cvss_rating 0.5.3 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cvss2_rating.rb +94 -94
  3. data/lib/cvss_rating/cvss3_metrics.rb +10 -10
  4. data/lib/cvss_rating/cvss3_vectors.rb +1 -1
  5. data/lib/cvss_rating/version.rb +1 -1
  6. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ba239c3a20044c1f0bdec1bf20040f292fc58a0a
4
- data.tar.gz: dd3f4a378df8d13d73240ba8ec36dcb4a20c0a63
3
+ metadata.gz: d40ab4144b20e818426f9b7c0d00ef0cc8a65f98
4
+ data.tar.gz: f7c8de9e33c26e7424f32a5b39e32c0a2730edbd
5
5
  SHA512:
6
- metadata.gz: 7c09e29ab6844f87a3279fec34da5ec3bbdc7c68b9dd2f583745f214feeffab34e6d35c70c3ac99b2a67dd2b760ce3bed39da5c0689f37f0d21a36a50bf7325d
7
- data.tar.gz: 80391b4cc42fa467640cacc70dd06af7ee5a413abefa1410d234a0ce81ab9093e6c9914ac33f26aa0bc733760c3a20c637aad19d79dce1e74da2bc2cfd9c8478
6
+ metadata.gz: 34c4a7f964cf42aafd363a03a3f7b89cbdf95c3dba1051180eb47a3cbf91a2d35ca169a0332b60ef83fe1b55aea184b041539d434965e34a5b08fd6643086760
7
+ data.tar.gz: 061866fa6702670cfa2eedadbc7c95943c5e64781a833080ca5c50e7e3a5c952f3b249453f9ac0db7c093a6d5731ae308501fe18c3666755513519a6b8ee5bbc
data/lib/cvss2_rating.rb CHANGED
@@ -2,47 +2,47 @@ require "cvss_rating/version"
2
2
 
