cvss-suite-3.1.0/0000755000175000017500000000000014327471354012670 5ustar vinayvinaycvss-suite-3.1.0/lib/0000755000175000017500000000000014327471354013436 5ustar vinayvinaycvss-suite-3.1.0/lib/cvss_suite/0000755000175000017500000000000014327471354015625 5ustar vinayvinaycvss-suite-3.1.0/lib/cvss_suite/version.rb0000644000175000017500000000051514327471354017640 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. module CvssSuite VERSION = '3.1.0'.freeze end cvss-suite-3.1.0/lib/cvss_suite/invalid_cvss.rb0000644000175000017500000000224614327471354020642 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2018-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. module CvssSuite ## # This class represents a invalid CVSS vector. class InvalidCvss < Cvss # rubocop:disable Lint/MissingSuper ## # Creates a new invalid CVSS vector. def initialize; end # rubocop:enable Lint/MissingSuper ## # Since this is an invalid CVSS vector, it always returns false. def valid? false end ## # Since this is an invalid CVSS vector, it always throws an exception. def version check_validity end ## # Since this is an invalid CVSS vector, it always throws an exception. def base_score check_validity end ## # Since this is an invalid CVSS vector, it always throws an exception. def temporal_score check_validity end ## # Since this is an invalid CVSS vector, it always throws an exception. def environmental_score check_validity end end end cvss-suite-3.1.0/lib/cvss_suite/helpers/0000755000175000017500000000000014327471354017267 5ustar vinayvinaycvss-suite-3.1.0/lib/cvss_suite/helpers/cvss3_helper.rb0000644000175000017500000000232714327471354022220 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. module CvssSuite ## # This module includes methods which are used by the CVSS 3 classes. module Cvss3Helper ## # Since CVSS 3 all float values are rounded up, therefore this method is used # instead of the mathematically correct method round(). def self.round_up(float) float.ceil(1).to_f end ## # Since CVSS 3 the Privilege Required score depends on the selected value of the Scope metric. # This method takes a +Privilege+ +Required+ and a +Scope+ metric and returns the newly calculated score. def self.privileges_required_score(privileges_required, scope) changed = scope.selected_value[:name] == 'Changed' privilege_score = privileges_required.score if changed privilege_score = 0.68 if privileges_required.selected_value[:name] == 'Low' privilege_score = 0.50 if privileges_required.selected_value[:name] == 'High' end privilege_score end end end cvss-suite-3.1.0/lib/cvss_suite/helpers/cvss31_helper.rb0000644000175000017500000000137114327471354022277 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. module CvssSuite ## # This module includes methods which are used by the CVSS 3 classes. module Cvss31Helper ## # Since CVSS 3 all float values are rounded up, therefore this method is used # instead of the mathematically correct method round(). def self.round_up(float) output = (float * 100_000).round if (output % 10_000).zero? output / 100_000.0 else ((output / 10_000).floor + 1) / 10.0 end end end end cvss-suite-3.1.0/lib/cvss_suite/errors.rb0000644000175000017500000000131214327471354017463 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # Adam David # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. module CvssSuite ## # This will define classed errors to be expected module Errors ## # The base error class to be inherited by more specific classes class CvssError < StandardError attr_accessor :message def initialize(message) @message = message super end end class InvalidVector < RuntimeError; end class InvalidParentClass < ArgumentError; end end end cvss-suite-3.1.0/lib/cvss_suite/cvss_property.rb0000644000175000017500000000403314327471354021074 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. module CvssSuite ## # This class represents a CVSS property of a CVSS metric. class CvssProperty ## # Creates a new CVSS property by a +property+. # # +Property+ needs to consist of a name, a abbreviation, # the possible positions in the CVSS vector, a weight, and the # available values for the property. def initialize(property) @property = property @property[:default_value] ||= 'Not Defined' end ## # Returns the full name of the property. def name @property[:name] end ## # Returns the abbreviation of the property. def abbreviation @property[:abbreviation] end ## # Returns all available values of the property. def values @property[:values] end ## # Returns the possible positions in the CVSS vector of the property. def position @property[:position] end ## # Returns the selected value of the property. def selected_value @selected_value || @property[:default_value] end ## # Returns true if the property is valid. def valid? !@selected_value.nil? end ## # Returns the score of the selected value. def score @selected_value[:weight] end ## # Sets the selected value by a +value+. def set_selected_value(selected_value) values.each do |value| value[:selected] = selected_value.eql?(value[:abbreviation]) end @selected_value = values.detect { |value| value[:selected] } end ## # Sets the default value. def set_default_value values.each do |value| value[:selected] = value[:abbreviation].eql?('X') end @selected_value = values.detect { |value| value[:selected] } end end end cvss-suite-3.1.0/lib/cvss_suite/cvss_metric.rb0000644000175000017500000000245714327471354020503 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. module CvssSuite ## # This class represents any CVSS metric. class CvssMetric ## # Creates a new CVSS metric by +properties+ def initialize(selected_properties) @properties = [] init_properties extract_selected_values_from selected_properties end ## # Returns if the metric is valid. def valid? @properties.each do |property| return false unless property.valid? end true end ## # Returns number of properties for this metric. def count @properties.count end private def extract_selected_values_from(selected_properties) selected_properties.each do |selected_property| property = @properties.detect do |p| p.abbreviation == selected_property[:name] && (p.position&.include?(selected_property[:position]) || p.position.nil?) end property&.set_selected_value selected_property[:selected] end @properties.reject(&:valid?).each(&:set_default_value) end end end cvss-suite-3.1.0/lib/cvss_suite/cvss31/0000755000175000017500000000000014327471354016747 5ustar vinayvinaycvss-suite-3.1.0/lib/cvss_suite/cvss31/cvss31_temporal.rb0000644000175000017500000000530714327471354022326 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2019-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss_property' require_relative '../cvss_metric' module CvssSuite ## # This class represents a CVSS Temporal metric in version 3.1. class Cvss31Temporal < CvssMetric ## # Property of this metric attr_reader :exploit_code_maturity, :remediation_level, :report_confidence ## # Returns score of this metric def score return 1.0 unless valid? @exploit_code_maturity.score * @remediation_level.score * @report_confidence.score end private def init_properties @properties.push(@exploit_code_maturity = CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E', values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 }, { name: 'Unproven', abbreviation: 'U', weight: 0.91 }, { name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 }, { name: 'Functional', abbreviation: 'F', weight: 0.97 }, { name: 'High', abbreviation: 'H', weight: 1.0 }])) @properties.push(@remediation_level = CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 }, { name: 'Official Fix', abbreviation: 'O', weight: 0.95 }, { name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 }, { name: 'Workaround', abbreviation: 'W', weight: 0.97 }, { name: 'Unavailable', abbreviation: 'U', weight: 1.0 }])) @properties.push(@report_confidence = CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 }, { name: 'Unknown', abbreviation: 'U', weight: 0.92 }, { name: 'Reasonable', abbreviation: 'R', weight: 0.96 }, { name: 