cvss-suite 3.0.1 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/rspec.yml +4 -4
  3. data/.github/workflows/rubocop.yml +3 -4
  4. data/.rspec +1 -0
  5. data/.rubocop.yml +20 -0
  6. data/.rubocop_todo.yml +2 -2
  7. data/CHANGES.md +34 -0
  8. data/CODE_OF_CONDUCT.md +0 -5
  9. data/Gemfile +0 -6
  10. data/LICENSE.md +12 -2
  11. data/README.md +20 -11
  12. data/cvss_suite.gemspec +12 -14
  13. data/lib/cvss_suite/cvss.rb +7 -55
  14. data/lib/cvss_suite/cvss2/cvss2.rb +2 -8
  15. data/lib/cvss_suite/cvss2/cvss2_base.rb +0 -6
  16. data/lib/cvss_suite/cvss2/cvss2_environmental.rb +0 -6
  17. data/lib/cvss_suite/cvss2/cvss2_temporal.rb +0 -6
  18. data/lib/cvss_suite/cvss3/cvss3.rb +8 -8
  19. data/lib/cvss_suite/cvss3/cvss3_base.rb +8 -14
  20. data/lib/cvss_suite/cvss3/cvss3_environmental.rb +11 -17
  21. data/lib/cvss_suite/cvss3/cvss3_temporal.rb +3 -9
  22. data/lib/cvss_suite/cvss31/cvss31.rb +8 -8
  23. data/lib/cvss_suite/cvss31/cvss31_base.rb +8 -14
  24. data/lib/cvss_suite/cvss31/cvss31_environmental.rb +11 -17
  25. data/lib/cvss_suite/cvss31/cvss31_temporal.rb +3 -9
  26. data/lib/cvss_suite/cvss40/cvss40.rb +43 -0
  27. data/lib/cvss_suite/cvss40/cvss40_all_up.rb +40 -0
  28. data/lib/cvss_suite/cvss40/cvss40_base.rb +86 -0
  29. data/lib/cvss_suite/cvss40/cvss40_calc_helper.rb +397 -0
  30. data/lib/cvss_suite/cvss40/cvss40_constants_levels.rb +26 -0
  31. data/lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb +278 -0
  32. data/lib/cvss_suite/cvss40/cvss40_constants_max_composed.rb +41 -0
  33. data/lib/cvss_suite/cvss40/cvss40_constants_max_severity.rb +31 -0
  34. data/lib/cvss_suite/cvss40/cvss40_environmental.rb +105 -0
  35. data/lib/cvss_suite/cvss40/cvss40_environmental_security.rb +47 -0
  36. data/lib/cvss_suite/cvss40/cvss40_supplemental.rb +66 -0
  37. data/lib/cvss_suite/cvss40/cvss40_threat.rb +34 -0
  38. data/lib/cvss_suite/cvss_31_and_before.rb +61 -0
  39. data/lib/cvss_suite/cvss_40_and_later.rb +51 -0
  40. data/lib/cvss_suite/cvss_metric.rb +7 -7
  41. data/lib/cvss_suite/cvss_property.rb +23 -8
  42. data/lib/cvss_suite/errors.rb +0 -6
  43. data/lib/cvss_suite/helpers/cvss31_helper.rb +0 -6
  44. data/lib/cvss_suite/helpers/cvss3_helper.rb +0 -6
  45. data/lib/cvss_suite/invalid_cvss.rb +0 -6
  46. data/lib/cvss_suite/version.rb +1 -7
  47. data/lib/cvss_suite.rb +48 -11
  48. metadata +40 -11
@@ -0,0 +1,51 @@
1
+ # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
+ #
3
+ # This work is licensed under the terms of the MIT license.
4
+ # See the LICENSE.md file in the top-level directory.
5
+
6
+ require_relative 'cvss'
7
+
8
+ module CvssSuite
9
+ ##
10
+ # This class represents any CVSS vector. Do not instantiate this class!
11
+ class Cvss40AndLater < Cvss
12
+ ##
13
+ # Metric of a CVSS vector for CVSS 2, 3, 3.1.
14
+ attr_reader :temporal, :environmental
15
+
16
+ ##
17
+ # Creates a new CVSS vector by a +vector+, for all CVSS versions from 4.0.
18
+ #
19
+ # Raises an exception if it is called on Cvss40AndLater class.
20
+ def initialize(vector)
21
+ raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if instance_of? Cvss40AndLater
22
+
23
+ super
24
+ end
25
+
26
+ ##
27
+ # Returns if CVSS vector is valid.
28
+ def valid?
29
+ if @amount_of_properties >= required_amount_of_properties
30
+ @base.valid?
31
+
32
+ else
33
+ false
34
+ end
35
+ end
36
+
37
+ ##
38
+ # Returns the Overall Score of the CVSS vector.
39
+ def overall_score
40
+ check_validity
41
+
42
+ @all_up.score
43
+ end
44
+
45
+ ##
46
+ # Alias for overall_score.
47
+ def score
48
+ overall_score
49
+ end
50
+ end
51
+ end
@@ -1,11 +1,5 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2016-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
@@ -36,15 +30,21 @@ module CvssSuite
36
30
  @properties.count
37
31
  end
38
32
 
