Class: Cvss3::Formulas
- Inherits:
-
Object
- Object
- Cvss3::Formulas
- Defined in:
- lib/cvss_rating/cvss3_formulas.rb
Constant Summary collapse
- EXPLOITABILITY_COEFFICIENT =
8.22
- IMPACT_COEFFICIENT =
6.42
- IMPACT_MOD_COEFFICIENT =
7.52
Instance Method Summary collapse
- #cvss_base_formula(impact_sub_score_value, scope_value, exploitability_sub_score_value) ⇒ Object
- #cvss_environmental_formula(impact_sub_score_value_modified, exploitability_sub_score_value_modified, exploit_code_maturity_value, remediation_level_value, report_confidence_value, scope_value_modified) ⇒ Object
- #cvss_temporal_formula(cvss_base_value, exploit_code_maturity_value, remediation_level_value, report_confidence_value) ⇒ Object
- #exploitability_sub_score(attack_vector_value, attack_complexity_value, privileges_required_value, user_interaction_value) ⇒ Object
- #exploitability_sub_score_modified(attack_vector_value_modified, attack_complexity_value_modified, privileges_required_value_modified, user_interaction_value_modified) ⇒ Object
- #impact_sub_score_base(availability_value, confidentiality_value, integrity_value) ⇒ Object
- #impact_sub_score_modified_base(availability_value_modified, confidentiality_value_modified, integrity_value_modified, confidentiality_requirement_value, integrity_requirement_value, availability_requirement_value) ⇒ Object
- #min(*values) ⇒ Object
Instance Method Details
#cvss_base_formula(impact_sub_score_value, scope_value, exploitability_sub_score_value) ⇒ Object
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/cvss_rating/cvss3_formulas.rb', line 35 def cvss_base_formula(impact_sub_score_value, scope_value, exploitability_sub_score_value) if scope_value == 'unchanged' impact_value = IMPACT_COEFFICIENT * impact_sub_score_value cvss_base_value = min(10.0, impact_value + exploitability_sub_score_value) elsif scope_value == 'changed' impact_value = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value - 0.029) - 3.25 * ((impact_sub_score_value - 0.02)**15) cvss_base_value = min(10.0, 1.08 * (impact_value + exploitability_sub_score_value)) end cvss_base_value = if impact_sub_score_value <= 0 0.0 else cvss_base_value.ceil2(1) end cvss_base_value end |
#cvss_environmental_formula(impact_sub_score_value_modified, exploitability_sub_score_value_modified, exploit_code_maturity_value, remediation_level_value, report_confidence_value, scope_value_modified) ⇒ Object
62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
# File 'lib/cvss_rating/cvss3_formulas.rb', line 62 def cvss_environmental_formula(impact_sub_score_value_modified, exploitability_sub_score_value_modified, exploit_code_maturity_value, remediation_level_value, report_confidence_value, scope_value_modified) if scope_value_modified == 'unchanged' impact_value_modified = IMPACT_COEFFICIENT * impact_sub_score_value_modified temp_score = min(10.0, impact_value_modified + exploitability_sub_score_value_modified) temp_score2 = temp_score.ceil2(1) temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value elsif scope_value_modified == 'changed' impact_value_modified = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value_modified - 0.029) - 3.25 * ((impact_sub_score_value_modified - 0.02)**15) temp_score = min(10.0, 1.08 * (impact_value_modified + exploitability_sub_score_value_modified)) temp_score2 = temp_score.ceil2(1) temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value end cvss_environmental_value = if impact_sub_score_value_modified <= 0 0.0 else temp_score3.ceil2(1) end cvss_environmental_value end |
#cvss_temporal_formula(cvss_base_value, exploit_code_maturity_value, remediation_level_value, report_confidence_value) ⇒ Object
53 54 55 56 57 58 59 60 |
# File 'lib/cvss_rating/cvss3_formulas.rb', line 53 def cvss_temporal_formula(cvss_base_value, exploit_code_maturity_value, remediation_level_value, report_confidence_value) cvss_temporal_value = cvss_base_value * exploit_code_maturity_value * remediation_level_value * \ report_confidence_value cvss_temporal_value = cvss_temporal_value.ceil2(1) cvss_temporal_value end |
#exploitability_sub_score(attack_vector_value, attack_complexity_value, privileges_required_value, user_interaction_value) ⇒ Object
7 8 9 10 11 |
# File 'lib/cvss_rating/cvss3_formulas.rb', line 7 def exploitability_sub_score(attack_vector_value, attack_complexity_value, privileges_required_value, user_interaction_value) exploitability_sub_score_value = EXPLOITABILITY_COEFFICIENT * attack_vector_value * attack_complexity_value * privileges_required_value * user_interaction_value exploitability_sub_score_value end |
#exploitability_sub_score_modified(attack_vector_value_modified, attack_complexity_value_modified, privileges_required_value_modified, user_interaction_value_modified) ⇒ Object
13 14 15 16 17 18 19 |
# File 'lib/cvss_rating/cvss3_formulas.rb', line 13 def exploitability_sub_score_modified(attack_vector_value_modified, attack_complexity_value_modified, privileges_required_value_modified, user_interaction_value_modified) exploitability_sub_score_value_modified = EXPLOITABILITY_COEFFICIENT * attack_vector_value_modified * attack_complexity_value_modified * privileges_required_value_modified * user_interaction_value_modified exploitability_sub_score_value_modified end |
#impact_sub_score_base(availability_value, confidentiality_value, integrity_value) ⇒ Object
21 22 23 24 25 |
# File 'lib/cvss_rating/cvss3_formulas.rb', line 21 def impact_sub_score_base(availability_value, confidentiality_value, integrity_value) impact_sub_score_value = 1 - ((1 - confidentiality_value) * (1 - integrity_value) * (1 - availability_value)) impact_sub_score_value end |
#impact_sub_score_modified_base(availability_value_modified, confidentiality_value_modified, integrity_value_modified, confidentiality_requirement_value, integrity_requirement_value, availability_requirement_value) ⇒ Object
27 28 29 30 31 32 33 |
# File 'lib/cvss_rating/cvss3_formulas.rb', line 27 def impact_sub_score_modified_base(availability_value_modified, confidentiality_value_modified, integrity_value_modified, confidentiality_requirement_value, integrity_requirement_value, availability_requirement_value) impact_sub_score_value_modified = min(0.915, 1 - (1 - confidentiality_value_modified * confidentiality_requirement_value) * (1 - integrity_value_modified * integrity_requirement_value) * (1 - availability_value_modified * availability_requirement_value)) impact_sub_score_value_modified end |
#min(*values) ⇒ Object
86 87 88 |
# File 'lib/cvss_rating/cvss3_formulas.rb', line 86 def min(*values) values.min end |