dradis-calculator_cvss 4.10.0 → 4.12.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (47) hide show
  1. checksums.yaml +4 -4
  2. data/.github/pull_request_template.md +12 -3
  3. data/CHANGELOG.md +6 -0
  4. data/README.md +2 -2
  5. data/app/assets/javascripts/dradis/plugins/calculators/cvss/cvss.js +32 -0
  6. data/app/assets/javascripts/dradis/plugins/calculators/cvss/manifests/application.js +16 -5
  7. data/app/assets/javascripts/dradis/plugins/calculators/cvss/manifests/tylium.js +16 -5
  8. data/app/assets/javascripts/dradis/plugins/calculators/cvss/{calculator.js.coffee → v3/calculator.js.coffee} +10 -32
  9. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/calculator.js +168 -0
  10. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/app.js +435 -0
  11. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/cvss_config.js +858 -0
  12. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/cvss_details.js +18 -0
  13. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/cvss_lookup.js +275 -0
  14. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/max_composed.js +35 -0
  15. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/max_severity.js +30 -0
  16. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/metrics.js +42 -0
  17. data/app/assets/stylesheets/dradis/plugins/calculators/cvss/manifests/application.css.scss +2 -1
  18. data/app/assets/stylesheets/dradis/plugins/calculators/cvss/manifests/tylium.scss +1 -2
  19. data/app/controllers/dradis/plugins/calculators/cvss/base_controller.rb +3 -1
  20. data/app/controllers/dradis/plugins/calculators/cvss/issues_controller.rb +35 -9
  21. data/app/models/dradis/plugins/calculators/cvss/v4.rb +89 -0
  22. data/app/views/dradis/plugins/calculators/cvss/_version_menu.html.erb +8 -0
  23. data/app/views/dradis/plugins/calculators/cvss/base/index.html.erb +9 -70
  24. data/app/views/dradis/plugins/calculators/cvss/base/v3/_base.html.erb +123 -0
  25. data/app/views/dradis/plugins/calculators/cvss/base/v3/_environmental.html.erb +192 -0
  26. data/app/views/dradis/plugins/calculators/cvss/base/v3/_index.html.erb +69 -0
  27. data/app/views/dradis/plugins/calculators/cvss/base/v3/_temporal.html.erb +67 -0
  28. data/app/views/dradis/plugins/calculators/cvss/base/v4/_base.html.erb +143 -0
  29. data/app/views/dradis/plugins/calculators/cvss/base/v4/_environmental.html.erb +220 -0
  30. data/app/views/dradis/plugins/calculators/cvss/base/v4/_index.html.erb +82 -0
  31. data/app/views/dradis/plugins/calculators/cvss/base/v4/_supplemental.html.erb +85 -0
  32. data/app/views/dradis/plugins/calculators/cvss/base/v4/_threat.html.erb +19 -0
  33. data/app/views/dradis/plugins/calculators/cvss/issues/_show-content.html.erb +21 -7
  34. data/app/views/dradis/plugins/calculators/cvss/issues/edit/_v3.html.erb +91 -0
  35. data/app/views/dradis/plugins/calculators/cvss/issues/edit/_v4.html.erb +103 -0
  36. data/app/views/dradis/plugins/calculators/cvss/issues/edit.html.erb +3 -93
  37. data/lib/dradis/plugins/calculators/cvss/gem_version.rb +1 -1
  38. metadata +34 -17
  39. data/app/assets/stylesheets/dradis/plugins/calculators/cvss/_version_switch.scss +0 -26
  40. data/app/views/dradis/plugins/calculators/cvss/_version_switch.html.erb +0 -10
  41. data/app/views/dradis/plugins/calculators/cvss/base/_base.html.erb +0 -123
  42. data/app/views/dradis/plugins/calculators/cvss/base/_environmental.html.erb +0 -192
  43. data/app/views/dradis/plugins/calculators/cvss/base/_temporal.html.erb +0 -67
  44. /data/app/assets/javascripts/dradis/plugins/calculators/cvss/{vendor → v3/vendor}/cvsscalc30.js +0 -0
  45. /data/app/assets/javascripts/dradis/plugins/calculators/cvss/{vendor → v3/vendor}/cvsscalc30_helptext.js +0 -0
  46. /data/app/assets/javascripts/dradis/plugins/calculators/cvss/{vendor → v3/vendor}/cvsscalc31.js +0 -0
  47. /data/app/assets/javascripts/dradis/plugins/calculators/cvss/{vendor → v3/vendor}/cvsscalc31_helptext.js +0 -0
@@ -0,0 +1,220 @@
1
+ <section data-behavior="cvss-buttons" data-cvss-version="4" data-cvss-metrics="Environmental (Modified Base Metrics)">
2
+ <div class="row">
3
+
4
+ <div class="col-12 col-xl-6" data-cvss-metric-group="Exploitability Metrics">
5
+ <h5 class="mb-3 fw-bold">Exploitability Metrics</h4>
6
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Attack Vector (MAV)">Attack Vector (MAV) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
7
+
8
+ <%= hidden_field_tag :mav, @cvss4_vector['MAV'] %>
9
+
10
+ <div class="btn-group mb-4">
11
