dradis-calculator_cvss 3.0.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,9 @@
1
+ @import 'bootstrap';
2
+ @import 'bootstrap-responsive';
3
+
4
+
5
+ section {
6
+ border-bottom: 1px solid #ccc;
7
+ margin-bottom: 3em;
8
+ padding-bottom: 2em;
9
+ }
@@ -0,0 +1,5 @@
1
+ module Dradis::Plugins::Calculators::CVSS
2
+ # Does it matter that we're inheriting from the no-frills controller?
3
+ class BaseController < ActionController::Base
4
+ end
5
+ end
@@ -0,0 +1,265 @@
1
+ <%= content_tag :div, class: 'page-header' do %>
2
+ <h1>CVSSv3 score calculator</h1>
3
+ <% end %>
4
+
5
+ <p class="lead">Use this page to calculate the <abbr title="Common Vulnerability Scoring System">CVSS</abbr> score of a given finding.</p>
6
+
7
+ <div class="row">
8
+ <div class="span8">
9
+ <section>
10
+ <h2>Base: <span id="base-score">0</span></h2>
11
+ <p id="missing-base-metric-error" class="text-error hide"><strong>Warning</strong>: all Base metrics are required</p>
12
+
13
+ <div class="row-fluid">
14
+ <div class="span6">
15
+ <h3>Attack Vector (AV)</h3>
16
+ <input type="hidden" id="av" />
17
+
18
+ <div class="btn-group" data-toggle="buttons-radio">
19
+ <button type="button" class="btn btn-small" name="av" value="N">Network (N)</button>
20
+ <button type="button" class="btn btn-small" name="av" value="A">Adjacent (A)</button>
21
+ <button type="button" class="btn btn-small" name="av" value="L">Local (L)</button>
22
+ <button type="button" class="btn btn-small" name="av" value="P">Physical (P)</button>
23
+ </div>
24
+
25
+
26
+ <h3>Attack Complexity (AC)</h3>
27
+ <input type="hidden" id="ac" />
28
+ <div class="btn-group" data-toggle="buttons-radio">
29
+ <button type="button" class="btn btn-small" name="ac" value="L">Low (L)</button>
30
+ <button type="button" class="btn btn-small" name="ac" value="H">High (H)</button>
31
+ </div>
32
+
33
+ <h3>Privileges Required (PR)</h3>
34
+ <input type="hidden" id="pr" />
35
+ <div class="btn-group" data-toggle="buttons-radio">
36
+ <button type="button" class="btn btn-small" name="pr" value="N">None (N)</button>
37
+ <button type="button" class="btn btn-small" name="pr" value="L">Low (L)</button>
38
+ <button type="button" class="btn btn-small" name="pr" value="H">High (H)</button>
39
+ </div>
40
+
41
+ <h3>User Interaction (UI)</h3>
42
+ <input type="hidden" id="ui" />
43
+ <div class="btn-group" data-toggle="buttons-radio">
44
+ <button type="button" class="btn btn-small" name="ui" value="N">None (N)</button>
45
+ <button type="button" class="btn btn-small" name="ui" value="R">Required (R)</button>
46
+ </div>
47
+ </div>
48
+
49
+ <div class="span6">
50
+ <h3>Scope (S)</h3>
51
+ <input type="hidden" id="s" />
52
+ <div class="btn-group" data-toggle="buttons-radio">
53
+ <button type="button" class="btn btn-small" name="s" value="U">Unchanged (U)</button>
54
+ <button type="button" class="btn btn-small" name="s" value="C">Changed (C)</button>
55
+ </div>
56
+
57
+ <h3>Confidentiality (C)</h3>
58
+ <input type="hidden" id="c" />
59
+ <div class="btn-group" data-toggle="buttons-radio">
60
+ <button type="button" class="btn btn-small" name="c" value="N">None (N)</button>
61
+ <button type="button" class="btn btn-small" name="c" value="L">Low (L)</button>
62
+ <button type="button" class="btn btn-small" name="c" value="H">High (H)</button>
63
+ </div>
64
+
65
+ <h3>Integrity (I)</h3>
66
+ <input type="hidden" id="i" />
67
+ <div class="btn-group" data-toggle="buttons-radio">
