cvss_rating 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +4 -0
- data/README.md +3 -1
- data/cvss_rating.gemspec +5 -3
- data/lib/cvss_rating/version.rb +2 -2
- data/lib/cvss_rating.rb +43 -39
- data/test/cvss_rating_test.rb +14 -6
- metadata +34 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9f34c95f177fe60ecc57c735768fbe8cad31aafe
|
4
|
+
data.tar.gz: 3584d4783a7e04538093797cc8cc50474238e077
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d271f1acc407e4ead7d99302b282d21e22674069738cfaf09e84c8b48d7cfc316f184af3c9c742e39b80917d49e97ce7006d8c5912ffbe8f2483f7dcbc1be0e8
|
7
|
+
data.tar.gz: d3b34287aeadbd3d98bebd3dbf4136f233a09c491f8a4001917f6eecb8079f1e9f092e736a4a7e63f181e6e050152bbcf52b35170f7cc2cc9de1676ee6742f20
|
data/.travis.yml
ADDED
data/README.md
CHANGED
@@ -1,5 +1,7 @@
|
|
1
1
|
# Cvss Rating
|
2
2
|
|
3
|
+
[](https://travis-ci.org/mort666/cvss_rating)
|
4
|
+
|
3
5
|
Implements CVSS Risk Rating version 2.0
|
4
6
|
|
5
7
|
## Installation
|
@@ -18,7 +20,7 @@ Or install it yourself as:
|
|
18
20
|
|
19
21
|
## Usage
|
20
22
|
|
21
|
-
Check out the unit tests for examples of usage
|
23
|
+
Check out the unit tests for examples of usage.
|
22
24
|
|
23
25
|
## TODO
|
24
26
|
|
data/cvss_rating.gemspec
CHANGED
@@ -5,11 +5,11 @@ require 'cvss_rating/version'
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = "cvss_rating"
|
8
|
-
spec.version =
|
8
|
+
spec.version = Cvss2::Rating::VERSION
|
9
9
|
spec.authors = ["Stephen Kapp"]
|
10
10
|
spec.email = ["mort666@virus.org"]
|
11
|
-
spec.summary = %q{CVSS Risk Rating
|
12
|
-
spec.description = %q{CVSS Risk Rating
|
11
|
+
spec.summary = %q{CVSS Risk Rating Calculation and Vector parsing}
|
12
|
+
spec.description = %q{CVSS Risk Rating Calculation and Vector parsing, implements CVSS 2.0 rating}
|
13
13
|
spec.homepage = "https://github.com/mort666/cvss_rating"
|
14
14
|
spec.license = "MIT"
|
15
15
|
|
@@ -20,4 +20,6 @@ Gem::Specification.new do |spec|
|
|
20
20
|
|
21
21
|
spec.add_development_dependency "bundler", "~> 1.6"
|
22
22
|
spec.add_development_dependency "minitest"
|
23
|
+
spec.add_development_dependency "activesupport"
|
24
|
+
spec.add_development_dependency "rake"
|
23
25
|
end
|
data/lib/cvss_rating/version.rb
CHANGED
data/lib/cvss_rating.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
require "cvss_rating/version"
|
2
2
|
|
3
|
-
module
|
3
|
+
module Cvss2
|
4
4
|
class Rating
|
5
5
|
|
6
6
|
attr_accessor :av, :ac, :au, :ci, :ii, :ai, :ex, :rl, :rc, :cdp, :td, :cr, :ir, :ar
|
@@ -44,18 +44,28 @@ module Cvss
|
|
44
44
|
COLLATERAL_DAMAGE_KEY = { :none => 'N', :low => 'L', :low_medium => 'LM', :medium_high => 'MH', :high => 'H', :notdefined => 'ND' }
|
45
45
|
TARGET_DISTRIBUTION_KEY = { :none => 'N', :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
|
46
46
|
|
47
|
-
|
48
|
-
@base = nil
|
49
|
-
@temporal = nil
|
50
|
-
@environmental = nil
|
51
|
-
|
52
|
-
self.init
|
47
|
+
private
|
53
48
|
|
54
|
-
|
55
|
-
|
49
|
+
def impactfunction(impact)
|
50
|
+
return impact != 0 ? 1.176 : 0.0
|
51
|
+
end
|
52
|
+
|
53
|
+
def noenvironmental?
