class CvssSuite::Cvss3Environmental

This class represents a CVSS Environmental metric in version 3.

Attributes

availability_requirement[R]

Property of this metric

confidentiality_requirement[R]

Property of this metric

integrity_requirement[R]

Property of this metric

modified_attack_complexity[R]

Property of this metric

modified_attack_vector[R]

Property of this metric

modified_availability[R]

Property of this metric

modified_confidentiality[R]

Property of this metric

modified_integrity[R]

Property of this metric

modified_privileges_required[R]

Property of this metric

modified_scope[R]

Property of this metric

modified_user_interaction[R]

Property of this metric

Public Instance Methods

score(base, temporal) click to toggle source

Returns score of this metric

# File lib/cvss_suite/cvss3/cvss3_environmental.rb, line 29
def score(base, temporal)
  @base = base

  merged_modified_privileges_required = @modified_privileges_required
  if @modified_privileges_required.selected_value[:name] == 'Not Defined'
    merged_modified_privileges_required = @base.privileges_required
  end

  merged_modified_scope = @modified_scope
  if @modified_scope.selected_value[:name] == 'Not Defined'
    merged_modified_scope = @base.scope
  end

  privilege_score = Cvss3Helper.privileges_required_score(merged_modified_privileges_required, merged_modified_scope)

  modified_exploitability_sub_score = modified_exploitability_sub(privilege_score)

  modified_impact_sub_score = modified_impact_sub(isc_modified)

  return 0 if modified_impact_sub_score <= 0

  calculate_score modified_impact_sub_score, modified_exploitability_sub_score, temporal.score
end

Private Instance Methods

calculate_score(modified_impact_sub_score, modified_exploitability_sub_score, temporal_score) click to toggle source
# File lib/cvss_suite/cvss3/cvss3_environmental.rb, line 182
def calculate_score(modified_impact_sub_score, modified_exploitability_sub_score, temporal_score)
  if @modified_scope.selected_value[:name] == 'Not Defined'
    factor = @base.scope.selected_value[:name] == 'Changed' ? 1.08 : 1.0
  else
    factor = @modified_scope.selected_value[:name] == 'Changed' ? 1.08 : 1.0
  end

  Cvss3Helper.round_up(
    [factor * (modified_impact_sub_score + modified_exploitability_sub_score), 10].min
  ) * temporal_score
end
init_properties() click to toggle source
# File lib/cvss_suite/cvss3/cvss3_environmental.rb, line 55
def init_properties
  @properties.push(@confidentiality_requirement =
                     CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
                                      values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
                                               { name: 'Medium', abbreviation: 'M', weight: 1.0 },
                                               { name: 'High', abbreviation: 'H', weight: 1.5 },
                                               { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
  @properties.push(@integrity_requirement =
                     CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
                                      values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
                                               { name: 'Medium', abbreviation: 'M', weight: 1.0 },
                                               { name: 'High', abbreviation: 'H', weight: 1.5 },
                                               { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))