68
+ <button type="button" class="btn btn-small" name="i" value="N">None (N)</button>
69
+ <button type="button" class="btn btn-small" name="i" value="L">Low (L)</button>
70
+ <button type="button" class="btn btn-small" name="i" value="H">High (H)</button>
71
+ </div>
72
+
73
+ <h3>Availability (A)</h3>
74
+ <input type="hidden" id="a" />
75
+ <div class="btn-group" data-toggle="buttons-radio">
76
+ <button type="button" class="btn btn-small" name="a" value="N">None (N)</button>
77
+ <button type="button" class="btn btn-small" name="a" value="L">Low (L)</button>
78
+ <button type="button" class="btn btn-small" name="a" value="H">High (H)</button>
79
+ </div>
80
+
81
+ </div>
82
+ </div>
83
+
84
+ </section>
85
+
86
+ <section>
87
+ <h2>Temporal: <span id="temporal-score">0</span></h2>
88
+
89
+ <h3>Exploit Code Maturity (E)</h3>
90
+ <input type="hidden" id="e" />
91
+ <div class="btn-group" data-toggle="buttons-radio">
92
+ <button type="button" class="btn btn-small active" name="e" value="X">Not Defined (X)</button>
93
+ <button type="button" class="btn btn-small" name="e" value="U">Unproven (U)</button>
94
+ <button type="button" class="btn btn-small" name="e" value="P">Proof-of-Concept (P)</button>
95
+ <button type="button" class="btn btn-small" name="e" value="F">Functional (F)</button>
96
+ </div>
97
+
98
+ <h3>Remediation Level (RL)</h3>
99
+ <input type="hidden" id="rl" />
100
+ <div class="btn-group" data-toggle="buttons-radio">
101
+ <button type="button" class="btn btn-small active" name="rl" value="X">Not Defined (X)</button>
102
+ <button type="button" class="btn btn-small" name="rl" value="O">Official Fix (O)</button>
103
+ <button type="button" class="btn btn-small" name="rl" value="T">Temporary Fix (T)</button>
104
+ <button type="button" class="btn btn-small" name="rl" value="W">Workaround (W)</button>
105
+ <button type="button" class="btn btn-small" name="rl" value="U">Unavailable (U)</button>
106
+ </div>
107
+
108
+ <h3>Report Confidence (RC)</h3>
109
+ <input type="hidden" id="rc" />
110
+ <div class="btn-group" data-toggle="buttons-radio">
111
+ <button type="button" class="btn btn-small active" name="rc" value="X">Not Defined (X)</button>
112
+ <button type="button" class="btn btn-small" name="rc" value="U">Unknown (U)</button>
113
+ <button type="button" class="btn btn-small" name="rc" value="R">Reasonable (R)</button>
114
+ <button type="button" class="btn btn-small" name="rc" value="C">Confirmed (C)</button>
115
+ </div>
116
+ </section>
117
+
118
+ <section>
119
+ <h2>Environmental: <span id="environmental-score">0</span></h2>
120
+
121
+ <div class="row-fluid">
122
+ <div class="span6">
123
+ <h3>Confidentiality Req. (CR)</h3>
124
+ <input type="hidden" id="cr" />
125
+ <div class="btn-group" data-toggle="buttons-radio">
126
+ <button type="button" class="btn btn-small active" name="cr" value="X">Not Defined (X)</button>
127
+ <button type="button" class="btn btn-small" name="cr" value="L">Low (L)</button>
128
+ <button type="button" class="btn btn-small" name="cr" value="M">Medium (M)</button>
129
+ <button type="button" class="btn btn-small" name="cr" value="H">High (H)</button>
130
+ </div>
131
+
132
+ <h3>Integrity Req. (IR)</h3>
133
+ <input type="hidden" id="ir" />
134
+ <div class="btn-group" data-toggle="buttons-radio">
135
+ <button type="button" class="btn btn-small active" name="ir" value="X">Not Defined (X)</button>
136