3
3
  module Cvss2
4
4
  class Rating
5
-
6
- attr_accessor :av, :ac, :au, :ci, :ii, :ai, :ex, :rl, :rc, :cdp, :td, :cr, :ir, :ar
5
+
6
+ attr_accessor :av, :ac, :au, :ci, :ii, :ai, :ex, :rl, :rc, :cdp, :td, :cr, :ir, :ar
7
7
  attr_accessor :base, :temporal, :overall, :environmental, :impact, :exploitability, :adjimpact, :key
8
-
8
+
9
9
  ACCESS_VECTOR = { :local => 0.395, :adjacent_network => 0.646, :network => 1.0 }
10
10
  ACCESS_COMPLEXITY = { :high => 0.35, :medium => 0.61, :low => 0.71 }
11
11
  AUTHENTICATION = { :none => 0.704, :single => 0.56, :multiple => 0.45 }
12
-
12
+
13
13
  CONFIDENTIALITY_IMPACT = { :none => 0.0, :partial => 0.275, :complete => 0.660 }
14
14
  INTEGRITY_IMPACT = { :none => 0.0, :partial => 0.275, :complete => 0.660 }
15
15
  AVAILABILITY_IMPACT = { :none => 0.0, :partial => 0.275, :complete => 0.660 }
16
-
16
+
17
17
  CONFIDENTIALITY_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
18
18
  INTEGRITY_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
19
19
  AVAILABILITY_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
20
-
20
+
21
21
  EXPLOITABILITY = { :unproven => 0.85, :poc => 0.9, :functional => 0.95, :high => 1.0, :notdefined => -1.0 }
22
22
  REMEDIATION_LEVEL = { :official => 0.87, :temporary => 0.9, :workaround => 0.95, :unavailable => 1.0, :notdefined => -1.0 }
23
23
  REPORT_CONFIDENCE = { :unconfirmed => 0.90, :uncorroborated => 0.95, :confirmed => 1.0, :notdefined => -1.0 }
24
-
24
+
25
25
  COLLATERAL_DAMAGE = { :none => 0.0, :low => 0.1, :low_medium => 0.3, :medium_high => 0.4, :high => 0.5, :notdefined => -1.0 }
26
26
  TARGET_DISTRIBUTION = { :none => 0.0, :low => 0.25, :medium => 0.75, :high => 1.0, :notdefined => -1.0 }
27
-
27
+
28
28
  ACCESS_VECTOR_KEY = { :local => 'L', :adjacent_network => 'A', :network => 'N' }
29
29
  ACCESS_COMPLEXITY_KEY = { :high => 'H', :medium => 'M', :low => 'L' }
30
30
  AUTHENTICATION_KEY = { :none => 'N', :single => 'S', :multiple => 'M' }
31
-
31
+
32
32
  CONFIDENTIALITY_IMPACT_KEY = { :none => 'N', :partial => 'P', :complete => 'C' }
33
33
  INTEGRITY_IMPACT_KEY = { :none => 'N', :partial => 'P', :complete => 'C' }
34
34
  AVAILABILITY_IMPACT_KEY = { :none => 'N', :partial => 'P', :complete => 'C' }
35
-
35
+
36
36
  CONFIDENTIALITY_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
37
37
  INTEGRITY_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
38
38
  AVAILABILITY_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
39
-
40
- EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'P', :functional => 'F', :high => 'H', :notdefined => 'ND' }
39
+
40
+ EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'POC', :functional => 'F', :high => 'H', :notdefined => 'ND' }
41
41
  REMEDIATION_LEVEL_KEY = { :official => 'OF', :temporary => "TF", :workaround => 'W', :unavailable => 'U', :notdefined => 'ND' }
42
42
  REPORT_CONFIDENCE_KEY = { :unconfirmed => 'UC', :uncorroborated => 'UR', :confirmed => 'C', :notdefined => 'ND' }
43
-
43
+
44
44
  COLLATERAL_DAMAGE_KEY = { :none => 'N', :low => 'L', :low_medium => 'LM', :medium_high => 'MH', :high => 'H', :notdefined => 'ND' }
45
- TARGET_DISTRIBUTION_KEY = { :none => 'N', :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
45
+ TARGET_DISTRIBUTION_KEY = { :none => 'N', :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
46
46
 
47
47
  private
48
48
 
@@ -57,7 +57,7 @@ module Cvss2
57
57
  return false
58
58
  end
59
59
  end
60
-
60
+
61
61
  def notemporal?
62
62
  if get_key("EXPLOITABILITY", @ex) == "ND" && get_key("REMEDIATION_LEVEL", @rl) == "ND" && get_key("REPORT_CONFIDENCE", @rc) == "ND"
63
63
  return true
@@ -80,18 +80,18 @@ module Cvss2
80
80
 
81
81
  public
82
82
 
83
- def initialize(attributes = {})
84
- @base = nil
85
- @temporal = nil
86
- @environmental = nil
87
-
83
+ def initialize(attributes = {})
84
+ @base = nil
85
+ @temporal = nil
86
+ @environmental = nil
87
+
88
88
  init
89
89
 
