Class: Cvss2::Rating

Inherits:
Object
  • Object
show all
Defined in:
lib/cvss2_rating.rb,
lib/cvss_rating/version.rb

Constant Summary collapse

ACCESS_VECTOR = 
{ :local => 0.395, :adjacent_network => 0.646, :network => 1.0 }
ACCESS_COMPLEXITY = 
{ :high => 0.35, :medium => 0.61, :low => 0.71 }
AUTHENTICATION = 
{ :none => 0.704, :single => 0.56, :multiple => 0.45 }
CONFIDENTIALITY_IMPACT = 
{ :none => 0.0, :partial => 0.275, :complete => 0.660 }
INTEGRITY_IMPACT = 
{ :none => 0.0, :partial => 0.275, :complete => 0.660 }
AVAILABILITY_IMPACT = 
{ :none => 0.0, :partial => 0.275, :complete => 0.660 }
CONFIDENTIALITY_REQUIREMENT = 
{ :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
INTEGRITY_REQUIREMENT = 
{ :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
AVAILABILITY_REQUIREMENT = 
{ :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
EXPLOITABILITY = 
{ :unproven => 0.85, :poc => 0.9, :functional =>  0.95, :high => 1.0, :notdefined => -1.0 }
REMEDIATION_LEVEL = 
{ :official => 0.87, :temporary => 0.9, :workaround =>  0.95, :unavailable => 1.0, :notdefined => -1.0 }
REPORT_CONFIDENCE = 
{ :unconfirmed => 0.90, :uncorroborated => 0.95, :confirmed => 1.0, :notdefined => -1.0 }
COLLATERAL_DAMAGE = 
{ :none => 0.0, :low => 0.1, :low_medium => 0.3, :medium_high => 0.4, :high => 0.5, :notdefined => -1.0 }
TARGET_DISTRIBUTION = 
{ :none => 0.0, :low => 0.25, :medium => 0.75, :high => 1.0, :notdefined => -1.0 }
ACCESS_VECTOR_KEY = 
{ :local => 'L', :adjacent_network => 'A', :network => 'N' }
ACCESS_COMPLEXITY_KEY = 
{ :high => 'H', :medium => 'M', :low => 'L' }
AUTHENTICATION_KEY = 
{ :none => 'N', :single => 'S', :multiple => 'M' }
CONFIDENTIALITY_IMPACT_KEY = 
{ :none => 'N', :partial => 'P', :complete => 'C' }
INTEGRITY_IMPACT_KEY = 
{ :none => 'N', :partial => 'P', :complete => 'C' }
AVAILABILITY_IMPACT_KEY = 
{ :none => 'N', :partial => 'P', :complete => 'C' }
CONFIDENTIALITY_REQUIREMENT_KEY = 
{ :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
INTEGRITY_REQUIREMENT_KEY = 
{ :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
AVAILABILITY_REQUIREMENT_KEY = 
{ :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
EXPLOITABILITY_KEY = 
{ :unproven => 'U', :poc => 'POC', :functional => 'F', :high => 'H', :notdefined => 'ND' }
REMEDIATION_LEVEL_KEY = 
{ :official => 'OF', :temporary => "TF", :workaround =>  'W', :unavailable => 'U', :notdefined => 'ND' }
REPORT_CONFIDENCE_KEY = 
{ :unconfirmed => 'UC', :uncorroborated => 'UR', :confirmed => 'C', :notdefined => 'ND' }
COLLATERAL_DAMAGE_KEY = 
{ :none => 'N', :low => 'L', :low_medium => 'LM', :medium_high => 'MH', :high => 'H', :notdefined => 'ND' }
TARGET_DISTRIBUTION_KEY = 
{ :none => 'N', :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
VECTORS = 
{
  "av" => "av=",
  "ac" => "ac=",
  "au" => "au=",
  "c" => "ci=",
  "i" => "ii=",
  "a" => "ai=",
  "e" => "ex=",
  "rl" => "rl=",
  "rc" => "rc=",
  "cdp" => "cdp=",
  "td" => "td=",
  "cr" => "cr=",
  "ir" => "ir=",
  "ar" => "ar="
}
VERSION = 
"0.6.0"

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(attributes = {}) ⇒ Rating

Returns a new instance of Rating.



