Class: Cvss2::Rating
- Inherits:
-
Object
- Object
- Cvss2::Rating
- Defined in:
- lib/cvss2_rating.rb,
lib/cvss_rating/version.rb
Constant Summary collapse
- ACCESS_VECTOR =
{ :local => 0.395, :adjacent_network => 0.646, :network => 1.0 }
- ACCESS_COMPLEXITY =
{ :high => 0.35, :medium => 0.61, :low => 0.71 }
- AUTHENTICATION =
{ :none => 0.704, :single => 0.56, :multiple => 0.45 }
- CONFIDENTIALITY_IMPACT =
{ :none => 0.0, :partial => 0.275, :complete => 0.660 }
- INTEGRITY_IMPACT =
{ :none => 0.0, :partial => 0.275, :complete => 0.660 }
- AVAILABILITY_IMPACT =
{ :none => 0.0, :partial => 0.275, :complete => 0.660 }
- CONFIDENTIALITY_REQUIREMENT =
{ :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
- INTEGRITY_REQUIREMENT =
{ :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
- AVAILABILITY_REQUIREMENT =
{ :low => 0.5, :medium => 1.0, :high => 1.51, :notdefined => -1.0 }
- EXPLOITABILITY =
{ :unproven => 0.85, :poc => 0.9, :functional => 0.95, :high => 1.0, :notdefined => -1.0 }
- REMEDIATION_LEVEL =
{ :official => 0.87, :temporary => 0.9, :workaround => 0.95, :unavailable => 1.0, :notdefined => -1.0 }
- REPORT_CONFIDENCE =
{ :unconfirmed => 0.90, :uncorroborated => 0.95, :confirmed => 1.0, :notdefined => -1.0 }
- COLLATERAL_DAMAGE =
{ :none => 0.0, :low => 0.1, :low_medium => 0.3, :medium_high => 0.4, :high => 0.5, :notdefined => -1.0 }
- TARGET_DISTRIBUTION =
{ :none => 0.0, :low => 0.25, :medium => 0.75, :high => 1.0, :notdefined => -1.0 }
- ACCESS_VECTOR_KEY =
{ :local => 'L', :adjacent_network => 'A', :network => 'N' }
- ACCESS_COMPLEXITY_KEY =
{ :high => 'H', :medium => 'M', :low => 'L' }
- AUTHENTICATION_KEY =
{ :none => 'N', :single => 'S', :multiple => 'M' }
- CONFIDENTIALITY_IMPACT_KEY =
{ :none => 'N', :partial => 'P', :complete => 'C' }
- INTEGRITY_IMPACT_KEY =
{ :none => 'N', :partial => 'P', :complete => 'C' }
- AVAILABILITY_IMPACT_KEY =
{ :none => 'N', :partial => 'P', :complete => 'C' }
- CONFIDENTIALITY_REQUIREMENT_KEY =
{ :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
- INTEGRITY_REQUIREMENT_KEY =
{ :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
- AVAILABILITY_REQUIREMENT_KEY =
{ :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
- EXPLOITABILITY_KEY =
{ :unproven => 'U', :poc => 'POC', :functional => 'F', :high => 'H', :notdefined => 'ND' }
- REMEDIATION_LEVEL_KEY =
{ :official => 'OF', :temporary => "TF", :workaround => 'W', :unavailable => 'U', :notdefined => 'ND' }
- REPORT_CONFIDENCE_KEY =
{ :unconfirmed => 'UC', :uncorroborated => 'UR', :confirmed => 'C', :notdefined => 'ND' }
- COLLATERAL_DAMAGE_KEY =
{ :none => 'N', :low => 'L', :low_medium => 'LM', :medium_high => 'MH', :high => 'H', :notdefined => 'ND' }
- TARGET_DISTRIBUTION_KEY =
{ :none => 'N', :low => 'L', :medium => 'M', :high => 'H', :notdefined => 'ND' }
- VECTORS =
{ "av" => "av=", "ac" => "ac=", "au" => "au=", "c" => "ci=", "i" => "ii=", "a" => "ai=", "e" => "ex=", "rl" => "rl=", "rc" => "rc=", "cdp" => "cdp=", "td" => "td=", "cr" => "cr=", "ir" => "ir=", "ar" => "ar=" }
- VERSION =
"0.6.0"
Instance Attribute Summary collapse
-
#ac ⇒ Object
Returns the value of attribute ac.