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MAV'] == 'X' %>" name="mav" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
12
+
13
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MAV'] == 'N' %>" name="mav" value="N" data-cvss-option="Network (N)">Network (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
14
+
15
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MAV'] == 'A' %>" name="mav" value="A" data-cvss-option="Adjacent (A)">Adjacent (A) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
16
+
17
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MAV'] == 'L' %>" name="mav" value="L" data-cvss-option="Local (L)">Local (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
18
+
19
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MAV'] == 'P' %>" name="mav" value="P" data-cvss-option="Physical (P)">Physical (P) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
20
+ </div>
21
+
22
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Attack Complexity (MAC)">Attack Complexity (MAC) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
23
+
24
+ <%= hidden_field_tag :mac, @cvss4_vector['MAC'] %>
25
+
26
+ <div class="btn-group mb-4">
27
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MAC'] == 'X' %>" name="mac" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
28
+
29
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MAC'] == 'L' %>" name="mac" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
30
+
31
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MAC'] == 'H' %>" name="mac" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
32
+ </div>
33
+
34
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Attack Requirements (MAT)">Attack Requirements (MAT) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
35
+
36
+ <%= hidden_field_tag :mat, @cvss4_vector['MAT'] %>
37
+
38
+ <div class="btn-group mb-4">
39
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MAT'] == 'X' %>" name="mat" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
40
+
41
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MAT'] == 'N' %>" name="mat" value="N" data-cvss-option="None (N)">None (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
42
+
43
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MAT'] == 'P' %>" name="mat" value="P" data-cvss-option="Present (P)">Present (P) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
44
+ </div>
45
+
46
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Privileges Required (MPR)">Privileges Required (MPR) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
47
+
48
+ <%= hidden_field_tag :mpr, @cvss4_vector['MPR'] %>
49
+
50
+ <div class="btn-group mb-4">
51
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MPR'] == 'X' %>" name="mpr" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
52
+
53
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MPR'] == 'N' %>" name="mpr" value="N" data-cvss-option="None (N)">None (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
54
+
55
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MPR'] == 'L' %>" name="mpr" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
56
+
57
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MPR'] == 'H' %>" name="mpr" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
58
+ </div>
59
+
60
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="User Interaction (MUI)">User Interaction (MUI) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
61
+
62
+ <%= hidden_field_tag :mui, @cvss4_vector['MUI'] %>
63
+
64
+ <div class="btn-group mb-5">
65
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MUI'] == 'X' %>" name="mui" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
66
+
67
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MUI'] == 'N' %>" name="mui" value="N" data-cvss-option="None (N)">None (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
68
+
69
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MUI'] == 'P' %>" name="mui" value="P" data-cvss-option="Passive (P)">Passive (P) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
70
+
71
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MUI'] == 'A' %>" name="mui" value="A" data-cvss-option="Active (A)">Active (A) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
72
+ </div>
73
+
74
+ </div>
75
+
76
+ <div class="col-12 col-xl-6" data-cvss-metric-group="Vulnerable System Impact Metrics">
77
+ <h5 class="mb-3 fw-bold">Vulnerable System Impact Metrics</h4>
78
+
79
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Confidentiality (MVC)">Confidentiality (MVC) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
