cvss_rating 0.5.5 → 0.5.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 22b85441ed9dfd750176b5482942257a3fa5e6f5
-  data.tar.gz: 4840564e357dd55f6789937a55ae139d40644ab9
+  metadata.gz: c2ccbd12f5c9e7e10efc37d8bf8169c30a2a8cae
+  data.tar.gz: 5948fc4bbc27d6aff4a28c93174b9e4f59f420f9
 SHA512:
-  metadata.gz: 262b65ba421f8e9bb3f8ad9179715119a6a845d1c976465c42600e0e4585451308505f958f0069dd27821f6713ad7f3e621fdb325873b8628a4c6ddf3ab85e3d
-  data.tar.gz: '028f893b2c1e80064cf822c97f02d4905d6f9711b16d95027408018013ca26bff76a4835ded93afefd83fae62d36d9d9d9c6b4cf1b18b5200348b0b28d7194a4'
+  metadata.gz: aab7c7a86f48db5a0b4e9af1e8cd1ce97e5985dca60e1935c7998aaa2642a60925788c1150886d34b2824af95a04dd03dedb2328b04e49ed972dff5806ac6d3b
+  data.tar.gz: 782d77519ad0d104e8d88cdef42a7e206259df1f789ff4cca33b326d575e9bbb27a4300fa901e629f9b4034b6785b7ef5425c2e6351f140963488f01fc8e615d

data/.gitignore

@@ -20,3 +20,5 @@ tmp
 *.o
 *.a
 mkmf.log
+
+.byebug_history

data/cvss_rating.gemspec

@@ -22,4 +22,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "minitest"
   spec.add_development_dependency "activesupport"
   spec.add_development_dependency "rake"
+  spec.add_development_dependency "byebug"
 end

data/lib/cvss3_rating.rb

@@ -1,6 +1,7 @@
 # @author Stephen Kapp
 
 require "cvss_rating/version"
+require "cvss_rating/float"
 require "cvss_rating/cvss3_formulas"
 require "cvss_rating/cvss3_metrics"
 require "cvss_rating/cvss3_vectors"
@@ -17,7 +18,7 @@ module Cvss3
 		# @param list [Hash] list of CVSS 3.0 attributes to be used during initialization
 		#
 
-		def initialize(attributes = {})   
+		def initialize(attributes = {})
 			init
 
 	    	attributes.each do |name, value|
@@ -25,7 +26,7 @@ module Cvss3
 	    	end
 	 	end
 
-	 	
+
 	 	#
 	 	# Takes score and determines risk level from None to Critical
 	 	#
@@ -49,20 +50,22 @@ module Cvss3
 	 			end
 	 	end
 
-	 
+
 	 	#
 	 	# Calculate the CVSS 3.0 Base Score
 	 	#
 	 	# @return [Array] the CVSS 3.0 Base score with its risk level
 
 	 	def cvss_base_score
+			byebug if @pr.nil?
+			
 	 		@exploitability = ::Cvss3::Formulas.new.exploitability_sub_score(@av, @ac, @pr, @ui)
 
-			@impact = ::Cvss3::Formulas.new.impact_sub_score_base(@ai, @ci, @ii)	 	
+			@impact = ::Cvss3::Formulas.new.impact_sub_score_base(@ai, @ci, @ii)
 
 			@base = ::Cvss3::Formulas.new.cvss_base_formula(@impact, @sc, @exploitability)
 
-			@base_level = risk_score(@base)	
+			@base_level = risk_score(@base)
 
 			return @base, @base_level
 	 	end
@@ -88,13 +91,13 @@ module Cvss3
 	 	# @return [Array] the CVSS 3.0 Temporal score with its risk level
 
 	 	def cvss_environmental_score
-	 		exploitability_sub_score_value_modified = ::Cvss3::Formulas.new.exploitability_sub_score_modified(self.mav(true), 
+	 		exploitability_sub_score_value_modified = ::Cvss3::Formulas.new.exploitability_sub_score_modified(self.mav(true),
 	 			self.mac(true), self.mpr(true), self.mui(true))
 
-	 		impact_sub_score_value_modified = ::Cvss3::Formulas.new.impact_sub_score_modified_base(self.ma(true), self.mc(true), 
+	 		impact_sub_score_value_modified = ::Cvss3::Formulas.new.impact_sub_score_modified_base(self.ma(true), self.mc(true),
 	 			self.mi(true), @cr, @ir, @ar)
 
-	 		@environmental = ::Cvss3::Formulas.new.cvss_environmental_formula(impact_sub_score_value_modified, 
+	 		@environmental = ::Cvss3::Formulas.new.cvss_environmental_formula(impact_sub_score_value_modified,
 	 			exploitability_sub_score_value_modified,
 	 			@ex, @rl, @rc, self.ms(true))
 
@@ -103,4 +106,4 @@ module Cvss3
 	 		return @environmental, @environmental_level
 	 	end
 	end
-end
+end

data/lib/cvss_rating/cvss3_formulas.rb

@@ -1,103 +1,90 @@
 module Cvss3
-	class Formulas
-		EXPLOITABILITY_COEFFICIENT = 8.22
-		IMPACT_COEFFICIENT = 6.42
-		IMPACT_MOD_COEFFICIENT = 7.52
+  class Formulas
+    EXPLOITABILITY_COEFFICIENT = 8.22
+    IMPACT_COEFFICIENT = 6.42
+    IMPACT_MOD_COEFFICIENT = 7.52
 
-		def exploitability_sub_score(attack_vector_value, attack_complexity_value, privileges_required_value, user_interaction_value)
-			
+    def exploitability_sub_score(attack_vector_value, attack_complexity_value, privileges_required_value, user_interaction_value)
 			exploitability_sub_score_value = EXPLOITABILITY_COEFFICIENT * attack_vector_value * attack_complexity_value * privileges_required_value * user_interaction_value
 
-			return exploitability_sub_score_value
-		end
-
-		def exploitability_sub_score_modified(attack_vector_value_modified, attack_complexity_value_modified, 
-			privileges_required_value_modified, user_interaction_value_modified)
-			
-			exploitability_sub_score_value_modified = EXPLOITABILITY_COEFFICIENT * attack_vector_value_modified * attack_complexity_value_modified * privileges_required_value_modified * user_interaction_value_modified
-    		
-    		return exploitability_sub_score_value_modified
-		end
-
-		def impact_sub_score_base(availability_value, confidentiality_value, integrity_value)
-			
-			impact_sub_score_value = 1 - ((1 - confidentiality_value) * (1 - integrity_value) * (1 - availability_value))
-    		
-    		return impact_sub_score_value
-		end
-
-		def impact_sub_score_modified_base(availability_value_modified, confidentiality_value_modified, integrity_value_modified,
-			confidentiality_requirement_value, integrity_requirement_value, availability_requirement_value)
-
-			impact_sub_score_value_modified = min(0.915, 1 - (1 - confidentiality_value_modified * confidentiality_requirement_value) * (1 - integrity_value_modified * integrity_requirement_value) * (1 - availability_value_modified * availability_requirement_value))
-			
-			return impact_sub_score_value_modified
-		end
-
-		def cvss_base_formula(impact_sub_score_value, scope_value, exploitability_sub_score_value)
-		
-			if scope_value == "unchanged"
-        		impact_value = IMPACT_COEFFICIENT * impact_sub_score_value
-        		cvss_base_value = min(10, impact_value + exploitability_sub_score_value)
-    		elsif scope_value == "changed"
-        		impact_value = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value - 0.029) - 3.25 * ((impact_sub_score_value - 0.02) ** 15)
-        		cvss_base_value = min(10, 1.08 * (impact_value + exploitability_sub_score_value))
-        	end
-
-		    if impact_sub_score_value <= 0
-				cvss_base_value = 0.0
-		    else
-				cvss_base_value = cvss_base_value.ceil2(1)
-			end
-
-    		return cvss_base_value
-		end
-
-		def cvss_temporal_formula(cvss_base_value, exploit_code_maturity_value, remediation_level_value, report_confidence_value)
-			
-			cvss_temporal_value = cvss_base_value * exploit_code_maturity_value * remediation_level_value * \
-				report_confidence_value
-    		
-    		cvss_temporal_value = cvss_temporal_value.ceil2(1)
-			
-			return cvss_temporal_value
-		end
-
-		def cvss_environmental_formula(impact_sub_score_value_modified, exploitability_sub_score_value_modified,
-			exploit_code_maturity_value, remediation_level_value, report_confidence_value, scope_value_modified)
-
-			if scope_value_modified == "unchanged"
-				impact_value_modified = IMPACT_COEFFICIENT * impact_sub_score_value_modified
-				temp_score = min(10, impact_value_modified + exploitability_sub_score_value_modified)
-				temp_score2 = temp_score.ceil2(1)
-				temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
-			elsif scope_value_modified == "changed"
-		        impact_value_modified = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value_modified - 0.029) - 3.25 * ((impact_sub_score_value_modified - 0.02) ** 15)
-		        temp_score = min(10, 1.08 * (impact_value_modified + exploitability_sub_score_value_modified))
-		        temp_score2 = temp_score.ceil2(1)
-		        temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
-		    end
-
-    		if impact_sub_score_value_modified <= 0
-        		cvss_environmental_value = 0.0
-        	else
-        		cvss_environmental_value = temp_score3.ceil2(1)
-        	end
-
-        	return cvss_environmental_value
-		end
-
-
-		def min(*values)
-			values.min
-		end
-	end
-end
+      exploitability_sub_score_value
+    end
+
+    def exploitability_sub_score_modified(attack_vector_value_modified, attack_complexity_value_modified,
+                                          privileges_required_value_modified, user_interaction_value_modified)
+
+      exploitability_sub_score_value_modified = EXPLOITABILITY_COEFFICIENT * attack_vector_value_modified * attack_complexity_value_modified * privileges_required_value_modified * user_interaction_value_modified
+
+      exploitability_sub_score_value_modified
+    end
+
+    def impact_sub_score_base(availability_value, confidentiality_value, integrity_value)
+      impact_sub_score_value = 1 - ((1 - confidentiality_value) * (1 - integrity_value) * (1 - availability_value))
+
+      impact_sub_score_value
+    end
+
+    def impact_sub_score_modified_base(availability_value_modified, confidentiality_value_modified, integrity_value_modified,
+                                       confidentiality_requirement_value, integrity_requirement_value, availability_requirement_value)
+
+      impact_sub_score_value_modified = min(0.915, 1 - (1 - confidentiality_value_modified * confidentiality_requirement_value) * (1 - integrity_value_modified * integrity_requirement_value) * (1 - availability_value_modified * availability_requirement_value))
+
+      impact_sub_score_value_modified
+    end
+
+    def cvss_base_formula(impact_sub_score_value, scope_value, exploitability_sub_score_value)
+      if scope_value == 'unchanged'
+        impact_value = IMPACT_COEFFICIENT * impact_sub_score_value
+        cvss_base_value = min(10.0, impact_value + exploitability_sub_score_value)
+      elsif scope_value == 'changed'
+        impact_value = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value - 0.029) - 3.25 * ((impact_sub_score_value - 0.02)**15)
+        cvss_base_value = min(10.0, 1.08 * (impact_value + exploitability_sub_score_value))
+          end
 
