dradis-calculator_cvss 3.0.1

data/app/assets/stylesheets/dradis/plugins/calculators/cvss/manifests/application.css.scss

@@ -0,0 +1,9 @@
+@import 'bootstrap';
+@import 'bootstrap-responsive';
+
+
+section {
+  border-bottom: 1px solid #ccc;
+  margin-bottom: 3em;
+  padding-bottom: 2em;
+}

data/app/controllers/dradis/plugins/calculators/cvss/base_controller.rb

@@ -0,0 +1,5 @@
+module Dradis::Plugins::Calculators::CVSS
+  # Does it matter that we're inheriting from the no-frills controller?
+  class BaseController < ActionController::Base
+  end
+end

data/app/views/dradis/plugins/calculators/cvss/base/index.html.erb

@@ -0,0 +1,265 @@
+<%= content_tag :div, class: 'page-header' do %>
+  <h1>CVSSv3 score calculator</h1>
+<% end %>
+
+<p class="lead">Use this page to calculate the <abbr title="Common Vulnerability Scoring System">CVSS</abbr> score of a given finding.</p>
+
+<div class="row">
+  <div class="span8">
+    <section>
+      <h2>Base: <span id="base-score">0</span></h2>
+      <p id="missing-base-metric-error" class="text-error hide"><strong>Warning</strong>: all Base metrics are required</p>
+
+      <div class="row-fluid">
+        <div class="span6">
+          <h3>Attack Vector (AV)</h3>
+          <input type="hidden" id="av" />
+
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small" name="av" value="N">Network (N)</button>
+            <button type="button" class="btn btn-small" name="av" value="A">Adjacent (A)</button>
+            <button type="button" class="btn btn-small" name="av" value="L">Local (L)</button>
+            <button type="button" class="btn btn-small" name="av" value="P">Physical (P)</button>
+          </div>
+
+
+          <h3>Attack Complexity (AC)</h3>
+          <input type="hidden" id="ac" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small" name="ac" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="ac" value="H">High (H)</button>
+          </div>
+
+          <h3>Privileges Required (PR)</h3>
+          <input type="hidden" id="pr" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small" name="pr" value="N">None (N)</button>
+            <button type="button" class="btn btn-small" name="pr" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="pr" value="H">High (H)</button>
+          </div>
+
+          <h3>User Interaction (UI)</h3>
+          <input type="hidden" id="ui" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small" name="ui" value="N">None (N)</button>
+            <button type="button" class="btn btn-small" name="ui" value="R">Required (R)</button>
+          </div>
+        </div>
+
+        <div class="span6">
+          <h3>Scope (S)</h3>
+          <input type="hidden" id="s" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small" name="s" value="U">Unchanged (U)</button>
+            <button type="button" class="btn btn-small" name="s" value="C">Changed (C)</button>
+          </div>
+
+          <h3>Confidentiality (C)</h3>
+          <input type="hidden" id="c" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small" name="c" value="N">None (N)</button>
+            <button type="button" class="btn btn-small" name="c" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="c" value="H">High (H)</button>
+          </div>
+
+          <h3>Integrity (I)</h3>
+          <input type="hidden" id="i" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small" name="i" value="N">None (N)</button>
+            <button type="button" class="btn btn-small" name="i" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="i" value="H">High (H)</button>
+          </div>
+
+          <h3>Availability (A)</h3>
+          <input type="hidden" id="a" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small" name="a" value="N">None (N)</button>
+            <button type="button" class="btn btn-small" name="a" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="a" value="H">High (H)</button>
+          </div>
+
+        </div>
+      </div>
+
+    </section>
+
+    <section>
+      <h2>Temporal: <span id="temporal-score">0</span></h2>
+
+      <h3>Exploit Code Maturity (E)</h3>
+      <input type="hidden" id="e" />
+      <div class="btn-group" data-toggle="buttons-radio">
+        <button type="button" class="btn btn-small active" name="e" value="X">Not Defined (X)</button>
+        <button type="button" class="btn btn-small" name="e" value="U">Unproven (U)</button>
+        <button type="button" class="btn btn-small" name="e" value="P">Proof-of-Concept (P)</button>
+        <button type="button" class="btn btn-small" name="e" value="F">Functional (F)</button>
+      </div>
+
+      <h3>Remediation Level (RL)</h3>
+      <input type="hidden" id="rl" />
+      <div class="btn-group" data-toggle="buttons-radio">
+        <button type="button" class="btn btn-small active" name="rl" value="X">Not Defined (X)</button>
+        <button type="button" class="btn btn-small" name="rl" value="O">Official Fix (O)</button>
+        <button type="button" class="btn btn-small" name="rl" value="T">Temporary Fix (T)</button>
+        <button type="button" class="btn btn-small" name="rl" value="W">Workaround (W)</button>
+        <button type="button" class="btn btn-small" name="rl" value="U">Unavailable (U)</button>
+      </div>
+
+      <h3>Report Confidence (RC)</h3>
+      <input type="hidden" id="rc" />
+      <div class="btn-group" data-toggle="buttons-radio">
+        <button type="button" class="btn btn-small active" name="rc" value="X">Not Defined (X)</button>
+        <button type="button" class="btn btn-small" name="rc" value="U">Unknown (U)</button>
+        <button type="button" class="btn btn-small" name="rc" value="R">Reasonable (R)</button>
+        <button type="button" class="btn btn-small" name="rc" value="C">Confirmed (C)</button>
