cvss_rating 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 86710948607aed7404a2f0fe021a0cb734cf1a6b
+  data.tar.gz: 8a98d94e813c4a0be0afe2b22b5f6fd66f5d5b63
+SHA512:
+  metadata.gz: e1c0f19932a291bb805fd5c784ccc0d685bad189aab48ae5b2f2aed4bd56330c345cd3100a2530d12aff54259ea5499ca048f3137a2447e0c8423a829a860abe
+  data.tar.gz: 77af3c98596f4ad2d7f0a429f8275c7c487c91947ab88eb4a099187e84a0cb145518fc9829726bc6849fb78432957af850299934cce8f371494eff136d7719c6

data/.gitignore

@@ -0,0 +1,22 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in cvss_rating.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Stephen Kapp
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,27 @@
+# Cvss Rating
+
+Implements CVSS Risk Rating version 2.0
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'cvss_rating'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install cvss_rating
+
+## Usage
+
+Check out the unit tests for examples of usage
+
+## TODO
+
+* CVSS 3.0 Support
+* Code and API clean up
+* More Unit Tests

data/Rakefile

@@ -0,0 +1,22 @@
+require 'rake'
+require 'rake/testtask'
+require 'rdoc/task'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the app_version plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the app_version plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Cvss Rating'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/cvss_rating.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'cvss_rating/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "cvss_rating"
+  spec.version       = Cvss::Rating::VERSION
+  spec.authors       = ["Stephen Kapp"]
+  spec.email         = ["mort666@virus.org"]
+  spec.summary       = %q{CVSS Risk Rating Calucation and Vector parsing}
+  spec.description   = %q{CVSS Risk Rating Calucation and Vector parsing, implements CVSS 2.0 rating}
+  spec.homepage      = "https://github.com/mort666/cvss_rating"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "minitest"
+end