+ <button type="button" class="btn btn-small" name="ir" value="L">Low (L)</button>
137
+ <button type="button" class="btn btn-small" name="ir" value="M">Medium (M)</button>
138
+ <button type="button" class="btn btn-small" name="ir" value="H">High (H)</button>
139
+ </div>
140
+
141
+ <h3>Availability Req. (AR)</h3>
142
+ <input type="hidden" id="ar" />
143
+ <div class="btn-group" data-toggle="buttons-radio">
144
+ <button type="button" class="btn btn-small active" name="ar" value="X">Not Defined (X)</button>
145
+ <button type="button" class="btn btn-small" name="ar" value="L">Low (L)</button>
146
+ <button type="button" class="btn btn-small" name="ar" value="M">Medium (M)</button>
147
+ <button type="button" class="btn btn-small" name="ar" value="H">High (H)</button>
148
+ </div>
149
+
150
+ </div>
151
+ <div class="span6">
152
+ <h3>Mod. Attack Vector (MAV)</h3>
153
+ <input type="hidden" id="mav" />
154
+ <div class="btn-group" data-toggle="buttons-radio">
155
+ <button type="button" class="btn btn-small active" name="mav" value="X">Not Defined (X)</button>
156
+ <button type="button" class="btn btn-small" name="mav" value="N">Network (N)</button>
157
+ <button type="button" class="btn btn-small" name="mav" value="A">Adjacent (A)</button>
158
+ <button type="button" class="btn btn-small" name="mav" value="L">Local (L)</button>
159
+ <button type="button" class="btn btn-small" name="mav" value="P">Physical (P)</button>
160
+ </div>
161
+
162
+ <h3>Mod. Attack Complexity (MAC)</h3>
163
+ <input type="hidden" id="mac" />
164
+ <div class="btn-group" data-toggle="buttons-radio">
165
+ <button type="button" class="btn btn-small active" name="mac" value="X">Not Defined (X)</button>
166
+ <button type="button" class="btn btn-small" name="mac" value="L">Low (L)</button>
167
+ <button type="button" class="btn btn-small" name="mac" value="H">High (H)</button>
168
+ </div>
169
+
170
+ <h3>Mod. Privileges Required (MPR)</h3>
171
+ <input type="hidden" id="mpr" />
172
+ <div class="btn-group" data-toggle="buttons-radio">
173
+ <button type="button" class="btn btn-small active" name="mpr" value="X">Not Defined (X)</button>
174
+ <button type="button" class="btn btn-small" name="mpr" value="N">None (N)</button>
175
+ <button type="button" class="btn btn-small" name="mpr" value="L">Low (L)</button>
176
+ <button type="button" class="btn btn-small" name="mpr" value="H">High (H)</button>
177
+ </div>
178
+
179
+ <h3>Mod. User Interaction (MUI)</h3>
180
+ <input type="hidden" id="mui" />
181
+ <div class="btn-group" data-toggle="buttons-radio">
182
+ <button type="button" class="btn btn-small active" name="mui" value="X">Not Defined (X)</button>
183
+ <button type="button" class="btn btn-small" name="mui" value="N">None (N)</button>
184
+ <button type="button" class="btn btn-small" name="mui" value="R">Required (R)</button>
185
+ </div>
186
+
187
+ <h3>Mod. Scope (MS)</h3>
188
+ <input type="hidden" id="ms" />
189
+ <div class="btn-group" data-toggle="buttons-radio">
190
+ <button type="button" class="btn btn-small active" name="ms" value="X">Not Defined (X)</button>
191
+ <button type="button" class="btn btn-small" name="ms" value="U">Unchanged (U)</button>
192
+ <button type="button" class="btn btn-small" name="ms" value="C">Changed (C)</button>
193
+ </div>
194
+
195
+ <h3>Mod. Confidentiality (MC)</h3>
196
+ <input type="hidden" id="mc" />
197
+ <div class="btn-group" data-toggle="buttons-radio">
198
+ <button type="button" class="btn btn-small active" name="mc" value="X">Not Defined (X)</button>
