RubyGems - vrt - Versions diffs - 0.13.4 → 0.13.5 - Mend

vrt 0.13.4 → 0.13.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/lib/data/1.16/deprecated-node-mapping.json +332 -0
data/lib/data/1.16/mappings/cvss_v3/cvss_v3.json +1335 -0
data/lib/data/1.16/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.16/mappings/cwe/cwe.json +1167 -0
data/lib/data/1.16/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.16/mappings/remediation_advice/remediation_advice.json +2101 -0
data/lib/data/1.16/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.16/third-party-mappings/remediation_training/secure-code-warrior-links.json +520 -0
data/lib/data/1.16/vrt.schema.json +63 -0
data/lib/data/1.16/vulnerability-rating-taxonomy.json +3244 -0
data/lib/vrt/version.rb +1 -1
metadata +13 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 75912748134b0ea63250edb2eb335dae67db5a631db1248a8576b341f91fb2b5
-  data.tar.gz: 27278fd6d89fb493485cc17c56685561a1b6289a53f1fa2052e2aca84dad68f4
+  metadata.gz: 7fbdd0305ebe5531b826cb4b150e899583efb90285833abd49cd5bb41f302392
+  data.tar.gz: 78da0bff13f4664c6ff06a95a8b7e374f2d60329f0f8695f122ebfb5e64f5151
 SHA512:
-  metadata.gz: 9ad5b6ecdae68f7d84c3470fba32e796f827abbea09cefbda91774608a8a1462fa22693b106c1bd2f01b0f0838278082b3a8ac008682428ea0d7c16efaa7abec
-  data.tar.gz: 9cd62882b2eab122bda4dbc73022aa99efdd173a70fb2faf722785fb17b5cc273a919aa5b122ca6120ea2fefee13a321a1990d70b208e92cc726ff3024a062ae
+  metadata.gz: 0d2b07795fa348dbeeb4b19721f75c4f8285a33fac8fdc33027fa618425441873282b0555a50594dd9b43425c94fb6ecaff1723b3b72071a398ef52fb5dbb957
+  data.tar.gz: f4a82c37f4edc34f0c276f266e424526a077d94f80374945873a70f2c6b12ea9555706a951fef9ad6ccefdf5434260aee1ba766076655b23bf2e84b0f764da0f

data/lib/data/1.16/deprecated-node-mapping.json ADDED Viewed

@@ -0,0 +1,332 @@
+{
+    "poor_physical_security": {
+        "1.1": "other"
+    },
+    "social_engineering": {
+        "1.1": "other"
+    },
+    "cross_site_scripting_xss.reflected.admin_to_anyone": {
+        "1.1": "other"
+    },
+    "cross_site_scripting_xss.reflected.non_admin_to_anyone": {
+        "1.1": "other"
+    },
+    "broken_authentication_and_session_management.authentication_bypass.horizontal": {
+        "1.2": "other"
+    },
+    "broken_authentication_and_session_management.authentication_bypass.vertical": {
+        "1.2": "other"
+    },
+    "insecure_data_storage.insecure_data_storage": {
+        "1.2": "other"
+    },
+    "insecure_data_storage.insecure_data_storage.password": {
+        "1.2": "other"
+    },
+    "insufficient_security_configurability.weak_password_policy.allows_password_to_be_same_as_email_username": {
+        "1.2": "other"
+    },
+    "insufficient_security_configurability.weak_password_policy.allows_reuse_of_old_passwords": {
+        "1.2": "other"
+    },
+    "insufficient_security_configurability.weak_password_policy.complexity_char_type_not_enforced": {
+        "1.2": "other"
+    },
+    "insufficient_security_configurability.weak_password_policy.complexity_length_not_enforced": {
+        "1.2": "other"
+    },
+    "sensitive_data_exposure.mixed_content.requires_being_a_man_in_the_middle": {
+        "1.2": "other"
+    },
+    "sensitive_data_exposure.mixed_content.sensitive_data_disclosure": {
+        "1.2": "other"
+    },
+    "sensitive_data_exposure.token_leakage_via_referer.over_https": {
+        "1.2": "other"
+    },
+    "unvalidated_redirects_and_forwards.open_redirect.get_based_all_users": {
+        "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
+    },
+    "unvalidated_redirects_and_forwards.open_redirect.get_based_authenticated": {
+        "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
+    },
+    "unvalidated_redirects_and_forwards.open_redirect.get_based_unauthenticated": {
+        "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
+    },
+    "broken_authentication_and_session_management.session_token_in_url.over_https": {
+        "1.2": "sensitive_data_exposure.sensitive_token_in_url"
+    },
+    "broken_authentication_and_session_management.session_token_in_url.over_http": {
+        "1.2": "sensitive_data_exposure.sensitive_token_in_url"
+    },
+    "broken_authentication_and_session_management.session_token_in_url": {
+        "1.2": "sensitive_data_exposure.sensitive_token_in_url"
+    },
+    "insecure_data_transport": {
+        "1.2": "mobile_security_misconfiguration"
