cvss_rating 0.5.3 → 0.5.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cvss2_rating.rb +94 -94
  3. data/lib/cvss_rating/cvss3_metrics.rb +10 -10
  4. data/lib/cvss_rating/cvss3_vectors.rb +1 -1
  5. data/lib/cvss_rating/version.rb +1 -1
  6. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ba239c3a20044c1f0bdec1bf20040f292fc58a0a
4
- data.tar.gz: dd3f4a378df8d13d73240ba8ec36dcb4a20c0a63
3
+ metadata.gz: d40ab4144b20e818426f9b7c0d00ef0cc8a65f98
4
+ data.tar.gz: f7c8de9e33c26e7424f32a5b39e32c0a2730edbd
5
5
  SHA512:
6
- metadata.gz: 7c09e29ab6844f87a3279fec34da5ec3bbdc7c68b9dd2f583745f214feeffab34e6d35c70c3ac99b2a67dd2b760ce3bed39da5c0689f37f0d21a36a50bf7325d
7
- data.tar.gz: 80391b4cc42fa467640cacc70dd06af7ee5a413abefa1410d234a0ce81ab9093e6c9914ac33f26aa0bc733760c3a20c637aad19d79dce1e74da2bc2cfd9c8478
6
+ metadata.gz: 34c4a7f964cf42aafd363a03a3f7b89cbdf95c3dba1051180eb47a3cbf91a2d35ca169a0332b60ef83fe1b55aea184b041539d434965e34a5b08fd6643086760
7
+ data.tar.gz: 061866fa6702670cfa2eedadbc7c95943c5e64781a833080ca5c50e7e3a5c952f3b249453f9ac0db7c093a6d5731ae308501fe18c3666755513519a6b8ee5bbc
data/lib/cvss2_rating.rb CHANGED
@@ -2,47 +2,47 @@ require "cvss_rating/version"
2
2
 
