cvss-suite 3.2.0 → 3.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGES.md +13 -0
- data/CODE_OF_CONDUCT.md +0 -12
- data/LICENSE.md +9 -8
- data/cvss_suite.gemspec +1 -0
- data/lib/cvss_suite/cvss40/cvss40_calc_helper.rb +9 -1
- data/lib/cvss_suite/cvss_31_and_before.rb +16 -5
- data/lib/cvss_suite/cvss_metric.rb +1 -1
- data/lib/cvss_suite/cvss_property.rb +12 -1
- data/lib/cvss_suite/version.rb +1 -1
- data/lib/cvss_suite.rb +0 -1
- metadata +4 -4
- data/lib/cvss_suite/extensions/string.rb +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b7e95421f7d73fac437b3d59723213cf49773ee08ea56d07b7ac187ef6ec37c1
|
|
4
|
+
data.tar.gz: 85d0b31cd41e67461d507498675cd63b25f6740f3f7eff18c3c6b08dce647d40
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1b210dd4db1a4b43259689fb35aaf9678c1a25272174136fb37cad9ae825f3a012c6a0dd60f98cbb2e729b0f35dffcfce840f5682ff1f3206df89276aa79af90
|
|
7
|
+
data.tar.gz: 0273cd45cfb5a59022e19479eef9807a2c12b46fc858c9406c9c13e96fa0689e395fde1550f9228edda30cd6614e5823f28bfda995898349d3c5943bfa969fa9
|
data/CHANGES.md
CHANGED
|
@@ -2,6 +2,19 @@
|
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
|
|
5
|
+
## [3.2.2] - 2024-08-04
|
|
6
|
+
|
|
7
|
+
### Fixes
|
|
8
|
+
* Add extra CVSS vector validations for 3.1 and lower. Fixes [#41](https://github.com/0llirocks/cvss-suite/issues/41)
|
|
9
|
+
|
|
10
|
+
### Notes
|
|
11
|
+
* An invalid value like E:R (R doesn't exists) now counts as invalid, resulting in an invalid vector. In <= 3.2.1 an invalid value would be ignored/counted as default value.
|
|
12
|
+
|
|
13
|
+
## [3.2.1] - 2024-05-25
|
|
14
|
+
|
|
15
|
+
### Fixes
|
|
16
|
+
* String.truncate method in Rails gets overwritten. Fixes [#39](https://github.com/0llirocks/cvss-suite/issues/39)
|
|
17
|
+
|
|
5
18
|
## [3.2.0] - 2024-05-04
|
|
6
19
|
|
|
7
20
|
### Improvements
|
data/CODE_OF_CONDUCT.md
CHANGED
|
@@ -1,17 +1,5 @@
|
|
|
1
1
|
CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
|
|
3
|
-
Copyright (c) 2016-2022 Siemens AG
|
|
4
|
-
Copyright (c) 2022-2024 0llirocks
|
|
5
|
-
|
|
6
|
-
Author: 0llirocks <https://github.com/0llirocks>
|
|
7
|
-
|
|
8
|
-
Contributors:
|
|
9
|
-
Florian Wininger <https://github.com/fwininger>
|
|
10
|
-
Adam David <https://github.com/adamrdavid>
|
|
11
|
-
Alexandre Zanni <https://github.com/noraj>
|
|
12
|
-
joePedantic <https://github.com/joePedantic>
|
|
13
|
-
Brandyn Phelps <https://github.com/brphelps>
|
|
14
|
-
|
|
15
3
|
This work is licensed under the terms of the MIT license.
|
|
16
4
|
See the LICENSE.md file in the top-level directory.
|
|
17
5
|
|
data/LICENSE.md
CHANGED
|
@@ -1,16 +1,17 @@
|
|
|
1
1
|
The MIT License (MIT)
|
|
2
2
|
|
|
3
|
-
Copyright (c) 2016-2022 Siemens AG
|
|
3
|
+
Copyright (c) 2016-2022 Siemens AG\
|
|
4
4
|
Copyright (c) 2022-2024 0llirocks
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
|
|
6
|
+
Author: 0llirocks <https://github.com/0llirocks>
|
|
7
|
+
|
|
8
8
|
Contributors:
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
9
|
+
- Florian Wininger <https://github.com/fwininger>
|
|
10
|
+
- Adam David <https://github.com/adamrdavid>
|
|
11
|
+
- Alexandre Zanni <https://github.com/noraj>
|
|
12
|
+
- joePedantic <https://github.com/joePedantic>
|
|
13
|
+
- Brandyn Phelps <https://github.com/brphelps>
|
|
14
|
+
- Karim ElGhandour <https://github.com/kghandour>
|
|
14
15
|
|
|
15
16
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
16
17
|
this software and associated documentation files (the "Software"), to deal in
|
data/cvss_suite.gemspec
CHANGED
|
@@ -26,6 +26,7 @@ in version 4.0, 3.1, 3.0 and 2.'
|
|
|
26
26
|
'bug_tracker_uri' => 'https://github.com/0llirocks/cvss-suite/issues',
|
|
27
27
|
'changelog_uri' => 'https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md',
|
|
28
28
|
'documentation_uri' => "https://www.rubydoc.info/gems/cvss-suite/#{CvssSuite::VERSION}",
|
|
29
|
+
'homepage_uri' => 'https://cvss-suite.0lli.rocks',
|
|
29
30
|
'source_code_uri' => 'https://github.com/0llirocks/cvss-suite'
|
|
30
31
|
}
|
|
31
32
|
|
|
@@ -377,7 +377,7 @@ module CvssSuite
|
|
|
377
377
|
# remove what follow
|
|
378
378
|
if extracted.index('/').positive?
|
|
379
379
|
index_to_drop_after = extracted.index('/') - 1
|
|
380
|
-
metric_val =
|
|
380
|
+
metric_val = truncate(extracted, index_to_drop_after)
|
|
381
381
|
elsif extracted
|
|
382
382
|
metric_val = extracted
|
|
383
383
|
# case where it is the last metric so no ending /
|
|
@@ -385,5 +385,13 @@ module CvssSuite
|
|
|
385
385
|
|
|
386
386
|
metric_val
|
|
387
387
|
end
|
|
388
|
+
|
|
389
|
+
# rails defines this method on String, so we need to avoid polluting the
|
|
390
|
+
# String class to preserve Rails behavior.
|
|
391
|
+
def truncate(string_to_truncate, truncate_to)
|
|
392
|
+
return string_to_truncate.dup unless string_to_truncate.length > truncate_to
|
|
393
|
+
|
|
394
|
+
(string_to_truncate[0, truncate_to + 1]).to_s
|
|
395
|
+
end
|
|
388
396
|
end
|
|
389
397
|
end
|
|
@@ -27,11 +27,10 @@ module CvssSuite
|
|
|
27
27
|
# Returns if CVSS vector is valid.
|
|
28
28
|
def valid?
|
|
29
29
|
if @amount_of_properties >= required_amount_of_properties
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
base || temporal || environmental || full
|
|
30
|
+
entered_keys = @properties.collect { |p| p[:name] }
|
|
31
|
+
return false if (entered_keys - allowed_abbreviations).size.positive?
|
|
32
|
+
|
|
33
|
+
check_metrics_validity
|
|
35
34
|
else
|
|
36
35
|
false
|
|
37
36
|
end
|
|
@@ -46,5 +45,17 @@ module CvssSuite
|
|
|
46
45
|
|
|
47
46
|
base_score
|
|
48
47
|
end
|
|
48
|
+
|
|
49
|
+
private
|
|
50
|
+
|
|
51
|
+
def allowed_abbreviations
|
|
52
|
+
@base.properties.collect(&:abbreviation) +
|
|
53
|
+
@temporal.properties.collect(&:abbreviation) +
|
|
54
|
+
@environmental.properties.collect(&:abbreviation)
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def check_metrics_validity
|
|
58
|
+
@base.valid? && @temporal&.valid? && @environmental&.valid?
|
|
59
|
+
end
|
|
49
60
|
end
|
|
50
61
|
end
|
|
@@ -58,7 +58,7 @@ module CvssSuite
|
|
|
58
58
|
# Returns true if the property is valid.
|
|
59
59
|
|
|
60
60
|
def valid?
|
|
61
|
-
!@selected_value.nil?
|
|
61
|
+
!@selected_value.nil? && @property[:values].map { |p| p[:abbreviation] }.include?(@selected_value[:abbreviation])
|
|
62
62
|
end
|
|
63
63
|
|
|
64
64
|
##
|
|
@@ -76,6 +76,9 @@ module CvssSuite
|
|
|
76
76
|
value[:selected] = selected_value.eql?(value[:abbreviation])
|
|
77
77
|
end
|
|
78
78
|
@selected_value = values.detect { |value| value[:selected] }
|
|
79
|
+
return unless @selected_value.nil?
|
|
80
|
+
|
|
81
|
+
@selected_value = { abbreviation: selected_value }
|
|
79
82
|
end
|
|
80
83
|
|
|
81
84
|
##
|
|
@@ -84,8 +87,16 @@ module CvssSuite
|
|
|
84
87
|
def set_default_value
|
|
85
88
|
values.each do |value|
|
|
86
89
|
value[:selected] = value[:abbreviation].eql?('X')
|
|
90
|
+
value[:selected] ||= value[:abbreviation].eql?('ND')
|
|
87
91
|
end
|
|
88
92
|
@selected_value = values.detect { |value| value[:selected] }
|
|
89
93
|
end
|
|
94
|
+
|
|
95
|
+
##
|
|
96
|
+
# Returns whether a selected_value is set
|
|
97
|
+
|
|
98
|
+
def non_selected?
|
|
99
|
+
@selected_value.nil?
|
|
100
|
+
end
|
|
90
101
|
end
|
|
91
102
|
end
|
data/lib/cvss_suite/version.rb
CHANGED
data/lib/cvss_suite.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cvss-suite
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.2.
|
|
4
|
+
version: 3.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0llirocks
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-08-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -140,7 +140,6 @@ files:
|
|
|
140
140
|
- lib/cvss_suite/cvss_metric.rb
|
|
141
141
|
- lib/cvss_suite/cvss_property.rb
|
|
142
142
|
- lib/cvss_suite/errors.rb
|
|
143
|
-
- lib/cvss_suite/extensions/string.rb
|
|
144
143
|
- lib/cvss_suite/helpers/cvss31_helper.rb
|
|
145
144
|
- lib/cvss_suite/helpers/cvss3_helper.rb
|
|
146
145
|
- lib/cvss_suite/invalid_cvss.rb
|
|
@@ -151,7 +150,8 @@ licenses:
|
|
|
151
150
|
metadata:
|
|
152
151
|
bug_tracker_uri: https://github.com/0llirocks/cvss-suite/issues
|
|
153
152
|
changelog_uri: https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md
|
|
154
|
-
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/3.2.
|
|
153
|
+
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/3.2.2
|
|
154
|
+
homepage_uri: https://cvss-suite.0lli.rocks
|
|
155
155
|
source_code_uri: https://github.com/0llirocks/cvss-suite
|
|
156
156
|
post_install_message:
|
|
157
157
|
rdoc_options: []
|