+      </div>
+    </section>
+
+    <section>
+      <h2>Environmental: <span id="environmental-score">0</span></h2>
+
+      <div class="row-fluid">
+        <div class="span6">
+          <h3>Confidentiality Req. (CR)</h3>
+          <input type="hidden" id="cr" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small active" name="cr" value="X">Not Defined (X)</button>
+            <button type="button" class="btn btn-small" name="cr" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="cr" value="M">Medium (M)</button>
+            <button type="button" class="btn btn-small" name="cr" value="H">High (H)</button>
+          </div>
+
+          <h3>Integrity Req. (IR)</h3>
+          <input type="hidden" id="ir" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small active" name="ir" value="X">Not Defined (X)</button>
+            <button type="button" class="btn btn-small" name="ir" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="ir" value="M">Medium (M)</button>
+            <button type="button" class="btn btn-small" name="ir" value="H">High (H)</button>
+          </div>
+
+          <h3>Availability Req. (AR)</h3>
+          <input type="hidden" id="ar" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small active" name="ar" value="X">Not Defined (X)</button>
+            <button type="button" class="btn btn-small" name="ar" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="ar" value="M">Medium (M)</button>
+            <button type="button" class="btn btn-small" name="ar" value="H">High (H)</button>
+          </div>
+
+        </div>
+        <div class="span6">
+          <h3>Mod. Attack Vector (MAV)</h3>
+          <input type="hidden" id="mav" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small active" name="mav" value="X">Not Defined (X)</button>
+            <button type="button" class="btn btn-small" name="mav" value="N">Network (N)</button>
+            <button type="button" class="btn btn-small" name="mav" value="A">Adjacent (A)</button>
+            <button type="button" class="btn btn-small" name="mav" value="L">Local (L)</button>
+            <button type="button" class="btn btn-small" name="mav" value="P">Physical (P)</button>
+          </div>
+
+          <h3>Mod. Attack Complexity (MAC)</h3>
+          <input type="hidden" id="mac" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small active" name="mac" value="X">Not Defined (X)</button>
+            <button type="button" class="btn btn-small" name="mac" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="mac" value="H">High (H)</button>
+          </div>
+
+          <h3>Mod. Privileges Required (MPR)</h3>
+          <input type="hidden" id="mpr" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small active" name="mpr" value="X">Not Defined (X)</button>
+            <button type="button" class="btn btn-small" name="mpr" value="N">None (N)</button>
+            <button type="button" class="btn btn-small" name="mpr" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="mpr" value="H">High (H)</button>
+          </div>
+
+          <h3>Mod. User Interaction (MUI)</h3>
+          <input type="hidden" id="mui" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small active" name="mui" value="X">Not Defined (X)</button>
+            <button type="button" class="btn btn-small" name="mui" value="N">None (N)</button>
+            <button type="button" class="btn btn-small" name="mui" value="R">Required (R)</button>
+          </div>
+
+          <h3>Mod. Scope (MS)</h3>
+          <input type="hidden" id="ms" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small active" name="ms" value="X">Not Defined (X)</button>
+            <button type="button" class="btn btn-small" name="ms" value="U">Unchanged (U)</button>
+            <button type="button" class="btn btn-small" name="ms" value="C">Changed (C)</button>
+          </div>
+
+          <h3>Mod. Confidentiality (MC)</h3>
+          <input type="hidden" id="mc" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small active" name="mc" value="X">Not Defined (X)</button>
+            <button type="button" class="btn btn-small" name="mc" value="N">None (N)</button>
+            <button type="button" class="btn btn-small" name="mc" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="mc" value="H">High (H)</button>
+          </div>
+
+          <h3>Mod. Integrity (MI)</h3>
+          <input type="hidden" id="mi" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small active" name="mi" value="X">Not Defined (X)</button>
+            <button type="button" class="btn btn-small" name="mi" value="N">None (N)</button>
+            <button type="button" class="btn btn-small" name="mi" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="mi" value="H">High (H)</button>
+          </div>
+
+          <h3>Mod. Availability (MA)</h3>
+          <input type="hidden" id="ma" />
+          <div class="btn-group" data-toggle="buttons-radio">
+            <button type="button" class="btn btn-small active" name="ma" value="X">Not Defined (X)</button>
+            <button type="button" class="btn btn-small" name="ma" value="N">None (N)</button>
+            <button type="button" class="btn btn-small" name="ma" value="L">Low (L)</button>
+            <button type="button" class="btn btn-small" name="ma" value="H">High (H)</button>
+          </div>
+
+        </div>
+      </div>
+
+    </section>
+  </div>
+
+  <div class="span4">
+<pre id="blob">#[CVSSv3]#
+N/A
+
+
+#[Damage]#
+N/A
+
+
+#[AffectedSystems]#
+N/A
+
+
+#[Impact]#
+N/A
+
+
+#[Reproducibility]#
+N/A
+
+
+#[Discoverability]#
+N/A
+
+
+#[ThreatAgent]#
+N/A
+
+
+#[Exploitability]#
+N/A
+
+
+#[Likelihood]#
+N/A
+</pre>
+  </div>
+</div>