'Confirmed', abbreviation: 'C', weight: 1.0 }])) end end end cvss-suite-3.1.0/lib/cvss_suite/cvss31/cvss31_environmental.rb0000644000175000017500000002503014327471354023357 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2019-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss_property' require_relative '../cvss_metric' require_relative '../helpers/cvss3_helper' require_relative '../helpers/cvss31_helper' module CvssSuite ## # This class represents a CVSS Environmental metric in version 3.1. class Cvss31Environmental < CvssMetric ## # Property of this metric attr_reader :confidentiality_requirement, :integrity_requirement, :availability_requirement, :modified_attack_vector, :modified_attack_complexity, :modified_privileges_required, :modified_user_interaction, :modified_scope, :modified_confidentiality, :modified_integrity, :modified_availability ## # Returns score of this metric def score(base, temporal) @base = base merged_modified_privileges_required = @modified_privileges_required if @modified_privileges_required.selected_value[:name] == 'Not Defined' merged_modified_privileges_required = @base.privileges_required end merged_modified_scope = @modified_scope if @modified_scope.selected_value[:name] == 'Not Defined' merged_modified_scope = @base.scope end privilege_score = Cvss3Helper.privileges_required_score(merged_modified_privileges_required, merged_modified_scope) modified_exploitability_sub_score = modified_exploitability_sub(privilege_score) modified_impact_sub_score = modified_impact_sub(isc_modified) return 0 if modified_impact_sub_score <= 0 calculate_score modified_impact_sub_score, modified_exploitability_sub_score, temporal.score end private def init_properties @properties.push(@confidentiality_requirement = CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 }, { name: 'Medium', abbreviation: 'M', weight: 1.0 }, { name: 'High', abbreviation: 'H', weight: 1.5 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@integrity_requirement = CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 }, { name: 'Medium', abbreviation: 'M', weight: 1.0 }, { name: 'High', abbreviation: 'H', weight: 1.5 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@availability_requirement = CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 }, { name: 'Medium', abbreviation: 'M', weight: 1.0 }, { name: 'High', abbreviation: 'H', weight: 1.5 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_attack_vector = CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV', values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 }, { name: 'Adjacent Network', abbreviation: 'A', weight: 0.62 }, { name: 'Local', abbreviation: 'L', weight: 0.55 }, { name: 'Physical', abbreviation: 'P', weight: 0.2 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_attack_complexity = CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC', values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 }, { name: 'High', abbreviation: 'H', weight: 0.44 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_privileges_required = CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR', values: [{ name: 'None', abbreviation: 'N', weight: 0.85 }, { name: 'Low', abbreviation: 'L', weight: 0.62 }, { name: 'High', abbreviation: 'H', weight: 0.27 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_user_interaction = CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI', values: [{ name: 'None', abbreviation: 'N', weight: 0.85 }, { name: 'Required', abbreviation: 'R', weight: 0.62 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_scope = CvssProperty.new(name: 'Modified Scope', abbreviation: 'MS', values: [{ name: 'Changed', abbreviation: 'C' }, { name: 'Unchanged', abbreviation: 'U' }, { name: 'Not Defined', abbreviation: 'X' }])) @properties.push(@modified_confidentiality = CvssProperty.new(name: 'Modified Confidentiality', abbreviation: 'MC', values: [{ name: 'None', abbreviation: 'N', weight: 0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_integrity = CvssProperty.new(name: 'Modified Integrity', abbreviation: 'MI', values: [{ name: 'None', abbreviation: 'N', weight: 0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_availability = CvssProperty.new(name: 'Modified Availability', abbreviation: 'MA', values: [{ name: 'None', abbreviation: 'N', weight: 0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) end def modified_impact_sub(isc_modified) if @modified_scope.selected_value[:name] == 'Not Defined' if @base.scope.selected_value[:name] == 'Changed' return 7.52 * (isc_modified - 0.029) - 3.25 * (isc_modified * 0.9731 - 0.02)**13 else return 6.42 * isc_modified end end if @modified_scope.selected_value[:name] == 'Changed' 7.52 * (isc_modified - 0.029) - 3.25 * (isc_modified * 0.9731 - 0.02)**13 else 6.42 * isc_modified end end def isc_modified merged_modified_confidentiality = @modified_confidentiality if @modified_confidentiality.selected_value[:name] == 'Not Defined' merged_modified_confidentiality = @base.confidentiality end merged_modified_integrity = @modified_integrity if @modified_integrity.selected_value[:name] == 'Not Defined' merged_modified_integrity = @base.integrity end merged_modified_availability = @modified_availability if @modified_availability.selected_value[:name] == 'Not Defined' merged_modified_availability = @base.availability end confidentiality_score = 1 - merged_modified_confidentiality.score * @confidentiality_requirement.score integrity_score = 1 - merged_modified_integrity.score * @integrity_requirement.score availability_score = 1 - merged_modified_availability.score * @availability_requirement.score [0.915, (1 - confidentiality_score * integrity_score * availability_score)].min end def modified_exploitability_sub(privilege_score) merged_modified_attack_vector = @modified_attack_vector if @modified_attack_vector.selected_value[:name] == 'Not Defined' merged_modified_attack_vector = @base.attack_vector end merged_modified_attack_complexity = @modified_attack_complexity if @modified_attack_complexity.selected_value[:name] == 'Not Defined' merged_modified_attack_complexity = @base.attack_complexity end merged_modified_user_interaction = @modified_user_interaction if @modified_user_interaction.selected_value[:name] == 'Not Defined' merged_modified_user_interaction = @base.user_interaction end 8.22 * merged_modified_attack_vector.score * merged_modified_attack_complexity.score * privilege_score * merged_modified_user_interaction.score end def calculate_score(modified_impact_sub_score, modified_exploitability_sub_score, temporal_score) if @modified_scope.selected_value[:name] == 'Not Defined' factor = @base.scope.selected_value[:name] == 'Changed' ? 1.08 : 1.0 else factor = @modified_scope.selected_value[:name] == 'Changed' ? 1.08 : 1.0 end Cvss31Helper.round_up( [factor * (modified_impact_sub_score + modified_exploitability_sub_score), 10].min ) * temporal_score end end end cvss-suite-3.1.0/lib/cvss_suite/cvss31/cvss31_base.rb0000644000175000017500000001145514327471354021416 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2019-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss_property' require_relative '../cvss_metric' require_relative '../helpers/cvss3_helper' module CvssSuite ## # This class represents a CVSS Base metric in version 3.1. class Cvss31Base < CvssMetric ## # Property of this metric attr_reader :attack_vector, :attack_complexity, :privileges_required, :user_interaction, :scope, :confidentiality, :integrity, :availability ## # Returns score of this metric def score privilege_score = Cvss3Helper.privileges_required_score(@privileges_required, @scope) exploitability = 8.22 * @attack_vector.score * @attack_complexity.score * privilege_score * @user_interaction.score isc_base = 1 - ((1 - @confidentiality.score) * (1 - @integrity.score) * (1 - @availability.score)) impact_sub_score = if @scope.selected_value[:name] == 'Changed' 7.52 * (isc_base - 0.029) - 3.25 * (isc_base - 0.02)**15 else 6.42 * isc_base end return 0 if impact_sub_score <= 0 if @scope.selected_value[:name] == 