80
+
81
+ <%= hidden_field_tag :mvc, @cvss4_vector['MVC'] %>
82
+
83
+ <div class="btn-group mb-4">
84
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVC'] == 'X' %>" name="mvc" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
85
+
86
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVC'] == 'H' %>" name="mvc" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
87
+
88
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVC'] == 'L' %>" name="mvc" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
89
+
90
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVC'] == 'N' %>" name="mvc" value="N" data-cvss-option="None (N)">None (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
91
+ </div>
92
+
93
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Integrity (MVI)">Integrity (MVI) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
94
+
95
+ <%= hidden_field_tag :mvi, @cvss4_vector['MVI'] %>
96
+
97
+ <div class="btn-group mb-4">
98
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVI'] == 'X' %>" name="mvi" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
99
+
100
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVI'] == 'H' %>" name="mvi" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
101
+
102
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVI'] == 'L' %>" name="mvi" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
103
+
104
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVI'] == 'N' %>" name="mvi" value="N" data-cvss-option="None (N)">None (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
105
+ </div>
106
+
107
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Availability (MVA)">Availability (MVA) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
108
+
109
+ <%= hidden_field_tag :mva, @cvss4_vector['MVA'] %>
110
+
111
+ <div class="btn-group mb-5">
112
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVA'] == 'X' %>" name="mva" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
113
+
114
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVA'] == 'H' %>" name="mva" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
115
+
116
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVA'] == 'L' %>" name="mva" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
117
+
118
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MVA'] == 'N' %>" name="mva" value="N" data-cvss-option="None (N)">None (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
119
+ </div>
120
+
121
+ </div>
122
+
123
+ <div class="col-12 col-xl-6" data-cvss-metric-group="Subsequent System Impact Metrics">
124
+ <h5 class="mb-3 fw-bold">Subsequent System Impact Metrics</h4>
125
+
126
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Confidentiality (MSC)">Confidentiality (MSC) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
127
+
128
+ <%= hidden_field_tag :msc, @cvss4_vector['MSC'] %>
129
+
130
+ <div class="btn-group mb-4">
131
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSC'] == 'X' %>" name="msc" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
132
+
133
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSC'] == 'H' %>" name="msc" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
134
+
135
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSC'] == 'L' %>" name="msc" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
136
+
137
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSC'] == 'N' %>" name="msc" value="N" data-cvss-option="Negligible (N)">Negligible (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
138
+ </div>
139
+
140
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Integrity (MSI)">Integrity (MSI) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
141
+
142
+ <%= hidden_field_tag :msi, @cvss4_vector['SI'] %>
143
+
144
+ <div class="btn-group mb-4">
145
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSI'] == 'X' %>" name="msi" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
146
+
147
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSI'] == 'S' %>" name="msi" value="S" data-cvss-option="Safety (S)">Safety (S) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
148
+
149
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSI'] == 'H' %>" name="msi" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
150
+
151
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSI'] == 'L' %>" name="msi" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
152
+
153
