vrt 0.10.0 → 0.12.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (37) hide show
  1. checksums.yaml +4 -4
  2. data/lib/data/1.10/deprecated-node-mapping.json +200 -0
  3. data/lib/data/1.10/mappings/cvss_v3/cvss_v3.json +1074 -0
  4. data/lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.10/mappings/cwe/cwe.json +477 -0
  6. data/lib/data/1.10/mappings/cwe/cwe.schema.json +63 -0
  7. data/lib/data/1.10/mappings/remediation_advice/remediation_advice.json +1543 -0
  8. data/lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json +348 -0
  10. data/lib/data/1.10/vrt.schema.json +63 -0
  11. data/lib/data/1.10/vulnerability-rating-taxonomy.json +2171 -0
  12. data/lib/data/1.10.1/deprecated-node-mapping.json +200 -0
  13. data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json +1074 -0
  14. data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  15. data/lib/data/1.10.1/mappings/cwe/cwe.json +477 -0
  16. data/lib/data/1.10.1/mappings/cwe/cwe.schema.json +63 -0
  17. data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json +1543 -0
  18. data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  19. data/lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json +348 -0
  20. data/lib/data/1.10.1/vrt.schema.json +63 -0
  21. data/lib/data/1.10.1/vulnerability-rating-taxonomy.json +2171 -0
  22. data/lib/data/1.11/deprecated-node-mapping.json +236 -0
  23. data/lib/data/1.11/mappings/cvss_v3/cvss_v3.json +1250 -0
  24. data/lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  25. data/lib/data/1.11/mappings/cwe/cwe.json +664 -0
  26. data/lib/data/1.11/mappings/cwe/cwe.schema.json +63 -0
  27. data/lib/data/1.11/mappings/remediation_advice/remediation_advice.json +1811 -0
  28. data/lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  29. data/lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json +392 -0
  30. data/lib/data/1.11/vrt.schema.json +63 -0
  31. data/lib/data/1.11/vulnerability-rating-taxonomy.json +2442 -0
  32. data/lib/vrt/mapping.rb +12 -6
  33. data/lib/vrt/node.rb +4 -0
  34. data/lib/vrt/third_party_links.rb +33 -0
  35. data/lib/vrt/version.rb +1 -1
  36. data/lib/vrt.rb +8 -0
  37. metadata +39 -4
data/lib/vrt/mapping.rb CHANGED
@@ -1,7 +1,12 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module VRT
2
4
  class Mapping
3
- def initialize(scheme)
5
+ PARENT_DIR = 'mappings'
6
+
7
+ def initialize(scheme, subdirectory = nil)
4
8
  @scheme = scheme.to_s
9
+ @parent_directory = File.join(self.class::PARENT_DIR, (subdirectory || @scheme))
5
10
  load_mappings
6
11
  end
7
12
 
@@ -14,9 +19,9 @@ module VRT
14
19
  id_list = VRT.find_node(vrt_id: id_list.join('.'), preferred_version: @min_version).id_list
15
20
  version = @min_version
16
21
  end
17
- mapping = @mappings[version]['content']
18
- default = @mappings[version]['metadata']['default']
19
- keys = @mappings[version]['metadata']['keys']
22
+ mapping = @mappings.dig(version, 'content') || @mappings[version]
23
+ default = @mappings.dig(version, 'metadata', 'default')
24
+ keys = @mappings.dig(version, 'metadata', 'keys')
20
25
  if keys
21
26
  # Convert mappings with multiple keys to be nested under a single
22
27
  # top-level key. Remediation advice has keys 'remediation_advice'
@@ -53,11 +58,12 @@ module VRT
53
58
  end
54
59
 
55
60
  def mapping_file_path(version)
56
- filename = VRT::DIR.join(version, 'mappings', "#{@scheme}.json")
61
+ # Supports legacy flat file structure `mappings/cvss.json`
62
+ filename = VRT::DIR.join(version, self.class::PARENT_DIR, "#{@scheme}.json")
57
63
  return filename if File.file?(filename)
58
64
 
59
65
  # Supports mappings that are nested under their scheme name e.g. `mappings/cvss/cvss.json`
60
- VRT::DIR.join(version, 'mappings', @scheme, "#{@scheme}.json")
66
+ VRT::DIR.join(version, @parent_directory, "#{@scheme}.json")
61
67
  end
62
68
 
63
69
  # Converts arrays to hashes keyed by the id attribute (as a symbol) for easier lookup. So
data/lib/vrt/node.rb CHANGED
@@ -27,6 +27,10 @@ module VRT
27
27
  Hash[VRT.mappings.map { |name, map| [name, map.get(id_list, @version)] }]
28
28
  end
29
29
 