'Changed' [10, 1.08 * (impact_sub_score + exploitability)].min else [10, impact_sub_score + exploitability].min end end private def init_properties @properties.push(@attack_vector = CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV', values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 }, { name: 'Adjacent', abbreviation: 'A', weight: 0.62 }, { name: 'Local', abbreviation: 'L', weight: 0.55 }, { name: 'Physical', abbreviation: 'P', weight: 0.2 }])) @properties.push(@attack_complexity = CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC', values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 }, { name: 'High', abbreviation: 'H', weight: 0.44 }])) @properties.push(@privileges_required = CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR', values: [{ name: 'None', abbreviation: 'N', weight: 0.85 }, { name: 'Low', abbreviation: 'L', weight: 0.62 }, { name: 'High', abbreviation: 'H', weight: 0.27 }])) @properties.push(@user_interaction = CvssProperty.new(name: 'User Interaction', abbreviation: 'UI', values: [{ name: 'None', abbreviation: 'N', weight: 0.85 }, { name: 'Required', abbreviation: 'R', weight: 0.62 }])) @properties.push(@scope = CvssProperty.new(name: 'Scope', abbreviation: 'S', values: [{ name: 'Unchanged', abbreviation: 'U' }, { name: 'Changed', abbreviation: 'C' }])) @properties.push(@confidentiality = CvssProperty.new(name: 'Confidentiality', abbreviation: 'C', values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }])) @properties.push(@integrity = CvssProperty.new(name: 'Integrity', abbreviation: 'I', values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }])) @properties.push(@availability = CvssProperty.new(name: 'Availability', abbreviation: 'A', values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }])) end end end cvss-suite-3.1.0/lib/cvss_suite/cvss31/cvss31.rb0000644000175000017500000000257714327471354020431 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2019-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss' require_relative 'cvss31_base' require_relative 'cvss31_temporal' require_relative 'cvss31_environmental' require_relative '../helpers/cvss31_helper' module CvssSuite ## # This class represents a CVSS vector in version 3.1. class Cvss31 < Cvss ## # Returns the Version of the CVSS vector. def version 3.1 end ## # Returns the Base Score of the CVSS vector. def base_score check_validity Cvss31Helper.round_up(@base.score) end ## # Returns the Temporal Score of the CVSS vector. def temporal_score Cvss31Helper.round_up(Cvss31Helper.round_up(@base.score) * @temporal.score) end ## # Returns the Environmental Score of the CVSS vector. def environmental_score return temporal_score unless @environmental.valid? Cvss31Helper.round_up(@environmental.score(@base, @temporal)) end private def init_metrics @base = Cvss31Base.new(@properties) @temporal = Cvss31Temporal.new(@properties) @environmental = Cvss31Environmental.new(@properties) end end end cvss-suite-3.1.0/lib/cvss_suite/cvss3/0000755000175000017500000000000014327471354016666 5ustar vinayvinaycvss-suite-3.1.0/lib/cvss_suite/cvss3/cvss3_temporal.rb0000644000175000017500000000530414327471354022161 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss_property' require_relative '../cvss_metric' module CvssSuite ## # This class represents a CVSS Temporal metric in version 3. class Cvss3Temporal < CvssMetric ## # Property of this metric attr_reader :exploit_code_maturity, :remediation_level, :report_confidence ## # Returns score of this metric def score return 1.0 unless valid? @exploit_code_maturity.score * @remediation_level.score * @report_confidence.score end private def init_properties @properties.push(@exploit_code_maturity = CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E', values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 }, { name: 'Unproven', abbreviation: 'U', weight: 0.91 }, { name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 }, { name: 'Functional', abbreviation: 'F', weight: 0.97 }, { name: 'High', abbreviation: 'H', weight: 1.0 }])) @properties.push(@remediation_level = CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 }, { name: 'Official Fix', abbreviation: 'O', weight: 0.95 }, { name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 }, { name: 'Workaround', abbreviation: 'W', weight: 0.97 }, { name: 'Unavailable', abbreviation: 'U', weight: 1.0 }])) @properties.push(@report_confidence = CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 }, { name: 'Unknown', abbreviation: 'U', weight: 0.92 }, { name: 'Reasonable', abbreviation: 'R', weight: 0.96 }, { name: 'Confirmed', abbreviation: 'C', weight: 1.0 }])) end end end cvss-suite-3.1.0/lib/cvss_suite/cvss3/cvss3_environmental.rb0000644000175000017500000002472714327471354023231 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss_property' require_relative '../cvss_metric' require_relative '../helpers/cvss3_helper' module CvssSuite ## # This class represents a CVSS Environmental metric in version 3. class Cvss3Environmental < CvssMetric ## # Property of this metric attr_reader :confidentiality_requirement, :integrity_requirement, :availability_requirement, :modified_attack_vector, :modified_attack_complexity, :modified_privileges_required, :modified_user_interaction, :modified_scope, :modified_confidentiality, :modified_integrity, :modified_availability ## # Returns score of this metric def score(base, temporal) @base = base merged_modified_privileges_required = @modified_privileges_required if @modified_privileges_required.selected_value[:name] == 'Not Defined' merged_modified_privileges_required = @base.privileges_required end merged_modified_scope = @modified_scope if @modified_scope.selected_value[:name] == 'Not Defined' merged_modified_scope = @base.scope end privilege_score = Cvss3Helper.privileges_required_score(merged_modified_privileges_required, merged_modified_scope) modified_exploitability_sub_score = modified_exploitability_sub(privilege_score) modified_impact_sub_score = modified_impact_sub(isc_modified) return 0 if modified_impact_sub_score <= 0 calculate_score modified_impact_sub_score, modified_exploitability_sub_score, temporal.score end private def init_properties @properties.push(@confidentiality_requirement = CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 }, { name: 'Medium', abbreviation: 'M', weight: 1.0 }, { name: 'High', abbreviation: 'H', weight: 1.5 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@integrity_requirement = CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 }, { name: 'Medium', abbreviation: 'M', weight: 1.0 }, { name: 'High', abbreviation: 'H', weight: 1.5 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@availability_requirement = CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 }, { name: 'Medium', abbreviation: 'M', weight: 1.0 }, { name: 'High', abbreviation: 'H', weight: 1.5 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_attack_vector = CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV', values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 }, { name: 'Adjacent Network', abbreviation: 'A', weight: 0.62 }, { name: 'Local', abbreviation: 'L', weight: 0.55 }, { name: 'Physical', abbreviation: 'P', weight: 0.2 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_attack_complexity = CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC', values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 }, { name: 'High', abbreviation: 'H', weight: 0.44 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_privileges_required = CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR', values: [{ name: 'None', abbreviation: 'N', weight: 0.85 }, { name: 'Low', abbreviation: 'L', weight: 0.62 }, { name: 'High', abbreviation: 'H', weight: 0.27 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_user_interaction = CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI', values: [{ name: 'None', abbreviation: 'N', weight: 0.85 }, { name: 'Required', abbreviation: 'R', weight: 0.62 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_scope = CvssProperty.new(name: 'Modified Scope', abbreviation: 'MS', values: [{ name: 'Changed', abbreviation: 'C' }, { name: 'Unchanged', abbreviation: 'U' }, { name: 'Not Defined', abbreviation: 'X' }])) @properties.push(@modified_confidentiality = CvssProperty.new(name: 'Modified Confidentiality', abbreviation: 'MC', values: [{ name: 'None', abbreviation: 'N', weight: 0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_integrity = CvssProperty.new(name: 'Modified Integrity', abbreviation: 'MI', values: [{ name: 'None', abbreviation: 'N', weight: 0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) @properties.push(@modified_availability = CvssProperty.new(name: 'Modified Availability', abbreviation: 'MA', values: [{ name: 'None', abbreviation: 'N', weight: 0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }, { name: 'Not Defined', abbreviation: 'X', weight: 1 }])) end def modified_impact_sub(isc_modified) if @modified_scope.selected_value[:name] == 'Not Defined' if @base.scope.selected_value[:name] == 'Changed' return 7.52 * (isc_modified - 0.029) - 3.25 * (isc_modified - 0.02)**15 else return 6.42 * isc_modified end end if @modified_scope.selected_value[:name] == 'Changed' 7.52 * (isc_modified - 0.029) - 3.25 * (isc_modified - 0.02)**15 else 6.42 * isc_modified end end def isc_modified merged_modified_confidentiality = @modified_confidentiality if @modified_confidentiality.selected_value[:name] == 'Not Defined' merged_modified_confidentiality = @base.confidentiality end merged_modified_integrity = @modified_integrity if @modified_integrity.selected_value[:name] == 'Not Defined' merged_modified_integrity = @base.integrity end merged_modified_availability = @modified_availability if @modified_availability.selected_value[:name] == 'Not Defined' merged_modified_availability = @base.availability end confidentiality_score = 1 - merged_modified_confidentiality.score * @confidentiality_requirement.score integrity_score = 1 - merged_modified_integrity.score * @integrity_requirement.score availability_score = 1 - merged_modified_availability.score * @availability_requirement.score [0.915, (1 - confidentiality_score * integrity_score * availability_score)].min end def modified_exploitability_sub(privilege_score) merged_modified_attack_vector = @modified_attack_vector if @modified_attack_vector.selected_value[:name] == 'Not Defined' merged_modified_attack_vector = @base.attack_vector end merged_modified_attack_complexity = @modified_attack_complexity if @modified_attack_complexity.selected_value[:name] == 'Not Defined' merged_modified_attack_complexity = @base.attack_complexity end merged_modified_user_interaction = @modified_user_interaction if @modified_user_interaction.selected_value[:name] == 'Not Defined' merged_modified_user_interaction = @base.user_interaction end 8.22 * merged_modified_attack_vector.score * merged_modified_attack_complexity.score * privilege_score * merged_modified_user_interaction.score end def calculate_score(modified_impact_sub_score, modified_exploitability_sub_score, temporal_score) if @modified_scope.selected_value[:name] == 'Not Defined' factor = @base.scope.selected_value[:name] == 'Changed' ? 1.08 : 1.0 else factor = @modified_scope.selected_value[:name] == 'Changed' ? 1.08 : 1.0 end Cvss3Helper.round_up( [factor * (modified_impact_sub_score + modified_exploitability_sub_score), 10].min ) * temporal_score end end end cvss-suite-3.1.0/lib/cvss_suite/cvss3/cvss3_base.rb0000644000175000017500000001145014327471354021247 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss_property' require_relative '../cvss_metric' require_relative '../helpers/cvss3_helper' module CvssSuite ## # This class represents a CVSS Base metric in version 3. class Cvss3Base < CvssMetric ## # Property of this metric attr_reader :attack_vector, :attack_complexity, :privileges_required, :user_interaction, :scope, :confidentiality, :integrity, :availability ## # Returns score of this metric def score privilege_score = Cvss3Helper.privileges_required_score @privileges_required, @scope exploitability = 8.22 * @attack_vector.score * @attack_complexity.score * privilege_score * @user_interaction.score isc_base = 1 - ((1 - @confidentiality.score) * (1 - @integrity.score) * (1 - @availability.score)) impact_sub_score = if @scope.selected_value[:name] == 'Changed' 7.52 * (isc_base - 0.029) - 3.25 * (isc_base - 0.02)**15 else 6.42 * isc_base end return 0 if impact_sub_score <= 0 if @scope.selected_value[:name] == 'Changed' [10, 1.08 * (impact_sub_score + exploitability)].min else [10, impact_sub_score + exploitability].min end end private def init_properties @properties.push(@attack_vector = CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV', values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 }, { name: 'Adjacent', abbreviation: 'A', weight: 0.62 }, { name: 'Local', abbreviation: 'L', weight: 0.55 }, { name: 'Physical', abbreviation: 'P', weight: 0.2 }])) @properties.push(@attack_complexity = CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC', values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 }, { name: 'High', abbreviation: 'H', weight: 0.44 }])) @properties.push(@privileges_required = CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR', values: [{ name: 'None', abbreviation: 'N', weight: 0.85 }, { name: 'Low', abbreviation: 'L', weight: 0.62 }, { name: 'High', abbreviation: 'H', weight: 0.27 }])) @properties.push(@user_interaction = CvssProperty.new(name: 'User Interaction', abbreviation: 'UI', values: [{ name: 'None', abbreviation: 'N', weight: 0.85 }, { name: 'Required', abbreviation: 'R', weight: 0.62 }])) @properties.push(@scope = CvssProperty.new(name: 'Scope', abbreviation: 'S', values: [{ name: 'Unchanged', abbreviation: 'U' }, { name: 'Changed', abbreviation: 'C' }])) @properties.push(@confidentiality = CvssProperty.new(name: 'Confidentiality', abbreviation: 'C', values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }])) @properties.push(@integrity = CvssProperty.new(name: 'Integrity', abbreviation: 'I', values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }])) @properties.push(@availability = CvssProperty.new(name: 'Availability', abbreviation: 'A', values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }])) end end end cvss-suite-3.1.0/lib/cvss_suite/cvss3/cvss3.rb0000644000175000017500000000250414327471354020255 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss' require_relative 'cvss3_base' require_relative 'cvss3_temporal' require_relative 'cvss3_environmental' module CvssSuite ## # This class represents a CVSS vector in version 3.0. class Cvss3 < Cvss ## # Returns the Version of the CVSS vector. def version 3.0 end ## # Returns the Base Score of the CVSS vector. def base_score check_validity Cvss3Helper.round_up(@base.score) end ## # Returns the Temporal Score of the CVSS vector. def temporal_score Cvss3Helper.round_up(Cvss3Helper.round_up(@base.score) * @temporal.score) end ## # Returns the Environmental Score of the CVSS vector. def environmental_score return temporal_score unless @environmental.valid? Cvss3Helper.round_up(@environmental.score(@base, @temporal)) end private def init_metrics @base = Cvss3Base.new(@properties) @temporal = Cvss3Temporal.new(@properties) @environmental = Cvss3Environmental.new(@properties) end end end cvss-suite-3.1.0/lib/cvss_suite/cvss2/0000755000175000017500000000000014327471354016665 5ustar vinayvinaycvss-suite-3.1.0/lib/cvss_suite/cvss2/cvss2_temporal.rb0000644000175000017500000000532514327471354022162 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss_property' require_relative '../cvss_metric' module CvssSuite ## # This class represents a CVSS Temporal metric in version 2. class Cvss2Temporal < CvssMetric ## # Property of this metric attr_reader :exploitability, :remediation_level, :report_confidence ## # Returns score of this metric def score return 1 unless valid? @exploitability.score * @remediation_level.score * @report_confidence.score end private def init_properties @properties.push(@exploitability = CvssProperty.new(name: 'Exploitability', abbreviation: 'E', position: [6], values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 }, { name: 'Unproven', abbreviation: 'U', weight: 0.85 }, { name: 'Proof-of-Concept', abbreviation: 'POC', weight: 0.9 }, { name: 'Functional', abbreviation: 'F', weight: 0.95 }, { name: 'High', abbreviation: 'H', weight: 1 }])) @properties.push(@remediation_level = CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [7], values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 }, { name: 'Official Fix', abbreviation: 'OF', weight: 0.87 }, { name: 'Temporary Fix', abbreviation: 'TF', weight: 0.9 }, { name: 'Workaround', abbreviation: 'W', weight: 0.95 }, { name: 'Unavailable', abbreviation: 'U', weight: 1 }])) @properties.push(@report_confidence = CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [8], values: [{ name: 'Not Defined', abbreviation: 'ND', weight: 1 }, { name: 'Unconfirmed', abbreviation: 'UC', weight: 0.9 }, { name: 'Uncorroborated', abbreviation: 'UR', weight: 0.95 }, { name: 'Confirmed', abbreviation: 'C', weight: 1 }])) end end end cvss-suite-3.1.0/lib/cvss_suite/cvss2/cvss2_environmental.rb0000644000175000017500000001052414327471354023215 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss_property' require_relative '../cvss_metric' module CvssSuite ## # This class represents a CVSS Environmental metric in version 2. class Cvss2Environmental < CvssMetric ## # Property of this metric attr_reader :collateral_damage_potential, :target_distribution, :security_requirements_cr, :security_requirements_ir, :security_requirements_ar ## # Returns score of this metric def score(base, temporal_score) base_score = base.score(@security_requirements_cr.score, @security_requirements_ir.score, @security_requirements_ar.score).round(1) adjusted_temporal = (base_score * temporal_score).round(1) (adjusted_temporal + (10 - adjusted_temporal) * @collateral_damage_potential.score) * @target_distribution.score end private def init_properties @properties.push(@collateral_damage_potential = CvssProperty.new(name: 'Collateral Damage Potential', abbreviation: 'CDP', position: [6, 9], values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Low', abbreviation: 'L', weight: 0.1 }, { name: 'Low-Medium', abbreviation: 'LM', weight: 0.3 }, { name: 'Medium-High', abbreviation: 'MH', weight: 0.4 }, { name: 'High', abbreviation: 'H', weight: 0.5 }, { name: 'Not Defined', abbreviation: 'ND', weight: 0.0 }])) @properties.push(@target_distribution = CvssProperty.new(name: 'Target Distribution', abbreviation: 'TD', position: [7, 10], values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Low', abbreviation: 'L', weight: 0.25 }, { name: 'Medium', abbreviation: 'M', weight: 0.75 }, { name: 'High', abbreviation: 'H', weight: 1.0 }, { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }])) @properties.push(@security_requirements_cr = CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11], values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 }, { name: 'Medium', abbreviation: 'M', weight: 1.0 }, { name: 'High', abbreviation: 'H', weight: 1.51 }, { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }])) @properties.push(@security_requirements_ir = CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12], values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 }, { name: 'Medium', abbreviation: 'M', weight: 1.0 }, { name: 'High', abbreviation: 'H', weight: 1.51 }, { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }])) @properties.push(@security_requirements_ar = CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13], values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 }, { name: 'Medium', abbreviation: 'M', weight: 1.0 }, { name: 'High', abbreviation: 'H', weight: 1.51 }, { name: 'Not Defined', abbreviation: 'ND', weight: 1.0 }])) end end end cvss-suite-3.1.0/lib/cvss_suite/cvss2/cvss2_base.rb0000644000175000017500000001076014327471354021250 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss_property' require_relative '../cvss_metric' module CvssSuite ## # This class represents a CVSS Base metric in version 2. class Cvss2Base < CvssMetric ## # Property of this metric attr_reader :access_vector, :access_complexity, :authentication, :confidentiality_impact, :integrity_impact, :availability_impact ## # Returns the base score of the CVSS vector. The calculation is based on formula version 2.10 . # See CVSS documentation for further information https://www.first.org/cvss/v2/guide#i3.2.1 . # # Takes +Security+ +Requirement+ +Impacts+ for calculating environmental score. def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1) impact = calc_impact(sr_cr_score, sr_ir_score, sr_ar_score) exploitability = calc_exploitability additional_impact = (impact.zero? ? 0 : 1.176) ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact end private def init_properties @properties.push(@access_vector = CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0], values: [{ name: 'Network', abbreviation: 'N', weight: 1.0 }, { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 }, { name: 'Local', abbreviation: 'L', weight: 0.395 }])) @properties.push(@access_complexity = CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1], values: [{ name: 'Low', abbreviation: 'L', weight: 0.71 }, { name: 'Medium', abbreviation: 'M', weight: 0.61 }, { name: 'High', abbreviation: 'H', weight: 0.35 }])) @properties.push(@authentication = CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2], values: [{ name: 'None', abbreviation: 'N', weight: 0.704 }, { name: 'Single', abbreviation: 'S', weight: 0.56 }, { name: 'Multiple', abbreviation: 'M', weight: 0.45 }])) @properties.push(@confidentiality_impact = CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3], values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Partial', abbreviation: 'P', weight: 0.275 }, { name: 'Complete', abbreviation: 'C', weight: 0.66 }])) @properties.push(@integrity_impact = CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4], values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Partial', abbreviation: 'P', weight: 0.275 }, { name: 'Complete', abbreviation: 'C', weight: 0.66 }])) @properties.push(@availability_impact = CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5], values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Partial', abbreviation: 'P', weight: 0.275 }, { name: 'Complete', abbreviation: 'C', weight: 0.66 }])) end def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score) confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score integrity_score = 1 - @integrity_impact.score * sr_ir_score availability_score = 1 - @availability_impact.score * sr_ar_score [10, 10.41 * (1 - confidentiality_score * integrity_score * availability_score)].min end def calc_exploitability 20 * @access_vector.score * @access_complexity.score * @authentication.score end end end cvss-suite-3.1.0/lib/cvss_suite/cvss2/cvss2.rb0000644000175000017500000000312614327471354020254 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require_relative '../cvss' require_relative 'cvss2_base' require_relative 'cvss2_temporal' require_relative 'cvss2_environmental' module CvssSuite ## # This class represents a CVSS vector in version 2. class Cvss2 < Cvss ## # Returns the Version of the CVSS vector. def version 2 end # Returns the severity of the CVSSv2 vector. # https://nvd.nist.gov/vuln-metrics/cvss def severity check_validity score = overall_score case score when 0.0..3.9 'Low' when 4.0..6.9 'Medium' when 7.0..10.0 'High' else 'None' end end ## # Returns the Base Score of the CVSS vector. def base_score check_validity @base.score.round(1) end ## # Returns the Temporal Score of the CVSS vector. def temporal_score (base_score * @temporal.score).round(1) end ## # Returns the Environmental Score of the CVSS vector. def environmental_score return temporal_score unless @environmental.valid? (@environmental.score @base, @temporal.score).round(1) end private def init_metrics @base = Cvss2Base.new(@properties) @temporal = Cvss2Temporal.new(@properties) @environmental = Cvss2Environmental.new(@properties) end end end cvss-suite-3.1.0/lib/cvss_suite/cvss.rb0000644000175000017500000000513014327471354017127 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. module CvssSuite ## # This class represents any CVSS vector. Do not instantiate this class! class Cvss ## # Metric of a CVSS vector. attr_reader :base, :temporal, :environmental ## # Returns the vector itself. attr_reader :vector ## # Creates a new CVSS vector by a +vector+. # # Raises an exception if it is called on Cvss class. def initialize(vector) raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if instance_of? Cvss @vector = vector @properties = [] extract_metrics init_metrics end ## # Returns if CVSS vector is valid. def valid? if @amount_of_properties >= required_amount_of_properties base = @base.valid? temporal = @base.valid? && @temporal.valid? environmental = @base.valid? && @environmental.valid? full = @base.valid? && @temporal.valid? && @environmental.valid? base || temporal || environmental || full else false end end ## # Returns the severity of the CVSS vector. def severity check_validity score = overall_score if score <= 0.0 'None' elsif (0.1..3.9).cover? score 'Low' elsif (4.0..6.9).cover? score 'Medium' elsif (7.0..8.9).cover? score 'High' elsif (9.0..10.0).cover? score 'Critical' else 'None' end end ## # Returns the Overall Score of the CVSS vector. def overall_score check_validity return temporal_score if @temporal.valid? && !@environmental.valid? return environmental_score if @environmental.valid? base_score end private def extract_metrics properties = @vector.split('/') @amount_of_properties = properties.size properties.each_with_index do |property, index| property = property.split(':') @properties.push({ name: property[0], selected: property[1], position: index }) end @properties = [] if @properties.group_by { |p| p[:name] }.select { |_k, v| v.size > 1 }.length.positive? end def check_validity raise CvssSuite::Errors::InvalidVector, 'Vector is not valid!' unless valid? end def required_amount_of_properties total = @base.count total || 0 end end end cvss-suite-3.1.0/lib/cvss_suite.rb0000644000175000017500000000405014327471354016151 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. require 'cvss_suite/cvss2/cvss2' require 'cvss_suite/cvss3/cvss3' require 'cvss_suite/cvss31/cvss31' require 'cvss_suite/version' require 'cvss_suite/errors' require 'cvss_suite/invalid_cvss' ## # Module of this gem. module CvssSuite CVSS_VECTOR_BEGINNINGS = [ { string: 'AV:', version: 2 }, { string: '(AV:', version: 2 }, { string: 'CVSS:3.0/', version: 3.0 }, { string: 'CVSS:3.1/', version: 3.1 } ].freeze ## # Returns a CVSS class by a +vector+. def self.new(vector) return InvalidCvss.new unless vector.is_a? String @vector_string = vector case version when 2 Cvss2.new(prepare_vector(@vector_string)) when 3.0 Cvss3.new(prepare_vector(@vector_string)) when 3.1 Cvss31.new(prepare_vector(@vector_string)) else InvalidCvss.new end end private def self.version CVSS_VECTOR_BEGINNINGS.each do |beginning| return beginning[:version] if @vector_string.start_with? beginning[:string] end end def self.prepare_vector(vector) vector = vector.clone return prepare_cvss2_vector(vector) if version == 2 version_string = CVSS_VECTOR_BEGINNINGS.detect { |v| v[:version] == version } [:string] start_of_vector = vector.index(version_string) if start_of_vector.nil? '' else vector[version_string.length..] end end def self.prepare_cvss2_vector(vector) start_of_vector = vector.index('AV') if start_of_vector.nil? '' elsif start_of_vector == 1 match_array = vector.scan(/\((?>[^)(]+|\g<0>)*\)/) if match_array.length == 1 && match_array[0] == vector vector.slice!(0) vector.slice!(vector.length - 1) vector else '' end else vector[start_of_vector..] end end end cvss-suite-3.1.0/cvss_suite.gemspec0000644000175000017500000000360314327471354016426 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. # coding: utf-8 lib = File.expand_path('lib', __dir__) $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) require 'cvss_suite/version' Gem::Specification.new do |spec| spec.name = 'cvss-suite' spec.version = CvssSuite::VERSION spec.license = 'MIT' spec.authors = ['0llirocks'] spec.summary = 'Ruby gem for processing cvss vectors.' spec.description = 'This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System (https://www.first.org/cvss/specification-document). Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.' spec.metadata = { 'bug_tracker_uri' => 'https://github.com/0llirocks/cvss-suite/issues', 'changelog_uri' => 'https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md', 'documentation_uri' => "https://www.rubydoc.info/gems/cvss-suite/#{CvssSuite::VERSION}", 'homepage_uri' => 'https://cvss-suite.0lli.rocks', 'source_code_uri' => 'https://github.com/0llirocks/cvss-suite' } spec.required_ruby_version = '>= 2.6.0' spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) } spec.bindir = 'exe' spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.test_files = spec.files.grep(%r{^(test|spec|features)/}) spec.require_paths = ['lib'] spec.add_development_dependency 'bundler', '>= 1.10' spec.add_development_dependency 'rspec', '~> 3.4' spec.add_development_dependency 'rspec-its', '~> 1.2' spec.add_development_dependency 'simplecov', '~> 0.18' end cvss-suite-3.1.0/bin/0000755000175000017500000000000014327471354013440 5ustar vinayvinaycvss-suite-3.1.0/bin/setup0000755000175000017500000000016314327471354014526 0ustar vinayvinay#!/bin/bash set -euo pipefail IFS=$'\n\t' bundle install # Do any other automated setup that you need to do here cvss-suite-3.1.0/bin/console0000755000175000017500000000051714327471354015033 0ustar vinayvinay#!/usr/bin/env ruby require 'bundler/setup' require 'cvss_suite' # You can add fixtures and/or initialization code here to make experimenting # with your gem easier. You can also use a different console, if you like. # (If you use this, don't forget to add pry to your Gemfile!) # require "pry" # Pry.start require 'irb' IRB.start cvss-suite-3.1.0/_config.yml0000644000175000017500000000003214327471354015012 0ustar vinayvinaytheme: jekyll-theme-caymancvss-suite-3.1.0/README.md0000644000175000017500000001123414327471354014150 0ustar vinayvinay# CvssSuite for Ruby [![Gem Version](http://img.shields.io/gem/v/cvss-suite.svg)](https://rubygems.org/gems/cvss-suite) [![Ruby Version](https://img.shields.io/badge/Ruby-2.6-brightgreen.svg)](https://rubygems.org/gems/cvss-suite) [![Cvss Support](https://img.shields.io/badge/CVSS-v2-brightgreen.svg)](https://www.first.org/cvss/v2/guide) [![Cvss Support](https://img.shields.io/badge/CVSS-v3.0-brightgreen.svg)](https://www.first.org/cvss/v3.0/user-guide) [![Cvss Support](https://img.shields.io/badge/CVSS-v3.1-brightgreen.svg)](https://www.first.org/cvss/v3.1/user-guide) [![RSpec](https://github.com/0llirocks/cvss-suite/workflows/RSpec/badge.svg)](https://github.com/0llirocks/cvss-suite/actions) This Ruby gem helps you to process the vector of the [**Common Vulnerability Scoring System**](https://www.first.org/cvss/specification-document). Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option. ## Installation Add this line to your application's Gemfile: ```ruby gem 'cvss-suite' ``` And then execute: $ bundle Or install it yourself as: $ gem install cvss-suite ## Version 2.x If you are still using CvssSuite 2.x please refer to the [specific branch](https://github.com/0llirocks/cvss-suite/tree/2.x) for documentation and changelog. ## Version 1.x If you are still using CvssSuite 1.x please refer to the [specific branch](https://github.com/0llirocks/cvss-suite/tree/1.x) for documentation and changelog. ## Usage ```ruby require 'cvss_suite' cvss3 = CvssSuite.new('CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H') vector = cvss3.vector # 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/CR:L/IR:M/AR:H/MAV:N/MAC:H/MPR:N/MUI:R/MS:U/MC:N/MI:L/MA:H' version = cvss3.version # 3.0 valid = cvss3.valid? # true severity = cvss3.severity # 'High' cvss31 = CvssSuite.new('CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H/E:H/RL:U/RC:U') vector = cvss31.vector # 'CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H/E:H/RL:U/RC:U' version = cvss31.version # 3.1 valid = cvss31.valid? # true severity = cvss31.severity # 'Medium' cvss = CvssSuite.new('AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M') vector = cvss.vector # 'AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M' version = cvss.version # 2 valid = cvss.valid? # true severity = cvss.severity # 'Low' # Scores base_score = cvss.base_score # 4.9 temporal_score = cvss.temporal_score # 3.6 environmental_score = cvss.environmental_score # 3.2 overall_score = cvss.overall_score # 3.2 # Available options access_vector = cvss.base.access_vector.name # 'Access Vector' remediation_level = cvss.temporal.remediation_level.name # 'Remediation Level' access_vector.values.each do |value| value[:name] # 'Local', 'Adjacent Network', 'Network' value[:abbreviation] # 'L', 'A', 'N' value[:selected] # false, true, false end # Selected options cvss.base.access_vector.selected_value[:name] # Adjacent Network cvss.temporal.remediation_level.selected_value[:name] # Temporary Fix # Exceptions cvss = CvssSuite.new('random_string') # invalid vector valid = cvss.valid? # false version = cvss.version # will throw CvssSuite::Errors::InvalidVector: Vector is not valid! cvss.base_score # will throw CvssSuite::Errors::InvalidVector: Vector is not valid! cvss = CvssSuite.new(1337) # invalid vector valid = cvss.valid? # false version = cvss.version # will throw CvssSuite::Errors::InvalidVector: Vector is not valid! cvss.base_score # will throw CvssSuite::Errors::InvalidVector: Vector is not valid! CvssSuite.new() # will throw a ArgumentError cvss = CvssSuite.new('AV:N/AC:P/C:P/AV:U/RL:OF/RC:C') # invalid vector, authentication is missing version = cvss.version # 2 valid = cvss.valid? # false cvss.base_score # will throw CvssSuite::Errors::InvalidVector: Vector is not valid! ``` ## Known Issues There is a possibility of implementations generating different scores (+/- 0,1) due to small floating-point inaccuracies. This can happen due to differences in floating point arithmetic between different languages and hardware platforms. ## Changelog [Click here to see all changes.](https://github.com/0llirocks/cvss-suite/blob/master/CHANGES.md) ## Contributing Bug reports and pull requests are welcome on GitHub at https://github.com/0llirocks/cvss-suite. This project is intended to be a safe, welcoming space for collaboration. ## References [CvssSuite for .NET](https://cvsssuite.0lli.rocks) cvss-suite-3.1.0/PULL_REQUEST_TEMPLATE.md0000644000175000017500000000202714327471354016472 0ustar vinayvinay## Proposed changes Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request. If it fixes a bug or resolves a feature request, be sure to link to that issue. ## Types of changes What types of changes does your code introduce to CvssSuite? _Put an `x` in the boxes that apply_ - [ ] Bugfix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) ## Checklist _Put an `x` in the boxes that apply. You can also fill these out after creating the PR._ - [ ] Unit tests pass locally with my changes - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] I have added necessary documentation (if appropriate) ## Further comments If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc... cvss-suite-3.1.0/LICENSE.md0000644000175000017500000000212614327471354014275 0ustar vinayvinayThe MIT License (MIT) Copyright (c) 2016-2022 Siemens AG Copyright (c) 2022 0llirocks Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.cvss-suite-3.1.0/Gemfile0000644000175000017500000000057414327471354014171 0ustar vinayvinay# CVSS-Suite, a Ruby gem to manage the CVSS vector # # Copyright (c) 2016-2022 Siemens AG # Copyright (c) 2022 0llirocks # # Authors: # 0llirocks # # This work is licensed under the terms of the MIT license. # See the LICENSE.md file in the top-level directory. source 'https://rubygems.org' # Specify your gem's dependencies in cvss_suite.gemspec gemspec cvss-suite-3.1.0/CODE_OF_CONDUCT.md0000644000175000017500000000664714327471354015504 0ustar vinayvinayCVSS-Suite, a Ruby gem to manage the CVSS vector Copyright (c) 2016-2022 Siemens AG Copyright (c) 2022 0llirocks Authors: 0llirocks This work is licensed under the terms of the MIT license. See the LICENSE.md file in the top-level directory. # Contributor Covenant Code of Conduct ## Our Pledge In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. ## Our Standards Examples of behavior that contributes to creating a positive environment include: * Using welcoming and inclusive language * Being respectful of differing viewpoints and experiences * Gracefully accepting constructive criticism * Focusing on what is best for the community * Showing empathy towards other community members Examples of unacceptable behavior by participants include: * The use of sexualized language or imagery and unwelcome sexual attention or advances * Trolling, insulting/derogatory comments, and personal or political attacks * Public or private harassment * Publishing others' private information, such as a physical or electronic address, without explicit permission * Other conduct which could reasonably be considered inappropriate in a professional setting ## Our Responsibilities Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. ## Scope This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [INSERT EMAIL ADDRESS]. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] [homepage]: http://contributor-covenant.org [version]: http://contributor-covenant.org/version/1/4/cvss-suite-3.1.0/CNAME0000644000175000017500000000002514327471354013433 0ustar vinayvinaycvss-suite.0lli.rockscvss-suite-3.1.0/CHANGES.md0000644000175000017500000001147214327471354014267 0ustar vinayvinay# Change Log All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). ## [3.1.0] - 2022-09-27 ### Fixes * Metrics are no longer order-dependent. Fixes [#30](https://github.com/0llirocks/cvss-suite/issues/30) ### Improvements * Temporal and Environmental metrics can now be partly omitted instead of setting them to X. ## [3.0.1] - 2022-03-13 ### Notes * Updated specification reference due to [Removing the edit linkset form](https://blog.rubygems.org/2019/03/08/and-then-there-was-one-metadata-links.html) and [Unable to edit gem online](https://github.com/rubygems/rubygems.org/issues/1899) ## [3.0.0] - 2022-03-13 ### Breaking Changes * Ruby >= 2.6 is now required ### Notes * Moved repository to its new home ## [2.0.2] - 2020-12-05 ### Fixes * CVSS v2 now returns the correct severity values based on NVD recommendation * CVSS v2 now supports vectors which are enclosed in parenthesis e.g. (AV:N/AC:L/Au:N/C:P/I:P/A:P) ## [2.0.1] - 2020-07-19 ### Fixes Fixed an error that resulted in incorrect environmental score if modified attributes were not defined. ## [2.0.0] - 2020-05-10 ### Breaking Changes * Ruby >= 2.4 is now required * Renamed choice/choices to value/values ### Improvements * Added CvssSuite module to every class (thanks to @fwininger) * Removed override for integer and float (thanks to @fwininger) * Added rubocop to development environment (thanks to @fwininger) ### Notes Adding CvssSuite module everywhere means it’s no longer possible to access a class without it. Since this only affects the undocumented and ‚internal‘ classes this should not affect you. If you’re using them, stop it. Still works: ```ruby cvss = CvssSuite.new('string') ``` Won’t work anymore (without any code change): ```ruby cvss = Cvss31.new('string') ``` This would need to be CvssSuite::Cvss31.new('string') to work. Or you could include the whole namespace. ## [1.2.0] - 2019-07-02 ### Notes Because version 2.0 of this gem will include breaking changes, please make sure to include this gem in your gemfile as shown below to not automatically update to version 2.0. ```ruby gem 'cvss-suite', '~> 1.2' ``` ### Improvements * Added