vrt 0.10.0 → 0.12.2

data/lib/vrt/mapping.rb

@@ -1,7 +1,12 @@
+# frozen_string_literal: true
+
 module VRT
   class Mapping
-    def initialize(scheme)
+    PARENT_DIR = 'mappings'
+
+    def initialize(scheme, subdirectory = nil)
       @scheme = scheme.to_s
+      @parent_directory = File.join(self.class::PARENT_DIR, (subdirectory || @scheme))
       load_mappings
     end
 
@@ -14,9 +19,9 @@ module VRT
         id_list = VRT.find_node(vrt_id: id_list.join('.'), preferred_version: @min_version).id_list
         version = @min_version
       end
-      mapping = @mappings[version]['content']
-      default = @mappings[version]['metadata']['default']
-      keys = @mappings[version]['metadata']['keys']
+      mapping = @mappings.dig(version, 'content') || @mappings[version]
+      default = @mappings.dig(version, 'metadata', 'default')
+      keys = @mappings.dig(version, 'metadata', 'keys')
       if keys
         # Convert mappings with multiple keys to be nested under a single
         # top-level key. Remediation advice has keys 'remediation_advice'
@@ -53,11 +58,12 @@ module VRT
     end
 
     def mapping_file_path(version)
-      filename = VRT::DIR.join(version, 'mappings', "#{@scheme}.json")
+      # Supports legacy flat file structure `mappings/cvss.json`
+      filename = VRT::DIR.join(version, self.class::PARENT_DIR, "#{@scheme}.json")
       return filename if File.file?(filename)
 
       # Supports mappings that are nested under their scheme name e.g. `mappings/cvss/cvss.json`
-      VRT::DIR.join(version, 'mappings', @scheme, "#{@scheme}.json")
+      VRT::DIR.join(version, @parent_directory, "#{@scheme}.json")
     end
 
     # Converts arrays to hashes keyed by the id attribute (as a symbol) for easier lookup. So

data/lib/vrt/node.rb

@@ -27,6 +27,10 @@ module VRT
       Hash[VRT.mappings.map { |name, map| [name, map.get(id_list, @version)] }]
     end
 
+    def third_party_links
+      Hash[VRT.third_party_links.map { |name, map| [name, map.get(id_list, @version)] }]
+    end
+
     def id_list
       parent ? parent.id_list << id : [id]
     end

data/lib/vrt/third_party_links.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module VRT
+  class ThirdPartyLinks < Mapping
+    PARENT_DIR = 'third-party-mappings'
+
+    # Example:
+    # scw = VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
+    # scw.get(['automotive_security_misconfiguration', 'can', 'injection_dos'], '1.10.1')
+
+    private
+
+    def load_mappings
+      @mappings = {}
+      VRT.versions.each do |version|
+        filename = mapping_file_path(version)
+        next unless File.file?(filename)
+
+        mapping = JSON.parse(File.read(filename))
+        @mappings[version] = mapping
+        # VRT.versions is sorted in reverse semver order
+        # so this will end up as the earliest version with a mapping file
+        @min_version = version
+      end
+      raise VRT::Errors::MappingNotFound if @mappings.empty?
+    end
+
+    # For flat third party links ther is no hierarchical step up
+    def get_key(id_list:, mapping:, key: nil) # rubocop:disable Lint/UnusedMethodArgument
+      mapping.dig(id_list.join('.'))
+    end
+  end
+end

data/lib/vrt/version.rb

@@ -1,3 +1,3 @@
 module Vrt
-  VERSION = '0.10.0'.freeze
+  VERSION = '0.12.2'.freeze
 end

data/lib/vrt.rb

@@ -7,6 +7,7 @@ require 'vrt/node'
 require 'vrt/mapping'
 require 'vrt/cross_version_mapping'
 require 'vrt/errors'
+require 'vrt/third_party_links'
 
 require 'date'
 require 'json'
@@ -123,6 +124,12 @@ module VRT
     @mappings ||= Hash[MAPPINGS.map { |name| [name, VRT::Mapping.new(name)] }]
   end
 
+  def third_party_links
+    @third_party_links ||= {
+      scw: VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
+    }
+  end
+
   # Cache the VRT contents in-memory, so we're not hitting File I/O multiple times per
   # request that needs it.
   def reload!
@@ -131,6 +138,7 @@ module VRT
     get_json
     get_map
     last_updated
+    third_party_links
     mappings
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vrt
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.12.2
 platform: ruby
 authors:
 - Barnett Klane
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-07-09 00:00:00.000000000 Z
+date: 2023-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -96,6 +96,36 @@ files:
 - lib/data/1.1/deprecated-node-mapping.json
 - lib/data/1.1/vrt.schema.json
 - lib/data/1.1/vulnerability-rating-taxonomy.json
+- lib/data/1.10.1/deprecated-node-mapping.json
+- lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.10.1/mappings/cwe/cwe.json
+- lib/data/1.10.1/mappings/cwe/cwe.schema.json
+- lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json
+- lib/data/1.10.1/vrt.schema.json
+- lib/data/1.10.1/vulnerability-rating-taxonomy.json
+- lib/data/1.10/deprecated-node-mapping.json
+- lib/data/1.10/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.10/mappings/cwe/cwe.json
+- lib/data/1.10/mappings/cwe/cwe.schema.json
+- lib/data/1.10/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json
+- lib/data/1.10/vrt.schema.json
+- lib/data/1.10/vulnerability-rating-taxonomy.json
+- lib/data/1.11/deprecated-node-mapping.json
+- lib/data/1.11/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.11/mappings/cwe/cwe.json
+- lib/data/1.11/mappings/cwe/cwe.schema.json
+- lib/data/1.11/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json
+- lib/data/1.11/vrt.schema.json
+- lib/data/1.11/vulnerability-rating-taxonomy.json
 - lib/data/1.2/deprecated-node-mapping.json
 - lib/data/1.2/vrt.schema.json
 - lib/data/1.2/vulnerability-rating-taxonomy.json
@@ -180,11 +210,16 @@ files:
 - lib/vrt/map.rb
 - lib/vrt/mapping.rb
 - lib/vrt/node.rb
+- lib/vrt/third_party_links.rb
 - lib/vrt/version.rb
 homepage: https://github.com/bugcrowd/vrt-ruby
 licenses:
 - MIT
-metadata: {}
+metadata:
+  homepage_uri: https://github.com/bugcrowd/vrt-ruby
+  changelog_uri: https://github.com/bugcrowd/vrt-ruby/blob/master/CHANGELOG.md
+  source_code_uri: https://github.com/bugcrowd/vrt-ruby
+  bug_tracker_uri: https://github.com/bugcrowd/vrt-ruby/issues
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -200,7 +235,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.0.3.1
 signing_key: 
 specification_version: 4
 summary: Ruby wrapper for Bugcrowd's Vulnerability Rating Taxonomy