-
#adjimpact ⇒ Object
Returns the value of attribute adjimpact.
-
#ai ⇒ Object
Returns the value of attribute ai.
-
#ar ⇒ Object
Returns the value of attribute ar.
-
#au ⇒ Object
Returns the value of attribute au.
-
#av ⇒ Object
Returns the value of attribute av.
-
#base ⇒ Object
Returns the value of attribute base.
-
#cdp ⇒ Object
Returns the value of attribute cdp.
-
#ci ⇒ Object
Returns the value of attribute ci.
-
#cr ⇒ Object
Returns the value of attribute cr.
-
#environmental ⇒ Object
Returns the value of attribute environmental.
-
#ex ⇒ Object
Returns the value of attribute ex.
-
#exploitability ⇒ Object
Returns the value of attribute exploitability.
-
#ii ⇒ Object
Returns the value of attribute ii.
-
#impact ⇒ Object
Returns the value of attribute impact.
-
#ir ⇒ Object
Returns the value of attribute ir.
-
#key ⇒ Object
Returns the value of attribute key.
-
#overall ⇒ Object
Returns the value of attribute overall.
-
#rc ⇒ Object
Returns the value of attribute rc.
-
#rl ⇒ Object
Returns the value of attribute rl.
-
#td ⇒ Object
Returns the value of attribute td.
-
#temporal ⇒ Object
Returns the value of attribute temporal.
Instance Method Summary collapse
- #adjustedbasescore(adjustedimpact, exploitabilityscore) ⇒ Object
- #adjustedimpactscore ⇒ Object
- #adjustedtemporalscore(adjustedbasescore) ⇒ Object
- #basescore ⇒ Object
- #calculate ⇒ Object
- #environmentalscore(adjustedtemporalscore) ⇒ Object
- #exploitabilityscore ⇒ Object
- #get_key(vector, value) ⇒ Object
- #impactscore ⇒ Object
-
#initialize(attributes = {}) ⇒ Rating
constructor
A new instance of Rating.
- #overallscore ⇒ Object
- #parse(vector) ⇒ Object
- #scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND") ⇒ Object
- #set_key ⇒ Object
- #temporalscore ⇒ Object
- #to_s ⇒ Object
Constructor Details
#initialize(attributes = {}) ⇒ Rating
Returns a new instance of Rating.
83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/cvss2_rating.rb', line 83 def initialize(attributes = {}) @base = nil @temporal = nil @environmental = nil init attributes.each do |name, value| send("#{name}=", value) end end |
Instance Attribute Details
#ac ⇒ Object
Returns the value of attribute ac.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def ac @ac end |
#adjimpact ⇒ Object
Returns the value of attribute adjimpact.
7 8 9 |
# File 'lib/cvss2_rating.rb', line 7 def adjimpact @adjimpact end |
#ai ⇒ Object
Returns the value of attribute ai.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def ai @ai end |
#ar ⇒ Object
Returns the value of attribute ar.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def ar @ar end |
#au ⇒ Object
Returns the value of attribute au.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def au @au end |
#av ⇒ Object
Returns the value of attribute av.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def av @av end |
#base ⇒ Object
Returns the value of attribute base.
7 8 9 |
# File 'lib/cvss2_rating.rb', line 7 def base @base end |
#cdp ⇒ Object
Returns the value of attribute cdp.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def cdp @cdp end |
#ci ⇒ Object
Returns the value of attribute ci.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def ci @ci end |
#cr ⇒ Object
Returns the value of attribute cr.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def cr @cr end |
#environmental ⇒ Object
Returns the value of attribute environmental.
