cvss-suite 4.0.0 → 4.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/rspec.yml +1 -1
- data/CHANGES.md +5 -0
- data/LICENSE.md +1 -0
- data/README.md +4 -0
- data/lib/cvss_suite/cvss2/cvss2_base.rb +9 -1
- data/lib/cvss_suite/cvss3/cvss3_base.rb +27 -12
- data/lib/cvss_suite/cvss31/cvss31_base.rb +27 -12
- data/lib/cvss_suite/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 615e1ce401360d6127ec8a397b0d919b581588cbebe00d48fa1a8354d51397bc
|
|
4
|
+
data.tar.gz: e8a8615c60983eae67971a2b86d465afc79be4ae5b0c0c099504b676f1a1e74c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f68645079416546c5bb80e0a2ec0688a58e6889f9d334621130d563c882e90b735a9d2cad8bdf00c7e92c79b5d233e4bbca645d81347715dbacb25448addde30
|
|
7
|
+
data.tar.gz: e4bf4cd7073062cc9a2504d6f4cda6485d7b187c22ec9928740b9af89a2a990baa220f54b3843931cb43d27b5851290ad18c2f4ddbfc350990c425a7b7c0df6a
|
data/.github/workflows/rspec.yml
CHANGED
data/CHANGES.md
CHANGED
|
@@ -2,6 +2,11 @@
|
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
|
|
5
|
+
## [4.1.0] - 2025-04-27
|
|
6
|
+
|
|
7
|
+
### Improvements
|
|
8
|
+
* Expose impact and exploitability sub-scores. (@jgarber-cisco)
|
|
9
|
+
|
|
5
10
|
## [4.0.0] - 2024-08-31
|
|
6
11
|
|
|
7
12
|
### Breaking Changes
|
data/LICENSE.md
CHANGED
|
@@ -13,6 +13,7 @@ Contributors:
|
|
|
13
13
|
- Brandyn Phelps <https://github.com/brphelps>
|
|
14
14
|
- Karim ElGhandour <https://github.com/kghandour>
|
|
15
15
|
- Adam Hess <https://github.com/HParker>
|
|
16
|
+
- Jason Garber <https://github.com/jgarber>
|
|
16
17
|
|
|
17
18
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
18
19
|
this software and associated documentation files (the "Software"), to deal in
|
data/README.md
CHANGED
|
@@ -33,6 +33,10 @@ Or install it yourself as:
|
|
|
33
33
|
|
|
34
34
|
$ gem install cvss-suite
|
|
35
35
|
|
|
36
|
+
## Version 3.x
|
|
37
|
+
|
|
38
|
+
If you are still using CvssSuite 3.x please refer to the [specific branch](https://github.com/0llirocks/cvss-suite/tree/3.x) for documentation and changelog.
|
|
39
|
+
|
|
36
40
|
## Version 2.x
|
|
37
41
|
|
|
38
42
|
If you are still using CvssSuite 2.x please refer to the [specific branch](https://github.com/0llirocks/cvss-suite/tree/2.x) for documentation and changelog.
|
|
@@ -30,6 +30,14 @@ module CvssSuite
|
|
|
30
30
|
((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
+
def impact_subscore
|
|
34
|
+
calc_impact.round(1)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def exploitability_subscore
|
|
38
|
+
calc_exploitability.round(1)
|
|
39
|
+
end
|
|
40
|
+
|
|
33
41
|
private
|
|
34
42
|
|
|
35
43
|
def init_properties
|
|
@@ -65,7 +73,7 @@ module CvssSuite
|
|
|
65
73
|
{ name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
|
|
66
74
|
end
|
|
67
75
|
|
|
68
|
-
def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
|
|
76
|
+
def calc_impact(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
|
|
69
77
|
confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score
|
|
70
78
|
integrity_score = 1 - @integrity_impact.score * sr_ir_score
|
|
71
79
|
availability_score = 1 - @availability_impact.score * sr_ar_score
|
|
@@ -19,18 +19,8 @@ module CvssSuite
|
|
|
19
19
|
##
|
|
20
20
|
# Returns score of this metric
|
|
21
21
|
def score
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
exploitability = 8.22 * @attack_vector.score * @attack_complexity.score *
|
|
25
|
-
privilege_score * @user_interaction.score
|
|
26
|
-
|
|
27
|
-
isc_base = 1 - ((1 - @confidentiality.score) * (1 - @integrity.score) * (1 - @availability.score))
|
|
28
|
-
|
|
29
|
-
impact_sub_score = if @scope.selected_value[:name] == 'Changed'
|
|
30
|
-
7.52 * (isc_base - 0.029) - 3.25 * (isc_base - 0.02)**15
|
|
31
|
-
else
|
|
32
|
-
6.42 * isc_base
|
|
33
|
-
end
|
|
22
|
+
exploitability = calc_exploitability
|
|
23
|
+
impact_sub_score = calc_impact
|
|
34
24
|
|
|
35
25
|
return 0 if impact_sub_score <= 0
|
|
36
26
|
|
|
@@ -41,6 +31,14 @@ module CvssSuite
|
|
|
41
31
|
end
|
|
42
32
|
end
|
|
43
33
|
|
|
34
|
+
