class Cvss2::Rating

Constants

ACCESS_COMPLEXITY
ACCESS_COMPLEXITY_KEY
ACCESS_VECTOR
ACCESS_VECTOR_KEY
AUTHENTICATION
AUTHENTICATION_KEY
AVAILABILITY_IMPACT
AVAILABILITY_IMPACT_KEY
AVAILABILITY_REQUIREMENT
AVAILABILITY_REQUIREMENT_KEY
COLLATERAL_DAMAGE
COLLATERAL_DAMAGE_KEY
CONFIDENTIALITY_IMPACT
CONFIDENTIALITY_IMPACT_KEY
CONFIDENTIALITY_REQUIREMENT
CONFIDENTIALITY_REQUIREMENT_KEY
EXPLOITABILITY
EXPLOITABILITY_KEY
INTEGRITY_IMPACT
INTEGRITY_IMPACT_KEY
INTEGRITY_REQUIREMENT
INTEGRITY_REQUIREMENT_KEY
REMEDIATION_LEVEL
REMEDIATION_LEVEL_KEY
REPORT_CONFIDENCE
REPORT_CONFIDENCE_KEY
TARGET_DISTRIBUTION
TARGET_DISTRIBUTION_KEY
VECTORS
VERSION

Attributes

ac[RW]
adjimpact[RW]
ai[RW]
ar[RW]
au[RW]
av[RW]
base[RW]
cdp[RW]
ci[RW]
cr[RW]
environmental[RW]
ex[RW]
exploitability[RW]
ii[RW]
impact[RW]
ir[RW]
key[RW]
overall[RW]
rc[RW]
rl[RW]
td[RW]
temporal[RW]

Public Class Methods

new(attributes = {}) click to toggle source
# File lib/cvss2_rating.rb, line 83
def initialize(attributes = {})
  @base = nil
  @temporal = nil
  @environmental = nil