90
90
  attributes.each do |name, value|
91
91
  send("#{name}=", value)
92
92
  end
93
93
  end
94
-
94
+
95
95
  def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
96
96
  self.av = av
97
97
  self.ac = ac
@@ -99,7 +99,7 @@ module Cvss2
99
99
  self.ci = ci
100
100
  self.ii = ii
101
101
  self.ai = ai
102
-
102
+
103
103
  self.ex = ex
104
104
  self.rl = rl
105
105
  self.rc = rc
@@ -110,11 +110,11 @@ module Cvss2
110
110
  self.ir = ir
111
111
  self.ar = ar
112
112
  end
113
-
113
+
114
114
  def get_key(vector, value)
115
115
  get_key = eval(vector + "_KEY")[(eval(vector).select { |k,v| v == value }).keys[0]]
116
116
  end
117
-
117
+
118
118
  def set_key
119
119
  @key = "AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s" % [ get_key("ACCESS_VECTOR", @av),
120
120
  get_key("ACCESS_COMPLEXITY", @ac),
@@ -122,13 +122,13 @@ module Cvss2
122
122
  get_key("CONFIDENTIALITY_IMPACT", @ci),
123
123
  get_key("INTEGRITY_IMPACT", @ii),
124
124
  get_key("AVAILABILITY_IMPACT", @ai)]
125
-
125
+
126
126
  if !notemporal?
127
127
  @key += "/E:%s/RL:%s/RC:%s" % [ get_key("EXPLOITABILITY", @ex),
128
128
  get_key("REMEDIATION_LEVEL", @rl),
129
129
  get_key("REPORT_CONFIDENCE", @rc)]
130
130
  end
131
-
131
+
132
132
  if !noenvironmental?
133
133
  @key += "/CDP:%s/TD:%s/CR:%s/IR:%s/AR:%s" % [ get_key("COLLATERAL_DAMAGE", @cdp),
134
134
  get_key("TARGET_DISTRIBUTION", @td),
@@ -137,216 +137,216 @@ module Cvss2
137
137
  get_key("AVAILABILITY_REQUIREMENT", @ar)]
138
138
  end
139
139
  end
140
-
140
+
141
141
  def av=(av)
142
142
  @av = case av
143
143
  when "local", "L" then ACCESS_VECTOR[:local]
144
144
  when "adjacent network", "A" then ACCESS_VECTOR[:adjacent_network]
145
145
  when "network", "N" then ACCESS_VECTOR[:network]
146
- else
146
+ else
147
147
  raise "Bad Argument"
148
148
  end
149
149
  end
150
-
150
+
151
151
  def av
152
152
  av = get_key("ACCESS_VECTOR", @av) if !@av.nil?
153
153
  end
154
-
154
+
155
155
  def ac=(ac)
156
156
  @ac = case ac
157
157
  when "high", "H" then ACCESS_COMPLEXITY[:high]
158
158
  when "medium", "M" then ACCESS_COMPLEXITY[:medium]
159
159
  when "low", "L" then ACCESS_COMPLEXITY[:low]
160
- else
160
+ else
161
161
  raise "Bad Argument"
162
162
  end
163
163
  end
164
-
164
+
165
165
  def ac
166
166
  ac = get_key("ACCESS_COMPLEXITY", @ac) if !@ac.nil?
167
167
  end
168
-
168
+
169
169
  def au=(au)
170
170
  @au = case au
171
171
  when "none", "N" then AUTHENTICATION[:none]
172
172
  when "single instance", "S" then AUTHENTICATION[:single]
173
173
  when "multiple instance", "M" then AUTHENTICATION[:multiple]
174
- else
174
+ else
175
175
  raise "Bad Argument"
176
176
  end
177
177
  end
178
-
178
+
179
179
  def au
180
180
  au = get_key("AUTHENTICATION", @au) if !@au.nil?
181
181
  end
182
-
182
+
183
183
  def ci=(ci)
184
184
  @ci = case ci
185
185
  when "none", "N" then CONFIDENTIALITY_IMPACT[:none]
186
186
  when "partial", "P" then CONFIDENTIALITY_IMPACT[:partial]
187
187
  when "complete", "C" then CONFIDENTIALITY_IMPACT[:complete]
188
- else
188
+ else
189
189
  raise "Bad Argument"
190
190
  end
191
191
