vrt 0.10.0 → 0.12.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/data/1.10/deprecated-node-mapping.json +200 -0
- data/lib/data/1.10/mappings/cvss_v3/cvss_v3.json +1074 -0
- data/lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json +59 -0
- data/lib/data/1.10/mappings/cwe/cwe.json +477 -0
- data/lib/data/1.10/mappings/cwe/cwe.schema.json +63 -0
- data/lib/data/1.10/mappings/remediation_advice/remediation_advice.json +1543 -0
- data/lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json +75 -0
- data/lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json +348 -0
- data/lib/data/1.10/vrt.schema.json +63 -0
- data/lib/data/1.10/vulnerability-rating-taxonomy.json +2171 -0
- data/lib/data/1.10.1/deprecated-node-mapping.json +200 -0
- data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json +1074 -0
- data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
- data/lib/data/1.10.1/mappings/cwe/cwe.json +477 -0
- data/lib/data/1.10.1/mappings/cwe/cwe.schema.json +63 -0
- data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json +1543 -0
- data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
- data/lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json +348 -0
- data/lib/data/1.10.1/vrt.schema.json +63 -0
- data/lib/data/1.10.1/vulnerability-rating-taxonomy.json +2171 -0
- data/lib/data/1.11/deprecated-node-mapping.json +236 -0
- data/lib/data/1.11/mappings/cvss_v3/cvss_v3.json +1250 -0
- data/lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json +59 -0
- data/lib/data/1.11/mappings/cwe/cwe.json +664 -0
- data/lib/data/1.11/mappings/cwe/cwe.schema.json +63 -0
- data/lib/data/1.11/mappings/remediation_advice/remediation_advice.json +1811 -0
- data/lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json +75 -0
- data/lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json +392 -0
- data/lib/data/1.11/vrt.schema.json +63 -0
- data/lib/data/1.11/vulnerability-rating-taxonomy.json +2442 -0
- data/lib/vrt/mapping.rb +12 -6
- data/lib/vrt/node.rb +4 -0
- data/lib/vrt/third_party_links.rb +33 -0
- data/lib/vrt/version.rb +1 -1
- data/lib/vrt.rb +8 -0
- metadata +39 -4
data/lib/vrt/mapping.rb
CHANGED
@@ -1,7 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module VRT
|
2
4
|
class Mapping
|
3
|
-
|
5
|
+
PARENT_DIR = 'mappings'
|
6
|
+
|
7
|
+
def initialize(scheme, subdirectory = nil)
|
4
8
|
@scheme = scheme.to_s
|
9
|
+
@parent_directory = File.join(self.class::PARENT_DIR, (subdirectory || @scheme))
|
5
10
|
load_mappings
|
6
11
|
end
|
7
12
|
|
@@ -14,9 +19,9 @@ module VRT
|
|
14
19
|
id_list = VRT.find_node(vrt_id: id_list.join('.'), preferred_version: @min_version).id_list
|
15
20
|
version = @min_version
|
16
21
|
end
|
17
|
-
mapping = @mappings
|
18
|
-
default = @mappings
|
19
|
-
keys = @mappings
|
22
|
+
mapping = @mappings.dig(version, 'content') || @mappings[version]
|
23
|
+
default = @mappings.dig(version, 'metadata', 'default')
|
24
|
+
keys = @mappings.dig(version, 'metadata', 'keys')
|
20
25
|
if keys
|
21
26
|
# Convert mappings with multiple keys to be nested under a single
|
