cvss-suite 3.0.1 → 3.3.0

data/lib/cvss_suite/cvss_40_and_later.rb

@@ -0,0 +1,51 @@
+# CVSS-Suite, a Ruby gem to manage the CVSS vector
+#
+# This work is licensed under the terms of the MIT license.
+# See the LICENSE.md file in the top-level directory.
+
+require_relative 'cvss'
+
+module CvssSuite
+  ##
+  # This class represents any CVSS vector. Do not instantiate this class!
+  class Cvss40AndLater < Cvss
+    ##
+    # Metric of a CVSS vector for CVSS 2, 3, 3.1.
+    attr_reader :temporal, :environmental
+
+    ##
+    # Creates a new CVSS vector by a +vector+, for all CVSS versions from 4.0.
+    #
+    # Raises an exception if it is called on Cvss40AndLater class.
+    def initialize(vector)
+      raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if instance_of? Cvss40AndLater
+
+      super
+    end
+
+    ##
+    # Returns if CVSS vector is valid.
+    def valid?
+      if @amount_of_properties >= required_amount_of_properties
+        @base.valid?
+
+      else
+        false
+      end
+    end
+
+    ##
+    # Returns the Overall Score of the CVSS vector.
+    def overall_score
+      check_validity
+
+      @all_up.score
+    end
+
+    ##
+    # Alias for overall_score.
+    def score
+      overall_score
+    end
+  end
+end

data/lib/cvss_suite/cvss_metric.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
@@ -36,15 +30,21 @@ module CvssSuite
       @properties.count
     end
 
+    ##
+    # We aggregate these in some other classes
+    attr_reader :properties
+
     private
 
     def extract_selected_values_from(selected_properties)
       selected_properties.each do |selected_property|
         property = @properties.detect do |p|
-          p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
+          p.abbreviation == selected_property[:name] &&
+            (p.position&.include?(selected_property[:position]) || p.position.nil?)
         end
         property&.set_selected_value selected_property[:selected]
       end
+      @properties.select(&:non_selected?).each(&:set_default_value)
     end
   end
 end

data/lib/cvss_suite/cvss_property.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
@@ -22,7 +16,7 @@ module CvssSuite
 
     def initialize(property)
       @property = property
-      @property[:default_value] ||= 'Not Available'
+      @property[:default_value] ||= 'Not Defined'
     end
 
     ##
@@ -64,7 +58,7 @@ module CvssSuite
     # Returns true if the property is valid.
 
     def valid?
-      !@selected_value.nil?
+      !@selected_value.nil? && @property[:values].map { |p| p[:abbreviation] }.include?(@selected_value[:abbreviation])
     end
 
     ##
@@ -82,6 +76,27 @@ module CvssSuite
         value[:selected] = selected_value.eql?(value[:abbreviation])
       end
       @selected_value = values.detect { |value| value[:selected] }
+      return unless @selected_value.nil?
+
+      @selected_value = { abbreviation: selected_value }
+    end
+
+    ##
+    # Sets the default value.
+
+    def set_default_value
+      values.each do |value|
+        value[:selected] = value[:abbreviation].eql?('X')
+        value[:selected] ||= value[:abbreviation].eql?('ND')
+      end
+      @selected_value = values.detect { |value| value[:selected] }
+    end
+
+    ##
+    # Returns whether a selected_value is set
+
+    def non_selected?
+      @selected_value.nil?
     end
   end
 end

data/lib/cvss_suite/errors.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   Adam David <adamrdavid@gmail.com>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/helpers/cvss31_helper.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/helpers/cvss3_helper.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/invalid_cvss.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2018-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/version.rb

@@ -1,14 +1,8 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
 module CvssSuite
-  VERSION = '3.0.1'.freeze
+  VERSION = '3.3.0'.freeze
 end

data/lib/cvss_suite.rb

@@ -1,17 +1,12 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
 require 'cvss_suite/cvss2/cvss2'
 require 'cvss_suite/cvss3/cvss3'
 require 'cvss_suite/cvss31/cvss31'
+require 'cvss_suite/cvss40/cvss40'
 require 'cvss_suite/version'
 require 'cvss_suite/errors'
 require 'cvss_suite/invalid_cvss'
@@ -23,7 +18,8 @@ module CvssSuite
     { string: 'AV:', version: 2 },
     { string: '(AV:', version: 2 },
     { string: 'CVSS:3.0/', version: 3.0 },
-    { string: 'CVSS:3.1/', version: 3.1 }
+    { string: 'CVSS:3.1/', version: 3.1 },
+    { string: 'CVSS:4.0/', version: 4.0 }
   ].freeze
 
