cvss-suite 2.0.0 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/rspec.yml +3 -3
- data/.github/workflows/rubocop.yml +7 -6
- data/.rubocop.yml +36 -1
- data/CHANGES.md +19 -0
- data/CNAME +1 -0
- data/CODE_OF_CONDUCT.md +3 -2
- data/Gemfile +3 -2
- data/LICENSE.md +2 -1
- data/README.md +10 -8
- data/cvss_suite.gemspec +7 -7
- data/lib/cvss_suite/cvss.rb +15 -5
- data/lib/cvss_suite/cvss2/cvss2.rb +22 -2
- data/lib/cvss_suite/cvss2/cvss2_base.rb +15 -14
- data/lib/cvss_suite/cvss2/cvss2_environmental.rb +21 -20
- data/lib/cvss_suite/cvss2/cvss2_temporal.rb +14 -13
- data/lib/cvss_suite/cvss3/cvss3.rb +4 -3
- data/lib/cvss_suite/cvss3/cvss3_base.rb +17 -16
- data/lib/cvss_suite/cvss3/cvss3_environmental.rb +97 -41
- data/lib/cvss_suite/cvss3/cvss3_temporal.rb +14 -13
- data/lib/cvss_suite/cvss31/cvss31.rb +4 -3
- data/lib/cvss_suite/cvss31/cvss31_base.rb +17 -16
- data/lib/cvss_suite/cvss31/cvss31_environmental.rb +97 -41
- data/lib/cvss_suite/cvss31/cvss31_temporal.rb +14 -13
- data/lib/cvss_suite/cvss_metric.rb +3 -2
- data/lib/cvss_suite/cvss_property.rb +3 -2
- data/lib/cvss_suite/errors.rb +4 -1
- data/lib/cvss_suite/helpers/cvss31_helper.rb +3 -2
- data/lib/cvss_suite/helpers/cvss3_helper.rb +3 -2
- data/lib/cvss_suite/invalid_cvss.rb +5 -2
- data/lib/cvss_suite/version.rb +4 -3
- data/lib/cvss_suite.rb +4 -2
- metadata +10 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 35f019f9f2db03e3365a83f1740fa2491817d6057744cbfe460fb2f0e9954437
|
|
4
|
+
data.tar.gz: 8e25a80d218017ca820305b01877f272574cab8fcc35d33a4adfa85e75396c6d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 41c7f6b1f517a891d6d4b59cbd6d32b5f139d4738776f28596609278f6bd21e4ea7bb532a545d04960ae9447ffc9e4ee03b690b42bb0d0aa05a031a7a85d407a
|
|
7
|
+
data.tar.gz: ff3e271e463292488315a27db826e18f6b55f16142eb7e486bbb3a4cb7c684fa82c7f94e725409c898b06b681c5df8e794afb8289df812064c53d6f27ac753b2
|
data/.github/workflows/rspec.yml
CHANGED
|
@@ -8,14 +8,14 @@ jobs:
|
|
|
8
8
|
runs-on: ubuntu-latest
|
|
9
9
|
strategy:
|
|
10
10
|
matrix:
|
|
11
|
-
ruby: [ '2.
|
|
11
|
+
ruby: [ '2.6', '2.7', '3.0', '3.1' ]
|
|
12
12
|
steps:
|
|
13
13
|
- uses: actions/checkout@v2
|
|
14
14
|
- name: Set up ${{ matrix.ruby }}
|
|
15
|
-
uses:
|
|
15
|
+
uses: ruby/setup-ruby@v1
|
|
16
16
|
with:
|
|
17
17
|
ruby-version: ${{ matrix.ruby }}
|
|
18
|
-
- name:
|
|
18
|
+
- name: Install gems
|
|
19
19
|
run: |
|
|
20
20
|
gem install bundler -v ">= 1.10"
|
|
21
21
|
bundle install --jobs 4 --retry 3
|
|
@@ -9,13 +9,14 @@ jobs:
|
|
|
9
9
|
|
|
10
10
|
steps:
|
|
11
11
|
- uses: actions/checkout@v2
|
|
12
|
-
- name: Set up Ruby 2.
|
|
13
|
-
uses:
|
|
12
|
+
- name: Set up Ruby 2.6
|
|
13
|
+
uses: ruby/setup-ruby@v1
|
|
14
14
|
with:
|
|
15
|
-
ruby-version: 2.
|
|
16
|
-
- name:
|
|
15
|
+
ruby-version: 2.6
|
|
16
|
+
- name: Install gems
|
|
17
17
|
run: |
|
|
18
|
-
gem
|
|
18
|
+
gem update --system
|
|
19
|
+
gem install bundler -v ">= 1.10"
|
|
19
20
|
gem install rubocop
|
|
20
|
-
- name: Run
|
|
21
|
+
- name: Run checks
|
|
21
22
|
run: rubocop -F --fail-level C -f s
|
data/.rubocop.yml
CHANGED
|
@@ -1,10 +1,45 @@
|
|
|
1
1
|
inherit_from: .rubocop_todo.yml
|
|
2
2
|
|
|
3
3
|
AllCops:
|
|
4
|
-
TargetRubyVersion: 2.
|
|
4
|
+
TargetRubyVersion: 2.6
|
|
5
|
+
SuggestExtensions: false
|
|
5
6
|
|
|
6
7
|
Metrics/LineLength:
|
|
7
8
|
Max: 120
|
|
9
|
+
Exclude:
|
|
10
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
|
11
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
|
12
|
+
|
|
13
|
+
Metrics/ClassLength:
|
|
14
|
+
Exclude:
|
|
15
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
|
16
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
|
17
|
+
|
|
18
|
+
Metrics/MethodLength:
|
|
19
|
+
Exclude:
|
|
20
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
|
21
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
|
22
|
+
|
|
23
|
+
Metrics/BlockLength:
|
|
24
|
+
Exclude:
|
|
25
|
+
- 'spec/cvss2/cvss2_spec.rb'
|
|
26
|
+
- 'spec/cvss3/cvss3_spec.rb'
|
|
27
|
+
- 'spec/cvss31/cvss31_spec.rb'
|
|
28
|
+
|
|
29
|
+
Style/IfUnlessModifier:
|
|
30
|
+
Exclude:
|
|
31
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
|
32
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
|
33
|
+
|
|
34
|
+
Style/GuardClause:
|
|
35
|
+
Exclude:
|
|
36
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
|
37
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
|
38
|
+
|
|
39
|
+
Style/ConditionalAssignment:
|
|
40
|
+
Exclude:
|
|
41
|
+
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
|
42
|
+
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
|
8
43
|
|
|
9
44
|
Style/FrozenStringLiteralComment:
|
|
10
45
|
Enabled: false
|
data/CHANGES.md
CHANGED
|
@@ -2,6 +2,25 @@
|
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
|
|
5
|
+
## [3.0.0] - 2022-03-13
|
|
6
|
+
|
|
7
|
+
### Breaking Changes
|
|
8
|
+
* Ruby >= 2.6 is now required
|
|
9
|
+
|
|
10
|
+
### Notes
|
|
11
|
+
* Moved repository to its new home
|
|
12
|
+
|
|
13
|
+
## [2.0.2] - 2020-12-05
|
|
14
|
+
|
|
15
|
+
### Fixes
|
|
16
|
+
* CVSS v2 now returns the correct severity values based on NVD recommendation
|
|
17
|
+
* CVSS v2 now supports vectors which are enclosed in parenthesis e.g. (AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
|
18
|
+
|
|
19
|
+
## [2.0.1] - 2020-07-19
|
|
20
|
+
|
|
21
|
+
### Fixes
|
|
22
|
+
Fixed an error that resulted in incorrect environmental score if modified attributes were not defined.
|
|
23
|
+
|
|
5
24
|
## [2.0.0] - 2020-05-10
|
|
6
25
|
|
|
7
26
|
### Breaking Changes
|
data/CNAME
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
cvss-suite.0lli.rocks
|
data/CODE_OF_CONDUCT.md
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
|
|
3
|
-
Copyright (c) Siemens AG
|
|
3
|
+
Copyright (c) 2016-2022 Siemens AG
|
|
4
|
+
Copyright (c) 2022 0llirocks
|
|
4
5
|
|
|
5
|
-
Authors:
|
|
6
|
+
Authors: 0llirocks <http://0lli.rocks>
|
|
6
7
|
|
|
7
8
|
This work is licensed under the terms of the MIT license.
|
|
8
9
|
See the LICENSE.md file in the top-level directory.
|
data/Gemfile
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
#
|
|
3
|
-
# Copyright (c) Siemens AG
|
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
|
4
|
+
# Copyright (c) 2022 0llirocks
|
|
4
5
|
#
|
|
5
6
|
# Authors:
|
|
6
|
-
#
|
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
|
7
8
|
#
|
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
data/LICENSE.md
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
The MIT License (MIT)
|
|
2
2
|
|
|
3
|
-
Copyright (c) 2016 Siemens AG
|
|
3
|
+
Copyright (c) 2016-2022 Siemens AG
|
|
4
|
+
Copyright (c) 2022 0llirocks
|
|
4
5
|
|
|
5
6
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
6
7
|
this software and associated documentation files (the "Software"), to deal in
|
data/README.md
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
# CvssSuite for Ruby
|
|
2
2
|
|
|
3
3
|
[](https://rubygems.org/gems/cvss-suite)
|
|
4
|
-
[](https://rubygems.org/gems/cvss-suite)
|
|
5
5
|
[](https://www.first.org/cvss/v2/guide)
|
|
6
6
|
[](https://www.first.org/cvss/v3.0/user-guide)
|
|
7
7
|
[](https://www.first.org/cvss/v3.1/user-guide)
|
|
8
|
-
[](https://github.com/0llirocks/cvss-suite/actions)
|
|
9
9
|
|
|
10
10
|
This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
|
|
11
11
|
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
|
|
@@ -25,10 +25,14 @@ And then execute:
|
|
|
25
25
|
Or install it yourself as:
|
|
26
26
|
|
|
27
27
|
$ gem install cvss-suite
|
|
28
|
+
|
|
29
|
+
## Version 2.x
|
|
30
|
+
|
|
31
|
+
If you are still using CvssSuite 2.x please refer to the [specific branch](https://github.com/0llirocks/cvss-suite/tree/2.x) for documentation and changelog.
|
|
28
32
|
|
|
29
33
|
## Version 1.x
|
|
30
34
|
|
|
31
|
-
If
|
|
35
|
+
If you are still using CvssSuite 1.x please refer to the [specific branch](https://github.com/0llirocks/cvss-suite/tree/1.x) for documentation and changelog.
|
|
32
36
|
|
|
33
37
|
## Usage
|
|
34
38
|
|
|
@@ -104,17 +108,15 @@ Properties (Access Vector, Remediation Level, etc) do have a position attribute,
|
|
|
104
108
|
|
|
105
109
|
Currently it is not possible to leave an attribute blank instead of ND/X. If you don't have a value for an attribute, please use ND/X instead.
|
|
106
110
|
|
|
107
|
-
Because the documentation isn't clear on how to calculate the score if Modified Scope (CVSS 3.0 Environmental) is not defined, Modified Scope has to have a valid value (S/U).
|
|
108
|
-
|
|
109
111
|
There is a possibility of implementations generating different scores (+/- 0,1) due to small floating-point inaccuracies. This can happen due to differences in floating point arithmetic between different languages and hardware platforms.
|
|
110
112
|
|
|
111
113
|
## Changelog
|
|
112
114
|
|
|
113
|
-
[Click here to see all changes.](https://github.com/
|
|
115
|
+
[Click here to see all changes.](https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md)
|
|
114
116
|
|
|
115
117
|
## Contributing
|
|
116
118
|
|
|
117
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
|
119
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/0llirocks/cvss-suite. This project is intended to be a safe, welcoming space for collaboration.
|
|
118
120
|
|
|
119
121
|
## References
|
|
120
|
-
[CvssSuite for .NET](https://
|
|
122
|
+
[CvssSuite for .NET](https://cvsssuite.0lli.rocks)
|
data/cvss_suite.gemspec
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
#
|
|
3
|
-
# Copyright (c) Siemens AG
|
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
|
4
|
+
# Copyright (c) 2022 0llirocks
|
|
4
5
|
#
|
|
5
6
|
# Authors:
|
|
6
|
-
#
|
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
|
7
8
|
#
|
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
|
@@ -18,15 +19,14 @@ Gem::Specification.new do |spec|
|
|
|
18
19
|
spec.name = 'cvss-suite'
|
|
19
20
|
spec.version = CvssSuite::VERSION
|
|
20
21
|
spec.license = 'MIT'
|
|
21
|
-
spec.authors = ['
|
|
22
|
-
spec.email = ['oliver.hamboerger@siemens.com']
|
|
22
|
+
spec.authors = ['0llirocks']
|
|
23
23
|
|
|
24
24
|
spec.summary = 'Ruby gem for processing cvss vectors.'
|
|
25
25
|
spec.description = 'This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
|
|
26
26
|
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.'
|
|
27
|
-
spec.homepage = 'https://
|
|
27
|
+
spec.homepage = 'https://cvss-suite.0lli.rocks'
|
|
28
28
|
|
|
29
|
-
spec.required_ruby_version = '>= 2.
|
|
29
|
+
spec.required_ruby_version = '>= 2.6.0'
|
|
30
30
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
|
31
31
|
spec.bindir = 'exe'
|
|
32
32
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
@@ -36,5 +36,5 @@ Besides calculating the Base, Temporal and Environmental Score, you are able to
|
|
|
36
36
|
spec.add_development_dependency 'bundler', '>= 1.10'
|
|
37
37
|
spec.add_development_dependency 'rspec', '~> 3.4'
|
|
38
38
|
spec.add_development_dependency 'rspec-its', '~> 1.2'
|
|
39
|
-
spec.add_development_dependency 'simplecov', '~> 0.
|
|
39
|
+
spec.add_development_dependency 'simplecov', '~> 0.18'
|
|
40
40
|
end
|
data/lib/cvss_suite/cvss.rb
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
#
|
|
3
|
-
# Copyright (c) Siemens AG
|
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
|
4
|
+
# Copyright (c) 2022 0llirocks
|
|
4
5
|
#
|
|
5
6
|
# Authors:
|
|
6
|
-
#
|
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
|
7
8
|
#
|
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
|
@@ -25,7 +26,7 @@ module CvssSuite
|
|
|
25
26
|
#
|
|
26
27
|
# Raises an exception if it is called on Cvss class.
|
|
27
28
|
def initialize(vector)
|
|
28
|
-
raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if
|
|
29
|
+
raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if instance_of? Cvss
|
|
29
30
|
|
|
30
31
|
@vector = vector
|
|
31
32
|
@properties = []
|
|
@@ -54,7 +55,7 @@ module CvssSuite
|
|
|
54
55
|
|
|
55
56
|
score = overall_score
|
|
56
57
|
|
|
57
|
-
if score
|
|
58
|
+
if score <= 0.0
|
|
58
59
|
'None'
|
|
59
60
|
elsif (0.1..3.9).cover? score
|
|
60
61
|
'Low'
|
|
@@ -99,8 +100,17 @@ module CvssSuite
|
|
|
99
100
|
|
|
100
101
|
if start_of_vector.nil?
|
|
101
102
|
''
|
|
103
|
+
elsif start_of_vector == 1
|
|
104
|
+
match_array = @vector.scan(/\((?>[^)(]+|\g<0>)*\)/)
|
|
105
|
+
if match_array.length == 1 && match_array[0] == @vector
|
|
106
|
+
@vector.slice!(0)
|
|
107
|
+
@vector.slice!(@vector.length - 1)
|
|
108
|
+
@vector
|
|
109
|
+
else
|
|
110
|
+
''
|
|
111
|
+
end
|
|
102
112
|
else
|
|
103
|
-
@vector[start_of_vector
|
|
113
|
+
@vector[start_of_vector..]
