cvss_rating 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 86710948607aed7404a2f0fe021a0cb734cf1a6b
4
- data.tar.gz: 8a98d94e813c4a0be0afe2b22b5f6fd66f5d5b63
3
+ metadata.gz: 9f34c95f177fe60ecc57c735768fbe8cad31aafe
4
+ data.tar.gz: 3584d4783a7e04538093797cc8cc50474238e077
5
5
  SHA512:
6
- metadata.gz: e1c0f19932a291bb805fd5c784ccc0d685bad189aab48ae5b2f2aed4bd56330c345cd3100a2530d12aff54259ea5499ca048f3137a2447e0c8423a829a860abe
7
- data.tar.gz: 77af3c98596f4ad2d7f0a429f8275c7c487c91947ab88eb4a099187e84a0cb145518fc9829726bc6849fb78432957af850299934cce8f371494eff136d7719c6
6
+ metadata.gz: d271f1acc407e4ead7d99302b282d21e22674069738cfaf09e84c8b48d7cfc316f184af3c9c742e39b80917d49e97ce7006d8c5912ffbe8f2483f7dcbc1be0e8
7
+ data.tar.gz: d3b34287aeadbd3d98bebd3dbf4136f233a09c491f8a4001917f6eecb8079f1e9f092e736a4a7e63f181e6e050152bbcf52b35170f7cc2cc9de1676ee6742f20
data/.travis.yml ADDED
@@ -0,0 +1,4 @@
1
+ language: ruby
2
+ rvm:
3
+ - "1.9.3"
4
+ - "2.1.2"
data/README.md CHANGED
@@ -1,5 +1,7 @@
1
1
  # Cvss Rating
2
2
 
3
+ [![Build Status](https://travis-ci.org/mort666/cvss_rating.svg)](https://travis-ci.org/mort666/cvss_rating)
4
+
3
5
  Implements CVSS Risk Rating version 2.0
4
6
 
5
7
  ## Installation
@@ -18,7 +20,7 @@ Or install it yourself as:
18
20
 
19
21
  ## Usage
20
22
 
21
- Check out the unit tests for examples of usage
23
+ Check out the unit tests for examples of usage.
22
24
 
23
25
  ## TODO
24
26
 
data/cvss_rating.gemspec CHANGED
@@ -5,11 +5,11 @@ require 'cvss_rating/version'
5
5
 
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = "cvss_rating"
8
- spec.version = Cvss::Rating::VERSION
8
+ spec.version = Cvss2::Rating::VERSION
9
9
  spec.authors = ["Stephen Kapp"]
10
10
  spec.email = ["mort666@virus.org"]
11
- spec.summary = %q{CVSS Risk Rating Calucation and Vector parsing}
12
- spec.description = %q{CVSS Risk Rating Calucation and Vector parsing, implements CVSS 2.0 rating}
11
+ spec.summary = %q{CVSS Risk Rating Calculation and Vector parsing}
12
+ spec.description = %q{CVSS Risk Rating Calculation and Vector parsing, implements CVSS 2.0 rating}
13
13
  spec.homepage = "https://github.com/mort666/cvss_rating"
14
14
  spec.license = "MIT"
15
15
 
@@ -20,4 +20,6 @@ Gem::Specification.new do |spec|
20
20
 
21
21
  spec.add_development_dependency "bundler", "~> 1.6"
22
22
  spec.add_development_dependency "minitest"
23
+ spec.add_development_dependency "activesupport"
24
+ spec.add_development_dependency "rake"
23
25
  end
@@ -1,5 +1,5 @@
1
- module Cvss
1
+ module Cvss2
2
2
  class Rating
3
- VERSION = "0.1.1"
3
+ VERSION = "0.2.0"
4
4
  end
5
5
  end
data/lib/cvss_rating.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  require "cvss_rating/version"
2
2
 
3
- module Cvss
3
+ module Cvss2
4
4
  class Rating
5
5
 
6
6
  attr_accessor :av, :ac, :au, :ci, :ii, :ai, :ex, :rl, :rc, :cdp, :td, :cr, :ir, :ar
@@ -44,18 +44,28 @@ module Cvss
44
44
  COLLATERAL_DAMAGE_KEY = { :none => 'N', :low => 'L', :low_medium => 'LM', :medium_high => 'MH', :high => 'H', :notdefined => 'ND' }
45
45
  TARGET_DISTRIBUTION_KEY = { :none => 'N', :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
46
46
 
47
- def initialize(attributes = {})
48
- @base = nil
49
- @temporal = nil
50
- @environmental = nil
51
-
52
- self.init
47
+ private
53
48
 
54
- attributes.each do |name, value|
55
- send("#{name}=", value)
49
+ def impactfunction(impact)
50
+ return impact != 0 ? 1.176 : 0.0
51
+ end
52
+
53
+ def noenvironmental?
54
+ if get_key("COLLATERAL_DAMAGE", @cdp) == "ND" && get_key("TARGET_DISTRIBUTION", @td) == "ND" && get_key("CONFIDENTIALITY_REQUIREMENT", @cr) == "ND" && get_key("INTEGRITY_REQUIREMENT", @ir) == "ND" && get_key("AVAILABILITY_REQUIREMENT", @ar) == "ND"
55
+ return true
56
+ else
57
+ return false
56
58
  end
57
59
  end
58
60
 
61
+ def notemporal?
62
+ if get_key("EXPLOITABILITY", @ex) == "ND" && get_key("REMEDIATION_LEVEL", @rl) == "ND" && get_key("REPORT_CONFIDENCE", @rc) == "ND"
63
+ return true
64
+ else
65
+ return false
66
+ end
67
+ end
68
+
59
69
  def init(ex = "ND", rl = "ND", rc = "ND", cd = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
60
70
  self.ex = ex
61
71
  self.rl = rl
@@ -67,8 +77,22 @@ module Cvss
67
77
  self.ir = ir
68
78
  self.ar = ar
69
79
  end
80
+
81
+ public
82
+
83
+ def initialize(attributes = {})
84
+ @base = nil
85
+ @temporal = nil
86
+ @environmental = nil
87
+
88
+ init
89
+
90
+ attributes.each do |name, value|
91
+ send("#{name}=", value)
92
+ end
93
+ end
70
94
 
71
- def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cd = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
95
+ def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
72
96
  self.av = av
73
97
  self.ac = ac
74
98
  self.au = au
@@ -80,7 +104,7 @@ module Cvss
80
104
  self.rl = rl
81
105
  self.rc = rc
82
106
 
83
- self.cd = cd
107
+ self.cdp = cdp
84
108
  self.td = td
85
109
  self.cr = cr
86
110
  self.ir = ir
@@ -91,22 +115,6 @@ module Cvss
91
115
  get_key = eval(vector + "_KEY")[(eval(vector).select { |k,v| v == value }).keys[0]]
92
116
  end
93
117
 
94
- def noenvironmental
95
- if get_key("COLLATERAL_DAMAGE", @cdp) == "ND" && get_key("TARGET_DISTRIBUTION", @td) == "ND" && get_key("CONFIDENTIALITY_REQUIREMENT", @cr) == "ND" && get_key("INTEGRITY_REQUIREMENT", @ir) == "ND" && get_key("AVAILABILITY_REQUIREMENT", @ar) == "ND"
96
- return true
97
- else
98
- return false
99
- end
100
- end
101
-
102
- def notemporal
103
- if get_key("EXPLOITABILITY", @ex) == "ND" && get_key("REMEDIATION_LEVEL", @rl) == "ND" && get_key("REPORT_CONFIDENCE", @rc) == "ND"
104
- return true
105
- else
106
- return false
107
- end
108
- end
109
-
110
118
  def set_key
111
119
  @key = "AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s" % [ get_key("ACCESS_VECTOR", @av),
112
120
  get_key("ACCESS_COMPLEXITY", @ac),
@@ -115,13 +123,13 @@ module Cvss
115
123
  get_key("INTEGRITY_IMPACT", @ii),
116
124
  get_key("AVAILABILITY_IMPACT", @ai)]
117
125
 
118
- if !notemporal
126
+ if !notemporal?
119
127
  @key += "/E:%s/RL:%s/RC:%s" % [ get_key("EXPLOITABILITY", @ex),
120
128
  get_key("REMEDIATION_LEVEL", @rl),
121
129
  get_key("REPORT_CONFIDENCE", @rc)]
122
130
  end
123
131
 
124
- if !noenvironmental
132
+ if !noenvironmental?
125
133
  @key += "/CDP:%s/TD:%s/CR:%s/IR:%s/AR:%s" % [ get_key("COLLATERAL_DAMAGE", @cdp),
126
134
  get_key("TARGET_DISTRIBUTION", @td),
127
135
  get_key("CONFIDENTIALITY_REQUIREMENT", @cr),
@@ -360,7 +368,7 @@ module Cvss
360
368
  string = vector.split("/")
361
369
  len = string.length
362
370
 
363
- self.init
371
+ init
364
372
 
365
373
  @originalkey = vector
366
374
 
@@ -379,9 +387,9 @@ module Cvss
379
387
  printf "Base Score:\t\t\t%3.1f\n", @base
380
388
  printf " Impact Subscore:\t\t%3.1f\n", @impact
381
389
  printf " Exploitability Subscore:\t%3.1f\n", @exploitability
382
- printf "Temporal Score:\t\t\t%3.1f\n", @temporal if !self.notemporal
383
- printf "Environmental Score:\t\t%3.1f\n", @environmental if !self.noenvironmental
384
- printf " Adjusted Impact Score:\t%3.1f\n", @adjimpact if !self.noenvironmental
390
+ printf "Temporal Score:\t\t\t%3.1f\n", @temporal if !notemporal?
391
+ printf "Environmental Score:\t\t%3.1f\n", @environmental if !noenvironmental?
392
+ printf " Adjusted Impact Score:\t%3.1f\n", @adjimpact if !noenvironmental?
385
393
  printf "Overall Score:\t\t\t%3.1f\n", overallscore
386
394
  end
387
395
 
