vrt 0.10.0 → 0.11.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (23) hide show
  1. checksums.yaml +4 -4
  2. data/lib/data/1.10.1/deprecated-node-mapping.json +200 -0
  3. data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json +1074 -0
  4. data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.10.1/mappings/cwe/cwe.json +477 -0
  6. data/lib/data/1.10.1/mappings/cwe/cwe.schema.json +63 -0
  7. data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json +1543 -0
  8. data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json +348 -0
  10. data/lib/data/1.10.1/vrt.schema.json +63 -0
  11. data/lib/data/1.10.1/vulnerability-rating-taxonomy.json +2171 -0
  12. data/lib/data/1.10/deprecated-node-mapping.json +200 -0
  13. data/lib/data/1.10/mappings/cvss_v3/cvss_v3.json +1074 -0
  14. data/lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  15. data/lib/data/1.10/mappings/cwe/cwe.json +477 -0
  16. data/lib/data/1.10/mappings/cwe/cwe.schema.json +63 -0
  17. data/lib/data/1.10/mappings/remediation_advice/remediation_advice.json +1543 -0
  18. data/lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  19. data/lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json +348 -0
  20. data/lib/data/1.10/vrt.schema.json +63 -0
  21. data/lib/data/1.10/vulnerability-rating-taxonomy.json +2171 -0
  22. data/lib/vrt/version.rb +1 -1
  23. metadata +31 -7
data/lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json ADDED
@@ -0,0 +1,59 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-04/schema#",
3
+ "title": "VRT to CVSS v3 Mapping",
4
+ "description": "Mapping from the Vulnerability Rating Taxonomy to CVSS v3",
5
+ "definitions": {
6
+ "MappingMetadata": {
7
+ "type": "object",
8
+ "properties": {
9
+ "default": { "$ref": "#/definitions/CVSSv3" }
10
+ },
11
+ "required": ["default"]
12
+ },
13
+ "VRTid": { "type": "string", "pattern": "^[a-z_]*$" },
14
+ "CVSSv3": { "type": "string", "pattern": "^AV:[NALP]/AC:[LH]/PR:[NLH]/UI:[NR]/S:[UC]/C:[NLH]/I:[NLH]/A:[NLH]$" },
15
+ "Mapping": {
16
+ "type": "object",
17
+ "properties": {
18
+ "id": { "$ref": "#/definitions/VRTid" },
19
+ "cvss_v3" : { "$ref": "#/definitions/CVSSv3" }
20
+ },
21
+ "required": ["id", "cvss_v3"],
22
+ "additionalProperties": false
23
+ },
24
+ "MappingParent": {
25
+ "type": "object",
26
+ "properties": {
27
+ "id": { "$ref": "#/definitions/VRTid" },
28
+ "children": {
29
+ "type": "array",
30
+ "items" : {
31
+ "anyOf": [
32
+ { "$ref": "#/definitions/MappingParent" },
33
+ { "$ref": "#/definitions/Mapping" }
34
+ ]
35
+ }
36
+ },
37
+ "cvss_v3" : { "$ref": "#/definitions/CVSSv3" }
38
+ },
39
+ "required": ["id", "children"],
40
+ "additionalProperties": false
41
+ }
42
+ },
43
+ "type": "object",
44
+ "required": ["metadata", "content"],
45
+ "properties": {
46
+ "metadata": {
47
+ "$ref": "#/definitions/MappingMetadata"
48
+ },
49
+ "content": {
50
+ "type": "array",
51
+ "items" : {
52
+ "anyOf": [
53
+ { "$ref": "#/definitions/MappingParent" },
54
+ { "$ref": "#/definitions/Mapping" }
55
+ ]
56
+ }
57
+ }
58
+ }
59
+ }
data/lib/data/1.10/mappings/cwe/cwe.json ADDED
