RubyGems - vrt - Versions diffs - 0.11.0 → 0.12.2 - Mend

vrt 0.11.0 → 0.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +4 -4
data/lib/data/1.11/deprecated-node-mapping.json +236 -0
data/lib/data/1.11/mappings/cvss_v3/cvss_v3.json +1250 -0
data/lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.11/mappings/cwe/cwe.json +664 -0
data/lib/data/1.11/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.11/mappings/remediation_advice/remediation_advice.json +1811 -0
data/lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json +392 -0
data/lib/data/1.11/vrt.schema.json +63 -0
data/lib/data/1.11/vulnerability-rating-taxonomy.json +2442 -0
data/lib/vrt/mapping.rb +12 -6
data/lib/vrt/node.rb +4 -0
data/lib/vrt/third_party_links.rb +33 -0
data/lib/vrt/version.rb +1 -1
data/lib/vrt.rb +8 -0
metadata +18 -7

data/lib/vrt/mapping.rb CHANGED Viewed

@@ -1,7 +1,12 @@
+# frozen_string_literal: true
 module VRT
   class Mapping
-    def initialize(scheme)
+    PARENT_DIR = 'mappings'
+    def initialize(scheme, subdirectory = nil)
       @scheme = scheme.to_s
+      @parent_directory = File.join(self.class::PARENT_DIR, (subdirectory || @scheme))
       load_mappings
     end
@@ -14,9 +19,9 @@ module VRT
         id_list = VRT.find_node(vrt_id: id_list.join('.'), preferred_version: @min_version).id_list
         version = @min_version
       end
-      mapping = @mappings[version]['content']
-      default = @mappings[version]['metadata']['default']
-      keys = @mappings[version]['metadata']['keys']
+      mapping = @mappings.dig(version, 'content') || @mappings[version]
+      default = @mappings.dig(version, 'metadata', 'default')
+      keys = @mappings.dig(version, 'metadata', 'keys')
       if keys
         # Convert mappings with multiple keys to be nested under a single
         # top-level key. Remediation advice has keys 'remediation_advice'
@@ -53,11 +58,12 @@ module VRT
     end
     def mapping_file_path(version)
-      filename = VRT::DIR.join(version, 'mappings', "#{@scheme}.json")
+      # Supports legacy flat file structure `mappings/cvss.json`
+      filename = VRT::DIR.join(version, self.class::PARENT_DIR, "#{@scheme}.json")
       return filename if File.file?(filename)
       # Supports mappings that are nested under their scheme name e.g. `mappings/cvss/cvss.json`
-      VRT::DIR.join(version, 'mappings', @scheme, "#{@scheme}.json")
+      VRT::DIR.join(version, @parent_directory, "#{@scheme}.json")
     end
     # Converts arrays to hashes keyed by the id attribute (as a symbol) for easier lookup. So

data/lib/vrt/node.rb CHANGED Viewed

@@ -27,6 +27,10 @@ module VRT
       Hash[VRT.mappings.map { |name, map| [name, map.get(id_list, @version)] }]
     end
+    def third_party_links
+      Hash[VRT.third_party_links.map { |name, map| [name, map.get(id_list, @version)] }]
+    end
     def id_list
       parent ? parent.id_list << id : [id]
     end

data/lib/vrt/third_party_links.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+module VRT
+  class ThirdPartyLinks < Mapping
+    PARENT_DIR = 'third-party-mappings'
+    # Example:
+    # scw = VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
+    # scw.get(['automotive_security_misconfiguration', 'can', 'injection_dos'], '1.10.1')
+    private
+    def load_mappings
+      @mappings = {}
+      VRT.versions.each do |version|
+        filename = mapping_file_path(version)
+        next unless File.file?(filename)
+        mapping = JSON.parse(File.read(filename))
+        @mappings[version] = mapping
+        # VRT.versions is sorted in reverse semver order
+        # so this will end up as the earliest version with a mapping file
+        @min_version = version
+      end
+      raise VRT::Errors::MappingNotFound if @mappings.empty?
+    end
+    # For flat third party links ther is no hierarchical step up
+    def get_key(id_list:, mapping:, key: nil) # rubocop:disable Lint/UnusedMethodArgument
+      mapping.dig(id_list.join('.'))
+    end
+  end
+end

data/lib/vrt/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Vrt
-  VERSION = '0.11.0'.freeze
+  VERSION = '0.12.2'.freeze
 end

data/lib/vrt.rb CHANGED Viewed

@@ -7,6 +7,7 @@ require 'vrt/node'
 require 'vrt/mapping'
 require 'vrt/cross_version_mapping'
 require 'vrt/errors'
+require 'vrt/third_party_links'
 require 'date'
 require 'json'
@@ -123,6 +124,12 @@ module VRT
     @mappings ||= Hash[MAPPINGS.map { |name| [name, VRT::Mapping.new(name)] }]
   end
+  def third_party_links
+    @third_party_links ||= {
+      scw: VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
+    }
+  end
   # Cache the VRT contents in-memory, so we're not hitting File I/O multiple times per
   # request that needs it.
   def reload!
@@ -131,6 +138,7 @@ module VRT
     get_json
     get_map
     last_updated
+    third_party_links
     mappings
   end

metadata CHANGED Viewed

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: vrt
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.2
 platform: ruby
 authors:
 - Barnett Klane
 - Max Schwenk
 - Adam David
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-31 00:00:00.000000000 Z
+date: 2023-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -82,7 +82,7 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.56.0
-description:
+description:
 email:
 - barnett@bugcrowd.com
 - max.schwenk@bugcrowd.com
@@ -116,6 +116,16 @@ files:
 - lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json
 - lib/data/1.10/vrt.schema.json
 - lib/data/1.10/vulnerability-rating-taxonomy.json
+- lib/data/1.11/deprecated-node-mapping.json
+- lib/data/1.11/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.11/mappings/cwe/cwe.json
+- lib/data/1.11/mappings/cwe/cwe.schema.json
+- lib/data/1.11/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json
+- lib/data/1.11/vrt.schema.json
+- lib/data/1.11/vulnerability-rating-taxonomy.json
 - lib/data/1.2/deprecated-node-mapping.json
 - lib/data/1.2/vrt.schema.json
 - lib/data/1.2/vulnerability-rating-taxonomy.json
@@ -200,6 +210,7 @@ files:
 - lib/vrt/map.rb
 - lib/vrt/mapping.rb
 - lib/vrt/node.rb
+- lib/vrt/third_party_links.rb
 - lib/vrt/version.rb
 homepage: https://github.com/bugcrowd/vrt-ruby
 licenses:
@@ -209,7 +220,7 @@ metadata:
   changelog_uri: https://github.com/bugcrowd/vrt-ruby/blob/master/CHANGELOG.md
   source_code_uri: https://github.com/bugcrowd/vrt-ruby
   bug_tracker_uri: https://github.com/bugcrowd/vrt-ruby/issues
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -224,8 +235,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key:
+rubygems_version: 3.0.3.1
+signing_key:
 specification_version: 4
 summary: Ruby wrapper for Bugcrowd's Vulnerability Rating Taxonomy
 test_files: []