   ##
@@ -31,14 +27,21 @@ module CvssSuite
   def self.new(vector)
     return InvalidCvss.new unless vector.is_a? String
 
-    @vector_string = vector
+    @vector_string = if vector.frozen?
+                       vector.dup
+                     else
+                       vector
+                     end
+
     case version
     when 2
-      Cvss2.new(@vector_string)
+      Cvss2.new(prepare_vector(@vector_string))
     when 3.0
-      Cvss3.new(@vector_string)
+      Cvss3.new(prepare_vector(@vector_string))
     when 3.1
-      Cvss31.new(@vector_string)
+      Cvss31.new(prepare_vector(@vector_string))
+    when 4.0
+      Cvss40.new(prepare_vector(@vector_string))
     else
       InvalidCvss.new
     end
@@ -51,4 +54,38 @@ module CvssSuite
       return beginning[:version] if @vector_string.start_with? beginning[:string]
     end
   end
+
+  def self.prepare_vector(vector)
+    vector = vector.clone
+
+    return prepare_cvss2_vector(vector) if version == 2
+
+    version_string = CVSS_VECTOR_BEGINNINGS.detect { |v| v[:version] == version } [:string]
+    start_of_vector = vector.index(version_string)
+
+    if start_of_vector.nil?
+      ''
+    else
+      vector[version_string.length..]
+    end
+  end
+
+  def self.prepare_cvss2_vector(vector)
+    start_of_vector = vector.index('AV')
+
+    if start_of_vector.nil?
+      ''
+    elsif start_of_vector == 1
+      match_array = vector.scan(/\((?>[^)(]+|\g<0>)*\)/)
+      if match_array.length == 1 && match_array[0] == vector
+        vector.slice!(0)
+        vector.slice!(vector.length - 1)
+        vector
+      else
+        ''
+      end
+    else
+      vector[start_of_vector..]
+    end
+  end
 end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: cvss-suite
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.3.0
 platform: ruby
 authors:
 - 0llirocks
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-13 00:00:00.000000000 Z
+date: 2024-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: 2.4.22
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: 2.4.22
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.50.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.50.2
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -67,8 +81,9 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.18'
 description: |-
-  This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
-  Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
+  This Ruby gem calculates the score based on the vector of the
+  Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document)
+  in version 4.0, 3.1, 3.0 and 2.
 email: 
 executables: []
 extensions: []
@@ -108,6 +123,20 @@ files:
 - lib/cvss_suite/cvss31/cvss31_base.rb
 - lib/cvss_suite/cvss31/cvss31_environmental.rb
 - lib/cvss_suite/cvss31/cvss31_temporal.rb
+- lib/cvss_suite/cvss40/cvss40.rb
+- lib/cvss_suite/cvss40/cvss40_all_up.rb
+- lib/cvss_suite/cvss40/cvss40_base.rb
+- lib/cvss_suite/cvss40/cvss40_calc_helper.rb
+- lib/cvss_suite/cvss40/cvss40_constants_levels.rb
+- lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb
+- lib/cvss_suite/cvss40/cvss40_constants_max_composed.rb
+- lib/cvss_suite/cvss40/cvss40_constants_max_severity.rb
+- lib/cvss_suite/cvss40/cvss40_environmental.rb
+- lib/cvss_suite/cvss40/cvss40_environmental_security.rb
+- lib/cvss_suite/cvss40/cvss40_supplemental.rb
+- lib/cvss_suite/cvss40/cvss40_threat.rb
+- lib/cvss_suite/cvss_31_and_before.rb
+- lib/cvss_suite/cvss_40_and_later.rb
 - lib/cvss_suite/cvss_metric.rb
 - lib/cvss_suite/cvss_property.rb
 - lib/cvss_suite/errors.rb
@@ -115,13 +144,13 @@ files:
 - lib/cvss_suite/helpers/cvss3_helper.rb
 - lib/cvss_suite/invalid_cvss.rb
 - lib/cvss_suite/version.rb
-homepage: 
+homepage: https://cvss-suite.0lli.rocks
 licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/0llirocks/cvss-suite/issues
   changelog_uri: https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md
-  documentation_uri: https://www.rubydoc.info/gems/cvss-suite/3.0.1
+  documentation_uri: https://www.rubydoc.info/gems/cvss-suite/3.3.0
   homepage_uri: https://cvss-suite.0lli.rocks
   source_code_uri: https://github.com/0llirocks/cvss-suite
 post_install_message: 
@@ -139,7 +168,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.0.3.1
 signing_key: 
 specification_version: 4
 summary: Ruby gem for processing cvss vectors.