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSI'] == 'N' %>" name="msi" value="N" data-cvss-option="Negligible (N)">Negligible (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
154
+ </div>
155
+
156
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Availability (MSA)">Availability (MSA) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
157
+
158
+ <%= hidden_field_tag :msa, @cvss4_vector['MSA'] %>
159
+
160
+ <div class="btn-group mb-5 mb-xl-0">
161
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSA'] == 'X' %>" name="msa" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
162
+
163
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSA'] == 'S' %>" name="msa" value="S" data-cvss-option="Safety (S)">Safety (S) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
164
+
165
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSA'] == 'H' %>" name="msa" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
166
+
167
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSA'] == 'L' %>" name="msa" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
168
+
169
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['MSA'] == 'N' %>" name="msa" value="N" data-cvss-option="Negligible (N)">Negligible (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
170
+ </div>
171
+
172
+ </div>
173
+
174
+ <div class="col-12 col-xl-6" data-cvss-metric-group="Environmental (Security Requirements)">
175
+ <h5 class="mb-3 fw-bold">Security Requirements</h4>
176
+
177
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Confidentiality Requirements (CR)">Confidentiality Requirements (CR) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
178
+
179
+ <%= hidden_field_tag :cr, @cvss4_vector['CR'] %>
180
+
181
+ <div class="btn-group mb-4">
182
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['CR'] == 'X' %>" name="cr" value="X" data-label="Not Defined" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
183
+
184
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['CR'] == 'H' %>" name="cr" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
185
+
186
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['CR'] == 'M' %>" name="cr" value="M" data-cvss-option="Medium (M)">Medium (M) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
187
+
188
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['CR'] == 'L' %>" name="cr" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
189
+ </div>
190
+
191
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Integrity Requirements (IR)">Integrity Requirements (IR) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
192
+
193
+ <%= hidden_field_tag :ir, @cvss4_vector['IR'] %>
194
+
195
+ <div class="btn-group mb-4">
196
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['IR'] == 'X' %>" name="ir" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
197
+
198
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['IR'] == 'H' %>" name="ir" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
199
+
200
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['IR'] == 'M' %>" name="ir" value="M" data-cvss-option="Medium (M)">Medium (M) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
201
+
202
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['IR'] == 'L' %>" name="ir" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
203
+ </div>
204
+
205
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Availability Requirements (AR)">Availability Requirements (AR) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
206
+
207
+ <%= hidden_field_tag :ar, @cvss4_vector['AR'] %>
208
+
209
+ <div class="btn-group">
210
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['AR'] == 'X' %>" name="ar" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
211
+
212
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['AR'] == 'H' %>" name="ar" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
213
+
214
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['AR'] == 'M' %>" name="ar" value="M" data-cvss-option="Medium (M)">Medium (M) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
215
+
216
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['AR'] == 'L' %>" name="ar" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
217
+ </div>
218
+ </div>
219
+ </div>
220
+ </section>
@@ -0,0 +1,82 @@
1
+ <div class="row">
2
+ <div class="col-lg-8">
3
+ <h3 class="border-bottom border-dark border-opacity-25 pb-1">
4
+ Base
5
+ </h3>
6
+ <%= render 'dradis/plugins/calculators/cvss/base/v4/base' %>
7
+
8
+ <h3 class="mt-5 border-bottom border-dark border-opacity-25 pb-1">