@@ -0,0 +1,477 @@
1
+ {
2
+ "metadata": {
3
+ "default": null
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "server_security_misconfiguration",
8
+ "cwe": ["CWE-16"],
9
+ "children": [
10
+ {
11
+ "id": "unsafe_cross_origin_resource_sharing",
12
+ "cwe": ["CWE-942"]
13
+ },
14
+ {
15
+ "id": "path_traversal",
16
+ "cwe": ["CWE-22", "CWE-73"]
17
+ },
18
+ {
19
+ "id": "directory_listing_enabled",
20
+ "cwe": ["CWE-548"]
21
+ },
22
+ {
23
+ "id": "ssl_attack_breach_poodle_etc",
24
+ "cwe": ["CWE-310"]
25
+ },
26
+ {
27
+ "id": "using_default_credentials",
28
+ "cwe": ["CWE-255", "CWE-521"]
29
+ },
30
+ {
31
+ "id": "misconfigured_dns",
32
+ "children": [
33
+ {
34
+ "id": "zone_transfer",
35
+ "cwe": ["CWE-669"]
36
+ }
37
+ ]
38
+ },
39
+ {
40
+ "id": "dbms_misconfiguration",
41
+ "children": [
42
+ {
43
+ "id": "excessively_privileged_user_dba",
44
+ "cwe": ["CWE-250"]
45
+ }
46
+ ]
47
+ },
48
+ {
49
+ "id": "lack_of_password_confirmation",
50
+ "children": [
51
+ {
52
+ "id": "change_password",
53
+ "cwe": ["CWE-620"]
54
+ }
55
+ ]
56
+ },
57
+ {
58
+ "id": "no_rate_limiting_on_form",
59
+ "cwe": ["CWE-799"],
60
+ "children": [
61
+ {
62
+ "id": "login",
63
+ "cwe": ["CWE-307"]
64
+ }
65
+ ]
66
+ },
67
+ {
68
+ "id": "unsafe_file_upload",
69
+ "children": [
70
+ {
71
+ "id": "file_extension_filter_bypass",
72
+ "cwe": ["CWE-434", "CWE-646"]
73
+ }
74
+ ]
75
+ },
76
+ {
77
+ "id": "missing_secure_or_httponly_cookie_flag",
78
+ "cwe": ["CWE-614", "CWE-1004"]
79
+ },
80
+ {
81
+ "id": "clickjacking",
82
+ "cwe": ["CWE-451"]
83
+ },
84
+ {
85
+ "id": "oauth_misconfiguration",
86
+ "cwe": ["CWE-303"],
87
+ "children": [
88
+ {
89
+ "id": "missing_state_parameter",
90
+ "cwe": ["CWE-352"]
91
+ },
92
+ {
93
+ "id": "insecure_redirect_uri",
94
+ "cwe": ["CWE-601"]
95
+ }
96
+ ]
97
+ },
98
+ {
99
+ "id": "captcha",
100
+ "cwe": ["CWE-804"]
101
+ },
102
+ {
103
+ "id": "username_enumeration",
104
+ "cwe": ["CWE-204"]
105
+ },
106
+ {
107
+ "id": "insecure_ssl",
108
+ "children": [
109
+ {
110
+ "id": "insecure_cipher_suite",
111
+ "cwe": ["CWE-326"]
112
+ }
113
+ ]
114
+ },
115
+ {
116
+ "id": "lack_of_security_headers",
117
+ "children": [
118
+ {
119
+ "id": "cache_control_for_a_non_sensitive_page",
120
+ "cwe": ["CWE-525"]
121
+ },
122
+ {
123
+ "id": "cache_control_for_a_sensitive_page",
124
+ "cwe": ["CWE-525"]
125
+ }
126
+ ]
127
+ },
128
+ {
129
+ "id": "race_condition",
130
+ "cwe": ["CWE-362", "CWE-366", "CWE-368", "CWE-421"]
131
+ },
132
+ {
133
+ "id": "cache_poisoning",
134
+ "cwe": ["CWE-444"]
135
+ }
136
+ ]
137
+ },
138
+ {
139
+ "id": "server_side_injection",
140
+ "cwe": ["CWE-929"],
141
+ "children": [
142
+ {
143
+ "id": "file_inclusion",
144
+ "cwe": ["CWE-73", "CWE-714"]
145
+ },
146
+ {
147
+ "id": "remote_code_execution_rce",
148
+ "cwe": ["CWE-77", "CWE-78", "CWE-94", "CWE-95"]
149
+ },
150
+ {
151
+ "id": "sql_injection",
152
+ "cwe": ["CWE-89"]
153
+ },
154
+ {
155
+ "id": "xml_external_entity_injection_xxe",
156
+ "cwe": ["CWE-611"]
157
+ },
158
+ {
159
+ "id": "http_response_manipulation",
160
+ "children": [
161
+ {
162
+ "id": "response_splitting_crlf",
163
+ "cwe": ["CWE-113"]
164
+ }
165
+ ]
166
+ },
167
+ {
168
+ "id": "content_spoofing",
169
+ "cwe": ["CWE-451"],
170
+ "children": [
171
+ {
172
+ "id": "homograph_idn_based",
173
+ "cwe": ["CWE-1007"]
174
+ }
175
+ ]
176
+ },
177
+ {
178
+ "id": "ssti",
179
+ "cwe": ["CWE-94"]
180
+ }
181
+ ]
182
+ },
183
+ {
184
+ "id": "broken_authentication_and_session_management",
185
+ "cwe": ["CWE-930"],
186
+ "children": [
187
+ {
188
+ "id": "authentication_bypass",
189
+ "cwe": ["CWE-287"]
190
+ },
191
+ {
192
+ "id": "two_fa_bypass",
193
+ "cwe": ["CWE-304"]
194
+ },
195
+ {
196
+ "id": "privilege_escalation",
197
+ "cwe": ["CWE-269"]
198
+ },
199
+ {
200
+ "id": "cleartext_transmission_of_session_token",
201
+ "cwe": ["CWE-319"]
202
+ },
203
+ {
204
+ "id": "weak_login_function",
205
+ "cwe": ["CWE-523"]
206
+ },
207
+ {
208
+ "id": "session_fixation",
209
+ "cwe": ["CWE-384"]
210
+ },
211
+ {
212
+ "id": "failure_to_invalidate_session",
213
+ "cwe": ["CWE-613"]
214
+ },
215
+ {
216
+ "id": "concurrent_logins",
217
+ "cwe": ["CWE-1018"]
218
+ },
219
+ {
220
+ "id": "weak_registration_implementation",
221
+ "children": [
222
+ {
223
+ "id": "over_http",
224
+ "cwe": ["CWE-311"]
225
+ }
226
+ ]
227
+ }
228
+ ]
229
+ },
230
+ {
231
+ "id": "sensitive_data_exposure",
232
+ "cwe": ["CWE-934"],
233
+ "children": [
234
+ {
235
+ "id": "disclosure_of_secrets",
236
+ "cwe": ["CWE-522"]
237
+ },
238
+ {
239
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
240
+ "cwe": ["CWE-200"]
241
+ },
242
+ {
243
+ "id": "visible_detailed_error_page",
244
+ "cwe": ["CWE-209", "CWE-215"]
245
+ },
246
+ {
247
+ "id": "disclosure_of_known_public_information",
248
+ "cwe": ["CWE-200"]
249
+ },
250
+ {
251
+ "id": "token_leakage_via_referer",
252
+ "cwe": ["CWE-200"]
253
+ },
254
+ {
255
+ "id": "sensitive_token_in_url",
256
+ "cwe": ["CWE-200"]
257
+ },
258
+ {
259
+ "id": "non_sensitive_token_in_url",
260
+ "cwe": ["CWE-200"]
261
+ },
262
+ {
263
+ "id": "weak_password_reset_implementation",
264
+ "cwe": ["CWE-640"]
265
+ },
266
+ {
267
+ "id": "via_localstorage_sessionstorage",
268
+ "cwe": ["CWE-922"]
269
+ }
270
+ ]
271
+ },
272
+ {
273
+ "id": "cross_site_scripting_xss",
274
+ "cwe": ["CWE-79"]
275
+ },
276
+ {
277
+ "id": "broken_access_control",
278
+ "cwe": ["CWE-723"],
279
+ "children": [
280
+ {
281
+ "id": "idor",
282
+ "cwe": ["CWE-932"]
283
+ },
284
+ {
285
+ "id": "server_side_request_forgery_ssrf",
286
+ "cwe": ["CWE-918", "CWE-441"]
287
+ },
288
+ {
289
+ "id": "username_enumeration",
290
+ "cwe": ["CWE-200"]
291
+ },
292
+ {
293
+ "id": "exposed_sensitive_android_intent",
294
+ "cwe": ["CWE-927"]
295
+ },
296
+ {
297
+ "id": "exposed_sensitive_ios_url_scheme",
298
+ "cwe": ["CWE-939"]
299
+ }
300
+ ]
301
+ },
302
+ {
303
+ "id": "cross_site_request_forgery_csrf",
304
+ "cwe": ["CWE-352"]
305
+ },
306
+ {
307
+ "id": "application_level_denial_of_service_dos",
308
+ "cwe": ["CWE-400"]
309
+ },
310
+ {
311
+ "id": "unvalidated_redirects_and_forwards",
312
+ "cwe": ["CWE-601"],
313
+ "children": [
314
+ {
315
+ "id": "open_redirect",
316
+ "cwe": ["CWE-601"]
317
+ },
318
+ {
319
+ "id": "tabnabbing",
320
+ "cwe": ["CWE-1022"]
321
+ }
322
+ ]
323
+ },
324
+ {
325
+ "id": "external_behavior",
326
+ "cwe": null
327
+ },
328
+ {
329
+ "id": "insufficient_security_configurability",
330
+ "cwe": ["CWE-16"],
331
+ "children": [
332
+ {
333
+ "id": "weak_password_policy",
334
+ "cwe": ["CWE-521"]
335
+ },
336
+ {
337
+ "id": "no_password_policy",
338
+ "cwe": ["CWE-521"]
339
+ },
340
+ {
341
+ "id": "password_policy_bypass",
342
+ "cwe": ["CWE-521"]
343
+ },
344
+ {
345
+ "id": "weak_password_reset_implementation",
346
+ "cwe": ["CWE-640"]
347
+ }
348
+ ]
349
+ },
350
+ {
351
+ "id": "using_components_with_known_vulnerabilities",
352
+ "cwe": ["CWE-937"]
353
+ },
354
+ {
355
+ "id": "insecure_data_storage",
356
+ "cwe": ["CWE-729", "CWE-922"],
357
+ "children": [
358
+ {
359
+ "id": "sensitive_application_data_stored_unencrypted",
360
+ "cwe": ["CWE-312"]
361
+ },
362
+ {
363
+ "id": "server_side_credentials_storage",
364
+ "cwe": ["CWE-522"],
365
+ "children": [
366
+ {
367
+ "id": "plaintext",
368
+ "cwe": ["CWE-256"]
369
+ }
370
+ ]
371
+ },
372
+ {
373
+ "id": "non_sensitive_application_data_stored_unencrypted",
374
+ "cwe": ["CWE-312"]
375
+ }
376
+ ]
377
+ },
378
+ {
379
+ "id": "lack_of_binary_hardening",
380
+ "cwe": ["CWE-693"]
381
+ },
382
+ {
383
+ "id": "insecure_data_transport",
384
+ "cwe": ["CWE-311", "CWE-319"],
385
+ "children": [
386
+ {
387
+ "id": "cleartext_transmission_of_sensitive_data",
388
+ "cwe": ["CWE-319"]
389
+ },
390
+ {
391
+ "id": "executable_download",
392
+ "children": [
393
+ {
394
+ "id": "no_secure_integrity_check",
395
+ "cwe": ["CWE-353", "CWE-354", "CWE-494"]
396
+ }
397
+ ]
398
+ }
399
+ ]
400
+ },
401
+ {
402
+ "id": "insecure_os_firmware",
403
+ "children": [
404
+ {
405
+ "id": "command_injection",
406
+ "cwe": ["CWE-77"]
407
+ },
408
+ {
409
+ "id": "hardcoded_password",
410
+ "cwe": ["CWE-259"]
411
+ }
412
+ ]
413
+ },
414
+ {
415
+ "id": "broken_cryptography",
416
+ "cwe": ["CWE-310"]
417
+ },
418
+ {
419
+ "id": "privacy_concerns",
420
+ "cwe": ["CWE-359"]
421
+ },
422
+ {
423
+ "id": "network_security_misconfiguration",
424
+ "cwe": ["CWE-16"]
425
+ },
426
+ {
427
+ "id": "mobile_security_misconfiguration",
428
+ "cwe": ["CWE-919"]
429
+ },
430
+ {
431
+ "id": "client_side_injection",
432
+ "cwe": ["CWE-929"]
433
+ },
434
+ {
435
+ "id": "automotive_security_misconfiguration",
436
+ "cwe": null,
437
+ "children": [
438
+ {
439
+ "id": "infotainment_radio_head_unit",
440
+ "cwe": null
441
+ },
442
+ {
443
+ "id": "rf_hub",
444
+ "cwe": null
445
+ },
446
+ {
447
+ "id": "can",
448
+ "cwe": null
449
+ },
450
+ {
451
+ "id": "battery_management_system",
452
+ "cwe": null
453
+ },
454
+ {
455
+ "id": "gnss_gps",
456
+ "cwe": null
457
+ },
458
+ {
459
+ "id": "immobilizer",
460
+ "cwe": null
461
+ },
462
+ {
463
+ "id": "abs",
464
+ "cwe": null
465
+ },
466
+ {
467
+ "id": "rsu",
468
+ "cwe": null
469
+ }
470
+ ]
471
+ },
472
+ {
473
+ "id": "indicators_of_compromise",
474
+ "cwe": null
475
+ }
476
+ ]
477
+ }