nwhirschfeld/cvssv3.rb

## cvssv3.rb

class CVSSV3
    def initialize(av, ac, pr, ui, s, c, i, a)
		@AV = av
		@AC = ac
		@PR = pr
		@UI = ui
		@S = s
		@C = c
		@I = i
		@A = a

		@@AV_MAP = {'N' => 0.85, 'A' => 0.62, 'L' => 0.55, 'P' => 0.2}
		@@AC_MAP = {'L' => 0.77, 'H' => 0.44 }
		@@PR_MAP = {'N' => 0.85, 'L' => 0.62, 'H' => 0.27}
		@@UI_MAP = {'N' => 0.85, 'R' => 0.62}

		@@C_MAP = {'H' => 0.56, 'L' => 0.22, 'N' => 0.0}
		@@I_MAP = {'H' => 0.56, 'L' => 0.22, 'N' => 0.0}
		@@A_MAP = {'H' => 0.56, 'L' => 0.22, 'N' => 0.0}

		@@S_MAP = {'U' => 6.42, 'C' => 7.52}

		@@scopeCoefficient = 1.08
		@@exploitabilityCoefficient  = 8.22
    end

    def exploitabalitySubScore
    	return @@exploitabilityCoefficient * @@AV_MAP[@AV] * @@AC_MAP[@AC] * @@PR_MAP[@PR] * @@UI_MAP[@UI]
    end

    def impactSubScoreMultiplier
    	return (1 - ((1 - @@C_MAP[@C]) * (1 - @@I_MAP[@I]) * (1 - @@A_MAP[@A])));
    end

    def impactSubScore
		if (@S == 'U')
			return @@S_MAP[@S] * impactSubScoreMultiplier
		else
			return @@S_MAP[@S] * (impactSubScoreMultiplier - 0.029) - 3.25 * ((impactSubScoreMultiplier - 0.02) ** 15)
		end
    end

    def roundUp1 val
    	return ((val*10).ceil * 1.0)/10
    end

    def baseScore
		if (impactSubScore <= 0)
			return 0
		else
			if (@S == 'U')
				return roundUp1([(exploitabalitySubScore + impactSubScore), 10].min)
			else
				return roundUp1([((exploitabalitySubScore + impactSubScore) * @@scopeCoefficient), 10].min)
			end
		end
    end
end

# Example Usage
score = CVSSV3.new('N', 'L', 'H', 'R', 'U', 'L', 'N', 'H')
p score.baseScore

	class CVSSV3
	def initialize(av, ac, pr, ui, s, c, i, a)
	@AV = av
	@AC = ac
	@PR = pr
	@UI = ui
	@S = s
	@C = c
	@I = i
	@A = a

	@@AV_MAP = {'N' => 0.85, 'A' => 0.62, 'L' => 0.55, 'P' => 0.2}
	@@AC_MAP = {'L' => 0.77, 'H' => 0.44 }
	@@PR_MAP = {'N' => 0.85, 'L' => 0.62, 'H' => 0.27}
	@@UI_MAP = {'N' => 0.85, 'R' => 0.62}

	@@C_MAP = {'H' => 0.56, 'L' => 0.22, 'N' => 0.0}
	@@I_MAP = {'H' => 0.56, 'L' => 0.22, 'N' => 0.0}
	@@A_MAP = {'H' => 0.56, 'L' => 0.22, 'N' => 0.0}

	@@S_MAP = {'U' => 6.42, 'C' => 7.52}

	@@scopeCoefficient = 1.08
	@@exploitabilityCoefficient = 8.22
	end

	def exploitabalitySubScore
	return @@exploitabilityCoefficient * @@AV_MAP[@AV] * @@AC_MAP[@AC] * @@PR_MAP[@PR] * @@UI_MAP[@UI]
	end

	def impactSubScoreMultiplier
	return (1 - ((1 - @@C_MAP[@C]) * (1 - @@I_MAP[@I]) * (1 - @@A_MAP[@A])));
	end

	def impactSubScore
	if (@S == 'U')
	return @@S_MAP[@S] * impactSubScoreMultiplier
	else
	return @@S_MAP[@S] * (impactSubScoreMultiplier - 0.029) - 3.25 * ((impactSubScoreMultiplier - 0.02) ** 15)
	end
	end

	def roundUp1 val
	return ((val10).ceil 1.0)/10
	end

	def baseScore
	if (impactSubScore <= 0)
	return 0
	else
	if (@S == 'U')
	return roundUp1([(exploitabalitySubScore + impactSubScore), 10].min)
	else
	return roundUp1([((exploitabalitySubScore + impactSubScore) * @@scopeCoefficient), 10].min)
	end
	end
	end
	end

	# Example Usage
	score = CVSSV3.new('N', 'L', 'H', 'R', 'U', 'L', 'N', 'H')
	p score.baseScore