199
+ <button type="button" class="btn btn-small" name="mc" value="N">None (N)</button>
200
+ <button type="button" class="btn btn-small" name="mc" value="L">Low (L)</button>
201
+ <button type="button" class="btn btn-small" name="mc" value="H">High (H)</button>
202
+ </div>
203
+
204
+ <h3>Mod. Integrity (MI)</h3>
205
+ <input type="hidden" id="mi" />
206
+ <div class="btn-group" data-toggle="buttons-radio">
207
+ <button type="button" class="btn btn-small active" name="mi" value="X">Not Defined (X)</button>
208
+ <button type="button" class="btn btn-small" name="mi" value="N">None (N)</button>
209
+ <button type="button" class="btn btn-small" name="mi" value="L">Low (L)</button>
210
+ <button type="button" class="btn btn-small" name="mi" value="H">High (H)</button>
211
+ </div>
212
+
213
+ <h3>Mod. Availability (MA)</h3>
214
+ <input type="hidden" id="ma" />
215
+ <div class="btn-group" data-toggle="buttons-radio">
216
+ <button type="button" class="btn btn-small active" name="ma" value="X">Not Defined (X)</button>
217
+ <button type="button" class="btn btn-small" name="ma" value="N">None (N)</button>
218
+ <button type="button" class="btn btn-small" name="ma" value="L">Low (L)</button>
219
+ <button type="button" class="btn btn-small" name="ma" value="H">High (H)</button>
220
+ </div>
221
+
222
+ </div>
223
+ </div>
224
+
225
+ </section>
226
+ </div>
227
+
228
+ <div class="span4">
229
+ <pre id="blob">#[CVSSv3]#
230
+ N/A
231
+
232
+
233
+ #[Damage]#
234
+ N/A
235
+
236
+
237
+ #[AffectedSystems]#
238
+ N/A
239
+
240
+
241
+ #[Impact]#
242
+ N/A
243
+
244
+
245
+ #[Reproducibility]#
246
+ N/A
247
+
248
+
249
+ #[Discoverability]#
250
+ N/A
251
+
252
+
253
+ #[ThreatAgent]#
254
+ N/A
255
+
256
+
257
+ #[Exploitability]#
258
+ N/A
259
+
260
+
261
+ #[Likelihood]#
262
+ N/A
263
+ </pre>
264
+ </div>
265
+ </div>
@@ -0,0 +1,30 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>CVSS Score Calculator | Dradis Framework</title>
5
+ <%= stylesheet_link_tag 'dradis/plugins/calculators/cvss/manifests/application', media: 'all', 'data-turbolinks-track' => true %>
6
+ <%= csrf_meta_tags %>
7
+
8
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
9
+ </head>
10
+ <body class="authenticated">
11
+ <div class="container">
12
+ <div class="navbar">
13
+ <div class="navbar-inner">
14
+ <a href="javascript:void(0)" class="brand">CVSS score calculator</a>
15
+ <ul class="nav pull-right">
16
+ <li>
17
+ <%= link_to main_app.root_path do %>
18
+ Back to the app &rarr;
19
+ <% end %>
20
+ </li>
21
+ </ul>
22
+ </div>
23
+ </div>
24
+
25
+ <%= yield%>
26
+ </div>
27
+
28
+ <%= javascript_include_tag 'dradis/plugins/calculators/cvss/manifests/application', 'data-turbolinks-track' => true %>
29
+ </body>
30
+ </html>
data/config/routes.rb ADDED
@@ -0,0 +1,3 @@
1
+ Dradis::Plugins::Calculators::CVSS::Engine.routes.draw do
2
+ get '/cvss' => "base#index"
3
+ end
@@ -0,0 +1,27 @@
1
+ $:.push File.expand_path('../lib', __FILE__)
2
+
3
+ require 'dradis/plugins/calculators/cvss/version'
4
+
5
+ # Describe your gem and declare its dependencies:
6
+ Gem::Specification.new do |spec|
7
+ spec.platform = Gem::Platform::RUBY
8
+ spec.name = 'dradis-calculator_cvss'
9
+ spec.version = Dradis::Plugins::Calculators::CVSS::VERSION::STRING
10
+ spec.summary = 'This plugin adds a CVSSv3 score calculator to Dradis.'
11
+ spec.description = 'Display a CVSS score calculator in Dradis Framework.'
