Class: CvssSuite::Cvss3Base

Inherits:

CvssMetric

• Object
• CvssMetric
• CvssSuite::Cvss3Base

Defined in:

lib/cvss_suite/cvss3/cvss3_base.rb

Overview

This class represents a CVSS Base metric in version 3.

Instance Attribute Summary

• #attack_complexity ⇒ Object readonly

  Property of this metric.

• #attack_vector ⇒ Object readonly

  Property of this metric.

• #availability ⇒ Object readonly

  Property of this metric.

• #confidentiality ⇒ Object readonly

  Property of this metric.

• #integrity ⇒ Object readonly

  Property of this metric.

• #privileges_required ⇒ Object readonly

  Property of this metric.

• #scope ⇒ Object readonly

  Property of this metric.

• #user_interaction ⇒ Object readonly

  Property of this metric.

Instance Method Summary

• #score ⇒ Object

  Returns score of this metric.

Methods inherited from CvssMetric

#count, #initialize, #valid?

Constructor Details

This class inherits a constructor from CvssSuite::CvssMetric

Instance Attribute Details

#attack_complexity ⇒ Object (readonly)

Property of this metric

# File 'lib/cvss_suite/cvss3/cvss3_base.rb', line 22

def attack_complexity
  @attack_complexity
end

#attack_vector ⇒ Object (readonly)

Property of this metric

# File 'lib/cvss_suite/cvss3/cvss3_base.rb', line 22

def attack_vector
  @attack_vector
end

#availability ⇒ Object (readonly)

Property of this metric

# File 'lib/cvss_suite/cvss3/cvss3_base.rb', line 22

def availability
  @availability
end

#confidentiality ⇒ Object (readonly)

Property of this metric

# File 'lib/cvss_suite/cvss3/cvss3_base.rb', line 22

def confidentiality
  @confidentiality
end

#integrity ⇒ Object (readonly)

Property of this metric

# File 'lib/cvss_suite/cvss3/cvss3_base.rb', line 22

def integrity
  @integrity
end

#privileges_required ⇒ Object (readonly)

Property of this metric

# File 'lib/cvss_suite/cvss3/cvss3_base.rb', line 22

def privileges_required
  @privileges_required
end

#scope ⇒ Object (readonly)

Property of this metric

# File 'lib/cvss_suite/cvss3/cvss3_base.rb', line 22

def scope
  @scope
end

#user_interaction ⇒ Object (readonly)

Property of this metric

# File 'lib/cvss_suite/cvss3/cvss3_base.rb', line 22

def user_interaction
  @user_interaction
end

Instance Method Details

#score ⇒ Object

Returns score of this metric

# File 'lib/cvss_suite/cvss3/cvss3_base.rb', line 27

def score
  privilege_score = Cvss3Helper.privileges_required_score @privileges_required, @scope

  exploitability = 8.22 * @attack_vector.score * @attack_complexity.score *
                   privilege_score * @user_interaction.score

  isc_base = 1 - ((1 - @confidentiality.score) * (1 - @integrity.score) * (1 - @availability.score))

  impact_sub_score = if @scope.selected_value[:name] == 'Changed'
                       7.52 * (isc_base - 0.029) - 3.25 * (isc_base - 0.02)**15
                     else
                       6.42 * isc_base
                     end

  return 0 if impact_sub_score <= 0

  if @scope.selected_value[:name] == 'Changed'
    [10, 1.08 * (impact_sub_score + exploitability)].min
  else
    [10, impact_sub_score + exploitability].min
  end
end