data/lib/cvss_rating/version.rb

@@ -0,0 +1,5 @@
+module Cvss
+	class Rating
+  		VERSION = "0.1.1"
+  	end
+end

data/lib/cvss_rating.rb

@@ -0,0 +1,453 @@
+require "cvss_rating/version"
+
+module Cvss
+	class Rating
+  
+	  attr_accessor :av, :ac, :au, :ci, :ii, :ai, :ex, :rl, :rc, :cdp, :td, :cr, :ir, :ar 
+	  attr_accessor :base, :temporal, :overall, :environmental, :impact, :exploitability, :adjimpact, :key
+	  
+	  ACCESS_VECTOR = { :local => 0.395, :adjacent_network => 0.646, :network => 1.0 }
+	  ACCESS_COMPLEXITY = { :high => 0.35, :medium => 0.61, :low => 0.71 }
+	  AUTHENTICATION = { :none => 0.704, :single => 0.56, :multiple => 0.45 }
+	  
+	  CONFIDENTIALITY_IMPACT = { :none => 0.0, :partial => 0.275, :complete => 0.660 }
+	  INTEGRITY_IMPACT = { :none => 0.0, :partial => 0.275, :complete => 0.660 }
+	  AVAILABILITY_IMPACT = { :none => 0.0, :partial => 0.275, :complete => 0.660 }
+	  
+	  CONFIDENTIALITY_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
+	  INTEGRITY_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
+	  AVAILABILITY_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
+	  
+	  EXPLOITABILITY = { :unproven => 0.85, :poc => 0.9, :functional =>  0.95, :high => 1.0, :notdefined => -1.0 }
+	  REMEDIATION_LEVEL = { :official => 0.87, :temporary => 0.9, :workaround =>  0.95, :unavailable => 1.0, :notdefined => -1.0 }
+	  REPORT_CONFIDENCE = { :unconfirmed => 0.90, :uncorroborated => 0.95, :confirmed => 1.0, :notdefined => -1.0 }
+	  
+	  COLLATERAL_DAMAGE = { :none => 0.0, :low => 0.1, :low_medium => 0.3, :medium_high => 0.4, :high => 0.5, :notdefined => -1.0 }
+	  TARGET_DISTRIBUTION = { :none => 0.0, :low => 0.25, :medium => 0.75, :high => 1.0, :notdefined => -1.0 }
+	  
+	  ACCESS_VECTOR_KEY = { :local => 'L', :adjacent_network => 'A', :network => 'N' }
+	  ACCESS_COMPLEXITY_KEY = { :high => 'H', :medium => 'M', :low => 'L' }
+	  AUTHENTICATION_KEY = { :none => 'N', :single => 'S', :multiple => 'M' }
+	  
+	  CONFIDENTIALITY_IMPACT_KEY = { :none => 'N', :partial => 'P', :complete => 'C' }
+	  INTEGRITY_IMPACT_KEY = { :none => 'N', :partial => 'P', :complete => 'C' }
+	  AVAILABILITY_IMPACT_KEY = { :none => 'N', :partial => 'P', :complete => 'C' }
+	  
+	  CONFIDENTIALITY_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
+	  INTEGRITY_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
+	  AVAILABILITY_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
+	  
+	  EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'P', :functional => 'F', :high => 'H', :notdefined => 'ND' }
+	  REMEDIATION_LEVEL_KEY = { :official => 'OF', :temporary => "TF", :workaround =>  'W', :unavailable => 'U', :notdefined => 'ND' }
+	  REPORT_CONFIDENCE_KEY = { :unconfirmed => 'UC', :uncorroborated => 'UR', :confirmed => 'C', :notdefined => 'ND' }
+	  
+	  COLLATERAL_DAMAGE_KEY = { :none => 'N', :low => 'L', :low_medium => 'LM', :medium_high => 'MH', :high => 'H', :notdefined => 'ND' }
+	  TARGET_DISTRIBUTION_KEY = { :none => 'N', :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }	  
+
+	  def initialize(attributes = {})   
+	    @base = nil 
+	    @temporal = nil 
+	    @environmental = nil 
+	    
+	    self.init
+
+	    attributes.each do |name, value|
+	      send("#{name}=", value)
+	    end
+	  end
+	  
+	  def init(ex = "ND", rl = "ND", rc = "ND", cd = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
+	    self.ex = ex
+	    self.rl = rl
+	    self.rc = rc
+
+	    self.cdp = cd
+		self.td = td
+		self.cr = cr
+		self.ir = ir
+	    self.ar = ar
+	  end
+	  
+	  def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cd = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
