cvss-suite 3.1.1 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/rspec.yml +4 -4
  3. data/.github/workflows/rubocop.yml +3 -4
  4. data/.rubocop.yml +20 -0
  5. data/.rubocop_todo.yml +2 -2
  6. data/CHANGES.md +8 -0
  7. data/CODE_OF_CONDUCT.md +9 -2
  8. data/Gemfile +0 -6
  9. data/LICENSE.md +10 -1
  10. data/README.md +14 -5
  11. data/cvss_suite.gemspec +7 -10
  12. data/lib/cvss_suite/cvss.rb +1 -31
  13. data/lib/cvss_suite/cvss2/cvss2.rb +2 -8
  14. data/lib/cvss_suite/cvss2/cvss2_base.rb +0 -6
  15. data/lib/cvss_suite/cvss2/cvss2_environmental.rb +0 -6
  16. data/lib/cvss_suite/cvss2/cvss2_temporal.rb +0 -6
  17. data/lib/cvss_suite/cvss3/cvss3.rb +2 -8
  18. data/lib/cvss_suite/cvss3/cvss3_base.rb +0 -6
  19. data/lib/cvss_suite/cvss3/cvss3_environmental.rb +0 -6
  20. data/lib/cvss_suite/cvss3/cvss3_temporal.rb +0 -6
  21. data/lib/cvss_suite/cvss31/cvss31.rb +2 -8
  22. data/lib/cvss_suite/cvss31/cvss31_base.rb +0 -6
  23. data/lib/cvss_suite/cvss31/cvss31_environmental.rb +0 -6
  24. data/lib/cvss_suite/cvss31/cvss31_temporal.rb +0 -6
  25. data/lib/cvss_suite/cvss40/cvss40.rb +43 -0
  26. data/lib/cvss_suite/cvss40/cvss40_all_up.rb +40 -0
  27. data/lib/cvss_suite/cvss40/cvss40_base.rb +86 -0
  28. data/lib/cvss_suite/cvss40/cvss40_calc_helper.rb +389 -0
  29. data/lib/cvss_suite/cvss40/cvss40_constants_levels.rb +26 -0
  30. data/lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb +278 -0
  31. data/lib/cvss_suite/cvss40/cvss40_constants_max_composed.rb +41 -0
  32. data/lib/cvss_suite/cvss40/cvss40_constants_max_severity.rb +31 -0
  33. data/lib/cvss_suite/cvss40/cvss40_environmental.rb +105 -0
  34. data/lib/cvss_suite/cvss40/cvss40_environmental_security.rb +47 -0
  35. data/lib/cvss_suite/cvss40/cvss40_supplemental.rb +66 -0
  36. data/lib/cvss_suite/cvss40/cvss40_threat.rb +34 -0
  37. data/lib/cvss_suite/cvss_31_and_before.rb +50 -0
  38. data/lib/cvss_suite/cvss_40_and_later.rb +45 -0
  39. data/lib/cvss_suite/cvss_metric.rb +4 -6
  40. data/lib/cvss_suite/cvss_property.rb +0 -6
  41. data/lib/cvss_suite/errors.rb +0 -6
  42. data/lib/cvss_suite/extensions/string.rb +8 -0
  43. data/lib/cvss_suite/helpers/cvss31_helper.rb +0 -6
  44. data/lib/cvss_suite/helpers/cvss3_helper.rb +0 -6
  45. data/lib/cvss_suite/invalid_cvss.rb +0 -6
  46. data/lib/cvss_suite/version.rb +1 -7
  47. data/lib/cvss_suite.rb +6 -7
  48. metadata +41 -12
data/lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb ADDED
@@ -0,0 +1,278 @@
1
+ module CvssSuite
2
+ module Cvss40Constants
3
+ # These constants were almost directly ported from the CVSS 4.0 calculator code found at https://github.com/FIRSTdotorg/cvss-v4-calculator/blob/ac71416d935ad2ac87cd107ff87024561ea954a7/cvss_lookup.js#L1