33
+ ##
34
+ # We aggregate these in some other classes
35
+ attr_reader :properties
36
+
39
37
  private
40
38
 
41
39
  def extract_selected_values_from(selected_properties)
42
40
  selected_properties.each do |selected_property|
43
41
  property = @properties.detect do |p|
44
- p.abbreviation == selected_property[:name] && p.position.include?(selected_property[:position])
42
+ p.abbreviation == selected_property[:name] &&
43
+ (p.position&.include?(selected_property[:position]) || p.position.nil?)
45
44
  end
46
45
  property&.set_selected_value selected_property[:selected]
47
46
  end
47
+ @properties.select(&:non_selected?).each(&:set_default_value)
48
48
  end
49
49
  end
50
50
  end
@@ -1,11 +1,5 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2016-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
@@ -22,7 +16,7 @@ module CvssSuite
22
16
 
23
17
  def initialize(property)
24
18
  @property = property
25
- @property[:default_value] ||= 'Not Available'
19
+ @property[:default_value] ||= 'Not Defined'
26
20
  end
27
21
 
28
22
  ##
@@ -64,7 +58,7 @@ module CvssSuite
64
58
  # Returns true if the property is valid.
65
59
 
66
60
  def valid?
67
- !@selected_value.nil?
61
+ !@selected_value.nil? && @property[:values].map { |p| p[:abbreviation] }.include?(@selected_value[:abbreviation])
68
62
  end
69
63
 
70
64
  ##
@@ -82,6 +76,27 @@ module CvssSuite
82
76
  value[:selected] = selected_value.eql?(value[:abbreviation])
83
77
  end
84
78
  @selected_value = values.detect { |value| value[:selected] }
79
+ return unless @selected_value.nil?
80
+
81
+ @selected_value = { abbreviation: selected_value }
82
+ end
83
+
84
+ ##
85
+ # Sets the default value.
86
+
87
+ def set_default_value
88
+ values.each do |value|
89
+ value[:selected] = value[:abbreviation].eql?('X')
90
+ value[:selected] ||= value[:abbreviation].eql?('ND')
91
+ end
92
+ @selected_value = values.detect { |value| value[:selected] }
93
+ end
94
+
95
+ ##
96
+ # Returns whether a selected_value is set
97
+
98
+ def non_selected?
99
+ @selected_value.nil?
85
100
  end
86
101
  end
87
102
  end
@@ -1,11 +1,5 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2016-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # Adam David <adamrdavid@gmail.com>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
@@ -1,11 +1,5 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2016-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
@@ -1,11 +1,5 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2016-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
@@ -1,11 +1,5 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2018-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
@@ -1,14 +1,8 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2016-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
12
6
  module CvssSuite
13
- VERSION = '3.0.1'.freeze
7
+ VERSION = '3.3.0'.freeze
14
8
  end
data/lib/cvss_suite.rb CHANGED
@@ -1,17 +1,12 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2016-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
12
6
  require 'cvss_suite/cvss2/cvss2'
13
7
  require 'cvss_suite/cvss3/cvss3'
14
8
  require 'cvss_suite/cvss31/cvss31'
9
+ require 'cvss_suite/cvss40/cvss40'
15
10
  require 'cvss_suite/version'
16
11
  require 'cvss_suite/errors'
17
12
  require 'cvss_suite/invalid_cvss'
@@ -23,7 +18,8 @@ module CvssSuite
23
18
  { string: 'AV:', version: 2 },
24
19
  { string: '(AV:', version: 2 },
25
20
  { string: 'CVSS:3.0/', version: 3.0 },
26
- { string: 'CVSS:3.1/', version: 3.1 }
21
+ { string: 'CVSS:3.1/', version: 3.1 },
22
+ { string: 'CVSS:4.0/', version: 4.0 }
27
23
  ].freeze
28
24
 
29
25
  ##
@@ -31,14 +27,21 @@ module CvssSuite
31
27
  def self.new(vector)
32
28
  return InvalidCvss.new unless vector.is_a? String
33
29
 