7 8 9 |
# File 'lib/cvss2_rating.rb', line 7 def environmental @environmental end |
#ex ⇒ Object
Returns the value of attribute ex.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def ex @ex end |
#exploitability ⇒ Object
Returns the value of attribute exploitability.
7 8 9 |
# File 'lib/cvss2_rating.rb', line 7 def exploitability @exploitability end |
#ii ⇒ Object
Returns the value of attribute ii.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def ii @ii end |
#impact ⇒ Object
Returns the value of attribute impact.
7 8 9 |
# File 'lib/cvss2_rating.rb', line 7 def impact @impact end |
#ir ⇒ Object
Returns the value of attribute ir.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def ir @ir end |
#key ⇒ Object
Returns the value of attribute key.
7 8 9 |
# File 'lib/cvss2_rating.rb', line 7 def key @key end |
#overall ⇒ Object
Returns the value of attribute overall.
7 8 9 |
# File 'lib/cvss2_rating.rb', line 7 def overall @overall end |
#rc ⇒ Object
Returns the value of attribute rc.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def rc @rc end |
#rl ⇒ Object
Returns the value of attribute rl.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def rl @rl end |
#td ⇒ Object
Returns the value of attribute td.
6 7 8 |
# File 'lib/cvss2_rating.rb', line 6 def td @td end |
#temporal ⇒ Object
Returns the value of attribute temporal.
7 8 9 |
# File 'lib/cvss2_rating.rb', line 7 def temporal @temporal end |
Instance Method Details
#adjustedbasescore(adjustedimpact, exploitabilityscore) ⇒ Object
412 413 414 |
# File 'lib/cvss2_rating.rb', line 412 def adjustedbasescore(adjustedimpact, exploitabilityscore) adjustedbasescore = (0.6*adjustedimpact + 0.4 * exploitabilityscore - 1.5) * impactfunction(adjustedimpact) end |
#adjustedimpactscore ⇒ Object
405 406 407 408 409 410 |
# File 'lib/cvss2_rating.rb', line 405 def adjustedimpactscore tmp = [] tmp[0] = 10 tmp[1] = 10.41*(1-(1-@ci.abs*@cr.abs)*(1-@ii.abs*@ir.abs)*(1-@ai.abs*@ar.abs)) adjustedimpactscore = tmp.min end |
#adjustedtemporalscore(adjustedbasescore) ⇒ Object
416 417 418 |
# File 'lib/cvss2_rating.rb', line 416 def adjustedtemporalscore(adjustedbasescore) adjustedtemporalscore = adjustedbasescore * @ex.abs * @rl.abs * @rc.abs end |
#basescore ⇒ Object
447 448 449 |
# File 'lib/cvss2_rating.rb', line 447 def basescore basescore = (0.6 * @impact + 0.4 * @exploitability - 1.5) * impactfunction(@impact) end |
#calculate ⇒ Object
396 397 398 399 400 401 402 403 |
# File 'lib/cvss2_rating.rb', line 396 def calculate @impact = self.impactscore @adjimpact = self.adjustedimpactscore @exploitability = self.exploitabilityscore @base = self.basescore @temporal = self.temporalscore @environmental = self.environmentalscore(self.adjustedtemporalscore(self.adjustedbasescore(@adjimpact, @exploitability))) end |
#environmentalscore(adjustedtemporalscore) ⇒ Object
424 425 426 427 428 |
# File 'lib/cvss2_rating.rb', line 424 def environmentalscore(adjustedtemporalscore) environmentalscore = (adjustedtemporalscore + (10 - adjustedtemporalscore) * (@cdp == -1 ? 0 : @cdp.abs)) * @td.abs return environmentalscore == 0.0 ? "Undefined" : environmentalscore end |
#exploitabilityscore ⇒ Object