def impact_subscore
|
|
35
|
+
calc_impact.round(1)
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def exploitability_subscore
|
|
39
|
+
calc_exploitability.round(1)
|
|
40
|
+
end
|
|
41
|
+
|
|
44
42
|
private
|
|
45
43
|
|
|
46
44
|
def init_properties
|
|
@@ -83,5 +81,22 @@ module CvssSuite
|
|
|
83
81
|
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
|
84
82
|
{ name: 'High', abbreviation: 'H', weight: 0.56 }]))
|
|
85
83
|
end
|
|
84
|
+
|
|
85
|
+
def calc_exploitability
|
|
86
|
+
privilege_score = Cvss3Helper.privileges_required_score @privileges_required, @scope
|
|
87
|
+
|
|
88
|
+
8.22 * @attack_vector.score * @attack_complexity.score *
|
|
89
|
+
privilege_score * @user_interaction.score
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
def calc_impact
|
|
93
|
+
isc_base = 1 - ((1 - @confidentiality.score) * (1 - @integrity.score) * (1 - @availability.score))
|
|
94
|
+
|
|
95
|
+
if @scope.selected_value[:name] == 'Changed'
|
|
96
|
+
7.52 * (isc_base - 0.029) - 3.25 * (isc_base - 0.02)**15
|
|
97
|
+
else
|
|
98
|
+
6.42 * isc_base
|
|
99
|
+
end
|
|
100
|
+
end
|
|
86
101
|
end
|
|
87
102
|
end
|
|
@@ -20,18 +20,8 @@ module CvssSuite
|
|
|
20
20
|
##
|
|
21
21
|
# Returns score of this metric
|
|
22
22
|
def score
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
exploitability = 8.22 * @attack_vector.score * @attack_complexity.score *
|
|
26
|
-
privilege_score * @user_interaction.score
|
|
27
|
-
|
|
28
|
-
isc_base = 1 - ((1 - @confidentiality.score) * (1 - @integrity.score) * (1 - @availability.score))
|
|
29
|
-
|
|
30
|
-
impact_sub_score = if @scope.selected_value[:name] == 'Changed'
|
|
31
|
-
7.52 * (isc_base - 0.029) - 3.25 * (isc_base - 0.02)**15
|
|
32
|
-
else
|
|
33
|
-
6.42 * isc_base
|
|
34
|
-
end
|
|
23
|
+
exploitability = calc_exploitability
|
|
24
|
+
impact_sub_score = calc_impact
|
|
35
25
|
|
|
36
26
|
return 0 if impact_sub_score <= 0
|
|
37
27
|
|
|
@@ -42,6 +32,14 @@ module CvssSuite
|
|
|
42
32
|
end
|
|
43
33
|
end
|
|
44
34
|
|
|
35
|
+
def impact_subscore
|
|
36
|
+
calc_impact.round(1)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def exploitability_subscore
|
|
40
|
+
calc_exploitability.round(1)
|
|
41
|
+
end
|
|
42
|
+
|
|
45
43
|
private
|
|
46
44
|
|
|
47
45
|
def init_properties
|
|
@@ -84,5 +82,22 @@ module CvssSuite
|
|
|
84
82
|
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
|
85
83
|
{ name: 'High', abbreviation: 'H', weight: 0.56 }]))
|
|
86
84
|
end
|
|
85
|
+
|
|
86
|
+
def calc_exploitability
|
|
87
|
+
privilege_score = Cvss3Helper.privileges_required_score(@privileges_required, @scope)
|
|
88
|
+
|
|
89
|
+
8.22 * @attack_vector.score * @attack_complexity.score *
|
|
90
|
+
privilege_score * @user_interaction.score
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
def calc_impact
|
|
94
|
+
isc_base = 1 - ((1 - @confidentiality.score) * (1 - @integrity.score) * (1 - @availability.score))
|
|
95
|
+
|
|
96
|
+
if @scope.selected_value[:name] == 'Changed'
|
|
97
|
+
7.52 * (isc_base - 0.029) - 3.25 * (isc_base - 0.02)**15
|
|
98
|
+
else
|
|
99
|
+
6.42 * isc_base
|
|
100
|
+
end
|
|
101
|
+
end
|
|
87
102
|
end
|
|
88
103
|
end
|
data/lib/cvss_suite/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cvss-suite
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0llirocks
|
|
8
8
|
bindir: exe
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date:
|
|
10
|
+
date: 2025-04-27 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: bundler
|
|
@@ -148,7 +148,7 @@ licenses:
|
|
|
148
148
|
metadata:
|
|
149
149
|
bug_tracker_uri: https://github.com/0llirocks/cvss-suite/issues
|
|
150
150
|
changelog_uri: https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md
|
|
151
|
-
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/4.
|
|
151
|
+
documentation_uri: https://www.rubydoc.info/gems/cvss-suite/4.1.0
|
|
152
152
|
homepage_uri: https://cvss-suite.0lli.rocks
|
|
153
153
|
source_code_uri: https://github.com/0llirocks/cvss-suite
|
|
154
154
|
rdoc_options: []
|