cvss-suite 1.2.2 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/rubocop.yml +21 -0
- data/.rubocop.yml +6 -33
- data/.rubocop_todo.yml +2 -67
- data/CHANGES.md +5 -6
- data/README.md +15 -9
- data/cvss_suite.gemspec +1 -1
- data/lib/cvss_suite.rb +2 -6
- data/lib/cvss_suite/cvss.rb +7 -14
- data/lib/cvss_suite/cvss2/cvss2.rb +2 -7
- data/lib/cvss_suite/cvss2/cvss2_base.rb +9 -12
- data/lib/cvss_suite/cvss2/cvss2_environmental.rb +10 -11
- data/lib/cvss_suite/cvss2/cvss2_temporal.rb +5 -8
- data/lib/cvss_suite/cvss3/cvss3.rb +3 -8
- data/lib/cvss_suite/cvss3/cvss3_base.rb +14 -16
- data/lib/cvss_suite/cvss3/cvss3_environmental.rb +24 -81
- data/lib/cvss_suite/cvss3/cvss3_temporal.rb +5 -8
- data/lib/cvss_suite/cvss31/cvss31.rb +3 -4
- data/lib/cvss_suite/cvss31/cvss31_base.rb +14 -15
- data/lib/cvss_suite/cvss31/cvss31_environmental.rb +24 -81
- data/lib/cvss_suite/cvss31/cvss31_temporal.rb +5 -8
- data/lib/cvss_suite/cvss_metric.rb +5 -9
- data/lib/cvss_suite/cvss_property.rb +18 -19
- data/lib/cvss_suite/helpers/cvss3_helper.rb +6 -7
- data/lib/cvss_suite/invalid_cvss.rb +2 -9
- data/lib/cvss_suite/version.rb +1 -1
- metadata +4 -3
@@ -8,21 +8,20 @@
|
|
8
8
|
# This work is licensed under the terms of the MIT license.
|
9
9
|
# See the LICENSE.md file in the top-level directory.
|
10
10
|
|
11
|
-
##
|
12
|
-
# This class represents a CVSS property of a CVSS metric.
|
13
|
-
|
14
11
|
module CvssSuite
|
12
|
+
##
|
13
|
+
# This class represents a CVSS property of a CVSS metric.
|
15
14
|
class CvssProperty
|
16
15
|
##
|
17
16
|
# Creates a new CVSS property by a +property+.
|
18
17
|
#
|
19
18
|
# +Property+ needs to consist of a name, a abbreviation,
|
20
19
|
# the possible positions in the CVSS vector, a weight, and the
|
21
|
-
# available
|
20
|
+
# available values for the property.
|
22
21
|
|
23
22
|
def initialize(property)
|
24
23
|
@property = property
|
25
|
-
@property[:
|
24
|
+
@property[:default_value] ||= 'Not Available'
|
26
25
|
end
|
27
26
|
|
28
27
|
##
|
@@ -40,10 +39,10 @@ module CvssSuite
|
|
40
39
|
end
|
41
40
|
|
42
41
|
##
|
43
|
-
# Returns all available
|
42
|
+
# Returns all available values of the property.
|
44
43
|
|
45
|
-
def
|
46
|
-
@property[:
|
44
|
+
def values
|
45
|
+
@property[:values]
|
47
46
|
end
|
48
47
|
|
49
48
|
##
|
@@ -54,34 +53,34 @@ module CvssSuite
|
|
54
53
|
end
|
55
54
|
|
56
55
|
##
|
57
|
-
# Returns the selected
|
56
|
+
# Returns the selected value of the property.
|
58
57
|
|
59
|
-
def
|
60
|
-
@
|
58
|
+
def selected_value
|
59
|
+
@selected_value || @property[:default_value]
|
61
60
|
end
|
62
61
|
|
63
62
|
##
|
64
63
|
# Returns true if the property is valid.
|
65
64
|
|
66
65
|
def valid?
|
67
|
-
!@
|
66
|
+
!@selected_value.nil?
|
68
67
|
end
|
69
68
|
|
70
69
|
##
|
71
|
-
# Returns the score of the selected
|
70
|
+
# Returns the score of the selected value.
|
72
71
|
|
73
72
|
def score
|
74
|
-
@
|
73
|
+
@selected_value[:weight]
|
75
74
|
end
|
76
75
|
|
77
76
|
##
|
78
|
-
# Sets the selected
|
77
|
+
# Sets the selected value by a +value+.
|
79
78
|
|
80
|
-
def
|
81
|
-
|
82
|
-
|
79
|
+
def set_selected_value(selected_value)
|
80
|
+
values.each do |value|
|
81
|
+
value[:selected] = selected_value.eql?(value[:abbreviation])
|
83
82
|
end
|
84
|
-
@
|
83
|
+
@selected_value = values.detect { |value| value[:selected] }
|
85
84
|
end
|
86
85
|
end
|
87
86
|
end
|
@@ -8,10 +8,9 @@
|
|
8
8
|
# This work is licensed under the terms of the MIT license.
|
9
9
|
# See the LICENSE.md file in the top-level directory.
|
10
10
|
|
11
|
-
##
|
12
|
-
# This module includes methods which are used by the CVSS 3 classes.
|
13
|
-
|
14
11
|
module CvssSuite
|
12
|
+
##
|
13
|
+
# This module includes methods which are used by the CVSS 3 classes.
|
15
14
|
module Cvss3Helper
|
16
15
|
##
|
17
16
|
# Since CVSS 3 all float values are rounded up, therefore this method is used
|
@@ -21,14 +20,14 @@ module CvssSuite
|
|
21
20
|
end
|
22
21
|
|
23
22
|
##
|
24
|
-
# Since CVSS 3 the Privilege Required score depends on the selected
|
23
|
+
# Since CVSS 3 the Privilege Required score depends on the selected value of the Scope metric.
|
25
24
|
# This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score.
|
26
25
|
def self.privileges_required_score(privileges_required, scope)
|
27
|
-
changed = scope.
|
26
|
+
changed = scope.selected_value[:name] == 'Changed'
|
28
27
|
privilege_score = privileges_required.score
|
29
28
|
if changed
|
30
|
-
privilege_score = 0.68 if privileges_required.
|
31
|
-
privilege_score = 0.50 if privileges_required.
|
29
|
+
privilege_score = 0.68 if privileges_required.selected_value[:name] == 'Low'
|
30
|
+
privilege_score = 0.50 if privileges_required.selected_value[:name] == 'High'
|
32
31
|
end
|
33
32
|
privilege_score
|
34
33
|
end
|
@@ -8,47 +8,40 @@
|
|
8
8
|
# This work is licensed under the terms of the MIT license.
|
9
9
|
# See the LICENSE.md file in the top-level directory.
|
10
10
|
|
11
|
-
# ##
|
12
|
-
# # This class represents a invalid CVSS vector.
|
13
|
-
|
14
11
|
module CvssSuite
|
12
|
+
##
|
13
|
+
# This class represents a invalid CVSS vector.
|
15
14
|
class InvalidCvss < Cvss
|
16
15
|
##
|
17
16
|
# Creates a new invalid CVSS vector.
|
18
|
-
|
19
17
|
def initialize; end
|
20
18
|
|
21
19
|
##
|
22
20
|
# Since this is an invalid CVSS vector, it always returns false.
|
23
|
-
|
24
21
|
def valid?
|
25
22
|
false
|
26
23
|
end
|
27
24
|
|
28
25
|
##
|
29
26
|
# Since this is an invalid CVSS vector, it always throws an exception.
|
30
|
-
|
31
27
|
def version
|
32
28
|
check_validity
|
33
29
|
end
|
34
30
|
|
35
31
|
##
|
36
32
|
# Since this is an invalid CVSS vector, it always throws an exception.
|
37
|
-
|
38
33
|
def base_score
|
39
34
|
check_validity
|
40
35
|
end
|
41
36
|
|
42
37
|
##
|
43
38
|
# Since this is an invalid CVSS vector, it always throws an exception.
|
44
|
-
|
45
39
|
def temporal_score
|
46
40
|
check_validity
|
47
41
|
end
|
48
42
|
|
49
43
|
##
|
50
44
|
# Since this is an invalid CVSS vector, it always throws an exception.
|
51
|
-
|
52
45
|
def environmental_score
|
53
46
|
check_validity
|
54
47
|
end
|
data/lib/cvss_suite/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cvss-suite
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oliver Hamboerger
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-05-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -79,6 +79,7 @@ files:
|
|
79
79
|
- ".github/ISSUE_TEMPLATE/custom.md"
|
80
80
|
- ".github/ISSUE_TEMPLATE/feature_request.md"
|
81
81
|
- ".github/workflows/rspec.yml"
|
82
|
+
- ".github/workflows/rubocop.yml"
|
82
83
|
- ".gitignore"
|
83
84
|
- ".rspec"
|
84
85
|
- ".rubocop.yml"
|
@@ -126,7 +127,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
126
127
|
requirements:
|
127
128
|
- - ">="
|
128
129
|
- !ruby/object:Gem::Version
|
129
|
-
version: 2.
|
130
|
+
version: 2.4.0
|
130
131
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
131
132
|
requirements:
|
132
133
|
- - ">="
|