cvss_rating 0.5.4 → 0.5.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d40ab4144b20e818426f9b7c0d00ef0cc8a65f98
4
- data.tar.gz: f7c8de9e33c26e7424f32a5b39e32c0a2730edbd
3
+ metadata.gz: 22b85441ed9dfd750176b5482942257a3fa5e6f5
4
+ data.tar.gz: 4840564e357dd55f6789937a55ae139d40644ab9
5
5
  SHA512:
6
- metadata.gz: 34c4a7f964cf42aafd363a03a3f7b89cbdf95c3dba1051180eb47a3cbf91a2d35ca169a0332b60ef83fe1b55aea184b041539d434965e34a5b08fd6643086760
7
- data.tar.gz: 061866fa6702670cfa2eedadbc7c95943c5e64781a833080ca5c50e7e3a5c952f3b249453f9ac0db7c093a6d5731ae308501fe18c3666755513519a6b8ee5bbc
6
+ metadata.gz: 262b65ba421f8e9bb3f8ad9179715119a6a845d1c976465c42600e0e4585451308505f958f0069dd27821f6713ad7f3e621fdb325873b8628a4c6ddf3ab85e3d
7
+ data.tar.gz: '028f893b2c1e80064cf822c97f02d4905d6f9711b16d95027408018013ca26bff76a4835ded93afefd83fae62d36d9d9d9c6b4cf1b18b5200348b0b28d7194a4'
@@ -1,16 +1,16 @@
1
1
  module Cvss3
2
2
  class Metrics
3
3
  # Base Metrics
4
- ATTACK_VECTOR = { :physical => 0.2, :local => 0.55, :adjacent_network => 0.62, :network => 0.85, :not_defined => 0.85 }
5
- ATTACK_COMPLEXITY = { :high => 0.44, :low => 0.77, :not_defined => 0.77 }
6
-
7
- PRIVILEGE_REQUIRED = { :not_defined => 0.85, :none => 0.85, :low => 0.62, :high => 0.27 }
8
- PRIVILEGE_REQUIRED_CHANGED = { :not_defined => 0.85, :none => 0.85, :low => 0.68, :high => 0.50 }
9
-
10
- USER_INTERACTION = {:not_defined => 0.85, :none => 0.85, :required => 0.62 }
4
+ ATTACK_VECTOR = { :physical => 0.2, :local => 0.55, :adjacent_network => 0.62, :network => 0.85 }
5
+ ATTACK_COMPLEXITY = { :high => 0.44, :low => 0.77 }
6
+
7
+ PRIVILEGE_REQUIRED = { :none => 0.85, :low => 0.62, :high => 0.27 }
8
+ PRIVILEGE_REQUIRED_CHANGED = { :none => 0.85, :low => 0.68, :high => 0.50 }
9
+
10
+ USER_INTERACTION = {:none => 0.85, :required => 0.62 }
11
11
 
12
12
  CIA_IMPACT = { :none => 0.0, :low => 0.22, :high => 0.56, :not_defined => 0.56 }
13
-
13
+
14
14
  # Environmental Metrics
15
15
  CIA_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.50, :not_defined => 1.0 }
16
16
 
@@ -18,9 +18,9 @@ module Cvss3
18
18
  EXPLOITABILITY = { :unproven => 0.91, :poc => 0.94, :functional => 0.97, :high => 1.0, :not_defined => 1.0 }
19
19
 
20
20
  REMEDIATION_LEVEL = { :official => 0.95, :temporary => 0.96, :workaround => 0.97, :unavailable => 1.0, :not_defined => 1.0 }
21
-
21
+
22
22
  REPORT_CONFIDENCE = { :unknown => 0.92, :reasonable => 0.96, :confirmed => 1.0, :not_defined => 1.0 }
23
-
23
+
24
24
  # Key Lookup values
25
25
 
26
26
  ATTACK_VECTOR_KEY = { :physical => 'P', :local => 'L', :adjacent_network => 'A', :network => 'N' }
@@ -30,11 +30,11 @@ module Cvss3
30
30
  USER_INTERACTION_KEY = { :none => 'N', :required => 'R' }
31
31
 
32
32
  SCOPE_KEY = { :changed => 'C', :unchanged => 'U' }
33
-
33
+
34
34
  CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H' }
35
-
35
+
36
36
  CIA_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :not_defined => 'X' }
37
-
37
+
38
38
  EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'P', :functional => 'F', :high => 'H', :not_defined => 'X' }
39
39
  REMEDIATION_LEVEL_KEY = { :official => 'O', :temporary => "T", :workaround => 'W', :unavailable => 'U', :not_defined => 'X' }
40
40
  REPORT_CONFIDENCE_KEY = { :unknown => 'U', :reasonable => 'R', :confirmed => 'C', :not_defined => 'X' }
@@ -46,7 +46,7 @@ module Cvss3
46
46
  MODIFIED_USER_INTERACTION_KEY = { :none => 'N', :required => 'R', :not_defined => 'X' }
47
47
 