|
|
104
114
|
end
|
|
105
115
|
end
|
|
106
116
|
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
#
|
|
3
|
-
# Copyright (c) Siemens AG
|
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
|
4
|
+
# Copyright (c) 2022 0llirocks
|
|
4
5
|
#
|
|
5
6
|
# Authors:
|
|
6
|
-
#
|
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
|
7
8
|
#
|
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
|
@@ -23,6 +24,25 @@ module CvssSuite
|
|
|
23
24
|
2
|
|
24
25
|
end
|
|
25
26
|
|
|
27
|
+
# Returns the severity of the CVSSv2 vector.
|
|
28
|
+
# https://nvd.nist.gov/vuln-metrics/cvss
|
|
29
|
+
def severity
|
|
30
|
+
check_validity
|
|
31
|
+
|
|
32
|
+
score = overall_score
|
|
33
|
+
|
|
34
|
+
case score
|
|
35
|
+
when 0.0..3.9
|
|
36
|
+
'Low'
|
|
37
|
+
when 4.0..6.9
|
|
38
|
+
'Medium'
|
|
39
|
+
when 7.0..10.0
|
|
40
|
+
'High'
|
|
41
|
+
else
|
|
42
|
+
'None'
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
26
46
|
##
|
|
27
47
|
# Returns the Base Score of the CVSS vector.
|
|
28
48
|
def base_score
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
#
|
|
3
|
-
# Copyright (c) Siemens AG
|
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
|
4
|
+
# Copyright (c) 2022 0llirocks
|
|
4
5
|
#
|
|
5
6
|
# Authors:
|
|
6
|
-
#
|
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
|
7
8
|
#
|
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
|
@@ -41,33 +42,33 @@ module CvssSuite
|
|
|
41
42
|
@properties.push(@access_vector =
|
|
42
43
|
CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
|
|
43
44
|
values: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
|
|
44
|
-
|
|
45
|
-
|
|
45
|
+
{ name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
|
|
46
|
+
{ name: 'Local', abbreviation: 'L', weight: 0.395 }]))
|
|
46
47
|
@properties.push(@access_complexity =
|
|
47
48
|
CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
|
|
48
49
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
|
|
49
|
-
|
|
50
|
-
|
|
50
|
+
{ name: 'Medium', abbreviation: 'M', weight: 0.61 },
|
|
51
|
+
{ name: 'High', abbreviation: 'H', weight: 0.35 }]))
|
|
51
52
|
@properties.push(@authentication =
|
|
52
53
|
CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
|
|
53
54
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
|
|
54
|
-
|
|
55
|
-
|
|
55
|
+
{ name: 'Single', abbreviation: 'S', weight: 0.56 },
|
|
56
|
+
{ name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
|
|
56
57
|
@properties.push(@confidentiality_impact =
|
|
57
58
|
CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
|
|
58
59
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
|
|
59
|
-
|
|
60
|
-
|
|
60
|
+
{ name: 'Partial', abbreviation: 'P', weight: 0.275 },
|
|
61
|
+
{ name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
|
|
61
62
|
@properties.push(@integrity_impact =
|
|
62
63
|
CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
|
|
63
64
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
|
|
64
|
-
|
|
65
|
-
|
|
65
|
+
{ name: 'Partial', abbreviation: 'P', weight: 0.275 },
|
|
66
|
+
{ name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
|
|
66
67
|
@properties.push(@availability_impact =
|
|
67
68
|
CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
|
|
68
69
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
|
|
69
|
-
|
|
70
|
-
|
|
70
|
+
{ name: 'Partial', abbreviation: 'P', weight: 0.275 },
|
|
71
|
+
{ name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
|
|
71
72
|
end
|
|
72
73
|
|
|
73
74
|
def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
#
|
|
3
|
-
# Copyright (c) Siemens AG
|
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
|
4
|
+
# Copyright (c) 2022 0llirocks
|
|
4
5
|
#
|
|
5
6
|
# Authors:
|
|
6
|
-
#
|
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
|
7
8
|
#
|
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
|
@@ -37,36 +38,36 @@ module CvssSuite
|
|
|
37
38
|
@properties.push(@collateral_damage_potential =
|
|
38
39
|
CvssProperty.new(name: 'Collateral Damage Potential', abbreviation: 'CDP', position: [6, 9],
|
|
39
40
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
41
|
+
{ name: 'Low', abbreviation: 'L', weight: 0.1 },
|
|
42
|
+
