RubyGems - vrt - Versions diffs - 0.7.1 → 0.11.0 - Mend

vrt 0.7.1 → 0.11.0

Files changed (65) hide show

checksums.yaml +5 -5
data/lib/data/1.10.1/deprecated-node-mapping.json +200 -0
data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json +1074 -0
data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.10.1/mappings/cwe/cwe.json +477 -0
data/lib/data/1.10.1/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json +1543 -0
data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json +348 -0
data/lib/data/1.10.1/vrt.schema.json +63 -0
data/lib/data/1.10.1/vulnerability-rating-taxonomy.json +2171 -0
data/lib/data/1.10/deprecated-node-mapping.json +200 -0
data/lib/data/1.10/mappings/cvss_v3/cvss_v3.json +1074 -0
data/lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.10/mappings/cwe/cwe.json +477 -0
data/lib/data/1.10/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.10/mappings/remediation_advice/remediation_advice.json +1543 -0
data/lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json +348 -0
data/lib/data/1.10/vrt.schema.json +63 -0
data/lib/data/1.10/vulnerability-rating-taxonomy.json +2171 -0
data/lib/data/1.7.1/deprecated-node-mapping.json +149 -0
data/lib/data/1.7.1/mappings/cvss_v3/cvss_v3.json +928 -0
data/lib/data/1.7.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.7.1/mappings/cwe/cwe.json +441 -0
data/lib/data/1.7.1/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.7.1/mappings/remediation_advice/remediation_advice.json +1354 -0
data/lib/data/1.7.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.7.1/vrt.schema.json +63 -0
data/lib/data/1.7.1/vulnerability-rating-taxonomy.json +1937 -0
data/lib/data/1.7/deprecated-node-mapping.json +149 -0
data/lib/data/1.7/mappings/cvss_v3/cvss_v3.json +861 -0
data/lib/data/1.7/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.7/mappings/cwe/cwe.json +441 -0
data/lib/data/1.7/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.7/mappings/remediation_advice/remediation_advice.json +1230 -0
data/lib/data/1.7/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.7/vrt.schema.json +63 -0
data/lib/data/1.7/vulnerability-rating-taxonomy.json +1937 -0
data/lib/data/1.8/deprecated-node-mapping.json +149 -0
data/lib/data/1.8/mappings/cvss_v3/cvss_v3.json +935 -0
data/lib/data/1.8/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.8/mappings/cwe/cwe.json +453 -0
data/lib/data/1.8/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.8/mappings/remediation_advice/remediation_advice.json +1381 -0
data/lib/data/1.8/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.8/vrt.schema.json +63 -0
data/lib/data/1.8/vulnerability-rating-taxonomy.json +1948 -0
data/lib/data/1.9/deprecated-node-mapping.json +158 -0
data/lib/data/1.9/mappings/cvss_v3/cvss_v3.json +1002 -0
data/lib/data/1.9/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.9/mappings/cwe/cwe.json +457 -0
data/lib/data/1.9/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.9/mappings/remediation_advice/remediation_advice.json +1409 -0
data/lib/data/1.9/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.9/vrt.schema.json +63 -0
data/lib/data/1.9/vulnerability-rating-taxonomy.json +2053 -0
data/lib/generators/vrt/install_generator.rb +1 -1
data/lib/vrt.rb +2 -0
data/lib/vrt/cross_version_mapping.rb +3 -2
data/lib/vrt/errors.rb +5 -0
data/lib/vrt/map.rb +8 -5
data/lib/vrt/mapping.rb +12 -1
data/lib/vrt/version.rb +1 -1
metadata +92 -32

data/lib/generators/vrt/install_generator.rb CHANGED Viewed

@@ -3,7 +3,7 @@ require 'rails/generators/base'
 module Vrt
   module Generators
     class InstallGenerator < Rails::Generators::Base
-      source_root(File.expand_path(File.dirname(__FILE__)))
+      source_root(File.expand_path(File.dirname(__dir__)))
       def create_initializer_file
         copy_file '../vrt.rb', 'config/initializers/vrt.rb'
       end

data/lib/vrt.rb CHANGED Viewed

@@ -6,6 +6,7 @@ require 'vrt/map'
 require 'vrt/node'
 require 'vrt/mapping'
 require 'vrt/cross_version_mapping'
+require 'vrt/errors'
 require 'date'
 require 'json'
@@ -48,6 +49,7 @@ module VRT
   def last_updated(version = nil)
     version ||= current_version
     return @last_update[version] if @last_update[version]
     metadata = JSON.parse(json_pathname(version).read)['metadata']
     @last_update[version] = Date.parse(metadata['release_date'])
   end

