class Cvss2::Rating
Constants
- ACCESS_COMPLEXITY
- ACCESS_COMPLEXITY_KEY
- ACCESS_VECTOR
- ACCESS_VECTOR_KEY
- AUTHENTICATION
- AUTHENTICATION_KEY
- AVAILABILITY_IMPACT
- AVAILABILITY_IMPACT_KEY
- AVAILABILITY_REQUIREMENT
- AVAILABILITY_REQUIREMENT_KEY
- COLLATERAL_DAMAGE
- COLLATERAL_DAMAGE_KEY
- CONFIDENTIALITY_IMPACT
- CONFIDENTIALITY_IMPACT_KEY
- CONFIDENTIALITY_REQUIREMENT
- CONFIDENTIALITY_REQUIREMENT_KEY
- EXPLOITABILITY
- EXPLOITABILITY_KEY
- INTEGRITY_IMPACT
- INTEGRITY_IMPACT_KEY
- INTEGRITY_REQUIREMENT
- INTEGRITY_REQUIREMENT_KEY
- REMEDIATION_LEVEL
- REMEDIATION_LEVEL_KEY
- REPORT_CONFIDENCE
- REPORT_CONFIDENCE_KEY
- TARGET_DISTRIBUTION
- TARGET_DISTRIBUTION_KEY
- VECTORS
- VERSION
Attributes
ac[RW]
adjimpact[RW]
ai[RW]
ar[RW]
au[RW]
av[RW]
base[RW]
cdp[RW]
ci[RW]
cr[RW]
environmental[RW]
ex[RW]
exploitability[RW]
ii[RW]
impact[RW]
ir[RW]
key[RW]
overall[RW]
rc[RW]
rl[RW]
td[RW]
temporal[RW]
Public Class Methods
new(attributes = {})
click to toggle source
# File lib/cvss2_rating.rb, line 83 def initialize(attributes = {}) @base = nil @temporal = nil @environmental = nil init attributes.each do |name, value| send("#{name}=", value) end end
Public Instance Methods
ac=(ac)
click to toggle source
# File lib/cvss2_rating.rb, line 155 def ac=(ac) @ac = case ac when "high", "H" then ACCESS_COMPLEXITY[:high] when "medium", "M" then ACCESS_COMPLEXITY[:medium] when "low", "L" then ACCESS_COMPLEXITY[:low] else raise "Bad Argument" end end
adjustedbasescore(adjustedimpact, exploitabilityscore)
click to toggle source
# File lib/cvss2_rating.rb, line 412 def adjustedbasescore(adjustedimpact, exploitabilityscore) adjustedbasescore = (0.6*adjustedimpact + 0.4 * exploitabilityscore - 1.5) * impactfunction(adjustedimpact) end
adjustedimpactscore()
click to toggle source
# File lib/cvss2_rating.rb, line 405 def adjustedimpactscore tmp = [] tmp[0] = 10 tmp[1] = 10.41*(1-(1-@ci.abs*@cr.abs)*(1-@ii.abs*@ir.abs)*(1-@ai.abs*@ar.abs)) adjustedimpactscore = tmp.min end
adjustedtemporalscore(adjustedbasescore)
click to toggle source
# File lib/cvss2_rating.rb, line 416 def adjustedtemporalscore(adjustedbasescore) adjustedtemporalscore = adjustedbasescore * @ex.abs * @rl.abs * @rc.abs end
ai=(ai)
click to toggle source
# File lib/cvss2_rating.rb, line 211 def ai=(ai) @ai = case ai when "none", "N" then AVAILABILITY_IMPACT[:none] when "partial", "P" then AVAILABILITY_IMPACT[:partial] when "complete", "C" then AVAILABILITY_IMPACT[:complete] else raise "Bad Argument" end end
ar=(ar)
click to toggle source
# File lib/cvss2_rating.rb, line 335 def ar=(ar) @ar = case ar when "low", "L" then AVAILABILITY_REQUIREMENT[:low] when "medium", "M" then AVAILABILITY_REQUIREMENT[:medium] when "high", "H" then AVAILABILITY_REQUIREMENT[:high] when "not defined", "ND" then AVAILABILITY_REQUIREMENT[:notdefined] else raise "Bad Argument" end end
au=(au)
click to toggle source
# File lib/cvss2_rating.rb, line 169 def au=(au) @au = case au when "none", "N" then AUTHENTICATION[:none] when "single instance", "S" then AUTHENTICATION[:single] when "multiple instance", "M" then AUTHENTICATION[:multiple] else raise "Bad Argument" end end
av=(av)
click to toggle source
# File lib/cvss2_rating.rb, line 141 def av=(av) @av = case av when "local", "L" then ACCESS_VECTOR[:local] when "adjacent network", "A" then ACCESS_VECTOR[:adjacent_network] when "network", "N" then ACCESS_VECTOR[:network] else raise "Bad Argument" end end
basescore()
click to toggle source
# File lib/cvss2_rating.rb, line 447 def basescore basescore = (0.6 * @impact + 0.4 * @exploitability - 1.5) * impactfunction(@impact) end
calculate()
click to toggle source
# File lib/cvss2_rating.rb, line 396 def calculate @impact = self.impactscore @adjimpact = self.adjustedimpactscore @exploitability = self.exploitabilityscore @base = self.basescore @temporal = self.temporalscore @environmental = self.environmentalscore(self.adjustedtemporalscore(self.adjustedbasescore(@adjimpact, @exploitability))) end
cdp=(cd)