+	    self.av = av
+	    self.ac = ac
+	    self.au = au
+	    self.ci = ci
+	    self.ii = ii
+	    self.ai = ai
+	    
+	    self.ex = ex
+	    self.rl = rl
+	    self.rc = rc
+
+	    self.cd = cd
+		self.td = td
+		self.cr = cr
+		self.ir = ir
+	    self.ar = ar
+	  end
+	  
+	  def get_key(vector, value)
+	    get_key = eval(vector + "_KEY")[(eval(vector).select { |k,v| v == value }).keys[0]]
+	  end
+	  
+	  def noenvironmental
+	    if get_key("COLLATERAL_DAMAGE", @cdp) == "ND" && get_key("TARGET_DISTRIBUTION", @td) == "ND" && get_key("CONFIDENTIALITY_REQUIREMENT", @cr) == "ND" && get_key("INTEGRITY_REQUIREMENT", @ir) == "ND" && get_key("AVAILABILITY_REQUIREMENT", @ar) == "ND"
+	      return true
+	    else
+	      return false
+	    end
+	  end
+	  
+	  def notemporal
+	    if get_key("EXPLOITABILITY", @ex) == "ND" && get_key("REMEDIATION_LEVEL", @rl) == "ND" && get_key("REPORT_CONFIDENCE", @rc) == "ND"
+	      return true
+	    else
+	      return false
+	    end
+	  end
+	  
+	  def set_key
+	    @key = "AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s" % [ get_key("ACCESS_VECTOR", @av),
+	        get_key("ACCESS_COMPLEXITY", @ac),
+	        get_key("AUTHENTICATION", @au),
+	        get_key("CONFIDENTIALITY_IMPACT", @ci),
+	        get_key("INTEGRITY_IMPACT", @ii),
+	        get_key("AVAILABILITY_IMPACT", @ai)]
+	        
+	    if !notemporal
+	      @key += "/E:%s/RL:%s/RC:%s" % [ get_key("EXPLOITABILITY", @ex),
+	          get_key("REMEDIATION_LEVEL", @rl),
+	          get_key("REPORT_CONFIDENCE", @rc)]
+	    end
+	    
+	    if !noenvironmental
+	      @key += "/CDP:%s/TD:%s/CR:%s/IR:%s/AR:%s" % [ get_key("COLLATERAL_DAMAGE", @cdp),
+	          get_key("TARGET_DISTRIBUTION", @td),
+	          get_key("CONFIDENTIALITY_REQUIREMENT", @cr),
+	          get_key("INTEGRITY_REQUIREMENT", @ir),
+	          get_key("AVAILABILITY_REQUIREMENT", @ar)]
+	    end
+	  end
+	  
+	  def av=(av)
+	    @av = case av
+	    when "local", "L" then ACCESS_VECTOR[:local]
+	    when "adjacent network", "A" then ACCESS_VECTOR[:adjacent_network]
+	    when "network", "N" then ACCESS_VECTOR[:network]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def av
+	    av = get_key("ACCESS_VECTOR", @av) if !@av.nil?
+	  end
+	  
+	  def ac=(ac)
+	    @ac = case ac
+	    when "high", "H" then ACCESS_COMPLEXITY[:high]
+	    when "medium", "M" then ACCESS_COMPLEXITY[:medium]
+	    when "low", "L" then ACCESS_COMPLEXITY[:low]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def ac
+	    ac = get_key("ACCESS_COMPLEXITY", @ac) if !@ac.nil?
+	  end
+	  
+	  def au=(au)
+	    @au = case au
+	    when "none", "N" then AUTHENTICATION[:none]
+	    when "single instance", "S" then AUTHENTICATION[:single]
+	    when "multiple instance", "M" then AUTHENTICATION[:multiple]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def au
+	    au = get_key("AUTHENTICATION", @au) if !@au.nil?
+	  end
+	  
+	  def ci=(ci)
+	    @ci = case ci
+	    when "none", "N" then CONFIDENTIALITY_IMPACT[:none]
+	    when "partial", "P" then CONFIDENTIALITY_IMPACT[:partial]
+	    when "complete", "C" then CONFIDENTIALITY_IMPACT[:complete]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def ci
+	    ci = get_key("CONFIDENTIALITY_IMPACT", @ci) if !@ci.nil?
+	  end
+	  
+	  def ii=(ii)
+	    @ii = case ii
+	    when "none", "N" then INTEGRITY_IMPACT[:none]
+	    when "partial", "P" then INTEGRITY_IMPACT[:partial]
+	    when "complete", "C" then INTEGRITY_IMPACT[:complete]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def ii
+	    ii = get_key("INTEGRITY_IMPACT", @ii) if !@ii.nil?