3
3
  module Cvss2
4
4
  class Rating
5
-
6
- attr_accessor :av, :ac, :au, :ci, :ii, :ai, :ex, :rl, :rc, :cdp, :td, :cr, :ir, :ar
5
+
6
+ attr_accessor :av, :ac, :au, :ci, :ii, :ai, :ex, :rl, :rc, :cdp, :td, :cr, :ir, :ar
7
7
  attr_accessor :base, :temporal, :overall, :environmental, :impact, :exploitability, :adjimpact, :key
8
-
8
+
9
9
  ACCESS_VECTOR = { :local => 0.395, :adjacent_network => 0.646, :network => 1.0 }
10
10
  ACCESS_COMPLEXITY = { :high => 0.35, :medium => 0.61, :low => 0.71 }
11
11
  AUTHENTICATION = { :none => 0.704, :single => 0.56, :multiple => 0.45 }
12
-
12
+
13
13
  CONFIDENTIALITY_IMPACT = { :none => 0.0, :partial => 0.275, :complete => 0.660 }
14
14
  INTEGRITY_IMPACT = { :none => 0.0, :partial => 0.275, :complete => 0.660 }
15
15
  AVAILABILITY_IMPACT = { :none => 0.0, :partial => 0.275, :complete => 0.660 }
16
-
16
+
17
17
  CONFIDENTIALITY_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
18
18
  INTEGRITY_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
19
19
  AVAILABILITY_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
20
-
20
+
21
21
  EXPLOITABILITY = { :unproven => 0.85, :poc => 0.9, :functional => 0.95, :high => 1.0, :notdefined => -1.0 }
22
22
  REMEDIATION_LEVEL = { :official => 0.87, :temporary => 0.9, :workaround => 0.95, :unavailable => 1.0, :notdefined => -1.0 }
23
23
  REPORT_CONFIDENCE = { :unconfirmed => 0.90, :uncorroborated => 0.95, :confirmed => 1.0, :notdefined => -1.0 }
24
-
24
+
25
25
  COLLATERAL_DAMAGE = { :none => 0.0, :low => 0.1, :low_medium => 0.3, :medium_high => 0.4, :high => 0.5, :notdefined => -1.0 }
26
26
  TARGET_DISTRIBUTION = { :none => 0.0, :low => 0.25, :medium => 0.75, :high => 1.0, :notdefined => -1.0 }
27
-
27
+
28
28
  ACCESS_VECTOR_KEY = { :local => 'L', :adjacent_network => 'A', :network => 'N' }
29
29
  ACCESS_COMPLEXITY_KEY = { :high => 'H', :medium => 'M', :low => 'L' }
30
30
  AUTHENTICATION_KEY = { :none => 'N', :single => 'S', :multiple => 'M' }
31
-
31
+
32
32
  CONFIDENTIALITY_IMPACT_KEY = { :none => 'N', :partial => 'P', :complete => 'C' }
33
33
  INTEGRITY_IMPACT_KEY = { :none => 'N', :partial => 'P', :complete => 'C' }
34
34
  AVAILABILITY_IMPACT_KEY = { :none => 'N', :partial => 'P', :complete => 'C' }
35
-
35
+
36
36
  CONFIDENTIALITY_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
37
37
  INTEGRITY_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
38
38
  AVAILABILITY_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
39
-
40
- EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'P', :functional => 'F', :high => 'H', :notdefined => 'ND' }
39
+
40
+ EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'POC', :functional => 'F', :high => 'H', :notdefined => 'ND' }
41
41
  REMEDIATION_LEVEL_KEY = { :official => 'OF', :temporary => "TF", :workaround => 'W', :unavailable => 'U', :notdefined => 'ND' }
42
42
  REPORT_CONFIDENCE_KEY = { :unconfirmed => 'UC', :uncorroborated => 'UR', :confirmed => 'C', :notdefined => 'ND' }
43
-
43
+
44
44
  COLLATERAL_DAMAGE_KEY = { :none => 'N', :low => 'L', :low_medium => 'LM', :medium_high => 'MH', :high => 'H', :notdefined => 'ND' }
45
- TARGET_DISTRIBUTION_KEY = { :none => 'N', :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
45
+ TARGET_DISTRIBUTION_KEY = { :none => 'N', :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
46
46
 
47
47
  private
48
48
 
@@ -57,7 +57,7 @@ module Cvss2
57
57
  return false
58
58
  end
59
59
  end
60
-
60
+
61
61
  def notemporal?
62
62
  if get_key("EXPLOITABILITY", @ex) == "ND" && get_key("REMEDIATION_LEVEL", @rl) == "ND" && get_key("REPORT_CONFIDENCE", @rc) == "ND"
63
63
  return true
@@ -80,18 +80,18 @@ module Cvss2
80
80
 
81
81
  public
82
82
 
83
- def initialize(attributes = {})
84
- @base = nil
85
- @temporal = nil
86
- @environmental = nil
87
-
83
+ def initialize(attributes = {})
84
+ @base = nil
85
+ @temporal = nil
86
+ @environmental = nil
87
+
88
88
  init
89
89
 
