RubyGems - cvss_rating - Versions diffs - 0.5.5 → 0.5.7 - Mend

cvss_rating 0.5.5 → 0.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/.gitignore +2 -0
data/cvss_rating.gemspec +1 -0
data/lib/cvss3_rating.rb +12 -9
data/lib/cvss_rating/cvss3_formulas.rb +84 -97
data/lib/cvss_rating/cvss3_vectors.rb +542 -550
data/lib/cvss_rating/float.rb +6 -0
data/lib/cvss_rating/version.rb +2 -2
data/test/cvss2_rating_test.rb +6 -1
data/test/cvss3_rating_test.rb +5 -4
metadata +17 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 22b85441ed9dfd750176b5482942257a3fa5e6f5
-  data.tar.gz: 4840564e357dd55f6789937a55ae139d40644ab9
+  metadata.gz: c2ccbd12f5c9e7e10efc37d8bf8169c30a2a8cae
+  data.tar.gz: 5948fc4bbc27d6aff4a28c93174b9e4f59f420f9
 SHA512:
-  metadata.gz: 262b65ba421f8e9bb3f8ad9179715119a6a845d1c976465c42600e0e4585451308505f958f0069dd27821f6713ad7f3e621fdb325873b8628a4c6ddf3ab85e3d
-  data.tar.gz: '028f893b2c1e80064cf822c97f02d4905d6f9711b16d95027408018013ca26bff76a4835ded93afefd83fae62d36d9d9d9c6b4cf1b18b5200348b0b28d7194a4'
+  metadata.gz: aab7c7a86f48db5a0b4e9af1e8cd1ce97e5985dca60e1935c7998aaa2642a60925788c1150886d34b2824af95a04dd03dedb2328b04e49ed972dff5806ac6d3b
+  data.tar.gz: 782d77519ad0d104e8d88cdef42a7e206259df1f789ff4cca33b326d575e9bbb27a4300fa901e629f9b4034b6785b7ef5425c2e6351f140963488f01fc8e615d

data/.gitignore CHANGED Viewed

@@ -20,3 +20,5 @@ tmp
 *.o
 *.a
 mkmf.log
+.byebug_history

data/cvss_rating.gemspec CHANGED Viewed

@@ -22,4 +22,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "minitest"
   spec.add_development_dependency "activesupport"
   spec.add_development_dependency "rake"
+  spec.add_development_dependency "byebug"
 end

data/lib/cvss3_rating.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # @author Stephen Kapp
 require "cvss_rating/version"
+require "cvss_rating/float"
 require "cvss_rating/cvss3_formulas"
 require "cvss_rating/cvss3_metrics"
 require "cvss_rating/cvss3_vectors"
@@ -17,7 +18,7 @@ module Cvss3
 		# @param list [Hash] list of CVSS 3.0 attributes to be used during initialization
 		#
-		def initialize(attributes = {})
+		def initialize(attributes = {})
 			init
 	    	attributes.each do |name, value|
@@ -25,7 +26,7 @@ module Cvss3
 	    	end
 	 	end
 	 	#
 	 	# Takes score and determines risk level from None to Critical
 	 	#
@@ -49,20 +50,22 @@ module Cvss3
 	 			end
 	 	end
 	 	#
 	 	# Calculate the CVSS 3.0 Base Score
 	 	#
 	 	# @return [Array] the CVSS 3.0 Base score with its risk level
 	 	def cvss_base_score
+			byebug if @pr.nil?
 	 		@exploitability = ::Cvss3::Formulas.new.exploitability_sub_score(@av, @ac, @pr, @ui)
-			@impact = ::Cvss3::Formulas.new.impact_sub_score_base(@ai, @ci, @ii)
+			@impact = ::Cvss3::Formulas.new.impact_sub_score_base(@ai, @ci, @ii)
 			@base = ::Cvss3::Formulas.new.cvss_base_formula(@impact, @sc, @exploitability)
-			@base_level = risk_score(@base)
+			@base_level = risk_score(@base)
 			return @base, @base_level
 	 	end
@@ -88,13 +91,13 @@ module Cvss3
 	 	# @return [Array] the CVSS 3.0 Temporal score with its risk level
 	 	def cvss_environmental_score
-	 		exploitability_sub_score_value_modified = ::Cvss3::Formulas.new.exploitability_sub_score_modified(self.mav(true),
+	 		exploitability_sub_score_value_modified = ::Cvss3::Formulas.new.exploitability_sub_score_modified(self.mav(true),
 	 			self.mac(true), self.mpr(true), self.mui(true))
-	 		impact_sub_score_value_modified = ::Cvss3::Formulas.new.impact_sub_score_modified_base(self.ma(true), self.mc(true),
+	 		impact_sub_score_value_modified = ::Cvss3::Formulas.new.impact_sub_score_modified_base(self.ma(true), self.mc(true),
 	 			self.mi(true), @cr, @ir, @ar)
-	 		@environmental = ::Cvss3::Formulas.new.cvss_environmental_formula(impact_sub_score_value_modified,
+	 		@environmental = ::Cvss3::Formulas.new.cvss_environmental_formula(impact_sub_score_value_modified,
 	 			exploitability_sub_score_value_modified,
 	 			@ex, @rl, @rc, self.ms(true))
@@ -103,4 +106,4 @@ module Cvss3
 	 		return @environmental, @environmental_level
 	 	end
 	end
-end
+end

data/lib/cvss_rating/cvss3_formulas.rb CHANGED Viewed

@@ -1,103 +1,90 @@
 module Cvss3
-	class Formulas
-		EXPLOITABILITY_COEFFICIENT = 8.22
-		IMPACT_COEFFICIENT = 6.42
-		IMPACT_MOD_COEFFICIENT = 7.52
+  class Formulas
+    EXPLOITABILITY_COEFFICIENT = 8.22
+    IMPACT_COEFFICIENT = 6.42
+    IMPACT_MOD_COEFFICIENT = 7.52
-		def exploitability_sub_score(attack_vector_value, attack_complexity_value, privileges_required_value, user_interaction_value)
+    def exploitability_sub_score(attack_vector_value, attack_complexity_value, privileges_required_value, user_interaction_value)
 			exploitability_sub_score_value = EXPLOITABILITY_COEFFICIENT * attack_vector_value * attack_complexity_value * privileges_required_value * user_interaction_value
-			return exploitability_sub_score_value
-		end
-		def exploitability_sub_score_modified(attack_vector_value_modified, attack_complexity_value_modified,
-			privileges_required_value_modified, user_interaction_value_modified)
-			exploitability_sub_score_value_modified = EXPLOITABILITY_COEFFICIENT * attack_vector_value_modified * attack_complexity_value_modified * privileges_required_value_modified * user_interaction_value_modified
-    		return exploitability_sub_score_value_modified
-		end
-		def impact_sub_score_base(availability_value, confidentiality_value, integrity_value)
-			impact_sub_score_value = 1 - ((1 - confidentiality_value) * (1 - integrity_value) * (1 - availability_value))
-    		return impact_sub_score_value
-		end
-		def impact_sub_score_modified_base(availability_value_modified, confidentiality_value_modified, integrity_value_modified,
-			confidentiality_requirement_value, integrity_requirement_value, availability_requirement_value)
-			impact_sub_score_value_modified = min(0.915, 1 - (1 - confidentiality_value_modified * confidentiality_requirement_value) * (1 - integrity_value_modified * integrity_requirement_value) * (1 - availability_value_modified * availability_requirement_value))
-			return impact_sub_score_value_modified
-		end
-		def cvss_base_formula(impact_sub_score_value, scope_value, exploitability_sub_score_value)
-			if scope_value == "unchanged"
-        		impact_value = IMPACT_COEFFICIENT * impact_sub_score_value
-        		cvss_base_value = min(10, impact_value + exploitability_sub_score_value)
-    		elsif scope_value == "changed"
-        		impact_value = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value - 0.029) - 3.25 * ((impact_sub_score_value - 0.02) ** 15)
-        		cvss_base_value = min(10, 1.08 * (impact_value + exploitability_sub_score_value))
-        	end
-		    if impact_sub_score_value <= 0
-				cvss_base_value = 0.0
-		    else
-				cvss_base_value = cvss_base_value.ceil2(1)
-			end
-    		return cvss_base_value
-		end
-		def cvss_temporal_formula(cvss_base_value, exploit_code_maturity_value, remediation_level_value, report_confidence_value)
-			cvss_temporal_value = cvss_base_value * exploit_code_maturity_value * remediation_level_value * \
-				report_confidence_value
-    		cvss_temporal_value = cvss_temporal_value.ceil2(1)
-			return cvss_temporal_value
-		end
-		def cvss_environmental_formula(impact_sub_score_value_modified, exploitability_sub_score_value_modified,
-			exploit_code_maturity_value, remediation_level_value, report_confidence_value, scope_value_modified)
-			if scope_value_modified == "unchanged"
-				impact_value_modified = IMPACT_COEFFICIENT * impact_sub_score_value_modified
-				temp_score = min(10, impact_value_modified + exploitability_sub_score_value_modified)
-				temp_score2 = temp_score.ceil2(1)
-				temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
-			elsif scope_value_modified == "changed"
-		        impact_value_modified = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value_modified - 0.029) - 3.25 * ((impact_sub_score_value_modified - 0.02) ** 15)
-		        temp_score = min(10, 1.08 * (impact_value_modified + exploitability_sub_score_value_modified))
-		        temp_score2 = temp_score.ceil2(1)
-		        temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
-		    end
-    		if impact_sub_score_value_modified <= 0
-        		cvss_environmental_value = 0.0
-        	else