+	  end
+	  
+	  def ai=(ai)
+	    @ai = case ai
+	    when "none", "N" then AVAILABILITY_IMPACT[:none]
+	    when "partial", "P" then AVAILABILITY_IMPACT[:partial]
+	    when "complete", "C" then AVAILABILITY_IMPACT[:complete]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def ai
+	    ai = get_key("AVAILABILITY_IMPACT", @ai) if !@ai.nil?
+	  end
+	  
+	  def ex=(ex)
+	    @ex = case ex
+	    when "unproven", "U" then EXPLOITABILITY[:unproven]
+	    when "proof-of-concept", "P", "POC" then EXPLOITABILITY[:poc]
+	    when "functional", "F" then EXPLOITABILITY[:functional]
+	    when "high", "H" then EXPLOITABILITY[:high]      
+	    when "not defined", "ND" then EXPLOITABILITY[:notdefined]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def ex
+	    ex = get_key("EXPLOITABILITY", @ex) if !@ex.nil?
+	  end
+	  
+	  def rl=(rl)
+	    @rl = case rl
+	    when "official-fix", "O" then REMEDIATION_LEVEL[:official]
+	    when "temporary-fix", "T", "TF" then REMEDIATION_LEVEL[:temporary]
+	    when "workaround", "W" then REMEDIATION_LEVEL[:workaround]
+	    when "unavailable", "U" then REMEDIATION_LEVEL[:unavailable]      
+	    when "not defined", "ND" then REMEDIATION_LEVEL[:notdefined]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def rl
+	    rl = get_key("REMEDIATION_LEVEL", @rl) if !@rl.nil?
+	  end
+	  
+	  def rc=(rc)
+	    @rc = case rc
+	    when "unconfirmed", "UC" then REPORT_CONFIDENCE[:unconfirmed]
+	    when "uncorroborated", "UR" then REPORT_CONFIDENCE[:uncorroborated]
+	    when "confirmed", "C" then REPORT_CONFIDENCE[:confirmed]    
+	    when "not defined", "ND" then REPORT_CONFIDENCE[:notdefined]
+	    else 
+	      raise "Bad Argument"
+	    end
+	   end
+	  
+	  def rc
+	    rc = get_key("REPORT_CONFIDENCE", @rc) if !@av.nil?
+	  end
+	  
+	  def cdp=(cd)
+	    @cdp = case cd
+	    when "none", "N" then COLLATERAL_DAMAGE[:none]
+	    when "low", "L" then COLLATERAL_DAMAGE[:low]
+	    when "low-medium", "LM" then COLLATERAL_DAMAGE[:low_medium]
+	    when "medium-high", "MH" then COLLATERAL_DAMAGE[:medium_high]
+	    when "high", "H" then COLLATERAL_DAMAGE[:high]      
+	    when "not defined", "ND" then COLLATERAL_DAMAGE[:notdefined]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def cdp
+	    cdp = get_key("COLLATERAL_DAMAGE", @cdp) if !@cdp.nil?
+	  end
+	  
+	  def td=(td)
+	    @td = case td
+	    when "none", "N" then TARGET_DISTRIBUTION[:none]
+	    when "low", "L" then TARGET_DISTRIBUTION[:low]
+	    when "medium", "M" then TARGET_DISTRIBUTION[:medium]
+	    when "high", "H" then TARGET_DISTRIBUTION[:high]      
+	    when "not defined", "ND" then TARGET_DISTRIBUTION[:notdefined]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def td
+	    td = get_key("TARGET_DISTRIBUTION", @td) if !@td.nil?
+	  end
+	  
+	  def cr=(cr)
+	    @cr = case cr
+	    when "low", "L" then CONFIDENTIALITY_REQUIREMENT[:low]
+	    when "medium", "M" then CONFIDENTIALITY_REQUIREMENT[:medium]
+	    when "high", "H" then CONFIDENTIALITY_REQUIREMENT[:high]      
+	    when "not defined", "ND" then CONFIDENTIALITY_REQUIREMENT[:notdefined]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def cr
+	    cr = get_key("CONFIDENTIALITY_REQUIREMENT", @cr) if !@cr.nil?
+	  end
+	  
+	  def ir=(ir)
+	    @ir = case ir
+	    when "low", "L" then INTEGRITY_REQUIREMENT[:low]
+	    when "medium", "M" then INTEGRITY_REQUIREMENT[:medium]
+	    when "high", "H" then INTEGRITY_REQUIREMENT[:high]      
+	    when "not defined", "ND" then INTEGRITY_REQUIREMENT[:notdefined]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def ir