90
90
  attributes.each do |name, value|
91
91
  send("#{name}=", value)
92
92
  end
93
93
  end
94
-
94
+
95
95
  def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
96
96
  self.av = av
97
97
  self.ac = ac
@@ -99,7 +99,7 @@ module Cvss2
99
99
  self.ci = ci
100
100
  self.ii = ii
101
101
  self.ai = ai
102
-
102
+
103
103
  self.ex = ex
104
104
  self.rl = rl
105
105
  self.rc = rc
@@ -110,11 +110,11 @@ module Cvss2
110
110
  self.ir = ir
111
111
  self.ar = ar
112
112
  end
113
-
113
+
114
114
  def get_key(vector, value)
115
115
  get_key = eval(vector + "_KEY")[(eval(vector).select { |k,v| v == value }).keys[0]]
116
116
  end
117
-
117
+
118
118
  def set_key
119
119
  @key = "AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s" % [ get_key("ACCESS_VECTOR", @av),
120
120
  get_key("ACCESS_COMPLEXITY", @ac),
@@ -122,13 +122,13 @@ module Cvss2
122
122
  get_key("CONFIDENTIALITY_IMPACT", @ci),
123
123
  get_key("INTEGRITY_IMPACT", @ii),
124
124
  get_key("AVAILABILITY_IMPACT", @ai)]
125
-
125
+
126
126
  if !notemporal?
127
127
  @key += "/E:%s/RL:%s/RC:%s" % [ get_key("EXPLOITABILITY", @ex),
128
128
  get_key("REMEDIATION_LEVEL", @rl),
129
129
  get_key("REPORT_CONFIDENCE", @rc)]
130
130
  end
131
-
131
+
132
132
  if !noenvironmental?
133
133
  @key += "/CDP:%s/TD:%s/CR:%s/IR:%s/AR:%s" % [ get_key("COLLATERAL_DAMAGE", @cdp),
134
134
  get_key("TARGET_DISTRIBUTION", @td),
@@ -137,216 +137,216 @@ module Cvss2
137
137
  get_key("AVAILABILITY_REQUIREMENT", @ar)]
138
138
  end
139
139
  end
140
-
140
+
141
141
  def av=(av)
142
142
  @av = case av
143
143
  when "local", "L" then ACCESS_VECTOR[:local]
144
144
  when "adjacent network", "A" then ACCESS_VECTOR[:adjacent_network]
145
145
  when "network", "N" then ACCESS_VECTOR[:network]
146
- else
146
+ else
147
147
  raise "Bad Argument"
148
148
  end
149
149
  end
150
-
150
+
151
151
  def av
152
152
  av = get_key("ACCESS_VECTOR", @av) if !@av.nil?
153
153
  end
154
-
154
+
155
155
  def ac=(ac)
156
156
  @ac = case ac
157
157
  when "high", "H" then ACCESS_COMPLEXITY[:high]
158
158
  when "medium", "M" then ACCESS_COMPLEXITY[:medium]
159
159
  when "low", "L" then ACCESS_COMPLEXITY[:low]
160
- else
160
+ else
161
161
  raise "Bad Argument"
162
162
  end
163
163
  end
164
-
164
+
165
165
  def ac
166
166
  ac = get_key("ACCESS_COMPLEXITY", @ac) if !@ac.nil?
167
167
  end
168
-
168
+
169
169
  def au=(au)
170
170
  @au = case au
171
171
  when "none", "N" then AUTHENTICATION[:none]
172
172
  when "single instance", "S" then AUTHENTICATION[:single]
173
173
  when "multiple instance", "M" then AUTHENTICATION[:multiple]
174
- else
174
+ else
175
175
  raise "Bad Argument"
176
176
  end
177
177
  end
178
-
178
+
179
179
  def au
180
180
  au = get_key("AUTHENTICATION", @au) if !@au.nil?
181
181
  end
182
-
182
+
183
183
  def ci=(ci)
184
184
  @ci = case ci
185
185
  when "none", "N" then CONFIDENTIALITY_IMPACT[:none]
186
186
  when "partial", "P" then CONFIDENTIALITY_IMPACT[:partial]
187
187
  when "complete", "C" then CONFIDENTIALITY_IMPACT[:complete]
188
- else
188
+ else
189
189
  raise "Bad Argument"
190
190
  end
191
191