30
+ def third_party_links
31
+ Hash[VRT.third_party_links.map { |name, map| [name, map.get(id_list, @version)] }]
32
+ end
33
+
30
34
  def id_list
31
35
  parent ? parent.id_list << id : [id]
32
36
  end
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ module VRT
4
+ class ThirdPartyLinks < Mapping
5
+ PARENT_DIR = 'third-party-mappings'
6
+
7
+ # Example:
8
+ # scw = VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
9
+ # scw.get(['automotive_security_misconfiguration', 'can', 'injection_dos'], '1.10.1')
10
+
11
+ private
12
+
13
+ def load_mappings
14
+ @mappings = {}
15
+ VRT.versions.each do |version|
16
+ filename = mapping_file_path(version)
17
+ next unless File.file?(filename)
18
+
19
+ mapping = JSON.parse(File.read(filename))
20
+ @mappings[version] = mapping
21
+ # VRT.versions is sorted in reverse semver order
22
+ # so this will end up as the earliest version with a mapping file
23
+ @min_version = version
24
+ end
25
+ raise VRT::Errors::MappingNotFound if @mappings.empty?
26
+ end
27
+
28
+ # For flat third party links ther is no hierarchical step up
29
+ def get_key(id_list:, mapping:, key: nil) # rubocop:disable Lint/UnusedMethodArgument
30
+ mapping.dig(id_list.join('.'))
31
+ end
32
+ end
33
+ end
data/lib/vrt/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Vrt
2
- VERSION = '0.10.0'.freeze
2
+ VERSION = '0.12.2'.freeze
3
3
  end
data/lib/vrt.rb CHANGED
@@ -7,6 +7,7 @@ require 'vrt/node'
7
7
  require 'vrt/mapping'
8
8
  require 'vrt/cross_version_mapping'
9
9
  require 'vrt/errors'
10
+ require 'vrt/third_party_links'
10
11
 
11
12
  require 'date'
12
13
  require 'json'
@@ -123,6 +124,12 @@ module VRT
123
124
  @mappings ||= Hash[MAPPINGS.map { |name| [name, VRT::Mapping.new(name)] }]
124
125
  end
125
126
 
127
+ def third_party_links
128
+ @third_party_links ||= {
129
+ scw: VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
130
+ }
131
+ end
132
+
126
133
  # Cache the VRT contents in-memory, so we're not hitting File I/O multiple times per
127
134
  # request that needs it.
128
135
  def reload!
@@ -131,6 +138,7 @@ module VRT
131
138
  get_json
132
139
  get_map
133
140
  last_updated
141
+ third_party_links
134
142
  mappings
135
143
  end
136
144
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vrt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.10.0
4
+ version: 0.12.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Barnett Klane
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2020-07-09 00:00:00.000000000 Z
13
+ date: 2023-11-20 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: bundler
@@ -96,6 +96,36 @@ files:
96
96
  - lib/data/1.1/deprecated-node-mapping.json
97
97
  - lib/data/1.1/vrt.schema.json
98
98
  - lib/data/1.1/vulnerability-rating-taxonomy.json
99
+ - lib/data/1.10.1/deprecated-node-mapping.json
100
+ - lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json
101
+ - lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json
102
+ - lib/data/1.10.1/mappings/cwe/cwe.json
103
+ - lib/data/1.10.1/mappings/cwe/cwe.schema.json
104
+ - lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json
105
+ - lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json
106
+ - lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json
107
+ - lib/data/1.10.1/vrt.schema.json
108
+ - lib/data/1.10.1/vulnerability-rating-taxonomy.json
109
+ - lib/data/1.10/deprecated-node-mapping.json
110
+ - lib/data/1.10/mappings/cvss_v3/cvss_v3.json
111
+ - lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json
112
+ - lib/data/1.10/mappings/cwe/cwe.json
113
+ - lib/data/1.10/mappings/cwe/cwe.schema.json
114
+ - lib/data/1.10/mappings/remediation_advice/remediation_advice.json
115
+ - lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json
116
+ - lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json
117
+ - lib/data/1.10/vrt.schema.json
118
+ - lib/data/1.10/vulnerability-rating-taxonomy.json
119
+ - lib/data/1.11/deprecated-node-mapping.json
120
+ - lib/data/1.11/mappings/cvss_v3/cvss_v3.json
121
+ - lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json
122
+ - lib/data/1.11/mappings/cwe/cwe.json
123
+ - lib/data/1.11/mappings/cwe/cwe.schema.json
124
+ - lib/data/1.11/mappings/remediation_advice/remediation_advice.json
125
+ - lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json
126
+ - lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json
127
+ - lib/data/1.11/vrt.schema.json
128
+ - lib/data/1.11/vulnerability-rating-taxonomy.json
99
129
  - lib/data/1.2/deprecated-node-mapping.json
100
130
  - lib/data/1.2/vrt.schema.json
101
131
  - lib/data/1.2/vulnerability-rating-taxonomy.json
@@ -180,11 +210,16 @@ files:
180
210
  - lib/vrt/map.rb
181
211
  - lib/vrt/mapping.rb
182
212
  - lib/vrt/node.rb
213
+ - lib/vrt/third_party_links.rb
183
214
  - lib/vrt/version.rb
184
215
  homepage: https://github.com/bugcrowd/vrt-ruby
185
216
  licenses:
186
217
  - MIT
187
- metadata: {}
218
+ metadata:
219
+ homepage_uri: https://github.com/bugcrowd/vrt-ruby
220
+ changelog_uri: https://github.com/bugcrowd/vrt-ruby/blob/master/CHANGELOG.md
221
+ source_code_uri: https://github.com/bugcrowd/vrt-ruby
222
+ bug_tracker_uri: https://github.com/bugcrowd/vrt-ruby/issues
188
223
  post_install_message:
189
224
  rdoc_options: []
190
225
  require_paths:
@@ -200,7 +235,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
200
235
  - !ruby/object:Gem::Version
201
236
  version: '0'
202
237
  requirements: []
203
- rubygems_version: 3.1.2
238
+ rubygems_version: 3.0.3.1
204
239
  signing_key:
205
240
  specification_version: 4
206
241
  summary: Ruby wrapper for Bugcrowd's Vulnerability Rating Taxonomy