vrt 0.7.1 → 0.11.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (65) hide show
  1. checksums.yaml +5 -5
  2. data/lib/data/1.10.1/deprecated-node-mapping.json +200 -0
  3. data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json +1074 -0
  4. data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.10.1/mappings/cwe/cwe.json +477 -0
  6. data/lib/data/1.10.1/mappings/cwe/cwe.schema.json +63 -0
  7. data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json +1543 -0
  8. data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json +348 -0
  10. data/lib/data/1.10.1/vrt.schema.json +63 -0
  11. data/lib/data/1.10.1/vulnerability-rating-taxonomy.json +2171 -0
  12. data/lib/data/1.10/deprecated-node-mapping.json +200 -0
  13. data/lib/data/1.10/mappings/cvss_v3/cvss_v3.json +1074 -0
  14. data/lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  15. data/lib/data/1.10/mappings/cwe/cwe.json +477 -0
  16. data/lib/data/1.10/mappings/cwe/cwe.schema.json +63 -0
  17. data/lib/data/1.10/mappings/remediation_advice/remediation_advice.json +1543 -0
  18. data/lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  19. data/lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json +348 -0
  20. data/lib/data/1.10/vrt.schema.json +63 -0
  21. data/lib/data/1.10/vulnerability-rating-taxonomy.json +2171 -0
  22. data/lib/data/1.7.1/deprecated-node-mapping.json +149 -0
  23. data/lib/data/1.7.1/mappings/cvss_v3/cvss_v3.json +928 -0
  24. data/lib/data/1.7.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  25. data/lib/data/1.7.1/mappings/cwe/cwe.json +441 -0
  26. data/lib/data/1.7.1/mappings/cwe/cwe.schema.json +63 -0
  27. data/lib/data/1.7.1/mappings/remediation_advice/remediation_advice.json +1354 -0
  28. data/lib/data/1.7.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  29. data/lib/data/1.7.1/vrt.schema.json +63 -0
  30. data/lib/data/1.7.1/vulnerability-rating-taxonomy.json +1937 -0
  31. data/lib/data/1.7/deprecated-node-mapping.json +149 -0
  32. data/lib/data/1.7/mappings/cvss_v3/cvss_v3.json +861 -0
  33. data/lib/data/1.7/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  34. data/lib/data/1.7/mappings/cwe/cwe.json +441 -0
  35. data/lib/data/1.7/mappings/cwe/cwe.schema.json +63 -0
  36. data/lib/data/1.7/mappings/remediation_advice/remediation_advice.json +1230 -0
  37. data/lib/data/1.7/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  38. data/lib/data/1.7/vrt.schema.json +63 -0
  39. data/lib/data/1.7/vulnerability-rating-taxonomy.json +1937 -0
  40. data/lib/data/1.8/deprecated-node-mapping.json +149 -0
  41. data/lib/data/1.8/mappings/cvss_v3/cvss_v3.json +935 -0
  42. data/lib/data/1.8/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  43. data/lib/data/1.8/mappings/cwe/cwe.json +453 -0
  44. data/lib/data/1.8/mappings/cwe/cwe.schema.json +63 -0
  45. data/lib/data/1.8/mappings/remediation_advice/remediation_advice.json +1381 -0