data/app/views/layouts/dradis/plugins/calculators/cvss/base.html.erb

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>CVSS Score Calculator | Dradis Framework</title>
+    <%= stylesheet_link_tag    'dradis/plugins/calculators/cvss/manifests/application', media: 'all', 'data-turbolinks-track' => true %>
+    <%= csrf_meta_tags %>
+
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  </head>
+  <body class="authenticated">
+    <div class="container">
+      <div class="navbar">
+        <div class="navbar-inner">
+          <a href="javascript:void(0)" class="brand">CVSS score calculator</a>
+          <ul class="nav pull-right">
+            <li>
+              <%= link_to main_app.root_path do %>
+              Back to the app  &rarr;
+              <% end %>
+            </li>
+          </ul>
+        </div>
+      </div>
+
+      <%= yield%>
+    </div>
+
+    <%= javascript_include_tag 'dradis/plugins/calculators/cvss/manifests/application', 'data-turbolinks-track' => true %>
+  </body>
+</html>

data/config/routes.rb

@@ -0,0 +1,3 @@
+Dradis::Plugins::Calculators::CVSS::Engine.routes.draw do
+  get '/cvss' => "base#index"
+end

data/dradis-calculator_cvss.gemspec

@@ -0,0 +1,27 @@
+$:.push File.expand_path('../lib', __FILE__)
+
+require 'dradis/plugins/calculators/cvss/version'
+
+# Describe your gem and declare its dependencies:
+Gem::Specification.new do |spec|
+  spec.platform    = Gem::Platform::RUBY
+  spec.name        = 'dradis-calculator_cvss'
+  spec.version     = Dradis::Plugins::Calculators::CVSS::VERSION::STRING
+  spec.summary     = 'This plugin adds a CVSSv3 score calculator to Dradis.'
+  spec.description = 'Display a CVSS score calculator in Dradis Framework.'
+
+  spec.license = 'GPL-2'
+
+  spec.authors = ['Daniel Martin']
+  spec.email = ['etd@nomejortu.com']
+  spec.homepage = 'http://dradisframework.org'
+
+  spec.files = `git ls-files`.split($\)
+  spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+
+  spec.add_dependency 'dradis-plugins', '~> 3.0'
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'rake', '~> 10.0'
+end