4
+
5
+ LOOKUP = {
6
+ '000000' => 10,
7
+ '000001' => 9.9,
8
+ '000010' => 9.8,
9
+ '000011' => 9.5,
10
+ '000020' => 9.5,
11
+ '000021' => 9.2,
12
+ '000100' => 10,
13
+ '000101' => 9.6,
14
+ '000110' => 9.3,
15
+ '000111' => 8.7,
16
+ '000120' => 9.1,
17
+ '000121' => 8.1,
18
+ '000200' => 9.3,
19
+ '000201' => 9,
20
+ '000210' => 8.9,
21
+ '000211' => 8,
22
+ '000220' => 8.1,
23
+ '000221' => 6.8,
24
+ '001000' => 9.8,
25
+ '001001' => 9.5,
26
+ '001010' => 9.5,
27
+ '001011' => 9.2,
28
+ '001020' => 9,
29
+ '001021' => 8.4,
30
+ '001100' => 9.3,
31
+ '001101' => 9.2,
32
+ '001110' => 8.9,
33
+ '001111' => 8.1,
34
+ '001120' => 8.1,
35
+ '001121' => 6.5,
36
+ '001200' => 8.8,
37
+ '001201' => 8,
38
+ '001210' => 7.8,
39
+ '001211' => 7,
40
+ '001220' => 6.9,
41
+ '001221' => 4.8,
42
+ '002001' => 9.2,
43
+ '002011' => 8.2,
44
+ '002021' => 7.2,
45
+ '002101' => 7.9,
46
+ '002111' => 6.9,
47
+ '002121' => 5,
48
+ '002201' => 6.9,
49
+ '002211' => 5.5,
50
+ '002221' => 2.7,
51
+ '010000' => 9.9,
52
+ '010001' => 9.7,
53
+ '010010' => 9.5,
54
+ '010011' => 9.2,
55
+ '010020' => 9.2,
56
+ '010021' => 8.5,
57
+ '010100' => 9.5,
58
+ '010101' => 9.1,
59
+ '010110' => 9,
60
+ '010111' => 8.3,
61
+ '010120' => 8.4,
62
+ '010121' => 7.1,
63
+ '010200' => 9.2,
64
+ '010201' => 8.1,
65
+ '010210' => 8.2,
66
+ '010211' => 7.1,
67
+ '010220' => 7.2,
68
+ '010221' => 5.3,
69
+ '011000' => 9.5,
70
+ '011001' => 9.3,
71
+ '011010' => 9.2,
72
+ '011011' => 8.5,
73
+ '011020' => 8.5,
74
+ '011021' => 7.3,
75
+ '011100' => 9.2,
76
+ '011101' => 8.2,
77
+ '011110' => 8,
78
+ '011111' => 7.2,
79
+ '011120' => 7,
80
+ '011121' => 5.9,
81
+ '011200' => 8.4,
82
+ '011201' => 7,
83
+ '011210' => 7.1,
84
+ '011211' => 5.2,
85
+ '011220' => 5,
86
+ '011221' => 3,
87
+ '012001' => 8.6,
88
+ '012011' => 7.5,
89
+ '012021' => 5.2,
90
+ '012101' => 7.1,
91
+ '012111' => 5.2,
92
+ '012121' => 2.9,
93
+ '012201' => 6.3,
94
+ '012211' => 2.9,
95
+ '012221' => 1.7,
96
+ '100000' => 9.8,
97
+ '100001' => 9.5,
98
+ '100010' => 9.4,
99
+ '100011' => 8.7,
100
+ '100020' => 9.1,
101
+ '100021' => 8.1,
102
+ '100100' => 9.4,
103
+ '100101' => 8.9,
104
+ '100110' => 8.6,
105
+ '100111' => 7.4,
106
+ '100120' => 7.7,
107
+ '100121' => 6.4,
108
+ '100200' => 8.7,
109
+ '100201' => 7.5,
110
+ '100210' => 7.4,
111
+ '100211' => 6.3,
112
+ '100220' => 6.3,
113
+ '100221' => 4.9,
114
+ '101000' => 9.4,
115
+ '101001' => 8.9,
116
+ '101010' => 8.8,
117
+ '101011' => 7.7,
118
+ '101020' => 7.6,
119
+ '101021' => 6.7,
120
+ '101100' => 8.6,
121
+ '101101' => 7.6,
122
+ '101110' => 7.4,
123
+ '101111' => 5.8,
124
+ '101120' => 5.9,
125
+ '101121' => 5,
126
+ '101200' => 7.2,
127
+ '101201' => 5.7,
128