22
27
|
# top-level key. Remediation advice has keys 'remediation_advice'
|
@@ -53,11 +58,12 @@ module VRT
|
|
53
58
|
end
|
54
59
|
|
55
60
|
def mapping_file_path(version)
|
56
|
-
|
61
|
+
# Supports legacy flat file structure `mappings/cvss.json`
|
62
|
+
filename = VRT::DIR.join(version, self.class::PARENT_DIR, "#{@scheme}.json")
|
57
63
|
return filename if File.file?(filename)
|
58
64
|
|
59
65
|
# Supports mappings that are nested under their scheme name e.g. `mappings/cvss/cvss.json`
|
60
|
-
VRT::DIR.join(version,
|
66
|
+
VRT::DIR.join(version, @parent_directory, "#{@scheme}.json")
|
61
67
|
end
|
62
68
|
|
63
69
|
# Converts arrays to hashes keyed by the id attribute (as a symbol) for easier lookup. So
|
data/lib/vrt/node.rb
CHANGED
@@ -27,6 +27,10 @@ module VRT
|
|
27
27
|
Hash[VRT.mappings.map { |name, map| [name, map.get(id_list, @version)] }]
|
28
28
|
end
|
29
29
|
|
30
|
+
def third_party_links
|
31
|
+
Hash[VRT.third_party_links.map { |name, map| [name, map.get(id_list, @version)] }]
|
32
|
+
end
|
33
|
+
|
30
34
|
def id_list
|
31
35
|
parent ? parent.id_list << id : [id]
|
32
36
|
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module VRT
|
4
|
+
class ThirdPartyLinks < Mapping
|
5
|
+
PARENT_DIR = 'third-party-mappings'
|
6
|
+
|
7
|
+
# Example:
|
8
|
+
# scw = VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
|
9
|
+
# scw.get(['automotive_security_misconfiguration', 'can', 'injection_dos'], '1.10.1')
|
10
|
+
|
11
|
+
private
|
12
|
+
|
13
|
+
def load_mappings
|
14
|
+
@mappings = {}
|
15
|
+
VRT.versions.each do |version|
|
16
|
+
filename = mapping_file_path(version)
|
17
|
+
next unless File.file?(filename)
|
18
|
+
|
19
|
+
mapping = JSON.parse(File.read(filename))
|
20
|
+
@mappings[version] = mapping
|
21
|
+
# VRT.versions is sorted in reverse semver order
|
22
|
+
# so this will end up as the earliest version with a mapping file
|
23
|
+
@min_version = version
|
24
|
+
end
|
25
|
+
raise VRT::Errors::MappingNotFound if @mappings.empty?
|
26
|
+
end
|
27
|
+
|
28
|
+
# For flat third party links ther is no hierarchical step up
|
29
|
+
def get_key(id_list:, mapping:, key: nil) # rubocop:disable Lint/UnusedMethodArgument
|
30
|
+
mapping.dig(id_list.join('.'))
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
data/lib/vrt/version.rb
CHANGED
data/lib/vrt.rb
CHANGED
@@ -7,6 +7,7 @@ require 'vrt/node'
|
|
7
7
|
require 'vrt/mapping'
|
8
8
|
require 'vrt/cross_version_mapping'
|
9
9
|
require 'vrt/errors'
|
10
|
+
require 'vrt/third_party_links'
|
10
11
|
|
11
12
|
require 'date'
|
12
13
|
require 'json'
|
@@ -123,6 +124,12 @@ module VRT
|
|
123
124
|
@mappings ||= Hash[MAPPINGS.map { |name| [name, VRT::Mapping.new(name)] }]
|
124
125
|
end
|
125
126
|
|
127
|
+
def third_party_links
|
128
|
+
@third_party_links ||= {
|
129
|
+
scw: VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
|
130
|
+
}
|
131
|
+
end
|
132
|
+
|
126
133
|
# Cache the VRT contents in-memory, so we're not hitting File I/O multiple times per
|
127
134
|
# request that needs it.
|
128
135
|
def reload!
|
@@ -131,6 +138,7 @@ module VRT
|
|
131
138
|
get_json
|
132
139
|
get_map
|
133
140
|
last_updated
|
141
|
+
third_party_links
|
134
142
|
mappings
|
135
143
|
end
|
136
144
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vrt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.12.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Barnett Klane
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2023-11-20 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: bundler
|
@@ -96,6 +96,36 @@ files:
|
|
96
96
|
- lib/data/1.1/deprecated-node-mapping.json
|
97
97
|
- lib/data/1.1/vrt.schema.json
|
98
98
|
- lib/data/1.1/vulnerability-rating-taxonomy.json
|
99
|
+
- lib/data/1.10.1/deprecated-node-mapping.json
|
100
|
+
- lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json
|
101
|
+
- lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json
|
102
|
+
- lib/data/1.10.1/mappings/cwe/cwe.json
|
103
|
+
- lib/data/1.10.1/mappings/cwe/cwe.schema.json
|
104
|
+
- lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json
|
105
|
+
- lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json
|
106
|
+
- lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json
|
107
|
+
- lib/data/1.10.1/vrt.schema.json
|
108
|
+
- lib/data/1.10.1/vulnerability-rating-taxonomy.json
|
109
|
+
- lib/data/1.10/deprecated-node-mapping.json
|
110
|
+
- lib/data/1.10/mappings/cvss_v3/cvss_v3.json
|
111
|
+
- lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json
|
112
|
+
- lib/data/1.10/mappings/cwe/cwe.json
|
113
|
+
- lib/data/1.10/mappings/cwe/cwe.schema.json
|
114
|
+
- lib/data/1.10/mappings/remediation_advice/remediation_advice.json
|
115
|
+
- lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json
|
116
|
+
- lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json
|
117
|
+
- lib/data/1.10/vrt.schema.json
|
118
|
+
- lib/data/1.10/vulnerability-rating-taxonomy.json
|
119
|
+
- lib/data/1.11/deprecated-node-mapping.json
|
120
|
+
- lib/data/1.11/mappings/cvss_v3/cvss_v3.json
|
121
|
+
- lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json
|
122
|
+
- lib/data/1.11/mappings/cwe/cwe.json
|
123
|
+
- lib/data/1.11/mappings/cwe/cwe.schema.json
|
124
|
+
- lib/data/1.11/mappings/remediation_advice/remediation_advice.json
|
125
|
+
- lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json
|
126
|
+
- lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json
|
127
|
+
- lib/data/1.11/vrt.schema.json
|
128
|
+
- lib/data/1.11/vulnerability-rating-taxonomy.json
|
99
129
|
- lib/data/1.2/deprecated-node-mapping.json
|
100
130
|
- lib/data/1.2/vrt.schema.json
|
101
131
|
- lib/data/1.2/vulnerability-rating-taxonomy.json
|
@@ -180,11 +210,16 @@ files:
|
|
180
210
|
- lib/vrt/map.rb
|
181
211
|
- lib/vrt/mapping.rb
|
182
212
|
- lib/vrt/node.rb
|
213
|
+
- lib/vrt/third_party_links.rb
|
183
214
|
- lib/vrt/version.rb
|
184
215
|
homepage: https://github.com/bugcrowd/vrt-ruby
|
185
216
|
licenses:
|
186
217
|
- MIT
|
187
|
-
metadata:
|
218
|
+
metadata:
|
219
|
+
homepage_uri: https://github.com/bugcrowd/vrt-ruby
|
220
|
+
changelog_uri: https://github.com/bugcrowd/vrt-ruby/blob/master/CHANGELOG.md
|
221
|
+
source_code_uri: https://github.com/bugcrowd/vrt-ruby
|
222
|
+
bug_tracker_uri: https://github.com/bugcrowd/vrt-ruby/issues
|
188
223
|
post_install_message:
|
189
224
|
rdoc_options: []
|
190
225
|
require_paths:
|
@@ -200,7 +235,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
200
235
|
- !ruby/object:Gem::Version
|
201
236
|
version: '0'
|
202
237
|
requirements: []
|
203
|
-
rubygems_version: 3.1
|
238
|
+
rubygems_version: 3.0.3.1
|
204
239
|
signing_key:
|
205
240
|
specification_version: 4
|
206
241
|
summary: Ruby wrapper for Bugcrowd's Vulnerability Rating Taxonomy
|