vrt-cli 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +21 -0
  3. data/bin/vrt-cli +44 -0
  4. data/bin/vrt-cli_console +7 -0
  5. data/lib/vrt_cli.rb +31 -0
  6. data/lib/vrt_cli/output.rb +61 -0
  7. data/lib/vrt_cli/parse.rb +39 -0
  8. data/lib/vrt_cli/version.rb +5 -0
  9. metadata +221 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: aad24468bee3e38354d4ccc922c4a7f079b1fed574fad80285961c74eefdddc4
4
+ data.tar.gz: db833edaa9b75f43a733d59e6c799e238dc5e63b972d2dc64b82337d431169ae
5
+ SHA512:
6
+ metadata.gz: 328a59429468c3d5873dbeb4c187b91b99fcdfbbec78f3b5b9aea24e8cfbfb9dad9f9ef9b2578baab87ce246283c285bded72f510d4afc2fe95445133826aa13
7
+ data.tar.gz: a55c0f06a8c7bcb2a5e07dd695b90116eb3e9f4bfeb0b7fc53b759970f7f208d6fa6eab4ca6cf041f8b3339bc59f2a93bc68e2e87c71e289fe038da115bd48ff
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2021 Alexandre ZANNI
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/bin/vrt-cli ADDED
@@ -0,0 +1,44 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ # Ruby internal
5
+ require 'pp'
6
+ # Project internal
7
+ require 'vrt_cli'
8
+ # External
9
+ require 'docopt'
10
+
11
+ doc = <<~DOCOPT
12
+ vrt-cli by noraj
13
+
14
+ Usage:
15
+ vrt-cli tree [--no-color --debug]
16
+ vrt-cli table [--sortby <col> --order <dir>] [--no-color --debug]
17
+ vrt-cli -h | --help
18
+ vrt-cli --version
19
+
20
+ Table options: can be used with list and search commands
21
+ -s <col>, --sortby <col> Column to sort by: priority, category, subcategory, variant [default: nil]
22
+ -o <dir>, --order <dir> Displayed in ascendant (asc) order or descendant order (dsc) [default: asc]
23
+
24
+ Other options:
25
+ --no-color Disable colorized output
26
+ --debug Display arguments
27
+ -h, --help Show this screen
28
+ --version Show version
29
+ DOCOPT
30
+
31
+ begin
32
+ args = Docopt.docopt(doc, version: VrtCli::VERSION)
33
+ Paint.mode = 0 if args['--no-color']
34
+ pp args if args['--debug']
35
+ vc = VrtCli::App.new
36
+ if args['tree']
37
+ vc.display_tree
38
+ elsif args['table']
39
+ vc.sort(args['--sortby'].to_sym, args['--order'].to_sym)
40
+ vc.display_table
41
+ end
42
+ rescue Docopt::Exit => e
43
+ puts e.message
44
+ end
data/bin/vrt-cli_console ADDED
@@ -0,0 +1,7 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ require 'vrt_cli'
5
+ require 'irb'
6
+
7
+ IRB.start(__FILE__)
data/lib/vrt_cli.rb ADDED
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Project internal
4
+ require 'vrt_cli/parse'
5
+ require 'vrt_cli/output'
6
+ require 'vrt_cli/version'
7
+
8
+ # VRT CLI module
9
+ module VrtCli
10
+ # Constants
11
+ include Version
12
+
13
+ # The application
14
+ class App
15
+ SEVERITY = {
16
+ 1 => :red,
17
+ 2 => 'orange',
18
+ 3 => :yellow,
19
+ 4 => :green,
20
+ 5 => :blue,
21
+ '?' => 'grey'
22
+ }.freeze
23
+
24
+ attr_reader :vulnerabilities, :categories
25
+
26
+ def initialize
27
+ @vulnerabilities = parse
28
+ @categories = VRT.current_categories.map { |x| x[:label] }
29
+ end
30
+ end
31
+ end
data/lib/vrt_cli/output.rb ADDED
@@ -0,0 +1,61 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'vrt'
4
+ require 'paint'
5
+
6
+ module VrtCli
7
+ # The application
8
+ class App
9
+ # Display vulnerabilities in a tree
10
+ def display_tree
11
+ VRT.get_map.structure.each do |_cat_id, category|
12
+ puts Paint[category.name, :bold]
13
+ category.children.each do |_subcat_id, subcategory|
14
+ if subcategory.priority
15
+ print ''.ljust(4) + Paint[subcategory.priority, SEVERITY[subcategory.priority]]
16
+ puts " #{subcategory.name}"
17
+ else
18
+ puts ''.ljust(4) + subcategory.name
19
+ end
20
+
21
+ next unless subcategory.children?