83
84
85
86
87
88
89
90
91
92
93
 
# File 'lib/cvss2_rating.rb', line 83

def initialize(attributes = {})
  @base = nil
  @temporal = nil
  @environmental = nil

  init

  attributes.each do |name, value|
    send("#{name}=", value)
  end
end

Instance Attribute Details

#acObject

Returns the value of attribute ac.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def ac
  @ac
end

#adjimpactObject

Returns the value of attribute adjimpact.



7
8
9
 
# File 'lib/cvss2_rating.rb', line 7

def adjimpact
  @adjimpact
end

#aiObject

Returns the value of attribute ai.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def ai
  @ai
end

#arObject

Returns the value of attribute ar.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def ar
  @ar
end

#auObject

Returns the value of attribute au.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def au
  @au
end

#avObject

Returns the value of attribute av.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def av
  @av
end

#baseObject

Returns the value of attribute base.



7
8
9
 
# File 'lib/cvss2_rating.rb', line 7

def base
  @base
end

#cdpObject

Returns the value of attribute cdp.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def cdp
  @cdp
end

#ciObject

Returns the value of attribute ci.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def ci
  @ci
end

#crObject

Returns the value of attribute cr.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def cr
  @cr
end

#environmentalObject

Returns the value of attribute environmental.



7
8
9
 
# File 'lib/cvss2_rating.rb', line 7

def environmental
  @environmental
end

#exObject

Returns the value of attribute ex.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def ex
  @ex
end

#exploitabilityObject

Returns the value of attribute exploitability.



7
8
9
 
# File 'lib/cvss2_rating.rb', line 7

def exploitability
  @exploitability
end

#iiObject

Returns the value of attribute ii.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def ii
  @ii
end

#impactObject

Returns the value of attribute impact.



7
8
9
 
# File 'lib/cvss2_rating.rb', line 7

def impact
  @impact
end

#irObject

Returns the value of attribute ir.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def ir
  @ir
end

#keyObject

Returns the value of attribute key.



7
8
9
 
# File 'lib/cvss2_rating.rb', line 7

def key
  @key
end

#overallObject

Returns the value of attribute overall.



7
8
9
 
# File 'lib/cvss2_rating.rb', line 7

def overall
  @overall
end

#rcObject

Returns the value of attribute rc.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def rc
  @rc
end

#rlObject

Returns the value of attribute rl.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def rl
  @rl
end

#tdObject

Returns the value of attribute td.



6
7
8
 
# File 'lib/cvss2_rating.rb', line 6

def td
  @td
end

#temporalObject

Returns the value of attribute temporal.



7
8
9
 
# File 'lib/cvss2_rating.rb', line 7

def temporal
  @temporal
end

Instance Method Details

#adjustedbasescore(adjustedimpact, exploitabilityscore) ⇒ Object 



412
413
414
 
# File 'lib/cvss2_rating.rb', line 412

def adjustedbasescore(adjustedimpact, exploitabilityscore)
  adjustedbasescore = (0.6*adjustedimpact + 0.4 * exploitabilityscore - 1.5) * impactfunction(adjustedimpact)
end

#adjustedimpactscoreObject 



405
406
407
408
409
410
 
# File 'lib/cvss2_rating.rb', line 405

def adjustedimpactscore
  tmp = []
  tmp[0] = 10
  tmp[1] = 10.41*(1-(1-@ci.abs*@cr.abs)*(1-@ii.abs*@ir.abs)*(1-@ai.abs*@ar.abs))
  adjustedimpactscore = tmp.min
end

#adjustedtemporalscore(adjustedbasescore) ⇒ Object 



416
417
418
 
# File 'lib/cvss2_rating.rb', line 416

def adjustedtemporalscore(adjustedbasescore)
  adjustedtemporalscore = adjustedbasescore * @ex.abs * @rl.abs * @rc.abs
end

#basescoreObject 



447
448
449
 
# File 'lib/cvss2_rating.rb', line 447

def basescore
  basescore = (0.6 * @impact + 0.4 * @exploitability - 1.5) * impactfunction(@impact)
end

#calculateObject 



396
397
398
399
400
401
402
403
 
# File 'lib/cvss2_rating.rb', line 396

def calculate
  @impact = self.impactscore
  @adjimpact = self.adjustedimpactscore
  @exploitability = self.exploitabilityscore
  @base = self.basescore
  @temporal = self.temporalscore
  @environmental = self.environmentalscore(self.adjustedtemporalscore(self.adjustedbasescore(@adjimpact, @exploitability)))
end