9
+ Supplemental
10
+ </h3>
11
+ <%= render 'dradis/plugins/calculators/cvss/base/v4/supplemental' %>
12
+
13
+ <h3 class="mt-5 border-bottom border-dark border-opacity-25 pb-1">
14
+ Environmental
15
+ </h3>
16
+ <%= render 'dradis/plugins/calculators/cvss/base/v4/environmental' %>
17
+
18
+ <h3 class="mt-5 border-bottom border-dark border-opacity-25 pb-1">
19
+ Threat
20
+ </h3>
21
+ <div class="mb-4"><%= render 'dradis/plugins/calculators/cvss/base/v4/threat' %></div>
22
+ </div>
23
+
24
+ <div class="col-lg-4" id="cvss4-edit-result" data-behavior="cvss4-result-text">
25
+ <h3>
26
+ Result: <span id="cvss4-score" data-behavior="cvss4-result">0.0 (None)</span>
27
+ </h3>
28
+ <textarea name="cvss_fields" rows="52" class="form-control mb-4">#[CVSSv4.Vector]#
29
+ N/A
30
+
31
+ #[CVSSv4.BaseScore]#
32
+ N/A
33
+
34
+ #[CVSSv4.BaseSeverity]#
35
+ N/A
36
+
37
+ #[CVSSv4.MacroVector]#
38
+ #[CVSSv4.Expoitability]#
39
+ #[CVSSv4.Complexity]#
40
+ #[CVSSv4.VulnerableSystem]#
41
+ #[CVSSv4.SubsequentSystem]#
42
+ #[CVSSv4.Exploitation]#
43
+ #[CVSSv4.SecurityRequirements]#
44
+
45
+ #[CVSSv4.BaseExploitableAttackVector]#
46
+ #[CVSSv4.BaseExploitableAttackComplexity]#
47
+ #[CVSSv4.BaseExploitableAttackRequirements]#
48
+ #[CVSSv4.BaseExploitablePrivilegesRequired]#
49
+ #[CVSSv4.BaseExploitableUserInteraction]#
50
+ #[CVSSv4.BaseVulnerableConfidentiality]#
51
+ #[CVSSv4.BaseVulnerableIntegrity]#
52
+ #[CVSSv4.BaseVulnerableAvailability]#
53
+ #[CVSSv4.BaseSubsequentConfidentiality]#
54
+ #[CVSSv4.BaseSubsequentIntegrity]#
55
+ #[CVSSv4.BaseSubsequentAvailability]#
56
+
57
+ #[CVSSv4.SupplementalSafety]#
58
+ #[CVSSv4.SupplementalAutomatable]#
59
+ #[CVSSv4.SupplementalRecovery]#
60
+ #[CVSSv4.SupplementalValueDensity]#
61
+ #[CVSSv4.SupplementalVulnerabilityResponseEffort]#
62
+ #[CVSSv4.SupplementalProviderUrgency]#
63
+
64
+ #[CVSSv4.EnvironmentalExploitabilityAttackVector]#
65
+ #[CVSSv4.EnvironmentalExploitabilityAttackComplexity]#
66
+ #[CVSSv4.EnvironmentalExploitabilityAttackRequirements]#
67
+ #[CVSSv4.EnvironmentalExploitabilityPrivilegesRequired]#
68
+ #[CVSSv4.EnvironmentalExploitabilityUserInteraction]#
69
+ #[CVSSv4.EnvironmentalVulnerableConfidentiality]#
70
+ #[CVSSv4.EnvironmentalVulnerableIntegrity]#
71
+ #[CVSSv4.EnvironmentalVulnerableAvailability]#
72
+ #[CVSSv4.EnvironmentalSubsequentConfidentiality]#
73
+ #[CVSSv4.EnvironmentalSubsequentIntegrity]#
74
+ #[CVSSv4.EnvironmentalSubsequentAvailability]#
75
+ #[CVSSv4.EnvironmentalConfidentialityRequirements]#
76
+ #[CVSSv4.EnvironmentalIntegrityRequirements]#
77
+ #[CVSSv4.EnvironmentalAvailabilityRequirements]#
78
+
79
+ #[CVSSv4.ThreatExploitMaturity]#
80
+ </textarea>
81
+ </div>
82
+ </div>
@@ -0,0 +1,85 @@
1
+ <section data-behavior="cvss-buttons" data-cvss-version="4" data-cvss-metrics="Supplemental Metrics">
2
+ <div class="row">
3
+ <div class="col-12" data-cvss-metric-group="none">
4
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Safety (S)">Safety (S) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
5
+
6
+ <%= hidden_field_tag :s, @cvss4_vector['S'] %>
7
+
8
+ <div class="btn-group mb-4">
9
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['S'] == 'X' %>" name="s" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
10
+
11
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['S'] == 'N' %>" name="s" value="N" data-cvss-option="Negligible (N)">Negligible (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
12
+
13
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['S'] == 'P' %>" name="s" value="P" data-cvss-option="Present (P)">Present (P) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
14
+ </div>
15
+
16
+ <h5 class="header-underline mt-0" data-cvss-heading="Automatable (AU)">Automatable (AU) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
17
+
18
+ <%= hidden_field_tag :au, @cvss4_vector['AU'] %>
19
+
20
+ <div class="btn-group mb-4">
21
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['AU'] == 'X' %>" name="au" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
22
+
23
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['AU'] == 'N' %>" name="au" value="N" data-cvss-option="No (N)">No (N) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
24
+
25
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['AU'] == 'Y' %>" name="au" value="Y" data-cvss-option="Yes (Y)">Yes (Y) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
26
+ </div>
27
+
28
+ <h5 class="header-underline mt-0" data-cvss-heading="Recovery (R)">Recovery (R) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