+	    ir = get_key("INTEGRITY_REQUIREMENT", @ir) if !@ir.nil?
+	  end
+	  
+	  def ar=(ar)
+	    @ar = case ar
+	    when "low", "L" then AVAILABILITY_REQUIREMENT[:low]
+	    when "medium", "M" then AVAILABILITY_REQUIREMENT[:medium]
+	    when "high", "H" then AVAILABILITY_REQUIREMENT[:high]      
+	    when "not defined", "ND" then AVAILABILITY_REQUIREMENT[:notdefined]
+	    else 
+	      raise "Bad Argument"
+	    end
+	  end
+	  
+	  def ar
+	    ar = get_key("AVAILABILITY_REQUIREMENT", @ar) if !@ar.nil?
+	  end
+	  
+	  VECTORS = {
+	    "av" => "av=",
+	    "ac" => "ac=",
+	    "au" => "au=",
+	    "c" => "ci=",
+	    "i" => "ii=",
+	    "a" => "ai=",
+	    "e" => "ex=",
+	    "rl" => "rl=",
+	    "rc" => "rc=",
+	    "cdp" => "cdp=",
+	    "td" => "td=",
+	    "cr" => "cr=",
+	    "ir" => "ir=",
+	    "ar" => "ar="
+	  }
+	  
+	  def parse(vector)
+	    string = vector.split("/")
+	    len = string.length
+
+	    self.init
+
+	    @originalkey = vector
+	    
+	    string.each do |section|
+	      tmp = section.split(":")
+	      send(VECTORS[tmp[0].downcase].to_sym, tmp[1])     
+	    end
+	  end  
+
+	  def key
+	  	self.set_key
+	  	return @key
+	  end
+
+	  def to_s
+	    printf "Base Score:\t\t\t%3.1f\n", @base
+	    printf "  Impact Subscore:\t\t%3.1f\n", @impact
+	    printf "  Exploitability Subscore:\t%3.1f\n", @exploitability
+	    printf "Temporal Score:\t\t\t%3.1f\n", @temporal if !self.notemporal
+	    printf "Environmental Score:\t\t%3.1f\n", @environmental  if !self.noenvironmental
+	    printf "  Adjusted Impact Score:\t%3.1f\n", @adjimpact if !self.noenvironmental
+	    printf "Overall Score:\t\t\t%3.1f\n", overallscore
+	  end
+	  
+	  def calculate
+	    @impact = self.impactscore
+	    @adjimpact = self.adjustedimpactscore
+	    @exploitability = self.exploitabilityscore
+	    @base = self.basescore
+	    @temporal = self.temporalscore
+	    @environmental = self.environmentalscore(self.adjustedtemporalscore(self.adjustedbasescore(@adjimpact, @exploitability)))  
+	  end
+	  
+	  def adjustedimpactscore
+	    tmp = []
+	    tmp[0] = 10
+	    tmp[1] = 10.41*(1-(1-@ci.abs*@cr.abs)*(1-@ii.abs*@ir.abs)*(1-@ai.abs*@ar.abs))
+	    adjustedimpactscore = tmp.min
+	  end
+	  
+	  def adjustedbasescore(adjustedimpact, exploitabilityscore)
+	    adjustedbasescore = (0.6*adjustedimpact + 0.4 * exploitabilityscore - 1.5) * impactfunction(adjustedimpact)
+	  end
+	  
+	  def adjustedtemporalscore(adjustedbasescore)
+	    adjustedtemporalscore = adjustedbasescore * @ex.abs * @rl.abs * @rc.abs
+	  end
+	  
+	  def exploitabilityscore
+	    exploitability = 20 * @ac.abs * @au.abs * @av.abs
+	  end
+	  
+	  def environmentalscore(adjustedtemporalscore)
+	    environmentalscore = (adjustedtemporalscore + (10 - adjustedtemporalscore) * (@cdp == -1 ? 0 : @cdp.abs)) * @td.abs
+	    
+	    return environmentalscore == 0.0 ? "Undefined" : environmentalscore
+	  end
+	  
+	  def overallscore
+	    if self.noenvironmental
+	      if self.notemporal
+	        overallscore = @base
+	      else
+	        overallscore = @temporal
+	      end
+	    else
+	      overallscore = @environmental
+	    end
+	    return overallscore
+	  end
+	  
+	  def impactfunction(impact)
+	  	return impact != 0 ? 1.176 : 0.0
+	  end
+	  
+	  def impactscore
+	    impact = 10.41*(1.0-(1.0-@ci.abs)*(1.0-@ii.abs)*(1.0-@ai.abs))
+	  end
+	  
+	  def basescore
+	    basescore = (0.6 * @impact + 0.4 * @exploitability - 1.5) * impactfunction(@impact)
+	  end
+	  
+	  def temporalscore
+	    temporalscore = @base * @ex.abs * @rl.abs * @rc.abs
+
+	    return temporalscore == 0.0 ? "Undefined" : temporalscore
+	  end
+	end
+end

