Class: Cvss3::Formulas

Inherits:
Object
  • Object
show all
Defined in:
lib/cvss_rating/cvss3_formulas.rb

Constant Summary collapse

EXPLOITABILITY_COEFFICIENT = 
8.22
IMPACT_COEFFICIENT = 
6.42
IMPACT_MOD_COEFFICIENT = 
7.52

Instance Method Summary collapse

Instance Method Details

#cvss_base_formula(impact_sub_score_value, scope_value, exploitability_sub_score_value) ⇒ Object 



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/cvss_rating/cvss3_formulas.rb', line 35

def cvss_base_formula(impact_sub_score_value, scope_value, exploitability_sub_score_value)
  if scope_value == 'unchanged'
    impact_value = IMPACT_COEFFICIENT * impact_sub_score_value
    cvss_base_value = min(10.0, impact_value + exploitability_sub_score_value)
  elsif scope_value == 'changed'
    impact_value = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value - 0.029) - 3.25 * ((impact_sub_score_value - 0.02)**15)
    cvss_base_value = min(10.0, 1.08 * (impact_value + exploitability_sub_score_value))
      end

  cvss_base_value = if impact_sub_score_value <= 0
                      0.0
                    else
                      cvss_base_value.ceil2(1)
                     end

  cvss_base_value
end

#cvss_environmental_formula(impact_sub_score_value_modified, exploitability_sub_score_value_modified, exploit_code_maturity_value, remediation_level_value, report_confidence_value, scope_value_modified) ⇒ Object 



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/cvss_rating/cvss3_formulas.rb', line 62

def cvss_environmental_formula(impact_sub_score_value_modified, exploitability_sub_score_value_modified,
                               exploit_code_maturity_value, remediation_level_value, report_confidence_value, scope_value_modified)

  if scope_value_modified == 'unchanged'
    impact_value_modified = IMPACT_COEFFICIENT * impact_sub_score_value_modified
    temp_score = min(10.0, impact_value_modified + exploitability_sub_score_value_modified)
    temp_score2 = temp_score.ceil2(1)
    temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
  elsif scope_value_modified == 'changed'
    impact_value_modified = IMPACT_MOD_COEFFICIENT * (impact_sub_score_value_modified - 0.029) - 3.25 * ((impact_sub_score_value_modified - 0.02)**15)
    temp_score = min(10.0, 1.08 * (impact_value_modified + exploitability_sub_score_value_modified))
    temp_score2 = temp_score.ceil2(1)
    temp_score3 = temp_score2 * exploit_code_maturity_value * remediation_level_value * report_confidence_value
    end

  cvss_environmental_value = if impact_sub_score_value_modified <= 0
                               0.0
                             else
                               temp_score3.ceil2(1)
                             end

  cvss_environmental_value
end

#cvss_temporal_formula(cvss_base_value, exploit_code_maturity_value, remediation_level_value, report_confidence_value) ⇒ Object 



53
54
55
56
57
58
59
60
 
# File 'lib/cvss_rating/cvss3_formulas.rb', line 53

def cvss_temporal_formula(cvss_base_value, exploit_code_maturity_value, remediation_level_value, report_confidence_value)
  cvss_temporal_value = cvss_base_value * exploit_code_maturity_value * remediation_level_value * \
                        report_confidence_value

  cvss_temporal_value = cvss_temporal_value.ceil2(1)

  cvss_temporal_value
end

#exploitability_sub_score(attack_vector_value, attack_complexity_value, privileges_required_value, user_interaction_value) ⇒ Object 



7
8
9
10
11
 
# File 'lib/cvss_rating/cvss3_formulas.rb', line 7

def exploitability_sub_score(attack_vector_value, attack_complexity_value, privileges_required_value, user_interaction_value)
			exploitability_sub_score_value = EXPLOITABILITY_COEFFICIENT * attack_vector_value * attack_complexity_value * privileges_required_value * user_interaction_value

  exploitability_sub_score_value
end

#exploitability_sub_score_modified(attack_vector_value_modified, attack_complexity_value_modified, privileges_required_value_modified, user_interaction_value_modified) ⇒ Object 



13
14
15
16
17
18
19
 
# File 'lib/cvss_rating/cvss3_formulas.rb', line 13

def exploitability_sub_score_modified(attack_vector_value_modified, attack_complexity_value_modified,
                                      privileges_required_value_modified, user_interaction_value_modified)

  exploitability_sub_score_value_modified = EXPLOITABILITY_COEFFICIENT * attack_vector_value_modified * attack_complexity_value_modified * privileges_required_value_modified * user_interaction_value_modified

  exploitability_sub_score_value_modified
end

#impact_sub_score_base(availability_value, confidentiality_value, integrity_value) ⇒ Object 



21
22
23
24
25
 
# File 'lib/cvss_rating/cvss3_formulas.rb', line 21

def impact_sub_score_base(availability_value, confidentiality_value, integrity_value)
  impact_sub_score_value = 1 - ((1 - confidentiality_value) * (1 - integrity_value) * (1 - availability_value))

  impact_sub_score_value
end

#impact_sub_score_modified_base(availability_value_modified, confidentiality_value_modified, integrity_value_modified, confidentiality_requirement_value, integrity_requirement_value, availability_requirement_value) ⇒ Object 



27
28
29
30
31
32
33
 
# File 'lib/cvss_rating/cvss3_formulas.rb', line 27

def impact_sub_score_modified_base(availability_value_modified, confidentiality_value_modified, integrity_value_modified,
                                   confidentiality_requirement_value, integrity_requirement_value, availability_requirement_value)

  impact_sub_score_value_modified = min(0.915, 1 - (1 - confidentiality_value_modified * confidentiality_requirement_value) * (1 - integrity_value_modified * integrity_requirement_value) * (1 - availability_value_modified * availability_requirement_value))

  impact_sub_score_value_modified
end

#min(*values) ⇒ Object 



86
87
88
 
# File 'lib/cvss_rating/cvss3_formulas.rb', line 86

def min(*values)
  values.min
end