RubyGems - vrt-cli - Versions diffs - 1.0.0 - Mend

vrt-cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: aad24468bee3e38354d4ccc922c4a7f079b1fed574fad80285961c74eefdddc4
+  data.tar.gz: db833edaa9b75f43a733d59e6c799e238dc5e63b972d2dc64b82337d431169ae
+SHA512:
+  metadata.gz: 328a59429468c3d5873dbeb4c187b91b99fcdfbbec78f3b5b9aea24e8cfbfb9dad9f9ef9b2578baab87ce246283c285bded72f510d4afc2fe95445133826aa13
+  data.tar.gz: a55c0f06a8c7bcb2a5e07dd695b90116eb3e9f4bfeb0b7fc53b759970f7f208d6fa6eab4ca6cf041f8b3339bc59f2a93bc68e2e87c71e289fe038da115bd48ff

data/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2021 Alexandre ZANNI
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/bin/vrt-cli ADDED Viewed

@@ -0,0 +1,44 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+# Ruby internal
+require 'pp'
+# Project internal
+require 'vrt_cli'
+# External
+require 'docopt'
+doc = <<~DOCOPT
+  vrt-cli by noraj
+  Usage:
+    vrt-cli tree [--no-color --debug]
+    vrt-cli table [--sortby <col> --order <dir>] [--no-color --debug]
+    vrt-cli -h | --help
+    vrt-cli --version
+  Table options: can be used with list and search commands
+    -s <col>, --sortby <col>  Column to sort by: priority, category, subcategory, variant [default: nil]
+    -o <dir>, --order <dir>   Displayed in ascendant (asc) order or descendant order (dsc) [default: asc]
+  Other options:
+    --no-color  Disable colorized output
+    --debug     Display arguments
+    -h, --help  Show this screen
+    --version   Show version
+DOCOPT
+begin
+  args = Docopt.docopt(doc, version: VrtCli::VERSION)
+  Paint.mode = 0 if args['--no-color']
+  pp args if args['--debug']
+  vc = VrtCli::App.new
+  if args['tree']
+    vc.display_tree
+  elsif args['table']
+    vc.sort(args['--sortby'].to_sym, args['--order'].to_sym)
+    vc.display_table
+  end
+rescue Docopt::Exit => e
+  puts e.message
+end

data/bin/vrt-cli_console ADDED Viewed

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+require 'vrt_cli'
+require 'irb'
+IRB.start(__FILE__)

data/lib/vrt_cli.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+# Project internal
+require 'vrt_cli/parse'
+require 'vrt_cli/output'
+require 'vrt_cli/version'
+# VRT CLI module
+module VrtCli
+  # Constants
+  include Version
+  # The application
+  class App
+    SEVERITY = {
+      1 => :red,
+      2 => 'orange',
+      3 => :yellow,
+      4 => :green,
+      5 => :blue,
+      '?' => 'grey'
+    }.freeze
+    attr_reader :vulnerabilities, :categories
+    def initialize
+      @vulnerabilities = parse
+      @categories = VRT.current_categories.map { |x| x[:label] }
+    end
+  end
+end

