cvss-suite 3.0.1 → 3.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b5de123089a1d8250c5fdccbf1d859a0da8be387ed88875fb88a5613a786cbb
-  data.tar.gz: cd9150e3086e5f3304f9b4c3de53f587d25b41033218c398aa1e925385e22cee
+  metadata.gz: 773b87ded42d73797271e4dd4c05a261b69bc957295fe75654084f4edf4a4521
+  data.tar.gz: e5ecc4e25e13cc8663ca12cbb8b065246ee25b0e44fbfb6bfdbbfdb61ef16b61
 SHA512:
-  metadata.gz: 32ef998978e20dfb978dacccfda21b587f31a63ea5426e3e0fc9a1b1c448696d27c641375cb8d35c917c19779098ce2aceca88aaa035efcda6da8d5a5c8c8860
-  data.tar.gz: 5347e86397270b74cb5b78b5a1fc5eb7e9d9a6de13d56de62a4170c84c459406fd2cfe614434af7a83fdc434ed64ffe17de4738bb418fd4b771c01807140e1fc
+  metadata.gz: 3538af971b672a09547bc6f1286714876c7fe4ee61d19d4fddfaf961c42b014040cabd4259c0e22cb177064109d877a7339101ff7258afeb1b3ed937ed3cc516
+  data.tar.gz: 8b3ffb3367ee5437b1ee0026ca7f1677da233c844124455886c580cb2cedc5cd0b72c712a920741dc942600fc58a99c4f88f3c6c3b23ae750c962e6cc3ba1907

data/.github/workflows/rspec.yml

@@ -8,16 +8,16 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby: [ '2.6', '2.7', '3.0', '3.1' ]
+        ruby: [ '2.6', '2.7', '3.0', '3.1', '3.2', '3.3' ]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up ${{ matrix.ruby }}
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby }}
     - name: Install gems
       run: |
-        gem install bundler -v ">= 1.10"
-        bundle install --jobs 4 --retry 3
+        gem install bundler -v "2.4.22"
+        bundle _2.4.22_ install --jobs 4 --retry 3
     - name: Run tests
       run: bundle exec rspec spec

data/.github/workflows/rubocop.yml

@@ -8,15 +8,14 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Ruby 2.6
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: 2.6
     - name: Install gems
       run: |
-        gem update --system
-        gem install bundler -v ">= 1.10"
-        gem install rubocop
+        gem install bundler -v "2.4.22"
+        bundle install --jobs 4 --retry 3
     - name: Run checks
       run: rubocop -F --fail-level C -f s

data/.rspec

@@ -1,2 +1,3 @@
 --format documentation
 --color
+--warning

data/.rubocop.yml

@@ -4,6 +4,10 @@ AllCops:
   TargetRubyVersion: 2.6
   SuggestExtensions: false
 
+Metrics/AbcSize:
+  Exclude:
+    - 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
+
 Metrics/LineLength:
   Max: 120
   Exclude:
@@ -14,17 +18,33 @@ Metrics/ClassLength:
   Exclude:
     - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
     - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+    - 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
+
+Metrics/CyclomaticComplexity:
+  Exclude: 
+    - 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
 
 Metrics/MethodLength:
   Exclude:
     - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
     - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+    - 'lib/cvss_suite/cvss40/cvss40_environmental.rb'
+    - 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
+
+Metrics/ModuleLength:
+  Exclude:
+    - 'lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb'
+
+Metrics/PerceivedComplexity:
+  Exclude:
+    - 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
 
 Metrics/BlockLength:
   Exclude:
     - 'spec/cvss2/cvss2_spec.rb'
     - 'spec/cvss3/cvss3_spec.rb'
     - 'spec/cvss31/cvss31_spec.rb'
+    - 'spec/cvss40/cvss40_spec.rb'
 