12
+
13
+ spec.license = 'GPL-2'
14
+
15
+ spec.authors = ['Daniel Martin']
16
+ spec.email = ['etd@nomejortu.com']
17
+ spec.homepage = 'http://dradisframework.org'
18
+
19
+ spec.files = `git ls-files`.split($\)
20
+ spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
21
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
22
+
23
+ spec.add_dependency 'dradis-plugins', '~> 3.0'
24
+
25
+ spec.add_development_dependency 'bundler', '~> 1.6'
26
+ spec.add_development_dependency 'rake', '~> 10.0'
27
+ end
@@ -0,0 +1,13 @@
1
+ require 'dradis-plugins'
2
+
3
+ module Dradis
4
+ module Plugins
5
+ module Calculators
6
+ module CVSS
7
+ end
8
+ end
9
+ end
10
+ end
11
+
12
+ require 'dradis/plugins/calculators/cvss/engine'
13
+ require 'dradis/plugins/calculators/cvss/version'
@@ -0,0 +1,26 @@
1
+ module Dradis::Plugins::Calculators::CVSS
2
+ class Engine < ::Rails::Engine
3
+ isolate_namespace Dradis::Plugins::Calculators::CVSS
4
+
5
+ include Dradis::Plugins::Base
6
+ provides :addon
7
+ description 'Provides a CVSS score calculator under /calculators/cvss'
8
+
9
+ initializer 'calculator_cvss.asset_precompile_paths' do |app|
10
+ app.config.assets.precompile += ["dradis/plugins/calculators/cvss/manifests/*"]
11
+ end
12
+
13
+ initializer "calculator_cvss.inflections" do |app|
14
+ ActiveSupport::Inflector.inflections do |inflect|
15
+ inflect.acronym('CVSS')
16
+ end
17
+ end
18
+
19
+ initializer 'calculator_cvss.mount_engine' do
20
+ Rails.application.routes.append do
21
+ mount Dradis::Plugins::Calculators::CVSS::Engine => '/calculators/', as: :cvss_calculator
22
+ end
23
+ end
24
+
25
+ end
26
+ end
@@ -0,0 +1,21 @@
1
+ module Dradis
2
+ module Plugins
3
+ module Calculators
4
+ module CVSS
5
+ # Returns the version of the currently loaded CVSS Calculator as a <tt>Gem::Version</tt>
6
+ def self.gem_version
7
+ Gem::Version.new VERSION::STRING
8
+ end
9
+
10
+ module VERSION
11
+ MAJOR = 3
12
+ MINOR = 0
13
+ TINY = 1
14
+ PRE = nil
15
+
16
+ STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
17
+ end
18
+ end
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,15 @@
1
+ require_relative 'gem_version'
2
+
3
+ module Dradis
4
+ module Plugins
5
+ module Calculators
6
+ module CVSS
7
+ # Returns the version of the currently loaded CVSS Calculator as a
8
+ # <tt>Gem::Version</tt>.
9
+ def self.version
10
+ gem_version
11
+ end
12
+ end
13
+ end
14
+ end
15
+ end
metadata ADDED
@@ -0,0 +1,105 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: dradis-calculator_cvss
3
+ version: !ruby/object:Gem::Version
4
+ version: 3.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Daniel Martin
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-08-12 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: dradis-plugins
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '3.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '3.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.6'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.6'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '10.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '10.0'
55
+ description: Display a CVSS score calculator in Dradis Framework.
56
+ email:
57
+ - etd@nomejortu.com
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - ".gitignore"
63
+ - CONTRIBUTING.md
64
+ - Gemfile
65
+ - LICENSE
66
+ - README.md
67
+ - Rakefile
68
+ - app/assets/javascripts/dradis/plugins/calculators/cvss/calculator.js.coffee
69
+ - app/assets/javascripts/dradis/plugins/calculators/cvss/manifests/application.js.coffee
70
+ - app/assets/javascripts/dradis/plugins/calculators/cvss/vendor/cvsscalc30.js
71
+ - app/assets/stylesheets/dradis/plugins/calculators/cvss/manifests/application.css.scss
72
+ - app/controllers/dradis/plugins/calculators/cvss/base_controller.rb
73
+ - app/views/dradis/plugins/calculators/cvss/base/index.html.erb
74
+ - app/views/layouts/dradis/plugins/calculators/cvss/base.html.erb
75
+ - config/routes.rb
76
+ - dradis-calculator_cvss.gemspec
77
+ - lib/dradis-calculator_cvss.rb
78
+ - lib/dradis/plugins/calculators/cvss/engine.rb
79
+ - lib/dradis/plugins/calculators/cvss/gem_version.rb
80
+ - lib/dradis/plugins/calculators/cvss/version.rb
81
+ homepage: http://dradisframework.org
82
+ licenses:
83
+ - GPL-2
84
+ metadata: {}
85
+ post_install_message:
86
+ rdoc_options: []
87
+ require_paths:
88
+ - lib
89
+ required_ruby_version: !ruby/object:Gem::Requirement
90
+ requirements:
91
+ - - ">="
92
+ - !ruby/object:Gem::Version
93
+ version: '0'
94
+ required_rubygems_version: !ruby/object:Gem::Requirement
95
+ requirements:
96
+ - - ">="
97
+ - !ruby/object:Gem::Version
98
+ version: '0'
99
+ requirements: []
100
+ rubyforge_project:
101
+ rubygems_version: 2.2.3
102
+ signing_key:
103
+ specification_version: 4
104
+ summary: This plugin adds a CVSSv3 score calculator to Dradis.
105
+ test_files: []