48
48
  MODIFIED_SCOPE_KEY = { :changed => 'C', :unchanged => 'U', :not_defined => 'X' }
49
-
49
+
50
50
  MODIFIED_CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H', :not_defined => 'X' }
51
51
  end
52
- end
52
+ end
@@ -1,5 +1,5 @@
1
1
  module Cvss2
2
2
  class Rating
3
- VERSION = "0.5.4"
3
+ VERSION = "0.5.5"
4
4
  end
5
5
  end
@@ -100,13 +100,13 @@ class Cvss3RatingTest < MiniTest::Test
100
100
  assert_equal "None", cvss.risk_score(0.0)
101
101
 
102
102
  assert_equal "Low", cvss.risk_score(2.0)
103
-
103
+
104
104
  assert_equal "Medium", cvss.risk_score(5.1)
105
-
105
+
106
106
  assert_equal "High", cvss.risk_score(7.1)
107
-
107
+
108
108
  assert_equal "Critical", cvss.risk_score(10.0)
109
-
109
+
110
110
  assert_equal nil, cvss.risk_score(11.0)
111
111
  end
112
112
 
@@ -147,7 +147,7 @@ class Cvss3RatingTest < MiniTest::Test
147
147
  cvss.parse("AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/CR:L/IR:L/AR:L")
148
148
 
149
149
  cvss.cvss_base_score
150
-
150
+
151
151
  score = cvss.cvss_temporal_score
152
152
 
153
153
  assert_equal 4.3, score[0]
@@ -171,7 +171,7 @@ class Cvss3RatingTest < MiniTest::Test
171
171
  cvss.parse("AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/CR:L/IR:L/AR:L")
172
172
 
173
173
  cvss.cvss_base_score
174
-
174
+
175
175
  score = cvss.cvss_environmental_score
176
176
 
177
177
  assert_equal 2.4, score[0]
@@ -182,7 +182,7 @@ class Cvss3RatingTest < MiniTest::Test
182
182
  cvss.parse("AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/IR:L/AR:L/MAV:A/MPR:N")
183
183
 
184
184
  cvss.cvss_base_score
185
-
185
+
186
186
  score = cvss.cvss_environmental_score
187
187
 
188
188
  assert_equal 4.8, score[0]
@@ -193,7 +193,7 @@ class Cvss3RatingTest < MiniTest::Test
193
193
  cvss.parse("CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/MAV:N/MS:U")
194
194
 
195
195
  cvss.cvss_base_score
196
-
196
+
197
197
  score = cvss.cvss_environmental_score
198
198
 
199
199
  assert_equal 3.9, score[0]
@@ -201,6 +201,25 @@ class Cvss3RatingTest < MiniTest::Test
201
201
  assert_equal "Low", score[1]
202
202
  end
203
203
 
204
+ def test_parsing
205
+ cvss = Cvss3::Rating.new
206
+ cvss.parse('CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U')
207
+
208
+ score = cvss.cvss_base_score
209
+
210
+ assert_equal 7.7, score[0]
211
+
212
+ assert_equal "High", score[1]
213
+
214
+ assert_equal "U", cvss.ex
215
+
216
+ assert_equal "N", cvss.ui
217
+
218
+ assert_equal "U", cvss.rl
219
+
220
+ end
221
+
222
+
204
223
  def test_all_scores
205
224
  cvss = Cvss3::Rating.new
206
225
  cvss.parse("AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N/E:X/RL:X/RC:X")
@@ -232,4 +251,4 @@ class Cvss3RatingTest < MiniTest::Test
232
251
  assert_equal 7.4, score[0]
233
252
  end
234
253
 
235
- end
254
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cvss_rating
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.4
4
+ version: 0.5.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stephen Kapp
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-02-13 00:00:00.000000000 Z
11
+ date: 2017-11-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -109,11 +109,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
109
109
  version: '0'
110
110
  requirements: []
111
111
  rubyforge_project:
112
- rubygems_version: 2.4.3
112
+ rubygems_version: 2.6.14
113
113
  signing_key:
114
114
  specification_version: 4
115
115
  summary: CVSS Risk Rating Calculation and Vector parsing
116
116
  test_files:
117
117
  - test/cvss2_rating_test.rb
118
118
  - test/cvss3_rating_test.rb
119
- has_rdoc: