cvss-suite 1.2.2 → 1.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGES.md +6 -0
- data/README.md +5 -0
- data/cvss_suite.gemspec +2 -0
- data/lib/cvss_suite.rb +1 -0
- data/lib/cvss_suite/cvss.rb +12 -1
- data/lib/cvss_suite/cvss2/cvss2.rb +18 -0
- data/lib/cvss_suite/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '09094d21733286857b9b006672aa297d88858737f58656b2b48627d23bce3e69'
|
|
4
|
+
data.tar.gz: 524220ad72a9e052adc3742d3b32d1df3d66f0f5bf0a0c8cfd83265bf5e58d09
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9d871c1e5397598c1261c293524abee855f5c925e62c1e57aeb07473c7ec00c4c98c7ec146623b3a1e9737d0a0016a33098ac539c872762c88502f123501c69e
|
|
7
|
+
data.tar.gz: 3fed8bb40cab71f344a6bd339b50c75120942595ffbed2e4b4f0d534ef778ac0619681e648c95a74fac59615a748dd8a94931f0934744948a20ce7306b050e17
|
data/CHANGES.md
CHANGED
|
@@ -2,6 +2,12 @@
|
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
|
|
5
|
+
## [1.2.3] - 2020-12-05
|
|
6
|
+
|
|
7
|
+
### Fixes
|
|
8
|
+
* CVSS v2 now returns the correct severity values based on NVD recommendation
|
|
9
|
+
* CVSS v2 now supports vectors which are enclosed in parenthesis e.g. (AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
|
10
|
+
|
|
5
11
|
## [1.2.2] - 2020-07-19
|
|
6
12
|
|
|
7
13
|
### Fixes
|
data/README.md
CHANGED
|
@@ -10,6 +10,11 @@
|
|
|
10
10
|
This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document).
|
|
11
11
|
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.
|
|
12
12
|
|
|
13
|
+
## :warning: End of life :warning:
|
|
14
|
+
|
|
15
|
+
This version of the gem is no longer supported, please update to a higher version.
|
|
16
|
+
Please read the [changelog of 2.0.0](https://github.com/siemens/cvss-suite/blob/master/CHANGES.md#200---2020-05-10) for breaking changes.
|
|
17
|
+
|
|
13
18
|
## Installation
|
|
14
19
|
|
|
15
20
|
Add this line to your application's Gemfile:
|
data/cvss_suite.gemspec
CHANGED
|
@@ -26,6 +26,8 @@ Gem::Specification.new do |spec|
|
|
|
26
26
|
Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.'
|
|
27
27
|
spec.homepage = 'https://siemens.github.io/cvss-suite/'
|
|
28
28
|
|
|
29
|
+
spec.post_install_message = 'Version 1.x of this gem is no longer supported, please update to a supported version.'
|
|
30
|
+
|
|
29
31
|
spec.required_ruby_version = '>= 2.0.0'
|
|
30
32
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
|
31
33
|
spec.bindir = 'exe'
|
data/lib/cvss_suite.rb
CHANGED
data/lib/cvss_suite/cvss.rb
CHANGED
|
@@ -107,7 +107,18 @@ module CvssSuite
|
|
|
107
107
|
if start_of_vector.nil?
|
|
108
108
|
''
|
|
109
109
|
else
|
|
110
|
-
|
|
110
|
+
if start_of_vector == 1
|
|
111
|
+
matchArray = @vector.scan(/\((?>[^)(]+|\g<0>)*\)/)
|
|
112
|
+
if matchArray.length == 1 && matchArray[0] == @vector
|
|
113
|
+
@vector.slice!(0)
|
|
114
|
+
@vector.slice!(@vector.length - 1)
|
|
115
|
+
@vector
|
|
116
|
+
else
|
|
117
|
+
''
|
|
118
|
+
end
|
|
119
|
+
else
|
|
120
|
+
@vector[start_of_vector..-1]
|
|
121
|
+
end
|
|
111
122
|
end
|
|
112
123
|
end
|
|
113
124
|
|
|
@@ -25,6 +25,24 @@ module CvssSuite
|
|
|
25
25
|
2
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
+
# Returns the severity of the CVSSv2 vector.
|
|
29
|
+
# https://nvd.nist.gov/vuln-metrics/cvss
|
|
30
|
+
def severity
|
|
31
|
+
check_validity
|
|
32
|
+
|
|
33
|
+
score = overall_score
|
|
34
|
+
|
|
35
|
+
if (0.0..3.9).include? score
|
|
36
|
+
'Low'
|
|
37
|
+
elsif (4.0..6.9).include? score
|
|
38
|
+
'Medium'
|
|
39
|
+
elsif (7.0..10.0).include? score
|
|
40
|
+
'High'
|
|
41
|
+
else
|
|
42
|
+
'None'
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
28
46
|
##
|
|
29
47
|
# Returns the Base Score of the CVSS vector.
|
|
30
48
|
|
data/lib/cvss_suite/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cvss-suite
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oliver Hamboerger
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-12-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -118,7 +118,8 @@ homepage: https://siemens.github.io/cvss-suite/
|
|
|
118
118
|
licenses:
|
|
119
119
|
- MIT
|
|
120
120
|
metadata: {}
|
|
121
|
-
post_install_message:
|
|
121
|
+
post_install_message: Version 1.x of this gem is no longer supported, please update
|
|
122
|
+
to a supported version.
|
|
122
123
|
rdoc_options: []
|
|
123
124
|
require_paths:
|
|
124
125
|
- lib
|