 Style/IfUnlessModifier:
   Exclude:

data/.rubocop_todo.yml

@@ -36,7 +36,7 @@ Metrics/ClassLength:
 # Offense count: 1
 # Configuration parameters: IgnoredMethods.
 Metrics/CyclomaticComplexity:
-  Max: 9
+  Max: 13
 
 # Offense count: 13
 # Configuration parameters: CountComments, ExcludedMethods.
@@ -51,7 +51,7 @@ Metrics/ParameterLists:
 # Offense count: 1
 # Configuration parameters: IgnoredMethods.
 Metrics/PerceivedComplexity:
-  Max: 10
+  Max: 14
 
 # Offense count: 1
 Naming/AccessorMethodName:

data/CHANGES.md

@@ -2,6 +2,40 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [3.2.2] - 2024-08-04
+
+### Fixes
+* Add extra CVSS vector validations for 3.1 and lower. Fixes [#41](https://github.com/0llirocks/cvss-suite/issues/41)
+
+### Notes
+* An invalid value like E:R (R doesn't exists) now counts as invalid, resulting in an invalid vector. In <= 3.2.1 an invalid value would be ignored/counted as default value.
+
+## [3.2.1] - 2024-05-25
+
+### Fixes
+* String.truncate method in Rails gets overwritten. Fixes [#39](https://github.com/0llirocks/cvss-suite/issues/39)
+
+## [3.2.0] - 2024-05-04
+
+### Improvements
+* Add support for CVSS version 4. Closes [#32](https://github.com/0llirocks/cvss-suite/issues/32). Many thanks to @brphelps for adding this feature.
+
+### Notes
+* CVSS version 4 no longer has multiple scores, only one overall score. Keep that in mind when using CVSS version 4.
+
+## [3.1.1] - 2023-10-15
+
+### Fixes
+* CVSS prefix is missing in v3.1.0. Fixes [#33](https://github.com/0llirocks/cvss-suite/issues/33)
+
+## [3.1.0] - 2022-09-27
+
+### Fixes
+* Metrics are no longer order-dependent. Fixes [#30](https://github.com/0llirocks/cvss-suite/issues/30)
+
+### Improvements
+* Temporal and Environmental metrics can now be partly omitted instead of setting them to X.
+
 ## [3.0.1] - 2022-03-13
 
 ### Notes

data/CODE_OF_CONDUCT.md

@@ -1,10 +1,5 @@
 CVSS-Suite, a Ruby gem to manage the CVSS vector
 
-Copyright (c) 2016-2022 Siemens AG
-Copyright (c) 2022 0llirocks
-
-Authors: 0llirocks <http://0lli.rocks>
-
 This work is licensed under the terms of the MIT license.
 See the LICENSE.md file in the top-level directory.
 

data/Gemfile

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/LICENSE.md

@@ -1,7 +1,17 @@
 The MIT License (MIT)
 
-Copyright (c) 2016-2022 Siemens AG
-Copyright (c) 2022 0llirocks
+Copyright (c) 2016-2022 Siemens AG\
+Copyright (c) 2022-2024 0llirocks
+
+Author: 0llirocks <https://github.com/0llirocks>
+
+Contributors:
+- Florian Wininger <https://github.com/fwininger>
+- Adam David <https://github.com/adamrdavid>
+- Alexandre Zanni <https://github.com/noraj>
+- joePedantic <https://github.com/joePedantic>
+- Brandyn Phelps <https://github.com/brphelps>
+- Karim ElGhandour <https://github.com/kghandour>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

data/README.md

@@ -5,6 +5,7 @@
 [![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/v2/guide)
 [![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/v3.0/user-guide)
 [![Cvss Support](https://img.shields.io/badge/CVSS-v3.1-brightgreen.svg)](https://www.first.org/cvss/v3.1/user-guide)
+[![Cvss Support](https://img.shields.io/badge/CVSS-v4.0-brightgreen.svg)](https://www.first.org/cvss/v4.0/user-guide)
 [![RSpec](https://github.com/0llirocks/cvss-suite/workflows/RSpec/badge.svg)](https://github.com/0llirocks/cvss-suite/actions)
 