data/lib/vrt_cli/output.rb ADDED Viewed

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+require 'vrt'
+require 'paint'
+module VrtCli
+  # The application
+  class App
+    # Display vulnerabilities in a tree
+    def display_tree
+      VRT.get_map.structure.each do |_cat_id, category|
+        puts Paint[category.name, :bold]
+        category.children.each do |_subcat_id, subcategory|
+          if subcategory.priority
+            print ''.ljust(4) + Paint[subcategory.priority, SEVERITY[subcategory.priority]]
+            puts " #{subcategory.name}"
+          else
+            puts ''.ljust(4) + subcategory.name
+          end
+          next unless subcategory.children?
+          subcategory.children.each do |_variant_id, variant|
+            if variant.priority
+              print ''.ljust(8) + Paint[variant.priority, SEVERITY[variant.priority]]
+              puts " #{variant.name}"
+            else
+              puts ''.ljust(4) + variant.name
+            end
+          end
+        end
+      end
+      true
+    end
+    # Sort vulnerabilities
+    # @param sortby [Symbol] Column to sort by (+:priority+, +:category+, +:subcategory+, +:variant+)
+    # @param order [Symbol] Displayed in ascendant (+:asc+) order or descendant order (+:dsc+). Works with +sortby+.
+    def sort(sortby = :priority, order = :asc)
+      unless sortby.nil? || sortby == :nil
+        @vulnerabilities.sort! { |a, b| a[sortby].to_s <=> b[sortby].to_s }
+        @vulnerabilities.reverse! if order == :dsc
+      end
+      true
+    end
+    # Display vulnerabilities in a simple justified table
+    # First column: Technical severity / Priority (+:priority+)
+    # Second column: Category (+:category+)
+    # Third column: Sub-category / Specific vulnerability (+:subcategory+)
+    # Fourth column: Vulnerability / Variant / Affected function (+:variant+)
+    def display_table
+      @vulnerabilities.each do |v|
+        output = "#{Paint[v[:priority].to_s, SEVERITY[v[:priority]]]} #{Paint[v[:category].ljust(44), :bold]} "
+        output += "#{v[:subcategory].ljust(55)} #{v[:variant]}"
+        puts output
+      end
+      true
+    end
+  end
+end

data/lib/vrt_cli/parse.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+require 'vrt'
+module VrtCli
+  # The application
+  class App
+    # @return [Array<Hash>] An array of vulnerabilities (+:priority+, +:category+, +:subcategory+, +:variant+)
+    def parse
+      vulns = []
+      VRT.get_map.structure.each do |_cat_id, category|
+        category.children.each do |_subcat_id, subcategory|
+          if subcategory.children?
+            subcategory.children.each do |_variant_id, variant|
+              priority = variant.priority || '?'
+              vuln = {
+                priority: priority,
+                category: category.name,
+                subcategory: subcategory.name,
+                variant: variant.name
+              }
+              vulns.push(vuln)
+            end
+          else
+            priority = subcategory.priority || '?'
+            vuln = {
+              priority: priority,
+              category: category.name,
+              subcategory: subcategory.name,
+              variant: '-'
+            }
+            vulns.push(vuln)
+          end
+        end
+      end
+      vulns
+    end
+  end
+end

data/lib/vrt_cli/version.rb ADDED Viewed

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+module Version
+  VERSION = '1.0.0'
+end

metadata ADDED Viewed

@@ -0,0 +1,221 @@
+--- !ruby/object:Gem::Specification
+name: vrt-cli
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Alexandre ZANNI
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-04-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: docopt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: paint
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: vrt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: commonmarker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.21'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.21'
+- !ruby/object:Gem::Dependency
+  name: github-markup
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: redcarpet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+description: A simple tool to visualize VRT (Vulnerability Rating Taxonomy) from the
+  CLI.
+email: alexandre.zanni@engineer.com
+executables:
+- vrt-cli
+- vrt-cli_console
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- bin/vrt-cli
+- bin/vrt-cli_console
+- lib/vrt_cli.rb
+- lib/vrt_cli/output.rb
+- lib/vrt_cli/parse.rb
+- lib/vrt_cli/version.rb
+homepage: https://noraj.github.io/vrt-cli/
+licenses:
+- MIT
+metadata:
+  yard.run: yard
+  bug_tracker_uri: https://github.com/noraj/vrt-cli/issues
+  changelog_uri: https://github.com/noraj/vrt-cli/releases
+  documentation_uri: https://noraj.github.io/vrt-cli/
+  homepage_uri: https://noraj.github.io/vrt-cli/
+  source_code_uri: https://github.com/noraj/vrt-cli/
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '3.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key:
+specification_version: 4
+summary: A simple tool to visualize VRT (Vulnerability Rating Taxonomy) from the CLI.
+test_files: []