  46. data/lib/data/1.8/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  47. data/lib/data/1.8/vrt.schema.json +63 -0
  48. data/lib/data/1.8/vulnerability-rating-taxonomy.json +1948 -0
  49. data/lib/data/1.9/deprecated-node-mapping.json +158 -0
  50. data/lib/data/1.9/mappings/cvss_v3/cvss_v3.json +1002 -0
  51. data/lib/data/1.9/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  52. data/lib/data/1.9/mappings/cwe/cwe.json +457 -0
  53. data/lib/data/1.9/mappings/cwe/cwe.schema.json +63 -0
  54. data/lib/data/1.9/mappings/remediation_advice/remediation_advice.json +1409 -0
  55. data/lib/data/1.9/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  56. data/lib/data/1.9/vrt.schema.json +63 -0
  57. data/lib/data/1.9/vulnerability-rating-taxonomy.json +2053 -0
  58. data/lib/generators/vrt/install_generator.rb +1 -1
  59. data/lib/vrt.rb +2 -0
  60. data/lib/vrt/cross_version_mapping.rb +3 -2
  61. data/lib/vrt/errors.rb +5 -0
  62. data/lib/vrt/map.rb +8 -5
  63. data/lib/vrt/mapping.rb +12 -1
  64. data/lib/vrt/version.rb +1 -1
  65. metadata +92 -32
@@ -0,0 +1,59 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-04/schema#",
3
+ "title": "VRT to CVSS v3 Mapping",
4
+ "description": "Mapping from the Vulnerability Rating Taxonomy to CVSS v3",
5
+ "definitions": {
6
+ "MappingMetadata": {
7
+ "type": "object",
8
+ "properties": {
9
+ "default": { "$ref": "#/definitions/CVSSv3" }
10
+ },
11
+ "required": ["default"]
12
+ },
13
+ "VRTid": { "type": "string", "pattern": "^[a-z_]*$" },
14
+ "CVSSv3": { "type": "string", "pattern": "^AV:[NALP]/AC:[LH]/PR:[NLH]/UI:[NR]/S:[UC]/C:[NLH]/I:[NLH]/A:[NLH]$" },
15
+ "Mapping": {
16
+ "type": "object",
17
+ "properties": {
18
+ "id": { "$ref": "#/definitions/VRTid" },
19
+ "cvss_v3" : { "$ref": "#/definitions/CVSSv3" }
20
+ },
21
+ "required": ["id", "cvss_v3"],
22
+ "additionalProperties": false
23
+ },
24
+ "MappingParent": {
25
+ "type": "object",
26
+ "properties": {
27
+ "id": { "$ref": "#/definitions/VRTid" },
28
+ "children": {
29
+ "type": "array",
30
+ "items" : {
31
+ "anyOf": [
32
+ { "$ref": "#/definitions/MappingParent" },
33
+ { "$ref": "#/definitions/Mapping" }
34
+ ]
35
+ }
36
+ },
37
+ "cvss_v3" : { "$ref": "#/definitions/CVSSv3" }
38
+ },
39
+ "required": ["id", "children"],
40
+ "additionalProperties": false
41
+ }
42
+ },
43
+ "type": "object",
44
+ "required": ["metadata", "content"],
45
+ "properties": {
46
+ "metadata": {
47
+ "$ref": "#/definitions/MappingMetadata"
48
+ },
49
+ "content": {
50
+ "type": "array",
51
+ "items" : {
52
+ "anyOf": [
53
+ { "$ref": "#/definitions/MappingParent" },
54
+ { "$ref": "#/definitions/Mapping" }
55
+ ]
56
+ }
57
+ }
58
+ }
59
+ }
@@ -0,0 +1,453 @@
1
+ {
2
+ "metadata": {
3
+ "default": null
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "server_security_misconfiguration",
8
+ "cwe": ["CWE-16"],