  init

  attributes.each do |name, value|
    send("#{name}=", value)
  end
end

Public Instance Methods

ac=(ac) click to toggle source
# File lib/cvss2_rating.rb, line 155
def ac=(ac)
  @ac = case ac
  when "high", "H" then ACCESS_COMPLEXITY[:high]
  when "medium", "M" then ACCESS_COMPLEXITY[:medium]
  when "low", "L" then ACCESS_COMPLEXITY[:low]
  else
    raise "Bad Argument"
  end
end
adjustedbasescore(adjustedimpact, exploitabilityscore) click to toggle source
# File lib/cvss2_rating.rb, line 412
def adjustedbasescore(adjustedimpact, exploitabilityscore)
  adjustedbasescore = (0.6*adjustedimpact + 0.4 * exploitabilityscore - 1.5) * impactfunction(adjustedimpact)
end
adjustedimpactscore() click to toggle source
# File lib/cvss2_rating.rb, line 405
def adjustedimpactscore
  tmp = []
  tmp[0] = 10
  tmp[1] = 10.41*(1-(1-@ci.abs*@cr.abs)*(1-@ii.abs*@ir.abs)*(1-@ai.abs*@ar.abs))
  adjustedimpactscore = tmp.min
end
adjustedtemporalscore(adjustedbasescore) click to toggle source
# File lib/cvss2_rating.rb, line 416
def adjustedtemporalscore(adjustedbasescore)
  adjustedtemporalscore = adjustedbasescore * @ex.abs * @rl.abs * @rc.abs
end
ai=(ai) click to toggle source
# File lib/cvss2_rating.rb, line 211
def ai=(ai)
  @ai = case ai
  when "none", "N" then AVAILABILITY_IMPACT[:none]
  when "partial", "P" then AVAILABILITY_IMPACT[:partial]
  when "complete", "C" then AVAILABILITY_IMPACT[:complete]
  else
    raise "Bad Argument"
  end
end
ar=(ar) click to toggle source
# File lib/cvss2_rating.rb, line 335
def ar=(ar)
  @ar = case ar
  when "low", "L" then AVAILABILITY_REQUIREMENT[:low]
  when "medium", "M" then AVAILABILITY_REQUIREMENT[:medium]
  when "high", "H" then AVAILABILITY_REQUIREMENT[:high]
  when "not defined", "ND" then AVAILABILITY_REQUIREMENT[:notdefined]
  else
    raise "Bad Argument"
  end
end
au=(au) click to toggle source
# File lib/cvss2_rating.rb, line 169
def au=(au)
  @au = case au
  when "none", "N" then AUTHENTICATION[:none]
  when "single instance", "S" then AUTHENTICATION[:single]
  when "multiple instance", "M" then AUTHENTICATION[:multiple]
  else
    raise "Bad Argument"
  end
end
av=(av) click to toggle source
# File lib/cvss2_rating.rb, line 141
def av=(av)
  @av = case av
  when "local", "L" then ACCESS_VECTOR[:local]
  when "adjacent network", "A" then ACCESS_VECTOR[:adjacent_network]
  when "network", "N" then ACCESS_VECTOR[:network]
  else
    raise "Bad Argument"
  end
end
basescore() click to toggle source
# File lib/cvss2_rating.rb, line 447
def basescore
  basescore = (0.6 * @impact + 0.4 * @exploitability - 1.5) * impactfunction(@impact)
end
calculate() click to toggle source
# File lib/cvss2_rating.rb, line 396
def calculate
  @impact = self.impactscore
  @adjimpact = self.adjustedimpactscore
  @exploitability = self.exploitabilityscore
  @base = self.basescore
  @temporal = self.temporalscore
  @environmental = self.environmentalscore(self.adjustedtemporalscore(self.adjustedbasescore(@adjimpact, @exploitability)))
end
cdp=(cd) click to toggle source
# File lib/cvss2_rating.rb, line 272
def cdp=(cd)
  @cdp = case cd
  when "none", "N" then COLLATERAL_DAMAGE[:none]
  when "low", "L" then COLLATERAL_DAMAGE[:low]
  when "low-medium", "LM" then COLLATERAL_DAMAGE[:low_medium]
  when "medium-high", "MH" then COLLATERAL_DAMAGE[:medium_high]
  when "high", "H" then COLLATERAL_DAMAGE[:high]
  when "not defined", "ND" then COLLATERAL_DAMAGE[:notdefined]
  else
    raise "Bad Argument"
  end
end
ci=(ci) click to toggle source
# File lib/cvss2_rating.rb, line 183
def ci=(ci)
  @ci = case ci
  when "none", "N" then CONFIDENTIALITY_IMPACT[:none]
  when "partial", "P" then CONFIDENTIALITY_IMPACT[:partial]
  when "complete", "C" then CONFIDENTIALITY_IMPACT[:complete]
  else
    raise "Bad Argument"
  end
end
cr=(cr) click to toggle source
# File lib/cvss2_rating.rb, line 305
def cr=(cr)
  @cr = case cr
  when "low", "L" then CONFIDENTIALITY_REQUIREMENT[:low]
  when "medium", "M" then CONFIDENTIALITY_REQUIREMENT[:medium]
  when "high", "H" then CONFIDENTIALITY_REQUIREMENT[:high]
  when "not defined", "ND" then CONFIDENTIALITY_REQUIREMENT[:notdefined]
  else
    raise "Bad Argument"
  end
end
environmentalscore(adjustedtemporalscore) click to toggle source
# File lib/cvss2_rating.rb, line 424
def environmentalscore(adjustedtemporalscore)
  environmentalscore = (adjustedtemporalscore + (10 - adjustedtemporalscore) * (@cdp == -1 ? 0 : @cdp.abs)) * @td.abs

  return environmentalscore == 0.0 ? "Undefined" : environmentalscore
end
ex=(ex) click to toggle source
# File lib/cvss2_rating.rb, line 225
def ex=(ex)
  @ex = case ex
  when "unproven", "U" then EXPLOITABILITY[:unproven]
  when "proof-of-concept", "P", "POC" then EXPLOITABILITY[:poc]
  when "functional", "F" then EXPLOITABILITY[:functional]
  when "high", "H" then EXPLOITABILITY[:high]
  when "not defined", "ND" then EXPLOITABILITY[:notdefined]
  else
    raise "Bad Argument"
  end
end
exploitabilityscore() click to toggle source
# File lib/cvss2_rating.rb, line 420
def exploitabilityscore
  exploitability = 20 * @ac.abs * @au.abs * @av.abs
end
get_key(vector, value) click to toggle source
# File lib/cvss2_rating.rb, line 114
def get_key(vector, value)
  get_key = eval(vector + "_KEY")[(eval(vector).select { |k,v| v == value }).keys[0]]
end
ii=(ii) click to toggle source
# File lib/cvss2_rating.rb, line 197
def ii=(ii)
  @ii = case ii
  when "none", "N" then INTEGRITY_IMPACT[:none]
  when "partial", "P" then INTEGRITY_IMPACT[:partial]
  when "complete", "C" then INTEGRITY_IMPACT[:complete]
  else
    raise "Bad Argument"
  end
end
impactscore() click to toggle source
# File lib/cvss2_rating.rb, line 443
def impactscore
  impact = 10.41*(1.0-(1.0-@ci.abs)*(1.0-@ii.abs)*(1.0-@ai.abs))
end
ir=(ir) click to toggle source
# File lib/cvss2_rating.rb, line 320
def ir=(ir)
  @ir = case ir
  when "low", "L" then INTEGRITY_REQUIREMENT[:low]
  when "medium", "M" then INTEGRITY_REQUIREMENT[:medium]
  when "high", "H" then INTEGRITY_REQUIREMENT[:high]
  when "not defined", "ND" then INTEGRITY_REQUIREMENT[:notdefined]
  else
    raise "Bad Argument"
  end
end
overallscore() click to toggle source
# File lib/cvss2_rating.rb, line 430
def overallscore
  if noenvironmental?
    if notemporal?
      overallscore = @base
    else
      overallscore = @temporal
    end
  else
    overallscore = @environmental
  end
  return overallscore
end
parse(vector) click to toggle source
# File lib/cvss2_rating.rb, line 367
def parse(vector)
  string = vector.split("/")
  len = string.length

  init

  @originalkey = vector

  string.each do |section|
    tmp = section.split(":")
    send(VECTORS[tmp[0].downcase].to_sym, tmp[1])
  end
end
rc=(rc) click to toggle source
# File lib/cvss2_rating.rb, line 257
def rc=(rc)
  @rc = case rc
  when "unconfirmed", "UC" then REPORT_CONFIDENCE[:unconfirmed]
  when "uncorroborated", "UR" then REPORT_CONFIDENCE[:uncorroborated]
  when "confirmed", "C" then REPORT_CONFIDENCE[:confirmed]
  when "not defined", "ND" then REPORT_CONFIDENCE[:notdefined]
  else
    raise "Bad Argument"
  end
 end
rl=(rl) click to toggle source
# File lib/cvss2_rating.rb, line 241
def rl=(rl)
  @rl = case rl
  when "official-fix", "O", "OF" then REMEDIATION_LEVEL[:official]
  when "temporary-fix", "T", "TF" then REMEDIATION_LEVEL[:temporary]
  when "workaround", "W" then REMEDIATION_LEVEL[:workaround]
  when "unavailable", "U" then REMEDIATION_LEVEL[:unavailable]
  when "not defined", "ND" then REMEDIATION_LEVEL[:notdefined]
  else
    raise "Bad Argument"
  end
end
scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND") click to toggle source
# File lib/cvss2_rating.rb, line 95
def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
  self.av = av
  self.ac = ac
  self.au = au
  self.ci = ci
  self.ii = ii
  self.ai = ai

  self.ex = ex
  self.rl = rl
  self.rc = rc

  self.cdp = cdp
      self.td = td
      self.cr = cr
      self.ir = ir
  self.ar = ar
end
set_key() click to toggle source
# File lib/cvss2_rating.rb, line 118
def set_key
  @key = "AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s" % [ get_key("ACCESS_VECTOR", @av),
      get_key("ACCESS_COMPLEXITY", @ac),
      get_key("AUTHENTICATION", @au),
      get_key("CONFIDENTIALITY_IMPACT", @ci),
      get_key("INTEGRITY_IMPACT", @ii),
      get_key("AVAILABILITY_IMPACT", @ai)]

  if !notemporal?
    @key += "/E:%s/RL:%s/RC:%s" % [ get_key("EXPLOITABILITY", @ex),
        get_key("REMEDIATION_LEVEL", @rl),
        get_key("REPORT_CONFIDENCE", @rc)]
  end

  if !noenvironmental?
    @key += "/CDP:%s/TD:%s/CR:%s/IR:%s/AR:%s" % [ get_key("COLLATERAL_DAMAGE", @cdp),
        get_key("TARGET_DISTRIBUTION", @td),
        get_key("CONFIDENTIALITY_REQUIREMENT", @cr),
        get_key("INTEGRITY_REQUIREMENT", @ir),
        get_key("AVAILABILITY_REQUIREMENT", @ar)]
  end
end
td=(td) click to toggle source
# File lib/cvss2_rating.rb, line 289
def td=(td)
  @td = case td
  when "none", "N" then TARGET_DISTRIBUTION[:none]
  when "low", "L" then TARGET_DISTRIBUTION[:low]
  when "medium", "M" then TARGET_DISTRIBUTION[:medium]
  when "high", "H" then TARGET_DISTRIBUTION[:high]
  when "not defined", "ND" then TARGET_DISTRIBUTION[:notdefined]
  else
    raise "Bad Argument"
  end
end
temporalscore() click to toggle source
# File lib/cvss2_rating.rb, line 451
def temporalscore
  temporalscore = @base * @ex.abs * @rl.abs * @rc.abs

  return temporalscore == 0.0 ? "Undefined" : temporalscore
end
to_s() click to toggle source
# File lib/cvss2_rating.rb, line 386
def to_s
  printf "Base Score:\t\t\t%3.1f\n", @base
  printf "  Impact Subscore:\t\t%3.1f\n", @impact
  printf "  Exploitability Subscore:\t%3.1f\n", @exploitability
  printf "Temporal Score:\t\t\t%3.1f\n", @temporal if !notemporal?
  printf "Environmental Score:\t\t%3.1f\n", @environmental  if !noenvironmental?
  printf "  Adjusted Impact Score:\t%3.1f\n", @adjimpact if !noenvironmental?
  printf "Overall Score:\t\t\t%3.1f\n", overallscore
end

Private Instance Methods

impactfunction(impact) click to toggle source
# File lib/cvss2_rating.rb, line 49
def impactfunction(impact)
     return impact != 0 ? 1.176 : 0.0
end
init(ex = "ND", rl = "ND", rc = "ND", cd = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND") click to toggle source
# File lib/cvss2_rating.rb, line 69
def init(ex = "ND", rl = "ND", rc = "ND", cd = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
  self.ex = ex
  self.rl = rl
  self.rc = rc

  self.cdp = cd
      self.td = td
      self.cr = cr
      self.ir = ir
  self.ar = ar
end
noenvironmental?() click to toggle source
# File lib/cvss2_rating.rb, line 53
def noenvironmental?
  if get_key("COLLATERAL_DAMAGE", @cdp) == "ND" && get_key("TARGET_DISTRIBUTION", @td) == "ND" && get_key("CONFIDENTIALITY_REQUIREMENT", @cr) == "ND" && get_key("INTEGRITY_REQUIREMENT", @ir) == "ND" && get_key("AVAILABILITY_REQUIREMENT", @ar) == "ND"
    return true
  else
    return false
  end
end
notemporal?() click to toggle source
# File lib/cvss2_rating.rb, line 61
def notemporal?
  if get_key("EXPLOITABILITY", @ex) == "ND" && get_key("REMEDIATION_LEVEL", @rl) == "ND" && get_key("REPORT_CONFIDENCE", @rc) == "ND"
    return true
  else
    return false
  end
end