dradis-calculator_cvss 3.18.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (35) hide show
  1. checksums.yaml +7 -0
  2. data/.github/issue_template.md +16 -0
  3. data/.github/pull_request_template.md +36 -0
  4. data/.gitignore +10 -0
  5. data/CHANGELOG.md +64 -0
  6. data/CONTRIBUTING.md +3 -0
  7. data/Gemfile +3 -0
  8. data/LICENSE +339 -0
  9. data/README.md +40 -0
  10. data/Rakefile +1 -0
  11. data/app/assets/javascripts/dradis/plugins/calculators/cvss/calculator.js.coffee +135 -0
  12. data/app/assets/javascripts/dradis/plugins/calculators/cvss/manifests/application.js +7 -0
  13. data/app/assets/javascripts/dradis/plugins/calculators/cvss/manifests/tylium.js +2 -0
  14. data/app/assets/javascripts/dradis/plugins/calculators/cvss/vendor/cvsscalc30.js +689 -0
  15. data/app/assets/stylesheets/dradis/plugins/calculators/cvss/manifests/application.css.scss +4 -0
  16. data/app/controllers/dradis/plugins/calculators/cvss/base_controller.rb +8 -0
  17. data/app/controllers/dradis/plugins/calculators/cvss/issues_controller.rb +37 -0
  18. data/app/models/dradis/plugins/calculators/cvss/v3.rb +38 -0
  19. data/app/views/dradis/plugins/calculators/cvss/_addons_menu.html.erb +1 -0
  20. data/app/views/dradis/plugins/calculators/cvss/_addons_menu_bs4.html.erb +1 -0
  21. data/app/views/dradis/plugins/calculators/cvss/base/_base.html.erb +123 -0
  22. data/app/views/dradis/plugins/calculators/cvss/base/_environmental.html.erb +192 -0
  23. data/app/views/dradis/plugins/calculators/cvss/base/_temporal.html.erb +67 -0
  24. data/app/views/dradis/plugins/calculators/cvss/base/index.html.erb +79 -0
  25. data/app/views/dradis/plugins/calculators/cvss/issues/_show-content.html.erb +20 -0
  26. data/app/views/dradis/plugins/calculators/cvss/issues/_show-tabs.html.erb +3 -0
  27. data/app/views/dradis/plugins/calculators/cvss/issues/edit.html.erb +103 -0
  28. data/app/views/layouts/dradis/plugins/calculators/cvss/base.html.erb +27 -0
  29. data/config/routes.rb +12 -0
  30. data/dradis-calculator_cvss.gemspec +27 -0
  31. data/lib/dradis-calculator_cvss.rb +13 -0
  32. data/lib/dradis/plugins/calculators/cvss/engine.rb +26 -0
  33. data/lib/dradis/plugins/calculators/cvss/gem_version.rb +21 -0
  34. data/lib/dradis/plugins/calculators/cvss/version.rb +15 -0
  35. metadata +118 -0
@@ -0,0 +1,79 @@
1
+ <%= content_tag :div, class: 'page-header' do %>
2
+ <h1>CVSSv3 score calculator</h1>
3
+ <% end %>
4
+
5
+ <p class="lead">Use this page to calculate the <abbr title="Common Vulnerability Scoring System">CVSS</abbr> score of a given finding.</p>
6
+
7
+ <p class="alert alert-danger d-none" data-behavior="cvss-error"></p>
8
+
9
+ <div class="row">
10
+ <div class="col-8">
11
+
12
+ <h2 title="The Base Metric group represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Determine the vulnerable component and score Attack Vector, Attack Complexity, Privileges Required and User Interaction relative to this.">
13
+ Base: <span id="base-score">0</span>
14
+ </h2>
15
+ <%= render 'dradis/plugins/calculators/cvss/base/base' %>
16
+
17
+ <h2 title="The Temporal metrics measure the current state of exploit techniques or code availability, the existence of any patches or workarounds, or the confidence that one has in the description of a vulnerability.">
18
+ Temporal: <span id="temporal-score">0</span>
19