22
+
23
+ subcategory.children.each do |_variant_id, variant|
24
+ if variant.priority
25
+ print ''.ljust(8) + Paint[variant.priority, SEVERITY[variant.priority]]
26
+ puts " #{variant.name}"
27
+ else
28
+ puts ''.ljust(4) + variant.name
29
+ end
30
+ end
31
+ end
32
+ end
33
+ true
34
+ end
35
+
36
+ # Sort vulnerabilities
37
+ # @param sortby [Symbol] Column to sort by (+:priority+, +:category+, +:subcategory+, +:variant+)
38
+ # @param order [Symbol] Displayed in ascendant (+:asc+) order or descendant order (+:dsc+). Works with +sortby+.
39
+ def sort(sortby = :priority, order = :asc)
40
+ unless sortby.nil? || sortby == :nil
41
+ @vulnerabilities.sort! { |a, b| a[sortby].to_s <=> b[sortby].to_s }
42
+ @vulnerabilities.reverse! if order == :dsc
43
+ end
44
+ true
45
+ end
46
+
47
+ # Display vulnerabilities in a simple justified table
48
+ # First column: Technical severity / Priority (+:priority+)
49
+ # Second column: Category (+:category+)
50
+ # Third column: Sub-category / Specific vulnerability (+:subcategory+)
51
+ # Fourth column: Vulnerability / Variant / Affected function (+:variant+)
52
+ def display_table
53
+ @vulnerabilities.each do |v|
54
+ output = "#{Paint[v[:priority].to_s, SEVERITY[v[:priority]]]} #{Paint[v[:category].ljust(44), :bold]} "
55
+ output += "#{v[:subcategory].ljust(55)} #{v[:variant]}"
56
+ puts output
57
+ end
58
+ true
59
+ end
60
+ end
61
+ end
data/lib/vrt_cli/parse.rb ADDED
@@ -0,0 +1,39 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'vrt'
4
+
5
+ module VrtCli
6
+ # The application
7
+ class App
8
+ # @return [Array<Hash>] An array of vulnerabilities (+:priority+, +:category+, +:subcategory+, +:variant+)
9
+ def parse
10
+ vulns = []
11
+ VRT.get_map.structure.each do |_cat_id, category|
12
+ category.children.each do |_subcat_id, subcategory|
13
+ if subcategory.children?
14
+ subcategory.children.each do |_variant_id, variant|
15
+ priority = variant.priority || '?'
16
+ vuln = {
17
+ priority: priority,
18
+ category: category.name,
19
+ subcategory: subcategory.name,
20
+ variant: variant.name
21
+ }
22
+ vulns.push(vuln)
23
+ end
24
+ else
25
+ priority = subcategory.priority || '?'
26
+ vuln = {
27
+ priority: priority,
28
+ category: category.name,
29
+ subcategory: subcategory.name,
30
+ variant: '-'
31
+ }
32
+ vulns.push(vuln)
33
+ end
34
+ end
35
+ end
36
+ vulns
37
+ end
38
+ end
39
+ end
data/lib/vrt_cli/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Version
4
+ VERSION = '1.0.0'
5
+ end
metadata ADDED
@@ -0,0 +1,221 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: vrt-cli
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Alexandre ZANNI
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-04-11 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: docopt
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '0.6'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '0.6'
27
+ - !ruby/object:Gem::Dependency
28
+ name: paint
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '2.2'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '2.2'
41
+ - !ruby/object:Gem::Dependency
42
+ name: vrt
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '0.11'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '0.11'
55
+ - !ruby/object:Gem::Dependency
56
+ name: bundler
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: 2.1.0
62
+ - - "<"
63
+ - !ruby/object:Gem::Version
64
+ version: '2.3'
65
+ type: :development
66
+ prerelease: false
67
+ version_requirements: !ruby/object:Gem::Requirement
68
+ requirements:
69
+ - - ">="
70
+ - !ruby/object:Gem::Version
71
+ version: 2.1.0
72
+ - - "<"
73
+ - !ruby/object:Gem::Version
74
+ version: '2.3'
75
+ - !ruby/object:Gem::Dependency
76
+ name: commonmarker
77
+ requirement: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - "~>"
80
+ - !ruby/object:Gem::Version
81
+ version: '0.21'
82
+ type: :development
83
+ prerelease: false
84
+ version_requirements: !ruby/object:Gem::Requirement
