cvss-suite 1.2.2 → 1.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +6 -0
- data/README.md +5 -0
- data/cvss_suite.gemspec +2 -0
- data/lib/cvss_suite.rb +1 -0
- data/lib/cvss_suite/cvss.rb +12 -1
- data/lib/cvss_suite/cvss2/cvss2.rb +18 -0
- data/lib/cvss_suite/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '09094d21733286857b9b006672aa297d88858737f58656b2b48627d23bce3e69'
|
4
|
+
data.tar.gz: 524220ad72a9e052adc3742d3b32d1df3d66f0f5bf0a0c8cfd83265bf5e58d09
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9d871c1e5397598c1261c293524abee855f5c925e62c1e57aeb07473c7ec00c4c98c7ec146623b3a1e9737d0a0016a33098ac539c872762c88502f123501c69e
|
7
|
+
data.tar.gz: 3fed8bb40cab71f344a6bd339b50c75120942595ffbed2e4b4f0d534ef778ac0619681e648c95a74fac59615a748dd8a94931f0934744948a20ce7306b050e17
|
data/CHANGES.md
CHANGED
@@ -2,6 +2,12 @@
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
4
4
|
|
5
|
+
## [1.2.3] - 2020-12-05
|
6
|
+
|
7
|
+
### Fixes
|
8
|
+
* CVSS v2 now returns the correct severity values based on NVD recommendation
|
9
|
+
* CVSS v2 now supports vectors which are enclosed in parenthesis e.g. (AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
10
|
+
|
5
11
|
## [1.2.2] - 2020-07-19
|
6
12
|
|
7
13
|
### Fixes
|
data/README.md
CHANGED
@@ -10,6 +10,11 @@
|
|
10
10
|
This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
|
11
11
|
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
|
12
12
|
|
13
|
+
## :warning: End of life :warning:
|
14
|
+
|
15
|
+
This version of the gem is no longer supported, please update to a higher version.
|
16
|
+
Please read the [changelog of 2.0.0](https://github.com/siemens/cvss-suite/blob/master/CHANGES.md#200---2020-05-10) for breaking changes.
|
17
|
+
|
13
18
|
## Installation
|
14
19
|
|
15
20
|
Add this line to your application's Gemfile:
|
data/cvss_suite.gemspec
CHANGED
@@ -26,6 +26,8 @@ Gem::Specification.new do |spec|
|
|
26
26
|
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.'
|
27
27
|
spec.homepage = 'https://siemens.github.io/cvss-suite/'
|
28
28
|
|
29
|
+
spec.post_install_message = 'Version 1.x of this gem is no longer supported, please update to a supported version.'
|
30
|
+
|
29
31
|
spec.required_ruby_version = '>= 2.0.0'
|
30
32
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
31
33
|
spec.bindir = 'exe'
|
data/lib/cvss_suite.rb
CHANGED
data/lib/cvss_suite/cvss.rb
CHANGED
@@ -107,7 +107,18 @@ module CvssSuite
|
|
107
107
|
if start_of_vector.nil?
|
108
108
|
''
|
109
109
|
else
|
110
|
-
|
110
|
+
if start_of_vector == 1
|
111
|
+
matchArray = @vector.scan(/\((?>[^)(]+|\g<0>)*\)/)
|
112
|
+
if matchArray.length == 1 && matchArray[0] == @vector
|
113
|
+
@vector.slice!(0)
|
114
|
+
@vector.slice!(@vector.length - 1)
|
115
|
+
@vector
|
116
|
+
else
|
117
|
+
''
|
118
|
+
end
|
119
|
+
else
|
120
|
+
@vector[start_of_vector..-1]
|
121
|
+
end
|
111
122
|
end
|
112
123
|
end
|
113
124
|
|
@@ -25,6 +25,24 @@ module CvssSuite
|
|
25
25
|
2
|
26
26
|
end
|
27
27
|
|
28
|
+
# Returns the severity of the CVSSv2 vector.
|
29
|
+
# https://nvd.nist.gov/vuln-metrics/cvss
|
30
|
+
def severity
|
31
|
+
check_validity
|
32
|
+
|
33
|
+
score = overall_score
|
34
|
+
|
35
|
+
if (0.0..3.9).include? score
|
36
|
+
'Low'
|
37
|
+
elsif (4.0..6.9).include? score
|
38
|
+
'Medium'
|
39
|
+
elsif (7.0..10.0).include? score
|
40
|
+
'High'
|
41
|
+
else
|
42
|
+
'None'
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
28
46
|
##
|
29
47
|
# Returns the Base Score of the CVSS vector.
|
30
48
|
|
data/lib/cvss_suite/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cvss-suite
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oliver Hamboerger
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-12-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -118,7 +118,8 @@ homepage: https://siemens.github.io/cvss-suite/
|
|
118
118
|
licenses:
|
119
119
|
- MIT
|
120
120
|
metadata: {}
|
121
|
-
post_install_message:
|
121
|
+
post_install_message: Version 1.x of this gem is no longer supported, please update
|
122
|
+
to a supported version.
|
122
123
|
rdoc_options: []
|
123
124
|
require_paths:
|
124
125
|
- lib
|