cvssv2 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: d6177f4e2cda57722b00258c35dc6580758e612b
4
+ data.tar.gz: 73940e45e73e491480316382d91dfefb5f0c8a0e
5
+ SHA512:
6
+ metadata.gz: 450a853d4c9c472c8b38f2e1e89ab81e5206df0628e49220c05e187116831cc17dca6623542cb1e2382d8e7d24a0ab5dfef90f2aa5c44dfc7d47148f152889bc
7
+ data.tar.gz: 39137859ac4924c2b64ac851e08c5a0e4603923829037e92d4e679a0e3a32ae92186df9f0690712d29621c2851a7cf012de0a75f45bb08b3e66288449455bb23
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
@@ -0,0 +1,4 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.1.6
4
+ before_install: gem install bundler -v 1.10.6
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in cvssv2.gemspec
4
+ gemspec
@@ -0,0 +1,32 @@
1
+ # Cvssv2
2
+
3
+ Rubygem to parse a CVSS v2 vector as defined by [NIST](https://nvd.nist.gov/CVSS-v2-Calculator)
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ ```ruby
10
+ gem 'cvssv2'
11
+ ```
12
+
13
+ And then execute:
14
+
15
+ $ bundle
16
+
17
+ Or install it yourself as:
18
+
19
+ $ gem install cvssv2
20
+
21
+ ## Usage
22
+
23
+
24
+ ## Development
25
+
26
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
27
+
28
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
29
+
30
+ ## Contributing
31
+
32
+ Bug reports and pull requests are welcome on GitHub at https://github.com/vpereira/ruby-cvssv2.
@@ -0,0 +1,10 @@
1
+ require "bundler/gem_tasks"
2
+ require "rake/testtask"
3
+
4
+ Rake::TestTask.new(:test) do |t|
5
+ t.libs << "test"
6
+ t.libs << "lib"
7
+ t.test_files = FileList['test/**/*_test.rb']
8
+ end
9
+
10
+ task :default => :test
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "cvssv2"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start
@@ -0,0 +1,7 @@
1
+ #!/bin/bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+
5
+ bundle install
6
+
7
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,24 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'cvssv2/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "cvssv2"
8
+ spec.version = Cvssv2::VERSION
9
+ spec.authors = ["Victor Pereira"]
10
+ spec.email = ["vpereira@suse.de"]
11
+
12
+ spec.summary = %q{gem to parse cvssv2 vector}
13
+ spec.description = %q{gem to parse and score cvssv2 vectors}
14
+ spec.homepage = "https://github.com/vpereira/ruby-cvssv2"
15
+
16
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
17
+ spec.bindir = "exe"
18
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_development_dependency "bundler", "~> 1.10"
22
+ spec.add_development_dependency "rake", "~> 10.0"
23
+ spec.add_development_dependency "minitest"
24
+ end
@@ -0,0 +1,81 @@
1
+ require "cvssv2/version"
2
+ require "cvssv2/access_vector"
3
+ require "cvssv2/access_complexity"
4
+ require "cvssv2/authentication"
5
+ require "cvssv2/confidentiality_impact"
6
+ require "cvssv2/integrity_impact"
7
+ require "cvssv2/availability_impact"
8
+ require "cvssv2/temporal_exploitability"
9
+ module Cvssv2
10
+ class Cvssv2
11
+ attr_accessor :vector
12
+ attr_reader :av,:ac,:au,:c,:i,:a,:e,:rl,:rc,:cdp,:td,:cr,:ir,:ar
13
+
14
+ VECTOR_REGEXP = /\(AV:([LAN])\/AC:([HML])\/Au:([NSM])\/C:([NPC])\/I:([NPC])\/A:([NPC])(?:\/E:(ND|U|POC|F|H)\/RL:(ND|OF|TF|W|U)\/RC:(ND|UC|UR|C)(?:\/CDP:(N|L|LM|MH|H|ND)\/TD:(N|L|M|H|ND)\/CR:(L|M|H|ND)\/IR:(L|M|H|ND)\/AR:(L|M|H|ND))?)?\)/
15
+
16
+ def initialize(v=nil)
17
+ @vector = v
18
+ parse if valid?
19
+ end
20
+
21
+ def valid?