+      cvss_base_value = if impact_sub_score_value <= 0
+                          0.0
+                        else
+                          cvss_base_value.ceil2(1)
+                         end
 
-class Float
-  		def ceil2(exp = 0)
-   			multiplier = 10 ** exp
-   			((self * multiplier).ceil).to_f/multiplier.to_f
-  		end
-end
+      cvss_base_value
+    end
+
+    def cvss_temporal_formula(cvss_base_value, exploit_code_maturity_value, remediation_level_value, report_confidence_value)
+      cvss_temporal_value = cvss_base_value * exploit_code_maturity_value * remediation_level_value * \
+                            report_confidence_value
+
+      cvss_temporal_value = cvss_temporal_value.ceil2(1)
+
+      cvss_temporal_value
+    end
+
+    def cvss_environmental_formula(impact_sub_score_value_modified, exploitability_sub_score_value_modified,
+                                   exploit_code_maturity_value, remediation_level_value, report_confidence_value, scope_value_modified)
+
+      if scope_value_modified == 'unchanged'
+        impact_value_modified = IMPACT_COEFFICIENT * impact_sub_score_value_modified
+        temp_score = min(10.0, impact_value_modified + exploitability_sub_score_value_modified)
+        temp_score2 = temp_score.ceil2(1)
+        temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
+      elsif scope_value_modified == 'changed'
+        impact_value_modified = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value_modified - 0.029) - 3.25 * ((impact_sub_score_value_modified - 0.02)**15)
+        temp_score = min(10.0, 1.08 * (impact_value_modified + exploitability_sub_score_value_modified))
+        temp_score2 = temp_score.ceil2(1)
+        temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
+        end
+
+      cvss_environmental_value = if impact_sub_score_value_modified <= 0
+                                   0.0
+                                 else
+                                   temp_score3.ceil2(1)
+                                 end
+
+      cvss_environmental_value
+    end
+
+    def min(*values)
+      values.min
+    end
+  end
+end