cvss-suite 3.1.1 → 3.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/rspec.yml +4 -4
- data/.github/workflows/rubocop.yml +3 -4
- data/.rubocop.yml +20 -0
- data/.rubocop_todo.yml +2 -2
- data/CHANGES.md +13 -0
- data/CODE_OF_CONDUCT.md +9 -2
- data/Gemfile +0 -6
- data/LICENSE.md +10 -1
- data/README.md +14 -5
- data/cvss_suite.gemspec +7 -9
- data/lib/cvss_suite/cvss.rb +1 -31
- data/lib/cvss_suite/cvss2/cvss2.rb +2 -8
- data/lib/cvss_suite/cvss2/cvss2_base.rb +0 -6
- data/lib/cvss_suite/cvss2/cvss2_environmental.rb +0 -6
- data/lib/cvss_suite/cvss2/cvss2_temporal.rb +0 -6
- data/lib/cvss_suite/cvss3/cvss3.rb +2 -8
- data/lib/cvss_suite/cvss3/cvss3_base.rb +0 -6
- data/lib/cvss_suite/cvss3/cvss3_environmental.rb +0 -6
- data/lib/cvss_suite/cvss3/cvss3_temporal.rb +0 -6
- data/lib/cvss_suite/cvss31/cvss31.rb +2 -8
- data/lib/cvss_suite/cvss31/cvss31_base.rb +0 -6
- data/lib/cvss_suite/cvss31/cvss31_environmental.rb +0 -6
- data/lib/cvss_suite/cvss31/cvss31_temporal.rb +0 -6
- data/lib/cvss_suite/cvss40/cvss40.rb +43 -0
- data/lib/cvss_suite/cvss40/cvss40_all_up.rb +40 -0
- data/lib/cvss_suite/cvss40/cvss40_base.rb +86 -0
- data/lib/cvss_suite/cvss40/cvss40_calc_helper.rb +397 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_levels.rb +26 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb +278 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_max_composed.rb +41 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_max_severity.rb +31 -0
- data/lib/cvss_suite/cvss40/cvss40_environmental.rb +105 -0
- data/lib/cvss_suite/cvss40/cvss40_environmental_security.rb +47 -0
- data/lib/cvss_suite/cvss40/cvss40_supplemental.rb +66 -0
- data/lib/cvss_suite/cvss40/cvss40_threat.rb +34 -0
- data/lib/cvss_suite/cvss_31_and_before.rb +50 -0
- data/lib/cvss_suite/cvss_40_and_later.rb +45 -0
- data/lib/cvss_suite/cvss_metric.rb +4 -6
- data/lib/cvss_suite/cvss_property.rb +0 -6
- data/lib/cvss_suite/errors.rb +0 -6
- data/lib/cvss_suite/helpers/cvss31_helper.rb +0 -6
- data/lib/cvss_suite/helpers/cvss3_helper.rb +0 -6
- data/lib/cvss_suite/invalid_cvss.rb +0 -6
- data/lib/cvss_suite/version.rb +1 -7
- data/lib/cvss_suite.rb +5 -7
- metadata +40 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c13e3d336237b452f735f78972b31520c80115b7451bf81287f72a3b4b76d65a
|
4
|
+
data.tar.gz: fbbc06267f44b3ae4ddbafe5c0c3c2a50eeecec08dd95c1a3edb20ec15765307
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7a4255bb0a792743a9013763620a5c93d3530ebbbd760d915f20569693ec85ff3cd44744b5aa19ef356fd6555fec935c4f8191d2844e61ee533662094379090f
|
7
|
+
data.tar.gz: aa99f6949546a68d0145a7a964d8188ca07fd8c6cde4b8d9df6fa1d324410f2ca3a98c3c38e875f44d84b388a0ee6f5e33ca1db0deab1447c7da325d9dc9654a
|
data/.github/workflows/rspec.yml
CHANGED
@@ -8,16 +8,16 @@ jobs:
|
|
8
8
|
runs-on: ubuntu-latest
|
9
9
|
strategy:
|
10
10
|
matrix:
|
11
|
-
ruby: [ '2.6', '2.7', '3.0', '3.1', '3.2' ]
|
11
|
+
ruby: [ '2.6', '2.7', '3.0', '3.1', '3.2', '3.3' ]
|
12
12
|
steps:
|
13
|
-
- uses: actions/checkout@
|
13
|
+
- uses: actions/checkout@v4
|
14
14
|
- name: Set up ${{ matrix.ruby }}
|
15
15
|
uses: ruby/setup-ruby@v1
|
16
16
|
with:
|
17
17
|
ruby-version: ${{ matrix.ruby }}
|
18
18
|
- name: Install gems
|
19
19
|
run: |
|
20
|
-
gem install bundler -v "
|
21
|
-
bundle install --jobs 4 --retry 3
|
20
|
+
gem install bundler -v "2.4.22"
|
21
|
+
bundle _2.4.22_ install --jobs 4 --retry 3
|
22
22
|
- name: Run tests
|
23
23
|
run: bundle exec rspec spec
|
@@ -8,15 +8,14 @@ jobs:
|
|
8
8
|
runs-on: ubuntu-latest
|
9
9
|
|
10
10
|
steps:
|
11
|
-
- uses: actions/checkout@
|
11
|
+
- uses: actions/checkout@v4
|
12
12
|
- name: Set up Ruby 2.6
|
13
13
|
uses: ruby/setup-ruby@v1
|
14
14
|
with:
|
15
15
|
ruby-version: 2.6
|
16
16
|
- name: Install gems
|
17
17
|
run: |
|
18
|
-
gem
|
19
|
-
|
20
|
-
gem install rubocop
|
18
|
+
gem install bundler -v "2.4.22"
|
19
|
+
bundle install --jobs 4 --retry 3
|
21
20
|
- name: Run checks
|
22
21
|
run: rubocop -F --fail-level C -f s
|
data/.rubocop.yml
CHANGED
@@ -4,6 +4,10 @@ AllCops:
|
|
4
4
|
TargetRubyVersion: 2.6
|
5
5
|
SuggestExtensions: false
|
6
6
|
|
7
|
+
Metrics/AbcSize:
|
8
|
+
Exclude:
|
9
|
+
- 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
|
10
|
+
|
7
11
|
Metrics/LineLength:
|
8
12
|
Max: 120
|
9
13
|
Exclude:
|
@@ -14,17 +18,33 @@ Metrics/ClassLength:
|
|
14
18
|
Exclude:
|
15
19
|
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
16
20
|
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
21
|
+
- 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
|
22
|
+
|
23
|
+
Metrics/CyclomaticComplexity:
|
24
|
+
Exclude:
|
25
|
+
- 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
|
17
26
|
|
18
27
|
Metrics/MethodLength:
|
19
28
|
Exclude:
|
20
29
|
- 'lib/cvss_suite/cvss3/cvss3_environmental.rb'
|
21
30
|
- 'lib/cvss_suite/cvss31/cvss31_environmental.rb'
|
31
|
+
- 'lib/cvss_suite/cvss40/cvss40_environmental.rb'
|
32
|
+
- 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
|
33
|
+
|
34
|
+
Metrics/ModuleLength:
|
35
|
+
Exclude:
|
36
|
+
- 'lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb'
|
37
|
+
|
38
|
+
Metrics/PerceivedComplexity:
|
39
|
+
Exclude:
|
40
|
+
- 'lib/cvss_suite/cvss40/cvss40_calc_helper.rb'
|
22
41
|
|
23
42
|
Metrics/BlockLength:
|
24
43
|
Exclude:
|
25
44
|
- 'spec/cvss2/cvss2_spec.rb'
|
26
45
|
- 'spec/cvss3/cvss3_spec.rb'
|
27
46
|
- 'spec/cvss31/cvss31_spec.rb'
|
47
|
+
- 'spec/cvss40/cvss40_spec.rb'
|
28
48
|
|
29
49
|
Style/IfUnlessModifier:
|
30
50
|
Exclude:
|
data/.rubocop_todo.yml
CHANGED
@@ -36,7 +36,7 @@ Metrics/ClassLength:
