cvss-suite 3.2.1 → 3.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGES.md +8 -0
- data/CODE_OF_CONDUCT.md +0 -12
- data/LICENSE.md +9 -8
- data/lib/cvss_suite/cvss_31_and_before.rb +16 -5
- data/lib/cvss_suite/cvss_metric.rb +1 -1
- data/lib/cvss_suite/cvss_property.rb +12 -1
- data/lib/cvss_suite/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b7e95421f7d73fac437b3d59723213cf49773ee08ea56d07b7ac187ef6ec37c1
|
|
4
|
+
data.tar.gz: 85d0b31cd41e67461d507498675cd63b25f6740f3f7eff18c3c6b08dce647d40
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1b210dd4db1a4b43259689fb35aaf9678c1a25272174136fb37cad9ae825f3a012c6a0dd60f98cbb2e729b0f35dffcfce840f5682ff1f3206df89276aa79af90
|
|
7
|
+
data.tar.gz: 0273cd45cfb5a59022e19479eef9807a2c12b46fc858c9406c9c13e96fa0689e395fde1550f9228edda30cd6614e5823f28bfda995898349d3c5943bfa969fa9
|
data/CHANGES.md
CHANGED
|
@@ -2,6 +2,14 @@
|
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
|
|
5
|
+
## [3.2.2] - 2024-08-04
|
|
6
|
+
|
|
7
|
+
### Fixes
|
|
8
|
+
* Add extra CVSS vector validations for 3.1 and lower. Fixes [#41](https://github.com/0llirocks/cvss-suite/issues/41)
|
|
9
|
+
|
|
10
|
+
### Notes
|
|
11
|
+
* An invalid value like E:R (R doesn't exists) now counts as invalid, resulting in an invalid vector. In <= 3.2.1 an invalid value would be ignored/counted as default value.
|
|
12
|
+
|
|
5
13
|
## [3.2.1] - 2024-05-25
|
|
6
14
|
|
|
7
15
|
### Fixes
|
data/CODE_OF_CONDUCT.md
CHANGED
|
@@ -1,17 +1,5 @@
|
|
|
1
1
|
CVSS-Suite, a Ruby gem to manage the CVSS vector
|
|
2
2
|
|
|
3
|
-
Copyright (c) 2016-2022 Siemens AG
|
|
4
|
-
Copyright (c) 2022-2024 0llirocks
|
|
5
|
-
|
|
6
|
-
Author: 0llirocks <https://github.com/0llirocks>
|
|
7
|
-
|
|
8
|
-
Contributors:
|
|
9
|
-
Florian Wininger <https://github.com/fwininger>
|
|
10
|
-
Adam David <https://github.com/adamrdavid>
|
|
11
|
-
Alexandre Zanni <https://github.com/noraj>
|
|
12
|
-
joePedantic <https://github.com/joePedantic>
|
|
13
|
-
Brandyn Phelps <https://github.com/brphelps>
|
|
14
|
-
|
|
15
3
|
This work is licensed under the terms of the MIT license.
|
|
16
4
|
See the LICENSE.md file in the top-level directory.
|
|
17
5
|
|
data/LICENSE.md
CHANGED
|
@@ -1,16 +1,17 @@
|
|
|
1
1
|
The MIT License (MIT)
|
|
2
2
|
|
|
3
|
-
Copyright (c) 2016-2022 Siemens AG
|
|
3
|
+
Copyright (c) 2016-2022 Siemens AG\
|
|
4
4
|
Copyright (c) 2022-2024 0llirocks
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
|
|
6
|
+
Author: 0llirocks <https://github.com/0llirocks>
|
|
7
|
+
|
|
8
8
|
Contributors:
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
9
|
+
- Florian Wininger <https://github.com/fwininger>
|
|
10
|
+
- Adam David <https://github.com/adamrdavid>
|
|
11
|
+
- Alexandre Zanni <https://github.com/noraj>
|
|
12
|
+
- joePedantic <https://github.com/joePedantic>
|
|
13
|
+
- Brandyn Phelps <https://github.com/brphelps>
|
|
14
|
+
- Karim ElGhandour <https://github.com/kghandour>
|
|
14
15
|
|
|
15
16
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
16
17
|
this software and associated documentation files (the "Software"), to deal in
|
|
@@ -27,11 +27,10 @@ module CvssSuite
|
|
|
27
27
|
# Returns if CVSS vector is valid.
|
|
28
28
|
def valid?
