UNPKG

zater-cep

Version:

ZAter cep correios e via cep

bitbucket.org/patercapital/zater-cep

131 lines (128 loc) 3.73 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
exports.defaults = { AV: 'P', AC: 'L', PR: 'H', UI: 'R', S: 'U', C: 'N', I: 'N', A: 'N', E: 'X', RL: 'X', RC: 'X', MAV: 'X', MAC: 'X', MPR: 'X', MUI: 'X', MS: 'X', MC: 'X', MI: 'X', MA: 'X' }; var toScore = exports.toScore = { // 2. Base metrics // 2.1 Exploitability metrics -- describe the properties of the vulnerabilty that lead to a successful attack // 2.1.1 Attack vector -- is the vulnerability exploitable from the Internet, adjacent or local networks, or only the physical device? AV: { N: 0.85, A: 0.62, L: 0.55, P: 0.2 }, // 2.1.2 Attack complexity -- is it simple or complex to exploit this vulnerability? AC: { L: 0.77, H: 0.44 }, // 2.1.3 Privileges required -- does the vulnerability require no, low, or high privileges to run? PR: { N: 0.85, L: function (vector) { return (vector.S === 'C') ? 0.68 : 0.62; }, H: function (vector) { return (vector.S === 'C') ? 0.5 : 0.27; } }, // 2.1.4 User interaction -- does the vulnerability require user interaction UI: { N: 0.85, R: 0.62 }, // 2.2 Scope -- does the vulnerability allow access beyond the vulnerable component S: { U: 0.0, C: 1.0 }, // 2.3 Impact metrics -- level of impact to confidentiality, integrity, availability of affected systems/data // 2.3.1 Confidentiality impact C: { H: 0.56, L: 0.22, N: 0.0 }, // 2.3.2 Integrity impact I: { H: 0.56, L: 0.22, N: 0.0 }, // 2.3.3 Availability impact A: { H: 0.56, L: 0.22, N: 0.0 }, // 3. Temporal metrics -- maturity of exploit, level of remediation available, confidence of vulnerability reported // 3.1 Exploit code maturity E: { X: 1.0, H: 1.0, F: 0.97, P: 0.94, U: 0.91 }, // 3.2 Remediation Level RL: { X: 1.0, U: 1.0, W: 0.97, T: 0.96, O: 0.95 }, // 3.3 Report Confidence RC: { X: 1.0, C: 1.0, R: 0.96, U: 0.92 }, // 4. Environmental metrics // 4.1. Security requirements // 4.1.1 Confidentiality Requirement CR: { X: 1.00, H: 1.5, M: 1.0, L: 0.5 }, // 4.1.2 Integrity Requirement IR: { X: 1.00, H: 1.5, M: 1.0, L: 0.5 }, // 4.1.3 Accessibility Requirement AR: { X: 1.00, H: 1.5, M: 1.0, L: 0.5 }, // 4.2. Modified base metrics MAV: { N: 0.85, A: 0.62, L: 0.55, P: 0.2, X: function (vector, scores) { return scores.AV; } }, MAC: { L: 0.77, H: 0.44, X: function (vector, scores) { return scores.AC; }, }, MPR: { N: 0.85, L: function (vector) { var isChange = ('MS' in vector) ? vector.MS === 'C' : vector.S === 'C'; return (isChange) ? 0.68 : 0.62; }, H: function (vector) { var isChange = ('MS' in vector) ? vector.MS === 'C' : vector.S === 'C'; return (isChange) ? 0.5 : 0.27; }, X: function (vector, scores) { return scores.PR; }, }, MUI: { N: 0.85, R: 0.62, X: function (vector, scores) { return scores.UI; }, }, // MS: { X: function (vector, scores) { return scores.S; }, U: 0.0, C: 1.0 }, MC: { H: function (_, scores) { return toScore.C.H * scores.CR; }, L: function (_, scores) { return toScore.C.L * scores.CR }, N: 0.0, X: function (_, scores) { return scores.C * scores.CR; } }, MI: { H: function (_, scores) { return toScore.I.H * scores.IR; }, L: function (_, scores) { return toScore.I.L * scores.IR }, N: 0.0, X: function (_, scores) { return scores.I * scores.IR; } }, MA: { H: function (_, scores) { return toScore.A.H * scores.AR; }, L: function (_, scores) { return toScore.A.L * scores.AR }, N: 0.0, X: function (_, scores) { return scores.A * scores.AR; } } };