  end
192
-
192
+
193
193
  def ci
194
194
  ci = get_key("CONFIDENTIALITY_IMPACT", @ci) if !@ci.nil?
195
195
  end
196
-
196
+
197
197
  def ii=(ii)
198
198
  @ii = case ii
199
199
  when "none", "N" then INTEGRITY_IMPACT[:none]
200
200
  when "partial", "P" then INTEGRITY_IMPACT[:partial]
201
201
  when "complete", "C" then INTEGRITY_IMPACT[:complete]
202
- else
202
+ else
203
203
  raise "Bad Argument"
204
204
  end
205
205
  end
206
-
206
+
207
207
  def ii
208
208
  ii = get_key("INTEGRITY_IMPACT", @ii) if !@ii.nil?
209
209
  end
210
-
210
+
211
211
  def ai=(ai)
212
212
  @ai = case ai
213
213
  when "none", "N" then AVAILABILITY_IMPACT[:none]
214
214
  when "partial", "P" then AVAILABILITY_IMPACT[:partial]
215
215
  when "complete", "C" then AVAILABILITY_IMPACT[:complete]
216
- else
216
+ else
217
217
  raise "Bad Argument"
218
218
  end
219
219
  end
220
-
220
+
221
221
  def ai
222
222
  ai = get_key("AVAILABILITY_IMPACT", @ai) if !@ai.nil?
223
223
  end
224
-
224
+
225
225
  def ex=(ex)
226
226
  @ex = case ex
227
227
  when "unproven", "U" then EXPLOITABILITY[:unproven]
228
228
  when "proof-of-concept", "P", "POC" then EXPLOITABILITY[:poc]
229
229
  when "functional", "F" then EXPLOITABILITY[:functional]
230
- when "high", "H" then EXPLOITABILITY[:high]
230
+ when "high", "H" then EXPLOITABILITY[:high]
231
231
  when "not defined", "ND" then EXPLOITABILITY[:notdefined]
232
- else
232
+ else
233
233
  raise "Bad Argument"
234
234
  end
235
235
  end
236
-
236
+
237
237
  def ex
238
238
  ex = get_key("EXPLOITABILITY", @ex) if !@ex.nil?
239
239
  end
240
-
240
+
241
241
  def rl=(rl)
242
242
  @rl = case rl
243
- when "official-fix", "O" then REMEDIATION_LEVEL[:official]
243
+ when "official-fix", "O", "OF" then REMEDIATION_LEVEL[:official]
244
244
  when "temporary-fix", "T", "TF" then REMEDIATION_LEVEL[:temporary]
245
245
  when "workaround", "W" then REMEDIATION_LEVEL[:workaround]
246
- when "unavailable", "U" then REMEDIATION_LEVEL[:unavailable]
246
+ when "unavailable", "U" then REMEDIATION_LEVEL[:unavailable]
247
247
  when "not defined", "ND" then REMEDIATION_LEVEL[:notdefined]
248
- else
248
+ else
249
249
  raise "Bad Argument"
250
250
  end
251
251
  end
252
-
252
+
253
253
  def rl
254
254
  rl = get_key("REMEDIATION_LEVEL", @rl) if !@rl.nil?
255
255
  end
256
-
256
+
257
257
  def rc=(rc)
258
258
  @rc = case rc
259
259
  when "unconfirmed", "UC" then REPORT_CONFIDENCE[:unconfirmed]
260
260
  when "uncorroborated", "UR" then REPORT_CONFIDENCE[:uncorroborated]
261
- when "confirmed", "C" then REPORT_CONFIDENCE[:confirmed]
261
+ when "confirmed", "C" then REPORT_CONFIDENCE[:confirmed]
262
262
  when "not defined", "ND" then REPORT_CONFIDENCE[:notdefined]
263
- else
263
+ else
264
264
  raise "Bad Argument"
265
265
  end
266
266
  end
267
-
267
+
268
268
  def rc
269
269
  rc = get_key("REPORT_CONFIDENCE", @rc) if !@av.nil?
270
270
  end
271
-
271
+
272
272
  def cdp=(cd)
273
273
  @cdp = case cd
274
274
  when "none", "N" then COLLATERAL_DAMAGE[:none]
275
275
  when "low", "L" then COLLATERAL_DAMAGE[:low]
276
276
  when "low-medium", "LM" then COLLATERAL_DAMAGE[:low_medium]