data/lib/vrt/cross_version_mapping.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module VRT
     def cross_version_category_mapping
       category_map = {}
       deprecated_node_json.each do |key, value|
-        latest_version = value.keys.sort_by { |n| Gem::Version.new(n) }.last
+        latest_version = value.keys.max_by { |n| Gem::Version.new(n) }
         id_list = value[latest_version].split('.')
         cat_id = id_list[0]
         sub_id = id_list[0..1].join('.')
@@ -26,7 +26,7 @@ module VRT
     end
     def latest_version_for_deprecated_node(vrt_id)
-      deprecated_node_json[vrt_id].keys.sort_by { |n| Gem::Version.new(n) }.last
+      deprecated_node_json[vrt_id].keys.max_by { |n| Gem::Version.new(n) }
     end
     def find_deprecated_node(vrt_id, new_version = nil, max_depth = 'variant')
@@ -43,6 +43,7 @@ module VRT
       else
         parent = vrt_id.split('.')[0..-2].join('.')
         return nil if parent.empty?
         find_valid_parent_node(parent, new_version, max_depth)
       end
     end

data/lib/vrt/errors.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module VRT
+  module Errors
+    class MappingNotFound < StandardError; end
+  end
+end

data/lib/vrt/map.rb CHANGED Viewed

@@ -41,15 +41,20 @@ module VRT
     private
     def valid_identifier?(vrt_id)
-      # At least one string of lowercase or _, plus up to 2 more with stops
-      @_valid_identifiers[vrt_id] ||= vrt_id =~ /other|\A[a-z_\d]+(\.[a-z_\d]+){0,2}\z/
+      # The upstream json schema in the VRT has changed so we need to support both:
+      # Current: At least one string of lowercase letters or _, plus up to 2 more with stops (no digits)
+      # and Old: At least one string of lowercase letters, numbers, or _,
+      #          plus up to 2 more with stops and no leading numbers
+      @_valid_identifiers[vrt_id] ||= vrt_id =~ /other|\A[a-z][a-z_\d]*(\.[a-z][a-z_\d]*){0,2}\z/
     end
     def construct_lineage(string, max_depth)
       return unless valid_identifier?(string)
       lineage = ''
       walk_node_tree(string, max_depth: max_depth) do |ids, node, level|
         return unless node
         lineage += node.name
         lineage += ' > ' unless level == ids.length
       end
@@ -79,9 +84,7 @@ module VRT
     def build_node(memo, vrt, parent = nil)
       node = Node.new(vrt.merge('version' => @version, 'parent' => parent))
-      if node.children?
-        node.children = vrt['children'].reduce({}) { |m, v| build_node(m, v, node) }
-      end
+      node.children = vrt['children'].reduce({}) { |m, v| build_node(m, v, node) } if node.children?
       memo[node.id] = node
       memo
     end

data/lib/vrt/mapping.rb CHANGED Viewed

@@ -39,8 +39,9 @@ module VRT
     def load_mappings
       @mappings = {}
       VRT.versions.each do |version|
-        filename = VRT::DIR.join(version, 'mappings', "#{@scheme}.json")
+        filename = mapping_file_path(version)
         next unless File.file?(filename)
         mapping = JSON.parse(File.read(filename))
         mapping['content'] = key_by_id(mapping['content'])
         @mappings[version] = mapping
@@ -48,6 +49,15 @@ module VRT
         # so this will end up as the earliest version with a mapping file
         @min_version = version
       end
+      raise VRT::Errors::MappingNotFound if @mappings.empty?
+    end
+    def mapping_file_path(version)
+      filename = VRT::DIR.join(version, 'mappings', "#{@scheme}.json")
+      return filename if File.file?(filename)
+      # Supports mappings that are nested under their scheme name e.g. `mappings/cvss/cvss.json`
+      VRT::DIR.join(version, 'mappings', @scheme, "#{@scheme}.json")
     end
     # Converts arrays to hashes keyed by the id attribute (as a symbol) for easier lookup. So
@@ -71,6 +81,7 @@ module VRT
       id_list.each do |id|
         entry = mapping[id]
         break unless entry # mapping file doesn't go this deep, return previous value
         best_guess = merge_arrays(best_guess, entry[key]) if entry[key]
         # use the children mapping for the next iteration
         mapping = entry['children'] || {}

data/lib/vrt/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Vrt
-  VERSION = '0.7.1'.freeze
+  VERSION = '0.11.0'.freeze
 end

metadata CHANGED Viewed

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: vrt
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.11.0
 platform: ruby
 authors:
 - Barnett Klane
 - Max Schwenk
 - Adam David
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-11-27 00:00:00.000000000 Z
+date: 2021-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -18,71 +18,71 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.11'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.48.1
+        version: '3.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.48.1
+        version: '3.6'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.56.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
-description:
+        version: 0.56.0
+description:
 email:
 - barnett@bugcrowd.com
 - max.schwenk@bugcrowd.com
@@ -96,6 +96,26 @@ files:
 - lib/data/1.1/deprecated-node-mapping.json
 - lib/data/1.1/vrt.schema.json
 - lib/data/1.1/vulnerability-rating-taxonomy.json
+- lib/data/1.10.1/deprecated-node-mapping.json
+- lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.10.1/mappings/cwe/cwe.json
+- lib/data/1.10.1/mappings/cwe/cwe.schema.json
+- lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json
+- lib/data/1.10.1/vrt.schema.json
+- lib/data/1.10.1/vulnerability-rating-taxonomy.json
+- lib/data/1.10/deprecated-node-mapping.json
+- lib/data/1.10/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.10/mappings/cwe/cwe.json
+- lib/data/1.10/mappings/cwe/cwe.schema.json
+- lib/data/1.10/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json
+- lib/data/1.10/vrt.schema.json
+- lib/data/1.10/vulnerability-rating-taxonomy.json
 - lib/data/1.2/deprecated-node-mapping.json
 - lib/data/1.2/vrt.schema.json
 - lib/data/1.2/vulnerability-rating-taxonomy.json
@@ -136,10 +156,47 @@ files:
 - lib/data/1.6/mappings/remediation_advice.schema.json
 - lib/data/1.6/vrt.schema.json
 - lib/data/1.6/vulnerability-rating-taxonomy.json
+- lib/data/1.7.1/deprecated-node-mapping.json
+- lib/data/1.7.1/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.7.1/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.7.1/mappings/cwe/cwe.json
+- lib/data/1.7.1/mappings/cwe/cwe.schema.json
+- lib/data/1.7.1/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.7.1/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.7.1/vrt.schema.json
+- lib/data/1.7.1/vulnerability-rating-taxonomy.json
+- lib/data/1.7/deprecated-node-mapping.json
+- lib/data/1.7/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.7/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.7/mappings/cwe/cwe.json
+- lib/data/1.7/mappings/cwe/cwe.schema.json
+- lib/data/1.7/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.7/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.7/vrt.schema.json
+- lib/data/1.7/vulnerability-rating-taxonomy.json
+- lib/data/1.8/deprecated-node-mapping.json
+- lib/data/1.8/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.8/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.8/mappings/cwe/cwe.json
+- lib/data/1.8/mappings/cwe/cwe.schema.json
+- lib/data/1.8/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.8/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.8/vrt.schema.json
+- lib/data/1.8/vulnerability-rating-taxonomy.json
+- lib/data/1.9/deprecated-node-mapping.json
+- lib/data/1.9/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.9/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.9/mappings/cwe/cwe.json
+- lib/data/1.9/mappings/cwe/cwe.schema.json
+- lib/data/1.9/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.9/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.9/vrt.schema.json
+- lib/data/1.9/vulnerability-rating-taxonomy.json
 - lib/generators/vrt.rb
 - lib/generators/vrt/install_generator.rb
 - lib/vrt.rb
 - lib/vrt/cross_version_mapping.rb
+- lib/vrt/errors.rb
 - lib/vrt/map.rb
 - lib/vrt/mapping.rb
 - lib/vrt/node.rb
@@ -147,8 +204,12 @@ files:
 homepage: https://github.com/bugcrowd/vrt-ruby
 licenses:
 - MIT
-metadata: {}
-post_install_message:
+metadata:
+  homepage_uri: https://github.com/bugcrowd/vrt-ruby
+  changelog_uri: https://github.com/bugcrowd/vrt-ruby/blob/master/CHANGELOG.md
+  source_code_uri: https://github.com/bugcrowd/vrt-ruby
+  bug_tracker_uri: https://github.com/bugcrowd/vrt-ruby/issues
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -156,16 +217,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.12
-signing_key:
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Ruby wrapper for Bugcrowd's Vulnerability Rating Taxonomy
 test_files: []