cvss-suite 3.1.0 → 3.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8d6c9f7e41ba7184e8140cf17c6fc0a1b2dced70a3a0e80a603700c2517f413c
-  data.tar.gz: 8277aaf7c847feb0d83adcf96f33e85dbbaa4916bb84fb3b1fad5fc1eb99ef57
+  metadata.gz: 56b4970c7134073d2940b58730249883898bff82628949a38dfcdb805de8a204
+  data.tar.gz: ecee84d8b3d5abec9004c6223fb8ab321b015ee4bbef18a528b24c1776e0d3fa
 SHA512:
-  metadata.gz: 3640b87d41a2b7533b756b416e115e8cde0bb4459a8aefe325d0db82816b48dc0b3f32bd2d6c9dde4ab48ec0bec94efc8572e0c94412618070a45ab04012dd04
-  data.tar.gz: fe15648aa4362009d44ef9159e38f40494b09911582845b29732cb6c6512694c6bdf4d3b57ec412a6e9e76c783c197746dd76a2cce79ce298facad8f4a8ac334
+  metadata.gz: d5f8ea8fa286f41fb7505a3f59c5b995f827b57415c486340ac6d3e540baab7e1e81b045f075587e832027d812a46cccaa521abd5ac7dcda6836a9f290ba2139
+  data.tar.gz: 948c07fe25adfb5acc09ba85ccfff096f7caaaec3bd832ae5b7da61087ccfb957c58bd1b8a584244a582cdca4252bdf4378fe81c574f1bec2e45c799cca530e4

data/.github/workflows/rspec.yml

@@ -8,16 +8,16 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby: [ '2.6', '2.7', '3.0', '3.1' ]
+        ruby: [ '2.6', '2.7', '3.0', '3.1', '3.2', '3.3' ]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up ${{ matrix.ruby }}
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby }}
     - name: Install gems
       run: |
-        gem install bundler -v ">= 1.10"
-        bundle install --jobs 4 --retry 3
+        gem install bundler -v "2.4.22"
+        bundle _2.4.22_ install --jobs 4 --retry 3
     - name: Run tests
       run: bundle exec rspec spec

data/.github/workflows/rubocop.yml

@@ -8,15 +8,14 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Ruby 2.6
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: 2.6
     - name: Install gems
       run: |
-        gem update --system
-        gem install bundler -v ">= 1.10"
-        gem install rubocop
+        gem install bundler -v "2.4.22"
+        bundle install --jobs 4 --retry 3
     - name: Run checks
       run: rubocop -F --fail-level C -f s

data/.rubocop.yml

@@ -4,6 +4,10 @@ AllCops:
   TargetRubyVersion: 2.6
   SuggestExtensions: false
 
+Metrics/AbcSize:
+  Exclude:
+    - 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
+
 Metrics/LineLength:
   Max: 120
   Exclude:
@@ -14,17 +18,33 @@ Metrics/ClassLength:
   Exclude:
     - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
     - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+    - 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
+
+Metrics/CyclomaticComplexity:
+  Exclude: 
+    - 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
 
 Metrics/MethodLength:
   Exclude:
     - 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
     - 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
+    - 'lib/cvss_suite/cvss40/cvss40_environmental.rb'
+    - 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
+
+Metrics/ModuleLength:
+  Exclude:
+    - 'lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb'
+
+Metrics/PerceivedComplexity:
+  Exclude:
+    - 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
 
 Metrics/BlockLength:
   Exclude:
     - 'spec/cvss2/cvss2_spec.rb'
     - 'spec/cvss3/cvss3_spec.rb'
     - 'spec/cvss31/cvss31_spec.rb'
+    - 'spec/cvss40/cvss40_spec.rb'
 
 Style/IfUnlessModifier:
   Exclude:

data/.rubocop_todo.yml

@@ -36,7 +36,7 @@ Metrics/ClassLength:
 # Offense count: 1
 # Configuration parameters: IgnoredMethods.
 Metrics/CyclomaticComplexity:
-  Max: 9
+  Max: 13
 
 # Offense count: 13
 # Configuration parameters: CountComments, ExcludedMethods.
@@ -51,7 +51,7 @@ Metrics/ParameterLists:
 # Offense count: 1
 # Configuration parameters: IgnoredMethods.
 Metrics/PerceivedComplexity:
-  Max: 10
+  Max: 14
 
 # Offense count: 1
 Naming/AccessorMethodName:

data/CHANGES.md

@@ -2,6 +2,19 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [3.2.0] - 2024-05-04
+
+### Improvements
+* Add support for CVSS version 4. Closes [#32](https://github.com/0llirocks/cvss-suite/issues/32). Many thanks to @brphelps for adding this feature.
+
+### Notes
+* CVSS version 4 no longer has multiple scores, only one overall score. Keep that in mind when using CVSS version 4.
+
+## [3.1.1] - 2023-10-15
+
+### Fixes
+* CVSS prefix is missing in v3.1.0. Fixes [#33](https://github.com/0llirocks/cvss-suite/issues/33)
+
 ## [3.1.0] - 2022-09-27
 
 ### Fixes

data/CODE_OF_CONDUCT.md

@@ -1,9 +1,16 @@
 CVSS-Suite, a Ruby gem to manage the CVSS vector
 
 Copyright (c) 2016-2022 Siemens AG
-Copyright (c) 2022 0llirocks
+Copyright (c) 2022-2024 0llirocks
 
-Authors: 0llirocks <http://0lli.rocks>
+Author: 0llirocks <https://github.com/0llirocks>
+
+Contributors:
+    Florian Wininger <https://github.com/fwininger>
+    Adam David <https://github.com/adamrdavid>
+    Alexandre Zanni <https://github.com/noraj>
+    joePedantic <https://github.com/joePedantic>
+    Brandyn Phelps <https://github.com/brphelps>
 
 This work is licensed under the terms of the MIT license.
 See the LICENSE.md file in the top-level directory.

data/Gemfile

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/LICENSE.md

@@ -1,7 +1,16 @@
 The MIT License (MIT)
 
 Copyright (c) 2016-2022 Siemens AG
-Copyright (c) 2022 0llirocks
+Copyright (c) 2022-2024 0llirocks
+
+Authors:
+   0llirocks <https://github.com/0llirocks>
+Contributors:
+    Florian Wininger <https://github.com/fwininger>
+    Adam David <https://github.com/adamrdavid>
+    Alexandre Zanni <https://github.com/noraj>
+    joePedantic <https://github.com/joePedantic>
+    Brandyn Phelps <https://github.com/brphelps>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

data/README.md

@@ -5,6 +5,7 @@
 [![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/v2/guide)
 [![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/v3.0/user-guide)
 [![Cvss Support](https://img.shields.io/badge/CVSS-v3.1-brightgreen.svg)](https://www.first.org/cvss/v3.1/user-guide)
+[![Cvss Support](https://img.shields.io/badge/CVSS-v4.0-brightgreen.svg)](https://www.first.org/cvss/v4.0/user-guide)
 [![RSpec](https://github.com/0llirocks/cvss-suite/workflows/RSpec/badge.svg)](https://github.com/0llirocks/cvss-suite/actions)
 
 This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
@@ -18,6 +19,12 @@ Add this line to your application's Gemfile:
 gem 'cvss-suite'
 ```
 
+Since the naming of this gem is not following the naming convention you can also add the following line to automatically require the gem:
+
+```ruby
+gem 'cvss-suite', require: 'cvss_suite'
+```
+
 And then execute:
 
     $ bundle
@@ -39,12 +46,12 @@ If you are still using CvssSuite 1.x please refer to the [specific branch](https
 ```ruby
 require 'cvss_suite'
 
-cvss3 = CvssSuite.new('CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H')
+cvss4 = CvssSuite.new('CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N')
 
-vector = cvss3.vector       # 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H'
-version = cvss3.version     # 3.0
-valid = cvss3.valid?        # true
-severity = cvss3.severity   # 'High'
+vector = cvss4.vector       # 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'
+version = cvss4.version     # 4.0
+valid = cvss4.valid?        # true
+severity = cvss4.severity   # 'Critical'
 
 cvss31 = CvssSuite.new('CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H/E:H/RL:U/RC:U')
 
@@ -53,6 +60,13 @@ version = cvss31.version   # 3.1
 valid = cvss31.valid?      # true
 severity = cvss31.severity # 'Medium'
 
+cvss3 = CvssSuite.new('CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H')
+
+vector = cvss3.vector       # 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H'
+version = cvss3.version     # 3.0
+valid = cvss3.valid?        # true
+severity = cvss3.severity   # 'High'
+
 cvss = CvssSuite.new('AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M')
 
 vector = cvss.vector       # 'AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M'
@@ -61,6 +75,7 @@ valid = cvss.valid?        # true
 severity = cvss.severity   # 'Low'
 
