cvss-suite 2.0.1 → 2.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/CHANGES.md +6 -0
- data/README.md +1 -1
- data/lib/cvss_suite.rb +1 -0
- data/lib/cvss_suite/cvss.rb +11 -2
- data/lib/cvss_suite/cvss2/cvss2.rb +19 -0
- data/lib/cvss_suite/errors.rb +2 -0
- data/lib/cvss_suite/invalid_cvss.rb +2 -0
- data/lib/cvss_suite/version.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f109a2e3d49b66723f39c092692b3cabfa75d829d8ef3f0e07cf9d0d238a3755
|
4
|
+
data.tar.gz: 41660286d0173fa19c37dd49b43f4efc5fc1db025ae6a46741baf0694b5199d3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c567e0730cf9e4ef3e2e85a5c1fa35a9b949c59ed278a968bbf336732f1229cbcfbd84c34e67256a91a6de058a71b13275cb4d8eefdbaa2c416b18e106aac7ff
|
7
|
+
data.tar.gz: d883de3fdc12def5106855a221a535751c9846104ee37a6ecbe8a391a9e3f59b752696c7e0fd128b0dcf8fbedf60bdaa6a0c3d1d1a625c71204555133a4e365b
|
data/.rubocop.yml
CHANGED
@@ -2,6 +2,7 @@ inherit_from: .rubocop_todo.yml
|
|
2
2
|
|
3
3
|
AllCops:
|
4
4
|
TargetRubyVersion: 2.4
|
5
|
+
SuggestExtensions: false
|
5
6
|
|
6
7
|
Metrics/LineLength:
|
7
8
|
Max: 120
|
@@ -21,6 +22,7 @@ Metrics/MethodLength:
|
|
21
22
|
|
22
23
|
Metrics/BlockLength:
|
23
24
|
Exclude:
|
25
|
+
- 'spec/cvss2/cvss2_spec.rb'
|
24
26
|
- 'spec/cvss3/cvss3_spec.rb'
|
25
27
|
- 'spec/cvss31/cvss31_spec.rb'
|
26
28
|
|
data/CHANGES.md
CHANGED
@@ -2,6 +2,12 @@
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
4
4
|
|
5
|
+
## [2.0.2] - 2020-12-05
|
6
|
+
|
7
|
+
### Fixes
|
8
|
+
* CVSS v2 now returns the correct severity values based on NVD recommendation
|
9
|
+
* CVSS v2 now supports vectors which are enclosed in parenthesis e.g. (AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
10
|
+
|
5
11
|
## [2.0.1] - 2020-07-19
|
6
12
|
|
7
13
|
### Fixes
|
data/README.md
CHANGED
@@ -28,7 +28,7 @@ Or install it yourself as:
|
|
28
28
|
|
29
29
|
## Version 1.x
|
30
30
|
|
31
|
-
If
|
31
|
+
If you are still using CvssSuite 1.x please refer to the [specific branch](https://github.com/siemens/cvss-suite/tree/1.x) for documentation and changelog.
|
32
32
|
|
33
33
|
## Usage
|
34
34
|
|
data/lib/cvss_suite.rb
CHANGED
data/lib/cvss_suite/cvss.rb
CHANGED
@@ -25,7 +25,7 @@ module CvssSuite
|
|
25
25
|
#
|
26
26
|
# Raises an exception if it is called on Cvss class.
|
27
27
|
def initialize(vector)
|
28
|
-
raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if
|
28
|
+
raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if instance_of? Cvss
|
29
29
|
|
30
30
|
@vector = vector
|
31
31
|
@properties = []
|
@@ -54,7 +54,7 @@ module CvssSuite
|
|
54
54
|
|
55
55
|
score = overall_score
|
56
56
|
|
57
|
-
if score
|
57
|
+
if score <= 0.0
|
58
58
|
'None'
|
59
59
|
elsif (0.1..3.9).cover? score
|
60
60
|
'Low'
|
@@ -99,6 +99,15 @@ module CvssSuite
|
|
99
99
|
|
100
100
|
if start_of_vector.nil?
|
101
101
|
''
|
102
|
+
elsif start_of_vector == 1
|
103
|
+
match_array = @vector.scan(/\((?>[^)(]+|\g<0>)*\)/)
|
104
|
+
if match_array.length == 1 && match_array[0] == @vector
|
105
|
+
@vector.slice!(0)
|
106
|
+
@vector.slice!(@vector.length - 1)
|
107
|
+
@vector
|
108
|
+
else
|
109
|
+
''
|
110
|
+
end
|
102
111
|
else
|
103
112
|
@vector[start_of_vector..-1]
|
104
113
|
end
|
@@ -23,6 +23,25 @@ module CvssSuite
|
|
23
23
|
2
|
24
24
|
end
|
25
25
|
|
26
|
+
# Returns the severity of the CVSSv2 vector.
|
27
|
+
# https://nvd.nist.gov/vuln-metrics/cvss
|
28
|
+
def severity
|
29
|
+
check_validity
|
30
|
+
|
31
|
+
score = overall_score
|
32
|
+
|
33
|
+
case score
|
34
|
+
when 0.0..3.9
|
35
|
+
'Low'
|
36
|
+
when 4.0..6.9
|
37
|
+
'Medium'
|
38
|
+
when 7.0..10.0
|
39
|
+
'High'
|
40
|
+
else
|
41
|
+
'None'
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
26
45
|
##
|
27
46
|
# Returns the Base Score of the CVSS vector.
|
28
47
|
def base_score
|
data/lib/cvss_suite/errors.rb
CHANGED
@@ -12,9 +12,11 @@ module CvssSuite
|
|
12
12
|
##
|
13
13
|
# This class represents a invalid CVSS vector.
|
14
14
|
class InvalidCvss < Cvss
|
15
|
+
# rubocop:disable Lint/MissingSuper
|
15
16
|
##
|
16
17
|
# Creates a new invalid CVSS vector.
|
17
18
|
def initialize; end
|
19
|
+
# rubocop:enable Lint/MissingSuper
|
18
20
|
|
19
21
|
##
|
20
22
|
# Since this is an invalid CVSS vector, it always returns false.
|
data/lib/cvss_suite/version.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) Siemens AG,
|
3
|
+
# Copyright (c) Siemens AG, 2020
|
4
4
|
#
|
5
5
|
# Authors:
|
6
6
|
# Oliver Hambörger <oliver.hamboerger@siemens.com>
|
@@ -9,5 +9,5 @@
|
|
9
9
|
# See the LICENSE.md file in the top-level directory.
|
10
10
|
|
11
11
|
module CvssSuite
|
12
|
-
VERSION = '2.0.
|
12
|
+
VERSION = '2.0.2'.freeze
|
13
13
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cvss-suite
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oliver Hamboerger
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-12-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|