class CvssSuite::Cvss31Base
This class represents a CVSS Base metric in version 3.1.
Attributes
attack_complexity[R]
Property of this metric
attack_vector[R]
Property of this metric
availability[R]
Property of this metric
confidentiality[R]
Property of this metric
integrity[R]
Property of this metric
privileges_required[R]
Property of this metric
scope[R]
Property of this metric
user_interaction[R]
Property of this metric
Public Instance Methods
score()
click to toggle source
Returns score of this metric
# File lib/cvss_suite/cvss31/cvss31_base.rb, line 27 def score privilege_score = Cvss3Helper.privileges_required_score(@privileges_required, @scope) exploitability = 8.22 * @attack_vector.score * @attack_complexity.score * privilege_score * @user_interaction.score isc_base = 1 - ((1 - @confidentiality.score) * (1 - @integrity.score) * (1 - @availability.score)) impact_sub_score = if @scope.selected_value[:name] == 'Changed' 7.52 * (isc_base - 0.029) - 3.25 * (isc_base - 0.02)**15 else 6.42 * isc_base end return 0 if impact_sub_score <= 0 if @scope.selected_value[:name] == 'Changed' [10, 1.08 * (impact_sub_score + exploitability)].min else [10, impact_sub_score + exploitability].min end end
Private Instance Methods
init_properties()
click to toggle source
# File lib/cvss_suite/cvss31/cvss31_base.rb, line 52 def init_properties @properties.push(@attack_vector = CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV', position: [0], values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 }, { name: 'Adjacent', abbreviation: 'A', weight: 0.62 }, { name: 'Local', abbreviation: 'L', weight: 0.55 }, { name: 'Physical', abbreviation: 'P', weight: 0.2 }])) @properties.push(@attack_complexity = CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC', position: [1], values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 }, { name: 'High', abbreviation: 'H', weight: 0.44 }])) @properties.push(@privileges_required = CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR', position: [2], values: [{ name: 'None', abbreviation: 'N', weight: 0.85 }, { name: 'Low', abbreviation: 'L', weight: 0.62 }, { name: 'High', abbreviation: 'H', weight: 0.27 }])) @properties.push(@user_interaction = CvssProperty.new(name: 'User Interaction', abbreviation: 'UI', position: [3], values: [{ name: 'None', abbreviation: 'N', weight: 0.85 }, { name: 'Required', abbreviation: 'R', weight: 0.62 }])) @properties.push(@scope = CvssProperty.new(name: 'Scope', abbreviation: 'S', position: [4], values: [{ name: 'Unchanged', abbreviation: 'U' }, { name: 'Changed', abbreviation: 'C' }])) @properties.push(@confidentiality = CvssProperty.new(name: 'Confidentiality', abbreviation: 'C', position: [5], values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }])) @properties.push(@integrity = CvssProperty.new(name: 'Integrity', abbreviation: 'I', position: [6], values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }])) @properties.push(@availability = CvssProperty.new(name: 'Availability', abbreviation: 'A', position: [7], values: [{ name: 'None', abbreviation: 'N', weight: 0.0 }, { name: 'Low', abbreviation: 'L', weight: 0.22 }, { name: 'High', abbreviation: 'H', weight: 0.56 }])) end