277
277
  when "medium-high", "MH" then COLLATERAL_DAMAGE[:medium_high]
278
- when "high", "H" then COLLATERAL_DAMAGE[:high]
278
+ when "high", "H" then COLLATERAL_DAMAGE[:high]
279
279
  when "not defined", "ND" then COLLATERAL_DAMAGE[:notdefined]
280
- else
280
+ else
281
281
  raise "Bad Argument"
282
282
  end
283
283
  end
284
-
284
+
285
285
  def cdp
286
286
  cdp = get_key("COLLATERAL_DAMAGE", @cdp) if !@cdp.nil?
287
287
  end
288
-
288
+
289
289
  def td=(td)
290
290
  @td = case td
291
291
  when "none", "N" then TARGET_DISTRIBUTION[:none]
292
292
  when "low", "L" then TARGET_DISTRIBUTION[:low]
293
293
  when "medium", "M" then TARGET_DISTRIBUTION[:medium]
294
- when "high", "H" then TARGET_DISTRIBUTION[:high]
294
+ when "high", "H" then TARGET_DISTRIBUTION[:high]
295
295
  when "not defined", "ND" then TARGET_DISTRIBUTION[:notdefined]
296
- else
296
+ else
297
297
  raise "Bad Argument"
298
298
  end
299
299
  end
300
-
300
+
301
301
  def td
302
302
  td = get_key("TARGET_DISTRIBUTION", @td) if !@td.nil?
303
303
  end
304
-
304
+
305
305
  def cr=(cr)
306
306
  @cr = case cr
307
307
  when "low", "L" then CONFIDENTIALITY_REQUIREMENT[:low]
308
308
  when "medium", "M" then CONFIDENTIALITY_REQUIREMENT[:medium]
309
- when "high", "H" then CONFIDENTIALITY_REQUIREMENT[:high]
309
+ when "high", "H" then CONFIDENTIALITY_REQUIREMENT[:high]
310
310
  when "not defined", "ND" then CONFIDENTIALITY_REQUIREMENT[:notdefined]
311
- else
311
+ else
312
312
  raise "Bad Argument"
313
313
  end
314
314
  end
315
-
315
+
316
316
  def cr
317
317
  cr = get_key("CONFIDENTIALITY_REQUIREMENT", @cr) if !@cr.nil?
318
318
  end
319
-
319
+
320
320
  def ir=(ir)
321
321
  @ir = case ir
322
322
  when "low", "L" then INTEGRITY_REQUIREMENT[:low]
323
323
  when "medium", "M" then INTEGRITY_REQUIREMENT[:medium]
324
- when "high", "H" then INTEGRITY_REQUIREMENT[:high]
324
+ when "high", "H" then INTEGRITY_REQUIREMENT[:high]
325
325
  when "not defined", "ND" then INTEGRITY_REQUIREMENT[:notdefined]
326
- else
326
+ else
327
327
  raise "Bad Argument"
328
328
  end
329
329
  end
330
-
330
+
331
331
  def ir
332
332
  ir = get_key("INTEGRITY_REQUIREMENT", @ir) if !@ir.nil?
333
333
  end
334
-
334
+
335
335
  def ar=(ar)
336
336
  @ar = case ar
337
337
  when "low", "L" then AVAILABILITY_REQUIREMENT[:low]
338
338
  when "medium", "M" then AVAILABILITY_REQUIREMENT[:medium]
339
- when "high", "H" then AVAILABILITY_REQUIREMENT[:high]
339
+ when "high", "H" then AVAILABILITY_REQUIREMENT[:high]
340
340
  when "not defined", "ND" then AVAILABILITY_REQUIREMENT[:notdefined]
341
- else
341
+ else
342
342
  raise "Bad Argument"
343
343
  end
344
344
  end
345
-
345
+
346
346
  def ar
347
347
  ar = get_key("AVAILABILITY_REQUIREMENT", @ar) if !@ar.nil?
348
348
  end
349
-
349
+
350
350
  VECTORS = {
351
351
  "av" => "av=",
352
352
  "ac" => "ac=",
@@ -363,7 +363,7 @@ module Cvss2
363
363
  "ir" => "ir=",
364
364
  "ar" => "ar="
365
365
  }
366
-
366
+
367
367
  def parse(vector)
368
368
  string = vector.split("/")
369
369
  len = string.length
@@ -371,12 +371,12 @@ module Cvss2
371
371
  init
372
372
 