22
+ !!(@vector =~ VECTOR_REGEXP)
23
+ end
24
+
25
+ def parse
26
+ @av,@ac,@au,@c,@i,@a,@e,@rl,@rc, \
27
+ @cdp,@td,@cr,@ir,@ar = @vector.scan(VECTOR_REGEXP).flatten
28
+ end
29
+
30
+ def access_complexity
31
+ AccessComplexity.score(@ac)
32
+ end
33
+
34
+ def authentication
35
+ Authentication.score(@au)
36
+ end
37
+
38
+ def confidentiality
39
+ AccessVector.score(@av)
40
+ end
41
+
42
+ def confidentiality_impact
43
+ ConfidentialityImpact.score(@c)
44
+ end
45
+
46
+ def integrity_impact
47
+ IntegrityImpact.score(@i)
48
+ end
49
+
50
+ def availability_impact
51
+ AvailabilityImpact.score(@a)
52
+ end
53
+
54
+ def impact
55
+ print_formatted_float(10.41 * (1.0 - (1.0 - confidentiality_impact) * \
56
+ (1.0 - integrity_impact) * (1.0- availability_impact)))
57
+ end
58
+
59
+ def exploitability
60
+ print_formatted_float(20 * access_complexity * \
61
+ authentication * confidentiality )
62
+ end
63
+
64
+ def f_impact
65
+ impact == 0 ? 0.0 : 1.176
66
+ end
67
+
68
+ def base_score
69
+ print_formatted_float((0.6 * impact + 0.4*exploitability-1.5) * f_impact)
70
+ end
71
+
72
+ def temporal_exploitability
73
+ TemporalExploitability.score(@e)
74
+ end
75
+
76
+ protected
77
+ def print_formatted_float(data,precision=2)
78
+ sprintf("%.#{precision}f",data).to_f
79
+ end
80
+ end
81
+ end
@@ -0,0 +1,16 @@
1
+ module Cvssv2
2
+ class AccessComplexity
3
+ def self.score(ac)
4
+ case ac
5
+ when 'H'
6
+ 0.35
7
+ when 'M'
8
+ 0.61
9
+ when 'L'
10
+ 0.71
11
+ else
12
+ 0
13
+ end
14
+ end
15
+ end
16
+ end
@@ -0,0 +1,16 @@
1
+ module Cvssv2
2
+ class AccessVector
3
+ def self.score(av)
4
+ case av
5
+ when 'L'
6
+ 0.395
7
+ when 'A'
8
+ 0.646
9
+ when 'N'
10
+ 1
11
+ else
12
+ 0
13
+ end
14
+ end
15
+ end
16
+ end
@@ -0,0 +1,16 @@
1
+ module Cvssv2
2
+ class Authentication
3
+ def self.score(au)
4
+ case au
5
+ when 'M'
6
+ 0.45
7
+ when 'S'
8
+ 0.56
9
+ when 'N'
10
+ 0.704
11
+ else
12
+ 0
13
+ end
14
+ end
15
+ end
16
+ end
@@ -0,0 +1,14 @@
1
+ module Cvssv2
2
+ class AvailabilityImpact
3
+ def self.score(a)
4
+ case a
5
+ when 'P'
6
+ 0.275
7
+ when 'C'
8
+ 0.660
9
+ else # 'N' included
10
+ 0
11
+ end
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,14 @@
1
+ module Cvssv2
2
+ class ConfidentialityImpact
3
+ def self.score(c)
4
+ case c
5
+ when 'P'
6
+ 0.275
7
+ when 'C'
8
+ 0.660
9
+ else # 'N' included
10
+ 0
11
+ end
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,14 @@
1
+ module Cvssv2
2
+ class IntegrityImpact
3
+ def self.score(i)
4
+ case i
5
+ when 'P'
6
+ 0.275
7
+ when 'C'
8
+ 0.660
9
+ else # 'N' included
10
+ 0
11
+ end
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,16 @@
1
+ module Cvssv2
2
+ class TemporalExploitability
3
+ def self.score(e)
4
+ case e
5
+ when 'U'
6
+ 0.85
7
+ when "POC"
8
+ 0.9
9
+ when "F"
10
+ 0.95
11
+ else # not defined
12
+ 1.0
13
+ end
14
+ end
15
+ end
16
+ end
@@ -0,0 +1,3 @@
1
+ module Cvssv2
2
+ VERSION = "0.1.0"
3
+ end
metadata ADDED
@@ -0,0 +1,102 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: cvssv2
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Victor Pereira
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2015-08-17 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.10'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.10'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: minitest
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ description: gem to parse and score cvssv2 vectors
56
+ email:
57
+ - vpereira@suse.de
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - ".gitignore"
63
+ - ".travis.yml"
64
+ - Gemfile
65
+ - README.md
66
+ - Rakefile
67
+ - bin/console
68
+ - bin/setup
69
+ - cvssv2.gemspec
70
+ - lib/cvssv2.rb
71
+ - lib/cvssv2/access_complexity.rb
72
+ - lib/cvssv2/access_vector.rb
73
+ - lib/cvssv2/authentication.rb
74
+ - lib/cvssv2/availability_impact.rb
75
+ - lib/cvssv2/confidentiality_impact.rb
76
+ - lib/cvssv2/integrity_impact.rb
77
+ - lib/cvssv2/temporal_exploitability.rb
78
+ - lib/cvssv2/version.rb
79
+ homepage: https://github.com/vpereira/ruby-cvssv2
80
+ licenses: []
81
+ metadata: {}
82
+ post_install_message:
83
+ rdoc_options: []
84
+ require_paths:
85
+ - lib
86
+ required_ruby_version: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - ">="
89
+ - !ruby/object:Gem::Version
90
+ version: '0'
91
+ required_rubygems_version: !ruby/object:Gem::Requirement
92
+ requirements:
93
+ - - ">="
94
+ - !ruby/object:Gem::Version
95
+ version: '0'
96
+ requirements: []
97
+ rubyforge_project:
98
+ rubygems_version: 2.4.8
99
+ signing_key:
100
+ specification_version: 4
101
+ summary: gem to parse cvssv2 vector
102
+ test_files: []