#environmentalscore(adjustedtemporalscore) ⇒ Object 



424
425
426
427
428
 
# File 'lib/cvss2_rating.rb', line 424

def environmentalscore(adjustedtemporalscore)
  environmentalscore = (adjustedtemporalscore + (10 - adjustedtemporalscore) * (@cdp == -1 ? 0 : @cdp.abs)) * @td.abs

  return environmentalscore == 0.0 ? "Undefined" : environmentalscore
end

#exploitabilityscoreObject 



420
421
422
 
# File 'lib/cvss2_rating.rb', line 420

def exploitabilityscore
  exploitability = 20 * @ac.abs * @au.abs * @av.abs
end

#get_key(vector, value) ⇒ Object 



114
115
116
 
# File 'lib/cvss2_rating.rb', line 114

def get_key(vector, value)
  get_key = eval(vector + "_KEY")[(eval(vector).select { |k,v| v == value }).keys[0]]
end

#impactscoreObject 



443
444
445
 
# File 'lib/cvss2_rating.rb', line 443

def impactscore
  impact = 10.41*(1.0-(1.0-@ci.abs)*(1.0-@ii.abs)*(1.0-@ai.abs))
end

#overallscoreObject 



430
431
432
433
434
435
436
437
438
439
440
441
 
# File 'lib/cvss2_rating.rb', line 430

def overallscore
  if noenvironmental?
    if notemporal?
      overallscore = @base
    else
      overallscore = @temporal
    end
  else
    overallscore = @environmental
  end
  return overallscore
end

#parse(vector) ⇒ Object 



367
368
369
370
371
372
373
374
375
376
377
378
379
 
# File 'lib/cvss2_rating.rb', line 367

def parse(vector)
  string = vector.split("/")
  len = string.length

  init

  @originalkey = vector

  string.each do |section|
    tmp = section.split(":")
    send(VECTORS[tmp[0].downcase].to_sym, tmp[1])
  end
end

#scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND") ⇒ Object 



95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/cvss2_rating.rb', line 95

def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
  self.av = av
  self.ac = ac
  self.au = au
  self.ci = ci
  self.ii = ii
  self.ai = ai

  self.ex = ex
  self.rl = rl
  self.rc = rc

  self.cdp = cdp
		self.td = td
		self.cr = cr
		self.ir = ir
  self.ar = ar
end

#set_keyObject 



118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
# File 'lib/cvss2_rating.rb', line 118

def set_key
  @key = "AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s" % [ get_key("ACCESS_VECTOR", @av),
      get_key("ACCESS_COMPLEXITY", @ac),
      get_key("AUTHENTICATION", @au),
      get_key("CONFIDENTIALITY_IMPACT", @ci),
      get_key("INTEGRITY_IMPACT", @ii),
      get_key("AVAILABILITY_IMPACT", @ai)]

  if !notemporal?
    @key += "/E:%s/RL:%s/RC:%s" % [ get_key("EXPLOITABILITY", @ex),
        get_key("REMEDIATION_LEVEL", @rl),
        get_key("REPORT_CONFIDENCE", @rc)]
  end

  if !noenvironmental?
    @key += "/CDP:%s/TD:%s/CR:%s/IR:%s/AR:%s" % [ get_key("COLLATERAL_DAMAGE", @cdp),
        get_key("TARGET_DISTRIBUTION", @td),
        get_key("CONFIDENTIALITY_REQUIREMENT", @cr),
        get_key("INTEGRITY_REQUIREMENT", @ir),
        get_key("AVAILABILITY_REQUIREMENT", @ar)]
  end
end

#temporalscoreObject 



451
452
453
454
455
 
# File 'lib/cvss2_rating.rb', line 451

def temporalscore
  temporalscore = @base * @ex.abs * @rl.abs * @rc.abs

  return temporalscore == 0.0 ? "Undefined" : temporalscore
end

#to_sObject 



386
387
388
389
390
391
392
393
394
 
# File 'lib/cvss2_rating.rb', line 386

def to_s
  printf "Base Score:\t\t\t%3.1f\n", @base
  printf "  Impact Subscore:\t\t%3.1f\n", @impact
  printf "  Exploitability Subscore:\t%3.1f\n", @exploitability
  printf "Temporal Score:\t\t\t%3.1f\n", @temporal if !notemporal?
  printf "Environmental Score:\t\t%3.1f\n", @environmental  if !noenvironmental?
  printf "  Adjusted Impact Score:\t%3.1f\n", @adjimpact if !noenvironmental?
  printf "Overall Score:\t\t\t%3.1f\n", overallscore
end