data/test/cvss_rating_test.rb

@@ -0,0 +1,61 @@
+require 'minitest/autorun'
+require 'active_support'
+require 'cvss_rating'
+
+class CvssRatingTest < MiniTest::Unit::TestCase
+	def setup
+		@cvss = Cvss::Rating.new
+		@cvss.av = "N"
+		@cvss.ac = "M"
+		@cvss.au = "N"
+		@cvss.ci = "P"
+		@cvss.ii = "P"
+		@cvss.ai = "P"
+		@cvss.set_key
+
+		@cvss_2 = Cvss::Rating.new
+		@cvss_2.av = "L"
+		@cvss_2.ac = "M"
+		@cvss_2.au = "M"
+		@cvss_2.ci = "P"
+		@cvss_2.ii = "C"
+		@cvss_2.ai = "C"
+		@cvss_2.cdp = "L"
+		@cvss_2.td = "H"
+		@cvss_2.cr = "M"
+		@cvss_2.ir = "M"
+		@cvss_2.ar = "M"
+		@cvss_2.set_key
+	end
+
+	def test_cvss_rating_from_vector
+		cvss = Cvss::Rating.new
+		cvss.parse("AV:N/AC:M/Au:N/C:P/I:P/A:P")
+		assert_equal @cvss.key, cvss.key
+
+		assert_equal @cvss.base, cvss.base
+
+		assert_equal @cvss.overallscore, cvss.overallscore
+
+		cvss.init
+		cvss.parse("AV:L/AC:M/Au:M/C:P/I:C/A:C/CDP:L/TD:H/CR:M/IR:M/AR:M")
+		assert_equal @cvss_2.key, cvss.key
+
+		assert_equal @cvss_2.base, cvss.base
+
+		assert_equal @cvss_2.overallscore, cvss.overallscore
+	end
+
+	def test_cvss_rating_parameters
+		cvss = Cvss::Rating.new
+		cvss.init
+
+		cvss.av = "local"
+
+		assert_equal @cvss_2.av, cvss.av
+
+		cvss.cdp = 'low'
+
+		assert_equal @cvss_2.cdp, cvss.cdp
+	end
+end

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: cvss_rating
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Stephen Kapp
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-08-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: CVSS Risk Rating Calucation and Vector parsing, implements CVSS 2.0 rating
+email:
+- mort666@virus.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- cvss_rating.gemspec
+- lib/cvss_rating.rb
+- lib/cvss_rating/version.rb
+- test/cvss_rating_test.rb
+homepage: https://github.com/mort666/cvss_rating
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: CVSS Risk Rating Calucation and Vector parsing
+test_files:
+- test/cvss_rating_test.rb