vrt 0.11.0 → 0.12.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (17) hide show
  1. checksums.yaml +4 -4
  2. data/lib/data/1.11/deprecated-node-mapping.json +236 -0
  3. data/lib/data/1.11/mappings/cvss_v3/cvss_v3.json +1250 -0
  4. data/lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.11/mappings/cwe/cwe.json +664 -0
  6. data/lib/data/1.11/mappings/cwe/cwe.schema.json +63 -0
  7. data/lib/data/1.11/mappings/remediation_advice/remediation_advice.json +1811 -0
  8. data/lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json +392 -0
  10. data/lib/data/1.11/vrt.schema.json +63 -0
  11. data/lib/data/1.11/vulnerability-rating-taxonomy.json +2442 -0
  12. data/lib/vrt/mapping.rb +12 -6
  13. data/lib/vrt/node.rb +4 -0
  14. data/lib/vrt/third_party_links.rb +33 -0
  15. data/lib/vrt/version.rb +1 -1
  16. data/lib/vrt.rb +8 -0
  17. metadata +18 -7
data/lib/vrt/mapping.rb CHANGED
@@ -1,7 +1,12 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module VRT
2
4
  class Mapping
3
- def initialize(scheme)
5
+ PARENT_DIR = 'mappings'
6
+
7
+ def initialize(scheme, subdirectory = nil)
4
8
  @scheme = scheme.to_s
9
+ @parent_directory = File.join(self.class::PARENT_DIR, (subdirectory || @scheme))
5
10
  load_mappings
6
11
  end
7
12
 
@@ -14,9 +19,9 @@ module VRT
14
19
  id_list = VRT.find_node(vrt_id: id_list.join('.'), preferred_version: @min_version).id_list
15
20
  version = @min_version
16
21
  end
17
- mapping = @mappings[version]['content']
18
- default = @mappings[version]['metadata']['default']
19
- keys = @mappings[version]['metadata']['keys']
22
+ mapping = @mappings.dig(version, 'content') || @mappings[version]
23
+ default = @mappings.dig(version, 'metadata', 'default')
24
+ keys = @mappings.dig(version, 'metadata', 'keys')
20
25
  if keys
21
26
  # Convert mappings with multiple keys to be nested under a single
22
27
  # top-level key. Remediation advice has keys 'remediation_advice'
@@ -53,11 +58,12 @@ module VRT
53
58
  end
54
59
 
55
60
  def mapping_file_path(version)
56
- filename = VRT::DIR.join(version, 'mappings', "#{@scheme}.json")
61
+ # Supports legacy flat file structure `mappings/cvss.json`
62
+ filename = VRT::DIR.join(version, self.class::PARENT_DIR, "#{@scheme}.json")
57
63
  return filename if File.file?(filename)
58
64
 
59
65
  # Supports mappings that are nested under their scheme name e.g. `mappings/cvss/cvss.json`
60
- VRT::DIR.join(version, 'mappings', @scheme, "#{@scheme}.json")
66
+ VRT::DIR.join(version, @parent_directory, "#{@scheme}.json")
61
67
  end
62
68
 
63
69
  # Converts arrays to hashes keyed by the id attribute (as a symbol) for easier lookup. So
data/lib/vrt/node.rb CHANGED
@@ -27,6 +27,10 @@ module VRT
27
27
  Hash[VRT.mappings.map { |name, map| [name, map.get(id_list, @version)] }]
28
28
  end
29
29
 
30
+ def third_party_links
31
+ Hash[VRT.third_party_links.map { |name, map| [name, map.get(id_list, @version)] }]
32
+ end
33
+
30
34
  def id_list
31
35
  parent ? parent.id_list << id : [id]
32
36
  end
data/lib/vrt/third_party_links.rb ADDED
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ module VRT
4
+ class ThirdPartyLinks < Mapping
5
+ PARENT_DIR = 'third-party-mappings'
6
+
7
+ # Example:
8
+ # scw = VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
9
+ # scw.get(['automotive_security_misconfiguration', 'can', 'injection_dos'], '1.10.1')
10
+
11
+ private
12
+
13
+ def load_mappings
14
+ @mappings = {}
15
+ VRT.versions.each do |version|
16
+ filename = mapping_file_path(version)
17
+ next unless File.file?(filename)
18
+
19
+ mapping = JSON.parse(File.read(filename))
20
+ @mappings[version] = mapping
21
+ # VRT.versions is sorted in reverse semver order
22
+ # so this will end up as the earliest version with a mapping file
23
+ @min_version = version
24
+ end
25
+ raise VRT::Errors::MappingNotFound if @mappings.empty?
26
+ end
27
+
28
+ # For flat third party links ther is no hierarchical step up
29
+ def get_key(id_list:, mapping:, key: nil) # rubocop:disable Lint/UnusedMethodArgument
30
+ mapping.dig(id_list.join('.'))
31
+ end
32
+ end
33
+ end
data/lib/vrt/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Vrt
2
- VERSION = '0.11.0'.freeze
2
+ VERSION = '0.12.2'.freeze
3
3
  end
data/lib/vrt.rb CHANGED
@@ -7,6 +7,7 @@ require 'vrt/node'
7
7
  require 'vrt/mapping'
8
8
  require 'vrt/cross_version_mapping'
9
9
  require 'vrt/errors'
10
+ require 'vrt/third_party_links'
10
11
 
