cvss_rating 0.5.4 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cvss_rating/cvss3_metrics.rb +15 -15
  3. data/lib/cvss_rating/version.rb +1 -1
  4. data/test/cvss3_rating_test.rb +28 -9
  5. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d40ab4144b20e818426f9b7c0d00ef0cc8a65f98
4
- data.tar.gz: f7c8de9e33c26e7424f32a5b39e32c0a2730edbd
3
+ metadata.gz: 22b85441ed9dfd750176b5482942257a3fa5e6f5
4
+ data.tar.gz: 4840564e357dd55f6789937a55ae139d40644ab9
5
5
  SHA512:
6
- metadata.gz: 34c4a7f964cf42aafd363a03a3f7b89cbdf95c3dba1051180eb47a3cbf91a2d35ca169a0332b60ef83fe1b55aea184b041539d434965e34a5b08fd6643086760
7
- data.tar.gz: 061866fa6702670cfa2eedadbc7c95943c5e64781a833080ca5c50e7e3a5c952f3b249453f9ac0db7c093a6d5731ae308501fe18c3666755513519a6b8ee5bbc
6
+ metadata.gz: 262b65ba421f8e9bb3f8ad9179715119a6a845d1c976465c42600e0e4585451308505f958f0069dd27821f6713ad7f3e621fdb325873b8628a4c6ddf3ab85e3d
7
+ data.tar.gz: '028f893b2c1e80064cf822c97f02d4905d6f9711b16d95027408018013ca26bff76a4835ded93afefd83fae62d36d9d9d9c6b4cf1b18b5200348b0b28d7194a4'
data/lib/cvss_rating/cvss3_metrics.rb CHANGED
@@ -1,16 +1,16 @@
1
1
  module Cvss3
2
2
  class Metrics
3
3
  # Base Metrics
4
- ATTACK_VECTOR = { :physical => 0.2, :local => 0.55, :adjacent_network => 0.62, :network => 0.85, :not_defined => 0.85 }
5
- ATTACK_COMPLEXITY = { :high => 0.44, :low => 0.77, :not_defined => 0.77 }
6
-
7
- PRIVILEGE_REQUIRED = { :not_defined => 0.85, :none => 0.85, :low => 0.62, :high => 0.27 }
8
- PRIVILEGE_REQUIRED_CHANGED = { :not_defined => 0.85, :none => 0.85, :low => 0.68, :high => 0.50 }
9
-
10
- USER_INTERACTION = {:not_defined => 0.85, :none => 0.85, :required => 0.62 }
4
+ ATTACK_VECTOR = { :physical => 0.2, :local => 0.55, :adjacent_network => 0.62, :network => 0.85 }
5
+ ATTACK_COMPLEXITY = { :high => 0.44, :low => 0.77 }
6
+
7
+ PRIVILEGE_REQUIRED = { :none => 0.85, :low => 0.62, :high => 0.27 }
8
+ PRIVILEGE_REQUIRED_CHANGED = { :none => 0.85, :low => 0.68, :high => 0.50 }
9
+
10
+ USER_INTERACTION = {:none => 0.85, :required => 0.62 }
11
11
 
12
12
  CIA_IMPACT = { :none => 0.0, :low => 0.22, :high => 0.56, :not_defined => 0.56 }
13
-
13
+
14
14
  # Environmental Metrics
15
15
  CIA_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.50, :not_defined => 1.0 }
16
16
 
@@ -18,9 +18,9 @@ module Cvss3
18
18
  EXPLOITABILITY = { :unproven => 0.91, :poc => 0.94, :functional => 0.97, :high => 1.0, :not_defined => 1.0 }
19
19
 
20
20
  REMEDIATION_LEVEL = { :official => 0.95, :temporary => 0.96, :workaround => 0.97, :unavailable => 1.0, :not_defined => 1.0 }
21
-
21
+
22
22
  REPORT_CONFIDENCE = { :unknown => 0.92, :reasonable => 0.96, :confirmed => 1.0, :not_defined => 1.0 }
23
-
23
+
24
24
  # Key Lookup values
25
25
 
26
26
  ATTACK_VECTOR_KEY = { :physical => 'P', :local => 'L', :adjacent_network => 'A', :network => 'N' }
@@ -30,11 +30,11 @@ module Cvss3
30
30
  USER_INTERACTION_KEY = { :none => 'N', :required => 'R' }
31
31
 