|
54
|
+
if get_key("COLLATERAL_DAMAGE", @cdp) == "ND" && get_key("TARGET_DISTRIBUTION", @td) == "ND" && get_key("CONFIDENTIALITY_REQUIREMENT", @cr) == "ND" && get_key("INTEGRITY_REQUIREMENT", @ir) == "ND" && get_key("AVAILABILITY_REQUIREMENT", @ar) == "ND"
|
55
|
+
return true
|
56
|
+
else
|
57
|
+
return false
|
56
58
|
end
|
57
59
|
end
|
58
60
|
|
61
|
+
def notemporal?
|
62
|
+
if get_key("EXPLOITABILITY", @ex) == "ND" && get_key("REMEDIATION_LEVEL", @rl) == "ND" && get_key("REPORT_CONFIDENCE", @rc) == "ND"
|
63
|
+
return true
|
64
|
+
else
|
65
|
+
return false
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
59
69
|
def init(ex = "ND", rl = "ND", rc = "ND", cd = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
|
60
70
|
self.ex = ex
|
61
71
|
self.rl = rl
|
@@ -67,8 +77,22 @@ module Cvss
|
|
67
77
|
self.ir = ir
|
68
78
|
self.ar = ar
|
69
79
|
end
|
80
|
+
|
81
|
+
public
|
82
|
+
|
83
|
+
def initialize(attributes = {})
|
84
|
+
@base = nil
|
85
|
+
@temporal = nil
|
86
|
+
@environmental = nil
|
87
|
+
|
88
|
+
init
|
89
|
+
|
90
|
+
attributes.each do |name, value|
|
91
|
+
send("#{name}=", value)
|
92
|
+
end
|
93
|
+
end
|
70
94
|
|
71
|
-
def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND",
|
95
|
+
def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
|
72
96
|
self.av = av
|
73
97
|
self.ac = ac
|
74
98
|
self.au = au
|
@@ -80,7 +104,7 @@ module Cvss
|
|
80
104
|
self.rl = rl
|
81
105
|
self.rc = rc
|
82
106
|
|
83
|
-
self.
|
107
|
+
self.cdp = cdp
|
84
108
|
self.td = td
|
85
109
|
self.cr = cr
|
86
110
|
self.ir = ir
|
@@ -91,22 +115,6 @@ module Cvss
|
|
91
115
|
get_key = eval(vector + "_KEY")[(eval(vector).select { |k,v| v == value }).keys[0]]
|
92
116
|
end
|
93
117
|
|
94
|
-
def noenvironmental
|
95
|
-
if get_key("COLLATERAL_DAMAGE", @cdp) == "ND" && get_key("TARGET_DISTRIBUTION", @td) == "ND" && get_key("CONFIDENTIALITY_REQUIREMENT", @cr) == "ND" && get_key("INTEGRITY_REQUIREMENT", @ir) == "ND" && get_key("AVAILABILITY_REQUIREMENT", @ar) == "ND"
|
96
|
-
return true
|
97
|
-
else
|
98
|
-
return false
|
99
|
-
end
|
100
|
-
end
|
101
|
-
|
102
|
-
def notemporal
|
103
|
-
if get_key("EXPLOITABILITY", @ex) == "ND" && get_key("REMEDIATION_LEVEL", @rl) == "ND" && get_key("REPORT_CONFIDENCE", @rc) == "ND"
|
104
|
-
return true
|
105
|
-
else
|
106
|
-
return false
|
107
|
-
end
|
108
|
-
end
|
109
|
-
|
110
118
|
def set_key
|
111
119
|
@key = "AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s" % [ get_key("ACCESS_VECTOR", @av),
|
112
120
|
get_key("ACCESS_COMPLEXITY", @ac),
|
@@ -115,13 +123,13 @@ module Cvss
|
|
115
123
|
get_key("INTEGRITY_IMPACT", @ii),
|
116
124
|
get_key("AVAILABILITY_IMPACT", @ai)]
|
117
125
|
|
118
|
-
if !notemporal
|
126
|
+
if !notemporal?