373
373
  @originalkey = vector
374
-
374
+
375
375
  string.each do |section|
376
376
  tmp = section.split(":")
377
- send(VECTORS[tmp[0].downcase].to_sym, tmp[1])
377
+ send(VECTORS[tmp[0].downcase].to_sym, tmp[1])
378
378
  end
379
- end
379
+ end
380
380
 
381
381
  def key
382
382
  self.set_key
@@ -392,41 +392,41 @@ module Cvss2
392
392
  printf " Adjusted Impact Score:\t%3.1f\n", @adjimpact if !noenvironmental?
393
393
  printf "Overall Score:\t\t\t%3.1f\n", overallscore
394
394
  end
395
-
395
+
396
396
  def calculate
397
397
  @impact = self.impactscore
398
398
  @adjimpact = self.adjustedimpactscore
399
399
  @exploitability = self.exploitabilityscore
400
400
  @base = self.basescore
401
401
  @temporal = self.temporalscore
402
- @environmental = self.environmentalscore(self.adjustedtemporalscore(self.adjustedbasescore(@adjimpact, @exploitability)))
402
+ @environmental = self.environmentalscore(self.adjustedtemporalscore(self.adjustedbasescore(@adjimpact, @exploitability)))
403
403
  end
404
-
404
+
405
405
  def adjustedimpactscore
406
406
  tmp = []
407
407
  tmp[0] = 10
408
408
  tmp[1] = 10.41*(1-(1-@ci.abs*@cr.abs)*(1-@ii.abs*@ir.abs)*(1-@ai.abs*@ar.abs))
409
409
  adjustedimpactscore = tmp.min
410
410
  end
411
-
411
+
412
412
  def adjustedbasescore(adjustedimpact, exploitabilityscore)
413
413
  adjustedbasescore = (0.6*adjustedimpact + 0.4 * exploitabilityscore - 1.5) * impactfunction(adjustedimpact)
414
414
  end
415
-
415
+
416
416
  def adjustedtemporalscore(adjustedbasescore)
417
417
  adjustedtemporalscore = adjustedbasescore * @ex.abs * @rl.abs * @rc.abs
418
418
  end
419
-
419
+
420
420
  def exploitabilityscore
421
421
  exploitability = 20 * @ac.abs * @au.abs * @av.abs
422
422
  end
423
-
423
+
424
424
  def environmentalscore(adjustedtemporalscore)
425
425
  environmentalscore = (adjustedtemporalscore + (10 - adjustedtemporalscore) * (@cdp == -1 ? 0 : @cdp.abs)) * @td.abs
426
-
426
+
427
427
  return environmentalscore == 0.0 ? "Undefined" : environmentalscore
428
428
  end
429
-
429
+
430
430
  def overallscore
431
431
  if noenvironmental?
432
432
  if notemporal?
@@ -439,15 +439,15 @@ module Cvss2
439
439
  end
440
440
  return overallscore
441
441
  end
442
-
442
+
443
443
  def impactscore
444
444
  impact = 10.41*(1.0-(1.0-@ci.abs)*(1.0-@ii.abs)*(1.0-@ai.abs))
445
445
  end
446
-
446
+
447
447
  def basescore
448
448
  basescore = (0.6 * @impact + 0.4 * @exploitability - 1.5) * impactfunction(@impact)
449
449
  end
450
-
450
+
451
451
  def temporalscore
452
452
  temporalscore = @base * @ex.abs * @rl.abs * @rc.abs
453
453
 
