vrt 0.11.0 → 0.12.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/data/1.11/deprecated-node-mapping.json +236 -0
- data/lib/data/1.11/mappings/cvss_v3/cvss_v3.json +1250 -0
- data/lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json +59 -0
- data/lib/data/1.11/mappings/cwe/cwe.json +664 -0
- data/lib/data/1.11/mappings/cwe/cwe.schema.json +63 -0
- data/lib/data/1.11/mappings/remediation_advice/remediation_advice.json +1811 -0
- data/lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json +75 -0
- data/lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json +392 -0
- data/lib/data/1.11/vrt.schema.json +63 -0
- data/lib/data/1.11/vulnerability-rating-taxonomy.json +2442 -0
- data/lib/data/1.12/deprecated-node-mapping.json +236 -0
- data/lib/data/1.12/mappings/cvss_v3/cvss_v3.json +1280 -0
- data/lib/data/1.12/mappings/cvss_v3/cvss_v3.schema.json +59 -0
- data/lib/data/1.12/mappings/cwe/cwe.json +668 -0
- data/lib/data/1.12/mappings/cwe/cwe.schema.json +63 -0
- data/lib/data/1.12/mappings/remediation_advice/remediation_advice.json +1850 -0
- data/lib/data/1.12/mappings/remediation_advice/remediation_advice.schema.json +75 -0
- data/lib/data/1.12/third-party-mappings/remediation_training/secure-code-warrior-links.json +400 -0
- data/lib/data/1.12/vrt.schema.json +63 -0
- data/lib/data/1.12/vulnerability-rating-taxonomy.json +2493 -0
- data/lib/vrt/mapping.rb +12 -6
- data/lib/vrt/node.rb +4 -0
- data/lib/vrt/third_party_links.rb +33 -0
- data/lib/vrt/version.rb +1 -1
- data/lib/vrt.rb +8 -0
- metadata +28 -7
data/lib/vrt/mapping.rb
CHANGED
|
@@ -1,7 +1,12 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module VRT
|
|
2
4
|
class Mapping
|
|
3
|
-
|
|
5
|
+
PARENT_DIR = 'mappings'
|
|
6
|
+
|
|
7
|
+
def initialize(scheme, subdirectory = nil)
|
|
4
8
|
@scheme = scheme.to_s
|
|
9
|
+
@parent_directory = File.join(self.class::PARENT_DIR, (subdirectory || @scheme))
|
|
5
10
|
load_mappings
|
|
6
11
|
end
|
|
7
12
|
|
|
@@ -14,9 +19,9 @@ module VRT
|
|
|
14
19
|
id_list = VRT.find_node(vrt_id: id_list.join('.'), preferred_version: @min_version).id_list
|
|
15
20
|
version = @min_version
|
|
16
21
|
end
|
|
17
|
-
mapping = @mappings
|
|
18
|
-
default = @mappings
|
|
19
|
-
keys = @mappings
|
|
22
|
+
mapping = @mappings.dig(version, 'content') || @mappings[version]
|
|
23
|
+
default = @mappings.dig(version, 'metadata', 'default')
|
|
24
|
+
keys = @mappings.dig(version, 'metadata', 'keys')
|
|
20
25
|
if keys
|
|
21
26
|
# Convert mappings with multiple keys to be nested under a single
|
|
22
27
|
# top-level key. Remediation advice has keys 'remediation_advice'
|
|
@@ -53,11 +58,12 @@ module VRT
|
|
|
53
58
|
end
|
|
54
59
|
|
|
55
60
|
def mapping_file_path(version)
|
|
56
|
-
|
|
61
|
+
# Supports legacy flat file structure `mappings/cvss.json`
|
|
62
|
+
filename = VRT::DIR.join(version, self.class::PARENT_DIR, "#{@scheme}.json")
|
|
57
63
|