+ '101210' => 5.7,
129
+ '101211' => 5.2,
130
+ '101220' => 5.2,
131
+ '101221' => 2.5,
132
+ '102001' => 8.3,
133
+ '102011' => 7,
134
+ '102021' => 5.4,
135
+ '102101' => 6.5,
136
+ '102111' => 5.8,
137
+ '102121' => 2.6,
138
+ '102201' => 5.3,
139
+ '102211' => 2.1,
140
+ '102221' => 1.3,
141
+ '110000' => 9.5,
142
+ '110001' => 9,
143
+ '110010' => 8.8,
144
+ '110011' => 7.6,
145
+ '110020' => 7.6,
146
+ '110021' => 7,
147
+ '110100' => 9,
148
+ '110101' => 7.7,
149
+ '110110' => 7.5,
150
+ '110111' => 6.2,
151
+ '110120' => 6.1,
152
+ '110121' => 5.3,
153
+ '110200' => 7.7,
154
+ '110201' => 6.6,
155
+ '110210' => 6.8,
156
+ '110211' => 5.9,
157
+ '110220' => 5.2,
158
+ '110221' => 3,
159
+ '111000' => 8.9,
160
+ '111001' => 7.8,
161
+ '111010' => 7.6,
162
+ '111011' => 6.7,
163
+ '111020' => 6.2,
164
+ '111021' => 5.8,
165
+ '111100' => 7.4,
166
+ '111101' => 5.9,
167
+ '111110' => 5.7,
168
+ '111111' => 5.7,
169
+ '111120' => 4.7,
170
+ '111121' => 2.3,
171
+ '111200' => 6.1,
172
+ '111201' => 5.2,
173
+ '111210' => 5.7,
174
+ '111211' => 2.9,
175
+ '111220' => 2.4,
176
+ '111221' => 1.6,
177
+ '112001' => 7.1,
178
+ '112011' => 5.9,
179
+ '112021' => 3,
180
+ '112101' => 5.8,
181
+ '112111' => 2.6,
182
+ '112121' => 1.5,
183
+ '112201' => 2.3,
184
+ '112211' => 1.3,
185
+ '112221' => 0.6,
186
+ '200000' => 9.3,
187
+ '200001' => 8.7,
188
+ '200010' => 8.6,
189
+ '200011' => 7.2,
190
+ '200020' => 7.5,
191
+ '200021' => 5.8,
192
+ '200100' => 8.6,
193
+ '200101' => 7.4,
194
+ '200110' => 7.4,
195
+ '200111' => 6.1,
196
+ '200120' => 5.6,
197
+ '200121' => 3.4,
198
+ '200200' => 7,
199
+ '200201' => 5.4,
200
+ '200210' => 5.2,
201
+ '200211' => 4,
202
+ '200220' => 4,
203
+ '200221' => 2.2,
204
+ '201000' => 8.5,
205
+ '201001' => 7.5,
206
+ '201010' => 7.4,
207
+ '201011' => 5.5,
208
+ '201020' => 6.2,
209
+ '201021' => 5.1,
210
+ '201100' => 7.2,
211
+ '201101' => 5.7,
212
+ '201110' => 5.5,
213
+ '201111' => 4.1,
214
+ '201120' => 4.6,
215
+ '201121' => 1.9,
216
+ '201200' => 5.3,
217
+ '201201' => 3.6,
218
+ '201210' => 3.4,
219
+ '201211' => 1.9,
220
+ '201220' => 1.9,
221
+ '201221' => 0.8,
222
+ '202001' => 6.4,
223
+ '202011' => 5.1,
224
+ '202021' => 2,
225
+ '202101' => 4.7,
226
+ '202111' => 2.1,
227
+ '202121' => 1.1,
228
+ '202201' => 2.4,
229
+ '202211' => 0.9,
230
+ '202221' => 0.4,
231
+ '210000' => 8.8,
232
+ '210001' => 7.5,
233
+ '210010' => 7.3,
234
+ '210011' => 5.3,
235
+ '210020' => 6,
236
+ '210021' => 5,
237
+ '210100' => 7.3,
238
+ '210101' => 5.5,
239
+ '210110' => 5.9,
240
+ '210111' => 4,
241
+ '210120' => 4.1,
242
+ '210121' => 2,
243
+ '210200' => 5.4,
244
+ '210201' => 4.3,
245
+ '210210' => 4.5,
246
+ '210211' => 2.2,
247
+ '210220' => 2,
248