11
12
  require 'date'
12
13
  require 'json'
@@ -123,6 +124,12 @@ module VRT
123
124
  @mappings ||= Hash[MAPPINGS.map { |name| [name, VRT::Mapping.new(name)] }]
124
125
  end
125
126
 
127
+ def third_party_links
128
+ @third_party_links ||= {
129
+ scw: VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
130
+ }
131
+ end
132
+
126
133
  # Cache the VRT contents in-memory, so we're not hitting File I/O multiple times per
127
134
  # request that needs it.
128
135
  def reload!
@@ -131,6 +138,7 @@ module VRT
131
138
  get_json
132
139
  get_map
133
140
  last_updated
141
+ third_party_links
134
142
  mappings
135
143
  end
136
144
 
metadata CHANGED
@@ -1,16 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vrt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.0
4
+ version: 0.12.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Barnett Klane
8
8
  - Max Schwenk
9
9
  - Adam David
10
- autorequire:
10
+ autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2021-03-31 00:00:00.000000000 Z
13
+ date: 2023-11-20 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: bundler
@@ -82,7 +82,7 @@ dependencies:
82
82
  - - '='
83
83
  - !ruby/object:Gem::Version
84
84
  version: 0.56.0
85
- description:
85
+ description:
86
86
  email:
87
87
  - barnett@bugcrowd.com
88
88
  - max.schwenk@bugcrowd.com
@@ -116,6 +116,16 @@ files:
116
116
  - lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json
117
117
  - lib/data/1.10/vrt.schema.json
118
118
  - lib/data/1.10/vulnerability-rating-taxonomy.json
119
+ - lib/data/1.11/deprecated-node-mapping.json
120
+ - lib/data/1.11/mappings/cvss_v3/cvss_v3.json
121
+ - lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json
122
+ - lib/data/1.11/mappings/cwe/cwe.json
123
+ - lib/data/1.11/mappings/cwe/cwe.schema.json
124
+ - lib/data/1.11/mappings/remediation_advice/remediation_advice.json
125
+ - lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json
126
+ - lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json
127
+ - lib/data/1.11/vrt.schema.json
128
+ - lib/data/1.11/vulnerability-rating-taxonomy.json
119
129
  - lib/data/1.2/deprecated-node-mapping.json
120
130
  - lib/data/1.2/vrt.schema.json
121
131
  - lib/data/1.2/vulnerability-rating-taxonomy.json
@@ -200,6 +210,7 @@ files:
200
210
  - lib/vrt/map.rb
201
211
  - lib/vrt/mapping.rb
202
212
  - lib/vrt/node.rb
213
+ - lib/vrt/third_party_links.rb
203
214
  - lib/vrt/version.rb
204
215
  homepage: https://github.com/bugcrowd/vrt-ruby
205
216
  licenses:
@@ -209,7 +220,7 @@ metadata:
209
220
  changelog_uri: https://github.com/bugcrowd/vrt-ruby/blob/master/CHANGELOG.md
210
221
  source_code_uri: https://github.com/bugcrowd/vrt-ruby
211
222
  bug_tracker_uri: https://github.com/bugcrowd/vrt-ruby/issues
212
- post_install_message:
223
+ post_install_message:
213
224
  rdoc_options: []
214
225
  require_paths:
215
226
  - lib
@@ -224,8 +235,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
224
235
  - !ruby/object:Gem::Version
225
236
  version: '0'
226
237
  requirements: []
227
- rubygems_version: 3.1.2
228
- signing_key:
238
+ rubygems_version: 3.0.3.1
239
+ signing_key:
229
240
  specification_version: 4
230
241
  summary: Ruby wrapper for Bugcrowd's Vulnerability Rating Taxonomy
231
242
  test_files: []