cvss-suite 3.2.2 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b7e95421f7d73fac437b3d59723213cf49773ee08ea56d07b7ac187ef6ec37c1
-  data.tar.gz: 85d0b31cd41e67461d507498675cd63b25f6740f3f7eff18c3c6b08dce647d40
+  metadata.gz: a98ea207abe8f8db3eebbf32c5a456adde2609fa7af6356c081d38a1e339b6a3
+  data.tar.gz: 1fef95f8f7fe6cbd43f2e2002b71eb52d78220a9f18d580e3f032961312f12e9
 SHA512:
-  metadata.gz: 1b210dd4db1a4b43259689fb35aaf9678c1a25272174136fb37cad9ae825f3a012c6a0dd60f98cbb2e729b0f35dffcfce840f5682ff1f3206df89276aa79af90
-  data.tar.gz: 0273cd45cfb5a59022e19479eef9807a2c12b46fc858c9406c9c13e96fa0689e395fde1550f9228edda30cd6614e5823f28bfda995898349d3c5943bfa969fa9
+  metadata.gz: 4656cf5eb77bc4fd7b73e55a2fd52a10af66e03d1538fc4648a97b199c38607576d41f79276ef610632a3de91b12335ccbcafaedf09440892e1c95802ff3e8b5
+  data.tar.gz: 16e273bd0b0f731f406aed50260cc565f54c6092e9d72e25675e489cc4924fc01b346ba7c2aac48da600db18910c30ed831d4e4eb98c099d79edcbba1135f3cf

data/.rspec

@@ -1,2 +1,3 @@
 --format documentation
 --color
+--warning

data/CHANGES.md

@@ -2,6 +2,17 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [4.0.0] - 2024-08-31
+
+### Breaking Changes
+* Removed score method for all CVSS 4.0 metrics. Since CVSS 4.0 only has one score, it doesn't make sense for each metric to return a separate score. See [#46](https://github.com/0llirocks/cvss-suite/issues/46) for more information.
+
+## [3.3.0] - 2024-08-31
+
+### Improvements
+* Prepare support for ruby 3.4. Closes [#44](https://github.com/0llirocks/cvss-suite/issues/44). Many thanks to @HParker for adding this feature.
+* Add score method for CVSS 4.0 and later as an alias for overall_score.
+
 ## [3.2.2] - 2024-08-04
 
 ### Fixes

data/LICENSE.md

@@ -12,6 +12,7 @@ Contributors:
 - joePedantic <https://github.com/joePedantic>
 - Brandyn Phelps <https://github.com/brphelps>
 - Karim ElGhandour <https://github.com/kghandour>
+- Adam Hess <https://github.com/HParker>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

data/lib/cvss_suite/cvss40/cvss40_all_up.rb

@@ -10,7 +10,7 @@ require_relative 'cvss40_threat'
 
 module CvssSuite
   ##
-  # This class represents a CVSS Threat metric in version 3.1.
+  # This class represents all CVSS metrics combined in version 4.0.
   class Cvss40AllUp < CvssMetric
     ##
     # Returns score of this metric

data/lib/cvss_suite/cvss40/cvss40_base.rb

@@ -18,12 +18,6 @@ module CvssSuite
                 :vulnerable_system_confidentiality, :vulnerable_system_integrity, :vulnerable_system_availability,
                 :subsequent_system_confidentiality, :subsequent_system_integrity, :subsequent_system_availability
 
-    ##
-    # Returns score of this metric
-    def score
-      Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
-    end
-
     private
 
     def init_properties

data/lib/cvss_suite/cvss40/cvss40_calc_helper.rb

@@ -351,7 +351,7 @@ module CvssSuite
     end
 
     def concat_and_stringify(first, second, third, fourth, fifth, sixth)
-      ''.concat(first.to_s, second.to_s, third.to_s, fourth.to_s, fifth.to_s, sixth.to_s)
+      String.new.concat(first.to_s, second.to_s, third.to_s, fourth.to_s, fifth.to_s, sixth.to_s)
     end
 
     def sum_or_nil(values)

data/lib/cvss_suite/cvss40/cvss40_environmental.rb

@@ -18,12 +18,6 @@ module CvssSuite
                 :modified_subsequent_system_confidentiality, :modified_subsequent_system_integrity,
                 :modified_subsequent_system_availability
 
-    ##
-    # Returns score of this metric
-    def score
-      Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
-    end
-
     private
 
     def init_properties

data/lib/cvss_suite/cvss40/cvss40_environmental_security.rb

@@ -14,12 +14,6 @@ module CvssSuite
     # Property of this metric
     attr_reader :confidentiality_requirements, :integrity_requirements, :availability_requirements
 
-    ##
-    # Returns score of this metric
-    def score
-      Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
-    end
-
     private
 
     def init_properties

data/lib/cvss_suite/cvss40/cvss40_supplemental.rb

@@ -15,14 +15,6 @@ module CvssSuite
     attr_reader :safety, :automatable, :recovery, :value_density,
                 :vulnerability_response_effort, :provider_urgency
 
-    ##
-    # Returns score of this metric
-    def score
-      return 1.0 unless valid?
-
-      @exploit_code_maturity.score * @remediation_level.score * @report_confidence.score
-    end
-
     private
 
     def init_properties

data/lib/cvss_suite/cvss40/cvss40_threat.rb

@@ -14,12 +14,6 @@ module CvssSuite
     # Property of this metric
     attr_reader :exploit_maturity
 
-    ##
-    # Returns score of this metric
-    def score
-      Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
-    end
-
     private
 
     def init_properties

data/lib/cvss_suite/cvss_40_and_later.rb

@@ -10,8 +10,8 @@ module CvssSuite
   # This class represents any CVSS vector. Do not instantiate this class!
   class Cvss40AndLater < Cvss
     ##
-    # Metric of a CVSS vector for CVSS 2, 3, 3.1.
-    attr_reader :temporal, :environmental
+    # Metric of a CVSS vector for CVSS 4.0.
+    attr_reader :supplemental, :environmental, :environmental_security, :threat
 
     ##
     # Creates a new CVSS vector by a +vector+, for all CVSS versions from 4.0.
@@ -41,5 +41,11 @@ module CvssSuite
 
       @all_up.score
     end
+
+    ##
+    # Alias for overall_score.
+    def score
+      overall_score
+    end
   end
 end

data/lib/cvss_suite/version.rb

@@ -4,5 +4,5 @@
 # See the LICENSE.md file in the top-level directory.
 
 module CvssSuite
-  VERSION = '3.2.2'.freeze
+  VERSION = '4.0.0'.freeze
 end

data/lib/cvss_suite.rb

@@ -27,7 +27,12 @@ module CvssSuite
   def self.new(vector)
     return InvalidCvss.new unless vector.is_a? String
 
-    @vector_string = vector
+    @vector_string = if vector.frozen?
+                       vector.dup
+                     else
+                       vector
+                     end
+
     case version
     when 2
       Cvss2.new(prepare_vector(@vector_string))

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: cvss-suite
 version: !ruby/object:Gem::Version
-  version: 3.2.2
+  version: 4.0.0
 platform: ruby
 authors:
 - 0llirocks
-autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-08-04 00:00:00.000000000 Z
+date: 2024-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -84,7 +83,6 @@ description: |-
   This Ruby gem calculates the score based on the vector of the
   Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document)
   in version 4.0, 3.1, 3.0 and 2.
-email: 
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -150,10 +148,9 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/0llirocks/cvss-suite/issues
   changelog_uri: https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md
-  documentation_uri: https://www.rubydoc.info/gems/cvss-suite/3.2.2
+  documentation_uri: https://www.rubydoc.info/gems/cvss-suite/4.0.0
   homepage_uri: https://cvss-suite.0lli.rocks
   source_code_uri: https://github.com/0llirocks/cvss-suite
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -168,8 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
-signing_key: 
+rubygems_version: 3.6.0.dev
 specification_version: 4
 summary: Ruby gem for processing cvss vectors.
 test_files: []