cvss-suite 1.2.2 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eba339bafe4db99aa85aadd132b2e10faeddc2cc5abc37b9554e5e14caaf9dd4
-  data.tar.gz: fbe718029edb8a08b0da04944bfac0b29b8e813dbb621b51b914bb3d644d832a
+  metadata.gz: 5917987479ecee6f2a020076b59751dda816e259d984a540bd1b6c0fb40b6422
+  data.tar.gz: 5225e8afd1e553709590bc2bb1a60955c76462d62bbfe825bf2a2081d4647163
 SHA512:
-  metadata.gz: 7576066639774a2e6ab36d716c657ff4e794f93d9eeda6565287772a5c097478877ba56a9fcf891b5c247fb15698bace28e92f4c2ea86e802f5c4a08e1046da2
-  data.tar.gz: 4c6f90f5431563ef303f9804f12375eb64f2b423e1e078dec2b62184b4f609fbcc0140e6bbcd483945014e1d681c820863efcc824f6b56816acc63ba16f32c51
+  metadata.gz: 6824cf5f7f04f2f8eb5ef5613e61fd86b275b36fd316c7f4d4d60af8f9422176b1485eefe24de482e9dc98c328291ed2a7bccafdec3f03d353fae505c43d988c
+  data.tar.gz: 2014e6368dea9deecd623d88a7f7b4d4c5367d1cb3a832ebdac3f6b47d5308b03e1129d157a11dad7e6ac93645ca971ad8dc4b8d85efdd83145f0f58883af6a4

data/.github/workflows/rubocop.yml

@@ -0,0 +1,21 @@
+name: Rubocop
+
+on: [push,pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.7
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.7
+    - name: Build
+      run: |
+        gem install bundler -v "=> 1.10"
+        gem install rubocop
+    - name: Run tests
+      run: rubocop -F --fail-level C -f s

data/.rubocop.yml

@@ -1,40 +1,13 @@
 inherit_from: .rubocop_todo.yml
 
+AllCops:
+  TargetRubyVersion: 2.4
+
 Metrics/LineLength:
   Max: 120
-  Exclude:
-    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
-    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
-
-Metrics/ClassLength:
-  Exclude:
-    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
-    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
-
-Metrics/MethodLength:
-  Exclude:
-    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
-    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
-
-Metrics/BlockLength:
-  Exclude:
-    - 'spec/cvss3/cvss3_spec.rb'
-    - 'spec/cvss31/cvss31_spec.rb'
-
-Style/IfUnlessModifier:
-  Exclude:
-    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
-    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
-
-Style/GuardClause:
-  Exclude:
-    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
-    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
-
-Style/ConditionalAssignment:
-  Exclude:
-    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
-    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
 
 Style/FrozenStringLiteralComment:
   Enabled: false
+
+Style/AsciiComments:
+  Enabled: false

data/.rubocop_todo.yml

@@ -1,3 +1,4 @@
+# This configuration was generated by
 # `rubocop --auto-gen-config`
 # on 2020-05-05 17:47:10 +0200 using RuboCop version 0.82.0.
 # The point is for the user to remove these configuration records
@@ -16,13 +17,6 @@ Lint/UselessAccessModifier:
   Exclude:
     - 'lib/cvss_suite.rb'
 
-# Offense count: 3
-Lint/UselessAssignment:
-  Exclude:
-    - 'lib/cvss_suite/cvss.rb'
-    - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
-    - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
-
 # Offense count: 8
 # Configuration parameters: IgnoredMethods.
 Metrics/AbcSize:
@@ -32,12 +26,7 @@ Metrics/AbcSize:
 # Configuration parameters: CountComments, ExcludedMethods.
 # ExcludedMethods: refine
 Metrics/BlockLength:
-  Max: 50
-
-# Offense count: 2
-# Configuration parameters: CountComments.
-Metrics/ClassLength:
-  Max: 102
+  Max: 58
 
