RubyGems - vrt - Versions diffs - 0.1 → 0.2.0 - Mend

vrt 0.1 → 0.2.0

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/data/1.2/deprecated-node-mapping.json +50 -0
data/lib/data/1.2/vrt.schema.json +62 -0
data/lib/data/1.2/vulnerability-rating-taxonomy.json +1583 -0
data/lib/vrt/version.rb +1 -1
metadata +5 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3c883252346b6b621bc6bdcef55ab2be37b6cb7d
-  data.tar.gz: 60357154b0e182f895d36faea777817672fdc856
+  metadata.gz: 61f3553f98d0b502f458ee6566dc76e0c3237279
+  data.tar.gz: b7240f35e43cdb044982784b47490d90faf34f72
 SHA512:
-  metadata.gz: 3cc4ddfb007a6648ff1b31c6874c2f8c48e36d3020d5d78c97c816b281af26a69636fe3e5ef04504fa88d79bcc21fb46e0404c8fe133d5cfec65ff95ed32791e
-  data.tar.gz: b8563420dec922ab1dcc82ca543cb5178b4e400c4699f60d2ab794d55eeec1120a8aedda14f77280a187aa7013fd45062c15ea75b324058bd2d8f80cd6d112f1
+  metadata.gz: 97b80beb9eed048a770dde54effefaf18ebc59404e3e14116b764a36fc674f52a72d7002c0d8c180aa02fc67e3a1d644d080836428f15df1af5509a9e2c84f95
+  data.tar.gz: 13211ce3cc7291c9890ec696dc40bc3b805e94946cda96f50a07f849261cff7bb55bc17e84f6023172f622ab8116ad52b43103e1e5290a43c9b37c6808fa59d2

data/lib/data/1.2/deprecated-node-mapping.json ADDED Viewed

@@ -0,0 +1,50 @@
+{
+  "poor_physical_security": {
+    "1.1": "other"
+  },
+  "social_engineering": {
+    "1.1": "other"
+  },
+  "unvalidated_redirects_and_forwards.open_redirect.get_based_all_users": {
+    "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
+  },
+  "unvalidated_redirects_and_forwards.open_redirect.get_based_authenticated": {
+    "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
+  },
+  "unvalidated_redirects_and_forwards.open_redirect.get_based_unauthenticated": {
+    "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
+  },
+  "broken_authentication_and_session_management.session_token_in_url.over_https": {
+    "1.2": "sensitive_data_exposure.sensitive_token_in_url"
+  },
+  "broken_authentication_and_session_management.session_token_in_url.over_http": {
+    "1.2": "sensitive_data_exposure.sensitive_token_in_url"
+  },
+  "broken_authentication_and_session_management.session_token_in_url": {
+    "1.2": "sensitive_data_exposure.sensitive_token_in_url"
+  },
+  "insecure_data_transport": {
+    "1.2": "mobile_security_misconfiguration"
+  },
+  "insecure_data_transport.ssl_certificate_pinning": {
+    "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning"
+  },
+  "insecure_data_transport.ssl_certificate_pinning.absent": {
+    "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.absent"
+  },
+  "insecure_data_transport.ssl_certificate_pinning.defeatable": {
+    "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.defeatable"
+  },
+  "insecure_data_storage.credentials_stored_unencrypted": {
+    "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted"
+  },
+  "insecure_data_storage.credentials_stored_unencrypted.on_external_storage": {
+    "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_external_storage"
+  },
+  "insecure_data_storage.credentials_stored_unencrypted.on_internal_storage": {
+    "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_internal_storage"
+  },
+  "insufficient_security_configurability.weak_password_policy.complexity_both_length_and_char_type_not_enforced": {
+    "1.2": "insufficient_security_configurability.weak_password_policy.no_password_policy"
+  }
+}

data/lib/data/1.2/vrt.schema.json ADDED Viewed

@@ -0,0 +1,62 @@
+{
+    "$schema": "http://json-schema.org/draft-04/schema#",
+    "title": "Vulnerability Rating Taxonomy",
+    "description": "A Taxonomy of potential vulnerabilities with suggested technical priority rating",
+    "definitions": {
+      "VRTmetadata": {
+        "type": "object",
+        "properties": {
+          "release_date":   { "type": "string", "format": "date-time" }
+        }
+      },
+      "VRT": {
+        "type": "object",
+        "properties": {
+          "id":             { "type": "string", "pattern": "^[a-z_][a-z_0-9]*$" },
+          "type":           { "type": "string", "enum": [ "category", "subcategory", "variant" ] },
+          "name":           { "type": "string", "pattern": "^[ a-zA-Z0-9-+()\/,.<]*$" },
+          "priority":       {
+                              "anyOf": [
+                                { "type": "number", "minimum": 1, "maximum": 5 },
+                                { "type": "null" }
+                              ]
+                            }
+        },
+        "required": ["id", "name", "type", "priority"]
+      },
+      "VRTparent": {
+        "type": "object",
+        "properties": {
+          "id":             { "type": "string", "pattern": "^[a-z_][a-z_0-9]*$" },
+          "name":           { "type": "string", "pattern": "^[ a-zA-Z0-9-+()\/,.<]*$" },
+          "type":           { "type": "string", "enum": [ "category", "subcategory" ] },
+          "children": {
+            "type": "array",
+            "items" : {
+              "anyOf": [
+                { "$ref": "#/definitions/VRTparent" },
+                { "$ref": "#/definitions/VRT" }
+              ]
+            }
+          }
+        },
+        "required": ["id", "name", "type", "children"]
+      }
+    },
+    "type": "object",
+    "required": ["metadata", "content"],
+    "properties": {
+      "metadata": {
+         "$ref": "#/definitions/VRTmetadata"
+      },
+      "content": {
+        "type": "array",
+        "items" : {
+          "anyOf": [
+            { "$ref": "#/definitions/VRTparent" },
+            { "$ref": "#/definitions/VRT" }
+          ]
+        }
+      }
+    }
+}