cvss-suite 3.0.1 → 3.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/rspec.yml +4 -4
- data/.github/workflows/rubocop.yml +3 -4
- data/.rspec +1 -0
- data/.rubocop.yml +20 -0
- data/.rubocop_todo.yml +2 -2
- data/CHANGES.md +34 -0
- data/CODE_OF_CONDUCT.md +0 -5
- data/Gemfile +0 -6
- data/LICENSE.md +12 -2
- data/README.md +20 -11
- data/cvss_suite.gemspec +12 -14
- data/lib/cvss_suite/cvss.rb +7 -55
- data/lib/cvss_suite/cvss2/cvss2.rb +2 -8
- data/lib/cvss_suite/cvss2/cvss2_base.rb +0 -6
- data/lib/cvss_suite/cvss2/cvss2_environmental.rb +0 -6
- data/lib/cvss_suite/cvss2/cvss2_temporal.rb +0 -6
- data/lib/cvss_suite/cvss3/cvss3.rb +8 -8
- data/lib/cvss_suite/cvss3/cvss3_base.rb +8 -14
- data/lib/cvss_suite/cvss3/cvss3_environmental.rb +11 -17
- data/lib/cvss_suite/cvss3/cvss3_temporal.rb +3 -9
- data/lib/cvss_suite/cvss31/cvss31.rb +8 -8
- data/lib/cvss_suite/cvss31/cvss31_base.rb +8 -14
- data/lib/cvss_suite/cvss31/cvss31_environmental.rb +11 -17
- data/lib/cvss_suite/cvss31/cvss31_temporal.rb +3 -9
- data/lib/cvss_suite/cvss40/cvss40.rb +43 -0
- data/lib/cvss_suite/cvss40/cvss40_all_up.rb +40 -0
- data/lib/cvss_suite/cvss40/cvss40_base.rb +86 -0
- data/lib/cvss_suite/cvss40/cvss40_calc_helper.rb +397 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_levels.rb +26 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb +278 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_max_composed.rb +41 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_max_severity.rb +31 -0
- data/lib/cvss_suite/cvss40/cvss40_environmental.rb +105 -0
- data/lib/cvss_suite/cvss40/cvss40_environmental_security.rb +47 -0
- data/lib/cvss_suite/cvss40/cvss40_supplemental.rb +66 -0
- data/lib/cvss_suite/cvss40/cvss40_threat.rb +34 -0
- data/lib/cvss_suite/cvss_31_and_before.rb +61 -0
- data/lib/cvss_suite/cvss_40_and_later.rb +51 -0
- data/lib/cvss_suite/cvss_metric.rb +7 -7
- data/lib/cvss_suite/cvss_property.rb +23 -8
- data/lib/cvss_suite/errors.rb +0 -6
- data/lib/cvss_suite/helpers/cvss31_helper.rb +0 -6
- data/lib/cvss_suite/helpers/cvss3_helper.rb +0 -6
- data/lib/cvss_suite/invalid_cvss.rb +0 -6
- data/lib/cvss_suite/version.rb +1 -7
- data/lib/cvss_suite.rb +48 -11
- metadata +40 -11
@@ -0,0 +1,51 @@
|
|
1
|
+
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
|
+
#
|
3
|
+
# This work is licensed under the terms of the MIT license.
|
4
|
+
# See the LICENSE.md file in the top-level directory.
|
5
|
+
|
6
|
+
require_relative 'cvss'
|
7
|
+
|
8
|
+
module CvssSuite
|
9
|
+
##
|
10
|
+
# This class represents any CVSS vector. Do not instantiate this class!
|
11
|
+
class Cvss40AndLater < Cvss
|
12
|
+
##
|
13
|
+
# Metric of a CVSS vector for CVSS 2, 3, 3.1.
|
14
|
+
attr_reader :temporal, :environmental
|
15
|
+
|
16
|
+
##
|
17
|
+
# Creates a new CVSS vector by a +vector+, for all CVSS versions from 4.0.
|
18
|
+
#
|
19
|
+
# Raises an exception if it is called on Cvss40AndLater class.
|
20
|
+
def initialize(vector)
|
21
|
+
raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if instance_of? Cvss40AndLater
|
22
|
+
|
23
|
+
super
|
24
|
+
end
|
25
|
+
|
26
|
+
##
|
27
|
+
# Returns if CVSS vector is valid.
|
28
|
+
def valid?
|
29
|
+
if @amount_of_properties >= required_amount_of_properties
|
30
|
+
@base.valid?
|
31
|
+
|
32
|
+
else
|
33
|
+
false
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
##
|
38
|
+
# Returns the Overall Score of the CVSS vector.
|
39
|
+
def overall_score
|
40
|
+
check_validity
|
41
|
+
|
42
|
+
@all_up.score
|
43
|
+
end
|
44
|
+
|
45
|
+
##
|
46
|
+
# Alias for overall_score.
|
47
|
+
def score
|
48
|
+
overall_score
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -36,15 +30,21 @@ module CvssSuite
|
|
36
30
|
@properties.count
|
37
31
|
end
|
38
32
|
|
33
|
+
##
|
34
|
+
# We aggregate these in some other classes
|
35
|
+
attr_reader :properties
|
36
|
+
|
39
37
|
private
|
40
38
|
|
41
39
|
def extract_selected_values_from(selected_properties)
|
42
40
|
selected_properties.each do |selected_property|
|
43
41
|
property = @properties.detect do |p|
|
44
|
-
p.abbreviation == selected_property[:name] &&
|
42
|
+
p.abbreviation == selected_property[:name] &&
|
43
|
+
(p.position&.include?(selected_property[:position]) || p.position.nil?)
|
45
44
|
end
|
46
45
|
property&.set_selected_value selected_property[:selected]
|
47
46
|
end
|
47
|
+
@properties.select(&:non_selected?).each(&:set_default_value)
|
48
48
|
end
|
49
49
|
end
|
50
50
|
end
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -22,7 +16,7 @@ module CvssSuite
|
|
22
16
|
|
23
17
|
def initialize(property)
|
24
18
|
@property = property
|
25
|
-
@property[:default_value] ||= 'Not
|
19
|
+
@property[:default_value] ||= 'Not Defined'
|
26
20
|
end
|
27
21
|
|
28
22
|
##
|
@@ -64,7 +58,7 @@ module CvssSuite
|
|
64
58
|
# Returns true if the property is valid.
|
65
59
|
|
66
60
|
def valid?
|
67
|
-
!@selected_value.nil?
|
61
|
+
!@selected_value.nil? && @property[:values].map { |p| p[:abbreviation] }.include?(@selected_value[:abbreviation])
|
68
62
|
end
|
69
63
|
|
70
64
|
##
|
@@ -82,6 +76,27 @@ module CvssSuite
|
|
82
76
|
value[:selected] = selected_value.eql?(value[:abbreviation])
|
83
77
|
end
|
84
78
|
@selected_value = values.detect { |value| value[:selected] }
|
79
|
+
return unless @selected_value.nil?
|
80
|
+
|
81
|
+
@selected_value = { abbreviation: selected_value }
|
82
|
+
end
|
83
|
+
|
84
|
+
##
|
85
|
+
# Sets the default value.
|
86
|
+
|
87
|
+
def set_default_value
|
88
|
+
values.each do |value|
|
89
|
+
value[:selected] = value[:abbreviation].eql?('X')
|
90
|
+
value[:selected] ||= value[:abbreviation].eql?('ND')
|
91
|
+
end
|
92
|
+
@selected_value = values.detect { |value| value[:selected] }
|
93
|
+
end
|
94
|
+
|
95
|
+
##
|
96
|
+
# Returns whether a selected_value is set
|
97
|
+
|
98
|
+
def non_selected?
|
99
|
+
@selected_value.nil?