return filename if File.file?(filename)
|
|
58
64
|
|
|
59
65
|
# Supports mappings that are nested under their scheme name e.g. `mappings/cvss/cvss.json`
|
|
60
|
-
VRT::DIR.join(version,
|
|
66
|
+
VRT::DIR.join(version, @parent_directory, "#{@scheme}.json")
|
|
61
67
|
end
|
|
62
68
|
|
|
63
69
|
# Converts arrays to hashes keyed by the id attribute (as a symbol) for easier lookup. So
|
data/lib/vrt/node.rb
CHANGED
|
@@ -27,6 +27,10 @@ module VRT
|
|
|
27
27
|
Hash[VRT.mappings.map { |name, map| [name, map.get(id_list, @version)] }]
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
+
def third_party_links
|
|
31
|
+
Hash[VRT.third_party_links.map { |name, map| [name, map.get(id_list, @version)] }]
|
|
32
|
+
end
|
|
33
|
+
|
|
30
34
|
def id_list
|
|
31
35
|
parent ? parent.id_list << id : [id]
|
|
32
36
|
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module VRT
|
|
4
|
+
class ThirdPartyLinks < Mapping
|
|
5
|
+
PARENT_DIR = 'third-party-mappings'
|
|
6
|
+
|
|
7
|
+
# Example:
|
|
8
|
+
# scw = VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
|
|
9
|
+
# scw.get(['automotive_security_misconfiguration', 'can', 'injection_dos'], '1.10.1')
|
|
10
|
+
|
|
11
|
+
private
|
|
12
|
+
|
|
13
|
+
def load_mappings
|
|
14
|
+
@mappings = {}
|
|
15
|
+
VRT.versions.each do |version|
|
|
16
|
+
filename = mapping_file_path(version)
|
|
17
|
+
next unless File.file?(filename)
|
|
18
|
+
|
|
19
|
+
mapping = JSON.parse(File.read(filename))
|
|
20
|
+
@mappings[version] = mapping
|
|
21
|
+
# VRT.versions is sorted in reverse semver order
|
|
22
|
+
# so this will end up as the earliest version with a mapping file
|
|
23
|
+
@min_version = version
|
|
24
|
+
end
|
|
25
|
+
raise VRT::Errors::MappingNotFound if @mappings.empty?
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
# For flat third party links ther is no hierarchical step up
|
|
29
|
+
def get_key(id_list:, mapping:, key: nil) # rubocop:disable Lint/UnusedMethodArgument
|
|
30
|
+
mapping.dig(id_list.join('.'))
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
data/lib/vrt/version.rb
CHANGED
data/lib/vrt.rb
CHANGED
|
@@ -7,6 +7,7 @@ require 'vrt/node'
|
|
|
7
7
|
require 'vrt/mapping'
|
|
8
8
|
require 'vrt/cross_version_mapping'
|
|
9
9
|
require 'vrt/errors'
|
|
10
|
+
require 'vrt/third_party_links'
|
|
10
11
|
|
|
11
12
|
require 'date'
|
|
12
13
|
require 'json'
|
|
@@ -123,6 +124,12 @@ module VRT
|
|
|
123
124
|
@mappings ||= Hash[MAPPINGS.map { |name| [name, VRT::Mapping.new(name)] }]
|
|
124
125
|
end
|
|
125
126
|
|
|
127
|
+
def third_party_links
|
|
128
|
+
@third_party_links ||= {
|
|
129
|
+
scw: VRT::ThirdPartyLinks.new('secure-code-warrior-links', 'remediation_training')
|
|
130
|
+
}
|
|
131
|
+
end
|
|
132
|
+
|
|
126
133
|
# Cache the VRT contents in-memory, so we're not hitting File I/O multiple times per
|
|
127
134
|
# request that needs it.
|
|
128
135
|
def reload!
