cvss-suite 1.2.3 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (27) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/rubocop.yml +21 -0
  3. data/.rubocop.yml +6 -33
  4. data/.rubocop_todo.yml +2 -67
  5. data/CHANGES.md +5 -12
  6. data/README.md +15 -14
  7. data/cvss_suite.gemspec +1 -3
  8. data/lib/cvss_suite/cvss.rb +8 -26
  9. data/lib/cvss_suite/cvss2/cvss2.rb +2 -25
  10. data/lib/cvss_suite/cvss2/cvss2_base.rb +9 -12
  11. data/lib/cvss_suite/cvss2/cvss2_environmental.rb +10 -11
  12. data/lib/cvss_suite/cvss2/cvss2_temporal.rb +5 -8
  13. data/lib/cvss_suite/cvss3/cvss3.rb +3 -8
  14. data/lib/cvss_suite/cvss3/cvss3_base.rb +14 -16
  15. data/lib/cvss_suite/cvss3/cvss3_environmental.rb +24 -81
  16. data/lib/cvss_suite/cvss3/cvss3_temporal.rb +5 -8
  17. data/lib/cvss_suite/cvss31/cvss31.rb +3 -4
  18. data/lib/cvss_suite/cvss31/cvss31_base.rb +14 -15
  19. data/lib/cvss_suite/cvss31/cvss31_environmental.rb +24 -81
  20. data/lib/cvss_suite/cvss31/cvss31_temporal.rb +5 -8
  21. data/lib/cvss_suite/cvss_metric.rb +5 -9
  22. data/lib/cvss_suite/cvss_property.rb +18 -19
  23. data/lib/cvss_suite/helpers/cvss3_helper.rb +6 -7
  24. data/lib/cvss_suite/invalid_cvss.rb +2 -9
  25. data/lib/cvss_suite/version.rb +1 -1
  26. data/lib/cvss_suite.rb +2 -7
  27. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '09094d21733286857b9b006672aa297d88858737f58656b2b48627d23bce3e69'
4
- data.tar.gz: 524220ad72a9e052adc3742d3b32d1df3d66f0f5bf0a0c8cfd83265bf5e58d09
3
+ metadata.gz: 5917987479ecee6f2a020076b59751dda816e259d984a540bd1b6c0fb40b6422
4
+ data.tar.gz: 5225e8afd1e553709590bc2bb1a60955c76462d62bbfe825bf2a2081d4647163
5
5
  SHA512:
6
- metadata.gz: 9d871c1e5397598c1261c293524abee855f5c925e62c1e57aeb07473c7ec00c4c98c7ec146623b3a1e9737d0a0016a33098ac539c872762c88502f123501c69e
7
- data.tar.gz: 3fed8bb40cab71f344a6bd339b50c75120942595ffbed2e4b4f0d534ef778ac0619681e648c95a74fac59615a748dd8a94931f0934744948a20ce7306b050e17
6
+ metadata.gz: 6824cf5f7f04f2f8eb5ef5613e61fd86b275b36fd316c7f4d4d60af8f9422176b1485eefe24de482e9dc98c328291ed2a7bccafdec3f03d353fae505c43d988c
7
+ data.tar.gz: 2014e6368dea9deecd623d88a7f7b4d4c5367d1cb3a832ebdac3f6b47d5308b03e1129d157a11dad7e6ac93645ca971ad8dc4b8d85efdd83145f0f58883af6a4
data/.github/workflows/rubocop.yml ADDED
@@ -0,0 +1,21 @@
1
+ name: Rubocop
2
+
3
+ on: [push,pull_request]
4
+
5
+ jobs:
6
+ build:
7
+
8
+ runs-on: ubuntu-latest
9
+
10
+ steps:
11
+ - uses: actions/checkout@v2
12
+ - name: Set up Ruby 2.7
13
+ uses: actions/setup-ruby@v1
14
+ with:
15
+ ruby-version: 2.7
16
+ - name: Build
17
+ run: |
18
+ gem install bundler -v "=> 1.10"
19
+ gem install rubocop
20
+ - name: Run tests
21
+ run: rubocop -F --fail-level C -f s
data/.rubocop.yml CHANGED
@@ -1,40 +1,13 @@
1
1
  inherit_from: .rubocop_todo.yml
2
2
 