|
85
100
|
end
|
86
101
|
end
|
87
102
|
end
|
data/lib/cvss_suite/errors.rb
CHANGED
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# Adam David <adamrdavid@gmail.com>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2018-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
data/lib/cvss_suite/version.rb
CHANGED
@@ -1,14 +1,8 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
12
6
|
module CvssSuite
|
13
|
-
VERSION = '3.0
|
7
|
+
VERSION = '3.3.0'.freeze
|
14
8
|
end
|
data/lib/cvss_suite.rb
CHANGED
@@ -1,17 +1,12 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
12
6
|
require 'cvss_suite/cvss2/cvss2'
|
13
7
|
require 'cvss_suite/cvss3/cvss3'
|
14
8
|
require 'cvss_suite/cvss31/cvss31'
|
9
|
+
require 'cvss_suite/cvss40/cvss40'
|
15
10
|
require 'cvss_suite/version'
|
16
11
|
require 'cvss_suite/errors'
|
17
12
|
require 'cvss_suite/invalid_cvss'
|
@@ -23,7 +18,8 @@ module CvssSuite
|
|
23
18
|
{ string: 'AV:', version: 2 },
|
24
19
|
{ string: '(AV:', version: 2 },
|
25
20
|
{ string: 'CVSS:3.0/', version: 3.0 },
|
26
|
-
{ string: 'CVSS:3.1/', version: 3.1 }
|
21
|
+
{ string: 'CVSS:3.1/', version: 3.1 },
|
22
|
+
{ string: 'CVSS:4.0/', version: 4.0 }
|
27
23
|
].freeze
|
28
24
|
|
29
25
|
##
|
@@ -31,14 +27,21 @@ module CvssSuite
|
|
31
27
|
def self.new(vector)
|
32
28
|
return InvalidCvss.new unless vector.is_a? String
|
33
29
|
|
34
|
-
@vector_string = vector
|
30
|
+
@vector_string = if vector.frozen?
|
31
|
+
vector.dup
|
32
|
+
else
|
33
|
+
vector
|
34
|
+
end
|
35
|
+
|
35
36
|
case version
|
36
37
|
when 2
|
37
|
-
Cvss2.new(@vector_string)
|
38
|
+
Cvss2.new(prepare_vector(@vector_string))
|
38
39
|
when 3.0
|
39
|
-
Cvss3.new(@vector_string)
|
40
|
+
Cvss3.new(prepare_vector(@vector_string))
|
40
41
|
when 3.1
|
41
|
-
Cvss31.new(@vector_string)
|
42
|
+
Cvss31.new(prepare_vector(@vector_string))
|
43
|
+
when 4.0
|
44
|
+
Cvss40.new(prepare_vector(@vector_string))
|
42
45
|
else
|
43
46
|
InvalidCvss.new
|
44
47
|
end
|
@@ -51,4 +54,38 @@ module CvssSuite
|
|
51
54
|
return beginning[:version] if @vector_string.start_with? beginning[:string]
|
52
55
|
end
|
53
56
|
end
|
57
|
+
|
58
|
+
def self.prepare_vector(vector)
|
59
|
+
vector = vector.clone
|
60
|
+
|
61
|
+
return prepare_cvss2_vector(vector) if version == 2
|
62
|
+
|
63
|
+
version_string = CVSS_VECTOR_BEGINNINGS.detect { |v| v[:version] == version } [:string]
|
64
|
+
start_of_vector = vector.index(version_string)
|
65
|
+
|
66
|
+
if start_of_vector.nil?
|
67
|
+
''
|
68
|
+
else
|
69
|
+
vector[version_string.length..]
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def self.prepare_cvss2_vector(vector)
|
74
|
+
start_of_vector = vector.index('AV')
|
75
|
+
|
76
|
+
if start_of_vector.nil?
|
77
|
+
''
|
78
|
+
elsif start_of_vector == 1
|
79
|
+
match_array = vector.scan(/\((?>[^)(]+|\g<0>)*\)/)
|
80
|
+
if match_array.length == 1 && match_array[0] == vector
|
81
|
+
vector.slice!(0)
|
82
|
+
vector.slice!(vector.length - 1)
|
83
|
+
vector
|
84
|
+
else
|
85
|
+
''
|
86
|
+
end
|
87
|
+
else
|
88
|
+
vector[start_of_vector..]