 This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
@@ -18,6 +19,12 @@ Add this line to your application's Gemfile:
 gem 'cvss-suite'
 ```
 
+Since the naming of this gem is not following the naming convention you can also add the following line to automatically require the gem:
+
+```ruby
+gem 'cvss-suite', require: 'cvss_suite'
+```
+
 And then execute:
 
     $ bundle
@@ -39,12 +46,12 @@ If you are still using CvssSuite 1.x please refer to the [specific branch](https
 ```ruby
 require 'cvss_suite'
 
-cvss3 = CvssSuite.new('CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H')
+cvss4 = CvssSuite.new('CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N')
 
-vector = cvss3.vector       # 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H'
-version = cvss3.version     # 3.0
-valid = cvss3.valid?        # true
-severity = cvss3.severity   # 'High'
+vector = cvss4.vector       # 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'
+version = cvss4.version     # 4.0
+valid = cvss4.valid?        # true
+severity = cvss4.severity   # 'Critical'
 
 cvss31 = CvssSuite.new('CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H/E:H/RL:U/RC:U')
 
@@ -53,6 +60,13 @@ version = cvss31.version   # 3.1
 valid = cvss31.valid?      # true
 severity = cvss31.severity # 'Medium'
 
+cvss3 = CvssSuite.new('CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H')
+
+vector = cvss3.vector       # 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H'
+version = cvss3.version     # 3.0
+valid = cvss3.valid?        # true
+severity = cvss3.severity   # 'High'
+
 cvss = CvssSuite.new('AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M')
 
 vector = cvss.vector       # 'AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M'
@@ -61,6 +75,7 @@ valid = cvss.valid?        # true
 severity = cvss.severity   # 'Low'
 