|
|
36
36
|
# Offense count: 1
|
37
37
|
# Configuration parameters: IgnoredMethods.
|
38
38
|
Metrics/CyclomaticComplexity:
|
39
|
-
Max:
|
39
|
+
Max: 13
|
40
40
|
|
41
41
|
# Offense count: 13
|
42
42
|
# Configuration parameters: CountComments, ExcludedMethods.
|
@@ -51,7 +51,7 @@ Metrics/ParameterLists:
|
|
51
51
|
# Offense count: 1
|
52
52
|
# Configuration parameters: IgnoredMethods.
|
53
53
|
Metrics/PerceivedComplexity:
|
54
|
-
Max:
|
54
|
+
Max: 14
|
55
55
|
|
56
56
|
# Offense count: 1
|
57
57
|
Naming/AccessorMethodName:
|
data/CHANGES.md
CHANGED
@@ -2,6 +2,19 @@
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
4
4
|
|
5
|
+
## [3.2.1] - 2024-05-25
|
6
|
+
|
7
|
+
### Fixes
|
8
|
+
* String.truncate method in Rails gets overwritten. Fixes [#39](https://github.com/0llirocks/cvss-suite/issues/39)
|
9
|
+
|
10
|
+
## [3.2.0] - 2024-05-04
|
11
|
+
|
12
|
+
### Improvements
|
13
|
+
* Add support for CVSS version 4. Closes [#32](https://github.com/0llirocks/cvss-suite/issues/32). Many thanks to @brphelps for adding this feature.
|
14
|
+
|
15
|
+
### Notes
|
16
|
+
* CVSS version 4 no longer has multiple scores, only one overall score. Keep that in mind when using CVSS version 4.
|
17
|
+
|
5
18
|
## [3.1.1] - 2023-10-15
|
6
19
|
|
7
20
|
### Fixes
|
data/CODE_OF_CONDUCT.md
CHANGED
@@ -1,9 +1,16 @@
|
|
1
1
|
CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
|
3
3
|
Copyright (c) 2016-2022 Siemens AG
|
4
|
-
Copyright (c) 2022 0llirocks
|
4
|
+
Copyright (c) 2022-2024 0llirocks
|
5
5
|
|
6
|
-
|
6
|
+
Author: 0llirocks <https://github.com/0llirocks>
|
7
|
+
|
8
|
+
Contributors:
|
9
|
+
Florian Wininger <https://github.com/fwininger>
|
10
|
+
Adam David <https://github.com/adamrdavid>
|
11
|
+
Alexandre Zanni <https://github.com/noraj>
|
12
|
+
joePedantic <https://github.com/joePedantic>
|
13
|
+
Brandyn Phelps <https://github.com/brphelps>
|
7
14
|
|
8
15
|
This work is licensed under the terms of the MIT license.
|
9
16
|
See the LICENSE.md file in the top-level directory.