data/lib/cvss_rating/cvss3_metrics.rb CHANGED
@@ -33,20 +33,20 @@ module Cvss3
33
33
 
34
34
  CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H' }
35
35
 
36
- CIA_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
36
+ CIA_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :not_defined => 'X' }
37
37
 
38
- EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'P', :functional => 'F', :high => 'H', :not_defined => 'ND' }
39
- REMEDIATION_LEVEL_KEY = { :official => 'O', :temporary => "T", :workaround => 'W', :unavailable => 'U', :not_defined => 'ND' }
40
- REPORT_CONFIDENCE_KEY = { :unknown => 'U', :reasonable => 'R', :confirmed => 'C', :not_defined => 'ND' }
38
+ EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'P', :functional => 'F', :high => 'H', :not_defined => 'X' }
39
+ REMEDIATION_LEVEL_KEY = { :official => 'O', :temporary => "T", :workaround => 'W', :unavailable => 'U', :not_defined => 'X' }
40
+ REPORT_CONFIDENCE_KEY = { :unknown => 'U', :reasonable => 'R', :confirmed => 'C', :not_defined => 'X' }
41
41
 
42
- MODIFIED_ATTACK_VECTOR_KEY = { :physical => 'P', :local => 'L', :adjacent_network => 'A', :network => 'N' }
43
- MODIFIED_ATTACK_COMPLEXITY_KEY = { :high => 'H', :low => 'L' }
42
+ MODIFIED_ATTACK_VECTOR_KEY = { :physical => 'P', :local => 'L', :adjacent_network => 'A', :network => 'N', :not_defined => 'X' }
43
+ MODIFIED_ATTACK_COMPLEXITY_KEY = { :high => 'H', :low => 'L', :not_defined => 'X'}
44
44
  MODIFIED_PRIVILEGE_REQUIRED_KEY = { :none => 'N', :low => 'L', :high => 'H' }
45
- MODIFIED_PRIVILEGE_REQUIRED_CHANGED_KEY = { :none => 'N', :low => 'L', :high => 'H' }
46
- MODIFIED_USER_INTERACTION_KEY = { :none => 'N', :required => 'R' }
45
+ MODIFIED_PRIVILEGE_REQUIRED_CHANGED_KEY = { :none => 'N', :low => 'L', :high => 'H', :not_defined => 'X' }
46
+ MODIFIED_USER_INTERACTION_KEY = { :none => 'N', :required => 'R', :not_defined => 'X' }
47
47
 
48
- MODIFIED_SCOPE_KEY = { :changed => 'C', :unchanged => 'U' }
48
+ MODIFIED_SCOPE_KEY = { :changed => 'C', :unchanged => 'U', :not_defined => 'X' }
49
49
 
50
- MODIFIED_CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H' }
50
+ MODIFIED_CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H', :not_defined => 'X' }
51
51
  end
52
52
  end
data/lib/cvss_rating/cvss3_vectors.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Cvss3Vectors
2
- attr_reader :av, :ac, :ui, :sc, :ci, :ai, :ii, :ex, :rl, :rc, :pr, :td, :cr, :ir
2
+ attr_reader :av, :ac, :ui, :sc, :ci, :ai, :ii, :ex, :rl, :rc, :pr, :ar, :cr, :ir
3
3
 
4
4
  VECTORS = {
5
5
  "cvss" => "cvss3=",
data/lib/cvss_rating/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Cvss2
2
2
  class Rating
3
- VERSION = "0.5.3"
3
+ VERSION = "0.5.4"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cvss_rating
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.3
4
+ version: 0.5.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stephen Kapp
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-27 00:00:00.000000000 Z
11
+ date: 2016-02-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -109,10 +109,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
109
109
  version: '0'
110
110
  requirements: []
111
111
  rubyforge_project:
112
- rubygems_version: 2.2.2
112
+ rubygems_version: 2.4.3
113
113
  signing_key:
114
114
  specification_version: 4
115
115
  summary: CVSS Risk Rating Calculation and Vector parsing
116
116
  test_files:
117
117
  - test/cvss2_rating_test.rb
118
118
  - test/cvss3_rating_test.rb
119
+ has_rdoc: