dradis-calculator_cvss 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,9 @@
1
+ @import 'bootstrap';
2
+ @import 'bootstrap-responsive';
3
+
4
+
5
+ section {
6
+ border-bottom: 1px solid #ccc;
7
+ margin-bottom: 3em;
8
+ padding-bottom: 2em;
9
+ }
@@ -0,0 +1,5 @@
1
+ module Dradis::Plugins::Calculators::CVSS
2
+ # Does it matter that we're inheriting from the no-frills controller?
3
+ class BaseController < ActionController::Base
4
+ end
5
+ end
@@ -0,0 +1,265 @@
1
+ <%= content_tag :div, class: 'page-header' do %>
2
+ <h1>CVSSv3 score calculator</h1>
3
+ <% end %>
4
+
5
+ <p class="lead">Use this page to calculate the <abbr title="Common Vulnerability Scoring System">CVSS</abbr> score of a given finding.</p>
6
+
7
+ <div class="row">
8
+ <div class="span8">
9
+ <section>
10
+ <h2>Base: <span id="base-score">0</span></h2>
11
+ <p id="missing-base-metric-error" class="text-error hide"><strong>Warning</strong>: all Base metrics are required</p>
12
+
13
+ <div class="row-fluid">
14
+ <div class="span6">
15
+ <h3>Attack Vector (AV)</h3>
16
+ <input type="hidden" id="av" />
17
+
18
+ <div class="btn-group" data-toggle="buttons-radio">
19
+ <button type="button" class="btn btn-small" name="av" value="N">Network (N)</button>
20
+ <button type="button" class="btn btn-small" name="av" value="A">Adjacent (A)</button>
21
+ <button type="button" class="btn btn-small" name="av" value="L">Local (L)</button>
22
+ <button type="button" class="btn btn-small" name="av" value="P">Physical (P)</button>
23
+ </div>
24
+
25
+
26
+ <h3>Attack Complexity (AC)</h3>
27
+ <input type="hidden" id="ac" />
28
+ <div class="btn-group" data-toggle="buttons-radio">
29
+ <button type="button" class="btn btn-small" name="ac" value="L">Low (L)</button>
30
+ <button type="button" class="btn btn-small" name="ac" value="H">High (H)</button>
31
+ </div>
32
+
33
+ <h3>Privileges Required (PR)</h3>
34
+ <input type="hidden" id="pr" />
35
+ <div class="btn-group" data-toggle="buttons-radio">
36
+ <button type="button" class="btn btn-small" name="pr" value="N">None (N)</button>
37
+ <button type="button" class="btn btn-small" name="pr" value="L">Low (L)</button>
38
+ <button type="button" class="btn btn-small" name="pr" value="H">High (H)</button>
39
+ </div>
40
+
41
+ <h3>User Interaction (UI)</h3>
42
+ <input type="hidden" id="ui" />
43
+ <div class="btn-group" data-toggle="buttons-radio">
44
+ <button type="button" class="btn btn-small" name="ui" value="N">None (N)</button>
45
+ <button type="button" class="btn btn-small" name="ui" value="R">Required (R)</button>
46
+ </div>
47
+ </div>
48
+
49
+ <div class="span6">
50
+ <h3>Scope (S)</h3>
51
+ <input type="hidden" id="s" />
52
+ <div class="btn-group" data-toggle="buttons-radio">
53
+ <button type="button" class="btn btn-small" name="s" value="U">Unchanged (U)</button>
54
+ <button type="button" class="btn btn-small" name="s" value="C">Changed (C)</button>
55
+ </div>
56
+
57
+ <h3>Confidentiality (C)</h3>
58
+ <input type="hidden" id="c" />
59
+ <div class="btn-group" data-toggle="buttons-radio">
60
+ <button type="button" class="btn btn-small" name="c" value="N">None (N)</button>
61
+ <button type="button" class="btn btn-small" name="c" value="L">Low (L)</button>
62
+ <button type="button" class="btn btn-small" name="c" value="H">High (H)</button>
63
+ </div>
64
+
65
+ <h3>Integrity (I)</h3>
66
+ <input type="hidden" id="i" />
67
+ <div class="btn-group" data-toggle="buttons-radio">
68
+ <button type="button" class="btn btn-small" name="i" value="N">None (N)</button>
69
+ <button type="button" class="btn btn-small" name="i" value="L">Low (L)</button>
70
+ <button type="button" class="btn btn-small" name="i" value="H">High (H)</button>
71
+ </div>
72
+
73
+ <h3>Availability (A)</h3>
74
+ <input type="hidden" id="a" />
75
+ <div class="btn-group" data-toggle="buttons-radio">
76
+ <button type="button" class="btn btn-small" name="a" value="N">None (N)</button>
77
+ <button type="button" class="btn btn-small" name="a" value="L">Low (L)</button>
78
+ <button type="button" class="btn btn-small" name="a" value="H">High (H)</button>
79
+ </div>
80
+
81
+ </div>
82
+ </div>
83
+
84
+ </section>
85
+
86
+ <section>
87
+ <h2>Temporal: <span id="temporal-score">0</span></h2>
88
+
89
+ <h3>Exploit Code Maturity (E)</h3>
90
+ <input type="hidden" id="e" />
91
+ <div class="btn-group" data-toggle="buttons-radio">
92
+ <button type="button" class="btn btn-small active" name="e" value="X">Not Defined (X)</button>
93
+ <button type="button" class="btn btn-small" name="e" value="U">Unproven (U)</button>
94
+ <button type="button" class="btn btn-small" name="e" value="P">Proof-of-Concept (P)</button>
95
+ <button type="button" class="btn btn-small" name="e" value="F">Functional (F)</button>
96
+ </div>
97
+
98
+ <h3>Remediation Level (RL)</h3>
99
+ <input type="hidden" id="rl" />
100
+ <div class="btn-group" data-toggle="buttons-radio">
101
+ <button type="button" class="btn btn-small active" name="rl" value="X">Not Defined (X)</button>
102
+ <button type="button" class="btn btn-small" name="rl" value="O">Official Fix (O)</button>
103
+ <button type="button" class="btn btn-small" name="rl" value="T">Temporary Fix (T)</button>
104
+ <button type="button" class="btn btn-small" name="rl" value="W">Workaround (W)</button>
105
+ <button type="button" class="btn btn-small" name="rl" value="U">Unavailable (U)</button>
106
+ </div>
107
+
108
+ <h3>Report Confidence (RC)</h3>
109
+ <input type="hidden" id="rc" />
110
+ <div class="btn-group" data-toggle="buttons-radio">
111
+ <button type="button" class="btn btn-small active" name="rc" value="X">Not Defined (X)</button>
112
+ <button type="button" class="btn btn-small" name="rc" value="U">Unknown (U)</button>
113
+ <button type="button" class="btn btn-small" name="rc" value="R">Reasonable (R)</button>
114
+ <button type="button" class="btn btn-small" name="rc" value="C">Confirmed (C)</button>
115
+ </div>
116
+ </section>
117
+
118
+ <section>
119
+ <h2>Environmental: <span id="environmental-score">0</span></h2>
120
+
121
+ <div class="row-fluid">
122
+ <div class="span6">
123
+ <h3>Confidentiality Req. (CR)</h3>
124
+ <input type="hidden" id="cr" />
125
+ <div class="btn-group" data-toggle="buttons-radio">
126
+ <button type="button" class="btn btn-small active" name="cr" value="X">Not Defined (X)</button>
127
+ <button type="button" class="btn btn-small" name="cr" value="L">Low (L)</button>
128
+ <button type="button" class="btn btn-small" name="cr" value="M">Medium (M)</button>
129
+ <button type="button" class="btn btn-small" name="cr" value="H">High (H)</button>
130
+ </div>
131
+
132
+ <h3>Integrity Req. (IR)</h3>
133
+ <input type="hidden" id="ir" />
134
+ <div class="btn-group" data-toggle="buttons-radio">
135
+ <button type="button" class="btn btn-small active" name="ir" value="X">Not Defined (X)</button>
136
+ <button type="button" class="btn btn-small" name="ir" value="L">Low (L)</button>
137
+ <button type="button" class="btn btn-small" name="ir" value="M">Medium (M)</button>
138
+ <button type="button" class="btn btn-small" name="ir" value="H">High (H)</button>
139
+ </div>
140
+
141
+ <h3>Availability Req. (AR)</h3>
142
+ <input type="hidden" id="ar" />
143
+ <div class="btn-group" data-toggle="buttons-radio">
144
+ <button type="button" class="btn btn-small active" name="ar" value="X">Not Defined (X)</button>
145
+ <button type="button" class="btn btn-small" name="ar" value="L">Low (L)</button>
146
+ <button type="button" class="btn btn-small" name="ar" value="M">Medium (M)</button>
147
+ <button type="button" class="btn btn-small" name="ar" value="H">High (H)</button>
148
+ </div>
149
+
150
+ </div>
151
+ <div class="span6">
152
+ <h3>Mod. Attack Vector (MAV)</h3>
153
+ <input type="hidden" id="mav" />
154
+ <div class="btn-group" data-toggle="buttons-radio">
155
+ <button type="button" class="btn btn-small active" name="mav" value="X">Not Defined (X)</button>
156
+ <button type="button" class="btn btn-small" name="mav" value="N">Network (N)</button>
157
+ <button type="button" class="btn btn-small" name="mav" value="A">Adjacent (A)</button>
158
+ <button type="button" class="btn btn-small" name="mav" value="L">Local (L)</button>
159
+ <button type="button" class="btn btn-small" name="mav" value="P">Physical (P)</button>
160
+ </div>
161
+
162
+ <h3>Mod. Attack Complexity (MAC)</h3>
163
+ <input type="hidden" id="mac" />
164
+ <div class="btn-group" data-toggle="buttons-radio">
165
+ <button type="button" class="btn btn-small active" name="mac" value="X">Not Defined (X)</button>
166
+ <button type="button" class="btn btn-small" name="mac" value="L">Low (L)</button>
167
+ <button type="button" class="btn btn-small" name="mac" value="H">High (H)</button>
168
+ </div>
169
+
170
+ <h3>Mod. Privileges Required (MPR)</h3>
171
+ <input type="hidden" id="mpr" />
172
+ <div class="btn-group" data-toggle="buttons-radio">
173
+ <button type="button" class="btn btn-small active" name="mpr" value="X">Not Defined (X)</button>
174
+ <button type="button" class="btn btn-small" name="mpr" value="N">None (N)</button>
175
+ <button type="button" class="btn btn-small" name="mpr" value="L">Low (L)</button>
176
+ <button type="button" class="btn btn-small" name="mpr" value="H">High (H)</button>
177
+ </div>
178
+
179
+ <h3>Mod. User Interaction (MUI)</h3>
180
+ <input type="hidden" id="mui" />
181
+ <div class="btn-group" data-toggle="buttons-radio">
182
+ <button type="button" class="btn btn-small active" name="mui" value="X">Not Defined (X)</button>
183
+ <button type="button" class="btn btn-small" name="mui" value="N">None (N)</button>
184
+ <button type="button" class="btn btn-small" name="mui" value="R">Required (R)</button>
185
+ </div>
186
+
187
+ <h3>Mod. Scope (MS)</h3>
188
+ <input type="hidden" id="ms" />
189
+ <div class="btn-group" data-toggle="buttons-radio">
190
+ <button type="button" class="btn btn-small active" name="ms" value="X">Not Defined (X)</button>
191
+ <button type="button" class="btn btn-small" name="ms" value="U">Unchanged (U)</button>
192
+ <button type="button" class="btn btn-small" name="ms" value="C">Changed (C)</button>
193
+ </div>
194
+
195
+ <h3>Mod. Confidentiality (MC)</h3>
196
+ <input type="hidden" id="mc" />
197
+ <div class="btn-group" data-toggle="buttons-radio">
198
+ <button type="button" class="btn btn-small active" name="mc" value="X">Not Defined (X)</button>
199
+ <button type="button" class="btn btn-small" name="mc" value="N">None (N)</button>
200
+ <button type="button" class="btn btn-small" name="mc" value="L">Low (L)</button>
201
+ <button type="button" class="btn btn-small" name="mc" value="H">High (H)</button>
202
+ </div>
203
+
204
+ <h3>Mod. Integrity (MI)</h3>
205
+ <input type="hidden" id="mi" />
206
+ <div class="btn-group" data-toggle="buttons-radio">
207
+ <button type="button" class="btn btn-small active" name="mi" value="X">Not Defined (X)</button>
208
+ <button type="button" class="btn btn-small" name="mi" value="N">None (N)</button>
209
+ <button type="button" class="btn btn-small" name="mi" value="L">Low (L)</button>
210
+ <button type="button" class="btn btn-small" name="mi" value="H">High (H)</button>
211
+ </div>
212
+
213
+ <h3>Mod. Availability (MA)</h3>
214
+ <input type="hidden" id="ma" />
215
+ <div class="btn-group" data-toggle="buttons-radio">
216
+ <button type="button" class="btn btn-small active" name="ma" value="X">Not Defined (X)</button>
217
+ <button type="button" class="btn btn-small" name="ma" value="N">None (N)</button>
218
+ <button type="button" class="btn btn-small" name="ma" value="L">Low (L)</button>
219
+ <button type="button" class="btn btn-small" name="ma" value="H">High (H)</button>
220
+ </div>
221
+
222
+ </div>
223
+ </div>
224
+
225
+ </section>
226
+ </div>
227
+
228
+ <div class="span4">
229
+ <pre id="blob">#[CVSSv3]#
230
+ N/A
231
+
232
+
233
+ #[Damage]#
234
+ N/A
235
+
236
+
237
+ #[AffectedSystems]#
238
+ N/A
239
+
240
+
241
+ #[Impact]#
242
+ N/A
243
+
244
+
245
+ #[Reproducibility]#
246
+ N/A
247
+
248
+
249
+ #[Discoverability]#
250
+ N/A
251
+
252
+
253
+ #[ThreatAgent]#
254
+ N/A
255
+
256
+
257
+ #[Exploitability]#
258
+ N/A
259
+
260
+
261
+ #[Likelihood]#
262
+ N/A
263
+ </pre>
264
+ </div>
265
+ </div>
@@ -0,0 +1,30 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>CVSS Score Calculator | Dradis Framework</title>
5
+ <%= stylesheet_link_tag 'dradis/plugins/calculators/cvss/manifests/application', media: 'all', 'data-turbolinks-track' => true %>
6
+ <%= csrf_meta_tags %>
7
+
8
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
9
+ </head>
10
+ <body class="authenticated">
11
+ <div class="container">
12
+ <div class="navbar">
13
+ <div class="navbar-inner">
14
+ <a href="javascript:void(0)" class="brand">CVSS score calculator</a>
15
+ <ul class="nav pull-right">
16
+ <li>
17
+ <%= link_to main_app.root_path do %>
18
+ Back to the app &rarr;
19
+ <% end %>
20
+ </li>
21
+ </ul>
22
+ </div>
23
+ </div>
24
+
25
+ <%= yield%>
26
+ </div>
27
+
28
+ <%= javascript_include_tag 'dradis/plugins/calculators/cvss/manifests/application', 'data-turbolinks-track' => true %>
29
+ </body>
30
+ </html>
data/config/routes.rb ADDED
@@ -0,0 +1,3 @@
1
+ Dradis::Plugins::Calculators::CVSS::Engine.routes.draw do
2
+ get '/cvss' => "base#index"
3
+ end
@@ -0,0 +1,27 @@
1
+ $:.push File.expand_path('../lib', __FILE__)
2
+
3
+ require 'dradis/plugins/calculators/cvss/version'
4
+
5
+ # Describe your gem and declare its dependencies:
6
+ Gem::Specification.new do |spec|
7
+ spec.platform = Gem::Platform::RUBY
8
+ spec.name = 'dradis-calculator_cvss'
9
+ spec.version = Dradis::Plugins::Calculators::CVSS::VERSION::STRING
10
+ spec.summary = 'This plugin adds a CVSSv3 score calculator to Dradis.'
11
+ spec.description = 'Display a CVSS score calculator in Dradis Framework.'
12
+
13
+ spec.license = 'GPL-2'
14
+
15
+ spec.authors = ['Daniel Martin']
16
+ spec.email = ['etd@nomejortu.com']
17
+ spec.homepage = 'http://dradisframework.org'
18
+
19
+ spec.files = `git ls-files`.split($\)
20
+ spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
21
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
22
+
23
+ spec.add_dependency 'dradis-plugins', '~> 3.0'
24
+
25
+ spec.add_development_dependency 'bundler', '~> 1.6'
26
+ spec.add_development_dependency 'rake', '~> 10.0'
27
+ end
@@ -0,0 +1,13 @@
1
+ require 'dradis-plugins'
2
+
3
+ module Dradis
4
+ module Plugins
5
+ module Calculators
6
+ module CVSS
7
+ end
8
+ end
9
+ end
10
+ end
11
+
12
+ require 'dradis/plugins/calculators/cvss/engine'
13
+ require 'dradis/plugins/calculators/cvss/version'
@@ -0,0 +1,26 @@
1
+ module Dradis::Plugins::Calculators::CVSS
2
+ class Engine < ::Rails::Engine
3
+ isolate_namespace Dradis::Plugins::Calculators::CVSS
4
+
5
+ include Dradis::Plugins::Base
6
+ provides :addon
7
+ description 'Provides a CVSS score calculator under /calculators/cvss'
8
+
9
+ initializer 'calculator_cvss.asset_precompile_paths' do |app|
10
+ app.config.assets.precompile += ["dradis/plugins/calculators/cvss/manifests/*"]
11
+ end
12
+
13
+ initializer "calculator_cvss.inflections" do |app|
14
+ ActiveSupport::Inflector.inflections do |inflect|
15
+ inflect.acronym('CVSS')
16
+ end
17
+ end
18
+
19
+ initializer 'calculator_cvss.mount_engine' do
20
+ Rails.application.routes.append do
21
+ mount Dradis::Plugins::Calculators::CVSS::Engine => '/calculators/', as: :cvss_calculator
22
+ end
23
+ end
24
+
25
+ end
26
+ end
@@ -0,0 +1,21 @@
1
+ module Dradis
2
+ module Plugins
3
+ module Calculators
4
+ module CVSS
5
+ # Returns the version of the currently loaded CVSS Calculator as a <tt>Gem::Version</tt>
6
+ def self.gem_version
7
+ Gem::Version.new VERSION::STRING
8
+ end
9
+
10
+ module VERSION
11
+ MAJOR = 3
12
+ MINOR = 0
13
+ TINY = 1
14
+ PRE = nil
15
+
16
+ STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
17
+ end
18
+ end
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,15 @@
1
+ require_relative 'gem_version'
2
+
3
+ module Dradis
4
+ module Plugins
5
+ module Calculators
6
+ module CVSS
7
+ # Returns the version of the currently loaded CVSS Calculator as a
8
+ # <tt>Gem::Version</tt>.
9
+ def self.version
10
+ gem_version
11
+ end
12
+ end
13
+ end
14
+ end
15
+ end
metadata ADDED
@@ -0,0 +1,105 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: dradis-calculator_cvss
3
+ version: !ruby/object:Gem::Version
4
+ version: 3.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Daniel Martin
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-08-12 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: dradis-plugins
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '3.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '3.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.6'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.6'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '10.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '10.0'
55
+ description: Display a CVSS score calculator in Dradis Framework.
56
+ email:
57
+ - etd@nomejortu.com
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - ".gitignore"
63
+ - CONTRIBUTING.md
64
+ - Gemfile
65
+ - LICENSE
66
+ - README.md
67
+ - Rakefile
68
+ - app/assets/javascripts/dradis/plugins/calculators/cvss/calculator.js.coffee
69
+ - app/assets/javascripts/dradis/plugins/calculators/cvss/manifests/application.js.coffee
70
+ - app/assets/javascripts/dradis/plugins/calculators/cvss/vendor/cvsscalc30.js
71
+ - app/assets/stylesheets/dradis/plugins/calculators/cvss/manifests/application.css.scss
72
+ - app/controllers/dradis/plugins/calculators/cvss/base_controller.rb
73
+ - app/views/dradis/plugins/calculators/cvss/base/index.html.erb
74
+ - app/views/layouts/dradis/plugins/calculators/cvss/base.html.erb
75
+ - config/routes.rb
76
+ - dradis-calculator_cvss.gemspec
77
+ - lib/dradis-calculator_cvss.rb
78
+ - lib/dradis/plugins/calculators/cvss/engine.rb
79
+ - lib/dradis/plugins/calculators/cvss/gem_version.rb
80
+ - lib/dradis/plugins/calculators/cvss/version.rb
81
+ homepage: http://dradisframework.org
82
+ licenses:
83
+ - GPL-2
84
+ metadata: {}
85
+ post_install_message:
86
+ rdoc_options: []
87
+ require_paths:
88
+ - lib
89
+ required_ruby_version: !ruby/object:Gem::Requirement
90
+ requirements:
91
+ - - ">="
92
+ - !ruby/object:Gem::Version
93
+ version: '0'
94
+ required_rubygems_version: !ruby/object:Gem::Requirement
95
+ requirements:
96
+ - - ">="
97
+ - !ruby/object:Gem::Version
98
+ version: '0'
99
+ requirements: []
100
+ rubyforge_project:
101
+ rubygems_version: 2.2.3
102
+ signing_key:
103
+ specification_version: 4
104
+ summary: This plugin adds a CVSSv3 score calculator to Dradis.
105
+ test_files: []