 # Scores
+score = cvss4.overall_score                         # 9.3, cvss4 only has overall score
 base_score = cvss.base_score                        # 4.9
 temporal_score = cvss.temporal_score                # 3.6
 environmental_score = cvss.environmental_score      # 3.2

data/cvss_suite.gemspec

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
@@ -22,14 +16,16 @@ Gem::Specification.new do |spec|
   spec.authors       = ['0llirocks']
 
   spec.summary       = 'Ruby gem for processing cvss vectors.'
-  spec.description   = 'This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document).
-Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.'
+  spec.description   = 'This Ruby gem calculates the score based on the vector of the
+Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document)
+in version 4.0, 3.1, 3.0 and 2.'
+
+  spec.homepage      = 'https://cvss-suite.0lli.rocks'
 
   spec.metadata = {
     'bug_tracker_uri' => 'https://github.com/0llirocks/cvss-suite/issues',
     'changelog_uri' => 'https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md',
     'documentation_uri' => "https://www.rubydoc.info/gems/cvss-suite/#{CvssSuite::VERSION}",
-    'homepage_uri' => 'https://cvss-suite.0lli.rocks',
     'source_code_uri' => 'https://github.com/0llirocks/cvss-suite'
   }
 
@@ -40,8 +36,9 @@ Besides calculating the Base, Temporal and Environmental Score, you are able to
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '>= 1.10'
+  spec.add_development_dependency 'bundler', '2.4.22'
   spec.add_development_dependency 'rspec', '~> 3.4'
   spec.add_development_dependency 'rspec-its', '~> 1.2'
+  spec.add_development_dependency 'rubocop', '1.50.2'
   spec.add_development_dependency 'simplecov', '~> 0.18'
 end

data/lib/cvss_suite/cvss.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
@@ -15,11 +9,7 @@ module CvssSuite
   class Cvss
     ##
     # Metric of a CVSS vector.
-    attr_reader :base, :temporal, :environmental
-
-    ##
-    # Returns the vector itself.
-    attr_reader :vector
+    attr_reader :base
 
     ##
     # Creates a new CVSS vector by a +vector+.
@@ -34,20 +24,6 @@ module CvssSuite
       init_metrics
     end
 
-    ##
-    # Returns if CVSS vector is valid.
-    def valid?
-      if @amount_of_properties >= required_amount_of_properties
-        base = @base.valid?
-        temporal = @base.valid? && @temporal.valid?
-        environmental = @base.valid? && @environmental.valid?
-        full = @base.valid? && @temporal.valid? && @environmental.valid?
-        base || temporal || environmental || full
-      else
-        false
-      end
-    end
-
     ##
     # Returns the severity of the CVSS vector.
     def severity
@@ -71,13 +47,9 @@ module CvssSuite
     end
 
     ##
-    # Returns the Overall Score of the CVSS vector.
-    def overall_score
-      check_validity
-      return temporal_score if @temporal.valid? && !@environmental.valid?
-      return environmental_score if @environmental.valid?
-
-      base_score
+    # Returns the vector itself.
+    def vector
+      @vector.to_s
     end
 
     private

data/lib/cvss_suite/cvss2/cvss2.rb

@@ -1,15 +1,9 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
-require_relative '../cvss'
+require_relative '../cvss_31_and_before'
 require_relative 'cvss2_base'
 require_relative 'cvss2_temporal'
 require_relative 'cvss2_environmental'
@@ -17,7 +11,7 @@ require_relative 'cvss2_environmental'
 module CvssSuite
   ##
   # This class represents a CVSS vector in version 2.
-  class Cvss2 < Cvss
+  class Cvss2 < Cvss31AndBefore
     ##
     # Returns the Version of the CVSS vector.
     def version

data/lib/cvss_suite/cvss2/cvss2_base.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss2/cvss2_environmental.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss2/cvss2_temporal.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss3/cvss3.rb

@@ -1,15 +1,9 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
-require_relative '../cvss'
+require_relative '../cvss_31_and_before'
 require_relative 'cvss3_base'
 require_relative 'cvss3_temporal'
 require_relative 'cvss3_environmental'
@@ -17,7 +11,7 @@ require_relative 'cvss3_environmental'
 module CvssSuite
   ##
   # This class represents a CVSS vector in version 3.0.
-  class Cvss3 < Cvss
+  class Cvss3 < Cvss31AndBefore
     ##
     # Returns the Version of the CVSS vector.
     def version
@@ -45,6 +39,12 @@ module CvssSuite
       Cvss3Helper.round_up(@environmental.score(@base, @temporal))
     end
 
+    ##
+    # Returns the vector itself.
+    def vector
+      "#{CvssSuite::CVSS_VECTOR_BEGINNINGS.find { |beginning| beginning[:version] == version }[:string]}#{@vector}"
+    end
+
     private
 
     def init_metrics

data/lib/cvss_suite/cvss3/cvss3_base.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss3/cvss3_environmental.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss3/cvss3_temporal.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2016-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss31/cvss31.rb