  end
192
-
192
+
193
193
  def ci
194
194
  ci = get_key("CONFIDENTIALITY_IMPACT", @ci) if !@ci.nil?
195
195
  end
196
-
196
+
197
197
  def ii=(ii)
198
198
  @ii = case ii
199
199
  when "none", "N" then INTEGRITY_IMPACT[:none]
200
200
  when "partial", "P" then INTEGRITY_IMPACT[:partial]
201
201
  when "complete", "C" then INTEGRITY_IMPACT[:complete]
202
- else
202
+ else
203
203
  raise "Bad Argument"
204
204
  end
205
205
  end
206
-
206
+
207
207
  def ii
208
208
  ii = get_key("INTEGRITY_IMPACT", @ii) if !@ii.nil?
209
209
  end
210
-
210
+
211
211
  def ai=(ai)
212
212
  @ai = case ai
213
213
  when "none", "N" then AVAILABILITY_IMPACT[:none]
214
214
  when "partial", "P" then AVAILABILITY_IMPACT[:partial]
215
215
  when "complete", "C" then AVAILABILITY_IMPACT[:complete]
216
- else
216
+ else
217
217
  raise "Bad Argument"
218
218
  end
219
219
  end
220
-
220
+
221
221
  def ai
222
222
  ai = get_key("AVAILABILITY_IMPACT", @ai) if !@ai.nil?
223
223
  end
224
-
224
+
225
225
  def ex=(ex)
226
226
  @ex = case ex
227
227
  when "unproven", "U" then EXPLOITABILITY[:unproven]
228
228
  when "proof-of-concept", "P", "POC" then EXPLOITABILITY[:poc]
229
229
  when "functional", "F" then EXPLOITABILITY[:functional]
230
- when "high", "H" then EXPLOITABILITY[:high]
230
+ when "high", "H" then EXPLOITABILITY[:high]
231
231
  when "not defined", "ND" then EXPLOITABILITY[:notdefined]
232
- else
232
+ else
233
233
  raise "Bad Argument"
234
234
  end
235
235
  end
236
-
236
+
237
237
  def ex
238
238
  ex = get_key("EXPLOITABILITY", @ex) if !@ex.nil?
239
239
  end
240
-
240
+
241
241
  def rl=(rl)
242
242
  @rl = case rl
243
- when "official-fix", "O" then REMEDIATION_LEVEL[:official]
243
+ when "official-fix", "O", "OF" then REMEDIATION_LEVEL[:official]
244
244
  when "temporary-fix", "T", "TF" then REMEDIATION_LEVEL[:temporary]
245
245
  when "workaround", "W" then REMEDIATION_LEVEL[:workaround]
246
- when "unavailable", "U" then REMEDIATION_LEVEL[:unavailable]
246
+ when "unavailable", "U" then REMEDIATION_LEVEL[:unavailable]
247
247
  when "not defined", "ND" then REMEDIATION_LEVEL[:notdefined]
248
- else
248
+ else
249
249
  raise "Bad Argument"
250
250
  end
251
251
  end
252
-
252
+
253
253
  def rl
254
254
  rl = get_key("REMEDIATION_LEVEL", @rl) if !@rl.nil?
255
255
  end
256
-
256
+
257
257
  def rc=(rc)
258
258
  @rc = case rc
259
259
  when "unconfirmed", "UC" then REPORT_CONFIDENCE[:unconfirmed]
260
260
  when "uncorroborated", "UR" then REPORT_CONFIDENCE[:uncorroborated]
261
- when "confirmed", "C" then REPORT_CONFIDENCE[:confirmed]
261
+ when "confirmed", "C" then REPORT_CONFIDENCE[:confirmed]
262
262
  when "not defined", "ND" then REPORT_CONFIDENCE[:notdefined]
263
- else
263
+ else
264
264
  raise "Bad Argument"
265
265
  end
266
266
  end
267
-
267
+
268
268
  def rc
269
269
  rc = get_key("REPORT_CONFIDENCE", @rc) if !@av.nil?
270
270
  end
271
-
271
+
272
272
  def cdp=(cd)
273
273
  @cdp = case cd
274
274
  when "none", "N" then COLLATERAL_DAMAGE[:none]
275
275
  when "low", "L" then COLLATERAL_DAMAGE[:low]
276
276
  when "low-medium", "LM" then COLLATERAL_DAMAGE[:low_medium]
277
277
  when "medium-high", "MH" then COLLATERAL_DAMAGE[:medium_high]
278
- when "high", "H" then COLLATERAL_DAMAGE[:high]
278
+ when "high", "H" then COLLATERAL_DAMAGE[:high]
279
279
  when "not defined", "ND" then COLLATERAL_DAMAGE[:notdefined]
280
- else
280
+ else
281
281
  raise "Bad Argument"
282
282
  end
283
283
  end
284
-
284
+
285
285
  def cdp
286
286
  cdp = get_key("COLLATERAL_DAMAGE", @cdp) if !@cdp.nil?
287
287
  end
288
-
288
+
289
289
  def td=(td)
290
290
  @td = case td
291
291
  when "none", "N" then TARGET_DISTRIBUTION[:none]
292
292
  when "low", "L" then TARGET_DISTRIBUTION[:low]
293
293
  when "medium", "M" then TARGET_DISTRIBUTION[:medium]
294
- when "high", "H" then TARGET_DISTRIBUTION[:high]
294
+ when "high", "H" then TARGET_DISTRIBUTION[:high]
295
295
  when "not defined", "ND" then TARGET_DISTRIBUTION[:notdefined]
296
- else
296
+ else
297
297
  raise "Bad Argument"
298
298
  end
299
299
  end
300
-
300
+
301
301
  def td
302
302
  td = get_key("TARGET_DISTRIBUTION", @td) if !@td.nil?
303
303
  end
304
-
304
+
305
305
  def cr=(cr)
306
306
  @cr = case cr
307
307
  when "low", "L" then CONFIDENTIALITY_REQUIREMENT[:low]
308
308
  when "medium", "M" then CONFIDENTIALITY_REQUIREMENT[:medium]
309
- when "high", "H" then CONFIDENTIALITY_REQUIREMENT[:high]
309
+ when "high", "H" then CONFIDENTIALITY_REQUIREMENT[:high]
310
310
  when "not defined", "ND" then CONFIDENTIALITY_REQUIREMENT[:notdefined]
311
- else
311
+ else
312
312
  raise "Bad Argument"
313
313
  end
314
314
  end
315
-
315
+
316
316
  def cr
317
317
  cr = get_key("CONFIDENTIALITY_REQUIREMENT", @cr) if !@cr.nil?
318
318
  end
319
-
319
+
320
320
  def ir=(ir)
321
321
  @ir = case ir
322
322
  when "low", "L" then INTEGRITY_REQUIREMENT[:low]
323
323
  when "medium", "M" then INTEGRITY_REQUIREMENT[:medium]
324
- when "high", "H" then INTEGRITY_REQUIREMENT[:high]
324
+ when "high", "H" then INTEGRITY_REQUIREMENT[:high]
325
325
  when "not defined", "ND" then INTEGRITY_REQUIREMENT[:notdefined]
326
- else
326
+ else
327
327
  raise "Bad Argument"
328
328
  end
329
329
  end
330
-
330
+
331
331
  def ir
332
332
  ir = get_key("INTEGRITY_REQUIREMENT", @ir) if !@ir.nil?
333
333
  end
334
-
334
+
335
335
  def ar=(ar)
336
336
  @ar = case ar
337
337
  when "low", "L" then AVAILABILITY_REQUIREMENT[:low]
338
338
  when "medium", "M" then AVAILABILITY_REQUIREMENT[:medium]
339
- when "high", "H" then AVAILABILITY_REQUIREMENT[:high]
339
+ when "high", "H" then AVAILABILITY_REQUIREMENT[:high]
340
340
  when "not defined", "ND" then AVAILABILITY_REQUIREMENT[:notdefined]
341
- else
341
+ else
342
342
  raise "Bad Argument"
343
343
  end
344
344
  end
345
-
345
+
346
346
  def ar
347
347
  ar = get_key("AVAILABILITY_REQUIREMENT", @ar) if !@ar.nil?
348
348
  end
349
-
349
+
350
350
  VECTORS = {
351
351
  "av" => "av=",
352
352
  "ac" => "ac=",
@@ -363,7 +363,7 @@ module Cvss2
363
363
  "ir" => "ir=",
364
364
  "ar" => "ar="
365
365
  }
366
-
366
+
367
367
  def parse(vector)
368
368
  string = vector.split("/")
369
369
  len = string.length
@@ -371,12 +371,12 @@ module Cvss2
371
371
  init
372
372
 
373
373
  @originalkey = vector
374
-
374
+
375
375
  string.each do |section|
376
376
  tmp = section.split(":")
377
- send(VECTORS[tmp[0].downcase].to_sym, tmp[1])
377
+ send(VECTORS[tmp[0].downcase].to_sym, tmp[1])
378
378
  end
379
- end
379
+ end
380
380
 
381
381
  def key
382
382
  self.set_key
@@ -392,41 +392,41 @@ module Cvss2
392
392
  printf " Adjusted Impact Score:\t%3.1f\n", @adjimpact if !noenvironmental?
393
393
  printf "Overall Score:\t\t\t%3.1f\n", overallscore
394
394
  end
395
-
395
+
396
396
  def calculate
397
397
  @impact = self.impactscore
398
398
  @adjimpact = self.adjustedimpactscore
399
399
  @exploitability = self.exploitabilityscore
400
400
  @base = self.basescore
401
401
  @temporal = self.temporalscore
402
- @environmental = self.environmentalscore(self.adjustedtemporalscore(self.adjustedbasescore(@adjimpact, @exploitability)))
402
+ @environmental = self.environmentalscore(self.adjustedtemporalscore(self.adjustedbasescore(@adjimpact, @exploitability)))
403
403
  end
404
-
404
+
405
405
  def adjustedimpactscore
406
406
  tmp = []
407
407
  tmp[0] = 10
408
408
  tmp[1] = 10.41*(1-(1-@ci.abs*@cr.abs)*(1-@ii.abs*@ir.abs)*(1-@ai.abs*@ar.abs))
409
409
  adjustedimpactscore = tmp.min
410
410
  end
411
-
411
+
412
412
  def adjustedbasescore(adjustedimpact, exploitabilityscore)
413
413
  adjustedbasescore = (0.6*adjustedimpact + 0.4 * exploitabilityscore - 1.5) * impactfunction(adjustedimpact)
414
414
  end
415
-
415
+
416
416
  def adjustedtemporalscore(adjustedbasescore)
417
417
  adjustedtemporalscore = adjustedbasescore * @ex.abs * @rl.abs * @rc.abs
418
418
  end
419
-
419
+
420
420
  def exploitabilityscore
421
421
  exploitability = 20 * @ac.abs * @au.abs * @av.abs
422
422
  end
423
-
423
+
424
424
  def environmentalscore(adjustedtemporalscore)
425
425
  environmentalscore = (adjustedtemporalscore + (10 - adjustedtemporalscore) * (@cdp == -1 ? 0 : @cdp.abs)) * @td.abs
426
-
426
+
427
427
  return environmentalscore == 0.0 ? "Undefined" : environmentalscore
428
428
  end
429
-
429
+
430
430
  def overallscore
431
431
  if noenvironmental?
432
432
  if notemporal?
@@ -439,15 +439,15 @@ module Cvss2
439
439
  end
440
440
  return overallscore
441
441
  end
442
-
442
+
443
443
  def impactscore
444
444
  impact = 10.41*(1.0-(1.0-@ci.abs)*(1.0-@ii.abs)*(1.0-@ai.abs))
445
445
  end
446
-
446
+
447
447
  def basescore
448
448
  basescore = (0.6 * @impact + 0.4 * @exploitability - 1.5) * impactfunction(@impact)
449
449
  end
450
-
450
+
451
451
  def temporalscore
452
452
  temporalscore = @base * @ex.abs * @rl.abs * @rc.abs
453
453
 