data/lib/dradis-calculator_cvss.rb

@@ -0,0 +1,13 @@
+require 'dradis-plugins'
+
+module Dradis
+  module Plugins
+    module Calculators
+      module CVSS
+      end
+    end
+  end
+end
+
+require 'dradis/plugins/calculators/cvss/engine'
+require 'dradis/plugins/calculators/cvss/version'

data/lib/dradis/plugins/calculators/cvss/engine.rb

@@ -0,0 +1,26 @@
+module Dradis::Plugins::Calculators::CVSS
+  class Engine < ::Rails::Engine
+    isolate_namespace Dradis::Plugins::Calculators::CVSS
+
+    include Dradis::Plugins::Base
+    provides :addon
+    description 'Provides a CVSS score calculator under /calculators/cvss'
+
+    initializer 'calculator_cvss.asset_precompile_paths' do |app|
+      app.config.assets.precompile += ["dradis/plugins/calculators/cvss/manifests/*"]
+    end
+
+    initializer "calculator_cvss.inflections" do |app|
+      ActiveSupport::Inflector.inflections do |inflect|
+        inflect.acronym('CVSS')
+      end
+    end
+
+    initializer 'calculator_cvss.mount_engine' do
+      Rails.application.routes.append do
+        mount Dradis::Plugins::Calculators::CVSS::Engine => '/calculators/', as: :cvss_calculator
+      end
+    end
+
+  end
+end

data/lib/dradis/plugins/calculators/cvss/gem_version.rb

@@ -0,0 +1,21 @@
+module Dradis
+  module Plugins
+    module Calculators
+      module CVSS
+        # Returns the version of the currently loaded CVSS Calculator as a <tt>Gem::Version</tt>
+        def self.gem_version
+          Gem::Version.new VERSION::STRING
+        end
+
+        module VERSION
+          MAJOR = 3
+          MINOR = 0
+          TINY = 1
+          PRE = nil
+
+          STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+        end
+      end
+    end
+  end
+end

data/lib/dradis/plugins/calculators/cvss/version.rb

@@ -0,0 +1,15 @@
+require_relative 'gem_version'
+
+module Dradis
+  module Plugins
+    module Calculators
+      module CVSS
+        # Returns the version of the currently loaded CVSS Calculator as a
+        # <tt>Gem::Version</tt>.
+        def self.version
+          gem_version
+        end
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,105 @@
+--- !ruby/object:Gem::Specification
+name: dradis-calculator_cvss
+version: !ruby/object:Gem::Version
+  version: 3.0.1
+platform: ruby
+authors:
+- Daniel Martin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-08-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dradis-plugins
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Display a CVSS score calculator in Dradis Framework.
+email:
+- etd@nomejortu.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- CONTRIBUTING.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- app/assets/javascripts/dradis/plugins/calculators/cvss/calculator.js.coffee
+- app/assets/javascripts/dradis/plugins/calculators/cvss/manifests/application.js.coffee
+- app/assets/javascripts/dradis/plugins/calculators/cvss/vendor/cvsscalc30.js
+- app/assets/stylesheets/dradis/plugins/calculators/cvss/manifests/application.css.scss
+- app/controllers/dradis/plugins/calculators/cvss/base_controller.rb
+- app/views/dradis/plugins/calculators/cvss/base/index.html.erb
+- app/views/layouts/dradis/plugins/calculators/cvss/base.html.erb
+- config/routes.rb
+- dradis-calculator_cvss.gemspec
+- lib/dradis-calculator_cvss.rb
+- lib/dradis/plugins/calculators/cvss/engine.rb
+- lib/dradis/plugins/calculators/cvss/gem_version.rb
+- lib/dradis/plugins/calculators/cvss/version.rb
+homepage: http://dradisframework.org
+licenses:
+- GPL-2
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.3
+signing_key: 
+specification_version: 4
+summary: This plugin adds a CVSSv3 score calculator to Dradis.
+test_files: []