|
data/Gemfile
CHANGED
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
data/LICENSE.md
CHANGED
@@ -1,7 +1,16 @@
|
|
1
1
|
The MIT License (MIT)
|
2
2
|
|
3
3
|
Copyright (c) 2016-2022 Siemens AG
|
4
|
-
Copyright (c) 2022 0llirocks
|
4
|
+
Copyright (c) 2022-2024 0llirocks
|
5
|
+
|
6
|
+
Authors:
|
7
|
+
0llirocks <https://github.com/0llirocks>
|
8
|
+
Contributors:
|
9
|
+
Florian Wininger <https://github.com/fwininger>
|
10
|
+
Adam David <https://github.com/adamrdavid>
|
11
|
+
Alexandre Zanni <https://github.com/noraj>
|
12
|
+
joePedantic <https://github.com/joePedantic>
|
13
|
+
Brandyn Phelps <https://github.com/brphelps>
|
5
14
|
|
6
15
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
7
16
|
this software and associated documentation files (the "Software"), to deal in
|
data/README.md
CHANGED
@@ -5,6 +5,7 @@
|
|
5
5
|
[![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/v2/guide)
|
6
6
|
[![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/v3.0/user-guide)
|
7
7
|
[![Cvss Support](https://img.shields.io/badge/CVSS-v3.1-brightgreen.svg)](https://www.first.org/cvss/v3.1/user-guide)
|
8
|
+
[![Cvss Support](https://img.shields.io/badge/CVSS-v4.0-brightgreen.svg)](https://www.first.org/cvss/v4.0/user-guide)
|
8
9
|
[![RSpec](https://github.com/0llirocks/cvss-suite/workflows/RSpec/badge.svg)](https://github.com/0llirocks/cvss-suite/actions)
|
9
10
|
|
10
11
|
This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
|
@@ -45,12 +46,12 @@ If you are still using CvssSuite 1.x please refer to the [specific branch](https
|
|
45
46
|
```ruby
|
46
47
|
require 'cvss_suite'
|
47
48
|
|
48
|
-
|
49
|
+
cvss4 = CvssSuite.new('CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N')
|
49
50
|
|
50
|
-
vector =
|
51
|
-
version =
|
52
|
-
valid =
|
53
|
-
severity =
|
51
|
+
vector = cvss4.vector # 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'
|
52
|
+
version = cvss4.version # 4.0
|
53
|
+
valid = cvss4.valid? # true
|
54
|
+
severity = cvss4.severity # 'Critical'
|
54
55
|
|
55
56
|
cvss31 = CvssSuite.new('CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H/E:H/RL:U/RC:U')
|
56
57
|
|
@@ -59,6 +60,13 @@ version = cvss31.version # 3.1
|
|
59
60
|
valid = cvss31.valid? # true
|
60
61
|
severity = cvss31.severity # 'Medium'
|
61
62
|
|
63
|
+
cvss3 = CvssSuite.new('CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H')
|
64
|
+
|
65
|
+
vector = cvss3.vector # 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H'
|
66
|
+
version = cvss3.version # 3.0
|
67
|
+
valid = cvss3.valid? # true
|
68
|
+
severity = cvss3.severity # 'High'
|
69
|
+
|
62
70
|
cvss = CvssSuite.new('AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M')
|
63
71
|
|
64
72
|
vector = cvss.vector # 'AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M'
|
@@ -67,6 +75,7 @@ valid = cvss.valid? # true
|
|
67
75
|
severity = cvss.severity # 'Low'
|
68
76
|
|
69
77
|
# Scores
|
78
|
+
score = cvss4.overall_score # 9.3, cvss4 only has overall score
|
70
79
|
base_score = cvss.base_score # 4.9
|
71
80
|
temporal_score = cvss.temporal_score # 3.6
|
72
81
|
environmental_score = cvss.environmental_score # 3.2
|
data/cvss_suite.gemspec
CHANGED
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -22,8 +16,11 @@ Gem::Specification.new do |spec|
|
|
22
16
|
spec.authors = ['0llirocks']
|
23
17
|
|
24
18
|
spec.summary = 'Ruby gem for processing cvss vectors.'
|
25
|
-
spec.description = 'This Ruby gem
|
26
|
-
|
19
|
+
spec.description = 'This Ruby gem calculates the score based on the vector of the
|
20
|
+
Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document)
|
21
|
+
in version 4.0, 3.1, 3.0 and 2.'
|
22
|
+
|
23
|
+
spec.homepage = 'https://cvss-suite.0lli.rocks'
|
27
24
|
|
28
25
|
spec.metadata = {
|
29
26
|
'bug_tracker_uri' => 'https://github.com/0llirocks/cvss-suite/issues',
|
@@ -40,8 +37,9 @@ Besides calculating the Base, Temporal and Environmental Score, you are able to
|
|
40
37
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
41
38
|
spec.require_paths = ['lib']
|
42
39
|
|
43
|
-
spec.add_development_dependency 'bundler', '
|
40
|
+
spec.add_development_dependency 'bundler', '2.4.22'
|
44
41
|
spec.add_development_dependency 'rspec', '~> 3.4'
|
45
42
|
spec.add_development_dependency 'rspec-its', '~> 1.2'
|
43
|
+
spec.add_development_dependency 'rubocop', '1.50.2'
|
46
44
|
spec.add_development_dependency 'simplecov', '~> 0.18'
|
47
45
|
end
|
data/lib/cvss_suite/cvss.rb
CHANGED
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022-2023 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -15,7 +9,7 @@ module CvssSuite