+    },
+    "insecure_data_transport.ssl_certificate_pinning": {
+        "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning"
+    },
+    "insecure_data_transport.ssl_certificate_pinning.absent": {
+        "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.absent"
+    },
+    "insecure_data_transport.ssl_certificate_pinning.defeatable": {
+        "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.defeatable"
+    },
+    "insecure_data_storage.credentials_stored_unencrypted": {
+        "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted"
+    },
+    "insecure_data_storage.credentials_stored_unencrypted.on_external_storage": {
+        "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_external_storage"
+    },
+    "insecure_data_storage.credentials_stored_unencrypted.on_internal_storage": {
+        "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_internal_storage"
+    },
+    "insufficient_security_configurability.weak_password_policy.complexity_both_length_and_char_type_not_enforced": {
+        "1.2": "insufficient_security_configurability.no_password_policy"
+    },
+    "missing_function_level_access_control": {
+        "1.3": "broken_access_control"
+    },
+    "missing_function_level_access_control.server_side_request_forgery_ssrf": {
+        "1.3": "broken_access_control.server_side_request_forgery_ssrf"
+    },
+    "missing_function_level_access_control.server_side_request_forgery_ssrf.internal": {
+        "1.3": "broken_access_control.server_side_request_forgery_ssrf.internal"
+    },
+    "missing_function_level_access_control.server_side_request_forgery_ssrf.external": {
+        "1.3": "broken_access_control.server_side_request_forgery_ssrf.external"
+    },
+    "missing_function_level_access_control.username_enumeration": {
+        "1.3": "broken_access_control.username_enumeration"
+    },
+    "missing_function_level_access_control.username_enumeration.data_leak": {
+        "1.3": "broken_access_control.username_enumeration.data_leak"
+    },
+    "missing_function_level_access_control.exposed_sensitive_android_intent": {
+        "1.3": "broken_access_control.exposed_sensitive_android_intent"
+    },
+    "missing_function_level_access_control.exposed_sensitive_ios_url_scheme": {
+        "1.3": "broken_access_control.exposed_sensitive_ios_url_scheme"
+    },
+    "insecure_direct_object_references_idor": {
+        "1.3": "broken_access_control.idor"
+    },
+    "broken_authentication_and_session_management.weak_login_function.over_http": {
+        "1.4": "broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default"
+    },
+    "cross_site_scripting_xss.ie_only.older_version_ie_10_11": {
+        "1.4": "cross_site_scripting_xss.ie_only.ie11"
+    },
+    "cross_site_scripting_xss.ie_only.older_version_ie10": {
+        "1.4": "cross_site_scripting_xss.ie_only.older_version_ie11"
+    },
+    "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_reset": {
+        "1.4": "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change"
+    },
+    "network_security_misconfiguration.telnet_enabled.credentials_required": {
+        "1.4": "broken_authentication_and_session_management.weak_login_function.other_plaintext_protocol_no_secure_alternative"
+    },
+    "server_security_misconfiguration.using_default_credentials.production_server": {
+        "1.4": "other"
+    },
+    "server_security_misconfiguration.using_default_credentials.staging_development_server": {
+        "1.4": "other"
+    },
+    "server_side_injection.sql_injection.blind": {
+        "1.4": "other"
+    },
+    "server_side_injection.sql_injection.error_based": {
+        "1.4": "other"
+    },
+    "server_security_misconfiguration.misconfigured_dns.subdomain_takeover": {
+        "1.5": "other"
+    },
+    "server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_email_domain": {
+        "1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
+    },
+    "server_security_misconfiguration.mail_server_misconfiguration.email_spoofable_via_third_party_api_misconfiguration": {
+        "1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
+    },
+    "cross_site_scripting_xss.stored.admin_to_anyone": {
+        "1.5": "cross_site_scripting_xss.stored.privileged_user_to_privilege_elevation"
+    },
+    "server_security_misconfiguration.captcha_bypass": {
+        "1.5": "server_security_misconfiguration.captcha"