|
119
127
|
@key += "/E:%s/RL:%s/RC:%s" % [ get_key("EXPLOITABILITY", @ex),
|
120
128
|
get_key("REMEDIATION_LEVEL", @rl),
|
121
129
|
get_key("REPORT_CONFIDENCE", @rc)]
|
122
130
|
end
|
123
131
|
|
124
|
-
if !noenvironmental
|
132
|
+
if !noenvironmental?
|
125
133
|
@key += "/CDP:%s/TD:%s/CR:%s/IR:%s/AR:%s" % [ get_key("COLLATERAL_DAMAGE", @cdp),
|
126
134
|
get_key("TARGET_DISTRIBUTION", @td),
|
127
135
|
get_key("CONFIDENTIALITY_REQUIREMENT", @cr),
|
@@ -360,7 +368,7 @@ module Cvss
|
|
360
368
|
string = vector.split("/")
|
361
369
|
len = string.length
|
362
370
|
|
363
|
-
|
371
|
+
init
|
364
372
|
|
365
373
|
@originalkey = vector
|
366
374
|
|
@@ -379,9 +387,9 @@ module Cvss
|
|
379
387
|
printf "Base Score:\t\t\t%3.1f\n", @base
|
380
388
|
printf " Impact Subscore:\t\t%3.1f\n", @impact
|
381
389
|
printf " Exploitability Subscore:\t%3.1f\n", @exploitability
|
382
|
-
printf "Temporal Score:\t\t\t%3.1f\n", @temporal if !
|
383
|
-
printf "Environmental Score:\t\t%3.1f\n", @environmental if !
|
384
|
-
printf " Adjusted Impact Score:\t%3.1f\n", @adjimpact if !
|
390
|
+
printf "Temporal Score:\t\t\t%3.1f\n", @temporal if !notemporal?
|
391
|
+
printf "Environmental Score:\t\t%3.1f\n", @environmental if !noenvironmental?
|
392
|
+
printf " Adjusted Impact Score:\t%3.1f\n", @adjimpact if !noenvironmental?
|
385
393
|
printf "Overall Score:\t\t\t%3.1f\n", overallscore
|
386
394
|
end
|
387
395
|
|
@@ -420,8 +428,8 @@ module Cvss
|
|
420
428
|
end
|
421
429
|
|
422
430
|
def overallscore
|
423
|
-
if
|
424
|
-
if
|
431
|
+
if noenvironmental?
|
432
|
+
if notemporal?