+ '210221' => 1.1,
249
+ '211000' => 7.5,
250
+ '211001' => 5.5,
251
+ '211010' => 5.8,
252
+ '211011' => 4.5,
253
+ '211020' => 4,
254
+ '211021' => 2.1,
255
+ '211100' => 6.1,
256
+ '211101' => 5.1,
257
+ '211110' => 4.8,
258
+ '211111' => 1.8,
259
+ '211120' => 2,
260
+ '211121' => 0.9,
261
+ '211200' => 4.6,
262
+ '211201' => 1.8,
263
+ '211210' => 1.7,
264
+ '211211' => 0.7,
265
+ '211220' => 0.8,
266
+ '211221' => 0.2,
267
+ '212001' => 5.3,
268
+ '212011' => 2.4,
269
+ '212021' => 1.4,
270
+ '212101' => 2.4,
271
+ '212111' => 1.2,
272
+ '212121' => 0.5,
273
+ '212201' => 1,
274
+ '212211' => 0.3,
275
+ '212221' => 0.1
276
+ }.freeze
277
+ end
278
+ end
data/lib/cvss_suite/cvss40/cvss40_constants_max_composed.rb ADDED
@@ -0,0 +1,41 @@
1
+ module CvssSuite
2
+ module Cvss40Constants
3
+ # These constants were almost directly ported from the CVSS 4.0 calculator code found at https://github.com/FIRSTdotorg/cvss-v4-calculator/blob/ac71416d935ad2ac87cd107ff87024561ea954a7/max_composed.js#L4
4
+
5
+ MAX_COMPOSED = {
6
+ # // EQ1
7
+ 'eq1' => {
8
+ '0' => ['AV:N/PR:N/UI:N/'],
9
+ '1' => ['AV:A/PR:N/UI:N/', 'AV:N/PR:L/UI:N/', 'AV:N/PR:N/UI:P/'],
10
+ '2' => ['AV:P/PR:N/UI:N/', 'AV:A/PR:L/UI:P/']
11
+ },
12
+ # // EQ2
13
+ 'eq2' => {
14
+ '0' => ['AC:L/AT:N/'],
15
+ '1' => ['AC:H/AT:N/', 'AC:L/AT:P/']
16
+ },
17
+ # // EQ3+EQ6
18
+ 'eq3' => {
19
+ '0' => { '0' => ['VC:H/VI:H/VA:H/CR:H/IR:H/AR:H/'],
20
+ '1' => ['VC:H/VI:H/VA:L/CR:M/IR:M/AR:H/', 'VC:H/VI:H/VA:H/CR:M/IR:M/AR:M/'] },
21
+ '1' => { '0' => ['VC:L/VI:H/VA:H/CR:H/IR:H/AR:H/', 'VC:H/VI:L/VA:H/CR:H/IR:H/AR:H/'],
22
+ '1' => ['VC:L/VI:H/VA:L/CR:H/IR:M/AR:H/', 'VC:L/VI:H/VA:H/CR:H/IR:M/AR:M/',
23
+ 'VC:H/VI:L/VA:H/CR:M/IR:H/AR:M/', 'VC:H/VI:L/VA:L/CR:M/IR:H/AR:H/',
24
+ 'VC:L/VI:L/VA:H/CR:H/IR:H/AR:M/'] },
25
+ '2' => { '1' => ['VC:L/VI:L/VA:L/CR:H/IR:H/AR:H/'] }
26
+ },
27
+ # // EQ4
28
+ 'eq4' => {
29
+ '0' => ['SC:H/SI:S/SA:S/'],
30
+ '1' => ['SC:H/SI:H/SA:H/'],
31
+ '2' => ['SC:L/SI:L/SA:L/']
32
+ },
33
+ # // EQ5
34
+ 'eq5' => {
35
+ '0' => ['E:A/'],
36
+ '1' => ['E:P/'],
37
+ '2' => ['E:U/']
38
+ }
39
+ }.freeze
40
+ end
41
+ end
data/lib/cvss_suite/cvss40/cvss40_constants_max_severity.rb ADDED
@@ -0,0 +1,31 @@
1
+ module CvssSuite
2
+ module Cvss40Constants
3
+ # These constants were almost directly ported from the CVSS 4.0 calculator code found at https://github.com/FIRSTdotorg/cvss-v4-calculator/blob/ac71416d935ad2ac87cd107ff87024561ea954a7/max_severity.js#L1
4
+ MAX_SEVERITY = {
5
+ 'eq1' => {
6
+ 0 => 1,
7
+ 1 => 4,
8
+ 2 => 5
9
+ },
10
+ 'eq2' => {
11
+ 0 => 1,
12
+ 1 => 2
13
+ },
14
+ 'eq3eq6' => {
15
+ 0 => { 0 => 7, 1 => 6 },
16
+ 1 => { 0 => 8, 1 => 8 },
17
+ 2 => { 1 => 10 }
18
+ },
19
+ 'eq4' => {
20
+ 0 => 6,
21