+    },
+    "server_security_misconfiguration.captcha_bypass.implementation_vulnerability": {
+        "1.5": "server_security_misconfiguration.captcha.implementation_vulnerability"
+    },
+    "server_security_misconfiguration.captcha_bypass.brute_force": {
+        "1.5": "server_security_misconfiguration.captcha.brute_force"
+    },
+    "broken_access_control.server_side_request_forgery_ssrf.internal": {
+        "1.6": "broken_access_control.server_side_request_forgery_ssrf.internal_high_impact"
+    },
+    "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain": {
+        "1.6": "server_security_misconfiguration.mail_server_misconfiguration.no_spoofing_protection_on_email_domain"
+    },
+    "server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_non_email_domain": {
+        "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
+    },
+    "server_security_misconfiguration.mail_server_misconfiguration.spf_uses_a_soft_fail": {
+        "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
+    },
+    "server_security_misconfiguration.mail_server_misconfiguration.spf_includes_10_lookups": {
+        "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
+    },
+    "server_security_misconfiguration.mail_server_misconfiguration.missing_dmarc": {
+        "1.6": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain"
+    },
+    "insufficient_security_configurability.weak_2fa_implementation.missing_failsafe": {
+        "1.7": "other"
+    },
+    "broken_access_control.username_enumeration.data_leak": {
+        "1.7": "broken_access_control.username_enumeration.non_brute_force"
+    },
+    "insufficient_security_configurability.weak_2fa_implementation": {
+        "1.7": "insufficient_security_configurability.weak_two_fa_implementation"
+    },
+    "sensitive_data_exposure.token_leakage_via_referer.trusted_3rd_party": {
+        "1.7": "sensitive_data_exposure.token_leakage_via_referer.trusted_third_party"
+    },
+    "sensitive_data_exposure.token_leakage_via_referer.untrusted_3rd_party": {
+        "1.7": "sensitive_data_exposure.token_leakage_via_referer.untrusted_third_party"
+    },
+    "cross_site_scripting_xss.ie_only.ie11": {
+        "1.7": "cross_site_scripting_xss.ie_only.ie_eleven"
+    },
+    "cross_site_scripting_xss.ie_only.older_version_ie11": {
+        "1.7": "cross_site_scripting_xss.ie_only.older_version_ie_eleven"
+    },
+    "mobile_security_misconfiguration.clipboard_enabled.on_non_sensitive_content": {
+        "1.8": "other"
+    },
+    "mobile_security_misconfiguration.clipboard_enabled.on_sensitive_content": {
+        "1.8": "other"
+    },
+    "sensitive_data_exposure.critically_sensitive_data.password_disclosure": {
+        "1.9": "sensitive_data_exposure.disclosure_of_secrets"
+    },
+    "sensitive_data_exposure.critically_sensitive_data.private_api_keys": {
+        "1.9": "sensitive_data_exposure.disclosure_of_secrets"
+    },
+    "sensitive_data_exposure.critically_sensitive_data": {
+        "1.9": "sensitive_data_exposure"
+    },
+    "insufficient_security_configurability.lack_of_verification_email": {
+        "1.10": "insufficient_security_configurability.verification_of_contact_method_not_required"
+    },
+    "broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default": {
+        "1.10": "broken_authentication_and_session_management.weak_login_function.over_http"
+    },
+    "broken_authentication_and_session_management.weak_login_function.http_and_https_available": {
+        "1.10": "broken_authentication_and_session_management.weak_login_function.over_http"
+    },
+    "broken_authentication_and_session_management.weak_login_function.lan_only": {
+        "1.10": "broken_authentication_and_session_management.weak_login_function.over_http"
+    },
+    "cross_site_request_forgery_csrf.flash_based.high_impact": {
+        "1.10": "cross_site_request_forgery_csrf.flash_based"
+    },
+    "cross_site_request_forgery_csrf.flash_based.low_impact": {
+        "1.10": "cross_site_request_forgery_csrf.flash_based"
+    },
+    "automotive_security_misconfiguration.infotainment": {
+        "1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit"
+    },
+    "automotive_security_misconfiguration.infotainment.pii_leakage": {
+        "1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.pii_leakage"
+    },
+    "automotive_security_misconfiguration.infotainment.code_execution_can_bus_pivot": {
