cvss-suite 1.2.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,52 +1,75 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) Siemens AG, 2016
3
+ # Copyright (c) 2016-2022 Siemens AG
4
+ # Copyright (c) 2022 0llirocks
4
5
  #
5
6
  # Authors:
6
- # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ # 0llirocks <http://0lli.rocks>
7
8
  #
8
9
  # This work is licensed under the terms of the MIT license.
9
10
  # See the LICENSE.md file in the top-level directory.
10
11
 
11
- require_relative '../../../lib/cvss_suite/cvss'
12
+ require_relative '../cvss'
12
13
  require_relative 'cvss2_base'
13
14
  require_relative 'cvss2_temporal'
14
15
  require_relative 'cvss2_environmental'
15
16
 
16
- ##
17
- # This class represents a CVSS vector in version 2.
17
+ module CvssSuite
18
+ ##
19
+ # This class represents a CVSS vector in version 2.
20
+ class Cvss2 < Cvss
21
+ ##
22
+ # Returns the Version of the CVSS vector.
23
+ def version
24
+ 2
25
+ end
18
26
 
19
- class Cvss2 < Cvss
27
+ # Returns the severity of the CVSSv2 vector.
28
+ # https://nvd.nist.gov/vuln-metrics/cvss
29
+ def severity
30
+ check_validity
20
31
 
21
- ##
22
- # Returns the Base Score of the CVSS vector.
32
+ score = overall_score
23
33
 
24
- def base_score
25
- check_validity
26
- @base.score.round(1)
27
- end
34
+ case score
35
+ when 0.0..3.9
36
+ 'Low'
37
+ when 4.0..6.9
38
+ 'Medium'
39
+ when 7.0..10.0
40
+ 'High'
41
+ else
42
+ 'None'
43
+ end
44
+ end
28
45
 
29
- ##
30
- # Returns the Temporal Score of the CVSS vector.
46
+ ##
47
+ # Returns the Base Score of the CVSS vector.
48
+ def base_score
49
+ check_validity
50
+ @base.score.round(1)
51
+ end
31
52
 
32
- def temporal_score
33
- (base_score * @temporal.score).round(1)
34
- end
53
+ ##
54
+ # Returns the Temporal Score of the CVSS vector.
55
+ def temporal_score
56
+ (base_score * @temporal.score).round(1)
57
+ end
35
58
 
36
- ##
37
- # Returns the Environmental Score of the CVSS vector.
59
+ ##
60
+ # Returns the Environmental Score of the CVSS vector.
61
+ def environmental_score
62
+ return temporal_score unless @environmental.valid?
38
63
 
39
- def environmental_score
40
- return temporal_score unless @environmental.valid?
41
- (@environmental.score @base, @temporal.score).round(1)
42
- end
64
+ (@environmental.score @base, @temporal.score).round(1)
65
+ end
43
66
 
44
- private
67
+ private
45
68
 
46
- def init_metrics
47
- @base = Cvss2Base.new(@properties)
48
- @temporal = Cvss2Temporal.new(@properties)
49
- @environmental = Cvss2Environmental.new(@properties)
69
+ def init_metrics
70
+ @base = Cvss2Base.new(@properties)
71
+ @temporal = Cvss2Temporal.new(@properties)
72
+ @environmental = Cvss2Environmental.new(@properties)
73
+ end
50
74
  end
51
-
52
- end
75
+ end
@@ -1,9 +1,10 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) Siemens AG, 2016
3
+ # Copyright (c) 2016-2022 Siemens AG
4
+ # Copyright (c) 2022 0llirocks
4
5
  #
5
6
  # Authors:
6
- # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ # 0llirocks <http://0lli.rocks>
7
8
  #
8
9
  # This work is licensed under the terms of the MIT license.
9
10
  # See the LICENSE.md file in the top-level directory.
@@ -11,81 +12,75 @@
11
12
  require_relative '../cvss_property'
12
13
  require_relative '../cvss_metric'
13
14
 
14
- ##
15
- # This class represents a CVSS Base metric in version 2.
16
-
17
- class Cvss2Base < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :access_vector, :access_complexity, :authentication,
23
- :confidentiality_impact, :integrity_impact, :availability_impact
24
-
15
+ module CvssSuite
25
16
  ##
26
- # Returns the base score of the CVSS vector. The calculation is based on formula version 2.10 .
27
- # See CVSS documentation for further information https://www.first.org/cvss/v2/guide#i3.2.1 .
28
- #
29
- # Takes +Security+ +Requirement+ +Impacts+ for calculating environmental score.
30
-
31
- def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
32
-
33
- impact = calc_impact sr_cr_score, sr_ir_score, sr_ar_score
34
-
35
- exploitability = calc_exploitability
36
-
37
- additional_impact = (impact == 0 ? 0 : 1.176)
38
-
39
- ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
40
-
17
+ # This class represents a CVSS Base metric in version 2.
18
+ class Cvss2Base < CvssMetric
19
+ ##
20
+ # Property of this metric
21
+ attr_reader :access_vector, :access_complexity, :authentication,
22
+ :confidentiality_impact, :integrity_impact, :availability_impact
23
+
24
+ ##
25
+ # Returns the base score of the CVSS vector. The calculation is based on formula version 2.10 .
26
+ # See CVSS documentation for further information https://www.first.org/cvss/v2/guide#i3.2.1 .
27
+ #
28
+ # Takes +Security+ +Requirement+ +Impacts+ for calculating environmental score.
29
+ def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
30
+ impact = calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
31
+
32
+ exploitability = calc_exploitability
33
+
34
+ additional_impact = (impact.zero? ? 0 : 1.176)
35
+
36
+ ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
37
+ end
38
+
39
+ private
40
+
41
+ def init_properties
42
+ @properties.push(@access_vector =
43
+ CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
44
+ values: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
45
+ { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
46
+ { name: 'Local', abbreviation: 'L', weight: 0.395 }]))
47
+ @properties.push(@access_complexity =
48
+ CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
49
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
50
+ { name: 'Medium', abbreviation: 'M', weight: 0.61 },
51
+ { name: 'High', abbreviation: 'H', weight: 0.35 }]))
52
+ @properties.push(@authentication =
53
+ CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
54
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
55
+ { name: 'Single', abbreviation: 'S', weight: 0.56 },
56
+ { name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
57
+ @properties.push(@confidentiality_impact =
58
+ CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
59
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
60
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
61
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
62
+ @properties.push(@integrity_impact =
63
+ CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
64
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
65
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
66
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
67
+ @properties.push(@availability_impact =
68
+ CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
69
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
70
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
71
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
72
+ end
73
+
74
+ def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
75
+ confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score
76
+ integrity_score = 1 - @integrity_impact.score * sr_ir_score
77
+ availability_score = 1 - @availability_impact.score * sr_ar_score
78
+
79
+ [10, 10.41 * (1 - confidentiality_score * integrity_score * availability_score)].min
80
+ end
81
+
82
+ def calc_exploitability
83
+ 20 * @access_vector.score * @access_complexity.score * @authentication.score
84
+ end
41
85
  end
42
-
43
- private
44
-
45
- def init_properties
46
- @properties.push(@access_vector =
47
- CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
48
- choices: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
49
- { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
50
- { name: 'Local', abbreviation: 'L', weight: 0.395 }]))
51
- @properties.push(@access_complexity =
52
- CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
53
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
54
- { name: 'Medium', abbreviation: 'M', weight: 0.61 },
55
- { name: 'High', abbreviation: 'H', weight: 0.35 }]))
56
- @properties.push(@authentication =
57
- CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
58
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
59
- { name: 'Single', abbreviation: 'S', weight: 0.56 },
60
- { name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
61
- @properties.push(@confidentiality_impact =
62
- CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
63
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
64
- { name: 'Partial', abbreviation: 'P', weight: 0.275 },
65
- { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
66
- @properties.push(@integrity_impact =
67
- CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
68
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
69
- { name: 'Partial', abbreviation: 'P', weight: 0.275 },
70
- { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
71
- @properties.push(@availability_impact =
72
- CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
73
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0},
74
- { name: 'Partial', abbreviation: 'P', weight: 0.275},
75
- { name: 'Complete', abbreviation: 'C', weight: 0.66}]))
76
- end
77
-
78
- def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
79
- confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score
80
- integrity_score = 1 - @integrity_impact.score * sr_ir_score
81
- availability_score = 1 - @availability_impact.score * sr_ar_score
82
-
83
- [10, 10.41 * (1-confidentiality_score*integrity_score*availability_score)].min
84
- end
85
-
86
- def calc_exploitability
87
- 20 * @access_vector.score * @access_complexity.score * @authentication.score
88
- end
89
-
90
86
  end
91
-
@@ -1,9 +1,10 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) Siemens AG, 2016
3
+ # Copyright (c) 2016-2022 Siemens AG
4
+ # Copyright (c) 2022 0llirocks
4
5
  #
5
6
  # Authors:
6
- # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ # 0llirocks <http://0lli.rocks>
7
8
  #
8
9
  # This work is licensed under the terms of the MIT license.
9
10
  # See the LICENSE.md file in the top-level directory.
@@ -11,64 +12,62 @@
11
12
  require_relative '../cvss_property'
12
13
  require_relative '../cvss_metric'
13
14
 
14
- ##
15
- # This class represents a CVSS Environmental metric in version 2.
16
-
17
- class Cvss2Environmental < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :collateral_damage_potential, :target_distribution, :security_requirements_cr,
23
- :security_requirements_ir, :security_requirements_ar
24
-
15
+ module CvssSuite
25
16
  ##
26
- # Returns score of this metric
27
-
28
- def score(base, temporal_score)
29
- base_score = (base.score @security_requirements_cr.score, @security_requirements_ir.score, @security_requirements_ar.score).round(1)
17
+ # This class represents a CVSS Environmental metric in version 2.
18
+ class Cvss2Environmental < CvssMetric
19
+ ##
20
+ # Property of this metric
21
+ attr_reader :collateral_damage_potential, :target_distribution, :security_requirements_cr,
22
+ :security_requirements_ir, :security_requirements_ar
30
23
 
31
- adjusted_temporal = (base_score * temporal_score).round(1)
32
- (adjusted_temporal + (10 - adjusted_temporal) * @collateral_damage_potential.score) * @target_distribution.score
24
+ ##
25
+ # Returns score of this metric
26
+ def score(base, temporal_score)
27
+ base_score = base.score(@security_requirements_cr.score,
28
+ @security_requirements_ir.score,
29
+ @security_requirements_ar.score).round(1)
33
30
 
34
- end
31
+ adjusted_temporal = (base_score * temporal_score).round(1)
32
+ (adjusted_temporal + (10 - adjusted_temporal) * @collateral_damage_potential.score) * @target_distribution.score
33
+ end
35
34
 
36
- private
35
+ private
37
36
 
38
- def init_properties
39
- @properties.push(@collateral_damage_potential =
40
- CvssProperty.new(name: 'Collateral Damage Potential', abbreviation: 'CDP', position: [6, 9],
41
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
42
- { name: 'Low', abbreviation: 'L', weight: 0.1 },
43
- { name: 'Low-Medium', abbreviation: 'LM', weight: 0.3 },
44
- { name: 'Medium-High', abbreviation: 'MH', weight: 0.4 },
45
- { name: 'High', abbreviation: 'H', weight: 0.5 },
46
- { name: 'Not Defined', abbreviation: 'ND', weight: 0.0 }]))
47
- @properties.push(@target_distribution =
48
- CvssProperty.new(name: 'Target Distribution', abbreviation: 'TD', position: [7, 10],
49
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
50
- { name: 'Low', abbreviation: 'L', weight: 0.25 },
51
- { name: 'Medium', abbreviation: 'M', weight: 0.75 },
52
- { name: 'High', abbreviation: 'H', weight: 1.0 },
53
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
54
- @properties.push(@security_requirements_cr =
55
- CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
56
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
57
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
58
- { name: 'High', abbreviation: 'H', weight: 1.51 },
59
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
60
- @properties.push(@security_requirements_ir =
61
- CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
62
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
63
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
64
- { name: 'High', abbreviation: 'H', weight: 1.51 },
65
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
66
- @properties.push(@security_requirements_ar =
67
- CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
68
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
69
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
70
- { name: 'High', abbreviation: 'H', weight: 1.51 },
71
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
37
+ def init_properties
38
+ @properties.push(@collateral_damage_potential =
39
+ CvssProperty.new(name: 'Collateral Damage Potential', abbreviation: 'CDP', position: [6, 9],
40
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
41
+ { name: 'Low', abbreviation: 'L', weight: 0.1 },
42
+ { name: 'Low-Medium', abbreviation: 'LM', weight: 0.3 },
43
+ { name: 'Medium-High', abbreviation: 'MH', weight: 0.4 },
44
+ { name: 'High', abbreviation: 'H', weight: 0.5 },
45
+ { name: 'Not Defined', abbreviation: 'ND', weight: 0.0 }]))
46
+ @properties.push(@target_distribution =
47
+ CvssProperty.new(name: 'Target Distribution', abbreviation: 'TD', position: [7, 10],
48
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
49
+ { name: 'Low', abbreviation: 'L', weight: 0.25 },
50
+ { name: 'Medium', abbreviation: 'M', weight: 0.75 },
51
+ { name: 'High', abbreviation: 'H', weight: 1.0 },
52
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
53
+ @properties.push(@security_requirements_cr =
54
+ CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
55
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
56
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
57
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
58
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
59
+ @properties.push(@security_requirements_ir =
60
+ CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
61
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
62
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
63
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
64
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
65
+ @properties.push(@security_requirements_ar =
66
+ CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
67
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
68
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
69
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
70
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
71
+ end
72
72
  end
73
73
  end
74
-
@@ -1,9 +1,10 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) Siemens AG, 2016
3
+ # Copyright (c) 2016-2022 Siemens AG
4
+ # Copyright (c) 2022 0llirocks
4
5
  #
5
6
  # Authors:
6
- # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ # 0llirocks <http://0lli.rocks>
7
8
  #
8
9
  # This work is licensed under the terms of the MIT license.
9
10
  # See the LICENSE.md file in the top-level directory.
@@ -11,47 +12,46 @@
11
12
  require_relative '../cvss_property'
12
13
  require_relative '../cvss_metric'
13
14
 
14
- ##
15
- # This class represents a CVSS Temporal metric in version 2.
16
-
17
- class Cvss2Temporal < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :exploitability, :remediation_level, :report_confidence
23
-
15
+ module CvssSuite
24
16
  ##
25
- # Returns score of this metric
26
-
27
- def score
28
- return 1 unless valid?
29
- @exploitability.score * @remediation_level.score * @report_confidence.score
30
- end
31
-
32
- private
33
-
34
- def init_properties
35
- @properties.push(@exploitability =
36
- CvssProperty.new(name: 'Exploitability', abbreviation: 'E', position: [6],
37
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
38
- { name: 'Unproven', abbreviation: 'U', weight: 0.85 },
39
- { name: 'Proof-of-Concept', abbreviation: 'POC', weight: 0.9 },
40
- { name: 'Functional', abbreviation: 'F', weight: 0.95 },
41
- { name: 'High', abbreviation: 'H', weight: 1 }]))
42
- @properties.push(@remediation_level =
43
- CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [7],
44
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
45
- { name: 'Official Fix', abbreviation: 'OF', weight: 0.87 },
46
- { name: 'Temporary Fix', abbreviation: 'TF', weight: 0.9 },
47
- { name: 'Workaround', abbreviation: 'W', weight: 0.95 },
48
- { name: 'Unavailable', abbreviation: 'U', weight: 1 }]))
49
-
50
- @properties.push(@report_confidence =
51
- CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [8],
52
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
53
- { name: 'Unconfirmed', abbreviation: 'UC', weight: 0.9 },
54
- { name: 'Uncorroborated', abbreviation: 'UR', weight: 0.95 },
55
- { name: 'Confirmed', abbreviation: 'C', weight: 1 }]))
17
+ # This class represents a CVSS Temporal metric in version 2.
18
+ class Cvss2Temporal < CvssMetric
19
+ ##
20
+ # Property of this metric
21
+ attr_reader :exploitability, :remediation_level, :report_confidence
22
+
23
+ ##
24
+ # Returns score of this metric
25
+ def score
26
+ return 1 unless valid?
27
+
28
+ @exploitability.score * @remediation_level.score * @report_confidence.score
29
+ end
30
+
31
+ private
32
+
33
+ def init_properties
34
+ @properties.push(@exploitability =
35
+ CvssProperty.new(name: 'Exploitability', abbreviation: 'E', position: [6],
36
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
37
+ { name: 'Unproven', abbreviation: 'U', weight: 0.85 },
38
+ { name: 'Proof-of-Concept', abbreviation: 'POC', weight: 0.9 },
39
+ { name: 'Functional', abbreviation: 'F', weight: 0.95 },
40
+ { name: 'High', abbreviation: 'H', weight: 1 }]))
41
+ @properties.push(@remediation_level =
42
+ CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [7],
43
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
44
+ { name: 'Official Fix', abbreviation: 'OF', weight: 0.87 },
45
+ { name: 'Temporary Fix', abbreviation: 'TF', weight: 0.9 },
46
+ { name: 'Workaround', abbreviation: 'W', weight: 0.95 },
47
+ { name: 'Unavailable', abbreviation: 'U', weight: 1 }]))
48
+
49
+ @properties.push(@report_confidence =
50
+ CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [8],
51
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
52
+ { name: 'Unconfirmed', abbreviation: 'UC', weight: 0.9 },
53
+ { name: 'Uncorroborated', abbreviation: 'UR', weight: 0.95 },
54
+ { name: 'Confirmed', abbreviation: 'C', weight: 1 }]))
55
+ end
56
56
  end
57
57
  end
@@ -1,52 +1,56 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) Siemens AG, 2016
3
+ # Copyright (c) 2016-2022 Siemens AG
4
+ # Copyright (c) 2022 0llirocks
4
5
  #
5
6
  # Authors:
6
- # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ # 0llirocks <http://0lli.rocks>
7
8
  #
8
9
  # This work is licensed under the terms of the MIT license.
9
10
  # See the LICENSE.md file in the top-level directory.
10
11
 