+ 1 => 5,
22
+ 2 => 4
23
+ },
24
+ 'eq5' => {
25
+ 0 => 1,
26
+ 1 => 1,
27
+ 2 => 1
28
+ }
29
+ }.freeze
30
+ end
31
+ end
data/lib/cvss_suite/cvss40/cvss40_environmental.rb ADDED
@@ -0,0 +1,105 @@
1
+ # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
+ #
3
+ # This work is licensed under the terms of the MIT license.
4
+ # See the LICENSE.md file in the top-level directory.
5
+
6
+ require_relative '../cvss_property'
7
+ require_relative '../cvss_metric'
8
+
9
+ module CvssSuite
10
+ ##
11
+ # This class represents a CVSS Threat metric in version 4.0.
12
+ class Cvss40Environmental < CvssMetric
13
+ ##
14
+ # Property of this metric
15
+ attr_reader :modified_attack_vector, :modified_attack_complexity, :modified_attack_requirements,
16
+ :modified_privileges_required, :modified_user_interaction, :modified_vulnerable_system_confidentiality,
17
+ :modified_vulnerable_system_integrity, :modified_vulnerable_system_availability,
18
+ :modified_subsequent_system_confidentiality, :modified_subsequent_system_integrity,
19
+ :modified_subsequent_system_availability
20
+
21
+ ##
22
+ # Returns score of this metric
23
+ def score
24
+ Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
25
+ end
26
+
27
+ private
28
+
29
+ def init_properties
30
+ @properties.push(@modified_attack_vector =
31
+ CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV',
32
+ values: [{ name: 'Network', abbreviation: 'N' },
33
+ { name: 'Adjacent', abbreviation: 'A' },
34
+ { name: 'Local', abbreviation: 'L' },
35
+ { name: 'Physical', abbreviation: 'P' },
36
+ { name: 'Not Defined', abbreviation: 'X' }]))
37
+ @properties.push(@modified_attack_complexity =
38
+ CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC',
39
+ values: [{ name: 'Low', abbreviation: 'L' },
40
+ { name: 'High', abbreviation: 'H' },
41
+ { name: 'Not Defined', abbreviation: 'X' }]))
42
+ @properties.push(@modified_attack_requirements =
43
+ CvssProperty.new(name: 'Modified Attack Requirements', abbreviation: 'MAT',
44
+ values: [{ name: 'None', abbreviation: 'N' },
45
+ { name: 'Present', abbreviation: 'P' },
46
+ { name: 'Not Defined', abbreviation: 'X' }]))
47
+ @properties.push(@modified_privileges_required =
48
+ CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR',
49
+ values: [{ name: 'None', abbreviation: 'N' },
50
+ { name: 'Low', abbreviation: 'L' },
51
+ { name: 'High', abbreviation: 'H' },
52
+ { name: 'Not Defined', abbreviation: 'X' }]))
53
+ @properties.push(@modified_user_interaction =
54
+ CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI',
55
+ values: [{ name: 'None', abbreviation: 'N' },
56
+ { name: 'Passive', abbreviation: 'P' },
57
+ { name: 'Active', abbreviation: 'A' },
58
