cvss-suite 2.0.1 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/CHANGES.md +6 -0
- data/README.md +1 -1
- data/lib/cvss_suite.rb +1 -0
- data/lib/cvss_suite/cvss.rb +11 -2
- data/lib/cvss_suite/cvss2/cvss2.rb +19 -0
- data/lib/cvss_suite/errors.rb +2 -0
- data/lib/cvss_suite/invalid_cvss.rb +2 -0
- data/lib/cvss_suite/version.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f109a2e3d49b66723f39c092692b3cabfa75d829d8ef3f0e07cf9d0d238a3755
|
|
4
|
+
data.tar.gz: 41660286d0173fa19c37dd49b43f4efc5fc1db025ae6a46741baf0694b5199d3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c567e0730cf9e4ef3e2e85a5c1fa35a9b949c59ed278a968bbf336732f1229cbcfbd84c34e67256a91a6de058a71b13275cb4d8eefdbaa2c416b18e106aac7ff
|
|
7
|
+
data.tar.gz: d883de3fdc12def5106855a221a535751c9846104ee37a6ecbe8a391a9e3f59b752696c7e0fd128b0dcf8fbedf60bdaa6a0c3d1d1a625c71204555133a4e365b
|
data/.rubocop.yml
CHANGED
|
@@ -2,6 +2,7 @@ inherit_from: .rubocop_todo.yml
|
|
|
2
2
|
|
|
3
3
|
AllCops:
|
|
4
4
|
TargetRubyVersion: 2.4
|
|
5
|
+
SuggestExtensions: false
|
|
5
6
|
|
|
6
7
|
Metrics/LineLength:
|
|
7
8
|
Max: 120
|
|
@@ -21,6 +22,7 @@ Metrics/MethodLength:
|
|
|
21
22
|
|
|
22
23
|
Metrics/BlockLength:
|
|
23
24
|
Exclude:
|
|
25
|
+
- 'spec/cvss2/cvss2_spec.rb'
|
|
24
26
|
- 'spec/cvss3/cvss3_spec.rb'
|
|
25
27
|
- 'spec/cvss31/cvss31_spec.rb'
|
|
26
28
|
|
data/CHANGES.md
CHANGED
|
@@ -2,6 +2,12 @@
|
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
|
|
5
|
+
## [2.0.2] - 2020-12-05
|
|
6
|
+
|
|
7
|
+
### Fixes
|
|
8
|
+
* CVSS v2 now returns the correct severity values based on NVD recommendation
|
|
9
|
+
* CVSS v2 now supports vectors which are enclosed in parenthesis e.g. (AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
|
10
|
+
|
|
5
11
|
## [2.0.1] - 2020-07-19
|
|
6
12
|
|
|
7
13
|
### Fixes
|
data/README.md
CHANGED
|
@@ -28,7 +28,7 @@ Or install it yourself as:
|
|
|
28
28
|
|
|
29
29
|
## Version 1.x
|
|
30
30
|
|
|
31
|
-
If
|
|
31
|
+
If you are still using CvssSuite 1.x please refer to the [specific branch](https://github.com/siemens/cvss-suite/tree/1.x) for documentation and changelog.
|
|
32
32
|
|
|
33
33
|
## Usage
|
|
34
34
|
|
data/lib/cvss_suite.rb
CHANGED
data/lib/cvss_suite/cvss.rb
CHANGED
|
@@ -25,7 +25,7 @@ module CvssSuite
|
|
|
25
25
|
#
|
|
26
26
|
# Raises an exception if it is called on Cvss class.
|
|
27
27
|
def initialize(vector)
|
|
28
|
-
raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if
|
|
28
|
+
raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if instance_of? Cvss
|
|
29
29
|
|
|
30
30
|
@vector = vector
|
|
31
31
|
@properties = []
|
|
@@ -54,7 +54,7 @@ module CvssSuite
|
|
|
54
54
|
|
|
55
55
|
score = overall_score
|
|
56
56
|
|
|
57
|
-
if score
|
|
57
|
+
if score <= 0.0
|
|
58
58
|
'None'
|
|
59
59
|
elsif (0.1..3.9).cover? score
|
|
60
60
|
'Low'
|
|
@@ -99,6 +99,15 @@ module CvssSuite
|
|
|
99
99
|
|
|
100
100
|
if start_of_vector.nil?
|
|
101
101
|
''
|
|
102
|
+
elsif start_of_vector == 1
|
|
103
|
+
match_array = @vector.scan(/\((?>[^)(]+|\g<0>)*\)/)
|
|
104
|
+
if match_array.length == 1 && match_array[0] == @vector
|
|
105
|
+
@vector.slice!(0)
|
|
106
|
+
@vector.slice!(@vector.length - 1)
|
|
107
|
+
@vector
|
|
108
|
+
else
|
|
109
|
+
''
|
|
110
|
+
end
|
|
102
111
|
else
|
|
103
112
|
@vector[start_of_vector..-1]
|
|
104
113
|
end
|
|
@@ -23,6 +23,25 @@ module CvssSuite
|
|
|
23
23
|
2
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
+
# Returns the severity of the CVSSv2 vector.
|
|
27
|
+
# https://nvd.nist.gov/vuln-metrics/cvss
|
|
28
|
+
def severity
|
|
29
|
+
check_validity
|
|
30
|
+
|
|
31
|
+
score = overall_score
|
|
32
|
+
|
|
33
|
+
case score
|
|
34
|
+
when 0.0..3.9
|
|
35
|
+
'Low'
|
|
36
|
+
when 4.0..6.9
|
|
37
|
+
'Medium'
|
|
38
|
+
when 7.0..10.0
|
|
39
|
+
'High'
|
|
40
|
+
else
|
|
41
|
+
'None'
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
26
45
|
##
|
|
27
46
|
# Returns the Base Score of the CVSS vector.
|
|
28
47
|
def base_score
|
data/lib/cvss_suite/errors.rb
CHANGED
|
@@ -12,9 +12,11 @@ module CvssSuite
|
|
|
12
12
|
##
|
|
13
13
|
# This class represents a invalid CVSS vector.
|
|
14
14
|
class InvalidCvss < Cvss
|
|
15
|
+
# rubocop:disable Lint/MissingSuper
|
|
15
16
|
##
|
|
16
17
|
# Creates a new invalid CVSS vector.
|
|
17
18
|
def initialize; end
|
|
19
|
+
# rubocop:enable Lint/MissingSuper
|
|
18
20
|
|
|
19
21
|
##
|
|
20
22
|
# Since this is an invalid CVSS vector, it always returns false.
|
data/lib/cvss_suite/version.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
#
|
|
3
|
-
# Copyright (c) Siemens AG,
|
|
3
|
+
# Copyright (c) Siemens AG, 2020
|
|
4
4
|
#
|
|
5
5
|
# Authors:
|
|
6
6
|
# Oliver Hambörger <oliver.hamboerger@siemens.com>
|
|
@@ -9,5 +9,5 @@
|
|
|
9
9
|
# See the LICENSE.md file in the top-level directory.
|
|
10
10
|
|
|
11
11
|
module CvssSuite
|
|
12
|
-
VERSION = '2.0.
|
|
12
|
+
VERSION = '2.0.2'.freeze
|
|
13
13
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cvss-suite
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oliver Hamboerger
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-12-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|