class CvssSuite::Cvss2Base
This class represents a CVSS Base metric in version 2.
Attributes
access_complexity[R]
Property of this metric
access_vector[R]
Property of this metric
authentication[R]
Property of this metric
availability_impact[R]
Property of this metric
confidentiality_impact[R]
Property of this metric
integrity_impact[R]
Property of this metric
Public Instance Methods
score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1)
click to toggle source
Returns the base score of the CVSS vector. The calculation is based on formula version 2.10 . See CVSS documentation for further information www.first.org/cvss/v2/guide#i3.2.1 .
Takes Security
Requirement
Impacts
for calculating environmental score.
# File lib/cvss_suite/cvss2/cvss2_base.rb, line 28 def score(sr_cr_score = 1, sr_ir_score = 1, sr_ar_score = 1) impact = calc_impact(sr_cr_score, sr_ir_score, sr_ar_score) exploitability = calc_exploitability additional_impact = (impact.zero? ? 0 : 1.176) ((0.6 * impact) + (0.4 * exploitability) - 1.5) * additional_impact end
Private Instance Methods
calc_exploitability()
click to toggle source
# File lib/cvss_suite/cvss2/cvss2_base.rb, line 81 def calc_exploitability 20 * @access_vector.score * @access_complexity.score * @authentication.score end
calc_impact(sr_cr_score, sr_ir_score, sr_ar_score)
click to toggle source
# File lib/cvss_suite/cvss2/cvss2_base.rb, line 73 def calc_impact(sr_cr_score, sr_ir_score, sr_ar_score) confidentiality_score = 1 - @confidentiality_impact.score * sr_cr_score integrity_score = 1 - @integrity_impact.score * sr_ir_score availability_score = 1 - @availability_impact.score * sr_ar_score [10, 10.41 * (1 - confidentiality_score * integrity_score * availability_score)].min end
init_properties()
click to toggle source
# File lib/cvss_suite/cvss2/cvss2_base.rb, line 40 def init_properties @properties.push(@access_vector = CvssProperty.new(name: 'Access Vector', abbreviation: 'AV', position: [0], values: [{ name: 'Network', abbreviation: 'N', weight: 1.0 }, { name: 'Adjacent Network', abbreviation: 'A', weight: 0.646 }, { name: 'Local', abbreviation: 'L', weight: 0.395 }])) @properties.push(@access_complexity = CvssProperty.new(name: 'Access Complexity', abbreviation: 'AC', position: [1], values: [{ name: 'Low', abbreviation: 'L', weight: 0.71 }, { name: 'Medium', abbreviation: 'M', weight: 0.61 }, { name: 'High', abbreviation: 'H', weight: 0.35 }])) @properties.push(@authentication = CvssProperty.new(name: 'Authentication', abbreviation: 'Au', position: [2], values: [{ name: 'None', abbreviation: 'N', weight: 0.704 }, { name: 'Single', abbreviation: 'S', weight: 0.56 }, { name: 'Multiple', abbreviation: 'M', weight: 0.45 }])) @properties.push(@confidentiality_impact = CvssProperty.new(name: 'Confidentiality Impact', abbreviation: 'C', position: [3], values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Partial', abbreviation: 'P', weight: 0.275 }, { name: 'Complete', abbreviation: 'C', weight: 0.66 }])) @properties.push(@integrity_impact = CvssProperty.new(name: 'Integrity Impact', abbreviation: 'I', position: [4], values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Partial', abbreviation: 'P', weight: 0.275 }, { name: 'Complete', abbreviation: 'C', weight: 0.66 }])) @properties.push(@availability_impact = CvssProperty.new(name: 'Availability Impact', abbreviation: 'A', position: [5], values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Partial', abbreviation: 'P', weight: 0.275 }, { name: 'Complete', abbreviation: 'C', weight: 0.66 }])) end