  @properties.push(@availability_requirement =
                     CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
                                      values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
                                               { name: 'Medium', abbreviation: 'M', weight: 1.0 },
                                               { name: 'High', abbreviation: 'H', weight: 1.5 },
                                               { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
  @properties.push(@modified_attack_vector =
                     CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV', position: [11, 14],
                                      values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 },
                                               { name: 'Adjacent Network', abbreviation: 'A', weight: 0.62 },
                                               { name: 'Local', abbreviation: 'L', weight: 0.55 },
                                               { name: 'Physical', abbreviation: 'P', weight: 0.2 },
                                               { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
  @properties.push(@modified_attack_complexity =
                     CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC', position: [12, 15],
                                      values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 },
                                               { name: 'High', abbreviation: 'H', weight: 0.44 },
                                               { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
  @properties.push(@modified_privileges_required =
                     CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR', position: [13, 16],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
                                               { name: 'Low', abbreviation: 'L', weight: 0.62 },
                                               { name: 'High', abbreviation: 'H', weight: 0.27 },
                                               { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
  @properties.push(@modified_user_interaction =
                     CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI', position: [14, 17],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
                                               { name: 'Required', abbreviation: 'R', weight: 0.62 },
                                               { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
  @properties.push(@modified_scope =
                     CvssProperty.new(name: 'Modified Scope', abbreviation: 'MS', position: [15, 18],
                                      values: [{ name: 'Changed', abbreviation: 'C' },
                                               { name: 'Unchanged', abbreviation: 'U' },
                                               { name: 'Not Defined', abbreviation: 'X' }]))
  @properties.push(@modified_confidentiality =
                     CvssProperty.new(name: 'Modified Confidentiality', abbreviation: 'MC', position: [16, 19],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0 },
                                               { name: 'Low', abbreviation: 'L', weight: 0.22 },
                                               { name: 'High', abbreviation: 'H', weight: 0.56 },
                                               { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
  @properties.push(@modified_integrity =
                     CvssProperty.new(name: 'Modified Integrity', abbreviation: 'MI', position: [17, 20],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0 },
                                               { name: 'Low', abbreviation: 'L', weight: 0.22 },
                                               { name: 'High', abbreviation: 'H', weight: 0.56 },
                                               { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
  @properties.push(@modified_availability =
                     CvssProperty.new(name: 'Modified Availability', abbreviation: 'MA', position: [18, 21],
                                      values: [{ name: 'None', abbreviation: 'N', weight: 0 },
                                               { name: 'Low', abbreviation: 'L', weight: 0.22 },
                                               { name: 'High', abbreviation: 'H', weight: 0.56 },
                                               { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
end
isc_modified() click to toggle source
# File lib/cvss_suite/cvss3/cvss3_environmental.rb, line 139
def isc_modified
  merged_modified_confidentiality = @modified_confidentiality
  if @modified_confidentiality.selected_value[:name] == 'Not Defined'
    merged_modified_confidentiality = @base.confidentiality
  end

  merged_modified_integrity = @modified_integrity
  if @modified_integrity.selected_value[:name] == 'Not Defined'
    merged_modified_integrity = @base.integrity
  end

  merged_modified_availability = @modified_availability
  if @modified_availability.selected_value[:name] == 'Not Defined'
    merged_modified_availability = @base.availability
  end

  confidentiality_score = 1 - merged_modified_confidentiality.score * @confidentiality_requirement.score
  integrity_score = 1 - merged_modified_integrity.score * @integrity_requirement.score
  availability_score = 1 - merged_modified_availability.score * @availability_requirement.score

  [0.915, (1 - confidentiality_score * integrity_score * availability_score)].min
end
modified_exploitability_sub(privilege_score) click to toggle source
# File lib/cvss_suite/cvss3/cvss3_environmental.rb, line 162
def modified_exploitability_sub(privilege_score)
  merged_modified_attack_vector = @modified_attack_vector
  if @modified_attack_vector.selected_value[:name] == 'Not Defined'
    merged_modified_attack_vector = @base.attack_vector
  end

  merged_modified_attack_complexity = @modified_attack_complexity
  if @modified_attack_complexity.selected_value[:name] == 'Not Defined'
    merged_modified_attack_complexity = @base.attack_complexity
  end

  merged_modified_user_interaction = @modified_user_interaction
  if @modified_user_interaction.selected_value[:name] == 'Not Defined'
    merged_modified_user_interaction = @base.user_interaction
  end

  8.22 * merged_modified_attack_vector.score * merged_modified_attack_complexity.score *
    privilege_score * merged_modified_user_interaction.score
end
modified_impact_sub(isc_modified) click to toggle source
# File lib/cvss_suite/cvss3/cvss3_environmental.rb, line 123
def modified_impact_sub(isc_modified)
  if @modified_scope.selected_value[:name] == 'Not Defined'
    if @base.scope.selected_value[:name] == 'Changed'
      return 7.52 * (isc_modified - 0.029) - 3.25 * (isc_modified - 0.02)**15
    else
      return 6.42 * isc_modified
    end
  end

  if @modified_scope.selected_value[:name] == 'Changed'
    7.52 * (isc_modified - 0.029) - 3.25 * (isc_modified - 0.02)**15
  else
    6.42 * isc_modified
  end
end