 # Offense count: 2
 # Configuration parameters: CountComments.
@@ -68,57 +57,3 @@ Metrics/PerceivedComplexity:
 Naming/AccessorMethodName:
   Exclude:
     - 'lib/cvss_suite/cvss_property.rb'
-
-# Offense count: 31
-# Configuration parameters: AllowedChars.
-Style/AsciiComments:
-  Enabled: false
-
-# Offense count: 20
-Style/Documentation:
-  Enabled: false
-
-# Offense count: 2
-# Configuration parameters: MinBodyLength.
-Style/GuardClause:
-  Exclude:
-    - 'lib/cvss_suite/helpers/extensions.rb'
-
-# Offense count: 1
-# Cop supports --auto-correct.
-Style/IfUnlessModifier:
-  Exclude:
-    - 'lib/cvss_suite.rb'
-
-# Offense count: 2
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: literals, strict
-Style/MutableConstant:
-  Exclude:
-    - 'lib/cvss_suite.rb'
-    - 'lib/cvss_suite/version.rb'
-
-# Offense count: 8
-# Cop supports --auto-correct.
-# Configuration parameters: Strict.
-Style/NumericLiterals:
-  MinDigits: 7
-
-# Offense count: 3
-# Cop supports --auto-correct.
-# Configuration parameters: AutoCorrect, EnforcedStyle, IgnoredMethods.
-# SupportedStyles: predicate, comparison
-Style/NumericPredicate:
-  Exclude:
-    - 'spec/**/*'
-    - 'lib/cvss_suite/cvss2/cvss2_base.rb'
-    - 'lib/cvss_suite/helpers/extensions.rb'
-
-# Offense count: 1
-# Cop supports --auto-correct.
-# Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods.
-# AllowedMethods: present?, blank?, presence, try, try!
-Style/SafeNavigation:
-  Exclude:
-    - 'lib/cvss_suite/cvss_metric.rb'

data/CHANGES.md

@@ -2,12 +2,11 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [1.2.2] - 2020-07-19
+## [2.0.0] - 2020-05-10
 
-### Fixes
-Fixed an error that resulted in incorrect environmental score if modified attributes were not defined.
-
-## [1.2.1] - 2020-05-10
+### Breaking Changes
+* Ruby >= 2.4 is now required
+* Renamed choice/choices to value/values
 
 ### Improvements
 * Added CvssSuite module to every class (thanks to @fwininger)
@@ -100,4 +99,4 @@ Tried to fix an error. It turned out to be a local problem. Due to this I increa
 
 ## [1.0.0] - 2016-04-15
 ### Initial release
-First release of this gem.
+First release of this gem.

data/README.md

@@ -1,11 +1,11 @@
 # CvssSuite for Ruby
 
 [![Gem Version](http://img.shields.io/gem/v/cvss-suite.svg)](https://rubygems.org/gems/cvss-suite)
-[![Ruby Version](https://img.shields.io/badge/Ruby-2.x-brightgreen.svg)](https://rubygems.org/gems/cvss-suite)
+[![Ruby Version](https://img.shields.io/badge/Ruby-2.4-brightgreen.svg)](https://rubygems.org/gems/cvss-suite)
 [![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/v2/guide)
 [![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/v3.0/user-guide)
 [![Cvss Support](https://img.shields.io/badge/CVSS-v3.1-brightgreen.svg)](https://www.first.org/cvss/v3.1/user-guide)
-![RSpec](https://github.com/siemens/cvss-suite/workflows/RSpec/badge.svg)
+[![RSpec](https://github.com/siemens/cvss-suite/workflows/RSpec/badge.svg)](https://github.com/siemens/cvss-suite/actions)
 
 This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
 Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
@@ -25,6 +25,10 @@ And then execute:
 Or install it yourself as:
 
     $ gem install cvss-suite
+    
+## Version 1.x
+
+If your still using CvssSuite 1.x please refer to the [specific branch](https://github.com/siemens/cvss-suite/tree/1.x) for documentation and changelog.
 
 ## Usage
 
@@ -62,15 +66,15 @@ overall_score = cvss.overall_score                  # 3.2
 access_vector = cvss.base.access_vector.name                # 'Access Vector'
 remediation_level = cvss.temporal.remediation_level.name    # 'Remediation Level'
 
-access_vector.choices.each do |choice|
-    choice[:name]           # 'Local', 'Adjacent Network', 'Network'
-    choice[:abbreviation]   # 'L', 'A', 'N'
-    choice[:selected]       # false, true, false
+access_vector.values.each do |value|
+    value[:name]           # 'Local', 'Adjacent Network', 'Network'
+    value[:abbreviation]   # 'L', 'A', 'N'
+    value[:selected]       # false, true, false
 end
 
 # Selected options
-cvss.base.access_vector.selected_choice[:name]          # Adjacent Network
-cvss.temporal.remediation_level.selected_choice[:name]  # Temporary Fix
+cvss.base.access_vector.selected_value[:name]          # Adjacent Network
+cvss.temporal.remediation_level.selected_value[:name]  # Temporary Fix
 
 # Exceptions
 
@@ -100,11 +104,13 @@ Properties (Access Vector, Remediation Level, etc) do have a position attribute,
 
 Currently it is not possible to leave an attribute blank instead of ND/X. If you don't have a value for an attribute, please use ND/X instead.
 
+Because the documentation isn't clear on how to calculate the score if Modified Scope (CVSS 3.0 Environmental) is not defined, Modified Scope has to have a valid value (S/U).
+
 There is a possibility of implementations generating different scores (+/- 0,1) due to small floating-point inaccuracies. This can happen due to differences in floating point arithmetic between different languages and hardware platforms.
 
 ## Changelog
 
-[Click here to see all changes.](https://github.com/siemens/cvss-suite/blob/1.x/CHANGES.md)
+[Click here to see all changes.](https://github.com/siemens/cvss-suite/blob/master/CHANGES.md)
 
 ## Contributing
 

data/cvss_suite.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
 Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.'
   spec.homepage      = 'https://siemens.github.io/cvss-suite/'
 
-  spec.required_ruby_version = '>= 2.0.0'
+  spec.required_ruby_version = '>= 2.4.0'
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }

data/lib/cvss_suite.rb

@@ -17,17 +17,15 @@ require 'cvss_suite/invalid_cvss'
 
 ##
 # Module of this gem.
-
 module CvssSuite
   CVSS_VECTOR_BEGINNINGS = [
     { string: 'AV:', version: 2 },
     { string: 'CVSS:3.0/', version: 3.0 },
     { string: 'CVSS:3.1/', version: 3.1 }
-  ]
+  ].freeze
 
   ##
   # Returns a CVSS class by a +vector+.
-
   def self.new(vector)
     return InvalidCvss.new unless vector.is_a? String
 
@@ -48,9 +46,7 @@ module CvssSuite
 
   def self.version
     CVSS_VECTOR_BEGINNINGS.each do |beginning|
-      if @vector_string.start_with? beginning[:string]
-        return beginning[:version]
-      end
+      return beginning[:version] if @vector_string.start_with? beginning[:string]
     end
   end
 end

data/lib/cvss_suite/cvss.rb

@@ -8,26 +8,22 @@
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
-##
-# This class represents any CVSS vector. Do not instantiate this class!
-
 module CvssSuite
+  ##
+  # This class represents any CVSS vector. Do not instantiate this class!
   class Cvss
     ##
     # Metric of a CVSS vector.
-
     attr_reader :base, :temporal, :environmental
 
     ##
     # Returns the vector itself.
-
     attr_reader :vector
 
     ##
     # Creates a new CVSS vector by a +vector+.
     #
     # Raises an exception if it is called on Cvss class.
-
     def initialize(vector)
       raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if self.class == Cvss
 
@@ -39,7 +35,6 @@ module CvssSuite
 
     ##
     # Returns if CVSS vector is valid.
-
     def valid?
       if @amount_of_properties == required_amount_of_properties
         base = @base.valid?
@@ -54,7 +49,6 @@ module CvssSuite
 