34
- @vector_string = vector
30
+ @vector_string = if vector.frozen?
31
+ vector.dup
32
+ else
33
+ vector
34
+ end
35
+
35
36
  case version
36
37
  when 2
37
- Cvss2.new(@vector_string)
38
+ Cvss2.new(prepare_vector(@vector_string))
38
39
  when 3.0
39
- Cvss3.new(@vector_string)
40
+ Cvss3.new(prepare_vector(@vector_string))
40
41
  when 3.1
41
- Cvss31.new(@vector_string)
42
+ Cvss31.new(prepare_vector(@vector_string))
43
+ when 4.0
44
+ Cvss40.new(prepare_vector(@vector_string))
42
45
  else
43
46
  InvalidCvss.new
44
47
  end
@@ -51,4 +54,38 @@ module CvssSuite
51
54
  return beginning[:version] if @vector_string.start_with? beginning[:string]
52
55
  end
53
56
  end
57
+
58
+ def self.prepare_vector(vector)
59
+ vector = vector.clone
60
+
61
+ return prepare_cvss2_vector(vector) if version == 2
62
+
63
+ version_string = CVSS_VECTOR_BEGINNINGS.detect { |v| v[:version] == version } [:string]
64
+ start_of_vector = vector.index(version_string)
65
+
66
+ if start_of_vector.nil?
67
+ ''
68
+ else
69
+ vector[version_string.length..]
70
+ end
71
+ end
72
+
73
+ def self.prepare_cvss2_vector(vector)
74
+ start_of_vector = vector.index('AV')
75
+
76
+ if start_of_vector.nil?
77
+ ''
78
+ elsif start_of_vector == 1
79
+ match_array = vector.scan(/\((?>[^)(]+|\g<0>)*\)/)
80
+ if match_array.length == 1 && match_array[0] == vector
81
+ vector.slice!(0)
82
+ vector.slice!(vector.length - 1)
83
+ vector
84
+ else
85
+ ''
86
+ end
87
+ else
88
+ vector[start_of_vector..]
89
+ end
90
+ end
54
91
  end
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cvss-suite
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.1
4
+ version: 3.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0llirocks
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-03-13 00:00:00.000000000 Z
11
+ date: 2024-08-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ">="
17
+ - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: '1.10'
19
+ version: 2.4.22
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ">="
24
+ - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: '1.10'
26
+ version: 2.4.22
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rspec
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -52,6 +52,20 @@ dependencies:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '1.2'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rubocop
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - '='
60
+ - !ruby/object:Gem::Version
61
+ version: 1.50.2
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - '='
67
+ - !ruby/object:Gem::Version
68
+ version: 1.50.2
55
69
  - !ruby/object:Gem::Dependency
56
70
  name: simplecov
57
71
  requirement: !ruby/object:Gem::Requirement
@@ -67,8 +81,9 @@ dependencies:
67
81
  - !ruby/object:Gem::Version
68
82
  version: '0.18'
69
83
  description: |-
70
- This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
71
- Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
84
+ This Ruby gem calculates the score based on the vector of the
85
+ Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document)
86
+ in version 4.0, 3.1, 3.0 and 2.
72
87
  email:
73
88
  executables: []
74
89
  extensions: []
@@ -108,6 +123,20 @@ files:
108
123
  - lib/cvss_suite/cvss31/cvss31_base.rb
109
124
  - lib/cvss_suite/cvss31/cvss31_environmental.rb
110
125
  - lib/cvss_suite/cvss31/cvss31_temporal.rb
126
+ - lib/cvss_suite/cvss40/cvss40.rb
127
+ - lib/cvss_suite/cvss40/cvss40_all_up.rb
128
+ - lib/cvss_suite/cvss40/cvss40_base.rb
129
+ - lib/cvss_suite/cvss40/cvss40_calc_helper.rb
130
+ - lib/cvss_suite/cvss40/cvss40_constants_levels.rb
131
+ - lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb
132
+ - lib/cvss_suite/cvss40/cvss40_constants_max_composed.rb
133
+ - lib/cvss_suite/cvss40/cvss40_constants_max_severity.rb
134
+ - lib/cvss_suite/cvss40/cvss40_environmental.rb
135
+ - lib/cvss_suite/cvss40/cvss40_environmental_security.rb
136
+ - lib/cvss_suite/cvss40/cvss40_supplemental.rb
137
+ - lib/cvss_suite/cvss40/cvss40_threat.rb
138
+ - lib/cvss_suite/cvss_31_and_before.rb
139
+ - lib/cvss_suite/cvss_40_and_later.rb
111
140
  - lib/cvss_suite/cvss_metric.rb
112
141
  - lib/cvss_suite/cvss_property.rb
113
142
  - lib/cvss_suite/errors.rb
@@ -115,13 +144,13 @@ files:
115
144
  - lib/cvss_suite/helpers/cvss3_helper.rb
116
145
  - lib/cvss_suite/invalid_cvss.rb
117
146
  - lib/cvss_suite/version.rb
118
- homepage:
147
+ homepage: https://cvss-suite.0lli.rocks
119
148
  licenses:
120
149
  - MIT
121
150
  metadata:
122
151
  bug_tracker_uri: https://github.com/0llirocks/cvss-suite/issues
123
152
  changelog_uri: https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md
124
- documentation_uri: https://www.rubydoc.info/gems/cvss-suite/3.0.1
153
+ documentation_uri: https://www.rubydoc.info/gems/cvss-suite/3.3.0
125
154
  homepage_uri: https://cvss-suite.0lli.rocks
126
155
  source_code_uri: https://github.com/0llirocks/cvss-suite
127
156
  post_install_message:
@@ -139,7 +168,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
139
168
  - !ruby/object:Gem::Version
140
169
  version: '0'
141
170
  requirements: []
142
- rubygems_version: 3.3.7
171
+ rubygems_version: 3.0.3.1
143
172
  signing_key:
144
173
  specification_version: 4
145
174
  summary: Ruby gem for processing cvss vectors.