 # Scores
+score = cvss4.overall_score                         # 9.3, cvss4 only has overall score
 base_score = cvss.base_score                        # 4.9
 temporal_score = cvss.temporal_score                # 3.6
 environmental_score = cvss.environmental_score      # 3.2
@@ -100,14 +115,8 @@ valid = cvss.valid?     # false
 cvss.base_score         # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!
 ```
 
-## Notable Features
-
-Properties (Access Vector, Remediation Level, etc) do have a position attribute, with this they can be ordered the same way they appear in the vector.
-
 ## Known Issues
 
-Currently it is not possible to leave an attribute blank instead of ND/X. If you don't have a value for an attribute, please use ND/X instead.
-
 There is a possibility of implementations generating different scores (+/- 0,1) due to small floating-point inaccuracies. This can happen due to differences in floating point arithmetic between different languages and hardware platforms.
 
 ## Changelog

data/cvss_suite.gemspec

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
@@ -22,15 +16,18 @@ Gem::Specification.new do |spec|
   spec.authors       = ['0llirocks']
 
   spec.summary       = 'Ruby gem for processing cvss vectors.'
-  spec.description   = 'This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
-Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.'
+  spec.description   = 'This Ruby gem calculates the score based on the vector of the
+Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document)
+in version 4.0, 3.1, 3.0 and 2.'
+
+  spec.homepage      = 'https://cvss-suite.0lli.rocks'
 
   spec.metadata = {
-    'bug_tracker_uri'   => 'https://github.com/0llirocks/cvss-suite/issues',
-    'changelog_uri'     => 'https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md',
-    'documentation_uri' => 'https://www.rubydoc.info/gems/cvss-suite/' + CvssSuite::VERSION,
-    'homepage_uri'      => 'https://cvss-suite.0lli.rocks',
-    'source_code_uri'   => 'https://github.com/0llirocks/cvss-suite'
+    'bug_tracker_uri' => 'https://github.com/0llirocks/cvss-suite/issues',
+    'changelog_uri' => 'https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md',
+    'documentation_uri' => "https://www.rubydoc.info/gems/cvss-suite/#{CvssSuite::VERSION}",
+    'homepage_uri' => 'https://cvss-suite.0lli.rocks',
+    'source_code_uri' => 'https://github.com/0llirocks/cvss-suite'
   }
 
   spec.required_ruby_version = '>= 2.6.0'
@@ -40,8 +37,9 @@ Besides calculating the Base, Temporal and Environmental Score, you are able to
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '>= 1.10'
+  spec.add_development_dependency 'bundler', '2.4.22'
   spec.add_development_dependency 'rspec', '~> 3.4'
   spec.add_development_dependency 'rspec-its', '~> 1.2'
+  spec.add_development_dependency 'rubocop', '1.50.2'
   spec.add_development_dependency 'simplecov', '~> 0.18'
 end

data/lib/cvss_suite/cvss.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
@@ -15,11 +9,7 @@ module CvssSuite
   class Cvss
     ##
     # Metric of a CVSS vector.
-    attr_reader :base, :temporal, :environmental
-
-    ##
-    # Returns the vector itself.
-    attr_reader :vector
+    attr_reader :base
 
     ##
     # Creates a new CVSS vector by a +vector+.
@@ -34,20 +24,6 @@ module CvssSuite
       init_metrics
     end
 
-    ##
-    # Returns if CVSS vector is valid.
-    def valid?
-      if @amount_of_properties == required_amount_of_properties
-        base = @base.valid?
-        temporal = @base.valid? && @temporal.valid?
-        environmental = @base.valid? && @environmental.valid?
-        full = @base.valid? && @temporal.valid? && @environmental.valid?
-        base || temporal || environmental || full
-      else
-        false
-      end
-    end
-
     ##
     # Returns the severity of the CVSS vector.
     def severity
@@ -71,53 +47,29 @@ module CvssSuite
     end
 
     ##
-    # Returns the Overall Score of the CVSS vector.
-    def overall_score
-      check_validity
-      return temporal_score if @temporal.valid? && !@environmental.valid?
-      return environmental_score if @environmental.valid?
-
-      base_score
+    # Returns the vector itself.
+    def vector
+      @vector.to_s
     end
 
     private
 
     def extract_metrics
-      properties = prepared_vector.split('/')
+      properties = @vector.split('/')
       @amount_of_properties = properties.size
       properties.each_with_index do |property, index|
         property = property.split(':')
         @properties.push({ name: property[0], selected: property[1], position: index })
       end
+      @properties = [] if @properties.group_by { |p| p[:name] }.select { |_k, v| v.size > 1 }.length.positive?
     end
 
     def check_validity
       raise CvssSuite::Errors::InvalidVector, 'Vector is not valid!' unless valid?
     end
 
-    def prepared_vector
-      start_of_vector = @vector.index('AV')
-
-      if start_of_vector.nil?
-        ''
-      elsif start_of_vector == 1
-        match_array = @vector.scan(/\((?>[^)(]+|\g<0>)*\)/)
-        if match_array.length == 1 && match_array[0] == @vector
-          @vector.slice!(0)
-          @vector.slice!(@vector.length - 1)
-          @vector
-        else
-          ''
-        end
-      else
-        @vector[start_of_vector..]
-      end
-    end
-
     def required_amount_of_properties
-      total = @base.count if @base.valid?
-      total += @temporal.count if @temporal.valid?
-      total += @environmental.count if @environmental.valid?
+      total = @base.count
       total || 0
     end
   end

data/lib/cvss_suite/cvss2/cvss2.rb

@@ -1,15 +1,9 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
