vrt 0.4.6 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/lib/data/1.4/deprecated-node-mapping.json +92 -0
  3. data/lib/data/1.4/mappings/cvss_v3.json +752 -0
  4. data/lib/data/1.4/mappings/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.4/mappings/cwe.json +415 -0
  6. data/lib/data/1.4/mappings/cwe.schema.json +63 -0
  7. data/lib/data/1.4/mappings/remediation_advice.json +1141 -0
  8. data/lib/data/1.4/mappings/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.4/vrt.schema.json +63 -0
  10. data/lib/data/1.4/vulnerability-rating-taxonomy.json +1666 -0
  11. data/lib/vrt.rb +1 -1
  12. data/lib/vrt/mapping.rb +41 -14
  13. data/lib/vrt/version.rb +1 -1
  14. metadata +11 -2
data/lib/vrt.rb CHANGED
@@ -17,7 +17,7 @@ module VRT
17
17
  'name' => 'Other',
18
18
  'priority' => nil,
19
19
  'type' => 'category' }.freeze
20
- MAPPINGS = %i[cvss_v3].freeze
20
+ MAPPINGS = %i[cvss_v3 remediation_advice cwe].freeze
21
21
 
22
22
  @version_json = {}
23
23
  @last_update = {}
data/lib/vrt/mapping.rb CHANGED
@@ -14,19 +14,25 @@ module VRT
14
14
  id_list = VRT.find_node(vrt_id: id_list.join('.'), preferred_version: @min_version).id_list
15
15
  version = @min_version
16
16
  end
17
-
18
- # iterate through the id components, keeping track of where we are in the mapping file
19
- # and the most specific mapped value found so far
20
17
  mapping = @mappings[version]['content']
21
- best_guess = @mappings[version]['metadata']['default']
22
- id_list.each do |id|
23
- entry = mapping[id]
24
- break unless entry # mapping file doesn't go this deep, return previous value
25
- best_guess = entry[@scheme] if entry[@scheme]
26
- # use the children mapping for the next iteration
27
- mapping = entry['children'] || {}
18
+ default = @mappings[version]['metadata']['default']
19
+ keys = @mappings[version]['metadata']['keys']
20
+ if keys
21
+ # Convert mappings with multiple keys to be nested under a single
22
+ # top-level key. Remediation advice has keys 'remediation_advice'
23
+ # and 'references' so we convert it to look like
24
+ # { remediation_advice: { remediation_advice: '...', references: [...] } }
25
+ keys.each_with_object({}) do |key, acc|
26
+ acc[key.to_sym] = get_key(
27
+ id_list: id_list,
28
+ mapping: mapping,
29
+ key: key,
30
+ default: default&.try(:[], key)
31
+ )
32
+ end
33
+ else
34
+ get_key(id_list: id_list, mapping: mapping, key: @scheme, default: default)
28
35
  end
29
- best_guess
30
36
  end
31
37
 
32
38
  private
@@ -50,14 +56,35 @@ module VRT
50
56
  # becomes
51
57
  # {one: {'id': 'one', 'foo': 'bar'}, two: {'id': 'two', 'foo': 'baz'}}
52
58
  def key_by_id(mapping)
53
- case mapping
54
- when Array
59
+ if mapping.is_a?(Array) && mapping.first.is_a?(Hash) && mapping.first.key?('id')
55
60
  mapping.each_with_object({}) { |entry, acc| acc[entry['id'].to_sym] = key_by_id(entry) }
56
- when Hash
61
+ elsif mapping.is_a?(Hash)
57
62
  mapping.each_with_object({}) { |(key, value), acc| acc[key] = key_by_id(value) }
58
63
  else
59
64
  mapping
60
65
  end
61
66
  end
67
+
68
+ def get_key(id_list:, mapping:, key:, default:)
69
+ # iterate through the id components, keeping track of where we are in the mapping file
70
+ # and the most specific mapped value found so far
71
+ best_guess = default
72
+ id_list.each do |id|
73
+ entry = mapping[id]
74
+ break unless entry # mapping file doesn't go this deep, return previous value
75
+ best_guess = merge_arrays(best_guess, entry[key]) if entry[key]
76
+ # use the children mapping for the next iteration
77
+ mapping = entry['children'] || {}
78
+ end
79
+ best_guess
80
+ end
81
+
82
+ def merge_arrays(previous_value, new_value)
83
+ if previous_value.is_a?(Array) && new_value.is_a?(Array)
84
+ new_value | previous_value
85
+ else
86
+ new_value
87
+ end
88
+ end
62
89
  end
63
90
  end
data/lib/vrt/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Vrt
2
- VERSION = '0.4.6'.freeze
2
+ VERSION = '0.5.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vrt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.6
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Barnett Klane
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2018-02-05 00:00:00.000000000 Z
13
+ date: 2018-05-01 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: bundler
@@ -109,6 +109,15 @@ files:
109
109
  - lib/data/1.3/mappings/cvss_v3.schema.json
110
110
  - lib/data/1.3/vrt.schema.json
111
111
  - lib/data/1.3/vulnerability-rating-taxonomy.json
112
+ - lib/data/1.4/deprecated-node-mapping.json
113
+ - lib/data/1.4/mappings/cvss_v3.json
114
+ - lib/data/1.4/mappings/cvss_v3.schema.json
115
+ - lib/data/1.4/mappings/cwe.json
116
+ - lib/data/1.4/mappings/cwe.schema.json
117
+ - lib/data/1.4/mappings/remediation_advice.json
118
+ - lib/data/1.4/mappings/remediation_advice.schema.json
119
+ - lib/data/1.4/vrt.schema.json
120
+ - lib/data/1.4/vulnerability-rating-taxonomy.json
112
121
  - lib/generators/vrt.rb
113
122
  - lib/generators/vrt/install_generator.rb
114
123
  - lib/vrt.rb