|
|
15
9
|
class Cvss
|
16
10
|
##
|
17
11
|
# Metric of a CVSS vector.
|
18
|
-
attr_reader :base
|
12
|
+
attr_reader :base
|
19
13
|
|
20
14
|
##
|
21
15
|
# Creates a new CVSS vector by a +vector+.
|
@@ -30,20 +24,6 @@ module CvssSuite
|
|
30
24
|
init_metrics
|
31
25
|
end
|
32
26
|
|
33
|
-
##
|
34
|
-
# Returns if CVSS vector is valid.
|
35
|
-
def valid?
|
36
|
-
if @amount_of_properties >= required_amount_of_properties
|
37
|
-
base = @base.valid?
|
38
|
-
temporal = @base.valid? && @temporal.valid?
|
39
|
-
environmental = @base.valid? && @environmental.valid?
|
40
|
-
full = @base.valid? && @temporal.valid? && @environmental.valid?
|
41
|
-
base || temporal || environmental || full
|
42
|
-
else
|
43
|
-
false
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
27
|
##
|
48
28
|
# Returns the severity of the CVSS vector.
|
49
29
|
def severity
|
@@ -66,16 +46,6 @@ module CvssSuite
|
|
66
46
|
end
|
67
47
|
end
|
68
48
|
|
69
|
-
##
|
70
|
-
# Returns the Overall Score of the CVSS vector.
|
71
|
-
def overall_score
|
72
|
-
check_validity
|
73
|
-
return temporal_score if @temporal.valid? && !@environmental.valid?
|
74
|
-
return environmental_score if @environmental.valid?
|
75
|
-
|
76
|
-
base_score
|
77
|
-
end
|
78
|
-
|
79
49
|
##
|
80
50
|
# Returns the vector itself.
|
81
51
|
def vector
|
@@ -1,15 +1,9 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
12
|
-
require_relative '../
|
6
|
+
require_relative '../cvss_31_and_before'
|
13
7
|
require_relative 'cvss2_base'
|
14
8
|
require_relative 'cvss2_temporal'
|
15
9
|
require_relative 'cvss2_environmental'
|
@@ -17,7 +11,7 @@ require_relative 'cvss2_environmental'
|
|
17
11
|
module CvssSuite
|
18
12
|
##
|
19
13
|
# This class represents a CVSS vector in version 2.
|
20
|
-
class Cvss2 <
|
14
|
+
class Cvss2 < Cvss31AndBefore
|
21
15
|
##
|
22
16
|
# Returns the Version of the CVSS vector.
|
23
17
|
def version
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -1,15 +1,9 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022-2023 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
12
|
-
require_relative '../
|
6
|
+
require_relative '../cvss_31_and_before'
|
13
7
|
require_relative 'cvss3_base'
|
14
8
|
require_relative 'cvss3_temporal'
|
15
9
|
require_relative 'cvss3_environmental'
|
@@ -17,7 +11,7 @@ require_relative 'cvss3_environmental'
|
|
17
11
|
module CvssSuite
|
18
12
|
##
|
19
13
|
# This class represents a CVSS vector in version 3.0.
|
20
|
-
class Cvss3 <
|
14
|
+
class Cvss3 < Cvss31AndBefore
|
21
15
|
##
|
22
16
|
# Returns the Version of the CVSS vector.
|
23
17
|
def version
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -1,15 +1,9 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2019-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022-2023 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
12
|
-
require_relative '../
|
6
|
+
require_relative '../cvss_31_and_before'
|
13
7
|
require_relative 'cvss31_base'
|
14
8
|
require_relative 'cvss31_temporal'
|
15
9
|
require_relative 'cvss31_environmental'
|
@@ -18,7 +12,7 @@ require_relative '../helpers/cvss31_helper'
