cvss_rating 0.1.1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +4 -0
  3. data/README.md +3 -1
  4. data/cvss_rating.gemspec +5 -3
  5. data/lib/cvss_rating/version.rb +2 -2
  6. data/lib/cvss_rating.rb +43 -39
  7. data/test/cvss_rating_test.rb +14 -6
  8. metadata +34 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 86710948607aed7404a2f0fe021a0cb734cf1a6b
4
- data.tar.gz: 8a98d94e813c4a0be0afe2b22b5f6fd66f5d5b63
3
+ metadata.gz: 9f34c95f177fe60ecc57c735768fbe8cad31aafe
4
+ data.tar.gz: 3584d4783a7e04538093797cc8cc50474238e077
5
5
  SHA512:
6
- metadata.gz: e1c0f19932a291bb805fd5c784ccc0d685bad189aab48ae5b2f2aed4bd56330c345cd3100a2530d12aff54259ea5499ca048f3137a2447e0c8423a829a860abe
7
- data.tar.gz: 77af3c98596f4ad2d7f0a429f8275c7c487c91947ab88eb4a099187e84a0cb145518fc9829726bc6849fb78432957af850299934cce8f371494eff136d7719c6
6
+ metadata.gz: d271f1acc407e4ead7d99302b282d21e22674069738cfaf09e84c8b48d7cfc316f184af3c9c742e39b80917d49e97ce7006d8c5912ffbe8f2483f7dcbc1be0e8
7
+ data.tar.gz: d3b34287aeadbd3d98bebd3dbf4136f233a09c491f8a4001917f6eecb8079f1e9f092e736a4a7e63f181e6e050152bbcf52b35170f7cc2cc9de1676ee6742f20
data/.travis.yml ADDED
@@ -0,0 +1,4 @@
1
+ language: ruby
2
+ rvm:
3
+ - "1.9.3"
4
+ - "2.1.2"
data/README.md CHANGED
@@ -1,5 +1,7 @@
1
1
  # Cvss Rating
2
2
 
3
+ [![Build Status](https://travis-ci.org/mort666/cvss_rating.svg)](https://travis-ci.org/mort666/cvss_rating)
4
+
3
5
  Implements CVSS Risk Rating version 2.0
4
6
 
5
7
  ## Installation
@@ -18,7 +20,7 @@ Or install it yourself as:
18
20
 
19
21
  ## Usage
20
22
 
21
- Check out the unit tests for examples of usage
23
+ Check out the unit tests for examples of usage.
22
24
 
23
25
  ## TODO
24
26
 
data/cvss_rating.gemspec CHANGED
@@ -5,11 +5,11 @@ require 'cvss_rating/version'
5
5
 
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = "cvss_rating"
8
- spec.version = Cvss::Rating::VERSION
8
+ spec.version = Cvss2::Rating::VERSION
9
9
  spec.authors = ["Stephen Kapp"]
10
10
  spec.email = ["mort666@virus.org"]
11
- spec.summary = %q{CVSS Risk Rating Calucation and Vector parsing}
12
- spec.description = %q{CVSS Risk Rating Calucation and Vector parsing, implements CVSS 2.0 rating}
11
+ spec.summary = %q{CVSS Risk Rating Calculation and Vector parsing}
12
+ spec.description = %q{CVSS Risk Rating Calculation and Vector parsing, implements CVSS 2.0 rating}
13
13
  spec.homepage = "https://github.com/mort666/cvss_rating"
14
14
  spec.license = "MIT"
15
15
 
@@ -20,4 +20,6 @@ Gem::Specification.new do |spec|
20
20
 
21
21
  spec.add_development_dependency "bundler", "~> 1.6"
22
22
  spec.add_development_dependency "minitest"
23
+ spec.add_development_dependency "activesupport"
24
+ spec.add_development_dependency "rake"
23
25
  end
data/lib/cvss_rating/version.rb CHANGED
@@ -1,5 +1,5 @@
1
- module Cvss
1
+ module Cvss2
2
2
  class Rating
3
- VERSION = "0.1.1"
3
+ VERSION = "0.2.0"
4
4
  end
5
5
  end
data/lib/cvss_rating.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  require "cvss_rating/version"
2
2
 
3
- module Cvss
3
+ module Cvss2
4
4
  class Rating
5
5
 
6
6
  attr_accessor :av, :ac, :au, :ci, :ii, :ai, :ex, :rl, :rc, :cdp, :td, :cr, :ir, :ar
@@ -44,18 +44,28 @@ module Cvss
44
44
  COLLATERAL_DAMAGE_KEY = { :none => 'N', :low => 'L', :low_medium => 'LM', :medium_high => 'MH', :high => 'H', :notdefined => 'ND' }
45
45
  TARGET_DISTRIBUTION_KEY = { :none => 'N', :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
46
46
 
47
- def initialize(attributes = {})
48
- @base = nil
49
- @temporal = nil
50
- @environmental = nil
51
-
52
- self.init
47
+ private
53
48
 