9
+ "children": [
10
+ {
11
+ "id": "unsafe_cross_origin_resource_sharing",
12
+ "cwe": ["CWE-942"]
13
+ },
14
+ {
15
+ "id": "path_traversal",
16
+ "cwe": ["CWE-22", "CWE-73"]
17
+ },
18
+ {
19
+ "id": "directory_listing_enabled",
20
+ "cwe": ["CWE-548"]
21
+ },
22
+ {
23
+ "id": "ssl_attack_breach_poodle_etc",
24
+ "cwe": ["CWE-310"]
25
+ },
26
+ {
27
+ "id": "using_default_credentials",
28
+ "cwe": ["CWE-255", "CWE-521"]
29
+ },
30
+ {
31
+ "id": "misconfigured_dns",
32
+ "children": [
33
+ {
34
+ "id": "zone_transfer",
35
+ "cwe": ["CWE-669"]
36
+ }
37
+ ]
38
+ },
39
+ {
40
+ "id": "dbms_misconfiguration",
41
+ "children": [
42
+ {
43
+ "id": "excessively_privileged_user_dba",
44
+ "cwe": ["CWE-250"]
45
+ }
46
+ ]
47
+ },
48
+ {
49
+ "id": "lack_of_password_confirmation",
50
+ "children": [
51
+ {
52
+ "id": "change_password",
53
+ "cwe": ["CWE-620"]
54
+ }
55
+ ]
56
+ },
57
+ {
58
+ "id": "no_rate_limiting_on_form",
59
+ "cwe": ["CWE-799"],
60
+ "children": [
61
+ {
62
+ "id": "login",
63
+ "cwe": ["CWE-307"]
64
+ }
65
+ ]
66
+ },
67
+ {
68
+ "id": "unsafe_file_upload",
69
+ "children": [
70
+ {
71
+ "id": "file_extension_filter_bypass",
72
+ "cwe": ["CWE-434", "CWE-646"]
73
+ }
74
+ ]
75
+ },
76
+ {
77
+ "id": "missing_secure_or_httponly_cookie_flag",
78
+ "cwe": ["CWE-614", "CWE-1004"]
79
+ },
80
+ {
81
+ "id": "clickjacking",
82
+ "cwe": ["CWE-451"]
83
+ },
84
+ {
85
+ "id": "oauth_misconfiguration",
86
+ "cwe": ["CWE-303"],
87
+ "children": [
88
+ {
89
+ "id": "missing_state_parameter",
90
+ "cwe": ["CWE-352"]
91
+ },
92
+ {
93
+ "id": "insecure_redirect_uri",
94
+ "cwe": ["CWE-601"]
95
+ }
96
+ ]
97
+ },
98
+ {
99
+ "id": "captcha",
100
+ "cwe": ["CWE-804"]
101
+ },
102
+ {
103
+ "id": "username_enumeration",
104
+ "cwe": ["CWE-204"]
105
+ },
106
+ {
107
+ "id": "insecure_ssl",
108
+ "children": [
109
+ {
110
+ "id": "insecure_cipher_suite",
111
+ "cwe": ["CWE-326"]
112
+ }
113
+ ]
114
+ },
115
+ {
116
+ "id": "lack_of_security_headers",
117
+ "children": [
118
+ {
119
+ "id": "cache_control_for_a_non_sensitive_page",
120
+ "cwe": ["CWE-525"]
121
+ },
122
+ {
123
+ "id": "cache_control_for_a_sensitive_page",
124
+ "cwe": ["CWE-525"]
125
+ }
126
+ ]
127
+ },
128
+ {
129
+ "id": "race_condition",
130
+ "cwe": ["CWE-362", "CWE-366", "CWE-368", "CWE-421"]
131
+ },
132
+ {
133
+ "id": "cache_poisoning",
134
+ "cwe": ["CWE-444"]
135
+ }
136
+ ]
137
+ },
138
+ {
139
+ "id": "server_side_injection",
140
+ "cwe": ["CWE-929"],
141
+ "children": [
142
+ {
143
+ "id": "file_inclusion",
144
+ "cwe": ["CWE-73", "CWE-714"]
145
+ },
146
+ {
147
+ "id": "remote_code_execution_rce",
148
+ "cwe": ["CWE-77", "CWE-78", "CWE-94", "CWE-95"]
149
+ },
150
+ {
151
+ "id": "sql_injection",
152
+ "cwe": ["CWE-89"]
153
+ },
154
+ {
155
+ "id": "xml_external_entity_injection_xxe",
156
+ "cwe": ["CWE-611"]
157
+ },
158
+ {
159
+ "id": "http_response_manipulation",
160
+ "children": [
161
+ {
162
+ "id": "response_splitting_crlf",
163
+ "cwe": ["CWE-113"]
164
+ }
165
+ ]
166
+ },
167
+ {
168
+ "id": "content_spoofing",
169
+ "children": [
170
+ {
171
+ "id": "homograph_idn_based",
172
+ "cwe": ["CWE-1007"]
173
+ }
174
+ ]
175
+ }
176
+ ]
177
+ },
178
+ {
179
+ "id": "broken_authentication_and_session_management",
180
+ "cwe": ["CWE-930"],
181
+ "children": [
182
+ {
183
+ "id": "authentication_bypass",
184
+ "cwe": ["CWE-287"]
185
+ },
186
+ {
187
+ "id": "two_fa_bypass",
188
+ "cwe": ["CWE-304"]
189
+ },
190
+ {
191
+ "id": "privilege_escalation",
192
+ "cwe": ["CWE-269"]
193
+ },
194
+ {
195
+ "id": "cleartext_transmission_of_session_token",
196
+ "cwe": ["CWE-319"]
197
+ },
198
+ {
199
+ "id": "weak_login_function",
200
+ "cwe": ["CWE-523"]
201
+ },
202
+ {
203
+ "id": "session_fixation",
204
+ "cwe": ["CWE-384"]
205
+ },
206
+ {
207
+ "id": "failure_to_invalidate_session",
208
+ "cwe": ["CWE-613"]
209
+ },
210
+ {
211
+ "id": "concurrent_logins",
212
+ "cwe": ["CWE-1018"]
213
+ },
214
+ {
215
+ "id": "weak_registration_implementation",
216
+ "children": [
217
+ {
218
+ "id": "over_http",
219
+ "cwe": ["CWE-311"]
220
+ }
221
+ ]
222
+ }
223
+ ]
224
+ },
225
+ {
226
+ "id": "sensitive_data_exposure",
227
+ "cwe": ["CWE-934"],
228
+ "children": [
229
+ {
230
+ "id": "critically_sensitive_data",
231
+ "children": [
232
+ {
233
+ "id": "password_disclosure",
234
+ "cwe": ["CWE-522"]
235
+ },
236
+ {
237
+ "id": "private_api_keys",
238
+ "cwe": ["CWE-522"]
239
+ }
240
+ ]
241
+ },
242
+ {
243
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
244
+ "cwe": ["CWE-200"]
245
+ },
246
+ {
247
+ "id": "visible_detailed_error_page",
248
+ "cwe": ["CWE-209", "CWE-215"]
249
+ },
250
+ {
251
+ "id": "disclosure_of_known_public_information",
252
+ "cwe": ["CWE-200"]
253
+ },
254
+ {
255
+ "id": "token_leakage_via_referer",
256
+ "cwe": ["CWE-200"]
257
+ },
258
+ {
259
+ "id": "sensitive_token_in_url",
260
+ "cwe": ["CWE-200"]
261
+ },
262
+ {
263
+ "id": "non_sensitive_token_in_url",
264
+ "cwe": ["CWE-200"]
265
+ },
266
+ {
267
+ "id": "weak_password_reset_implementation",
268
+ "cwe": ["CWE-640"]
269
+ }
270
+ ]
271
+ },
272
+ {
273
+ "id": "cross_site_scripting_xss",
274
+ "cwe": ["CWE-79"]
275
+ },
276
+ {
277
+ "id": "broken_access_control",
278
+ "cwe": ["CWE-723"],
279
+ "children": [
280
+ {
281
+ "id": "idor",
282
+ "cwe": ["CWE-932"]
283
+ },
284
+ {
285
+ "id": "server_side_request_forgery_ssrf",
286
+ "cwe": ["CWE-918", "CWE-441"]
287
+ },
288
+ {
289
+ "id": "username_enumeration",
290
+ "cwe": ["CWE-200"]
291
+ },
292
+ {
293
+ "id": "exposed_sensitive_android_intent",
294
+ "cwe": ["CWE-927"]
295
+ },
296
+ {
297
+ "id": "exposed_sensitive_ios_url_scheme",
298
+ "cwe": ["CWE-939"]
299
+ }
300
+ ]
301
+ },
302
+ {
303
+ "id": "cross_site_request_forgery_csrf",
304
+ "cwe": ["CWE-352"]
305
+ },
306
+ {
307
+ "id": "application_level_denial_of_service_dos",
308
+ "cwe": ["CWE-400"]
309
+ },
310
+ {
311
+ "id": "unvalidated_redirects_and_forwards",
312
+ "cwe": ["CWE-601"],
313
+ "children": [
314
+ {
315
+ "id": "open_redirect",
316
+ "cwe": ["CWE-601"]
317
+ },
318
+ {
319
+ "id": "tabnabbing",
320
+ "cwe": ["CWE-1022"]
321
+ }
322
+ ]
323
+ },
324
+ {
325
+ "id": "external_behavior",
326
+ "cwe": null
327
+ },
328
+ {
329
+ "id": "insufficient_security_configurability",
330
+ "cwe": ["CWE-16"],
331
+ "children": [
332
+ {
333
+ "id": "weak_password_policy",
334
+ "cwe": ["CWE-521"]
335
+ },
336
+ {
337
+ "id": "no_password_policy",
338
+ "cwe": ["CWE-521"]
339
+ },
340
+ {
341
+ "id": "weak_password_reset_implementation",
342
+ "cwe": ["CWE-640"]
343
+ }
344
+ ]
345
+ },
346
+ {
347
+ "id": "using_components_with_known_vulnerabilities",
348
+ "cwe": ["CWE-937"]
349
+ },
350
+ {
351
+ "id": "insecure_data_storage",
352
+ "cwe": ["CWE-729", "CWE-922"],
353
+ "children": [
354
+ {
355
+ "id": "sensitive_application_data_stored_unencrypted",
356
+ "cwe": ["CWE-312"]
357
+ },
358
+ {
359
+ "id": "server_side_credentials_storage",
360
+ "cwe": ["CWE-522"],
361
+ "children": [
362
+ {
363
+ "id": "plaintext",
364
+ "cwe": ["CWE-256"]
365
+ }
366
+ ]
367
+ },
368
+ {
369
+ "id": "non_sensitive_application_data_stored_unencrypted",
370
+ "cwe": ["CWE-312"]
371
+ }
372
+ ]
373
+ },
374
+ {
375
+ "id": "lack_of_binary_hardening",
376
+ "cwe": ["CWE-693"]
377
+ },
378
+ {
379
+ "id": "insecure_data_transport",
380
+ "cwe": ["CWE-311", "CWE-319"],
381
+ "children": [
382
+ {
383
+ "id": "cleartext_transmission_of_sensitive_data",
384
+ "cwe": ["CWE-319"]
385
+ },
386
+ {
387
+ "id": "executable_download",
388
+ "children": [
389
+ {
390
+ "id": "no_secure_integrity_check",
391
+ "cwe": ["CWE-353", "CWE-354", "CWE-494"]
392
+ }
393
+ ]
394
+ }
395
+ ]
396
+ },
397
+ {
398
+ "id": "insecure_os_firmware",
399
+ "children": [
400
+ {
401
+ "id": "command_injection",
402
+ "cwe": ["CWE-77"]
403
+ },
404
+ {
405
+ "id": "hardcoded_password",
406
+ "cwe": ["CWE-259"]
407
+ }
408
+ ]
409
+ },
410
+ {
411
+ "id": "broken_cryptography",
412
+ "cwe": ["CWE-310"]
413
+ },
414
+ {
415
+ "id": "privacy_concerns",
416
+ "cwe": ["CWE-359"]
417
+ },
418
+ {
419
+ "id": "network_security_misconfiguration",
420
+ "cwe": ["CWE-16"]
421
+ },
422
+ {
423
+ "id": "mobile_security_misconfiguration",
424
+ "cwe": ["CWE-919"]
425
+ },
426
+ {
427
+ "id": "client_side_injection",
428
+ "cwe": ["CWE-929"]
429
+ },
430
+ {
431
+ "id": "automotive_security_misconfiguration",
432
+ "cwe": null,
433
+ "children": [
434
+ {
435
+ "id": "infotainment",
436
+ "cwe": null
437
+ },
438
+ {
439
+ "id": "rf_hub",
440
+ "cwe": null
441
+ },
442
+ {
443
+ "id": "can",
444
+ "cwe": null
445
+ }
446
+ ]
447
+ },
448
+ {
449
+ "id": "indicators_of_compromise",
450
+ "cwe": null
451
+ }
452
+ ]
453
+ }