Class: Cvss3::Rating

Inherits:
Object
  • Object
show all
Includes:
Cvss3Vectors
Defined in:
lib/cvss3_rating.rb

Constant Summary

Constants included from Cvss3Vectors

Cvss3Vectors::VECTORS

Instance Attribute Summary collapse

Attributes included from Cvss3Vectors

#ac, #ai, #ar, #av, #ci, #cr, #ex, #ii, #ir, #pr, #rc, #rl, #sc, #ui

Instance Method Summary collapse

Methods included from Cvss3Vectors

#cvss3=, #get_key, #init, #key, #ma, #ma=, #mac, #mac=, #mav, #mav=, #mc, #mc=, #mi, #mi=, #mpr, #mpr=, #ms, #ms=, #mui, #mui=, #parse, #set_key

Constructor Details

#initialize(attributes = {}) ⇒ Rating

Initialize the object, creates a clean initialized Cvss3::Rating object

Parameters:

  • list (Hash)

    list of CVSS 3.0 attributes to be used during initialization



21
22
23
24
25
26
27
 
# File 'lib/cvss3_rating.rb', line 21

def initialize(attributes = {})
init

  	attributes.each do |name, value|
    		send("#{name}=", value)
  	end
end

Instance Attribute Details

#baseObject

Returns the value of attribute base.



11
12
13
 
# File 'lib/cvss3_rating.rb', line 11

def base
  @base
end

#environmentalObject

Returns the value of attribute environmental.



11
12
13
 
# File 'lib/cvss3_rating.rb', line 11

def environmental
  @environmental
end

#exploitabilityObject

Returns the value of attribute exploitability.



11
12
13
 
# File 'lib/cvss3_rating.rb', line 11

def exploitability
  @exploitability
end

#impactObject

Returns the value of attribute impact.



11
12
13
 
# File 'lib/cvss3_rating.rb', line 11

def impact
  @impact
end

#temporalObject

Returns the value of attribute temporal.



11
12
13
 
# File 'lib/cvss3_rating.rb', line 11

def temporal
  @temporal
end

Instance Method Details

#cvss_base_scoreArray

Calculate the CVSS 3.0 Base Score

Returns:

  • (Array)

    the CVSS 3.0 Base score with its risk level



59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/cvss3_rating.rb', line 59

def cvss_base_score
byebug if @pr.nil?

	@exploitability = ::Cvss3::Formulas.new.exploitability_sub_score(@av, @ac, @pr, @ui)

@impact = ::Cvss3::Formulas.new.impact_sub_score_base(@ai, @ci, @ii)

@base = ::Cvss3::Formulas.new.cvss_base_formula(@impact, @sc, @exploitability)

@base_level = risk_score(@base)

return @base, @base_level
end

#cvss_environmental_scoreArray

Calculate the CVSS 3.0 Temporal Score

Returns:

  • (Array)

    the CVSS 3.0 Temporal score with its risk level



93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
# File 'lib/cvss3_rating.rb', line 93

def cvss_environmental_score
	exploitability_sub_score_value_modified = ::Cvss3::Formulas.new.exploitability_sub_score_modified(self.mav(true),
		self.mac(true), self.mpr(true), self.mui(true))

	impact_sub_score_value_modified = ::Cvss3::Formulas.new.impact_sub_score_modified_base(self.ma(true), self.mc(true),
		self.mi(true), @cr, @ir, @ar)

	@environmental = ::Cvss3::Formulas.new.cvss_environmental_formula(impact_sub_score_value_modified,
		exploitability_sub_score_value_modified,
		@ex, @rl, @rc, self.ms(true))

	@environmental_level = risk_score(@environmental)

	return @environmental, @environmental_level
end

#cvss_temporal_scoreArray

Calculate the CVSS 3.0 Temporal Score

Returns:

  • (Array)

    the CVSS 3.0 Temporal score with its risk level



79
80
81
82
83
84
85
 
# File 'lib/cvss3_rating.rb', line 79

def cvss_temporal_score
	@temporal = ::Cvss3::Formulas.new.cvss_temporal_formula(@base, @ex, @rl, @rc)

	@temporal_level = risk_score(@temporal)

	return @temporal, @temporal_level
end

#risk_score(score) ⇒ String

Takes score and determines risk level from None to Critical

Parameters:

  • score (Float)

    risk score to be converted to risk level

Returns:

  • (String)

    risk level based on score



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/cvss3_rating.rb', line 36

def risk_score(score)
	risk_score = case score
		when 0.0
			"None"
		when 0.1..3.9
			"Low"
		when 4.0..6.9
			"Medium"
		when 7.0..8.9
			"High"
		when 9.0..10.0
			"Critical"
		else
			nil
		end
end