3
+ AllCops:
4
+ TargetRubyVersion: 2.4
5
+
3
6
  Metrics/LineLength:
4
7
  Max: 120
5
- Exclude:
6
- - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
7
- - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
8
-
9
- Metrics/ClassLength:
10
- Exclude:
11
- - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
12
- - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
13
-
14
- Metrics/MethodLength:
15
- Exclude:
16
- - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
17
- - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
18
-
19
- Metrics/BlockLength:
20
- Exclude:
21
- - 'spec/cvss3/cvss3_spec.rb'
22
- - 'spec/cvss31/cvss31_spec.rb'
23
-
24
- Style/IfUnlessModifier:
25
- Exclude:
26
- - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
27
- - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
28
-
29
- Style/GuardClause:
30
- Exclude:
31
- - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
32
- - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
33
-
34
- Style/ConditionalAssignment:
35
- Exclude:
36
- - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
37
- - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
38
8
 
39
9
  Style/FrozenStringLiteralComment:
40
10
  Enabled: false
11
+
12
+ Style/AsciiComments:
13
+ Enabled: false
data/.rubocop_todo.yml CHANGED
@@ -1,3 +1,4 @@
1
+ # This configuration was generated by
1
2
  # `rubocop --auto-gen-config`
2
3
  # on 2020-05-05 17:47:10 +0200 using RuboCop version 0.82.0.
3
4
  # The point is for the user to remove these configuration records
@@ -16,13 +17,6 @@ Lint/UselessAccessModifier:
16
17
  Exclude:
17
18
  - 'lib/cvss_suite.rb'
18
19
 
19
- # Offense count: 3
20
- Lint/UselessAssignment:
21
- Exclude:
22
- - 'lib/cvss_suite/cvss.rb'
23
- - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
24
- - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
25
-
26
20
  # Offense count: 8
27
21
  # Configuration parameters: IgnoredMethods.
28
22
  Metrics/AbcSize:
@@ -32,12 +26,7 @@ Metrics/AbcSize:
32
26
  # Configuration parameters: CountComments, ExcludedMethods.
33
27
  # ExcludedMethods: refine
34
28
  Metrics/BlockLength:
35
- Max: 50
36
-
37
- # Offense count: 2
38
- # Configuration parameters: CountComments.
39
- Metrics/ClassLength:
40
- Max: 102
29
+ Max: 58
41
30
 
42
31
  # Offense count: 2
43
32
  # Configuration parameters: CountComments.
@@ -68,57 +57,3 @@ Metrics/PerceivedComplexity:
68
57
  Naming/AccessorMethodName:
69
58
  Exclude:
70
59
  - 'lib/cvss_suite/cvss_property.rb'
71
-
72
- # Offense count: 31
73
- # Configuration parameters: AllowedChars.
74
- Style/AsciiComments:
75
- Enabled: false
76
-
77
- # Offense count: 20
78
- Style/Documentation:
79
- Enabled: false
80
-
81
- # Offense count: 2
82
- # Configuration parameters: MinBodyLength.
83
- Style/GuardClause:
84
- Exclude:
85
- - 'lib/cvss_suite/helpers/extensions.rb'
86
-
87
- # Offense count: 1
88
- # Cop supports --auto-correct.
89
- Style/IfUnlessModifier:
90
- Exclude:
91
- - 'lib/cvss_suite.rb'
92
-
93
- # Offense count: 2
94
- # Cop supports --auto-correct.
95
- # Configuration parameters: EnforcedStyle.
96
- # SupportedStyles: literals, strict
97
- Style/MutableConstant:
98
- Exclude:
99
- - 'lib/cvss_suite.rb'
100
- - 'lib/cvss_suite/version.rb'
101
-
102
- # Offense count: 8
103
- # Cop supports --auto-correct.
104
- # Configuration parameters: Strict.
105
- Style/NumericLiterals:
106
- MinDigits: 7
107
-
108
- # Offense count: 3
109
- # Cop supports --auto-correct.
110
- # Configuration parameters: AutoCorrect, EnforcedStyle, IgnoredMethods.
111
- # SupportedStyles: predicate, comparison
112
- Style/NumericPredicate:
113
- Exclude:
114
- - 'spec/**/*'
115
- - 'lib/cvss_suite/cvss2/cvss2_base.rb'
116
- - 'lib/cvss_suite/helpers/extensions.rb'
117
-
118
- # Offense count: 1
119
- # Cop supports --auto-correct.
120
- # Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods.
121
- # AllowedMethods: present?, blank?, presence, try, try!
122
- Style/SafeNavigation:
123
- Exclude:
124
- - 'lib/cvss_suite/cvss_metric.rb'
data/CHANGES.md CHANGED
@@ -2,18 +2,11 @@
2
2
  All notable changes to this project will be documented in this file.
3
3
  This project adheres to [Semantic Versioning](http://semver.org/).
4
4
 
5
- ## [1.2.3] - 2020-12-05
5
+ ## [2.0.0] - 2020-05-10
6
6
 
7
- ### Fixes
8
- * CVSS v2 now returns the correct severity values based on NVD recommendation
9
- * CVSS v2 now supports vectors which are enclosed in parenthesis e.g. (AV:N/AC:L/Au:N/C:P/I:P/A:P)
10
-
11
- ## [1.2.2] - 2020-07-19
12
-
13
- ### Fixes
14
- Fixed an error that resulted in incorrect environmental score if modified attributes were not defined.
15
-
16
- ## [1.2.1] - 2020-05-10
7
+ ### Breaking Changes
8
+ * Ruby >= 2.4 is now required
9
+ * Renamed choice/choices to value/values
17
10
 
18
11
  ### Improvements
19
12
  * Added CvssSuite module to every class (thanks to @fwininger)
@@ -106,4 +99,4 @@ Tried to fix an error. It turned out to be a local problem. Due to this I increa
106
99
 
107
100
  ## [1.0.0] - 2016-04-15
108
101
  ### Initial release
109
- First release of this gem.
102
+ First release of this gem.
data/README.md CHANGED
@@ -1,20 +1,15 @@
1
1
  # CvssSuite for Ruby
2
2
 
3
3
  [![Gem Version](http://img.shields.io/gem/v/cvss-suite.svg)](https://rubygems.org/gems/cvss-suite)
4
- [![Ruby Version](https://img.shields.io/badge/Ruby-2.x-brightgreen.svg)](https://rubygems.org/gems/cvss-suite)
4
+ [![Ruby Version](https://img.shields.io/badge/Ruby-2.4-brightgreen.svg)](https://rubygems.org/gems/cvss-suite)
5
5
  [![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/v2/guide)
6
6
  [![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/v3.0/user-guide)
7
7
  [![Cvss Support](https://img.shields.io/badge/CVSS-v3.1-brightgreen.svg)](https://www.first.org/cvss/v3.1/user-guide)
8
- ![RSpec](https://github.com/siemens/cvss-suite/workflows/RSpec/badge.svg)
8
+ [![RSpec](https://github.com/siemens/cvss-suite/workflows/RSpec/badge.svg)](https://github.com/siemens/cvss-suite/actions)
9
9
 
10
10
  This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
11
11
  Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
12
12
 
13
- ## :warning: End of life :warning:
14
-
15
- This version of the gem is no longer supported, please update to a higher version.
16
- Please read the [changelog of 2.0.0](https://github.com/siemens/cvss-suite/blob/master/CHANGES.md#200---2020-05-10) for breaking changes.
17
-
18
13
  ## Installation
19
14
 
20
15
  Add this line to your application's Gemfile:
@@ -30,6 +25,10 @@ And then execute:
30
25
  Or install it yourself as:
31
26
 
32
27
  $ gem install cvss-suite
28
+
29
+ ## Version 1.x
30
+
31
+ If your still using CvssSuite 1.x please refer to the [specific branch](https://github.com/siemens/cvss-suite/tree/1.x) for documentation and changelog.
33
32
 
34
33
  ## Usage
35
34
 
@@ -67,15 +66,15 @@ overall_score = cvss.overall_score # 3.2
67
66
  access_vector = cvss.base.access_vector.name # 'Access Vector'
68
67
  remediation_level = cvss.temporal.remediation_level.name # 'Remediation Level'
69
68
 
70
- access_vector.choices.each do |choice|
71
- choice[:name] # 'Local', 'Adjacent Network', 'Network'
72
- choice[:abbreviation] # 'L', 'A', 'N'
73
- choice[:selected] # false, true, false
69
+ access_vector.values.each do |value|
70
+ value[:name] # 'Local', 'Adjacent Network', 'Network'
71
+ value[:abbreviation] # 'L', 'A', 'N'
72
+ value[:selected] # false, true, false
74
73
  end
75
74
 
76
75
  # Selected options
77
- cvss.base.access_vector.selected_choice[:name] # Adjacent Network
78
- cvss.temporal.remediation_level.selected_choice[:name] # Temporary Fix
76
+ cvss.base.access_vector.selected_value[:name] # Adjacent Network
77
+ cvss.temporal.remediation_level.selected_value[:name] # Temporary Fix
79
78
 
80
79
  # Exceptions
81
80
 
@@ -105,11 +104,13 @@ Properties (Access Vector, Remediation Level, etc) do have a position attribute,
105
104
 
106
105
  Currently it is not possible to leave an attribute blank instead of ND/X. If you don't have a value for an attribute, please use ND/X instead.
107
106
 
107
+ Because the documentation isn't clear on how to calculate the score if Modified Scope (CVSS 3.0 Environmental) is not defined, Modified Scope has to have a valid value (S/U).
108
+
108
109
  There is a possibility of implementations generating different scores (+/- 0,1) due to small floating-point inaccuracies. This can happen due to differences in floating point arithmetic between different languages and hardware platforms.
109
110
 
110
111
  ## Changelog
111
112
 
112
- [Click here to see all changes.](https://github.com/siemens/cvss-suite/blob/1.x/CHANGES.md)
113
+ [Click here to see all changes.](https://github.com/siemens/cvss-suite/blob/master/CHANGES.md)
113
114
 
114
115
  ## Contributing
115
116
 
data/cvss_suite.gemspec CHANGED
@@ -26,9 +26,7 @@ Gem::Specification.new do |spec|
26
26
  Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.'
27
27
  spec.homepage = 'https://siemens.github.io/cvss-suite/'
28
28
 
29
- spec.post_install_message = 'Version 1.x of this gem is no longer supported, please update to a supported version.'
30
-
31
- spec.required_ruby_version = '>= 2.0.0'
29
+ spec.required_ruby_version = '>= 2.4.0'
32
30
  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
33
31
  spec.bindir = 'exe'
34
32
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
data/lib/cvss_suite/cvss.rb CHANGED
@@ -8,26 +8,22 @@
8
8
  # This work is licensed under the terms of the MIT license.
9
9
  # See the LICENSE.md file in the top-level directory.
10
10
 
11
- ##
12
- # This class represents any CVSS vector. Do not instantiate this class!
13
-
14
11
  module CvssSuite
12
+ ##
13
+ # This class represents any CVSS vector. Do not instantiate this class!
15
14
  class Cvss
16
15
  ##
17
16
  # Metric of a CVSS vector.
18
-
19
17
  attr_reader :base, :temporal, :environmental
20
18
 
21
19
  ##
22
20
  # Returns the vector itself.
23
-
24
21
  attr_reader :vector
25
22
 
26
23
  ##
27
24
  # Creates a new CVSS vector by a +vector+.
28
25
  #
29
26
  # Raises an exception if it is called on Cvss class.
30
-
31
27
  def initialize(vector)
32
28
  raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if self.class == Cvss
33
29
 
@@ -39,7 +35,6 @@ module CvssSuite
39
35
 
40
36
  ##
41
37
  # Returns if CVSS vector is valid.
42
-
43
38
  def valid?
44
39
  if @amount_of_properties == required_amount_of_properties
45
40
  base = @base.valid?
@@ -54,7 +49,6 @@ module CvssSuite
54
49
 
55
50
  ##
56
51
  # Returns the severity of the CVSS vector.
57
-
58
52
  def severity
59
53
  check_validity
60
54
 
@@ -62,13 +56,13 @@ module CvssSuite
62
56
 
63
57
  if score == 0.0
64
58
  'None'
65
- elsif (0.1..3.9).include? score
59
+ elsif (0.1..3.9).cover? score
66
60
  'Low'
67
- elsif (4.0..6.9).include? score
61
+ elsif (4.0..6.9).cover? score
68
62
  'Medium'
69
- elsif (7.0..8.9).include? score
63
+ elsif (7.0..8.9).cover? score
70
64
  'High'
71
- elsif (9.0..10.0).include? score
65
+ elsif (9.0..10.0).cover? score
72
66
  'Critical'
73
67
  else
74
68
  'None'
@@ -77,7 +71,6 @@ module CvssSuite
77
71
 
78
72
  ##
79
73
  # Returns the Overall Score of the CVSS vector.
80
-
81
74
  def overall_score
82
75
  check_validity
83
76
  return temporal_score if @temporal.valid? && !@environmental.valid?
@@ -107,18 +100,7 @@ module CvssSuite
107
100
  if start_of_vector.nil?
108
101
  ''
109
102
  else
110
- if start_of_vector == 1
111
- matchArray = @vector.scan(/\((?>[^)(]+|\g<0>)*\)/)
112
- if matchArray.length == 1 && matchArray[0] == @vector
113
- @vector.slice!(0)
114
- @vector.slice!(@vector.length - 1)
115
- @vector
116
- else
117
- ''
118
- end
119
- else
120
- @vector[start_of_vector..-1]
121
- end
103
+ @vector[start_of_vector..-1]
122
104
  end
123
105
  end
124
106
 
@@ -126,7 +108,7 @@ module CvssSuite
126
108
  total = @base.count if @base.valid?
127
109
  total += @temporal.count if @temporal.valid?
128
110
  total += @environmental.count if @environmental.valid?
129
- total ||= 0
111
+ total || 0
130
112
  end
131
113
  end
132
114
  end
data/lib/cvss_suite/cvss2/cvss2.rb CHANGED
@@ -13,39 +13,18 @@ require_relative 'cvss2_base'
13
13
  require_relative 'cvss2_temporal'
14
14
  require_relative 'cvss2_environmental'
15
15
 
16
- ##
17
- # This class represents a CVSS vector in version 2.
18
-
19
16
  module CvssSuite
17
+ ##
18
+ # This class represents a CVSS vector in version 2.
20
19
  class Cvss2 < Cvss
21
20
  ##
22
21
  # Returns the Version of the CVSS vector.
23
-
24
22
  def version
25
23
  2
26
24
  end
27
25
 
28
- # Returns the severity of the CVSSv2 vector.
29
- # https://nvd.nist.gov/vuln-metrics/cvss
30
- def severity
31
- check_validity
32
-
33
- score = overall_score
34
-
35
- if (0.0..3.9).include? score
36
- 'Low'
37
- elsif (4.0..6.9).include? score
38
- 'Medium'
39
- elsif (7.0..10.0).include? score
40
- 'High'
41
- else
42
- 'None'
43
- end
44
- end
45
-
46
26
  ##
47
27
  # Returns the Base Score of the CVSS vector.
48
-
49
28
  def base_score
50
29
  check_validity
51
30
  @base.score.round(1)
@@ -53,14 +32,12 @@ module CvssSuite
53
32
 
54
33
  ##
55
34
  # Returns the Temporal Score of the CVSS vector.
56
-
57
35
  def temporal_score
58
36
  (base_score * @temporal.score).round(1)
59
37
  end
60
38
 
61
39
  ##
62
40
  # Returns the Environmental Score of the CVSS vector.
63
-
64
41
  def environmental_score
65
42
  return temporal_score unless @environmental.valid?
66
43
 
data/lib/cvss_suite/cvss2/cvss2_base.rb CHANGED
@@ -11,14 +11,12 @@
11
11
  require_relative '../cvss_property'
12
12
  require_relative '../cvss_metric'
13
13
 
14
- ##
15
- # This class represents a CVSS Base metric in version 2.
16
-
17
14
  module CvssSuite
15
+ ##
16
+ # This class represents a CVSS Base metric in version 2.
18
17
  class Cvss2Base < CvssMetric
19
18
  ##
20
19
  # Property of this metric
21
-
22
20
  attr_reader :access_vector, :access_complexity, :authentication,
23
21
  :confidentiality_impact, :integrity_impact, :availability_impact
24
22
 
@@ -27,13 +25,12 @@ module CvssSuite
27
25
  # See CVSS documentation for further information https://www.first.org/cvss/v2/guide#i3.2.1 .
28
26
  #
29
27
  # Takes +Security+ +Requirement+ +Impacts+ for calculating environmental score.
30
-
31
28
  def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
32
29
  impact = calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
33
30
 
34
31
  exploitability = calc_exploitability
35
32
 
36
- additional_impact = (impact == 0 ? 0 : 1.176)
33
+ additional_impact = (impact.zero? ? 0 : 1.176)
37
34
 
38
35
  ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
39
36
  end
@@ -43,32 +40,32 @@ module CvssSuite
43
40
  def init_properties
44
41
  @properties.push(@access_vector =
45
42
  CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
46
- choices: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
43
+ values: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
47
44
  { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
48
45
  { name: 'Local', abbreviation: 'L', weight: 0.395 }]))
49
46
  @properties.push(@access_complexity =
50
47
  CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
51
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
48
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
52
49
  { name: 'Medium', abbreviation: 'M', weight: 0.61 },
53
50
  { name: 'High', abbreviation: 'H', weight: 0.35 }]))
54
51
  @properties.push(@authentication =
55
52
  CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
56
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
53
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
57
54
  { name: 'Single', abbreviation: 'S', weight: 0.56 },
58
55
  { name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
59
56
  @properties.push(@confidentiality_impact =
60
57
  CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
61
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
58
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
62
59
  { name: 'Partial', abbreviation: 'P', weight: 0.275 },
63
60
  { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
64
61
  @properties.push(@integrity_impact =
65
62
  CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
66
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
63
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
67
64
  { name: 'Partial', abbreviation: 'P', weight: 0.275 },
68
65
  { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
69
66
  @properties.push(@availability_impact =
70
67
  CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
71
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
68
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
72
69
  { name: 'Partial', abbreviation: 'P', weight: 0.275 },
73
70
  { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
74
71
  end
data/lib/cvss_suite/cvss2/cvss2_environmental.rb CHANGED
@@ -11,22 +11,21 @@
11
11
  require_relative '../cvss_property'
12
12
  require_relative '../cvss_metric'
13
13
 
14
- ##
15
- # This class represents a CVSS Environmental metric in version 2.
16
-
17
14
  module CvssSuite
15
+ ##
16
+ # This class represents a CVSS Environmental metric in version 2.
18
17
  class Cvss2Environmental < CvssMetric
19
18
  ##
20
19
  # Property of this metric
21
-
22
20
  attr_reader :collateral_damage_potential, :target_distribution, :security_requirements_cr,
23
21
  :security_requirements_ir, :security_requirements_ar
24
22
 
25
23
  ##
26
24
  # Returns score of this metric
27
-
28
25
  def score(base, temporal_score)
29
- base_score = (base.score @security_requirements_cr.score, @security_requirements_ir.score, @security_requirements_ar.score).round(1)
26
+ base_score = base.score(@security_requirements_cr.score,
27
+ @security_requirements_ir.score,
28
+ @security_requirements_ar.score).round(1)
30
29
 
