Skip to content
This repository has been archived by the owner on Jan 19, 2023. It is now read-only.

bugcrowd/cvss-suite

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
bin
bin
 
 
lib
lib
 
 
spec
spec
 
 
.gitignore
.gitignore
 
 
.rspec
.rspec
 
 
.rubocop.yml
.rubocop.yml
 
 
.travis.yml
.travis.yml
 
 
CHANGES.md
CHANGES.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
Gemfile
Gemfile
 
 
LICENSE.md
LICENSE.md
 
 
PULL_REQUEST_TEMPLATE.md
PULL_REQUEST_TEMPLATE.md
 
 
README.md
README.md
 
 
cvss_suite.gemspec
cvss_suite.gemspec
 
 

Repository files navigation

CvssSuite

Gem Version Ruby Version Cvss Support Cvss Support

This Ruby gem helps you to process the vector of the Common Vulnerability Scoring System. Besides calculating the Base, Temporal and Environmental Score, you are able to extract the selected option.

Installation

Add this line to your application's Gemfile:

gem 'cvss-suite'

And then execute:

$ bundle

Or install it yourself as:

$ gem install cvss-suite

Usage

require 'cvss_suite'

cvss = CvssSuite.new('AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M')

vector = cvss.vector    # 'AV:A/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:TF/RC:UC/CDP:L/TD:M/CR:M/IR:M/AR:M'
version = cvss.version  # 2
valid = cvss.valid?     # true

# Scores
base_score = cvss.base_score                        # 4.9
temporal_score = cvss.temporal_score                # 3.6
environmental_score = cvss.environmental_score      # 3.2
overall_score = cvss.overall_score                  # 3.2

# Available options
access_vector = cvss.base.access_vector.name                # 'Access Vector'
remediation_level = cvss.temporal.remediation_level.name    # 'Remediation Level'

access_vector.choices.each do |choice|
    choice[:name]           # 'Local', 'Adjacent Network', 'Network'
    choice[:abbreviation]   # 'L', 'A', 'N'
    choice[:selected]       # false, true, false
end

# Selected options
cvss.base.access_vector.selected_choice[:name]          # Adjacent Network
cvss.temporal.remediation_level.selected_choice[:name]  # Temporary Fix

# Exceptions

cvss = CvssSuite.new('random_string')  # invalid vector
valid = cvss.valid?     # false
version = cvss.version  # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!
cvss.base_score         # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!

cvss = CvssSuite.new(1337)  # invalid vector
valid = cvss.valid?     # false
version = cvss.version  # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!
cvss.base_score         # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!

CvssSuite.new()                        # will throw a ArgumentError

cvss = CvssSuite.new('AV:N/AC:P/C:P/AV:U/RL:OF/RC:C')   # invalid vector, authentication is missing
version = cvss.version  # 2
valid = cvss.valid?     # false
cvss.base_score         # will throw CvssSuite::Errors::InvalidVector: Vector is not valid!

Notable Features

Properties (Access Vector, Remediation Level, etc) do have a position attribute, with this they can be ordered the same way they appear in the vector.

Known Issues

Currently it is not possible to leave a attribute blank instead of ND/X. If you don't have a value for a attribute, please use ND/X instead.

Because the documentation isn't clear on how to calculate the score if Modified Scope (CVSS 3.0 Environmental) is not defined, Modified Scope has to have a valid value (S/U).

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/siemens/cvss-suite. This project is intended to be a safe, welcoming space for collaboration.

About

cvss-suite

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

3 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

6 tags

Packages

 
 
 

Languages

  • Ruby 99.8%
  • Shell 0.2%