+ { name: 'Not Defined', abbreviation: 'X' }]))
59
+ @properties.push(@vulnerable_system_confidentiality =
60
+ CvssProperty.new(name: 'Modified Vulnerable System Confidentiality Impact',
61
+ abbreviation: 'MVC',
62
+ values: [{ name: 'None', abbreviation: 'N' },
63
+ { name: 'Low', abbreviation: 'L' },
64
+ { name: 'High', abbreviation: 'H' },
65
+ { name: 'Not Defined', abbreviation: 'X' }]))
66
+ @properties.push(@modified_vulnerable_system_integrity =
67
+ CvssProperty.new(name: 'Modified Vulnerable System Integrity Impact',
68
+ abbreviation: 'MVI',
69
+ values: [{ name: 'None', abbreviation: 'N' },
70
+ { name: 'Low', abbreviation: 'L' },
71
+ { name: 'High', abbreviation: 'H' },
72
+ { name: 'Not Defined', abbreviation: 'X' }]))
73
+ @properties.push(@modified_vulnerable_system_availability =
74
+ CvssProperty.new(name: 'Modified Vulnerable System Availability Impact',
75
+ abbreviation: 'MVA',
76
+ values: [{ name: 'None', abbreviation: 'N' },
77
+ { name: 'Low', abbreviation: 'L' },
78
+ { name: 'High', abbreviation: 'H' },
79
+ { name: 'Not Defined', abbreviation: 'X' }]))
80
+ @properties.push(@modified_subsequent_system_confidentiality =
81
+ CvssProperty.new(name: 'Modified Subsequent System Confidentiality Impact',
82
+ abbreviation: 'MSC',
83
+ values: [{ name: 'None', abbreviation: 'N' },
84
+ { name: 'Low', abbreviation: 'L' },
85
+ { name: 'High', abbreviation: 'H' },
86
+ { name: 'Not Defined', abbreviation: 'X' }]))
87
+ @properties.push(@modified_subsequent_system_integrity =
88
+ CvssProperty.new(name: 'Modified Subsequent System Integrity Impact',
89
+ abbreviation: 'MSI',
90
+ values: [{ name: 'None', abbreviation: 'N' },
91
+ { name: 'Safety', abbreviation: 'S' },
92
+ { name: 'Low', abbreviation: 'L' },
93
+ { name: 'High', abbreviation: 'H' },
94
+ { name: 'Not Defined', abbreviation: 'X' }]))
95
+ @properties.push(@modified_subsequent_system_availability =
96
+ CvssProperty.new(name: 'Modified Subsequent System Availability Impact',
97
+ abbreviation: 'MSA',
98
+ values: [{ name: 'None', abbreviation: 'N' },
99
+ { name: 'Safety', abbreviation: 'S' },
100
+ { name: 'Low', abbreviation: 'L' },
101
+ { name: 'High', abbreviation: 'H' },
102
+ { name: 'Not Defined', abbreviation: 'X' }]))
103
+ end
104
+ end
105
+ end
data/lib/cvss_suite/cvss40/cvss40_environmental_security.rb ADDED
@@ -0,0 +1,47 @@
1
+ # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
+ #
3
+ # This work is licensed under the terms of the MIT license.
4
+ # See the LICENSE.md file in the top-level directory.
5
+
6
+ require_relative '../cvss_property'
7
+ require_relative '../cvss_metric'
8
+
9
+ module CvssSuite
10
+ ##
11
+ # This class represents a CVSS Environmental Security metric in version 4.0.