|
|
29
29
|
if @amount_of_properties >= required_amount_of_properties
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
base || temporal || environmental || full
|
|
30
|
+
entered_keys = @properties.collect { |p| p[:name] }
|
|
31
|
+
return false if (entered_keys - allowed_abbreviations).size.positive?
|
|
32
|
+
|
|
33
|
+
check_metrics_validity
|
|
35
34
|
else
|
|
36
35
|
false
|
|
37
36
|
end
|
|
@@ -46,5 +45,17 @@ module CvssSuite
|
|
|
46
45
|
|
|
47
46
|
base_score
|
|
48
47
|
end
|
|
48
|
+
|
|
49
|
+
private
|
|
50
|
+
|
|
51
|
+
def allowed_abbreviations
|
|
52
|
+
@base.properties.collect(&:abbreviation) +
|
|
53
|
+
@temporal.properties.collect(&:abbreviation) +
|
|
54
|
+
@environmental.properties.collect(&:abbreviation)
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def check_metrics_validity
|
|
58
|
+
@base.valid? && @temporal&.valid? && @environmental&.valid?
|
|
59
|
+
end
|
|
49
60
|
end
|
|
50
61
|
end
|
|
@@ -58,7 +58,7 @@ module CvssSuite
|
|
|
58
58
|
# Returns true if the property is valid.
|
|
59
59
|
|
|
60
60
|
def valid?
|
|
61
|
-
!@selected_value.nil?
|
|
61
|
+
!@selected_value.nil? && @property[:values].map { |p| p[:abbreviation] }.include?(@selected_value[:abbreviation])
|
|
62
62
|
end
|
|
63
63
|
|
|
64
64
|
##
|
|
@@ -76,6 +76,9 @@ module CvssSuite
|
|
|
76
76
|
value[:selected] = selected_value.eql?(value[:abbreviation])
|
|
77
77
|
end
|
|
78
78
|
@selected_value = values.detect { |value| value[:selected] }
|
|
79
|
+
return unless @selected_value.nil?
|
|
80
|
+
|
|
81
|
+
@selected_value = { abbreviation: selected_value }
|
|
79
82
|
end
|
|
80
83
|
|
|
81
84
|
##
|
|
@@ -84,8 +87,16 @@ module CvssSuite
|
|
|
84
87
|
def set_default_value
|
|
85
88
|
values.each do |value|
|
|
86
89
|
value[:selected] = value[:abbreviation].eql?('X')
|
|
90
|
+
value[:selected] ||= value[:abbreviation].eql?('ND')
|
|
87
91
|
end
|
|
88
92
|
@selected_value = values.detect { |value| value[:selected] }
|
|
89
93
|
end
|
|
94
|
+
|
|
95
|
+
##
|
|
96
|
+
# Returns whether a selected_value is set
|
|
97
|
+
|
|
98
|
+
def non_selected?
|
|
99
|
+
@selected_value.nil?
|
|
100
|
+
end
|
|
90
101
|
end
|
|
91
102
|
end
|
data/lib/cvss_suite/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cvss-suite
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.2.
|
|
4
|
+
version: 3.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0llirocks
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-08-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -150,7 +150,7 @@ licenses:
|
|
|
150
150
|
metadata:
|
|
151
151
|
bug_tracker_uri: https://github.com/0llirocks/cvss-suite/issues
|
|
152
152
|
changelog_uri: https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md
|
|
153
|
-
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/3.2.
|
|
153
|
+
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/3.2.2
|
|
154
154
|
homepage_uri: https://cvss-suite.0lli.rocks
|
|
155
155
|
source_code_uri: https://github.com/0llirocks/cvss-suite
|
|
156
156
|
post_install_message:
|