class CvssSuite::Cvss2Base

This class represents a CVSS Base metric in version 2.

Attributes

access_complexity[R]

Property of this metric

access_vector[R]

Property of this metric

authentication[R]

Property of this metric

availability_impact[R]

Property of this metric

confidentiality_impact[R]

Property of this metric

integrity_impact[R]

Property of this metric

Public Instance Methods

score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1) click to toggle source

Returns the base score of the CVSS vector. The calculation is based on formula version 2.10 . See CVSS documentation for further information www.first.org/cvss/v2/guide#i3.2.1 .

Takes Security Requirement Impacts for calculating environmental score.

# File lib/cvss_suite/cvss2/cvss2_base.rb, line 28
def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
  impact = calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)

  exploitability = calc_exploitability

  additional_impact = (impact.zero? ? 0 : 1.176)

  ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact
end

Private Instance Methods

calc_exploitability() click to toggle source
# File lib/cvss_suite/cvss2/cvss2_base.rb, line 81
def calc_exploitability
  20 * @access_vector.score * @access_complexity.score * @authentication.score
end
calc_impact(sr_cr_score, sr_ir_score, sr_ar_score) click to toggle source
# File lib/cvss_suite/cvss2/cvss2_base.rb, line 73
def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
  confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score
  integrity_score = 1 - @integrity_impact.score * sr_ir_score
  availability_score = 1 - @availability_impact.score * sr_ar_score

  [10, 10.41 * (1 - confidentiality_score * integrity_score * availability_score)].min
end
init_properties() click to toggle source
# File lib/cvss_suite/cvss2/cvss2_base.rb, line 40
def init_properties
  @properties.push(@access_vector =
                     CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0],
                                      values: [{ name: 'Network', abbreviation: 'N', weight: 1.0 },
                                               { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 },
                                               { name: 'Local', abbreviation: 'L', weight: 0.395 }]))
  @properties.push(@access_complexity =
                     CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1],
                                      values: [{ name: 'Low', abbreviation: 'L', weight: 0.71 },
                                               { name: 'Medium', abbreviation: 'M', weight: 0.61 },
                                               { name: 'High', abbreviation: 'H', weight: 0.35 }]))
  @properties.push(@authentication =
                     CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0.704 },
                                               { name: 'Single', abbreviation: 'S', weight: 0.56 },
                                               { name: 'Multiple', abbreviation: 'M', weight: 0.45 }]))
  @properties.push(@confidentiality_impact =
                     CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                               { name: 'Partial', abbreviation: 'P', weight: 0.275 },
                                               { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
  @properties.push(@integrity_impact =
                     CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                               { name: 'Partial', abbreviation: 'P', weight: 0.275 },
                                               { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
  @properties.push(@availability_impact =
                     CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
                                               { name: 'Partial', abbreviation: 'P', weight: 0.275 },
                                               { name: 'Complete', abbreviation: 'C', weight: 0.66 }]))
end