|
|
18
12
|
module CvssSuite
|
19
13
|
##
|
20
14
|
# This class represents a CVSS vector in version 3.1.
|
21
|
-
class Cvss31 <
|
15
|
+
class Cvss31 < Cvss31AndBefore
|
22
16
|
##
|
23
17
|
# Returns the Version of the CVSS vector.
|
24
18
|
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2019-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2019-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2019-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
|
+
#
|
3
|
+
# This work is licensed under the terms of the MIT license.
|
4
|
+
# See the LICENSE.md file in the top-level directory.
|
5
|
+
|
6
|
+
require_relative '../cvss_40_and_later'
|
7
|
+
require_relative 'cvss40_base'
|
8
|
+
require_relative 'cvss40_supplemental'
|
9
|
+
require_relative 'cvss40_threat'
|
10
|
+
require_relative 'cvss40_environmental'
|
11
|
+
require_relative 'cvss40_environmental_security'
|
12
|
+
require_relative 'cvss40_all_up'
|
13
|
+
|
14
|
+
module CvssSuite
|
15
|
+
##
|
16
|
+
# This class represents a CVSS vector in version 4.0.
|
17
|
+
class Cvss40 < Cvss40AndLater
|
18
|
+
##
|
19
|
+
# Returns the Version of the CVSS vector.
|
20
|
+
|
21
|
+
def version
|
22
|
+
4.0
|
23
|
+
end
|
24
|
+
|
25
|
+
##
|
26
|
+
# Returns the vector itself.
|
27
|
+
def vector
|
28
|
+
"#{CvssSuite::CVSS_VECTOR_BEGINNINGS.find { |beginning| beginning[:version] == version }[:string]}#{@vector}"
|
29
|
+
end
|
30
|
+
|
31
|
+
private
|
32
|
+
|
33
|
+
def init_metrics
|
34
|
+
@base = Cvss40Base.new(@properties)
|
35
|
+
@threat = Cvss40Threat.new(@properties)
|
36
|
+
@environmental = Cvss40Environmental.new(@properties)
|
37
|
+
@environmental_security = Cvss40EnvironmentalSecurity.new(@properties)
|
38
|
+
@supplemental = Cvss40Supplemental.new(@properties)
|
39
|
+
|
40
|
+
@all_up = Cvss40AllUp.new(@properties, @base, @threat, @environmental, @environmental_security, @supplemental)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
|
+
#
|
3
|
+
# This work is licensed under the terms of the MIT license.
|
4
|
+
# See the LICENSE.md file in the top-level directory.
|
5
|
+
|
6
|
+
require_relative '../cvss_property'
|
7
|
+
require_relative '../cvss_metric'
|
8
|
+
require_relative 'cvss40_base'
|
9
|
+
require_relative 'cvss40_threat'
|
10
|
+
|
11
|
+
module CvssSuite
|
12
|
+
##
|
13
|
+
# This class represents a CVSS Threat metric in version 3.1.
|
14
|
+
class Cvss40AllUp < CvssMetric
|
15
|
+
##
|
16
|
+
# Returns score of this metric
|
17
|
+
def score
|
18
|
+
Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
|
19
|
+
end
|
20
|
+
|
21
|
+
def initialize(properties, base, threat, environmental, environmental_security, supplemental)
|
22
|
+
@properties_to_later_initialize_from = properties
|
23
|
+
@base = base
|
24
|
+
@threat = threat
|
25
|
+
@environmental = environmental
|
26
|
+
@environmental_security = environmental_security
|
27
|
+
@supplemental = supplemental
|
28
|
+
super(properties)
|
29
|
+
end
|
30
|
+
|
31
|
+
private
|
32
|
+
|
33
|
+
def init_properties
|
34
|
+
# All up takes it's properties from all other scores
|
35
|
+
properties_to_add = @base.properties + @threat.properties + @environmental.properties +
|
36
|
+
@environmental_security.properties + @supplemental.properties
|
37
|
+
properties_to_add.each { |p| @properties.push p }
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|