click to toggle source
# File lib/cvss2_rating.rb, line 272 def cdp=(cd) @cdp = case cd when "none", "N" then COLLATERAL_DAMAGE[:none] when "low", "L" then COLLATERAL_DAMAGE[:low] when "low-medium", "LM" then COLLATERAL_DAMAGE[:low_medium] when "medium-high", "MH" then COLLATERAL_DAMAGE[:medium_high] when "high", "H" then COLLATERAL_DAMAGE[:high] when "not defined", "ND" then COLLATERAL_DAMAGE[:notdefined] else raise "Bad Argument" end end
ci=(ci)
click to toggle source
# File lib/cvss2_rating.rb, line 183 def ci=(ci) @ci = case ci when "none", "N" then CONFIDENTIALITY_IMPACT[:none] when "partial", "P" then CONFIDENTIALITY_IMPACT[:partial] when "complete", "C" then CONFIDENTIALITY_IMPACT[:complete] else raise "Bad Argument" end end
cr=(cr)
click to toggle source
# File lib/cvss2_rating.rb, line 305 def cr=(cr) @cr = case cr when "low", "L" then CONFIDENTIALITY_REQUIREMENT[:low] when "medium", "M" then CONFIDENTIALITY_REQUIREMENT[:medium] when "high", "H" then CONFIDENTIALITY_REQUIREMENT[:high] when "not defined", "ND" then CONFIDENTIALITY_REQUIREMENT[:notdefined] else raise "Bad Argument" end end
environmentalscore(adjustedtemporalscore)
click to toggle source
# File lib/cvss2_rating.rb, line 424 def environmentalscore(adjustedtemporalscore) environmentalscore = (adjustedtemporalscore + (10 - adjustedtemporalscore) * (@cdp == -1 ? 0 : @cdp.abs)) * @td.abs return environmentalscore == 0.0 ? "Undefined" : environmentalscore end
ex=(ex)
click to toggle source
# File lib/cvss2_rating.rb, line 225 def ex=(ex) @ex = case ex when "unproven", "U" then EXPLOITABILITY[:unproven] when "proof-of-concept", "P", "POC" then EXPLOITABILITY[:poc] when "functional", "F" then EXPLOITABILITY[:functional] when "high", "H" then EXPLOITABILITY[:high] when "not defined", "ND" then EXPLOITABILITY[:notdefined] else raise "Bad Argument" end end
exploitabilityscore()
click to toggle source
# File lib/cvss2_rating.rb, line 420 def exploitabilityscore exploitability = 20 * @ac.abs * @au.abs * @av.abs end
get_key(vector, value)
click to toggle source
# File lib/cvss2_rating.rb, line 114 def get_key(vector, value) get_key = eval(vector + "_KEY")[(eval(vector).select { |k,v| v == value }).keys[0]] end
ii=(ii)
click to toggle source
# File lib/cvss2_rating.rb, line 197 def ii=(ii) @ii = case ii when "none", "N" then INTEGRITY_IMPACT[:none] when "partial", "P" then INTEGRITY_IMPACT[:partial] when "complete", "C" then INTEGRITY_IMPACT[:complete] else raise "Bad Argument" end end
impactscore()
click to toggle source
# File lib/cvss2_rating.rb, line 443 def impactscore impact = 10.41*(1.0-(1.0-@ci.abs)*(1.0-@ii.abs)*(1.0-@ai.abs)) end
ir=(ir)
click to toggle source
# File lib/cvss2_rating.rb, line 320 def ir=(ir) @ir = case ir when "low", "L" then INTEGRITY_REQUIREMENT[:low] when "medium", "M" then INTEGRITY_REQUIREMENT[:medium] when "high", "H" then INTEGRITY_REQUIREMENT[:high] when "not defined", "ND" then INTEGRITY_REQUIREMENT[:notdefined] else raise "Bad Argument" end end
overallscore()
click to toggle source
# File lib/cvss2_rating.rb, line 430 def overallscore if noenvironmental? if notemporal? overallscore = @base else overallscore = @temporal end else overallscore = @environmental end return overallscore end
parse(vector)
click to toggle source
# File lib/cvss2_rating.rb, line 367 def parse(vector) string = vector.split("/") len = string.length init @originalkey = vector string.each do |section| tmp = section.split(":") send(VECTORS[tmp[0].downcase].to_sym, tmp[1]) end end
rc=(rc)
click to toggle source
# File lib/cvss2_rating.rb, line 257 def rc=(rc) @rc = case rc when "unconfirmed", "UC" then REPORT_CONFIDENCE[:unconfirmed] when "uncorroborated", "UR" then REPORT_CONFIDENCE[:uncorroborated] when "confirmed", "C" then REPORT_CONFIDENCE[:confirmed] when "not defined", "ND" then REPORT_CONFIDENCE[:notdefined] else raise "Bad Argument" end end
rl=(rl)