85
+ requirements:
86
+ - - "~>"
87
+ - !ruby/object:Gem::Version
88
+ version: '0.21'
89
+ - !ruby/object:Gem::Dependency
90
+ name: github-markup
91
+ requirement: !ruby/object:Gem::Requirement
92
+ requirements:
93
+ - - "~>"
94
+ - !ruby/object:Gem::Version
95
+ version: '3.0'
96
+ type: :development
97
+ prerelease: false
98
+ version_requirements: !ruby/object:Gem::Requirement
99
+ requirements:
100
+ - - "~>"
101
+ - !ruby/object:Gem::Version
102
+ version: '3.0'
103
+ - !ruby/object:Gem::Dependency
104
+ name: minitest
105
+ requirement: !ruby/object:Gem::Requirement
106
+ requirements:
107
+ - - "~>"
108
+ - !ruby/object:Gem::Version
109
+ version: '5.12'
110
+ type: :development
111
+ prerelease: false
112
+ version_requirements: !ruby/object:Gem::Requirement
113
+ requirements:
114
+ - - "~>"
115
+ - !ruby/object:Gem::Version
116
+ version: '5.12'
117
+ - !ruby/object:Gem::Dependency
118
+ name: rake
119
+ requirement: !ruby/object:Gem::Requirement
120
+ requirements:
121
+ - - "~>"
122
+ - !ruby/object:Gem::Version
123
+ version: '13.0'
124
+ type: :development
125
+ prerelease: false
126
+ version_requirements: !ruby/object:Gem::Requirement
127
+ requirements:
128
+ - - "~>"
129
+ - !ruby/object:Gem::Version
130
+ version: '13.0'
131
+ - !ruby/object:Gem::Dependency
132
+ name: redcarpet
133
+ requirement: !ruby/object:Gem::Requirement
134
+ requirements:
135
+ - - "~>"
136
+ - !ruby/object:Gem::Version
137
+ version: '3.5'
138
+ type: :development
139
+ prerelease: false
140
+ version_requirements: !ruby/object:Gem::Requirement
141
+ requirements:
142
+ - - "~>"
143
+ - !ruby/object:Gem::Version
144
+ version: '3.5'
145
+ - !ruby/object:Gem::Dependency
146
+ name: rubocop
147
+ requirement: !ruby/object:Gem::Requirement
148
+ requirements:
149
+ - - "~>"
150
+ - !ruby/object:Gem::Version
151
+ version: '1.12'
152
+ type: :development
153
+ prerelease: false
154
+ version_requirements: !ruby/object:Gem::Requirement
155
+ requirements:
156
+ - - "~>"
157
+ - !ruby/object:Gem::Version
158
+ version: '1.12'
159
+ - !ruby/object:Gem::Dependency
160
+ name: yard
161
+ requirement: !ruby/object:Gem::Requirement
162
+ requirements:
163
+ - - "~>"
164
+ - !ruby/object:Gem::Version
165
+ version: '0.9'
166
+ type: :development
167
+ prerelease: false
168
+ version_requirements: !ruby/object:Gem::Requirement
169
+ requirements:
170
+ - - "~>"
171
+ - !ruby/object:Gem::Version
172
+ version: '0.9'
173
+ description: A simple tool to visualize VRT (Vulnerability Rating Taxonomy) from the
174
+ CLI.
175
+ email: alexandre.zanni@engineer.com
176
+ executables:
177
+ - vrt-cli
178
+ - vrt-cli_console
179
+ extensions: []
180
+ extra_rdoc_files: []
181
+ files:
182
+ - LICENSE
183
+ - bin/vrt-cli
184
+ - bin/vrt-cli_console
185
+ - lib/vrt_cli.rb
186
+ - lib/vrt_cli/output.rb
187
+ - lib/vrt_cli/parse.rb
188
+ - lib/vrt_cli/version.rb
189
+ homepage: https://noraj.github.io/vrt-cli/
190
+ licenses:
191
+ - MIT
192
+ metadata:
193
+ yard.run: yard
194
+ bug_tracker_uri: https://github.com/noraj/vrt-cli/issues
195
+ changelog_uri: https://github.com/noraj/vrt-cli/releases
196
+ documentation_uri: https://noraj.github.io/vrt-cli/
197
+ homepage_uri: https://noraj.github.io/vrt-cli/
198
+ source_code_uri: https://github.com/noraj/vrt-cli/
199
+ post_install_message:
200
+ rdoc_options: []
201
+ require_paths:
202
+ - lib
203
+ required_ruby_version: !ruby/object:Gem::Requirement
204
+ requirements:
205
+ - - ">="
206
+ - !ruby/object:Gem::Version
207
+ version: 2.6.0
208
+ - - "<"
209
+ - !ruby/object:Gem::Version
210
+ version: '3.0'
211
+ required_rubygems_version: !ruby/object:Gem::Requirement
212
+ requirements:
213
+ - - ">="
214
+ - !ruby/object:Gem::Version
215
+ version: '0'
216
+ requirements: []
217
+ rubygems_version: 3.1.6
218
+ signing_key:
219
+ specification_version: 4
220
+ summary: A simple tool to visualize VRT (Vulnerability Rating Taxonomy) from the CLI.
221
+ test_files: []