+ </h2>
20
+ <%= render 'dradis/plugins/calculators/cvss/base/temporal' %>
21
+
22
+ <h2 title="These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user’s organization, measured in terms of complementary/alternative security controls in place, Confidentiality, Integrity, and Availability. The metrics are the modified equivalent of base metrics and are assigned metric values based on the component placement in organization infrastructure.">
23
+ Environmental: <span id="environmental-score">0</span>
24
+ </h2>
25
+ <%= render 'dradis/plugins/calculators/cvss/base/environmental' %>
26
+ </div>
27
+
28
+ <div class="col-4">
29
+ <textarea name="cvss_fields" rows="52" class="form-control" style="width:100%">#[CVSSv3.Vector]#
30
+ N/A
31
+
32
+ #[CVSSv3.BaseScore]#
33
+ N/A
34
+
35
+ #[CVSSv3.BaseSeverity]#
36
+ N/A
37
+
38
+ #[CVSSv3.TemporalScore]#
39
+ N/A
40
+
41
+ #[CVSSv3.TemporalSeverity]#
42
+ N/A
43
+
44
+ #[CVSSv3.EnvironmentalScore]#
45
+ N/A
46
+
47
+ #[CVSSv3.EnvironmentalSeverity]#
48
+ N/A
49
+
50
+ #[CVSSv3.BaseAttackVector]#
51
+ #[CVSSv3.BaseAttackComplexity]#
52
+ #[CVSSv3.BasePrivilegesRequired]#
53
+ #[CVSSv3.BaseUserInteraction]#
54
+ #[CVSSv3.BaseScope]#
55
+ #[CVSSv3.BaseConfidentiality]#
56
+ #[CVSSv3.BaseIntegrity]#
57
+ #[CVSSv3.BaseAvailability]#
58
+
59
+ #[CVSSv3.TemporalExploitCodeMaturity]#
60
+ #[CVSSv3.TemporalRemediationLevel]#
61
+ #[CVSSv3.TemporalReportConfidence]#
62
+
63
+ #[CVSSv3.EnvironmentalConfidentialityRequirement]#
64
+ #[CVSSv3.EnvironmentalIntegrityRequirement]#
65
+ #[CVSSv3.EnvironmentalAvailabilityRequirement]#
66
+
67
+ #[CVSSv3.ModifiedAttackVector]#
68
+ #[CVSSv3.ModifiedAttackComplexity]#
69
+ #[CVSSv3.ModifiedPrivilegesRequired]#
70
+ #[CVSSv3.ModifiedUserInteraction]#
71
+ #[CVSSv3.ModifiedScope]#
72
+ #[CVSSv3.ModifiedConfidentiality]#
73
+ #[CVSSv3.ModifiedIntegrity]#
74
+ #[CVSSv3.ModifiedAvailability]#
75
+
76
+
77
+ </textarea>
78
+ </div>
79
+ </div>
@@ -0,0 +1,20 @@
1
+ <div class="tab-pane" id="cvss-tab">
2
+ <div class="inner">
3
+ <h4 class="header-underline">CVSSv3 Risk Scoring -
4
+ <span class="actions">
5
+ <%= link_to cvss_calculator.cvss_project_issue_path(current_project, @issue) do %>
6
+ <i class="fa fa-pencil"></i> Edit
7
+ <% end %>
8
+ </h4>
9
+
10
+ <div class="mb-4 content-textile">
11
+ <%=
12
+ markup(
13
+ @issue.fields
14
+ .select { |k,v| Dradis::Plugins::Calculators::CVSS::V3::FIELDS.include?(k) }
15
+ .map { |k,v| "#[#{k}]#\n#{v}" }.join("\n\n")
16
+ )
17
+ %>
18
+ </div>
19
+ </div>
20
+ </div>
@@ -0,0 +1,3 @@
1
+ <li class="nav-item">
2
+ <a href="#cvss-tab" data-toggle="tab" class="nav-link"><i class="fa fa-calculator"></i> CVSSv3</a>
3
+ </li>
@@ -0,0 +1,103 @@
1
+ <% content_for :title, 'Edit CVSSv3 score' %>
2
+
3
+ <% content_for :sidebar do %>
4
+ <%= render 'issues/sidebar'%>
5
+ <% end %>
6
+
7
+ <div class="content-container">
8
+ <h4 class="header-underline">Edit CVSSv3 Risk Scoring</h4>
9
+ <div id="issues_editor">
10
+ <div class="inner note-text-inner">
11
+
12
+ <%= simple_form_for [:cvss, current_project, @issue] do |f| %>
13
+
14
+ <div class="alert alert-error text-error" data-behavior="cvss-error">
15
+ <p><strong>Warning</strong>: all Base metrics are required</p>
16
+ </div>
17
+
18
+ <ul class="nav nav-pills w-100" id="cvss-tabs">
19
+ <li class="nav-item">
20
