantiate this class!
|
15
|
+
class Cvss
|
16
|
+
##
|
17
|
+
# Metric of a CVSS vector.
|
18
|
+
attr_reader :base, :temporal, :environmental
|
19
|
+
|
20
|
+
##
|
21
|
+
# Returns the vector itself.
|
22
|
+
attr_reader :vector
|
23
|
+
|
24
|
+
##
|
25
|
+
# Creates a new CVSS vector by a +vector+.
|
26
|
+
#
|
27
|
+
# Raises an exception if it is called on Cvss class.
|
28
|
+
def initialize(vector)
|
29
|
+
raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if instance_of? Cvss
|
30
|
+
|
31
|
+
@vector = vector
|
32
|
+
@properties = []
|
33
|
+
extract_metrics
|
34
|
+
init_metrics
|
35
|
+
end
|
47
36
|
|
48
|
-
|
49
|
-
if
|
37
|
+
##
|
38
|
+
# Returns if CVSS vector is valid.
|
39
|
+
def valid?
|
40
|
+
if @amount_of_properties >= required_amount_of_properties
|
50
41
|
base = @base.valid?
|
51
42
|
temporal = @base.valid? && @temporal.valid?
|
52
43
|
environmental = @base.valid? && @environmental.valid?
|
53
44
|
full = @base.valid? && @temporal.valid? && @environmental.valid?
|
54
45
|
base || temporal || environmental || full
|
55
|
-
|
56
|
-
|
46
|
+
else
|
47
|
+
false
|
48
|
+
end
|
57
49
|
end
|
58
|
-
end
|
59
|
-
|
60
|
-
##
|
61
|
-
# Returns the severity of the CVSS vector.
|
62
|
-
|
63
|
-
def severity
|
64
|
-
check_validity
|
65
|
-
|
66
|
-
score = overall_score
|
67
50
|
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
51
|
+
##
|
52
|
+
# Returns the severity of the CVSS vector.
|
53
|
+
def severity
|
54
|
+
check_validity
|
55
|
+
|
56
|
+
score = overall_score
|
57
|
+
|
58
|
+
if score <= 0.0
|
59
|
+
'None'
|
60
|
+
elsif (0.1..3.9).cover? score
|
61
|
+
'Low'
|
62
|
+
elsif (4.0..6.9).cover? score
|
63
|
+
'Medium'
|
64
|
+
elsif (7.0..8.9).cover? score
|
65
|
+
'High'
|
66
|
+
elsif (9.0..10.0).cover? score
|
67
|
+
'Critical'
|
68
|
+
else
|
69
|
+
'None'
|
70
|
+
end
|
80
71
|
end
|
81
|
-
end
|
82
|
-
|
83
|
-
##
|
84
|
-
# Returns the Overall Score of the CVSS vector.
|
85
72
|
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
73
|
+
##
|
74
|
+
# Returns the Overall Score of the CVSS vector.
|
75
|
+
def overall_score
|
76
|
+
check_validity
|
77
|
+
return temporal_score if @temporal.valid? && !@environmental.valid?
|
78
|
+
return environmental_score if @environmental.valid?
|
92
79
|
|
93
|
-
|
94
|
-
|
95
|
-
def extract_metrics
|
96
|
-
properties = prepared_vector.split('/')
|
97
|
-
@amount_of_properties = properties.size
|
98
|
-
properties.each_with_index do |property, index|
|
99
|
-
property = property.split(':')
|
100
|
-
@properties.push({ name: property[0], selected: property[1], position: index })
|
80
|
+
base_score
|
101
81
|
end
|
102
|
-
end
|
103
82
|
|
104
|
-
|
105
|
-
raise CvssSuite::Errors::InvalidVector, 'Vector is not valid!' unless valid?
|
106
|
-
end
|
83
|
+
private
|
107
84
|
|
108
|
-
|
109
|
-
|
85
|
+
def extract_metrics
|
86
|
+
properties = @vector.split('/')
|
87
|
+
@amount_of_properties = properties.size
|
88
|
+
properties.each_with_index do |property, index|
|
89
|
+
property = property.split(':')
|
90
|
+
@properties.push({ name: property[0], selected: property[1], position: index })
|
91
|
+
end
|
92
|
+
@properties = [] if @properties.group_by { |p| p[:name] }.select { |_k, v| v.size > 1 }.length.positive?
|
93
|
+
end
|
110
94
|
|
111
|
-
|
112
|
-
|
113
|
-
else
|
114
|
-
@vector[start_of_vector..-1]
|
95
|
+
def check_validity
|
96
|
+
raise CvssSuite::Errors::InvalidVector, 'Vector is not valid!' unless valid?
|
115
97
|
end
|
116
|
-
end
|
117
98
|
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
total ||= 0
|
99
|
+
def required_amount_of_properties
|
100
|
+
total = @base.count
|
101
|
+
total || 0
|
102
|
+
end
|
123
103
|
end
|
124
|
-
|
125
|
-
end
|
104
|
+
end
|