{ name: 'Low-Medium', abbreviation: 'LM', weight: 0.3 },
|
|
43
|
+
{ name: 'Medium-High', abbreviation: 'MH', weight: 0.4 },
|
|
44
|
+
{ name: 'High', abbreviation: 'H', weight: 0.5 },
|
|
45
|
+
{ name: 'Not Defined', abbreviation: 'ND', weight: 0.0 }]))
|
|
45
46
|
@properties.push(@target_distribution =
|
|
46
47
|
CvssProperty.new(name: 'Target Distribution', abbreviation: 'TD', position: [7, 10],
|
|
47
48
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
49
|
+
{ name: 'Low', abbreviation: 'L', weight: 0.25 },
|
|
50
|
+
{ name: 'Medium', abbreviation: 'M', weight: 0.75 },
|
|
51
|
+
{ name: 'High', abbreviation: 'H', weight: 1.0 },
|
|
52
|
+
{ name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
|
|
52
53
|
@properties.push(@security_requirements_cr =
|
|
53
54
|
CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
|
|
54
55
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
56
|
+
{ name: 'Medium', abbreviation: 'M', weight: 1.0 },
|
|
57
|
+
{ name: 'High', abbreviation: 'H', weight: 1.51 },
|
|
58
|
+
{ name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
|
|
58
59
|
@properties.push(@security_requirements_ir =
|
|
59
60
|
CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
|
|
60
61
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
62
|
+
{ name: 'Medium', abbreviation: 'M', weight: 1.0 },
|
|
63
|
+
{ name: 'High', abbreviation: 'H', weight: 1.51 },
|
|
64
|
+
{ name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
|
|
64
65
|
@properties.push(@security_requirements_ar =
|
|
65
66
|
CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
|
|
66
67
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
68
|
+
{ name: 'Medium', abbreviation: 'M', weight: 1.0 },
|
|
69
|
+
{ name: 'High', abbreviation: 'H', weight: 1.51 },
|
|
70
|
+
{ name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }]))
|
|
70
71
|
end
|
|
71
72
|
end
|
|
72
73
|
end
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
#
|
|
3
|
-
# Copyright (c) Siemens AG
|
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
|
4
|
+
# Copyright (c) 2022 0llirocks
|
|
4
5
|
#
|
|
5
6
|
# Authors:
|
|
6
|
-
#
|
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
|
7
8
|
#
|
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
|
@@ -33,24 +34,24 @@ module CvssSuite
|
|
|
33
34
|
@properties.push(@exploitability =
|
|
34
35
|
CvssProperty.new(name: 'Exploitability', abbreviation: 'E', position: [6],
|
|
35
36
|
values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
37
|
+
{ name: 'Unproven', abbreviation: 'U', weight: 0.85 },
|
|
38
|
+
{ name: 'Proof-of-Concept', abbreviation: 'POC', weight: 0.9 },
|
|
39
|
+
{ name: 'Functional', abbreviation: 'F', weight: 0.95 },
|
|
40
|
+
{ name: 'High', abbreviation: 'H', weight: 1 }]))
|
|
40
41
|
@properties.push(@remediation_level =
|
|
41
42
|
CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [7],
|
|
42
43
|
values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
44
|
+
{ name: 'Official Fix', abbreviation: 'OF', weight: 0.87 },
|
|
45
|
+
{ name: 'Temporary Fix', abbreviation: 'TF', weight: 0.9 },
|
|
46
|
+
{ name: 'Workaround', abbreviation: 'W', weight: 0.95 },
|
|
47
|
+
{ name: 'Unavailable', abbreviation: 'U', weight: 1 }]))
|
|
47
48
|
|
|
48
49
|
@properties.push(@report_confidence =
|
|
49
50
|
CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [8],
|
|
50
51
|
values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 },
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
52
|
+
{ name: 'Unconfirmed', abbreviation: 'UC', weight: 0.9 },
|
|
53
|
+
{ name: 'Uncorroborated', abbreviation: 'UR', weight: 0.95 },
|
|
54
|
+
{ name: 'Confirmed', abbreviation: 'C', weight: 1 }]))
|
|
54
55
|
end
|
|
55
56
|
end
|
|
56
57
|
end
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
#
|
|
3
|
-
# Copyright (c) Siemens AG
|
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
|
4
|
+
# Copyright (c) 2022 0llirocks
|
|
4
5
|
#
|
|
5
6
|
# Authors:
|
|
6
|
-
#
|
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
|
7
8
|
#
|
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
|
@@ -41,7 +42,7 @@ module CvssSuite
|
|
|
41
42
|
def environmental_score
|
|
42
43
|
return temporal_score unless @environmental.valid?