+ <a href="#cvss-edit-base" data-toggle="pill" class="nav-link active">Base: <span id="base-score">0</span></a>
21
+ </li>
22
+ <li class="nav-item">
23
+ <a href="#cvss-edit-temporal" data-toggle="pill" class="nav-link">Temporal: <span id="temporal-score">0</span></a>
24
+ </li>
25
+ <li class="nav-item">
26
+ <a href="#cvss-edit-environmental" data-toggle="pill" class="nav-link">Environmental: <span id="environmental-score">0</span></a>
27
+ </li>
28
+ <li class="nav-item pull-right">
29
+ <a href="#cvss-edit-result" data-toggle="pill" class="nav-link">Result</a>
30
+ </li>
31
+ </ul>
32
+
33
+ <div class="tab-content mt-4">
34
+ <div class="tab-pane active" id="cvss-edit-base">
35
+ <%= render 'dradis/plugins/calculators/cvss/base/base' %>
36
+ </div>
37
+ <div class="tab-pane" id="cvss-edit-temporal">
38
+ <%= render 'dradis/plugins/calculators/cvss/base/temporal' %>
39
+ </div>
40
+ <div class="tab-pane" id="cvss-edit-environmental">
41
+ <%= render 'dradis/plugins/calculators/cvss/base/environmental' %>
42
+ </div>
43
+
44
+ <div class="tab-pane" id="cvss-edit-result">
45
+ <textarea class="form-control" name="cvss_fields" rows="10" style="width:95%">#[CVSSv3.Vector]#
46
+ N/A
47
+
48
+ #[CVSSv3.BaseScore]#
49
+ N/A
50
+
51
+ #[CVSSv3.BaseSeverity]#
52
+ N/A
53
+
54
+ #[CVSSv3.TemporalScore]#
55
+ N/A
56
+
57
+ #[CVSSv3.TemporalSeverity]#
58
+ N/A
59
+
60
+ #[CVSSv3.EnvironmentalScore]#
61
+ N/A
62
+
63
+ #[CVSSv3.EnvironmentalSeverity]#
64
+ N/A
65
+
66
+ #[CVSSv3.BaseAttackVector]#
67
+ #[CVSSv3.BaseAttackComplexity]#
68
+ #[CVSSv3.BasePrivilegesRequired]#
69
+ #[CVSSv3.BaseUserInteraction]#
70
+ #[CVSSv3.BaseScope]#
71
+ #[CVSSv3.BaseConfidentiality]#
72
+ #[CVSSv3.BaseIntegrity]#
73
+ #[CVSSv3.BaseAvailability]#
74
+
75
+ #[CVSSv3.TemporalExploitCodeMaturity]#
76
+ #[CVSSv3.TemporalRemediationLevel]#
77
+ #[CVSSv3.TemporalReportConfidence]#
78
+
79
+ #[CVSSv3.EnvironmentalConfidentialityRequirement]#
80
+ #[CVSSv3.EnvironmentalIntegrityRequirement]#
81
+ #[CVSSv3.EnvironmentalAvailabilityRequirement]#
82
+
83
+ #[CVSSv3.ModifiedAttackVector]#
84
+ #[CVSSv3.ModifiedAttackComplexity]#
85
+ #[CVSSv3.ModifiedPrivilegesRequired]#
86
+ #[CVSSv3.ModifiedUserInteraction]#
87
+ #[CVSSv3.ModifiedScope]#
88
+ #[CVSSv3.ModifiedConfidentiality]#
89
+ #[CVSSv3.ModifiedIntegrity]#
90
+ #[CVSSv3.ModifiedAvailability]#
91
+
92
+ </textarea>
93
+ </div>
94
+ </div>
95
+
96
+ <div class="form-actions">
97
+ <%= f.button :submit, nil, class: 'btn btn-primary' %> or
98
+ <%= link_to 'Cancel', main_app.project_issue_path(current_project, @issue), class: 'cancel-link' %>
99
+ </div>
100
+ <% end %>
101
+ </div>
102
+ </div>
103
+ </div>
@@ -0,0 +1,27 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>CVSS Score Calculator | Dradis Framework</title>
5
+ <%= stylesheet_link_tag 'dradis/plugins/calculators/cvss/manifests/application', media: 'all', 'data-turbolinks-track': 'reload' %>
6
+ <%= javascript_include_tag 'dradis/plugins/calculators/cvss/manifests/application', 'data-turbolinks-track': 'reload' %>
7
+ <%= csrf_meta_tags %>
8
+
9
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
10
+ </head>
11
+ <body class="authenticated">
12
+ <div class="container">
13
+ <nav class="navbar navbar-light bg-light">
14
+ <a href="javascript:void(0)" class="navbar-brand">CVSS score calculator</a>
15
+ <ul class="navbar-nav pull-right">
16
+ <li class="nav-item">
17
+ <%= link_to main_app.root_path, class: 'nav-link' do %>
18
+ Back to the app &rarr;
19
+ <% end %>
20
+ </li>
21
+ </ul>
22
+ </nav>
23
+
24
+ <%= yield%>
25
+ </div>
26
+ </body>
27
+ </html>
@@ -0,0 +1,12 @@
1
+ Dradis::Plugins::Calculators::CVSS::Engine.routes.draw do
2
+ get '/calculators/cvss' => 'base#index'
3
+
4
+ resources :projects, only: [] do
5
+ resources :issues, only: [] do
6
+ member do
7
+ get 'cvss' => 'issues#edit'
8
+ patch 'cvss' => 'issues#update'
9
+ end
10
+ end
11
+ end
12
+ end
@@ -0,0 +1,27 @@
1
+ $:.push File.expand_path('../lib', __FILE__)
2
+
3
+ require 'dradis/plugins/calculators/cvss/version'
4
+
5
+ # Describe your gem and declare its dependencies:
6
+ Gem::Specification.new do |spec|
7
+ spec.platform = Gem::Platform::RUBY
8
+ spec.name = 'dradis-calculator_cvss'
9
+ spec.version = Dradis::Plugins::Calculators::CVSS::VERSION::STRING
10
+ spec.summary = 'This plugin adds a CVSSv3 score calculator to Dradis.'
11
+ spec.description = 'Display a CVSS score calculator in Dradis Framework.'
12
+
13
+ spec.license = 'GPL-2'
14
+
15
+ spec.authors = ['Daniel Martin']
16
+ spec.email = ['etd@nomejortu.com']
17
+ spec.homepage = 'http://dradisframework.org'
18
+
19
+ spec.files = `git ls-files`.split($\)
20
+ spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
21
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
22
+
23
+ spec.add_dependency 'dradis-plugins', '~> 3.0'
24
+
25
+ spec.add_development_dependency 'bundler', '~> 1.6'
26
+ spec.add_development_dependency 'rake', '~> 10.0'
27
+ end
@@ -0,0 +1,13 @@
1
+ require 'dradis-plugins'
2
+
3
+ module Dradis
4
+ module Plugins
5
+ module Calculators
6
+ module CVSS
7
+ end
8
+ end
9
+ end
10
+ end
11
+
12
+ require 'dradis/plugins/calculators/cvss/engine'
13
+ require 'dradis/plugins/calculators/cvss/version'
@@ -0,0 +1,26 @@
1
+ module Dradis::Plugins::Calculators::CVSS
2
+ class Engine < ::Rails::Engine
3
+ isolate_namespace Dradis::Plugins::Calculators::CVSS
4
+
5
+ include Dradis::Plugins::Base
6
+ provides :addon
7
+ description 'Risk Calculator: CVSSv3'
8
+
9
+ initializer 'calculator_cvss.asset_precompile_paths' do |app|
10
+ app.config.assets.precompile += ["dradis/plugins/calculators/cvss/manifests/*"]
11
+ end
12
+
13
+ initializer "calculator_cvss.inflections" do |app|
14
+ ActiveSupport::Inflector.inflections do |inflect|
15
+ inflect.acronym('CVSS')
16
+ end
17
+ end
18
+
19
+ initializer 'calculator_cvss.mount_engine' do
20
+ Rails.application.routes.append do
21
+ mount Dradis::Plugins::Calculators::CVSS::Engine => '/', as: :cvss_calculator
22
+ end
23
+ end
24
+
25
+ end
26
+ end
@@ -0,0 +1,21 @@
1
+ module Dradis
2
+ module Plugins
3
+ module Calculators
4
+ module CVSS
5
+ # Returns the version of the currently loaded CVSS Calculator as a <tt>Gem::Version</tt>
6
+ def self.gem_version
7
+ Gem::Version.new VERSION::STRING
8
+ end
9
+
10
+ module VERSION
11
+ MAJOR = 3
12
+ MINOR = 18
13
+ TINY = 0
14
+ PRE = nil
15
+
16
+ STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
17
+ end
18
+ end
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,15 @@
1
+ require_relative 'gem_version'
2
+
3
+ module Dradis
4
+ module Plugins
5
+ module Calculators
6
+ module CVSS
7
+ # Returns the version of the currently loaded CVSS Calculator as a
8
+ # <tt>Gem::Version</tt>.
