class CvssSuite::Cvss3Base

This class represents a CVSS Base metric in version 3.

Attributes

attack_complexity[R]

Property of this metric

attack_vector[R]

Property of this metric

availability[R]

Property of this metric

confidentiality[R]

Property of this metric

integrity[R]

Property of this metric

privileges_required[R]

Property of this metric

scope[R]

Property of this metric

user_interaction[R]

Property of this metric

Public Instance Methods

score() click to toggle source

Returns score of this metric

# File lib/cvss_suite/cvss3/cvss3_base.rb, line 26
def score
  privilege_score = Cvss3Helper.privileges_required_score @privileges_required, @scope

  exploitability = 8.22 * @attack_vector.score * @attack_complexity.score *
                   privilege_score * @user_interaction.score

  isc_base = 1 - ((1 - @confidentiality.score) * (1 - @integrity.score) * (1 - @availability.score))

  impact_sub_score = if @scope.selected_value[:name] == 'Changed'
                       7.52 * (isc_base - 0.029) - 3.25 * (isc_base - 0.02)**15
                     else
                       6.42 * isc_base
                     end

  return 0 if impact_sub_score <= 0

  if @scope.selected_value[:name] == 'Changed'
    [10, 1.08 * (impact_sub_score + exploitability)].min
  else
    [10, impact_sub_score + exploitability].min
  end
end

Private Instance Methods

init_properties() click to toggle source
# File lib/cvss_suite/cvss3/cvss3_base.rb, line 51
def init_properties
  @properties.push(@attack_vector =
                     CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV', position: [0],
                                      values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 },
                                               { name: 'Adjacent', abbreviation: 'A', weight: 0.62 },
                                               { name: 'Local', abbreviation: 'L', weight: 0.55 },
                                               { name: 'Physical', abbreviation: 'P', weight: 0.2 }]))
  @properties.push(@attack_complexity =
                     CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC', position: [1],
                                      values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 },
                                               { name: 'High', abbreviation: 'H', weight: 0.44 }]))
  @properties.push(@privileges_required =
                     CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR', position: [2],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
                                               { name: 'Low', abbreviation: 'L', weight: 0.62 },
                                               { name: 'High', abbreviation: 'H', weight: 0.27 }]))
  @properties.push(@user_interaction =
                     CvssProperty.new(name: 'User Interaction', abbreviation: 'UI', position: [3],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
                                               { name: 'Required', abbreviation: 'R', weight: 0.62 }]))
  @properties.push(@scope =
                     CvssProperty.new(name: 'Scope', abbreviation: 'S', position: [4],
                                      values: [{ name: 'Unchanged', abbreviation: 'U' },
                                               { name: 'Changed', abbreviation: 'C' }]))
  @properties.push(@confidentiality =
                     CvssProperty.new(name: 'Confidentiality', abbreviation: 'C', position: [5],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                               { name: 'Low', abbreviation: 'L', weight: 0.22 },
                                               { name: 'High', abbreviation: 'H', weight: 0.56 }]))
  @properties.push(@integrity =
                     CvssProperty.new(name: 'Integrity', abbreviation: 'I', position: [6],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                               { name: 'Low', abbreviation: 'L', weight: 0.22 },
                                               { name: 'High', abbreviation: 'H', weight: 0.56 }]))
  @properties.push(@availability =
                     CvssProperty.new(name: 'Availability', abbreviation: 'A', position: [7],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                               { name: 'Low', abbreviation: 'L', weight: 0.22 },
                                               { name: 'High', abbreviation: 'H', weight: 0.56 }]))
end