cvss_rating 0.5.5 → 0.5.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 22b85441ed9dfd750176b5482942257a3fa5e6f5
4
- data.tar.gz: 4840564e357dd55f6789937a55ae139d40644ab9
3
+ metadata.gz: c2ccbd12f5c9e7e10efc37d8bf8169c30a2a8cae
4
+ data.tar.gz: 5948fc4bbc27d6aff4a28c93174b9e4f59f420f9
5
5
  SHA512:
6
- metadata.gz: 262b65ba421f8e9bb3f8ad9179715119a6a845d1c976465c42600e0e4585451308505f958f0069dd27821f6713ad7f3e621fdb325873b8628a4c6ddf3ab85e3d
7
- data.tar.gz: '028f893b2c1e80064cf822c97f02d4905d6f9711b16d95027408018013ca26bff76a4835ded93afefd83fae62d36d9d9d9c6b4cf1b18b5200348b0b28d7194a4'
6
+ metadata.gz: aab7c7a86f48db5a0b4e9af1e8cd1ce97e5985dca60e1935c7998aaa2642a60925788c1150886d34b2824af95a04dd03dedb2328b04e49ed972dff5806ac6d3b
7
+ data.tar.gz: 782d77519ad0d104e8d88cdef42a7e206259df1f789ff4cca33b326d575e9bbb27a4300fa901e629f9b4034b6785b7ef5425c2e6351f140963488f01fc8e615d
data/.gitignore CHANGED
@@ -20,3 +20,5 @@ tmp
20
20
  *.o
21
21
  *.a
22
22
  mkmf.log
23
+
24
+ .byebug_history
data/cvss_rating.gemspec CHANGED
@@ -22,4 +22,5 @@ Gem::Specification.new do |spec|
22
22
  spec.add_development_dependency "minitest"
23
23
  spec.add_development_dependency "activesupport"
24
24
  spec.add_development_dependency "rake"
25
+ spec.add_development_dependency "byebug"
25
26
  end
data/lib/cvss3_rating.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # @author Stephen Kapp
2
2
 
3
3
  require "cvss_rating/version"
4
+ require "cvss_rating/float"
4
5
  require "cvss_rating/cvss3_formulas"
5
6
  require "cvss_rating/cvss3_metrics"
6
7
  require "cvss_rating/cvss3_vectors"
@@ -17,7 +18,7 @@ module Cvss3
17
18
  # @param list [Hash] list of CVSS 3.0 attributes to be used during initialization
18
19
  #
19
20
 
20
- def initialize(attributes = {})
21
+ def initialize(attributes = {})
21
22
  init
22
23
 
23
24
  attributes.each do |name, value|
@@ -25,7 +26,7 @@ module Cvss3
25
26
  end
26
27
  end
27
28
 
28
-
29
+
29
30
  #
30
31
  # Takes score and determines risk level from None to Critical
31
32
  #
@@ -49,20 +50,22 @@ module Cvss3
49
50
  end
50
51
  end
51
52
 
52
-
53
+
53
54
  #
54
55
  # Calculate the CVSS 3.0 Base Score
55
56
  #
56
57
  # @return [Array] the CVSS 3.0 Base score with its risk level
57
58
 
58
59
  def cvss_base_score
60
+ byebug if @pr.nil?
61
+
59
62
  @exploitability = ::Cvss3::Formulas.new.exploitability_sub_score(@av, @ac, @pr, @ui)
60
63
 
61
- @impact = ::Cvss3::Formulas.new.impact_sub_score_base(@ai, @ci, @ii)
64
+ @impact = ::Cvss3::Formulas.new.impact_sub_score_base(@ai, @ci, @ii)
62
65
 
63
66
  @base = ::Cvss3::Formulas.new.cvss_base_formula(@impact, @sc, @exploitability)
64
67
 
65
- @base_level = risk_score(@base)
68
+ @base_level = risk_score(@base)
66
69
 
67
70
  return @base, @base_level
68
71
  end
@@ -88,13 +91,13 @@ module Cvss3
88
91
  # @return [Array] the CVSS 3.0 Temporal score with its risk level
89
92
 
90
93
  def cvss_environmental_score
91
- exploitability_sub_score_value_modified = ::Cvss3::Formulas.new.exploitability_sub_score_modified(self.mav(true),
94
+ exploitability_sub_score_value_modified = ::Cvss3::Formulas.new.exploitability_sub_score_modified(self.mav(true),
92
95
  self.mac(true), self.mpr(true), self.mui(true))
93
96
 
94
- impact_sub_score_value_modified = ::Cvss3::Formulas.new.impact_sub_score_modified_base(self.ma(true), self.mc(true),
97
+ impact_sub_score_value_modified = ::Cvss3::Formulas.new.impact_sub_score_modified_base(self.ma(true), self.mc(true),
95
98
  self.mi(true), @cr, @ir, @ar)
96
99
 
97
- @environmental = ::Cvss3::Formulas.new.cvss_environmental_formula(impact_sub_score_value_modified,
100
+ @environmental = ::Cvss3::Formulas.new.cvss_environmental_formula(impact_sub_score_value_modified,
98
101
  exploitability_sub_score_value_modified,
99
102
  @ex, @rl, @rc, self.ms(true))
100
103
 
@@ -103,4 +106,4 @@ module Cvss3
103
106
  return @environmental, @environmental_level
104
107
  end
105
108
  end
106
- end
109
+ end
@@ -1,103 +1,90 @@
1
1
  module Cvss3
2
- class Formulas
3
- EXPLOITABILITY_COEFFICIENT = 8.22
4
- IMPACT_COEFFICIENT = 6.42
5
- IMPACT_MOD_COEFFICIENT = 7.52
2
+ class Formulas
3
+ EXPLOITABILITY_COEFFICIENT = 8.22
4
+ IMPACT_COEFFICIENT = 6.42
5
+ IMPACT_MOD_COEFFICIENT = 7.52
6
6
 
7
- def exploitability_sub_score(attack_vector_value, attack_complexity_value, privileges_required_value, user_interaction_value)
8
-
7
+ def exploitability_sub_score(attack_vector_value, attack_complexity_value, privileges_required_value, user_interaction_value)
9
8
  exploitability_sub_score_value = EXPLOITABILITY_COEFFICIENT * attack_vector_value * attack_complexity_value * privileges_required_value * user_interaction_value
10
9
 
11
- return exploitability_sub_score_value
12
- end
13
-
14
- def exploitability_sub_score_modified(attack_vector_value_modified, attack_complexity_value_modified,
15
- privileges_required_value_modified, user_interaction_value_modified)
16
-
17
- exploitability_sub_score_value_modified = EXPLOITABILITY_COEFFICIENT * attack_vector_value_modified * attack_complexity_value_modified * privileges_required_value_modified * user_interaction_value_modified
18
-
19
- return exploitability_sub_score_value_modified
20
- end
21
-
22
- def impact_sub_score_base(availability_value, confidentiality_value, integrity_value)
23
-
24
- impact_sub_score_value = 1 - ((1 - confidentiality_value) * (1 - integrity_value) * (1 - availability_value))
25
-
26
- return impact_sub_score_value
27
- end
28
-
29
- def impact_sub_score_modified_base(availability_value_modified, confidentiality_value_modified, integrity_value_modified,
30
- confidentiality_requirement_value, integrity_requirement_value, availability_requirement_value)
31
-
32
- impact_sub_score_value_modified = min(0.915, 1 - (1 - confidentiality_value_modified * confidentiality_requirement_value) * (1 - integrity_value_modified * integrity_requirement_value) * (1 - availability_value_modified * availability_requirement_value))
33
-
34
- return impact_sub_score_value_modified
35
- end
36
-
37
- def cvss_base_formula(impact_sub_score_value, scope_value, exploitability_sub_score_value)
38
-
39
- if scope_value == "unchanged"
40
- impact_value = IMPACT_COEFFICIENT * impact_sub_score_value
41
- cvss_base_value = min(10, impact_value + exploitability_sub_score_value)
42
- elsif scope_value == "changed"
43
- impact_value = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value - 0.029) - 3.25 * ((impact_sub_score_value - 0.02) ** 15)
44
- cvss_base_value = min(10, 1.08 * (impact_value + exploitability_sub_score_value))
45
- end
46
-
47
- if impact_sub_score_value <= 0
48
- cvss_base_value = 0.0
49
- else
50
- cvss_base_value = cvss_base_value.ceil2(1)
51
- end
52
-
53
- return cvss_base_value
54
- end
55
-
56
- def cvss_temporal_formula(cvss_base_value, exploit_code_maturity_value, remediation_level_value, report_confidence_value)
57
-
58
- cvss_temporal_value = cvss_base_value * exploit_code_maturity_value * remediation_level_value * \
59
- report_confidence_value
60
-
61
- cvss_temporal_value = cvss_temporal_value.ceil2(1)
62
-
63
- return cvss_temporal_value
64
- end
65
-
66
- def cvss_environmental_formula(impact_sub_score_value_modified, exploitability_sub_score_value_modified,
67
- exploit_code_maturity_value, remediation_level_value, report_confidence_value, scope_value_modified)
68
-
69
- if scope_value_modified == "unchanged"
70
- impact_value_modified = IMPACT_COEFFICIENT * impact_sub_score_value_modified
71
- temp_score = min(10, impact_value_modified + exploitability_sub_score_value_modified)
72
- temp_score2 = temp_score.ceil2(1)
73
- temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
74
- elsif scope_value_modified == "changed"
75
- impact_value_modified = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value_modified - 0.029) - 3.25 * ((impact_sub_score_value_modified - 0.02) ** 15)
76
- temp_score = min(10, 1.08 * (impact_value_modified + exploitability_sub_score_value_modified))
77
- temp_score2 = temp_score.ceil2(1)
78
- temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
79
- end
80
-
81
- if impact_sub_score_value_modified <= 0
82
- cvss_environmental_value = 0.0
83
- else
84
- cvss_environmental_value = temp_score3.ceil2(1)
85
- end
86
-
87
- return cvss_environmental_value
88
- end
89
-
90
-
91
- def min(*values)
92
- values.min
93
- end
94
- end
95
- end
10
+ exploitability_sub_score_value
11
+ end
12
+
13
+ def exploitability_sub_score_modified(attack_vector_value_modified, attack_complexity_value_modified,
14
+ privileges_required_value_modified, user_interaction_value_modified)
15
+
16
+ exploitability_sub_score_value_modified = EXPLOITABILITY_COEFFICIENT * attack_vector_value_modified * attack_complexity_value_modified * privileges_required_value_modified * user_interaction_value_modified
17
+
18
+ exploitability_sub_score_value_modified
19
+ end
20
+
21
+ def impact_sub_score_base(availability_value, confidentiality_value, integrity_value)
22
+ impact_sub_score_value = 1 - ((1 - confidentiality_value) * (1 - integrity_value) * (1 - availability_value))
23
+
24
+ impact_sub_score_value
25
+ end
26
+
27
+ def impact_sub_score_modified_base(availability_value_modified, confidentiality_value_modified, integrity_value_modified,
28
+ confidentiality_requirement_value, integrity_requirement_value, availability_requirement_value)
29
+
30
+ impact_sub_score_value_modified = min(0.915, 1 - (1 - confidentiality_value_modified * confidentiality_requirement_value) * (1 - integrity_value_modified * integrity_requirement_value) * (1 - availability_value_modified * availability_requirement_value))
31
+
32
+ impact_sub_score_value_modified
33
+ end
34
+
35
+ def cvss_base_formula(impact_sub_score_value, scope_value, exploitability_sub_score_value)
36
+ if scope_value == 'unchanged'
37
+ impact_value = IMPACT_COEFFICIENT * impact_sub_score_value
38
+ cvss_base_value = min(10.0, impact_value + exploitability_sub_score_value)
39
+ elsif scope_value == 'changed'
40
+ impact_value = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value - 0.029) - 3.25 * ((impact_sub_score_value - 0.02)**15)
41
+ cvss_base_value = min(10.0, 1.08 * (impact_value + exploitability_sub_score_value))
42
+ end
96
43
 