Severity * Added CVSS 3.1 * CVSS 3.0 vectors now return 3.0 instead of 3 as version ### Changes in CVSS 3.1 [Source] (https://www.first.org/cvss/v3.1/user-guide) * The Temporal Score for all vulnerabilities which have a Base Score of 2.5, 5.0 or 10.0, Exploit Code Maturity (E) of High (H), Remediation Level (RL) of Unavailable (U) and Report Confidence (RC) of Unknown (U) is 0.1 lower in CVSS v3.1 than for 3.0. * Some combinations of metrics have Environmental Scores that differ when scored with CVSS v3.1 rather than v3.0. This is due to a combination of the redefinition of Roundup and the change to the ModifiedImpact sub-formula. Less than 7% of metric combinations are 0.1 higher in CVSS v3.1 than v3.0, and less than 1% are 0.1 lower. No Environmental Scores differ by more than 0.1. * Other implementations of the CVSS formulas may see different scoring changes between CVSS v3.0 and v3.1 if they previously generated different CVSS v3.0 scores due to the problems that the CVSS v3.1 formula changes are intended to fix. ## [1.1.2] - 2018-12-28 ### Fixes Replaced Fixnum by Integer to improve compatibility with newer versions of Ruby. ### Improvements Added example for CVSS v3 to README. ## [1.1.1] - 2018-10-18 ### Fixes Corrects behaviour when using "CVSS:3.0/" as vector. Bugfix for #3. ## [1.1.0] - 2018-10-17 ### Notes This update might break some of your code, please check the following changes carefully. ### Fixes * New CvssSuiteErrors are introduced to improve exception handling. * Initialization of CvssSuite with an invalid vector does not throw an exception anymore. It will return an InvalidCvss instead, which returns false for valid? and throws an exception for all other methods. See the updated README for examples. ### Improvements Finally the webpage is officially linked in the gem. ## [1.0.8] - 2016-09-30 ### Fixes Fixes a bug with rounding Fixnums in CVSS3. ## [1.0.7] - 2016-06-23 ### Improvements Removes gems: Rake & badgerbadgerbadger. Improved documentation, webpage (github) is coming very soon! ## [1.0.6] - 2016-04-15 ### Fixes While production we spotted a problem with calculating the temporal score in CVSS3. This version fixes this issue. ## [1.0.5] - 2016-04-15 ### Fixes Due to troubleshooting issues I forgot to rename a variable, this version fixes this issue. Versions 1.0.1 to 1.0.4 are broken due to this error, do **NOT** use these versions. Use ≥ 1.0.5 instead. ## [1.0.2] - 2016-04-15 ### Troubleshooting Tried to fix an error. It turned out to be a local problem. Due to this I increased the version by 2. It's 1.0.2 now. ## [1.0.0] - 2016-04-15 ### Initial release First release of this gem. cvss-suite-3.1.0/.rubocop_todo.yml0000644000175000017500000000270614327471354016174 0ustar vinayvinay# This configuration was generated by # `rubocop --auto-gen-config` # on 2020-05-05 17:47:10 +0200 using RuboCop version 0.82.0. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. # Offense count: 1 Lint/IneffectiveAccessModifier: Exclude: - 'lib/cvss_suite.rb' # Offense count: 1 # Configuration parameters: ContextCreatingMethods, MethodCreatingMethods. Lint/UselessAccessModifier: Exclude: - 'lib/cvss_suite.rb' # Offense count: 8 # Configuration parameters: IgnoredMethods. Metrics/AbcSize: Max: 35 # Offense count: 5 # Configuration parameters: CountComments, ExcludedMethods. # ExcludedMethods: refine Metrics/BlockLength: Max: 58 # Offense count: 2 # Configuration parameters: CountComments. Metrics/ClassLength: Max: 101 # Offense count: 1 # Configuration parameters: IgnoredMethods. Metrics/CyclomaticComplexity: Max: 9 # Offense count: 13 # Configuration parameters: CountComments, ExcludedMethods. Metrics/MethodLength: Max: 63 # Offense count: 1 # Configuration parameters: CountKeywordArgs. Metrics/ParameterLists: Max: 6 # Offense count: 1 # Configuration parameters: IgnoredMethods. Metrics/PerceivedComplexity: Max: 10 # Offense count: 1 Naming/AccessorMethodName: Exclude: - 'lib/cvss_suite/cvss_property.rb' cvss-suite-3.1.0/.rubocop.yml0000644000175000017500000000222514327471354015143 0ustar vinayvinayinherit_from: .rubocop_todo.yml AllCops: TargetRubyVersion: 2.6 SuggestExtensions: false Metrics/LineLength: Max: 120 Exclude: - 'lib/cvss_suite/cvss3/cvss3_environmental.rb' - 'lib/cvss_suite/cvss31/cvss31_environmental.rb' Metrics/ClassLength: Exclude: - 'lib/cvss_suite/cvss3/cvss3_environmental.rb' - 'lib/cvss_suite/cvss31/cvss31_environmental.rb' Metrics/MethodLength: Exclude: - 'lib/cvss_suite/cvss3/cvss3_environmental.rb' - 'lib/cvss_suite/cvss31/cvss31_environmental.rb' Metrics/BlockLength: Exclude: - 'spec/cvss2/cvss2_spec.rb' - 'spec/cvss3/cvss3_spec.rb' - 'spec/cvss31/cvss31_spec.rb' Style/IfUnlessModifier: Exclude: - 'lib/cvss_suite/cvss3/cvss3_environmental.rb' - 'lib/cvss_suite/cvss31/cvss31_environmental.rb' Style/GuardClause: Exclude: - 'lib/cvss_suite/cvss3/cvss3_environmental.rb' - 'lib/cvss_suite/cvss31/cvss31_environmental.rb' Style/ConditionalAssignment: Exclude: - 'lib/cvss_suite/cvss3/cvss3_environmental.rb' - 'lib/cvss_suite/cvss31/cvss31_environmental.rb' Style/FrozenStringLiteralComment: Enabled: false Style/AsciiComments: Enabled: false cvss-suite-3.1.0/.rspec0000644000175000017500000000003714327471354014005 0ustar vinayvinay--format documentation --color cvss-suite-3.1.0/.gitignore0000644000175000017500000000017414327471354014662 0ustar vinayvinay/.bundle/ /.yardoc /Gemfile.lock /_yardoc/ /coverage/ /vendor/ /doc/ /pkg/ /spec/reports/ /tmp/ .idea/ /*.gem .ruby-version cvss-suite-3.1.0/.github/0000755000175000017500000000000014327471354014230 5ustar vinayvinaycvss-suite-3.1.0/.github/workflows/0000755000175000017500000000000014327471354016265 5ustar vinayvinaycvss-suite-3.1.0/.github/workflows/rubocop.yml0000644000175000017500000000065014327471354020462 0ustar vinayvinayname: Rubocop on: [push,pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Set up Ruby 2.6 uses: ruby/setup-ruby@v1 with: ruby-version: 2.6 - name: Install gems run: | gem update --system gem install bundler -v ">= 1.10" gem install rubocop - name: Run checks run: rubocop -F --fail-level C -f s cvss-suite-3.1.0/.github/workflows/rspec.yml0000644000175000017500000000076014327471354020127 0ustar vinayvinayname: RSpec on: [push,pull_request] jobs: build: runs-on: ubuntu-latest strategy: matrix: ruby: [ '2.6', '2.7', '3.0', '3.1' ] steps: - uses: actions/checkout@v2 - name: Set up ${{ matrix.ruby }} uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} - name: Install gems run: | gem install bundler -v ">= 1.10" bundle install --jobs 4 --retry 3 - name: Run tests run: bundle exec rspec spec cvss-suite-3.1.0/.github/ISSUE_TEMPLATE/0000755000175000017500000000000014327471354016413 5ustar vinayvinaycvss-suite-3.1.0/.github/ISSUE_TEMPLATE/feature_request.md0000644000175000017500000000106014327471354022135 0ustar vinayvinay--- name: Feature request about: Suggest an idea for this project --- **Is your feature request related to a problem? Please describe.** A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] **Describe the solution you'd like** A clear and concise description of what you want to happen. **Describe alternatives you've considered** A clear and concise description of any alternative solutions or features you've considered. **Additional context** Add any other context or screenshots about the feature request here. cvss-suite-3.1.0/.github/ISSUE_TEMPLATE/custom.md0000644000175000017500000000013314327471354020244 0ustar vinayvinay--- name: Custom issue template about: Describe this issue template's purpose here. --- cvss-suite-3.1.0/.github/ISSUE_TEMPLATE/bug_report.md0000644000175000017500000000060014327471354021101 0ustar vinayvinay--- name: Bug report about: Create a report to help us improve --- ### Subject of the issue Describe your issue here. ### Your environment * version of cvss-suite gem * version of ruby ### Steps to reproduce Tell us how to reproduce this issue. Please provide a working demo. ### Expected behaviour Tell us what should happen. ### Actual behaviour Tell us what happens instead.