32
32
  SCOPE_KEY = { :changed => 'C', :unchanged => 'U' }
33
-
33
+
34
34
  CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H' }
35
-
35
+
36
36
  CIA_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :not_defined => 'X' }
37
-
37
+
38
38
  EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'P', :functional => 'F', :high => 'H', :not_defined => 'X' }
39
39
  REMEDIATION_LEVEL_KEY = { :official => 'O', :temporary => "T", :workaround => 'W', :unavailable => 'U', :not_defined => 'X' }
40
40
  REPORT_CONFIDENCE_KEY = { :unknown => 'U', :reasonable => 'R', :confirmed => 'C', :not_defined => 'X' }
@@ -46,7 +46,7 @@ module Cvss3
46
46
  MODIFIED_USER_INTERACTION_KEY = { :none => 'N', :required => 'R', :not_defined => 'X' }
47
47
 
48
48
  MODIFIED_SCOPE_KEY = { :changed => 'C', :unchanged => 'U', :not_defined => 'X' }
49
-
49
+
50
50
  MODIFIED_CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H', :not_defined => 'X' }
51
51
  end
52
- end
52
+ end
data/lib/cvss_rating/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Cvss2
2
2
  class Rating
3
- VERSION = "0.5.4"
3
+ VERSION = "0.5.5"
4
4
  end
5
5
  end
data/test/cvss3_rating_test.rb CHANGED
@@ -100,13 +100,13 @@ class Cvss3RatingTest < MiniTest::Test
100
100
  assert_equal "None", cvss.risk_score(0.0)
101
101
 
102
102
  assert_equal "Low", cvss.risk_score(2.0)
103
-
103
+
104
104
  assert_equal "Medium", cvss.risk_score(5.1)
105
-
105
+
106
106
  assert_equal "High", cvss.risk_score(7.1)
107
-
107
+
108
108
  assert_equal "Critical", cvss.risk_score(10.0)
109
-
109
+
110
110
  assert_equal nil, cvss.risk_score(11.0)
111
111
  end
112
112
 
@@ -147,7 +147,7 @@ class Cvss3RatingTest < MiniTest::Test
147
147
  cvss.parse("AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/CR:L/IR:L/AR:L")
148
148
 
149
149
  cvss.cvss_base_score
150
-
150
+
151
151
  score = cvss.cvss_temporal_score
152
152
 
153
153
  assert_equal 4.3, score[0]
@@ -171,7 +171,7 @@ class Cvss3RatingTest < MiniTest::Test
171
171
  cvss.parse("AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/CR:L/IR:L/AR:L")
172
172
 
173
173
  cvss.cvss_base_score
174
-
174
+
175
175
  score = cvss.cvss_environmental_score
176
176
 
177
177
  assert_equal 2.4, score[0]
@@ -182,7 +182,7 @@ class Cvss3RatingTest < MiniTest::Test
182
182
  cvss.parse("AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/IR:L/AR:L/MAV:A/MPR:N")
183
183
 
184
184
  cvss.cvss_base_score
185
-
185
+
186
186
  score = cvss.cvss_environmental_score
187
187
 
188
188
  assert_equal 4.8, score[0]
@@ -193,7 +193,7 @@ class Cvss3RatingTest < MiniTest::Test
193
193
  cvss.parse("CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/MAV:N/MS:U")
194
194
 
195
195
  cvss.cvss_base_score
196
-
196
+
197
197
  score = cvss.cvss_environmental_score
198
198
 
199
199
  assert_equal 3.9, score[0]
@@ -201,6 +201,25 @@ class Cvss3RatingTest < MiniTest::Test
201
201
  assert_equal "Low", score[1]
202
202
  end
203
203
 
204
+ def test_parsing
205
+ cvss = Cvss3::Rating.new
206
+ cvss.parse('CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U')
207
+
208
+ score = cvss.cvss_base_score
209
+
210
+ assert_equal 7.7, score[0]
211
+
212
+ assert_equal "High", score[1]
213
+
214
+ assert_equal "U", cvss.ex
215
+
216
+ assert_equal "N", cvss.ui
217
+
218
+ assert_equal "U", cvss.rl
219
+
220
+ end
221
+
222
+
204
223
  def test_all_scores
205
224
  cvss = Cvss3::Rating.new
206
225
  cvss.parse("AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N/E:X/RL:X/RC:X")
@@ -232,4 +251,4 @@ class Cvss3RatingTest < MiniTest::Test
232
251
  assert_equal 7.4, score[0]
233
252
  end
234
253
 
235
- end
254
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cvss_rating
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.4
4
+ version: 0.5.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stephen Kapp
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-02-13 00:00:00.000000000 Z
11
+ date: 2017-11-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -109,11 +109,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
109
109
  version: '0'
110
110
  requirements: []
111
111
  rubyforge_project:
112
- rubygems_version: 2.4.3
112
+ rubygems_version: 2.6.14
113
113
  signing_key:
114
114
  specification_version: 4
115
115
  summary: CVSS Risk Rating Calculation and Vector parsing
116
116
  test_files:
117
117
  - test/cvss2_rating_test.rb
118
118
  - test/cvss3_rating_test.rb
119
- has_rdoc: