cvssv2 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d6177f4e2cda57722b00258c35dc6580758e612b
+  data.tar.gz: 73940e45e73e491480316382d91dfefb5f0c8a0e
+SHA512:
+  metadata.gz: 450a853d4c9c472c8b38f2e1e89ab81e5206df0628e49220c05e187116831cc17dca6623542cb1e2382d8e7d24a0ab5dfef90f2aa5c44dfc7d47148f152889bc
+  data.tar.gz: 39137859ac4924c2b64ac851e08c5a0e4603923829037e92d4e679a0e3a32ae92186df9f0690712d29621c2851a7cf012de0a75f45bb08b3e66288449455bb23

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.1.6
+before_install: gem install bundler -v 1.10.6

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in cvssv2.gemspec
+gemspec

data/README.md

@@ -0,0 +1,32 @@
+# Cvssv2
+
+Rubygem to parse a CVSS v2 vector as defined by [NIST](https://nvd.nist.gov/CVSS-v2-Calculator)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'cvssv2'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install cvssv2
+
+## Usage
+
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/vpereira/ruby-cvssv2.

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "cvssv2"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/cvssv2.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'cvssv2/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "cvssv2"
+  spec.version       = Cvssv2::VERSION
+  spec.authors       = ["Victor Pereira"]
+  spec.email         = ["vpereira@suse.de"]
+
+  spec.summary       = %q{gem to parse cvssv2 vector}
+  spec.description   = %q{gem to parse and score cvssv2 vectors}
+  spec.homepage      = "https://github.com/vpereira/ruby-cvssv2"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest"
+end

data/lib/cvssv2.rb

@@ -0,0 +1,81 @@
+require "cvssv2/version"
+require "cvssv2/access_vector"
+require "cvssv2/access_complexity"
+require "cvssv2/authentication"
+require "cvssv2/confidentiality_impact"
+require "cvssv2/integrity_impact"
+require "cvssv2/availability_impact"
+require "cvssv2/temporal_exploitability"
+module Cvssv2
+  class Cvssv2
+    attr_accessor :vector
+    attr_reader :av,:ac,:au,:c,:i,:a,:e,:rl,:rc,:cdp,:td,:cr,:ir,:ar
+
+    VECTOR_REGEXP = /\(AV:([LAN])\/AC:([HML])\/Au:([NSM])\/C:([NPC])\/I:([NPC])\/A:([NPC])(?:\/E:(ND|U|POC|F|H)\/RL:(ND|OF|TF|W|U)\/RC:(ND|UC|UR|C)(?:\/CDP:(N|L|LM|MH|H|ND)\/TD:(N|L|M|H|ND)\/CR:(L|M|H|ND)\/IR:(L|M|H|ND)\/AR:(L|M|H|ND))?)?\)/
+
+    def initialize(v=nil)
+      @vector = v
+      parse if valid?
+    end
+
+    def valid?
+      !!(@vector =~ VECTOR_REGEXP)
+    end
+
+    def parse
+      @av,@ac,@au,@c,@i,@a,@e,@rl,@rc, \
+      @cdp,@td,@cr,@ir,@ar = @vector.scan(VECTOR_REGEXP).flatten
+    end
+
+    def access_complexity
+      AccessComplexity.score(@ac)
+    end
+
+    def authentication
+      Authentication.score(@au)
+    end
+
+    def confidentiality
+      AccessVector.score(@av)
+    end
+
+    def confidentiality_impact
+      ConfidentialityImpact.score(@c)
+    end
+
+    def integrity_impact
+      IntegrityImpact.score(@i)
+    end
+
+    def availability_impact
+      AvailabilityImpact.score(@a)
+    end
+
+    def impact
+      print_formatted_float(10.41 * (1.0 - (1.0 - confidentiality_impact) * \
+        (1.0 - integrity_impact) * (1.0- availability_impact)))
+    end
+
+    def exploitability
+      print_formatted_float(20 * access_complexity * \
+        authentication * confidentiality )
+    end
+
+    def f_impact
+      impact == 0 ? 0.0 : 1.176
+    end
+
+    def base_score
+      print_formatted_float((0.6 * impact + 0.4*exploitability-1.5) * f_impact)
+    end
+
+    def temporal_exploitability
+      TemporalExploitability.score(@e)
+    end
+
+    protected
+    def print_formatted_float(data,precision=2)
+      sprintf("%.#{precision}f",data).to_f
+    end
+  end
+end

data/lib/cvssv2/access_complexity.rb

@@ -0,0 +1,16 @@
+module Cvssv2
+  class AccessComplexity
+    def self.score(ac)
+      case ac
+      when 'H'
+        0.35
+      when 'M'
+        0.61
+      when 'L'
+        0.71
+      else
+        0
+      end
+    end
+  end
+end

data/lib/cvssv2/access_vector.rb

@@ -0,0 +1,16 @@
+module Cvssv2
+  class AccessVector
+    def self.score(av)
+      case av
+      when 'L'
+        0.395
+      when 'A'
+        0.646
+      when 'N'
+        1
+      else
+        0
+      end
+    end
+  end
+end

data/lib/cvssv2/authentication.rb

@@ -0,0 +1,16 @@
+module Cvssv2
+  class Authentication
+    def self.score(au)
+      case au
+      when 'M'
+        0.45
+      when 'S'
+        0.56
+      when 'N'
+        0.704
+      else
+        0
+      end
+    end
+  end
+end

data/lib/cvssv2/availability_impact.rb

@@ -0,0 +1,14 @@
+module Cvssv2
+    class AvailabilityImpact
+      def self.score(a)
+        case a
+        when 'P'
+          0.275
+        when 'C'
+          0.660
+        else # 'N' included
+          0
+        end
+      end
+    end
+end

data/lib/cvssv2/confidentiality_impact.rb

@@ -0,0 +1,14 @@
+module Cvssv2
+  class ConfidentialityImpact
+    def self.score(c)
+      case c
+      when 'P'
+        0.275
+      when 'C'
+        0.660
+      else # 'N' included
+        0
+      end
+    end
+  end
+end

data/lib/cvssv2/integrity_impact.rb

@@ -0,0 +1,14 @@
+module Cvssv2
+  class IntegrityImpact
+    def self.score(i)
+      case i
+      when 'P'
+        0.275
+      when 'C'
+        0.660
+      else # 'N' included
+        0
+      end
+    end
+  end
+end

data/lib/cvssv2/temporal_exploitability.rb

@@ -0,0 +1,16 @@
+module Cvssv2
+  class TemporalExploitability
+    def self.score(e)
+      case e
+      when 'U'
+        0.85
+      when "POC"
+        0.9
+      when "F"
+        0.95
+      else # not defined
+        1.0
+      end
+    end
+  end
+end

data/lib/cvssv2/version.rb

@@ -0,0 +1,3 @@
+module Cvssv2
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification
+name: cvssv2
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Victor Pereira
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-08-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: gem to parse and score cvssv2 vectors
+email:
+- vpereira@suse.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- cvssv2.gemspec
+- lib/cvssv2.rb
+- lib/cvssv2/access_complexity.rb
+- lib/cvssv2/access_vector.rb
+- lib/cvssv2/authentication.rb
+- lib/cvssv2/availability_impact.rb
+- lib/cvssv2/confidentiality_impact.rb
+- lib/cvssv2/integrity_impact.rb
+- lib/cvssv2/temporal_exploitability.rb
+- lib/cvssv2/version.rb
+homepage: https://github.com/vpereira/ruby-cvssv2
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: gem to parse cvssv2 vector
+test_files: []