GitHub
ESC

CVSS v2.0

CVSS::V2::Vector

v = CVSS::V2::Vector.parse("AV:N/AC:L/Au:N/C:P/I:P/A:P")
v.base_score          # => 7.5
v.severity            # => CVSS::Severity::High
v.network?            # => true
v.to_h                # => {"AV"=>"N","AC"=>"L","Au"=>"N","C"=>"P","I"=>"P","A"=>"P"}

Class methods

Method Description
parse(input : String) : Vector Strict parse. Raises on malformed input. Tolerates an optional CVSS:2.0/ prefix.
parse?(input : String) : Vector? Non-raising variant.

Constructor

CVSS::V2::Vector.new(
  av:, ac:, au:, c:, i:, a:,
  e: nil, rl: nil, rc: nil,
  cdp: nil, td: nil, cr: nil, ir: nil, ar: nil,
)

Scoring

Method Description
base_score : Float64 NIST CVSS v2.0 formula.
temporal_score : Float64 Falls back to base_score when no temporal metrics are set.
environmental_score : Float64 Returns 0.0 when TD:N.

Severity

Method Description
severity : Severity Maps the base score to None/Low/Medium/High. v2 has no Critical band.
temporal_severity : Severity
environmental_severity : Severity

Classification helpers

Method Returns
network? / adjacent_network? / local? Bool
requires_authentication? Bool (true when Au != N)
impacts_confidentiality? / impacts_integrity? / impacts_availability? Bool

Serialization

Method Description
to_s(io : IO) : Nil / to_s : String Emits the canonical vector string.
to_h : Hash(String, String) Metric short-codes. Optional metrics omitted when not set.
to_json(json : JSON::Builder) : Nil NVD-shaped object. Adds temporalScore/environmentalScore only when set.

Metric enums

All accept parse(s : String) : Self, code : String, and weight : Float64.

Enum Codes
AccessVector L Local, A AdjacentNetwork, N Network
AccessComplexity H High, M Medium, L Low
Authentication M Multiple, S Single, N None
Impact (C/I/A) N None, P Partial, C Complete
Exploitability U Unproven, POC ProofOfConcept, F Functional, H High, ND NotDefined
RemediationLevel OF OfficialFix, TF TemporaryFix, W Workaround, U Unavailable, ND NotDefined
ReportConfidence UC Unconfirmed, UR Uncorroborated, C Confirmed, ND NotDefined
CollateralDamagePotential N, L, LM, MH, H, ND
TargetDistribution N, L, M, H, ND
SecurityRequirement (CR/IR/AR) L, M, H, ND

cvss.cr — A Crystal implementation of the Common Vulnerability Scoring System.