+        "1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_can_bus_pivot"
+    },
+    "automotive_security_misconfiguration.infotainment.code_execution_no_can_bus_pivot": {
+        "1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_no_can_bus_pivot"
+    },
+    "automotive_security_misconfiguration.infotainment.unauthorized_access_to_services": {
+        "1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.unauthorized_access_to_services"
+    },
+    "automotive_security_misconfiguration.infotainment.source_code_dump": {
+        "1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.source_code_dump"
+    },
+    "automotive_security_misconfiguration.infotainment.dos_brick": {
+        "1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.dos_brick"
+    },
+    "automotive_security_misconfiguration.infotainment.default_credentials": {
+        "1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.default_credentials"
+    },
+    "broken_cryptography": {
+        "1.11": "other"
+    },
+    "broken_cryptography.cryptographic_flaw": {
+        "1.11": "other"
+    },
+    "broken_cryptography.cryptographic_flaw.incorrect_usage": {
+        "1.11": "other"
+    },
+    "cross_site_scripting_xss.ie_only.ie_eleven": {
+        "1.11": "other"
+    },
+    "cross_site_scripting_xss.ie_only.older_version_ie_eleven": {
+        "1.11": "cross_site_scripting_xss.ie_only"
+    },
+    "cross_site_scripting_xss.ie_only.xss_filter_disabled": {
+        "1.11": "other"
+    },
+    "automotive_security_misconfiguration.infotainment_radio_head_unit.pii_leakage": {
+        "1.11": "automotive_security_misconfiguration.infotainment_radio_head_unit.sensitive_data_leakage_exposure"
+    },
+    "broken_access_control.server_side_request_forgery_ssrf": {
+        "1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf"
+    },
+    "broken_access_control.server_side_request_forgery_ssrf.internal_high_impact": {
+        "1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_high_impact"
+    },
+    "broken_access_control.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact": {
+        "1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact"
+    },
+    "broken_access_control.server_side_request_forgery_ssrf.dns_query_only": {
+        "1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.external_dns_query_only"
+    },
+    "broken_access_control.server_side_request_forgery_ssrf.external": {
+        "1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.external_low_impact"
+    },
+    "broken_authentication_and_session_management.privilege_escalation": {
+        "1.14": "broken_access_control.privilege_escalation"
+    },
+    "server_security_misconfiguration.misconfigured_dns.high_impact_subdomain_takeover": {
+        "1.14.2": "other"
+    },
+    "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover": {
+        "1.14.2": "server_security_misconfiguration.misconfigured_dns.subdomain_takeover"
+    },
+    "broken_access_control.idor.read_edit_delete_non_sensitive_information": {
+        "1.15": "broken_access_control.idor.view_non_sensitive_information"
+    },
+    "broken_access_control.idor.read_edit_delete_sensitive_information_guid": {
+        "1.15": "broken_access_control.idor.modify_view_sensitive_information_guid"
+    },
+    "broken_access_control.idor.read_sensitive_information_iterable_object_identifiers": {
+        "1.15": "broken_access_control.idor.modify_view_sensitive_information_iterable_object_identifiers"
+    },
+    "broken_access_control.idor.edit_delete_sensitive_information_iterable_object_identifiers": {
+        "1.15": "broken_access_control.idor.modify_sensitive_information_iterable_object_identifiers"
+    },
+    "broken_access_control.idor.read_edit_delete_sensitive_information_iterable_object_identifiers": {
+        "1.15": "broken_access_control.idor.modify_view_sensitive_information_iterable_object_identifiers"
+    },
+    "ai_application_security.llm_security.excessive_agency_permission_manipulation": {
+        "1.16": "other"
+    },
+    "ai_application_security.llm_security.llm_output_handling": {
+        "1.16": "other"
+    },
+    "ai_application_security.llm_security.prompt_injection": {
+        "1.16": "other"
+    },
+    "ai_application_security.llm_security.training_data_poisoning": {
+        "1.16": "other"
+    }
+}