420 421 422 |
# File 'lib/cvss2_rating.rb', line 420 def exploitabilityscore exploitability = 20 * @ac.abs * @au.abs * @av.abs end |
#get_key(vector, value) ⇒ Object
114 115 116 |
# File 'lib/cvss2_rating.rb', line 114 def get_key(vector, value) get_key = eval(vector + "_KEY")[(eval(vector).select { |k,v| v == value }).keys[0]] end |
#impactscore ⇒ Object
443 444 445 |
# File 'lib/cvss2_rating.rb', line 443 def impactscore impact = 10.41*(1.0-(1.0-@ci.abs)*(1.0-@ii.abs)*(1.0-@ai.abs)) end |
#overallscore ⇒ Object
430 431 432 433 434 435 436 437 438 439 440 441 |
# File 'lib/cvss2_rating.rb', line 430 def overallscore if noenvironmental? if notemporal? overallscore = @base else overallscore = @temporal end else overallscore = @environmental end return overallscore end |
#parse(vector) ⇒ Object
367 368 369 370 371 372 373 374 375 376 377 378 379 |
# File 'lib/cvss2_rating.rb', line 367 def parse(vector) string = vector.split("/") len = string.length init @originalkey = vector string.each do |section| tmp = section.split(":") send(VECTORS[tmp[0].downcase].to_sym, tmp[1]) end end |
#scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND") ⇒ Object
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'lib/cvss2_rating.rb', line 95 def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND") self.av = av self.ac = ac self.au = au self.ci = ci self.ii = ii self.ai = ai self.ex = ex self.rl = rl self.rc = rc self.cdp = cdp self.td = td self.cr = cr self.ir = ir self.ar = ar end |
#set_key ⇒ Object
118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
# File 'lib/cvss2_rating.rb', line 118 def set_key @key = "AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s" % [ get_key("ACCESS_VECTOR", @av), get_key("ACCESS_COMPLEXITY", @ac), get_key("AUTHENTICATION", @au), get_key("CONFIDENTIALITY_IMPACT", @ci), get_key("INTEGRITY_IMPACT", @ii), get_key("AVAILABILITY_IMPACT", @ai)] if !notemporal? @key += "/E:%s/RL:%s/RC:%s" % [ get_key("EXPLOITABILITY", @ex), get_key("REMEDIATION_LEVEL", @rl), get_key("REPORT_CONFIDENCE", @rc)] end if !noenvironmental? @key += "/CDP:%s/TD:%s/CR:%s/IR:%s/AR:%s" % [ get_key("COLLATERAL_DAMAGE", @cdp), get_key("TARGET_DISTRIBUTION", @td), get_key("CONFIDENTIALITY_REQUIREMENT", @cr), get_key("INTEGRITY_REQUIREMENT", @ir), get_key("AVAILABILITY_REQUIREMENT", @ar)] end end |
#temporalscore ⇒ Object
451 452 453 454 455 |
# File 'lib/cvss2_rating.rb', line 451 def temporalscore temporalscore = @base * @ex.abs * @rl.abs * @rc.abs return temporalscore == 0.0 ? "Undefined" : temporalscore end |
#to_s ⇒ Object
386 387 388 389 390 391 392 393 394 |
# File 'lib/cvss2_rating.rb', line 386 def to_s printf "Base Score:\t\t\t%3.1f\n", @base printf " Impact Subscore:\t\t%3.1f\n", @impact printf " Exploitability Subscore:\t%3.1f\n", @exploitability printf "Temporal Score:\t\t\t%3.1f\n", @temporal if !notemporal? printf "Environmental Score:\t\t%3.1f\n", @environmental if !noenvironmental? printf " Adjusted Impact Score:\t%3.1f\n", @adjimpact if !noenvironmental? printf "Overall Score:\t\t\t%3.1f\n", overallscore end |