click to toggle source
# File lib/cvss2_rating.rb, line 241 def rl=(rl) @rl = case rl when "official-fix", "O", "OF" then REMEDIATION_LEVEL[:official] when "temporary-fix", "T", "TF" then REMEDIATION_LEVEL[:temporary] when "workaround", "W" then REMEDIATION_LEVEL[:workaround] when "unavailable", "U" then REMEDIATION_LEVEL[:unavailable] when "not defined", "ND" then REMEDIATION_LEVEL[:notdefined] else raise "Bad Argument" end end
scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
click to toggle source
# File lib/cvss2_rating.rb, line 95 def scores(av, ac, au, ci, ii, ai, ex = "ND", rl = "ND", rc = "ND", cdp = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND") self.av = av self.ac = ac self.au = au self.ci = ci self.ii = ii self.ai = ai self.ex = ex self.rl = rl self.rc = rc self.cdp = cdp self.td = td self.cr = cr self.ir = ir self.ar = ar end
set_key()
click to toggle source
# File lib/cvss2_rating.rb, line 118 def set_key @key = "AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s" % [ get_key("ACCESS_VECTOR", @av), get_key("ACCESS_COMPLEXITY", @ac), get_key("AUTHENTICATION", @au), get_key("CONFIDENTIALITY_IMPACT", @ci), get_key("INTEGRITY_IMPACT", @ii), get_key("AVAILABILITY_IMPACT", @ai)] if !notemporal? @key += "/E:%s/RL:%s/RC:%s" % [ get_key("EXPLOITABILITY", @ex), get_key("REMEDIATION_LEVEL", @rl), get_key("REPORT_CONFIDENCE", @rc)] end if !noenvironmental? @key += "/CDP:%s/TD:%s/CR:%s/IR:%s/AR:%s" % [ get_key("COLLATERAL_DAMAGE", @cdp), get_key("TARGET_DISTRIBUTION", @td), get_key("CONFIDENTIALITY_REQUIREMENT", @cr), get_key("INTEGRITY_REQUIREMENT", @ir), get_key("AVAILABILITY_REQUIREMENT", @ar)] end end
td=(td)
click to toggle source
# File lib/cvss2_rating.rb, line 289 def td=(td) @td = case td when "none", "N" then TARGET_DISTRIBUTION[:none] when "low", "L" then TARGET_DISTRIBUTION[:low] when "medium", "M" then TARGET_DISTRIBUTION[:medium] when "high", "H" then TARGET_DISTRIBUTION[:high] when "not defined", "ND" then TARGET_DISTRIBUTION[:notdefined] else raise "Bad Argument" end end
temporalscore()
click to toggle source
# File lib/cvss2_rating.rb, line 451 def temporalscore temporalscore = @base * @ex.abs * @rl.abs * @rc.abs return temporalscore == 0.0 ? "Undefined" : temporalscore end
to_s()
click to toggle source
# File lib/cvss2_rating.rb, line 386 def to_s printf "Base Score:\t\t\t%3.1f\n", @base printf " Impact Subscore:\t\t%3.1f\n", @impact printf " Exploitability Subscore:\t%3.1f\n", @exploitability printf "Temporal Score:\t\t\t%3.1f\n", @temporal if !notemporal? printf "Environmental Score:\t\t%3.1f\n", @environmental if !noenvironmental? printf " Adjusted Impact Score:\t%3.1f\n", @adjimpact if !noenvironmental? printf "Overall Score:\t\t\t%3.1f\n", overallscore end
Private Instance Methods
impactfunction(impact)
click to toggle source
# File lib/cvss2_rating.rb, line 49 def impactfunction(impact) return impact != 0 ? 1.176 : 0.0 end
init(ex = "ND", rl = "ND", rc = "ND", cd = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND")
click to toggle source
# File lib/cvss2_rating.rb, line 69 def init(ex = "ND", rl = "ND", rc = "ND", cd = "ND", td = "ND", cr = "ND", ir = "ND", ar = "ND") self.ex = ex self.rl = rl self.rc = rc self.cdp = cd self.td = td self.cr = cr self.ir = ir self.ar = ar end
noenvironmental?()
click to toggle source
# File lib/cvss2_rating.rb, line 53 def noenvironmental? if get_key("COLLATERAL_DAMAGE", @cdp) == "ND" && get_key("TARGET_DISTRIBUTION", @td) == "ND" && get_key("CONFIDENTIALITY_REQUIREMENT", @cr) == "ND" && get_key("INTEGRITY_REQUIREMENT", @ir) == "ND" && get_key("AVAILABILITY_REQUIREMENT", @ar) == "ND" return true else return false end end
notemporal?()
click to toggle source
# File lib/cvss2_rating.rb, line 61 def notemporal? if get_key("EXPLOITABILITY", @ex) == "ND" && get_key("REMEDIATION_LEVEL", @rl) == "ND" && get_key("REPORT_CONFIDENCE", @rc) == "ND" return true else return false end end