-        		cvss_environmental_value = temp_score3.ceil2(1)
-        	end
-        	return cvss_environmental_value
-		end
-		def min(*values)
-			values.min
-		end
-	end
-end
+      exploitability_sub_score_value
+    end
+    def exploitability_sub_score_modified(attack_vector_value_modified, attack_complexity_value_modified,
+                                          privileges_required_value_modified, user_interaction_value_modified)
+      exploitability_sub_score_value_modified = EXPLOITABILITY_COEFFICIENT * attack_vector_value_modified * attack_complexity_value_modified * privileges_required_value_modified * user_interaction_value_modified
+      exploitability_sub_score_value_modified
+    end
+    def impact_sub_score_base(availability_value, confidentiality_value, integrity_value)
+      impact_sub_score_value = 1 - ((1 - confidentiality_value) * (1 - integrity_value) * (1 - availability_value))
+      impact_sub_score_value
+    end
+    def impact_sub_score_modified_base(availability_value_modified, confidentiality_value_modified, integrity_value_modified,
+                                       confidentiality_requirement_value, integrity_requirement_value, availability_requirement_value)
+      impact_sub_score_value_modified = min(0.915, 1 - (1 - confidentiality_value_modified * confidentiality_requirement_value) * (1 - integrity_value_modified * integrity_requirement_value) * (1 - availability_value_modified * availability_requirement_value))
+      impact_sub_score_value_modified
+    end
+    def cvss_base_formula(impact_sub_score_value, scope_value, exploitability_sub_score_value)
+      if scope_value == 'unchanged'
+        impact_value = IMPACT_COEFFICIENT * impact_sub_score_value
+        cvss_base_value = min(10.0, impact_value + exploitability_sub_score_value)
+      elsif scope_value == 'changed'
+        impact_value = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value - 0.029) - 3.25 * ((impact_sub_score_value - 0.02)**15)
+        cvss_base_value = min(10.0, 1.08 * (impact_value + exploitability_sub_score_value))
+          end
+      cvss_base_value = if impact_sub_score_value <= 0
+                          0.0
+                        else
+                          cvss_base_value.ceil2(1)
+                         end
-class Float
-  		def ceil2(exp = 0)
-   			multiplier = 10 ** exp
-   			((self * multiplier).ceil).to_f/multiplier.to_f
-  		end
-end
+      cvss_base_value
+    end
+    def cvss_temporal_formula(cvss_base_value, exploit_code_maturity_value, remediation_level_value, report_confidence_value)
+      cvss_temporal_value = cvss_base_value * exploit_code_maturity_value * remediation_level_value * \
+                            report_confidence_value
+      cvss_temporal_value = cvss_temporal_value.ceil2(1)
+      cvss_temporal_value
+    end
+    def cvss_environmental_formula(impact_sub_score_value_modified, exploitability_sub_score_value_modified,
+                                   exploit_code_maturity_value, remediation_level_value, report_confidence_value, scope_value_modified)
+      if scope_value_modified == 'unchanged'
+        impact_value_modified = IMPACT_COEFFICIENT * impact_sub_score_value_modified
+        temp_score = min(10.0, impact_value_modified + exploitability_sub_score_value_modified)
+        temp_score2 = temp_score.ceil2(1)
+        temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
+      elsif scope_value_modified == 'changed'
+        impact_value_modified = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value_modified - 0.029) - 3.25 * ((impact_sub_score_value_modified - 0.02)**15)
+        temp_score = min(10.0, 1.08 * (impact_value_modified + exploitability_sub_score_value_modified))
+        temp_score2 = temp_score.ceil2(1)
+        temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
+        end
+      cvss_environmental_value = if impact_sub_score_value_modified <= 0
+                                   0.0
+                                 else
+                                   temp_score3.ceil2(1)
+                                 end
+      cvss_environmental_value
+    end
+    def min(*values)
+      values.min
+    end
+  end
+end