9
+ def self.version
10
+ gem_version
11
+ end
12
+ end
13
+ end
14
+ end
15
+ end
metadata ADDED
@@ -0,0 +1,118 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: dradis-calculator_cvss
3
+ version: !ruby/object:Gem::Version
4
+ version: 3.18.0
5
+ platform: ruby
6
+ authors:
7
+ - Daniel Martin
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2020-07-22 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: dradis-plugins
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '3.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '3.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.6'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.6'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '10.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '10.0'
55
+ description: Display a CVSS score calculator in Dradis Framework.
56
+ email:
57
+ - etd@nomejortu.com
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - ".github/issue_template.md"
63
+ - ".github/pull_request_template.md"
64
+ - ".gitignore"
65
+ - CHANGELOG.md
66
+ - CONTRIBUTING.md
67
+ - Gemfile
68
+ - LICENSE
69
+ - README.md
70
+ - Rakefile
71
+ - app/assets/javascripts/dradis/plugins/calculators/cvss/calculator.js.coffee
72
+ - app/assets/javascripts/dradis/plugins/calculators/cvss/manifests/application.js
73
+ - app/assets/javascripts/dradis/plugins/calculators/cvss/manifests/tylium.js
74
+ - app/assets/javascripts/dradis/plugins/calculators/cvss/vendor/cvsscalc30.js
75
+ - app/assets/stylesheets/dradis/plugins/calculators/cvss/manifests/application.css.scss
76
+ - app/controllers/dradis/plugins/calculators/cvss/base_controller.rb
77
+ - app/controllers/dradis/plugins/calculators/cvss/issues_controller.rb
78
+ - app/models/dradis/plugins/calculators/cvss/v3.rb
79
+ - app/views/dradis/plugins/calculators/cvss/_addons_menu.html.erb
80
+ - app/views/dradis/plugins/calculators/cvss/_addons_menu_bs4.html.erb
81
+ - app/views/dradis/plugins/calculators/cvss/base/_base.html.erb
82
+ - app/views/dradis/plugins/calculators/cvss/base/_environmental.html.erb
83
+ - app/views/dradis/plugins/calculators/cvss/base/_temporal.html.erb
84
+ - app/views/dradis/plugins/calculators/cvss/base/index.html.erb
85
+ - app/views/dradis/plugins/calculators/cvss/issues/_show-content.html.erb
86
+ - app/views/dradis/plugins/calculators/cvss/issues/_show-tabs.html.erb
87
+ - app/views/dradis/plugins/calculators/cvss/issues/edit.html.erb
88
+ - app/views/layouts/dradis/plugins/calculators/cvss/base.html.erb
89
+ - config/routes.rb
90
+ - dradis-calculator_cvss.gemspec
91
+ - lib/dradis-calculator_cvss.rb
92
+ - lib/dradis/plugins/calculators/cvss/engine.rb
93
+ - lib/dradis/plugins/calculators/cvss/gem_version.rb
94
+ - lib/dradis/plugins/calculators/cvss/version.rb
95
+ homepage: http://dradisframework.org
96
+ licenses:
97
+ - GPL-2
98
+ metadata: {}
99
+ post_install_message:
100
+ rdoc_options: []
101
+ require_paths:
102
+ - lib
103
+ required_ruby_version: !ruby/object:Gem::Requirement
104
+ requirements:
105
+ - - ">="
106
+ - !ruby/object:Gem::Version
107
+ version: '0'
108
+ required_rubygems_version: !ruby/object:Gem::Requirement
109
+ requirements:
110
+ - - ">="
111
+ - !ruby/object:Gem::Version
112
+ version: '0'
113
+ requirements: []
114
+ rubygems_version: 3.1.2
115
+ signing_key:
116
+ specification_version: 4
117
+ summary: This plugin adds a CVSSv3 score calculator to Dradis.
118
+ test_files: []