cvss-suite 1.2.0 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (38) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/rspec.yml +23 -0
  3. data/.github/workflows/rubocop.yml +22 -0
  4. data/.rubocop.yml +47 -1
  5. data/.rubocop_todo.yml +59 -0
  6. data/CHANGES.md +61 -1
  7. data/CNAME +1 -0
  8. data/CODE_OF_CONDUCT.md +3 -2
  9. data/Gemfile +3 -2
  10. data/LICENSE.md +2 -1
  11. data/README.md +21 -18
  12. data/_config.yml +1 -0
  13. data/bin/console +3 -3
  14. data/cvss_suite.gemspec +23 -16
  15. data/lib/cvss_suite/cvss.rb +77 -98
  16. data/lib/cvss_suite/cvss2/cvss2.rb +53 -30
  17. data/lib/cvss_suite/cvss2/cvss2_base.rb +72 -77
  18. data/lib/cvss_suite/cvss2/cvss2_environmental.rb +55 -56
  19. data/lib/cvss_suite/cvss2/cvss2_temporal.rb +43 -43
  20. data/lib/cvss_suite/cvss3/cvss3.rb +42 -38
  21. data/lib/cvss_suite/cvss3/cvss3_base.rb +75 -77
  22. data/lib/cvss_suite/cvss3/cvss3_environmental.rb +162 -111
  23. data/lib/cvss_suite/cvss3/cvss3_temporal.rb +44 -44
  24. data/lib/cvss_suite/cvss31/cvss31.rb +39 -30
  25. data/lib/cvss_suite/cvss31/cvss31_base.rb +69 -70
  26. data/lib/cvss_suite/cvss31/cvss31_environmental.rb +162 -111
  27. data/lib/cvss_suite/cvss31/cvss31_temporal.rb +44 -44
  28. data/lib/cvss_suite/cvss_metric.rb +37 -38
  29. data/lib/cvss_suite/cvss_property.rb +69 -57
  30. data/lib/cvss_suite/errors.rb +4 -1
  31. data/lib/cvss_suite/helpers/cvss31_helper.rb +28 -0
  32. data/lib/cvss_suite/helpers/cvss3_helper.rb +24 -17
  33. data/lib/cvss_suite/invalid_cvss.rb +42 -47
  34. data/lib/cvss_suite/version.rb +4 -3
  35. data/lib/cvss_suite.rb +46 -15
  36. metadata +23 -29
  37. data/.travis.yml +0 -4
  38. data/lib/cvss_suite/helpers/extensions.rb +0 -56
data/lib/cvss_suite/cvss2/cvss2.rb CHANGED
@@ -1,52 +1,75 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) Siemens AG, 2016
3
+ # Copyright (c) 2016-2022 Siemens AG
4
+ # Copyright (c) 2022 0llirocks
4
5
  #
5
6
  # Authors:
6
- # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ # 0llirocks <http://0lli.rocks>
7
8
  #
8
9
  # This work is licensed under the terms of the MIT license.
9
10
  # See the LICENSE.md file in the top-level directory.
10
11
 
11
- require_relative '../../../lib/cvss_suite/cvss'
12
+ require_relative '../cvss'
12
13
  require_relative 'cvss2_base'
13
14
  require_relative 'cvss2_temporal'
14
15
  require_relative 'cvss2_environmental'
15
16
 
16
- ##
17
- # This class represents a CVSS vector in version 2.
17
+ module CvssSuite
18
+ ##
19
+ # This class represents a CVSS vector in version 2.
20
+ class Cvss2 < Cvss
21
+ ##
22
+ # Returns the Version of the CVSS vector.
23
+ def version
24
+ 2
25
+ end
18
26
 
19
- class Cvss2 < Cvss
27
+ # Returns the severity of the CVSSv2 vector.
28
+ # https://nvd.nist.gov/vuln-metrics/cvss
29
+ def severity
30
+ check_validity
20
31
 
21
- ##
22
- # Returns the Base Score of the CVSS vector.
32
+ score = overall_score
23
33
 
24
- def base_score
25
- check_validity
26
- @base.score.round(1)
27
- end
34
+ case score
35
+ when 0.0..3.9
36
+ 'Low'
37
+ when 4.0..6.9
38
+ 'Medium'
39
+ when 7.0..10.0
40
+ 'High'
41
+ else
42
+ 'None'
43
+ end
44
+ end
28
45
 
29
- ##
30
- # Returns the Temporal Score of the CVSS vector.
46
+ ##
47
+ # Returns the Base Score of the CVSS vector.
48
+ def base_score
49
+ check_validity
50
+ @base.score.round(1)
51
+ end
31
52
 
32
- def temporal_score
33
- (base_score * @temporal.score).round(1)
34
- end
53
+ ##
54
+ # Returns the Temporal Score of the CVSS vector.
55
+ def temporal_score
56
+ (base_score * @temporal.score).round(1)
57
+ end
35
58
 
36
- ##
37
- # Returns the Environmental Score of the CVSS vector.
59
+ ##
60
+ # Returns the Environmental Score of the CVSS vector.
61
+ def environmental_score
62
+ return temporal_score unless @environmental.valid?
38
63
 
39
- def environmental_score
40
- return temporal_score unless @environmental.valid?
41
- (@environmental.score @base, @temporal.score).round(1)
42
- end
64
+ (@environmental.score @base, @temporal.score).round(1)
65
+ end
43
66
 
44
- private
67
+ private
45
68
 
46
- def init_metrics
47
- @base = Cvss2Base.new(@properties)
48
- @temporal = Cvss2Temporal.new(@properties)
49
- @environmental = Cvss2Environmental.new(@properties)
69
+ def init_metrics
70
+ @base = Cvss2Base.new(@properties)
71
+ @temporal = Cvss2Temporal.new(@properties)
72
+ @environmental = Cvss2Environmental.new(@properties)
73
+ end
50
74
  end
51
-
52
- end
75
+ end
data/lib/cvss_suite/cvss2/cvss2_base.rb CHANGED
@@ -1,9 +1,10 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) Siemens AG, 2016
3
+ # Copyright (c) 2016-2022 Siemens AG
4
+ # Copyright (c) 2022 0llirocks
4
5
  #
5
6
  # Authors:
6
- # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ # 0llirocks <http://0lli.rocks>
7
8
  #
8
9
  # This work is licensed under the terms of the MIT license.
9
10
  # See the LICENSE.md file in the top-level directory.
@@ -11,81 +12,75 @@
11
12
  require_relative '../cvss_property'
12
13
  require_relative '../cvss_metric'
13
14
 
14
- ##
15
- # This class represents a CVSS Base metric in version 2.
16
-
17
- class Cvss2Base < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :access_vector, :access_complexity, :authentication,
23
- :confidentiality_impact, :integrity_impact, :availability_impact
24
-
15
+ module CvssSuite
25
16
  ##
26
- # Returns the base score of the CVSS vector. The calculation is based on formula version 2.10 .
27
- # See CVSS documentation for further information https://www.first.org/cvss/v2/guide#i3.2.1 .
28
- #
29
- # Takes +Security+ +Requirement+ +Impacts+ for calculating environmental score.
30
-
31
- def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
32
-
33
- impact = calc_impact sr_cr_score, sr_ir_score, sr_ar_score
34
-
35
- exploitability = calc_exploitability
36
-
37
- additional_impact = (impact == 0 ? 0 : 1.176)
38
-
39
- ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
40
-
17
+ # This class represents a CVSS Base metric in version 2.
18
+ class Cvss2Base < CvssMetric
19
+ ##
20
+ # Property of this metric
21
+ attr_reader :access_vector, :access_complexity, :authentication,
22
+ :confidentiality_impact, :integrity_impact, :availability_impact
23
+
24
+ ##
25
+ # Returns the base score of the CVSS vector. The calculation is based on formula version 2.10 .
26
+ # See CVSS documentation for further information https://www.first.org/cvss/v2/guide#i3.2.1 .
27
+ #
28
+ # Takes +Security+ +Requirement+ +Impacts+ for calculating environmental score.
29
+ def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
30
+ impact = calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
31
+
32
+ exploitability = calc_exploitability
33
+
34
+ additional_impact = (impact.zero? ? 0 : 1.176)
35
+
36
+ ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
37
+ end
38
+
39
+ private
40
+
41
+ def init_properties
42
+ @properties.push(@access_vector =
43
+ CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
44
+ values: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
45
+ { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
46
+ { name: 'Local', abbreviation: 'L', weight: 0.395 }]))
47
+ @properties.push(@access_complexity =
48
+ CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
49
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
50
+ { name: 'Medium', abbreviation: 'M', weight: 0.61 },
51
+ { name: 'High', abbreviation: 'H', weight: 0.35 }]))
52
+ @properties.push(@authentication =
53
+ CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
54
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
55
+ { name: 'Single', abbreviation: 'S', weight: 0.56 },
56
+ { name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
57
+ @properties.push(@confidentiality_impact =
58
+ CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
59
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
60
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
61
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
62
+ @properties.push(@integrity_impact =
63
+ CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
64
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
65
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
66
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
67
+ @properties.push(@availability_impact =
68
+ CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
69
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
70
+ { name: 'Partial', abbreviation: 'P', weight: 0.275 },
71
+ { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
72
+ end
73
+
74
+ def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
75
+ confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score
76
+ integrity_score = 1 - @integrity_impact.score * sr_ir_score
77
+ availability_score = 1 - @availability_impact.score * sr_ar_score
78
+
79
+ [10, 10.41 * (1 - confidentiality_score * integrity_score * availability_score)].min
80
+ end
81
+
82
+ def calc_exploitability
83
+ 20 * @access_vector.score * @access_complexity.score * @authentication.score
84
+ end
41
85
  end
42
-
43
- private
44
-
45
- def init_properties
46
- @properties.push(@access_vector =
47
- CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
48
- choices: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
49
- { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
50
- { name: 'Local', abbreviation: 'L', weight: 0.395 }]))
51
- @properties.push(@access_complexity =
52
- CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
53
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
54
- { name: 'Medium', abbreviation: 'M', weight: 0.61 },
55
- { name: 'High', abbreviation: 'H', weight: 0.35 }]))
56
- @properties.push(@authentication =
57
- CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
58
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
59
- { name: 'Single', abbreviation: 'S', weight: 0.56 },
60
- { name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
61
- @properties.push(@confidentiality_impact =
62
- CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
63
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
64
- { name: 'Partial', abbreviation: 'P', weight: 0.275 },
65
- { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
66
- @properties.push(@integrity_impact =
67
- CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
68
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
69
- { name: 'Partial', abbreviation: 'P', weight: 0.275 },
70
- { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
71
- @properties.push(@availability_impact =
72
- CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
73
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0},
74
- { name: 'Partial', abbreviation: 'P', weight: 0.275},
75
- { name: 'Complete', abbreviation: 'C', weight: 0.66}]))
76
- end
77
-
78
- def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
79
- confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score
80
- integrity_score = 1 - @integrity_impact.score * sr_ir_score
81
- availability_score = 1 - @availability_impact.score * sr_ar_score
82
-
83
- [10, 10.41 * (1-confidentiality_score*integrity_score*availability_score)].min
84
- end
85
-
86
- def calc_exploitability
87
- 20 * @access_vector.score * @access_complexity.score * @authentication.score
88
- end
89
-
90
86
  end
91
-
data/lib/cvss_suite/cvss2/cvss2_environmental.rb CHANGED
@@ -1,9 +1,10 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) Siemens AG, 2016
3
+ # Copyright (c) 2016-2022 Siemens AG
4
+ # Copyright (c) 2022 0llirocks
4
5
  #
5
6
  # Authors:
6
- # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ # 0llirocks <http://0lli.rocks>
7
8
  #
8
9
  # This work is licensed under the terms of the MIT license.
9
10
  # See the LICENSE.md file in the top-level directory.
@@ -11,64 +12,62 @@
11
12
  require_relative '../cvss_property'
12
13
  require_relative '../cvss_metric'
13
14
 
14
- ##
15
- # This class represents a CVSS Environmental metric in version 2.
16
-
17
- class Cvss2Environmental < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :collateral_damage_potential, :target_distribution, :security_requirements_cr,
23
- :security_requirements_ir, :security_requirements_ar
24
-
15
+ module CvssSuite
25
16
  ##
26
- # Returns score of this metric
27
-
28
- def score(base, temporal_score)
29
- base_score = (base.score @security_requirements_cr.score, @security_requirements_ir.score, @security_requirements_ar.score).round(1)
17
+ # This class represents a CVSS Environmental metric in version 2.
18
+ class Cvss2Environmental < CvssMetric
19
+ ##
20
+ # Property of this metric
21
+ attr_reader :collateral_damage_potential, :target_distribution, :security_requirements_cr,
22
+ :security_requirements_ir, :security_requirements_ar
30
23
 
31
- adjusted_temporal = (base_score * temporal_score).round(1)
32
- (adjusted_temporal + (10 - adjusted_temporal) * @collateral_damage_potential.score) * @target_distribution.score
24
+ ##
25
+ # Returns score of this metric
26
+ def score(base, temporal_score)
27
+ base_score = base.score(@security_requirements_cr.score,
28
+ @security_requirements_ir.score,
29
+ @security_requirements_ar.score).round(1)
33
30
 
34
- end
31
+ adjusted_temporal = (base_score * temporal_score).round(1)
32
+ (adjusted_temporal + (10 - adjusted_temporal) * @collateral_damage_potential.score) * @target_distribution.score
33
+ end
35
34
 
36
- private
35
+ private
37
36
 
38
- def init_properties
39
- @properties.push(@collateral_damage_potential =
40
- CvssProperty.new(name: 'Collateral Damage Potential', abbreviation: 'CDP', position: [6, 9],
41
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
42
- { name: 'Low', abbreviation: 'L', weight: 0.1 },
43
- { name: 'Low-Medium', abbreviation: 'LM', weight: 0.3 },
44
- { name: 'Medium-High', abbreviation: 'MH', weight: 0.4 },
45
- { name: 'High', abbreviation: 'H', weight: 0.5 },
46
- { name: 'Not Defined', abbreviation: 'ND', weight: 0.0 }]))
47
- @properties.push(@target_distribution =
48
- CvssProperty.new(name: 'Target Distribution', abbreviation: 'TD', position: [7, 10],
49
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
50
- { name: 'Low', abbreviation: 'L', weight: 0.25 },
51
- { name: 'Medium', abbreviation: 'M', weight: 0.75 },
52
- { name: 'High', abbreviation: 'H', weight: 1.0 },
53
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
54
- @properties.push(@security_requirements_cr =
55
- CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
56
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
57
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
58
- { name: 'High', abbreviation: 'H', weight: 1.51 },
59
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
60
- @properties.push(@security_requirements_ir =
61
- CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
62
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
63
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
64
- { name: 'High', abbreviation: 'H', weight: 1.51 },
65
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
66
- @properties.push(@security_requirements_ar =
67
- CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
68
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
69
- { name: 'Medium', abbreviation: 'M', weight: 1.0 },
70
- { name: 'High', abbreviation: 'H', weight: 1.51 },
71
- { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
37
+ def init_properties
38
+ @properties.push(@collateral_damage_potential =
39
+ CvssProperty.new(name: 'Collateral Damage Potential', abbreviation: 'CDP', position: [6, 9],
40
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
41
+ { name: 'Low', abbreviation: 'L', weight: 0.1 },
42
+ { name: 'Low-Medium', abbreviation: 'LM', weight: 0.3 },
43
+ { name: 'Medium-High', abbreviation: 'MH', weight: 0.4 },
44
+ { name: 'High', abbreviation: 'H', weight: 0.5 },
45
+ { name: 'Not Defined', abbreviation: 'ND', weight: 0.0 }]))
46
+ @properties.push(@target_distribution =
47
+ CvssProperty.new(name: 'Target Distribution', abbreviation: 'TD', position: [7, 10],
48
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
49
+ { name: 'Low', abbreviation: 'L', weight: 0.25 },
50
+ { name: 'Medium', abbreviation: 'M', weight: 0.75 },
51
+ { name: 'High', abbreviation: 'H', weight: 1.0 },
52
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
53
+ @properties.push(@security_requirements_cr =
54
+ CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
55
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
56
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
57
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
58
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
59
+ @properties.push(@security_requirements_ir =
60
+ CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
61
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
62
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
63
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
64
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
65
+ @properties.push(@security_requirements_ar =
66
+ CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
67
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
68
+ { name: 'Medium', abbreviation: 'M', weight: 1.0 },
69
+ { name: 'High', abbreviation: 'H', weight: 1.51 },
70
+ { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
71
+ end
72
72
  end
73
73
  end
74
-
data/lib/cvss_suite/cvss2/cvss2_temporal.rb CHANGED
@@ -1,9 +1,10 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) Siemens AG, 2016
3
+ # Copyright (c) 2016-2022 Siemens AG
4
+ # Copyright (c) 2022 0llirocks
4
5
  #
5
6
  # Authors:
6
- # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ # 0llirocks <http://0lli.rocks>
7
8
  #
8
9
  # This work is licensed under the terms of the MIT license.
9
10
  # See the LICENSE.md file in the top-level directory.
@@ -11,47 +12,46 @@
11
12
  require_relative '../cvss_property'
12
13
  require_relative '../cvss_metric'
13
14
 
14
- ##
15
- # This class represents a CVSS Temporal metric in version 2.
16
-
17
- class Cvss2Temporal < CvssMetric
18
-
19
- ##
20
- # Property of this metric
21
-
22
- attr_reader :exploitability, :remediation_level, :report_confidence
23
-
15
+ module CvssSuite
24
16
  ##
25
- # Returns score of this metric
26
-
27
- def score
28
- return 1 unless valid?
29
- @exploitability.score * @remediation_level.score * @report_confidence.score
30
- end
31
-
32
- private
33
-
34
- def init_properties
35
- @properties.push(@exploitability =
36
- CvssProperty.new(name: 'Exploitability', abbreviation: 'E', position: [6],
37
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
38
- { name: 'Unproven', abbreviation: 'U', weight: 0.85 },
39
- { name: 'Proof-of-Concept', abbreviation: 'POC', weight: 0.9 },
40
- { name: 'Functional', abbreviation: 'F', weight: 0.95 },
41
- { name: 'High', abbreviation: 'H', weight: 1 }]))
42
- @properties.push(@remediation_level =
43
- CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [7],
44
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
45
- { name: 'Official Fix', abbreviation: 'OF', weight: 0.87 },
46
- { name: 'Temporary Fix', abbreviation: 'TF', weight: 0.9 },
47
- { name: 'Workaround', abbreviation: 'W', weight: 0.95 },
48
- { name: 'Unavailable', abbreviation: 'U', weight: 1 }]))
49
-
50
- @properties.push(@report_confidence =
51
- CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [8],
52
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
53
- { name: 'Unconfirmed', abbreviation: 'UC', weight: 0.9 },
54
- { name: 'Uncorroborated', abbreviation: 'UR', weight: 0.95 },
55
- { name: 'Confirmed', abbreviation: 'C', weight: 1 }]))
17
+ # This class represents a CVSS Temporal metric in version 2.
18
+ class Cvss2Temporal < CvssMetric
19
+ ##
20
+ # Property of this metric
21
+ attr_reader :exploitability, :remediation_level, :report_confidence
22
+
23
+ ##
24
+ # Returns score of this metric
25
+ def score
26
+ return 1 unless valid?
27
+
28
+ @exploitability.score * @remediation_level.score * @report_confidence.score
29
+ end
30
+
31
+ private
32
+
33
+ def init_properties
34
+ @properties.push(@exploitability =
35
+ CvssProperty.new(name: 'Exploitability', abbreviation: 'E', position: [6],
36
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
37
+ { name: 'Unproven', abbreviation: 'U', weight: 0.85 },
38
+ { name: 'Proof-of-Concept', abbreviation: 'POC', weight: 0.9 },
39
+ { name: 'Functional', abbreviation: 'F', weight: 0.95 },
40
+ { name: 'High', abbreviation: 'H', weight: 1 }]))
41
+ @properties.push(@remediation_level =
42
+ CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [7],
43
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
44
+ { name: 'Official Fix', abbreviation: 'OF', weight: 0.87 },
45
+ { name: 'Temporary Fix', abbreviation: 'TF', weight: 0.9 },
46
+ { name: 'Workaround', abbreviation: 'W', weight: 0.95 },
47
+ { name: 'Unavailable', abbreviation: 'U', weight: 1 }]))
48
+
49
+ @properties.push(@report_confidence =
50
+ CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [8],
51
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
52
+ { name: 'Unconfirmed', abbreviation: 'UC', weight: 0.9 },
53
+ { name: 'Uncorroborated', abbreviation: 'UR', weight: 0.95 },
54
+ { name: 'Confirmed', abbreviation: 'C', weight: 1 }]))
55
+ end
56
56
  end
57
57
  end
data/lib/cvss_suite/cvss3/cvss3.rb CHANGED
@@ -1,52 +1,56 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) Siemens AG, 2016
3
+ # Copyright (c) 2016-2022 Siemens AG
4
+ # Copyright (c) 2022 0llirocks
4
5
  #
5
6
  # Authors:
6
- # Oliver Hambörger <oliver.hamboerger@siemens.com>
7
+ # 0llirocks <http://0lli.rocks>
7
8
  #
8
9
  # This work is licensed under the terms of the MIT license.
9
10
  # See the LICENSE.md file in the top-level directory.
10
11
 
11
- require_relative '../../../lib/cvss_suite/cvss'
12
+ require_relative '../cvss'
12
13
  require_relative 'cvss3_base'
13
14
  require_relative 'cvss3_temporal'
14
15
  require_relative 'cvss3_environmental'
15
16
 
16
- ##
17
- # This class represents a CVSS vector in version 3.0.
18
-
19
- class Cvss3 < Cvss
20
-
21
- ##
22
- # Returns the Base Score of the CVSS vector.
23
-
24
- def base_score
25
- check_validity
26
- @base.score.round_up(1)
27
- end
28
-
17
+ module CvssSuite
29
18
  ##
30
- # Returns the Temporal Score of the CVSS vector.
31
-
32
- def temporal_score
33
- (@base.score.round_up(1) * @temporal.score).round_up(1)
19
+ # This class represents a CVSS vector in version 3.0.
20
+ class Cvss3 < Cvss
21
+ ##
22
+ # Returns the Version of the CVSS vector.
23
+ def version
24
+ 3.0
25
+ end
26
+
27
+ ##
28
+ # Returns the Base Score of the CVSS vector.
29
+ def base_score
30
+ check_validity
31
+ Cvss3Helper.round_up(@base.score)
32
+ end
33
+
34
+ ##
35
+ # Returns the Temporal Score of the CVSS vector.
36
+ def temporal_score
37
+ Cvss3Helper.round_up(Cvss3Helper.round_up(@base.score) * @temporal.score)
38
+ end
39
+
40
+ ##
41
+ # Returns the Environmental Score of the CVSS vector.
42
+ def environmental_score
43
+ return temporal_score unless @environmental.valid?
44
+
45
+ Cvss3Helper.round_up(@environmental.score(@base, @temporal))
46
+ end
47
+
48
+ private
49
+
50
+ def init_metrics
51
+ @base = Cvss3Base.new(@properties)
52
+ @temporal = Cvss3Temporal.new(@properties)
53
+ @environmental = Cvss3Environmental.new(@properties)
54
+ end
34
55
  end
35
-
36
- ##
37
- # Returns the Environmental Score of the CVSS vector.
38
-
39
- def environmental_score
40
- return temporal_score unless @environmental.valid?
41
- (@environmental.score @temporal.score).round_up(1)
42
- end
43
-
44
- private
45
-
46
- def init_metrics
47
- @base = Cvss3Base.new(@properties)
48
- @temporal = Cvss3Temporal.new(@properties)
49
- @environmental = Cvss3Environmental.new(@properties)
50
- end
51
-
52
- end
56
+ end