@@ -1,15 +1,9 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2019-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 
-require_relative '../cvss'
+require_relative '../cvss_31_and_before'
 require_relative 'cvss31_base'
 require_relative 'cvss31_temporal'
 require_relative 'cvss31_environmental'
@@ -18,7 +12,7 @@ require_relative '../helpers/cvss31_helper'
 module CvssSuite
   ##
   # This class represents a CVSS vector in version 3.1.
-  class Cvss31 < Cvss
+  class Cvss31 < Cvss31AndBefore
     ##
     # Returns the Version of the CVSS vector.
 
@@ -50,6 +44,12 @@ module CvssSuite
       Cvss31Helper.round_up(@environmental.score(@base, @temporal))
     end
 
+    ##
+    # Returns the vector itself.
+    def vector
+      "#{CvssSuite::CVSS_VECTOR_BEGINNINGS.find { |beginning| beginning[:version] == version }[:string]}#{@vector}"
+    end
+
     private
 
     def init_metrics

data/lib/cvss_suite/cvss31/cvss31_base.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2019-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss31/cvss31_environmental.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2019-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss31/cvss31_temporal.rb

@@ -1,11 +1,5 @@
 # CVSS-Suite, a Ruby gem to manage the CVSS vector
 #
-# Copyright (c) 2019-2022 Siemens AG
-# Copyright (c) 2022 0llirocks
-#
-# Authors:
-#   0llirocks <http://0lli.rocks>
-#
 # This work is licensed under the terms of the MIT license.
 # See the LICENSE.md file in the top-level directory.
 

data/lib/cvss_suite/cvss40/cvss40.rb

@@ -0,0 +1,43 @@
+# CVSS-Suite, a Ruby gem to manage the CVSS vector
+#
+# This work is licensed under the terms of the MIT license.
+# See the LICENSE.md file in the top-level directory.
+
+require_relative '../cvss_40_and_later'
+require_relative 'cvss40_base'
+require_relative 'cvss40_supplemental'
+require_relative 'cvss40_threat'
+require_relative 'cvss40_environmental'
+require_relative 'cvss40_environmental_security'
+require_relative 'cvss40_all_up'
+
+module CvssSuite
+  ##
+  # This class represents a CVSS vector in version 4.0.
+  class Cvss40 < Cvss40AndLater
+    ##
+    # Returns the Version of the CVSS vector.
+
+    def version
+      4.0
+    end
+
+    ##
+    # Returns the vector itself.
+    def vector
+      "#{CvssSuite::CVSS_VECTOR_BEGINNINGS.find { |beginning| beginning[:version] == version }[:string]}#{@vector}"
+    end
+
+    private
+
+    def init_metrics
+      @base = Cvss40Base.new(@properties)
+      @threat = Cvss40Threat.new(@properties)
+      @environmental = Cvss40Environmental.new(@properties)
+      @environmental_security = Cvss40EnvironmentalSecurity.new(@properties)
+      @supplemental = Cvss40Supplemental.new(@properties)
+
+      @all_up = Cvss40AllUp.new(@properties, @base, @threat, @environmental, @environmental_security, @supplemental)
+    end
+  end
+end

data/lib/cvss_suite/cvss40/cvss40_all_up.rb

@@ -0,0 +1,40 @@
+# CVSS-Suite, a Ruby gem to manage the CVSS vector
+#
+# This work is licensed under the terms of the MIT license.
+# See the LICENSE.md file in the top-level directory.
+
+require_relative '../cvss_property'
+require_relative '../cvss_metric'
+require_relative 'cvss40_base'
+require_relative 'cvss40_threat'
+
+module CvssSuite
+  ##
+  # This class represents a CVSS Threat metric in version 3.1.
+  class Cvss40AllUp < CvssMetric
+    ##
+    # Returns score of this metric
+    def score
+      Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
+    end
+
+    def initialize(properties, base, threat, environmental, environmental_security, supplemental)
+      @properties_to_later_initialize_from = properties
+      @base = base
+      @threat = threat
+      @environmental = environmental
+      @environmental_security = environmental_security
+      @supplemental = supplemental
+      super(properties)
+    end
+
+    private
+
+    def init_properties
+      # All up takes it's properties from all other scores
+      properties_to_add = @base.properties + @threat.properties + @environmental.properties +
+                          @environmental_security.properties + @supplemental.properties
+      properties_to_add.each { |p| @properties.push p }
+    end
+  end
+end