29
+
30
+ <%= hidden_field_tag :r, @cvss4_vector['R'] %>
31
+
32
+ <div class="btn-group mb-4">
33
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['R'] == 'X' %>" name="r" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
34
+
35
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['R'] == 'A' %>" name="r" value="A" data-cvss-option="Automatic (A)">Automatic (A) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
36
+
37
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['R'] == 'U' %>" name="r" value="U" data-cvss-option="User (U)">User (U) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
38
+
39
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['R'] == 'I' %>" name="r" value="I" data-cvss-option="Irrecoverable (I)">Irrecoverable (I) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
40
+ </div>
41
+
42
+ <h5 class="header-underline mt-0" data-cvss-heading="Value Density (V)">Value Density (V) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
43
+
44
+ <%= hidden_field_tag :v, @cvss4_vector['V'] %>
45
+
46
+ <div class="btn-group mb-4">
47
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['V'] == 'X' %>" name="v" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
48
+
49
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['V'] == 'D' %>" name="v" value="D" data-cvss-option="Diffuse (D)">Diffuse (D) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
50
+
51
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['V'] == 'C' %>" name="v" value="C" data-cvss-option="Concentrated (C)">Concentrated (C) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
52
+ </div>
53
+
54
+ <h5 class="header-underline mt-0" data-cvss-heading="Vulnerability Response Effort (RE)">Vulnerability Response Effort (RE) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
55
+
56
+ <%= hidden_field_tag :re, @cvss4_vector['RE'] %>
57
+
58
+ <div class="btn-group mb-4">
59
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['RE'] == 'X' %>" name="re" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
60
+
61
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['RE'] == 'L' %>" name="re" value="L" data-cvss-option="Low (L)">Low (L) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
62
+
63
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['RE'] == 'M' %>" name="re" value="M" data-cvss-option="Moderate (M)">Moderate (M) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
64
+
65
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['RE'] == 'H' %>" name="re" value="H" data-cvss-option="High (H)">High (H) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
66
+ </div>
67
+
68
+ <h5 class="header-underline mt-0" data-cvss-heading="Provider Urgency (U)">Provider Urgency (U) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
69
+
70
+ <%= hidden_field_tag :u, @cvss4_vector['U'] %>
71
+
72
+ <div class="btn-group">
73
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['U'] == 'X' %>" name="u" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
74
+
75
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['U'] == 'Clear' %>" name="u" value="Clear" data-cvss-option="Clear">Clear <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
76
+
77
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['U'] == 'Green' %>" name="u" value="Green" data-cvss-option="Green">Green <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
78
+
79
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['U'] == 'Amber' %>" name="u" value="Amber" data-cvss-option="Amber">Amber <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
80
+
81
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['U'] == 'Red' %>" name="u" value="Red" data-cvss-option="Red">Red <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
82
+ </div>
83
+ </div>
84
+ </div>
85
+ </section>
@@ -0,0 +1,19 @@
1
+ <section data-behavior="cvss-buttons" data-cvss-version="4" data-cvss-metrics="Threat Metrics">
2
+ <div class="row">
3
+ <div class="col-12" data-cvss-metric-group="none">
4
+ <h5 class="header-underline mt-0 align-items-center gap-2" data-cvss-heading="Exploit Maturity (E)">Exploit Maturity (E) <i class="fa-regular fa-question-circle small" aria-hidden="true"></i></h5>
5
+
6
+ <%= hidden_field_tag :e, @cvss4_vector['E'] %>
7
+
8
+ <div class="btn-group">
9
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['E'] == 'X' %>" name="e" value="X" data-cvss-option="Not Defined (X)">Not Defined (X) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
10
+
11
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['E'] == 'A' %>" name="e" value="A" data-cvss-option="Attacked (A)">Attacked (A) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
12
+
13
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['E'] == 'P' %>" name="e" value="P" data-cvss-option="POC (P)">POC (P) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
14
+
15
+ <button type="button" class="btn <%= 'active btn-primary' if @cvss4_vector['E'] == 'U' %>" name="e" value="U" data-cvss-option="Unreported (U)">Unreported (U) <i class="fa-regular fa-question-circle" aria-hidden="true"></i></button>
16
+ </div>
17
+ </div>
18
+ </div>
19
+ </section>
@@ -9,13 +9,27 @@
9
9
  </h4>
10
10
 
11
11
  <div class="mb-4 content-textile">
12
- <%=
13
- markup(
14
- @issue.fields
15
- .select { |k,v| Dradis::Plugins::Calculators::CVSS::V3::FIELDS.include?(k) }
16
- .map { |k,v| "#[#{k}]#\n#{v}" }.join("\n\n")
17
- )
18
- %>
12
+ <% if @issue.fields['CVSSv4.BaseVector'] %>
13
+ <%=
14
+ markup(
15
+ @issue.fields
16
+ .select { |k,v| Dradis::Plugins::Calculators::CVSS::V4::FIELDS.include?(k) }
17
+ .map { |k,v| "#[#{k}]#\n#{v}" }.join("\n\n")
18
+ )
19
+ %>
20
+ <% end%>
21
+
22
+ <br>
23
+
24
+ <% if @issue.fields['CVSSv3.Vector'] %>
25
+ <%=
26
+ markup(
27
+ @issue.fields
28
+ .select { |k,v| Dradis::Plugins::Calculators::CVSS::V3::FIELDS.include?(k) }
29
+ .map { |k,v| "#[#{k}]#\n#{v}" }.join("\n\n")
30
+ )
31
+ %>
32
+ <% end %>
19
33
  </div>
20
34
  </div>
21
35
  </div>
@@ -0,0 +1,91 @@
1
+ <div class="inner note-text-inner d-none" data-cvss-version="3">
2
+
3
+ <%= simple_form_for [:cvss, current_project, @issue] do |f| %>
4
+
5
+ <div class="alert alert-error" data-behavior="cvss-error">
6
+ <p><strong>Warning</strong>: all Base metrics are required</p>
7
+ </div>
8
+
9
+ <ul class="nav nav-pills w-100" id="cvss-tabs">
10
+ <li class="nav-item">
11
+ <a href="#cvss-edit-base" data-bs-toggle="pill" class="nav-link active">Base: <span id="base-score">0</span></a>
12
+ </li>
13
+ <li class="nav-item">
14
+ <a href="#cvss-edit-temporal" data-bs-toggle="pill" class="nav-link">Temporal: <span id="temporal-score">0</span></a>
15
+ </li>
16
+ <li class="nav-item">
17
+ <a href="#cvss-edit-environmental" data-bs-toggle="pill" class="nav-link">Environmental: <span id="environmental-score">0</span></a>
18
+ </li>
19
+ <li class="nav-item pull-right">
20
+ <a href="#cvss-edit-result" data-bs-toggle="pill" class="nav-link">Result</a>
21
+ </li>
22
+ </ul>
23
+
24
+ <div class="tab-content mt-4">
25
+ <div class="tab-pane active" id="cvss-edit-base">
26
+ <%= render 'dradis/plugins/calculators/cvss/base/v3/base' %>
27
+ </div>
28
+ <div class="tab-pane" id="cvss-edit-temporal">
29
+ <%= render 'dradis/plugins/calculators/cvss/base/v3/temporal' %>
30
+ </div>
31
+ <div class="tab-pane" id="cvss-edit-environmental">
32
+ <%= render 'dradis/plugins/calculators/cvss/base/v3/environmental' %>
33
+ </div>
34
+
35
+ <div class="tab-pane" id="cvss-edit-result">
36
+ <textarea class="form-control" name="cvss_fields" rows="10" style="width:95%">#[CVSSv3.Vector]#
37
+ N/A
38
+
39
+ #[CVSSv3.BaseScore]#
40
+ N/A
41
+
42
+ #[CVSSv3.BaseSeverity]#
43
+ N/A
44
+
45
+ #[CVSSv3.TemporalScore]#
46
+ N/A
47
+
48
+ #[CVSSv3.TemporalSeverity]#
49
+ N/A
50
+
51
+ #[CVSSv3.EnvironmentalScore]#
52
+ N/A
53
+
54
+ #[CVSSv3.EnvironmentalSeverity]#
55
+ N/A
56
+
57
+ #[CVSSv3.BaseAttackVector]#
58
+ #[CVSSv3.BaseAttackComplexity]#
59
+ #[CVSSv3.BasePrivilegesRequired]#
60
+ #[CVSSv3.BaseUserInteraction]#
61
+ #[CVSSv3.BaseScope]#
62
+ #[CVSSv3.BaseConfidentiality]#
63
+ #[CVSSv3.BaseIntegrity]#
64
+ #[CVSSv3.BaseAvailability]#
65
+
66
+ #[CVSSv3.TemporalExploitCodeMaturity]#
67
+ #[CVSSv3.TemporalRemediationLevel]#
68
+ #[CVSSv3.TemporalReportConfidence]#
69
+
70
+ #[CVSSv3.EnvironmentalConfidentialityRequirement]#
71
+ #[CVSSv3.EnvironmentalIntegrityRequirement]#
72
+ #[CVSSv3.EnvironmentalAvailabilityRequirement]#
73
+
74
+ #[CVSSv3.ModifiedAttackVector]#
75
+ #[CVSSv3.ModifiedAttackComplexity]#
76
+ #[CVSSv3.ModifiedPrivilegesRequired]#
77
+ #[CVSSv3.ModifiedUserInteraction]#
78
+ #[CVSSv3.ModifiedScope]#
79
+ #[CVSSv3.ModifiedConfidentiality]#
80
+ #[CVSSv3.ModifiedIntegrity]#
81
+ #[CVSSv3.ModifiedAvailability]#
82
+ </textarea>
83
+ </div>
84
+ </div>
85
+
86
+ <div class="form-actions">
87
+ <%= f.button :submit, nil, class: 'btn btn-primary' %> or
88
+ <%= link_to 'Cancel', main_app.project_issue_path(current_project, @issue), class: 'cancel-link' %>
89
+ </div>
90
+ <% end %>
91
+ </div>