|
425
433
|
overallscore = @base
|
426
434
|
else
|
427
435
|
overallscore = @temporal
|
@@ -432,10 +440,6 @@ module Cvss
|
|
432
440
|
return overallscore
|
433
441
|
end
|
434
442
|
|
435
|
-
def impactfunction(impact)
|
436
|
-
return impact != 0 ? 1.176 : 0.0
|
437
|
-
end
|
438
|
-
|
439
443
|
def impactscore
|
440
444
|
impact = 10.41*(1.0-(1.0-@ci.abs)*(1.0-@ii.abs)*(1.0-@ai.abs))
|
441
445
|
end
|
data/test/cvss_rating_test.rb
CHANGED
@@ -4,7 +4,7 @@ require 'cvss_rating'
|
|
4
4
|
|
5
5
|
class CvssRatingTest < MiniTest::Unit::TestCase
|
6
6
|
def setup
|
7
|
-
@cvss =
|
7
|
+
@cvss = Cvss2::Rating.new
|
8
8
|
@cvss.av = "N"
|
9
9
|
@cvss.ac = "M"
|
10
10
|
@cvss.au = "N"
|
@@ -13,7 +13,7 @@ class CvssRatingTest < MiniTest::Unit::TestCase
|
|
13
13
|
@cvss.ai = "P"
|
14
14
|
@cvss.set_key
|
15
15
|
|
16
|
-
@cvss_2 =
|
16
|
+
@cvss_2 = Cvss2::Rating.new
|
17
17
|
@cvss_2.av = "L"
|
18
18
|
@cvss_2.ac = "M"
|
19
19
|
@cvss_2.au = "M"
|
@@ -29,7 +29,7 @@ class CvssRatingTest < MiniTest::Unit::TestCase
|
|
29
29
|
end
|
30
30
|
|
31
31
|
def test_cvss_rating_from_vector
|
32
|
-
cvss =
|
32
|
+
cvss = Cvss2::Rating.new
|
33
33
|
cvss.parse("AV:N/AC:M/Au:N/C:P/I:P/A:P")
|
34
34
|
assert_equal @cvss.key, cvss.key
|
35
35
|
|
@@ -37,7 +37,6 @@ class CvssRatingTest < MiniTest::Unit::TestCase
|
|
37
37
|
|
38
38
|
assert_equal @cvss.overallscore, cvss.overallscore
|
39
39
|
|
40
|
-
cvss.init
|
41
40
|
cvss.parse("AV:L/AC:M/Au:M/C:P/I:C/A:C/CDP:L/TD:H/CR:M/IR:M/AR:M")
|
42
41
|
assert_equal @cvss_2.key, cvss.key
|
43
42
|
|
@@ -47,8 +46,7 @@ class CvssRatingTest < MiniTest::Unit::TestCase
|
|
47
46
|
end
|
48
47
|
|
49
48
|
def test_cvss_rating_parameters
|
50
|
-
cvss =
|
51
|
-
cvss.init
|
49
|
+
cvss = Cvss2::Rating.new
|
52
50
|
|
53
51
|
cvss.av = "local"
|
54
52
|
|
@@ -58,4 +56,14 @@ class CvssRatingTest < MiniTest::Unit::TestCase
|
|
58
56
|
|
59
57
|
assert_equal @cvss_2.cdp, cvss.cdp
|
60
58
|
end
|
59
|
+
|
60
|
+
def test_cvss_rating_scores
|
61
|
+
cvss = Cvss2::Rating.new
|
62
|
+
|
63
|
+
cvss.scores("N", "M", "N", "P", "P", "P")
|
64
|
+
assert_equal @cvss.key, cvss.key
|
65
|
+
|
66
|
+
cvss.scores("L", "M", "M", "P", "C", "C", "ND", "ND", "ND", "L", "H", "M", "M", "M")
|
67
|
+
assert_equal @cvss_2.key, cvss.key
|
68
|
+
end
|
61
69
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cvss_rating
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Stephen Kapp
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-08-
|
11
|
+
date: 2015-08-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -38,7 +38,36 @@ dependencies:
|
|
38
38
|
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
|
-
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: activesupport
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
description: CVSS Risk Rating Calculation and Vector parsing, implements CVSS 2.0
|
70
|
+
rating
|
42
71
|
email:
|
43
72
|
- mort666@virus.org
|
44
73
|
executables: []
|
@@ -46,6 +75,7 @@ extensions: []
|
|
46
75
|
extra_rdoc_files: []
|
47
76
|
files:
|
48
77
|
- ".gitignore"
|
78
|
+
- ".travis.yml"
|
49
79
|
- Gemfile
|
50
80
|
- LICENSE.txt
|
51
81
|
- README.md
|
@@ -77,6 +107,6 @@ rubyforge_project:
|
|
77
107
|
rubygems_version: 2.2.2
|
78
108
|
signing_key:
|
79
109
|
specification_version: 4
|
80
|
-
summary: CVSS Risk Rating
|
110
|
+
summary: CVSS Risk Rating Calculation and Vector parsing
|
81
111
|
test_files:
|
82
112
|
- test/cvss_rating_test.rb
|