|
89
|
+
end
|
90
|
+
end
|
54
91
|
end
|
metadata
CHANGED
@@ -1,29 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cvss-suite
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0
|
4
|
+
version: 3.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0llirocks
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-08-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- -
|
17
|
+
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: 2.4.22
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- -
|
24
|
+
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: 2.4.22
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rspec
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -52,6 +52,20 @@ dependencies:
|
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '1.2'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rubocop
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - '='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 1.50.2
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - '='
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: 1.50.2
|
55
69
|
- !ruby/object:Gem::Dependency
|
56
70
|
name: simplecov
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -67,8 +81,9 @@ dependencies:
|
|
67
81
|
- !ruby/object:Gem::Version
|
68
82
|
version: '0.18'
|
69
83
|
description: |-
|
70
|
-
This Ruby gem
|
71
|
-
|
84
|
+
This Ruby gem calculates the score based on the vector of the
|
85
|
+
Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document)
|
86
|
+
in version 4.0, 3.1, 3.0 and 2.
|
72
87
|
email:
|
73
88
|
executables: []
|
74
89
|
extensions: []
|
@@ -108,6 +123,20 @@ files:
|
|
108
123
|
- lib/cvss_suite/cvss31/cvss31_base.rb
|
109
124
|
- lib/cvss_suite/cvss31/cvss31_environmental.rb
|
110
125
|
- lib/cvss_suite/cvss31/cvss31_temporal.rb
|
126
|
+
- lib/cvss_suite/cvss40/cvss40.rb
|
127
|
+
- lib/cvss_suite/cvss40/cvss40_all_up.rb
|
128
|
+
- lib/cvss_suite/cvss40/cvss40_base.rb
|
129
|
+
- lib/cvss_suite/cvss40/cvss40_calc_helper.rb
|
130
|
+
- lib/cvss_suite/cvss40/cvss40_constants_levels.rb
|
131
|
+
- lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb
|
132
|
+
- lib/cvss_suite/cvss40/cvss40_constants_max_composed.rb
|
133
|
+
- lib/cvss_suite/cvss40/cvss40_constants_max_severity.rb
|
134
|
+
- lib/cvss_suite/cvss40/cvss40_environmental.rb
|
135
|
+
- lib/cvss_suite/cvss40/cvss40_environmental_security.rb
|
136
|
+
- lib/cvss_suite/cvss40/cvss40_supplemental.rb
|
137
|
+
- lib/cvss_suite/cvss40/cvss40_threat.rb
|
138
|
+
- lib/cvss_suite/cvss_31_and_before.rb
|
139
|
+
- lib/cvss_suite/cvss_40_and_later.rb
|
111
140
|
- lib/cvss_suite/cvss_metric.rb
|
112
141
|
- lib/cvss_suite/cvss_property.rb
|
113
142
|
- lib/cvss_suite/errors.rb
|
@@ -115,13 +144,13 @@ files:
|
|
115
144
|
- lib/cvss_suite/helpers/cvss3_helper.rb
|
116
145
|
- lib/cvss_suite/invalid_cvss.rb
|
117
146
|
- lib/cvss_suite/version.rb
|
118
|
-
homepage:
|
147
|
+
homepage: https://cvss-suite.0lli.rocks
|
119
148
|
licenses:
|
120
149
|
- MIT
|
121
150
|
metadata:
|
122
151
|
bug_tracker_uri: https://github.com/0llirocks/cvss-suite/issues
|
123
152
|
changelog_uri: https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md
|
124
|
-
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/3.0
|
153
|
+
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/3.3.0
|
125
154
|
homepage_uri: https://cvss-suite.0lli.rocks
|
126
155
|
source_code_uri: https://github.com/0llirocks/cvss-suite
|
127
156
|
post_install_message:
|
@@ -139,7 +168,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
139
168
|
- !ruby/object:Gem::Version
|
140
169
|
version: '0'
|
141
170
|
requirements: []
|
142
|
-
rubygems_version: 3.3.
|
171
|
+
rubygems_version: 3.0.3.1
|
143
172
|
signing_key:
|
144
173
|
specification_version: 4
|
145
174
|
summary: Ruby gem for processing cvss vectors.
|