cvss-suite 3.3.0 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +11 -0
- data/LICENSE.md +1 -0
- data/lib/cvss_suite/cvss40/cvss40_all_up.rb +1 -1
- data/lib/cvss_suite/cvss40/cvss40_base.rb +0 -6
- data/lib/cvss_suite/cvss40/cvss40_environmental.rb +0 -6
- data/lib/cvss_suite/cvss40/cvss40_environmental_security.rb +0 -6
- data/lib/cvss_suite/cvss40/cvss40_supplemental.rb +0 -8
- data/lib/cvss_suite/cvss40/cvss40_threat.rb +0 -6
- data/lib/cvss_suite/cvss_40_and_later.rb +2 -2
- data/lib/cvss_suite/version.rb +1 -1
- metadata +3 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a98ea207abe8f8db3eebbf32c5a456adde2609fa7af6356c081d38a1e339b6a3
|
|
4
|
+
data.tar.gz: 1fef95f8f7fe6cbd43f2e2002b71eb52d78220a9f18d580e3f032961312f12e9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4656cf5eb77bc4fd7b73e55a2fd52a10af66e03d1538fc4648a97b199c38607576d41f79276ef610632a3de91b12335ccbcafaedf09440892e1c95802ff3e8b5
|
|
7
|
+
data.tar.gz: 16e273bd0b0f731f406aed50260cc565f54c6092e9d72e25675e489cc4924fc01b346ba7c2aac48da600db18910c30ed831d4e4eb98c099d79edcbba1135f3cf
|
data/CHANGES.md
CHANGED
|
@@ -2,6 +2,17 @@
|
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
|
|
5
|
+
## [4.0.0] - 2024-08-31
|
|
6
|
+
|
|
7
|
+
### Breaking Changes
|
|
8
|
+
* Removed score method for all CVSS 4.0 metrics. Since CVSS 4.0 only has one score, it doesn't make sense for each metric to return a separate score. See [#46](https://github.com/0llirocks/cvss-suite/issues/46) for more information.
|
|
9
|
+
|
|
10
|
+
## [3.3.0] - 2024-08-31
|
|
11
|
+
|
|
12
|
+
### Improvements
|
|
13
|
+
* Prepare support for ruby 3.4. Closes [#44](https://github.com/0llirocks/cvss-suite/issues/44). Many thanks to @HParker for adding this feature.
|
|
14
|
+
* Add score method for CVSS 4.0 and later as an alias for overall_score.
|
|
15
|
+
|
|
5
16
|
## [3.2.2] - 2024-08-04
|
|
6
17
|
|
|
7
18
|
### Fixes
|
data/LICENSE.md
CHANGED
|
@@ -12,6 +12,7 @@ Contributors:
|
|
|
12
12
|
- joePedantic <https://github.com/joePedantic>
|
|
13
13
|
- Brandyn Phelps <https://github.com/brphelps>
|
|
14
14
|
- Karim ElGhandour <https://github.com/kghandour>
|
|
15
|
+
- Adam Hess <https://github.com/HParker>
|
|
15
16
|
|
|
16
17
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
17
18
|
this software and associated documentation files (the "Software"), to deal in
|
|
@@ -10,7 +10,7 @@ require_relative 'cvss40_threat'
|
|
|
10
10
|
|
|
11
11
|
module CvssSuite
|
|
12
12
|
##
|
|
13
|
-
# This class represents
|
|
13
|
+
# This class represents all CVSS metrics combined in version 4.0.
|
|
14
14
|
class Cvss40AllUp < CvssMetric
|
|
15
15
|
##
|
|
16
16
|
# Returns score of this metric
|
|
@@ -18,12 +18,6 @@ module CvssSuite
|
|
|
18
18
|
:vulnerable_system_confidentiality, :vulnerable_system_integrity, :vulnerable_system_availability,
|
|
19
19
|
:subsequent_system_confidentiality, :subsequent_system_integrity, :subsequent_system_availability
|
|
20
20
|
|
|
21
|
-
##
|
|
22
|
-
# Returns score of this metric
|
|
23
|
-
def score
|
|
24
|
-
Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
|
|
25
|
-
end
|
|
26
|
-
|
|
27
21
|
private
|
|
28
22
|
|
|
29
23
|
def init_properties
|
|
@@ -18,12 +18,6 @@ module CvssSuite
|
|
|
18
18
|
:modified_subsequent_system_confidentiality, :modified_subsequent_system_integrity,
|
|
19
19
|
:modified_subsequent_system_availability
|
|
20
20
|
|
|
21
|
-
##
|
|
22
|
-
# Returns score of this metric
|
|
23
|
-
def score
|
|
24
|
-
Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
|
|
25
|
-
end
|
|
26
|
-
|
|
27
21
|
private
|
|
28
22
|
|
|
29
23
|
def init_properties
|
|
@@ -14,12 +14,6 @@ module CvssSuite
|
|
|
14
14
|
# Property of this metric
|
|
15
15
|
attr_reader :confidentiality_requirements, :integrity_requirements, :availability_requirements
|
|
16
16
|
|
|
17
|
-
##
|
|
18
|
-
# Returns score of this metric
|
|
19
|
-
def score
|
|
20
|
-
Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
|
|
21
|
-
end
|
|
22
|
-
|
|
23
17
|
private
|
|
24
18
|
|
|
25
19
|
def init_properties
|
|
@@ -15,14 +15,6 @@ module CvssSuite
|
|
|
15
15
|
attr_reader :safety, :automatable, :recovery, :value_density,
|
|
16
16
|
:vulnerability_response_effort, :provider_urgency
|
|
17
17
|
|
|
18
|
-
##
|
|
19
|
-
# Returns score of this metric
|
|
20
|
-
def score
|
|
21
|
-
return 1.0 unless valid?
|
|
22
|
-
|
|
23
|
-
@exploit_code_maturity.score * @remediation_level.score * @report_confidence.score
|
|
24
|
-
end
|
|
25
|
-
|
|
26
18
|
private
|
|
27
19
|
|
|
28
20
|
def init_properties
|
|
@@ -14,12 +14,6 @@ module CvssSuite
|
|
|
14
14
|
# Property of this metric
|
|
15
15
|
attr_reader :exploit_maturity
|
|
16
16
|
|
|
17
|
-
##
|
|
18
|
-
# Returns score of this metric
|
|
19
|
-
def score
|
|
20
|
-
Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
|
|
21
|
-
end
|
|
22
|
-
|
|
23
17
|
private
|
|
24
18
|
|
|
25
19
|
def init_properties
|
|
@@ -10,8 +10,8 @@ module CvssSuite
|
|
|
10
10
|
# This class represents any CVSS vector. Do not instantiate this class!
|
|
11
11
|
class Cvss40AndLater < Cvss
|
|
12
12
|
##
|
|
13
|
-
# Metric of a CVSS vector for CVSS
|
|
14
|
-
attr_reader :
|
|
13
|
+
# Metric of a CVSS vector for CVSS 4.0.
|
|
14
|
+
attr_reader :supplemental, :environmental, :environmental_security, :threat
|
|
15
15
|
|
|
16
16
|
##
|
|
17
17
|
# Creates a new CVSS vector by a +vector+, for all CVSS versions from 4.0.
|
data/lib/cvss_suite/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,11 +1,10 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cvss-suite
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0llirocks
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: exe
|
|
10
9
|
cert_chain: []
|
|
11
10
|
date: 2024-08-31 00:00:00.000000000 Z
|
|
@@ -84,7 +83,6 @@ description: |-
|
|
|
84
83
|
This Ruby gem calculates the score based on the vector of the
|
|
85
84
|
Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document)
|
|
86
85
|
in version 4.0, 3.1, 3.0 and 2.
|
|
87
|
-
email:
|
|
88
86
|
executables: []
|
|
89
87
|
extensions: []
|
|
90
88
|
extra_rdoc_files: []
|
|
@@ -150,10 +148,9 @@ licenses:
|
|
|
150
148
|
metadata:
|
|
151
149
|
bug_tracker_uri: https://github.com/0llirocks/cvss-suite/issues
|
|
152
150
|
changelog_uri: https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md
|
|
153
|
-
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/
|
|
151
|
+
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/4.0.0
|
|
154
152
|
homepage_uri: https://cvss-suite.0lli.rocks
|
|
155
153
|
source_code_uri: https://github.com/0llirocks/cvss-suite
|
|
156
|
-
post_install_message:
|
|
157
154
|
rdoc_options: []
|
|
158
155
|
require_paths:
|
|
159
156
|
- lib
|
|
@@ -168,8 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
168
165
|
- !ruby/object:Gem::Version
|
|
169
166
|
version: '0'
|
|
170
167
|
requirements: []
|
|
171
|
-
rubygems_version: 3.0.
|
|
172
|
-
signing_key:
|
|
168
|
+
rubygems_version: 3.6.0.dev
|
|
173
169
|
specification_version: 4
|
|
174
170
|
summary: Ruby gem for processing cvss vectors.
|
|
175
171
|
test_files: []
|