54
- attributes.each do |name, value|
55
- send("#{name}=", value)
49
+ def impactfunction(impact)
50
+ return impact != 0 ? 1.176 : 0.0
51
+ end
52
+
53
+ def noenvironmental?
54
+ if get_key("COLLATERAL_DAMAGE", @cdp) == "ND" && get_key("TARGET_DISTRIBUTION", @td) == "ND" && get_key("CONFIDENTIALITY_REQUIREMENT", @cr) == "ND" && get_key("INTEGRITY_REQUIREMENT", @ir) == "ND" && get_key("AVAILABILITY_REQUIREMENT", @ar) == "ND"
55
+ return true
56
+ else
57
+ return false
56
58
  end
57
59
  end
58
60
 
61
+ def notemporal?
62
+ if get_key("EXPLOITABILITY", @ex) == "ND" && get_key("REMEDIATION_LEVEL", @rl) == "ND" && get_key("REPORT_CONFIDENCE", @rc) == "ND"
63
+ return true
64
+ else
65
+ return false
66
+ end
67
+ end
68
+
59
69
  def init(ex = "ND", rl = "ND", rc = "ND", cd = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
60
70
  self.ex = ex
61
71
  self.rl = rl
@@ -67,8 +77,22 @@ module Cvss
67
77
  self.ir = ir
68
78
  self.ar = ar
69
79
  end
80
+
81
+ public
82
+
83
+ def initialize(attributes = {})
84
+ @base = nil
85
+ @temporal = nil
86
+ @environmental = nil
87
+
88
+ init
89
+
90
+ attributes.each do |name, value|
91
+ send("#{name}=", value)
92
+ end
93
+ end
70
94
 
71
- def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cd = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
95
+ def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
72
96
  self.av = av
73
97
  self.ac = ac
74
98
  self.au = au
@@ -80,7 +104,7 @@ module Cvss
80
104
  self.rl = rl
81
105
  self.rc = rc
82
106
 
83
- self.cd = cd
107
+ self.cdp = cdp
84
108
  self.td = td
85
109
  self.cr = cr
86
110
  self.ir = ir
@@ -91,22 +115,6 @@ module Cvss
91
115
  get_key = eval(vector + "_KEY")[(eval(vector).select { |k,v| v == value }).keys[0]]
92
116
  end
93
117
 
94
- def noenvironmental
95
- if get_key("COLLATERAL_DAMAGE", @cdp) == "ND" && get_key("TARGET_DISTRIBUTION", @td) == "ND" && get_key("CONFIDENTIALITY_REQUIREMENT", @cr) == "ND" && get_key("INTEGRITY_REQUIREMENT", @ir) == "ND" && get_key("AVAILABILITY_REQUIREMENT", @ar) == "ND"
96
- return true
97
- else
98
- return false
99
- end
100
- end
101
-
102
- def notemporal
103
- if get_key("EXPLOITABILITY", @ex) == "ND" && get_key("REMEDIATION_LEVEL", @rl) == "ND" && get_key("REPORT_CONFIDENCE", @rc) == "ND"
104
- return true
105
- else
106
- return false
107
- end
108
- end
109
-
110
118
  def set_key
111
119
  @key = "AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s" % [ get_key("ACCESS_VECTOR", @av),
112
120
  get_key("ACCESS_COMPLEXITY", @ac),
@@ -115,13 +123,13 @@ module Cvss
115
123
  get_key("INTEGRITY_IMPACT", @ii),
116
124
  get_key("AVAILABILITY_IMPACT", @ai)]
117
125
 
118
- if !notemporal
126
+ if !notemporal?
119
127
  @key += "/E:%s/RL:%s/RC:%s" % [ get_key("EXPLOITABILITY", @ex),
120
128
  get_key("REMEDIATION_LEVEL", @rl),
121
129
  get_key("REPORT_CONFIDENCE", @rc)]
122
130
  end
123
131
 
124
- if !noenvironmental
132
+ if !noenvironmental?
125
133
  @key += "/CDP:%s/TD:%s/CR:%s/IR:%s/AR:%s" % [ get_key("COLLATERAL_DAMAGE", @cdp),
126
134
  get_key("TARGET_DISTRIBUTION", @td),
127
135
  get_key("CONFIDENTIALITY_REQUIREMENT", @cr),
@@ -360,7 +368,7 @@ module Cvss
360
368
  string = vector.split("/")
361
369
  len = string.length
362
370
 
363
- self.init
371
+ init
364
372
 
365
373
  @originalkey = vector
366
374
 
@@ -379,9 +387,9 @@ module Cvss
379
387
  printf "Base Score:\t\t\t%3.1f\n", @base
380
388
  printf " Impact Subscore:\t\t%3.1f\n", @impact
381
389
  printf " Exploitability Subscore:\t%3.1f\n", @exploitability
382
- printf "Temporal Score:\t\t\t%3.1f\n", @temporal if !self.notemporal
383
- printf "Environmental Score:\t\t%3.1f\n", @environmental if !self.noenvironmental
384
- printf " Adjusted Impact Score:\t%3.1f\n", @adjimpact if !self.noenvironmental
390
+ printf "Temporal Score:\t\t\t%3.1f\n", @temporal if !notemporal?
391
+ printf "Environmental Score:\t\t%3.1f\n", @environmental if !noenvironmental?
392
+ printf " Adjusted Impact Score:\t%3.1f\n", @adjimpact if !noenvironmental?
385
393
  printf "Overall Score:\t\t\t%3.1f\n", overallscore
386
394
  end
387
395
 
@@ -420,8 +428,8 @@ module Cvss
420
428
  end
421
429
 
422
430
  def overallscore
423
- if self.noenvironmental
424
- if self.notemporal
431
+ if noenvironmental?
432
+ if notemporal?
425
433
  overallscore = @base
426
434
  else
427
435
  overallscore = @temporal
@@ -432,10 +440,6 @@ module Cvss
432
440
  return overallscore
433
441
  end
434
442
 
435
- def impactfunction(impact)
436
- return impact != 0 ? 1.176 : 0.0
437
- end
438
-
439
443
  def impactscore
440
444
  impact = 10.41*(1.0-(1.0-@ci.abs)*(1.0-@ii.abs)*(1.0-@ai.abs))
441
445
  end
data/test/cvss_rating_test.rb CHANGED
@@ -4,7 +4,7 @@ require 'cvss_rating'
4
4
 
5
5
  class CvssRatingTest < MiniTest::Unit::TestCase
6
6
  def setup
7
- @cvss = Cvss::Rating.new
7
+ @cvss = Cvss2::Rating.new
8
8
  @cvss.av = "N"
9
9
  @cvss.ac = "M"
10
10
  @cvss.au = "N"
@@ -13,7 +13,7 @@ class CvssRatingTest < MiniTest::Unit::TestCase
13
13
  @cvss.ai = "P"
14
14
  @cvss.set_key
15
15
 
16
- @cvss_2 = Cvss::Rating.new
16
+ @cvss_2 = Cvss2::Rating.new
17
17
  @cvss_2.av = "L"
18
18
  @cvss_2.ac = "M"
19
19
  @cvss_2.au = "M"
@@ -29,7 +29,7 @@ class CvssRatingTest < MiniTest::Unit::TestCase
29
29
  end
30
30
 
31
31
  def test_cvss_rating_from_vector
32
- cvss = Cvss::Rating.new
32
+ cvss = Cvss2::Rating.new
33
33
  cvss.parse("AV:N/AC:M/Au:N/C:P/I:P/A:P")
34
34
  assert_equal @cvss.key, cvss.key
35
35
 
@@ -37,7 +37,6 @@ class CvssRatingTest < MiniTest::Unit::TestCase
37
37
 
38
38
  assert_equal @cvss.overallscore, cvss.overallscore
39
39
 
40
- cvss.init
41
40
  cvss.parse("AV:L/AC:M/Au:M/C:P/I:C/A:C/CDP:L/TD:H/CR:M/IR:M/AR:M")
42
41
  assert_equal @cvss_2.key, cvss.key
43
42
 
@@ -47,8 +46,7 @@ class CvssRatingTest < MiniTest::Unit::TestCase
47
46
  end
48
47
 
49
48
  def test_cvss_rating_parameters
50
- cvss = Cvss::Rating.new
51
- cvss.init
49
+ cvss = Cvss2::Rating.new
52
50
 
53
51
  cvss.av = "local"
54
52
 
@@ -58,4 +56,14 @@ class CvssRatingTest < MiniTest::Unit::TestCase
58
56
 
59
57
  assert_equal @cvss_2.cdp, cvss.cdp
60
58
  end
59
+
60
+ def test_cvss_rating_scores
61
+ cvss = Cvss2::Rating.new
62
+
63
+ cvss.scores("N", "M", "N", "P", "P", "P")
64
+ assert_equal @cvss.key, cvss.key
65
+
66
+ cvss.scores("L", "M", "M", "P", "C", "C", "ND", "ND", "ND", "L", "H", "M", "M", "M")
67
+ assert_equal @cvss_2.key, cvss.key
68
+ end
61
69
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cvss_rating
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stephen Kapp
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-14 00:00:00.000000000 Z
11
+ date: 2015-08-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -38,7 +38,36 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
- description: CVSS Risk Rating Calucation and Vector parsing, implements CVSS 2.0 rating
41
+ - !ruby/object:Gem::Dependency
42
+ name: activesupport
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ description: CVSS Risk Rating Calculation and Vector parsing, implements CVSS 2.0
70
+ rating
42
71
  email:
43
72
  - mort666@virus.org
44
73
  executables: []
@@ -46,6 +75,7 @@ extensions: []
46
75
  extra_rdoc_files: []
47
76
  files:
48
77
  - ".gitignore"
78
+ - ".travis.yml"
49
79
  - Gemfile
50
80
  - LICENSE.txt
51
81
  - README.md
@@ -77,6 +107,6 @@ rubyforge_project:
77
107
  rubygems_version: 2.2.2
78
108
  signing_key:
79
109
  specification_version: 4
80
- summary: CVSS Risk Rating Calucation and Vector parsing
110
+ summary: CVSS Risk Rating Calculation and Vector parsing
81
111
  test_files:
82
112
  - test/cvss_rating_test.rb