@@ -420,8 +428,8 @@ module Cvss
420
428
  end
421
429
 
422
430
  def overallscore
423
- if self.noenvironmental
424
- if self.notemporal
431
+ if noenvironmental?
432
+ if notemporal?
425
433
  overallscore = @base
426
434
  else
427
435
  overallscore = @temporal
@@ -432,10 +440,6 @@ module Cvss
432
440
  return overallscore
433
441
  end
434
442
 
435
- def impactfunction(impact)
436
- return impact != 0 ? 1.176 : 0.0
437
- end
438
-
439
443
  def impactscore
440
444
  impact = 10.41*(1.0-(1.0-@ci.abs)*(1.0-@ii.abs)*(1.0-@ai.abs))
441
445
  end
@@ -4,7 +4,7 @@ require 'cvss_rating'
4
4
 
5
5
  class CvssRatingTest < MiniTest::Unit::TestCase
6
6
  def setup
7
- @cvss = Cvss::Rating.new
7
+ @cvss = Cvss2::Rating.new
8
8
  @cvss.av = "N"
9
9
  @cvss.ac = "M"
10
10
  @cvss.au = "N"
@@ -13,7 +13,7 @@ class CvssRatingTest < MiniTest::Unit::TestCase
13
13
  @cvss.ai = "P"
14
14
  @cvss.set_key
15
15
 
16
- @cvss_2 = Cvss::Rating.new
16
+ @cvss_2 = Cvss2::Rating.new
17
17
  @cvss_2.av = "L"
18
18
  @cvss_2.ac = "M"
19
19
  @cvss_2.au = "M"
@@ -29,7 +29,7 @@ class CvssRatingTest < MiniTest::Unit::TestCase
29
29
  end
30
30
 
31
31
  def test_cvss_rating_from_vector
32
- cvss = Cvss::Rating.new
32
+ cvss = Cvss2::Rating.new
33
33
  cvss.parse("AV:N/AC:M/Au:N/C:P/I:P/A:P")
34
34
  assert_equal @cvss.key, cvss.key
35
35
 
@@ -37,7 +37,6 @@ class CvssRatingTest < MiniTest::Unit::TestCase
37
37
 
38
38
  assert_equal @cvss.overallscore, cvss.overallscore
39
39
 
40
- cvss.init
41
40
  cvss.parse("AV:L/AC:M/Au:M/C:P/I:C/A:C/CDP:L/TD:H/CR:M/IR:M/AR:M")
42
41
  assert_equal @cvss_2.key, cvss.key
43
42
 
@@ -47,8 +46,7 @@ class CvssRatingTest < MiniTest::Unit::TestCase
47
46
  end
48
47
 
49
48
  def test_cvss_rating_parameters
50
- cvss = Cvss::Rating.new
51
- cvss.init
49
+ cvss = Cvss2::Rating.new
52
50
 
53
51
  cvss.av = "local"
54
52
 
@@ -58,4 +56,14 @@ class CvssRatingTest < MiniTest::Unit::TestCase
58
56
 
59
57
  assert_equal @cvss_2.cdp, cvss.cdp
60
58
  end
59
+
60
+ def test_cvss_rating_scores
61
+ cvss = Cvss2::Rating.new
62
+
63
+ cvss.scores("N", "M", "N", "P", "P", "P")
64
+ assert_equal @cvss.key, cvss.key
65
+
66
+ cvss.scores("L", "M", "M", "P", "C", "C", "ND", "ND", "ND", "L", "H", "M", "M", "M")
67
+ assert_equal @cvss_2.key, cvss.key
68
+ end
61
69
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cvss_rating
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stephen Kapp
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-14 00:00:00.000000000 Z
11
+ date: 2015-08-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -38,7 +38,36 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
- description: CVSS Risk Rating Calucation and Vector parsing, implements CVSS 2.0 rating
41
+ - !ruby/object:Gem::Dependency
42
+ name: activesupport
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ description: CVSS Risk Rating Calculation and Vector parsing, implements CVSS 2.0
70
+ rating
42
71
  email:
43
72
  - mort666@virus.org
44
73
  executables: []
@@ -46,6 +75,7 @@ extensions: []
46
75
  extra_rdoc_files: []
47
76
  files:
48
77
  - ".gitignore"
78
+ - ".travis.yml"
49
79
  - Gemfile
50
80
  - LICENSE.txt
51
81
  - README.md
@@ -77,6 +107,6 @@ rubyforge_project:
77
107
  rubygems_version: 2.2.2
78
108
  signing_key:
79
109
  specification_version: 4
80
- summary: CVSS Risk Rating Calucation and Vector parsing
110
+ summary: CVSS Risk Rating Calculation and Vector parsing
81
111
  test_files:
82
112
  - test/cvss_rating_test.rb