12
+ class Cvss40EnvironmentalSecurity < CvssMetric
13
+ ##
14
+ # Property of this metric
15
+ attr_reader :confidentiality_requirements, :integrity_requirements, :availability_requirements
16
+
17
+ ##
18
+ # Returns score of this metric
19
+ def score
20
+ Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
21
+ end
22
+
23
+ private
24
+
25
+ def init_properties
26
+ @properties.push(@confidentiality_requirements =
27
+ CvssProperty.new(name: 'Confidentiality Requirements', abbreviation: 'CR',
28
+ values: [{ name: 'Not Defined', abbreviation: 'X' },
29
+ { name: 'Low', abbreviation: 'L' },
30
+ { name: 'Medium', abbreviation: 'M' },
31
+ { name: 'High', abbreviation: 'H' }]))
32
+ @properties.push(@integrity_requirements =
33
+ CvssProperty.new(name: 'Integrity Requirements', abbreviation: 'IR',
34
+ values: [{ name: 'Not Defined', abbreviation: 'X' },
35
+ { name: 'Low', abbreviation: 'L' },
36
+ { name: 'Medium', abbreviation: 'M' },
37
+ { name: 'High', abbreviation: 'H' }]))
38
+ @properties.push(@availability_requirements =
39
+ CvssProperty.new(name: 'Availability Requirements', abbreviation: 'AR',
40
+ values: [{ name: 'Not Defined', abbreviation: 'X' },
41
+ { name: 'Low', abbreviation: 'L' },
42
+ { name: 'Medium', abbreviation: 'M' },
43
+ { name: 'High',
44
+ abbreviation: 'H' }]))
45
+ end
46
+ end
47
+ end
data/lib/cvss_suite/cvss40/cvss40_supplemental.rb ADDED
@@ -0,0 +1,66 @@
1
+ # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
+ #
3
+ # This work is licensed under the terms of the MIT license.
4
+ # See the LICENSE.md file in the top-level directory.
5
+
6
+ require_relative '../cvss_property'
7
+ require_relative '../cvss_metric'
8
+
9
+ module CvssSuite
10
+ ##
11
+ # This class represents a CVSS Temporal metric in version 3.1.
12
+ class Cvss40Supplemental < CvssMetric
13
+ ##
14
+ # Property of this metric
15
+ attr_reader :safety, :automatable, :recovery, :value_density,
16
+ :vulnerability_response_effort, :provider_urgency
17
+
18
+ ##
19
+ # Returns score of this metric
20
+ def score
21
+ return 1.0 unless valid?
22
+
23
+ @exploit_code_maturity.score * @remediation_level.score * @report_confidence.score
24
+ end
25
+
26
+ private
27
+
28
+ def init_properties
29
+ @properties.push(@safety =
30
+ CvssProperty.new(name: 'Safety', abbreviation: 'S',
31
+ values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
32
+ { name: 'Negligible', abbreviation: 'N', weight: 0.91 },
33
+ { name: 'Present', abbreviation: 'P', weight: 0.94 }]))
34
+ @properties.push(@automatable =
35
+ CvssProperty.new(name: 'Automatable', abbreviation: 'AU',
36
+ values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
37
+ { name: 'No', abbreviation: 'N', weight: 0.95 },
38
+ { name: 'Yes', abbreviation: 'Y', weight: 0.96 }]))
39
+
40
+ @properties.push(@recovery =
41
+ CvssProperty.new(name: 'Recovery', abbreviation: 'R',
42
+ values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
43
+ { name: 'Automatic', abbreviation: 'A', weight: 0.92 },
44
+ { name: 'User', abbreviation: 'U', weight: 0.96 },
45
+ { name: 'Irrecoverable', abbreviation: 'I', weight: 1.0 }]))
46
+ @properties.push(@value_density =
47
+ CvssProperty.new(name: 'Value Density', abbreviation: 'V',
48
+ values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
49
+ { name: 'Diffuse', abbreviation: 'D', weight: 0.91 },
50
+ { name: 'Concentrated', abbreviation: 'C', weight: 0.94 }]))
51
+ @properties.push(@vulnerability_response_effort =
52
+ CvssProperty.new(name: 'Vulnerability Response Effort', abbreviation: 'RE',
53
+ values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
54
+ { name: 'Low', abbreviation: 'L', weight: 0.91 },
55
+ { name: 'Moderate', abbreviation: 'M', weight: 0.91 },
56
+ { name: 'High', abbreviation: 'H', weight: 0.94 }]))
57
+ @properties.push(@provider_urgency =
58
+ CvssProperty.new(name: 'Provider Urgency', abbreviation: 'U',
59
+ values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
60
+ { name: 'Clear', abbreviation: 'Clear', weight: 0.91 },
61
+ { name: 'Green', abbreviation: 'Green', weight: 0.91 },
62
+ { name: 'Amber', abbreviation: 'Amber', weight: 0.91 },
63
+ { name: 'Red', abbreviation: 'Red', weight: 0.94 }]))
64
+ end
65
+ end
66
+ end
data/lib/cvss_suite/cvss40/cvss40_threat.rb ADDED
@@ -0,0 +1,34 @@
1
+ # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
+ #
3
+ # This work is licensed under the terms of the MIT license.