-require_relative '../cvss'
+require_relative '../cvss_31_and_before'
 require_relative 'cvss2_base'
 require_relative 'cvss2_temporal'
 require_relative 'cvss2_environmental'
@@ -17,7 +11,7 @@ require_relative 'cvss2_environmental'
 module CvssSuite
   ##
   # This class represents a CVSS vector in version 2.
-  class Cvss2 < Cvss
+  class Cvss2 < Cvss31AndBefore
     ##
     # Returns the Version of the CVSS vector.
     def version

data/lib/cvss_suite/cvss2/cvss2_base.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss2/cvss2_environmental.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss2/cvss2_temporal.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss3/cvss3.rb

@@ -1,15 +1,9 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
-require_relative '../cvss'
+require_relative '../cvss_31_and_before'
 require_relative 'cvss3_base'
 require_relative 'cvss3_temporal'
 require_relative 'cvss3_environmental'
@@ -17,7 +11,7 @@ require_relative 'cvss3_environmental'
 module CvssSuite
   ##
   # This class represents a CVSS vector in version 3.0.
-  class Cvss3 < Cvss
+  class Cvss3 < Cvss31AndBefore
     ##
     # Returns the Version of the CVSS vector.
     def version
@@ -45,6 +39,12 @@ module CvssSuite
       Cvss3Helper.round_up(@environmental.score(@base, @temporal))
     end
 
+    ##
+    # Returns the vector itself.
+    def vector
+      "#{CvssSuite::CVSS_VECTOR_BEGINNINGS.find { |beginning| beginning[:version] == version }[:string]}#{@vector}"
+    end
+
     private
 
     def init_metrics

data/lib/cvss_suite/cvss3/cvss3_base.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
@@ -51,40 +45,40 @@ module CvssSuite
 
     def init_properties
       @properties.push(@attack_vector =
-                         CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV', position: [0],
+                         CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV',
                                           values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 },
                                                    { name: 'Adjacent', abbreviation: 'A', weight: 0.62 },
                                                    { name: 'Local', abbreviation: 'L', weight: 0.55 },
                                                    { name: 'Physical', abbreviation: 'P', weight: 0.2 }]))
       @properties.push(@attack_complexity =
-                         CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC', position: [1],
+                         CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC',
                                           values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 },
                                                    { name: 'High', abbreviation: 'H', weight: 0.44 }]))
       @properties.push(@privileges_required =
-                         CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR', position: [2],
+                         CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR',
                                           values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
                                                    { name: 'Low', abbreviation: 'L', weight: 0.62 },
                                                    { name: 'High', abbreviation: 'H', weight: 0.27 }]))
       @properties.push(@user_interaction =
-                         CvssProperty.new(name: 'User Interaction', abbreviation: 'UI', position: [3],
+                         CvssProperty.new(name: 'User Interaction', abbreviation: 'UI',
                                           values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
                                                    { name: 'Required', abbreviation: 'R', weight: 0.62 }]))
       @properties.push(@scope =
-                         CvssProperty.new(name: 'Scope', abbreviation: 'S', position: [4],
+                         CvssProperty.new(name: 'Scope', abbreviation: 'S',
                                           values: [{ name: 'Unchanged', abbreviation: 'U' },
                                                    { name: 'Changed', abbreviation: 'C' }]))
       @properties.push(@confidentiality =
-                         CvssProperty.new(name: 'Confidentiality', abbreviation: 'C', position: [5],
+                         CvssProperty.new(name: 'Confidentiality', abbreviation: 'C',
                                           values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                                    { name: 'Low', abbreviation: 'L', weight: 0.22 },
                                                    { name: 'High', abbreviation: 'H', weight: 0.56 }]))
       @properties.push(@integrity =
-                         CvssProperty.new(name: 'Integrity', abbreviation: 'I', position: [6],
+                         CvssProperty.new(name: 'Integrity', abbreviation: 'I',
                                           values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                                    { name: 'Low', abbreviation: 'L', weight: 0.22 },
                                                    { name: 'High', abbreviation: 'H', weight: 0.56 }]))
       @properties.push(@availability =
-                         CvssProperty.new(name: 'Availability', abbreviation: 'A', position: [7],
+                         CvssProperty.new(name: 'Availability', abbreviation: 'A',
                                           values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                                    { name: 'Low', abbreviation: 'L', weight: 0.22 },
                                                    { name: 'High', abbreviation: 'H', weight: 0.56 }]))