dradis-calculator_cvss 3.9.0 → 3.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9059cc506241b4850a98aa6b6c0e7fb83cb6353b
-  data.tar.gz: b71d798d1c1536ce2874746c924c8ccc6246e59e
+  metadata.gz: e82f3d0b7a792d051608e369c9984f121d7ccaf4
+  data.tar.gz: 4f031a0982766cbeabf04ae01c20390b10db32e0
 SHA512:
-  metadata.gz: e6bec56423eaf8e4a3de6a265a3ad7ddc002d6960656af9c40942887dd02c5b69d99870e8193bf6dfaa96095145049778bbc1c0997b9288526e17ecd76ca7340
-  data.tar.gz: 8ca39f08a7acc81f264d8f1eeedc1894545b1957d13e992920a1b020cd3c2f7db5bf1d26ca9d96e3960e1fe57e488fbd8004869e34972594c84a6381e6d89ab9
+  metadata.gz: e7461ed457850d0a3b5702eff86ec066ec2b0d6d739223f00ea67171a93411401d4a46216b83f38a53bbeba1f3679f550731e21a3be6c24796ae45d0df3f1279
+  data.tar.gz: aa6c7c1608835dbf47c72b1cf249b37df3b320c0e4c930c04fc7c66ad1dce0072dd40175f00d0266538851609023d2d251f485f6f5fc33a5e1b85b805bf5119f

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## Dradis Framework 3.10 (August, 2018) ##
+
+* Fix vertical button selection behavior
+
 ## Dradis Framework 3.9 (January, 2018) ##
 
 * Add metric-specific fields to calculator output (v3.8.1)

data/app/controllers/dradis/plugins/calculators/cvss/base_controller.rb

@@ -2,4 +2,4 @@ module Dradis::Plugins::Calculators::CVSS
   # Does it matter that we're inheriting from the no-frills controller?
   class BaseController < ActionController::Base
   end
-end
+end

data/app/views/dradis/plugins/calculators/cvss/base/index.html.erb

@@ -13,13 +13,15 @@
         <div class="span6">
           <h3 title="This metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.">Attack Vector (AV)</h3>
           <input type="hidden" id="av" />
-          <div class="btn-group-vertical" data-toggle="buttons-radio">
-            <button type="button" class="btn btn-med" name="av" value="N" title="A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away.">Network (N) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
-            <button type="button" class="btn btn-med" name="av" value="A" title="A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router).">Adjacent (A) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
-          </div>
-          <div class="btn-group-vertical" data-toggle="buttons-radio">
-            <button type="button" class="btn btn-med" name="av" value="L" title="A vulnerability exploitable with local access means that the vulnerable component is not bound to the network stack, and the attacker’s path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file.">Local (L) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
-            <button type="button" class="btn btn-med" name="av" value="P" title="A vulnerability exploitable with physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief or persistent.">Physical (P) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
+          <div class="btn-group" data-toggle="buttons-radio">
+            <div class="btn-group-vertical">
+              <button type="button" class="btn btn-med" name="av" value="N" title="A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away.">Network (N) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
+              <button type="button" class="btn btn-med" name="av" value="A" title="A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router).">Adjacent (A) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
+            </div>
+            <div class="btn-group-vertical">
+              <button type="button" class="btn btn-med" name="av" value="L" title="A vulnerability exploitable with local access means that the vulnerable component is not bound to the network stack, and the attacker’s path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file.">Local (L) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
+              <button type="button" class="btn btn-med" name="av" value="P" title="A vulnerability exploitable with physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief or persistent.">Physical (P) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
+            </div>
           </div>
 
 
@@ -152,14 +154,16 @@
         <div class="span6">
           <h3 title="This metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.">Mod. Attack Vector (MAV)</h3>
           <input type="hidden" id="mav" />
-          <div class="btn-group-vertical" data-toggle="buttons-radio">
-            <button type="button" class="btn btn-med active" name="mav" value="X" title="Use the value assigned to the corresponding Base Score metric.">Not Defined (X) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
-            <button type="button" class="btn btn-med" name="mav" value="N" title="A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away.">Network (N) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
-            <button type="button" class="btn btn-med" name="mav" value="A" title="A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router).">Adjacent (A) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
-          </div>
-          <div class="btn-group-vertical" data-toggle="buttons-radio">  
-            <button type="button" class="btn btn-med" name="mav" value="L" title="A vulnerability exploitable with local access means that the vulnerable component is not bound to the network stack, and the attacker’s path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file.">Local (L) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
-            <button type="button" class="btn btn-med" name="mav" value="P" title="A vulnerability exploitable with physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief or persistent.">Physical (P) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
+          <div class="btn-group" data-toggle="buttons-radio">
+            <div class="btn-group-vertical">
+              <button type="button" class="btn btn-med active" name="mav" value="X" title="Use the value assigned to the corresponding Base Score metric.">Not Defined (X) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
+              <button type="button" class="btn btn-med" name="mav" value="N" title="A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away.">Network (N) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
+              <button type="button" class="btn btn-med" name="mav" value="A" title="A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router).">Adjacent (A) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
+            </div>
+            <div class="btn-group-vertical">  
+              <button type="button" class="btn btn-med" name="mav" value="L" title="A vulnerability exploitable with local access means that the vulnerable component is not bound to the network stack, and the attacker’s path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file.">Local (L) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
+              <button type="button" class="btn btn-med" name="mav" value="P" title="A vulnerability exploitable with physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief or persistent.">Physical (P) <i class="fa fa-question-circle-o" aria-hidden="true"></i></button>
+            </div>
           </div>
 
           <h3 title="This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target, the presence of certain system configuration settings, or computational exceptions.">Mod. Attack Complexity (MAC)</h3>
@@ -263,4 +267,4 @@ N/A
 
 </pre>
   </div>
-</div>
+</div>

data/lib/dradis/plugins/calculators/cvss/gem_version.rb

@@ -9,7 +9,7 @@ module Dradis
 
         module VERSION
           MAJOR = 3
-          MINOR = 9
+          MINOR = 10
           TINY = 0
           PRE = nil
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-calculator_cvss
 version: !ruby/object:Gem::Version
-  version: 3.9.0
+  version: 3.10.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-08 00:00:00.000000000 Z
+date: 2018-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -99,7 +99,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: This plugin adds a CVSSv3 score calculator to Dradis.