     ##
     # Returns the severity of the CVSS vector.
-
     def severity
       check_validity
 
@@ -62,13 +56,13 @@ module CvssSuite
 
       if score == 0.0
         'None'
-      elsif (0.1..3.9).include? score
+      elsif (0.1..3.9).cover? score
         'Low'
-      elsif (4.0..6.9).include? score
+      elsif (4.0..6.9).cover? score
         'Medium'
-      elsif (7.0..8.9).include? score
+      elsif (7.0..8.9).cover? score
         'High'
-      elsif (9.0..10.0).include? score
+      elsif (9.0..10.0).cover? score
         'Critical'
       else
         'None'
@@ -77,7 +71,6 @@ module CvssSuite
 
     ##
     # Returns the Overall Score of the CVSS vector.
-
     def overall_score
       check_validity
       return temporal_score if @temporal.valid? && !@environmental.valid?
@@ -115,7 +108,7 @@ module CvssSuite
       total = @base.count if @base.valid?
       total += @temporal.count if @temporal.valid?
       total += @environmental.count if @environmental.valid?
-      total ||= 0
+      total || 0
     end
   end
 end

data/lib/cvss_suite/cvss2/cvss2.rb

@@ -13,21 +13,18 @@ require_relative 'cvss2_base'
 require_relative 'cvss2_temporal'
 require_relative 'cvss2_environmental'
 
-##
-# This class represents a CVSS vector in version 2.
-
 module CvssSuite
+  ##
+  # This class represents a CVSS vector in version 2.
   class Cvss2 < Cvss
     ##
     # Returns the Version of the CVSS vector.
-
     def version
       2
     end
 
     ##
     # Returns the Base Score of the CVSS vector.
-
     def base_score
       check_validity
       @base.score.round(1)
@@ -35,14 +32,12 @@ module CvssSuite
 
     ##
     # Returns the Temporal Score of the CVSS vector.
-
     def temporal_score
       (base_score * @temporal.score).round(1)
     end
 
     ##
     # Returns the Environmental Score of the CVSS vector.
-
     def environmental_score
       return temporal_score unless @environmental.valid?
 

data/lib/cvss_suite/cvss2/cvss2_base.rb

@@ -11,14 +11,12 @@
 require_relative '../cvss_property'
 require_relative '../cvss_metric'
 
-##
-# This class represents a CVSS Base metric in version 2.
-
 module CvssSuite
+  ##
+  # This class represents a CVSS Base metric in version 2.
   class Cvss2Base < CvssMetric
     ##
     # Property of this metric
-
     attr_reader :access_vector, :access_complexity, :authentication,
                 :confidentiality_impact, :integrity_impact, :availability_impact
 
@@ -27,13 +25,12 @@ module CvssSuite
     # See CVSS documentation for further information https://www.first.org/cvss/v2/guide#i3.2.1 .
     #
     # Takes +Security+ +Requirement+ +Impacts+ for calculating environmental score.
-
     def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
       impact = calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
 
       exploitability = calc_exploitability
 
-      additional_impact = (impact == 0 ? 0 : 1.176)
+      additional_impact = (impact.zero? ? 0 : 1.176)
 
       ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
     end
@@ -43,32 +40,32 @@ module CvssSuite
     def init_properties
       @properties.push(@access_vector =
                          CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
-                                          choices: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
+                                          values: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
                                                     { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
                                                     { name: 'Local', abbreviation: 'L', weight: 0.395 }]))
       @properties.push(@access_complexity =
                          CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
-                                          choices: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
+                                          values: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
                                                     { name: 'Medium', abbreviation: 'M', weight: 0.61 },
                                                     { name: 'High', abbreviation: 'H', weight: 0.35 }]))
       @properties.push(@authentication =
                          CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
-                                          choices: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
+                                          values: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
                                                     { name: 'Single', abbreviation: 'S', weight: 0.56 },
                                                     { name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
       @properties.push(@confidentiality_impact =
                          CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
-                                          choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
+                                          values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                                     { name: 'Partial', abbreviation: 'P', weight: 0.275 },
                                                     { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
       @properties.push(@integrity_impact =
                          CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
-                                          choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
+                                          values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                                     { name: 'Partial', abbreviation: 'P', weight: 0.275 },
                                                     { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
       @properties.push(@availability_impact =
                          CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
-                                          choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
+                                          values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                                     { name: 'Partial', abbreviation: 'P', weight: 0.275 },
                                                     { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
     end