|
|
43
44
|
|
|
44
|
-
Cvss3Helper.round_up(@environmental.score(@temporal
|
|
45
|
+
Cvss3Helper.round_up(@environmental.score(@base, @temporal))
|
|
45
46
|
end
|
|
46
47
|
|
|
47
48
|
private
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
#
|
|
3
|
-
# Copyright (c) Siemens AG
|
|
3
|
+
# Copyright (c) 2016-2022 Siemens AG
|
|
4
|
+
# Copyright (c) 2022 0llirocks
|
|
4
5
|
#
|
|
5
6
|
# Authors:
|
|
6
|
-
#
|
|
7
|
+
# 0llirocks <http://0lli.rocks>
|
|
7
8
|
#
|
|
8
9
|
# This work is licensed under the terms of the MIT license.
|
|
9
10
|
# See the LICENSE.md file in the top-level directory.
|
|
@@ -52,41 +53,41 @@ module CvssSuite
|
|
|
52
53
|
@properties.push(@attack_vector =
|
|
53
54
|
CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV', position: [0],
|
|
54
55
|
values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 },
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
56
|
+
{ name: 'Adjacent', abbreviation: 'A', weight: 0.62 },
|
|
57
|
+
{ name: 'Local', abbreviation: 'L', weight: 0.55 },
|
|
58
|
+
{ name: 'Physical', abbreviation: 'P', weight: 0.2 }]))
|
|
58
59
|
@properties.push(@attack_complexity =
|
|
59
60
|
CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC', position: [1],
|
|
60
61
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 },
|
|
61
|
-
|
|
62
|
+
{ name: 'High', abbreviation: 'H', weight: 0.44 }]))
|
|
62
63
|
@properties.push(@privileges_required =
|
|
63
64
|
CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR', position: [2],
|
|
64
65
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
|
|
65
|
-
|
|
66
|
-
|
|
66
|
+
{ name: 'Low', abbreviation: 'L', weight: 0.62 },
|
|
67
|
+
{ name: 'High', abbreviation: 'H', weight: 0.27 }]))
|
|
67
68
|
@properties.push(@user_interaction =
|
|
68
69
|
CvssProperty.new(name: 'User Interaction', abbreviation: 'UI', position: [3],
|
|
69
70
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
|
|
70
|
-
|
|
71
|
+
{ name: 'Required', abbreviation: 'R', weight: 0.62 }]))
|
|
71
72
|
@properties.push(@scope =
|
|
72
73
|
CvssProperty.new(name: 'Scope', abbreviation: 'S', position: [4],
|
|
73
74
|
values: [{ name: 'Unchanged', abbreviation: 'U' },
|
|
74
|
-
|
|
75
|
+
{ name: 'Changed', abbreviation: 'C' }]))
|
|
75
76
|
@properties.push(@confidentiality =
|
|
76
77
|
CvssProperty.new(name: 'Confidentiality', abbreviation: 'C', position: [5],
|
|
77
78
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
|
|
78
|
-
|
|
79
|
-
|
|
79
|
+
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
|
80
|
+
{ name: 'High', abbreviation: 'H', weight: 0.56 }]))
|
|
80
81
|
@properties.push(@integrity =
|
|
81
82
|
CvssProperty.new(name: 'Integrity', abbreviation: 'I', position: [6],
|
|
82
83
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
|
|
83
|
-
|
|
84
|
-
|
|
84
|
+
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
|
85
|
+
{ name: 'High', abbreviation: 'H', weight: 0.56 }]))
|
|
85
86
|
@properties.push(@availability =
|
|
86
87
|
CvssProperty.new(name: 'Availability', abbreviation: 'A', position: [7],
|
|
87
88
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
|
|
88
|
-
|
|
89
|
-
|
|
89
|
+
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
|
90
|
+
{ name: 'High', abbreviation: 'H', weight: 0.56 }]))
|
|
90
91
|
end
|
|
91
92
|
end
|
|
92
93
|
end
|