cvss-suite 3.2.2 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rspec +1 -0
- data/CHANGES.md +11 -0
- data/LICENSE.md +1 -0
- data/lib/cvss_suite/cvss40/cvss40_all_up.rb +1 -1
- data/lib/cvss_suite/cvss40/cvss40_base.rb +0 -6
- data/lib/cvss_suite/cvss40/cvss40_calc_helper.rb +1 -1
- data/lib/cvss_suite/cvss40/cvss40_environmental.rb +0 -6
- data/lib/cvss_suite/cvss40/cvss40_environmental_security.rb +0 -6
- data/lib/cvss_suite/cvss40/cvss40_supplemental.rb +0 -8
- data/lib/cvss_suite/cvss40/cvss40_threat.rb +0 -6
- data/lib/cvss_suite/cvss_40_and_later.rb +8 -2
- data/lib/cvss_suite/version.rb +1 -1
- data/lib/cvss_suite.rb +6 -1
- metadata +4 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a98ea207abe8f8db3eebbf32c5a456adde2609fa7af6356c081d38a1e339b6a3
|
|
4
|
+
data.tar.gz: 1fef95f8f7fe6cbd43f2e2002b71eb52d78220a9f18d580e3f032961312f12e9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4656cf5eb77bc4fd7b73e55a2fd52a10af66e03d1538fc4648a97b199c38607576d41f79276ef610632a3de91b12335ccbcafaedf09440892e1c95802ff3e8b5
|
|
7
|
+
data.tar.gz: 16e273bd0b0f731f406aed50260cc565f54c6092e9d72e25675e489cc4924fc01b346ba7c2aac48da600db18910c30ed831d4e4eb98c099d79edcbba1135f3cf
|
data/.rspec
CHANGED
data/CHANGES.md
CHANGED
|
@@ -2,6 +2,17 @@
|
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
|
|
5
|
+
## [4.0.0] - 2024-08-31
|
|
6
|
+
|
|
7
|
+
### Breaking Changes
|
|
8
|
+
* Removed score method for all CVSS 4.0 metrics. Since CVSS 4.0 only has one score, it doesn't make sense for each metric to return a separate score. See [#46](https://github.com/0llirocks/cvss-suite/issues/46) for more information.
|
|
9
|
+
|
|
10
|
+
## [3.3.0] - 2024-08-31
|
|
11
|
+
|
|
12
|
+
### Improvements
|
|
13
|
+
* Prepare support for ruby 3.4. Closes [#44](https://github.com/0llirocks/cvss-suite/issues/44). Many thanks to @HParker for adding this feature.
|
|
14
|
+
* Add score method for CVSS 4.0 and later as an alias for overall_score.
|
|
15
|
+
|
|
5
16
|
## [3.2.2] - 2024-08-04
|
|
6
17
|
|
|
7
18
|
### Fixes
|
data/LICENSE.md
CHANGED
|
@@ -12,6 +12,7 @@ Contributors:
|
|
|
12
12
|
- joePedantic <https://github.com/joePedantic>
|
|
13
13
|
- Brandyn Phelps <https://github.com/brphelps>
|
|
14
14
|
- Karim ElGhandour <https://github.com/kghandour>
|
|
15
|
+
- Adam Hess <https://github.com/HParker>
|
|
15
16
|
|
|
16
17
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
17
18
|
this software and associated documentation files (the "Software"), to deal in
|
|
@@ -10,7 +10,7 @@ require_relative 'cvss40_threat'
|
|
|
10
10
|
|
|
11
11
|
module CvssSuite
|
|
12
12
|
##
|
|
13
|
-
# This class represents
|
|
13
|
+
# This class represents all CVSS metrics combined in version 4.0.
|
|
14
14
|
class Cvss40AllUp < CvssMetric
|
|
15
15
|
##
|
|
16
16
|
# Returns score of this metric
|
|
@@ -18,12 +18,6 @@ module CvssSuite
|
|
|
18
18
|
:vulnerable_system_confidentiality, :vulnerable_system_integrity, :vulnerable_system_availability,
|
|
19
19
|
:subsequent_system_confidentiality, :subsequent_system_integrity, :subsequent_system_availability
|
|
20
20
|
|
|
21
|
-
##
|
|
22
|
-
# Returns score of this metric
|
|
23
|
-
def score
|
|
24
|
-
Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
|
|
25
|
-
end
|
|
26
|
-
|
|
27
21
|
private
|
|
28
22
|
|
|
29
23
|
def init_properties
|
|
@@ -351,7 +351,7 @@ module CvssSuite
|
|
|
351
351
|
end
|
|
352
352
|
|
|
353
353
|
def concat_and_stringify(first, second, third, fourth, fifth, sixth)
|
|
354
|
-
|
|
354
|
+
String.new.concat(first.to_s, second.to_s, third.to_s, fourth.to_s, fifth.to_s, sixth.to_s)
|
|
355
355
|
end
|
|
356
356
|
|
|
357
357
|
def sum_or_nil(values)
|
|
@@ -18,12 +18,6 @@ module CvssSuite
|
|
|
18
18
|
:modified_subsequent_system_confidentiality, :modified_subsequent_system_integrity,
|
|
19
19
|
:modified_subsequent_system_availability
|
|
20
20
|
|
|
21
|
-
##
|
|
22
|
-
# Returns score of this metric
|
|
23
|
-
def score
|
|
24
|
-
Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
|
|
25
|
-
end
|
|
26
|
-
|
|
27
21
|
private
|
|
28
22
|
|
|
29
23
|
def init_properties
|
|
@@ -14,12 +14,6 @@ module CvssSuite
|
|
|
14
14
|
# Property of this metric
|
|
15
15
|
attr_reader :confidentiality_requirements, :integrity_requirements, :availability_requirements
|
|
16
16
|
|
|
17
|
-
##
|
|
18
|
-
# Returns score of this metric
|
|
19
|
-
def score
|
|
20
|
-
Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
|
|
21
|
-
end
|
|
22
|
-
|
|
23
17
|
private
|
|
24
18
|
|
|
25
19
|
def init_properties
|
|
@@ -15,14 +15,6 @@ module CvssSuite
|
|
|
15
15
|
attr_reader :safety, :automatable, :recovery, :value_density,
|
|
16
16
|
:vulnerability_response_effort, :provider_urgency
|
|
17
17
|
|
|
18
|
-
##
|
|
19
|
-
# Returns score of this metric
|
|
20
|
-
def score
|
|
21
|
-
return 1.0 unless valid?
|
|
22
|
-
|
|
23
|
-
@exploit_code_maturity.score * @remediation_level.score * @report_confidence.score
|
|
24
|
-
end
|
|
25
|
-
|
|
26
18
|
private
|
|
27
19
|
|
|
28
20
|
def init_properties
|
|
@@ -14,12 +14,6 @@ module CvssSuite
|
|
|
14
14
|
# Property of this metric
|
|
15
15
|
attr_reader :exploit_maturity
|
|
16
16
|
|
|
17
|
-
##
|
|
18
|
-
# Returns score of this metric
|
|
19
|
-
def score
|
|
20
|
-
Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
|
|
21
|
-
end
|
|
22
|
-
|
|
23
17
|
private
|
|
24
18
|
|
|
25
19
|
def init_properties
|
|
@@ -10,8 +10,8 @@ module CvssSuite
|
|
|
10
10
|
# This class represents any CVSS vector. Do not instantiate this class!
|
|
11
11
|
class Cvss40AndLater < Cvss
|
|
12
12
|
##
|
|
13
|
-
# Metric of a CVSS vector for CVSS
|
|
14
|
-
attr_reader :
|
|
13
|
+
# Metric of a CVSS vector for CVSS 4.0.
|
|
14
|
+
attr_reader :supplemental, :environmental, :environmental_security, :threat
|
|
15
15
|
|
|
16
16
|
##
|
|
17
17
|
# Creates a new CVSS vector by a +vector+, for all CVSS versions from 4.0.
|
|
@@ -41,5 +41,11 @@ module CvssSuite
|
|
|
41
41
|
|
|
42
42
|
@all_up.score
|
|
43
43
|
end
|
|
44
|
+
|
|
45
|
+
##
|
|
46
|
+
# Alias for overall_score.
|
|
47
|
+
def score
|
|
48
|
+
overall_score
|
|
49
|
+
end
|
|
44
50
|
end
|
|
45
51
|
end
|
data/lib/cvss_suite/version.rb
CHANGED
data/lib/cvss_suite.rb
CHANGED
|
@@ -27,7 +27,12 @@ module CvssSuite
|
|
|
27
27
|
def self.new(vector)
|
|
28
28
|
return InvalidCvss.new unless vector.is_a? String
|
|
29
29
|
|
|
30
|
-
@vector_string = vector
|
|
30
|
+
@vector_string = if vector.frozen?
|
|
31
|
+
vector.dup
|
|
32
|
+
else
|
|
33
|
+
vector
|
|
34
|
+
end
|
|
35
|
+
|
|
31
36
|
case version
|
|
32
37
|
when 2
|
|
33
38
|
Cvss2.new(prepare_vector(@vector_string))
|
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cvss-suite
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0llirocks
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: exe
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date: 2024-08-
|
|
10
|
+
date: 2024-08-31 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: bundler
|
|
@@ -84,7 +83,6 @@ description: |-
|
|
|
84
83
|
This Ruby gem calculates the score based on the vector of the
|
|
85
84
|
Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document)
|
|
86
85
|
in version 4.0, 3.1, 3.0 and 2.
|
|
87
|
-
email:
|
|
88
86
|
executables: []
|
|
89
87
|
extensions: []
|
|
90
88
|
extra_rdoc_files: []
|
|
@@ -150,10 +148,9 @@ licenses:
|
|
|
150
148
|
metadata:
|
|
151
149
|
bug_tracker_uri: https://github.com/0llirocks/cvss-suite/issues
|
|
152
150
|
changelog_uri: https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md
|
|
153
|
-
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/
|
|
151
|
+
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/4.0.0
|
|
154
152
|
homepage_uri: https://cvss-suite.0lli.rocks
|
|
155
153
|
source_code_uri: https://github.com/0llirocks/cvss-suite
|
|
156
|
-
post_install_message:
|
|
157
154
|
rdoc_options: []
|
|
158
155
|
require_paths:
|
|
159
156
|
- lib
|
|
@@ -168,8 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
168
165
|
- !ruby/object:Gem::Version
|
|
169
166
|
version: '0'
|
|
170
167
|
requirements: []
|
|
171
|
-
rubygems_version: 3.0.
|
|
172
|
-
signing_key:
|
|
168
|
+
rubygems_version: 3.6.0.dev
|
|
173
169
|
specification_version: 4
|
|
174
170
|
summary: Ruby gem for processing cvss vectors.
|
|
175
171
|
test_files: []
|