4
+ # See the LICENSE.md file in the top-level directory.
5
+
6
+ require_relative '../cvss_property'
7
+ require_relative '../cvss_metric'
8
+
9
+ module CvssSuite
10
+ ##
11
+ # This class represents a CVSS Threat metric in version 3.1.
12
+ class Cvss40Threat < CvssMetric
13
+ ##
14
+ # Property of this metric
15
+ attr_reader :exploit_maturity
16
+
17
+ ##
18
+ # Returns score of this metric
19
+ def score
20
+ Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
21
+ end
22
+
23
+ private
24
+
25
+ def init_properties
26
+ @properties.push(@exploit_maturity =
27
+ CvssProperty.new(name: 'Exploit Maturity', abbreviation: 'E',
28
+ values: [{ name: 'Not Defined', abbreviation: 'X' },
29
+ { name: 'Attacked', abbreviation: 'A' },
30
+ { name: 'Proof-of-Concept', abbreviation: 'P' },
31
+ { name: 'Unreported', abbreviation: 'U' }]))
32
+ end
33
+ end
34
+ end
data/lib/cvss_suite/cvss_31_and_before.rb ADDED
@@ -0,0 +1,50 @@
1
+ # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
+ #
3
+ # This work is licensed under the terms of the MIT license.
4
+ # See the LICENSE.md file in the top-level directory.
5
+
6
+ require_relative 'cvss'
7
+
8
+ module CvssSuite
9
+ ##
10
+ # This class represents any CVSS vector. Do not instantiate this class!
11
+ class Cvss31AndBefore < Cvss
12
+ ##
13
+ # Metric of a CVSS vector for CVSS 2, 3, 3.1.
14
+ attr_reader :temporal, :environmental
15
+
16
+ ##
17
+ # Creates a new CVSS vector by a +vector+, for all CVSS versions through 3.1.
18
+ #
19
+ # Raises an exception if it is called on Cvss31AndBefore class.
20
+ def initialize(vector)
21
+ raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if instance_of? Cvss31AndBefore
22
+
23
+ super
24
+ end
25
+
26
+ ##
27
+ # Returns if CVSS vector is valid.
28
+ def valid?
29
+ if @amount_of_properties >= required_amount_of_properties
30
+ base = @base.valid?
31
+ temporal = @base.valid? && @temporal&.valid?
32
+ environmental = @base.valid? && @environmental&.valid?
33
+ full = @base.valid? && @temporal&.valid? && @environmental&.valid?
34
+ base || temporal || environmental || full
35
+ else
36
+ false
37
+ end
38
+ end
39
+
40
+ ##
41
+ # Returns the Overall Score of the CVSS vector.
42
+ def overall_score
43
+ check_validity
44
+ return temporal_score if @temporal.valid? && !@environmental.valid?
45
+ return environmental_score if @environmental.valid?
46
+
47
+ base_score
48
+ end
49
+ end
50
+ end