44
+ cvss_base_value = if impact_sub_score_value <= 0
45
+ 0.0
46
+ else
47
+ cvss_base_value.ceil2(1)
48
+ end
97
49
 
98
- class Float
99
- def ceil2(exp = 0)
100
- multiplier = 10 ** exp
101
- ((self * multiplier).ceil).to_f/multiplier.to_f
102
- end
103
- end
50
+ cvss_base_value
51
+ end
52
+
53
+ def cvss_temporal_formula(cvss_base_value, exploit_code_maturity_value, remediation_level_value, report_confidence_value)
54
+ cvss_temporal_value = cvss_base_value * exploit_code_maturity_value * remediation_level_value * \
55
+ report_confidence_value
56
+
57
+ cvss_temporal_value = cvss_temporal_value.ceil2(1)
58
+
59
+ cvss_temporal_value
60
+ end
61
+
62
+ def cvss_environmental_formula(impact_sub_score_value_modified, exploitability_sub_score_value_modified,
63
+ exploit_code_maturity_value, remediation_level_value, report_confidence_value, scope_value_modified)
64
+
65
+ if scope_value_modified == 'unchanged'
66
+ impact_value_modified = IMPACT_COEFFICIENT * impact_sub_score_value_modified
67
+ temp_score = min(10.0, impact_value_modified + exploitability_sub_score_value_modified)
68
+ temp_score2 = temp_score.ceil2(1)
69
+ temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
70
+ elsif scope_value_modified == 'changed'
71
+ impact_value_modified = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value_modified - 0.029) - 3.25 * ((impact_sub_score_value_modified - 0.02)**15)
72
+ temp_score = min(10.0, 1.08 * (impact_value_modified + exploitability_sub_score_value_modified))
73
+ temp_score2 = temp_score.ceil2(1)
74
+ temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
75
+ end
76
+
77
+ cvss_environmental_value = if impact_sub_score_value_modified <= 0
78
+ 0.0
79
+ else
80
+ temp_score3.ceil2(1)
81
+ end
82
+
83
+ cvss_environmental_value
84
+ end
85
+
86
+ def min(*values)
87
+ values.min
88
+ end
89
+ end
90
+ end