|
|
@@ -131,6 +138,7 @@ module VRT
|
|
|
131
138
|
get_json
|
|
132
139
|
get_map
|
|
133
140
|
last_updated
|
|
141
|
+
third_party_links
|
|
134
142
|
mappings
|
|
135
143
|
end
|
|
136
144
|
|
metadata
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vrt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.12.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Barnett Klane
|
|
8
8
|
- Max Schwenk
|
|
9
9
|
- Adam David
|
|
10
|
-
autorequire:
|
|
10
|
+
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2023-12-18 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: bundler
|
|
@@ -82,7 +82,7 @@ dependencies:
|
|
|
82
82
|
- - '='
|
|
83
83
|
- !ruby/object:Gem::Version
|
|
84
84
|
version: 0.56.0
|
|
85
|
-
description:
|
|
85
|
+
description:
|
|
86
86
|
email:
|
|
87
87
|
- barnett@bugcrowd.com
|
|
88
88
|
- max.schwenk@bugcrowd.com
|
|
@@ -116,6 +116,26 @@ files:
|
|
|
116
116
|
- lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json
|
|
117
117
|
- lib/data/1.10/vrt.schema.json
|
|
118
118
|
- lib/data/1.10/vulnerability-rating-taxonomy.json
|
|
119
|
+
- lib/data/1.11/deprecated-node-mapping.json
|
|
120
|
+
- lib/data/1.11/mappings/cvss_v3/cvss_v3.json
|
|
121
|
+
- lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json
|
|
122
|
+
- lib/data/1.11/mappings/cwe/cwe.json
|
|
123
|
+
- lib/data/1.11/mappings/cwe/cwe.schema.json
|
|
124
|
+
- lib/data/1.11/mappings/remediation_advice/remediation_advice.json
|
|
125
|
+
- lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json
|
|
126
|
+
- lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json
|
|
127
|
+
- lib/data/1.11/vrt.schema.json
|
|
128
|
+
- lib/data/1.11/vulnerability-rating-taxonomy.json
|
|
129
|
+
- lib/data/1.12/deprecated-node-mapping.json
|
|
130
|
+
- lib/data/1.12/mappings/cvss_v3/cvss_v3.json
|
|
131
|
+
- lib/data/1.12/mappings/cvss_v3/cvss_v3.schema.json
|
|
132
|
+
- lib/data/1.12/mappings/cwe/cwe.json
|
|
133
|
+
- lib/data/1.12/mappings/cwe/cwe.schema.json
|
|
134
|
+
- lib/data/1.12/mappings/remediation_advice/remediation_advice.json
|
|
135
|
+
- lib/data/1.12/mappings/remediation_advice/remediation_advice.schema.json
|
|
136
|
+
- lib/data/1.12/third-party-mappings/remediation_training/secure-code-warrior-links.json
|
|
137
|
+
- lib/data/1.12/vrt.schema.json
|
|
138
|
+
- lib/data/1.12/vulnerability-rating-taxonomy.json
|
|
119
139
|
- lib/data/1.2/deprecated-node-mapping.json
|
|
120
140
|
- lib/data/1.2/vrt.schema.json
|
|
121
141
|
- lib/data/1.2/vulnerability-rating-taxonomy.json
|
|
@@ -200,6 +220,7 @@ files:
|
|
|
200
220
|
- lib/vrt/map.rb
|
|
201
221
|
- lib/vrt/mapping.rb
|
|
202
222
|
- lib/vrt/node.rb
|
|
223
|
+
- lib/vrt/third_party_links.rb
|
|
203
224
|
- lib/vrt/version.rb
|
|
204
225
|
homepage: https://github.com/bugcrowd/vrt-ruby
|
|
205
226
|
licenses:
|
|
@@ -209,7 +230,7 @@ metadata:
|
|
|
209
230
|
changelog_uri: https://github.com/bugcrowd/vrt-ruby/blob/master/CHANGELOG.md
|
|
210
231
|
source_code_uri: https://github.com/bugcrowd/vrt-ruby
|
|
211
232
|
bug_tracker_uri: https://github.com/bugcrowd/vrt-ruby/issues
|
|
212
|
-
post_install_message:
|
|
233
|
+
post_install_message:
|
|
213
234
|
rdoc_options: []
|
|
214
235
|
require_paths:
|
|
215
236
|
- lib
|
|
@@ -224,8 +245,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
224
245
|
- !ruby/object:Gem::Version
|
|
225
246
|
version: '0'
|
|
226
247
|
requirements: []
|
|
227
|
-
rubygems_version: 3.1
|
|
228
|
-
signing_key:
|
|
248
|
+
rubygems_version: 3.0.3.1
|
|
249
|
+
signing_key:
|
|
229
250
|
specification_version: 4
|
|
230
251
|
summary: Ruby wrapper for Bugcrowd's Vulnerability Rating Taxonomy
|
|
231
252
|
test_files: []
|