11
- require_relative '../../../lib/cvss_suite/cvss'
12
+ require_relative '../cvss'
12
13
  require_relative 'cvss3_base'
13
14
  require_relative 'cvss3_temporal'
14
15
  require_relative 'cvss3_environmental'
15
16
 
16
- ##
17
- # This class represents a CVSS vector in version 3.0.
18
-
19
- class Cvss3 < Cvss
20
-
21
- ##
22
- # Returns the Base Score of the CVSS vector.
23
-
24
- def base_score
25
- check_validity
26
- @base.score.round_up(1)
27
- end
28
-
17
+ module CvssSuite
29
18
  ##
30
- # Returns the Temporal Score of the CVSS vector.
31
-
32
- def temporal_score
33
- (@base.score.round_up(1) * @temporal.score).round_up(1)
19
+ # This class represents a CVSS vector in version 3.0.
20
+ class Cvss3 < Cvss
21
+ ##
22
+ # Returns the Version of the CVSS vector.
23
+ def version
24
+ 3.0
25
+ end
26
+
27
+ ##
28
+ # Returns the Base Score of the CVSS vector.
29
+ def base_score
30
+ check_validity
31
+ Cvss3Helper.round_up(@base.score)
32
+ end
33
+
34
+ ##
35
+ # Returns the Temporal Score of the CVSS vector.
36
+ def temporal_score
37
+ Cvss3Helper.round_up(Cvss3Helper.round_up(@base.score) * @temporal.score)
38
+ end
39
+
40
+ ##
41
+ # Returns the Environmental Score of the CVSS vector.
42
+ def environmental_score
43
+ return temporal_score unless @environmental.valid?
44
+
45
+ Cvss3Helper.round_up(@environmental.score(@base, @temporal))
46
+ end
47
+
48
+ private
49
+
50
+ def init_metrics
51
+ @base = Cvss3Base.new(@properties)
52
+ @temporal = Cvss3Temporal.new(@properties)
53
+ @environmental = Cvss3Environmental.new(@properties)
54
+ end
34
55
  end
35
-
36
- ##
37
- # Returns the Environmental Score of the CVSS vector.
38
-
39
- def environmental_score
40
- return temporal_score unless @environmental.valid?
41
- (@environmental.score @temporal.score).round_up(1)
42
- end
43
-
44
- private
45
-
46
- def init_metrics
47
- @base = Cvss3Base.new(@properties)
48
- @temporal = Cvss3Temporal.new(@properties)
49
- @environmental = Cvss3Environmental.new(@properties)
50
- end
51
-
52
- end
56
+ end