31
30
  adjusted_temporal = (base_score * temporal_score).round(1)
32
31
  (adjusted_temporal + (10 - adjusted_temporal) * @collateral_damage_potential.score) * @target_distribution.score
@@ -37,7 +36,7 @@ module CvssSuite
37
36
  def init_properties
38
37
  @properties.push(@collateral_damage_potential =
39
38
  CvssProperty.new(name: 'Collateral Damage Potential', abbreviation: 'CDP', position: [6, 9],
40
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
39
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
41
40
  { name: 'Low', abbreviation: 'L', weight: 0.1 },
42
41
  { name: 'Low-Medium', abbreviation: 'LM', weight: 0.3 },
43
42
  { name: 'Medium-High', abbreviation: 'MH', weight: 0.4 },
@@ -45,26 +44,26 @@ module CvssSuite
45
44
  { name: 'Not Defined', abbreviation: 'ND', weight: 0.0 }]))
46
45
  @properties.push(@target_distribution =
47
46
  CvssProperty.new(name: 'Target Distribution', abbreviation: 'TD', position: [7, 10],
48
- choices: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
47
+ values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
49
48
  { name: 'Low', abbreviation: 'L', weight: 0.25 },
50
49
  { name: 'Medium', abbreviation: 'M', weight: 0.75 },
51
50
  { name: 'High', abbreviation: 'H', weight: 1.0 },
52
51
  { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
53
52
  @properties.push(@security_requirements_cr =
54
53
  CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
55
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
54
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
56
55
  { name: 'Medium', abbreviation: 'M', weight: 1.0 },
57
56
  { name: 'High', abbreviation: 'H', weight: 1.51 },
58
57
  { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
59
58
  @properties.push(@security_requirements_ir =
60
59
  CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
61
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
60
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
62
61
  { name: 'Medium', abbreviation: 'M', weight: 1.0 },
63
62
  { name: 'High', abbreviation: 'H', weight: 1.51 },
64
63
  { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
65
64
  @properties.push(@security_requirements_ar =
66
65
  CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
67
- choices: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
66
+ values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
68
67
  { name: 'Medium', abbreviation: 'M', weight: 1.0 },
69
68
  { name: 'High', abbreviation: 'H', weight: 1.51 },
70
69
  { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
data/lib/cvss_suite/cvss2/cvss2_temporal.rb CHANGED
@@ -11,19 +11,16 @@
11
11
  require_relative '../cvss_property'
12
12
  require_relative '../cvss_metric'
13
13
 
14
- ##
15
- # This class represents a CVSS Temporal metric in version 2.
16
-
17
14
  module CvssSuite
15
+ ##
16
+ # This class represents a CVSS Temporal metric in version 2.
18
17
  class Cvss2Temporal < CvssMetric
19
18
  ##
20
19
  # Property of this metric
21
-
22
20
  attr_reader :exploitability, :remediation_level, :report_confidence
23
21
 
24
22
  ##
25
23
  # Returns score of this metric
26
-
27
24
  def score
28
25
  return 1 unless valid?
29
26
 
@@ -35,14 +32,14 @@ module CvssSuite
35
32
  def init_properties
36
33
  @properties.push(@exploitability =
37
34
  CvssProperty.new(name: 'Exploitability', abbreviation: 'E', position: [6],
38
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
35
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
39
36
  { name: 'Unproven', abbreviation: 'U', weight: 0.85 },
40
37
  { name: 'Proof-of-Concept', abbreviation: 'POC', weight: 0.9 },
41
38
  { name: 'Functional', abbreviation: 'F', weight: 0.95 },
42
39
  { name: 'High', abbreviation: 'H', weight: 1 }]))
43
40
  @properties.push(@remediation_level =
44
41
  CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [7],
45
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
42
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
46
43
  { name: 'Official Fix', abbreviation: 'OF', weight: 0.87 },
47
44
  { name: 'Temporary Fix', abbreviation: 'TF', weight: 0.9 },
48
45
  { name: 'Workaround', abbreviation: 'W', weight: 0.95 },
@@ -50,7 +47,7 @@ module CvssSuite
50
47
 
51
48
  @properties.push(@report_confidence =
52
49
  CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [8],
53
- choices: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
50
+ values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
54
51
  { name: 'Unconfirmed', abbreviation: 'UC', weight: 0.9 },
55
52
  { name: 'Uncorroborated', abbreviation: 'UR', weight: 0.95 },
56
53
  { name: 'Confirmed', abbreviation: 'C', weight: 1 }]))