data/lib/cvss_rating/cvss3_metrics.rb CHANGED
@@ -33,20 +33,20 @@ module Cvss3
33
33
 
34
34
  CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H' }
35
35
 
36
- CIA_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
36
+ CIA_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :not_defined => 'X' }
37
37
 
38
- EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'P', :functional => 'F', :high => 'H', :not_defined => 'ND' }
39
- REMEDIATION_LEVEL_KEY = { :official => 'O', :temporary => "T", :workaround => 'W', :unavailable => 'U', :not_defined => 'ND' }
40
- REPORT_CONFIDENCE_KEY = { :unknown => 'U', :reasonable => 'R', :confirmed => 'C', :not_defined => 'ND' }
38
+ EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'P', :functional => 'F', :high => 'H', :not_defined => 'X' }
39
+ REMEDIATION_LEVEL_KEY = { :official => 'O', :temporary => "T", :workaround => 'W', :unavailable => 'U', :not_defined => 'X' }
40
+ REPORT_CONFIDENCE_KEY = { :unknown => 'U', :reasonable => 'R', :confirmed => 'C', :not_defined => 'X' }
41
41
 
42
- MODIFIED_ATTACK_VECTOR_KEY = { :physical => 'P', :local => 'L', :adjacent_network => 'A', :network => 'N' }
43
- MODIFIED_ATTACK_COMPLEXITY_KEY = { :high => 'H', :low => 'L' }
42
+ MODIFIED_ATTACK_VECTOR_KEY = { :physical => 'P', :local => 'L', :adjacent_network => 'A', :network => 'N', :not_defined => 'X' }
43
+ MODIFIED_ATTACK_COMPLEXITY_KEY = { :high => 'H', :low => 'L', :not_defined => 'X'}
44
44
  MODIFIED_PRIVILEGE_REQUIRED_KEY = { :none => 'N', :low => 'L', :high => 'H' }
45
- MODIFIED_PRIVILEGE_REQUIRED_CHANGED_KEY = { :none => 'N', :low => 'L', :high => 'H' }
46
- MODIFIED_USER_INTERACTION_KEY = { :none => 'N', :required => 'R' }
45
+ MODIFIED_PRIVILEGE_REQUIRED_CHANGED_KEY = { :none => 'N', :low => 'L', :high => 'H', :not_defined => 'X' }
46
+ MODIFIED_USER_INTERACTION_KEY = { :none => 'N', :required => 'R', :not_defined => 'X' }
47
47
 
48
- MODIFIED_SCOPE_KEY = { :changed => 'C', :unchanged => 'U' }
48
+ MODIFIED_SCOPE_KEY = { :changed => 'C', :unchanged => 'U', :not_defined => 'X' }
49
49
 
50
- MODIFIED_CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H' }
50
+ MODIFIED_CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H', :not_defined => 'X' }
51
51
  end
52
52
  end
data/lib/cvss_rating/cvss3_vectors.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Cvss3Vectors
2
- attr_reader :av, :ac, :ui, :sc, :ci, :ai, :ii, :ex, :rl, :rc, :pr, :td, :cr, :ir
2
+ attr_reader :av, :ac, :ui, :sc, :ci, :ai, :ii, :ex, :rl, :rc, :pr, :ar, :cr, :ir
3
3
 
4
4
  VECTORS = {
5
5
  "cvss" => "cvss3=",
data/lib/cvss_rating/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Cvss2
2
2
  class Rating
3
- VERSION = "0.5.3"
3
+ VERSION = "0.5.4"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cvss_rating
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.3
4
+ version: 0.5.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stephen Kapp
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-27 00:00:00.000000000 Z
11
+ date: 2016-02-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -109,10 +109,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
109
109
  version: '0'
110
110
  requirements: []
111
111
  rubyforge_project:
112
- rubygems_version: 2.2.2
112
+ rubygems_version: 2.4.3
113
113
  signing_key:
114
114
  specification_version: 4
115
115
  summary: CVSS Risk Rating Calculation and Vector parsing
116
116
  test_files:
117
117
  - test/cvss2_rating_test.rb
118
118
  - test/cvss3_rating_test.rb
119
+ has_rdoc: