RubyGems - vrt - Versions diffs - 0.7.1 → 0.11.0 - Mend

vrt 0.7.1 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

checksums.yaml +5 -5
data/lib/data/1.10.1/deprecated-node-mapping.json +200 -0
data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json +1074 -0
data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.10.1/mappings/cwe/cwe.json +477 -0
data/lib/data/1.10.1/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json +1543 -0
data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json +348 -0
data/lib/data/1.10.1/vrt.schema.json +63 -0
data/lib/data/1.10.1/vulnerability-rating-taxonomy.json +2171 -0
data/lib/data/1.10/deprecated-node-mapping.json +200 -0
data/lib/data/1.10/mappings/cvss_v3/cvss_v3.json +1074 -0
data/lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.10/mappings/cwe/cwe.json +477 -0
data/lib/data/1.10/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.10/mappings/remediation_advice/remediation_advice.json +1543 -0
data/lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json +348 -0
data/lib/data/1.10/vrt.schema.json +63 -0
data/lib/data/1.10/vulnerability-rating-taxonomy.json +2171 -0
data/lib/data/1.7.1/deprecated-node-mapping.json +149 -0
data/lib/data/1.7.1/mappings/cvss_v3/cvss_v3.json +928 -0
data/lib/data/1.7.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.7.1/mappings/cwe/cwe.json +441 -0
data/lib/data/1.7.1/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.7.1/mappings/remediation_advice/remediation_advice.json +1354 -0
data/lib/data/1.7.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.7.1/vrt.schema.json +63 -0
data/lib/data/1.7.1/vulnerability-rating-taxonomy.json +1937 -0
data/lib/data/1.7/deprecated-node-mapping.json +149 -0
data/lib/data/1.7/mappings/cvss_v3/cvss_v3.json +861 -0
data/lib/data/1.7/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.7/mappings/cwe/cwe.json +441 -0
data/lib/data/1.7/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.7/mappings/remediation_advice/remediation_advice.json +1230 -0
data/lib/data/1.7/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.7/vrt.schema.json +63 -0
data/lib/data/1.7/vulnerability-rating-taxonomy.json +1937 -0
data/lib/data/1.8/deprecated-node-mapping.json +149 -0
data/lib/data/1.8/mappings/cvss_v3/cvss_v3.json +935 -0
data/lib/data/1.8/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.8/mappings/cwe/cwe.json +453 -0
data/lib/data/1.8/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.8/mappings/remediation_advice/remediation_advice.json +1381 -0
data/lib/data/1.8/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.8/vrt.schema.json +63 -0
data/lib/data/1.8/vulnerability-rating-taxonomy.json +1948 -0
data/lib/data/1.9/deprecated-node-mapping.json +158 -0
data/lib/data/1.9/mappings/cvss_v3/cvss_v3.json +1002 -0
data/lib/data/1.9/mappings/cvss_v3/cvss_v3.schema.json +59 -0
data/lib/data/1.9/mappings/cwe/cwe.json +457 -0
data/lib/data/1.9/mappings/cwe/cwe.schema.json +63 -0
data/lib/data/1.9/mappings/remediation_advice/remediation_advice.json +1409 -0
data/lib/data/1.9/mappings/remediation_advice/remediation_advice.schema.json +75 -0
data/lib/data/1.9/vrt.schema.json +63 -0
data/lib/data/1.9/vulnerability-rating-taxonomy.json +2053 -0
data/lib/generators/vrt/install_generator.rb +1 -1
data/lib/vrt.rb +2 -0
data/lib/vrt/cross_version_mapping.rb +3 -2
data/lib/vrt/errors.rb +5 -0
data/lib/vrt/map.rb +8 -5
data/lib/vrt/mapping.rb +12 -1
data/lib/vrt/version.rb +1 -1
metadata +92 -32

data/lib/generators/vrt/install_generator.rb CHANGED Viewed

@@ -3,7 +3,7 @@ require 'rails/generators/base'
 module Vrt
   module Generators
     class InstallGenerator < Rails::Generators::Base
-      source_root(File.expand_path(File.dirname(__FILE__)))
+      source_root(File.expand_path(File.dirname(__dir__)))
       def create_initializer_file
         copy_file '../vrt.rb', 'config/initializers/vrt.rb'
       end

data/lib/vrt.rb CHANGED Viewed

@@ -6,6 +6,7 @@ require 'vrt/map'
 require 'vrt/node'
 require 'vrt/mapping'
 require 'vrt/cross_version_mapping'
+require 'vrt/errors'
 require 'date'
 require 'json'
@@ -48,6 +49,7 @@ module VRT
   def last_updated(version = nil)
     version ||= current_version
     return @last_update[version] if @last_update[version]
     metadata = JSON.parse(json_pathname(version).read)['metadata']
     @last_update[version] = Date.parse(metadata['release_date'])
   end

data/lib/vrt/cross_version_mapping.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module VRT
     def cross_version_category_mapping
       category_map = {}
       deprecated_node_json.each do |key, value|
-        latest_version = value.keys.sort_by { |n| Gem::Version.new(n) }.last
+        latest_version = value.keys.max_by { |n| Gem::Version.new(n) }
         id_list = value[latest_version].split('.')
         cat_id = id_list[0]
         sub_id = id_list[0..1].join('.')
@@ -26,7 +26,7 @@ module VRT
     end
     def latest_version_for_deprecated_node(vrt_id)
-      deprecated_node_json[vrt_id].keys.sort_by { |n| Gem::Version.new(n) }.last
+      deprecated_node_json[vrt_id].keys.max_by { |n| Gem::Version.new(n) }
     end
     def find_deprecated_node(vrt_id, new_version = nil, max_depth = 'variant')
@@ -43,6 +43,7 @@ module VRT
       else
         parent = vrt_id.split('.')[0..-2].join('.')
         return nil if parent.empty?
         find_valid_parent_node(parent, new_version, max_depth)
       end
     end

data/lib/vrt/errors.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module VRT
+  module Errors
+    class MappingNotFound < StandardError; end
+  end
+end

data/lib/vrt/map.rb CHANGED Viewed

@@ -41,15 +41,20 @@ module VRT
     private
     def valid_identifier?(vrt_id)
-      # At least one string of lowercase or _, plus up to 2 more with stops
-      @_valid_identifiers[vrt_id] ||= vrt_id =~ /other|\A[a-z_\d]+(\.[a-z_\d]+){0,2}\z/
+      # The upstream json schema in the VRT has changed so we need to support both:
+      # Current: At least one string of lowercase letters or _, plus up to 2 more with stops (no digits)
+      # and Old: At least one string of lowercase letters, numbers, or _,
+      #          plus up to 2 more with stops and no leading numbers
+      @_valid_identifiers[vrt_id] ||= vrt_id =~ /other|\A[a-z][a-z_\d]*(\.[a-z][a-z_\d]*){0,2}\z/
     end
     def construct_lineage(string, max_depth)
       return unless valid_identifier?(string)
       lineage = ''
       walk_node_tree(string, max_depth: max_depth) do |ids, node, level|
         return unless node
         lineage += node.name
         lineage += ' > ' unless level == ids.length
       end
@@ -79,9 +84,7 @@ module VRT
     def build_node(memo, vrt, parent = nil)
       node = Node.new(vrt.merge('version' => @version, 'parent' => parent))
-      if node.children?
-        node.children = vrt['children'].reduce({}) { |m, v| build_node(m, v, node) }
-      end
+      node.children = vrt['children'].reduce({}) { |m, v| build_node(m, v, node) } if node.children?
       memo[node.id] = node
       memo
     end

data/lib/vrt/mapping.rb CHANGED Viewed

@@ -39,8 +39,9 @@ module VRT
     def load_mappings
       @mappings = {}
       VRT.versions.each do |version|
-        filename = VRT::DIR.join(version, 'mappings', "#{@scheme}.json")
+        filename = mapping_file_path(version)
         next unless File.file?(filename)
         mapping = JSON.parse(File.read(filename))
         mapping['content'] = key_by_id(mapping['content'])
         @mappings[version] = mapping
@@ -48,6 +49,15 @@ module VRT
         # so this will end up as the earliest version with a mapping file
         @min_version = version
       end
+      raise VRT::Errors::MappingNotFound if @mappings.empty?
+    end
+    def mapping_file_path(version)
+      filename = VRT::DIR.join(version, 'mappings', "#{@scheme}.json")
+      return filename if File.file?(filename)
+      # Supports mappings that are nested under their scheme name e.g. `mappings/cvss/cvss.json`
+      VRT::DIR.join(version, 'mappings', @scheme, "#{@scheme}.json")
     end
     # Converts arrays to hashes keyed by the id attribute (as a symbol) for easier lookup. So
@@ -71,6 +81,7 @@ module VRT
       id_list.each do |id|
         entry = mapping[id]
         break unless entry # mapping file doesn't go this deep, return previous value
         best_guess = merge_arrays(best_guess, entry[key]) if entry[key]
         # use the children mapping for the next iteration
         mapping = entry['children'] || {}

data/lib/vrt/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Vrt
-  VERSION = '0.7.1'.freeze
+  VERSION = '0.11.0'.freeze
 end

metadata CHANGED Viewed

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: vrt
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.11.0
 platform: ruby
 authors:
 - Barnett Klane
 - Max Schwenk
 - Adam David
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-11-27 00:00:00.000000000 Z
+date: 2021-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -18,71 +18,71 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.11'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.48.1
+        version: '3.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.48.1
+        version: '3.6'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.56.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
-description:
+        version: 0.56.0
+description:
 email:
 - barnett@bugcrowd.com
 - max.schwenk@bugcrowd.com
@@ -96,6 +96,26 @@ files:
 - lib/data/1.1/deprecated-node-mapping.json
 - lib/data/1.1/vrt.schema.json
 - lib/data/1.1/vulnerability-rating-taxonomy.json
+- lib/data/1.10.1/deprecated-node-mapping.json
+- lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.10.1/mappings/cwe/cwe.json
+- lib/data/1.10.1/mappings/cwe/cwe.schema.json
+- lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json
+- lib/data/1.10.1/vrt.schema.json
+- lib/data/1.10.1/vulnerability-rating-taxonomy.json
+- lib/data/1.10/deprecated-node-mapping.json
+- lib/data/1.10/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.10/mappings/cwe/cwe.json
+- lib/data/1.10/mappings/cwe/cwe.schema.json
+- lib/data/1.10/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json
+- lib/data/1.10/vrt.schema.json
+- lib/data/1.10/vulnerability-rating-taxonomy.json
 - lib/data/1.2/deprecated-node-mapping.json
 - lib/data/1.2/vrt.schema.json
 - lib/data/1.2/vulnerability-rating-taxonomy.json
@@ -136,10 +156,47 @@ files:
 - lib/data/1.6/mappings/remediation_advice.schema.json
 - lib/data/1.6/vrt.schema.json
 - lib/data/1.6/vulnerability-rating-taxonomy.json
+- lib/data/1.7.1/deprecated-node-mapping.json
+- lib/data/1.7.1/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.7.1/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.7.1/mappings/cwe/cwe.json
+- lib/data/1.7.1/mappings/cwe/cwe.schema.json
+- lib/data/1.7.1/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.7.1/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.7.1/vrt.schema.json
+- lib/data/1.7.1/vulnerability-rating-taxonomy.json
+- lib/data/1.7/deprecated-node-mapping.json
+- lib/data/1.7/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.7/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.7/mappings/cwe/cwe.json
+- lib/data/1.7/mappings/cwe/cwe.schema.json
+- lib/data/1.7/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.7/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.7/vrt.schema.json
+- lib/data/1.7/vulnerability-rating-taxonomy.json
+- lib/data/1.8/deprecated-node-mapping.json
+- lib/data/1.8/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.8/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.8/mappings/cwe/cwe.json
+- lib/data/1.8/mappings/cwe/cwe.schema.json
+- lib/data/1.8/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.8/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.8/vrt.schema.json
+- lib/data/1.8/vulnerability-rating-taxonomy.json
+- lib/data/1.9/deprecated-node-mapping.json
+- lib/data/1.9/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.9/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.9/mappings/cwe/cwe.json
+- lib/data/1.9/mappings/cwe/cwe.schema.json
+- lib/data/1.9/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.9/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.9/vrt.schema.json
+- lib/data/1.9/vulnerability-rating-taxonomy.json
 - lib/generators/vrt.rb
 - lib/generators/vrt/install_generator.rb
 - lib/vrt.rb
 - lib/vrt/cross_version_mapping.rb
+- lib/vrt/errors.rb
 - lib/vrt/map.rb
 - lib/vrt/mapping.rb
 - lib/vrt/node.rb
@@ -147,8 +204,12 @@ files:
 homepage: https://github.com/bugcrowd/vrt-ruby
 licenses:
 - MIT
-metadata: {}
-post_install_message:
+metadata:
+  homepage_uri: https://github.com/bugcrowd/vrt-ruby
+  changelog_uri: https://github.com/bugcrowd/vrt-ruby/blob/master/CHANGELOG.md
+  source_code_uri: https://github.com/bugcrowd/vrt-ruby
+  bug_tracker_uri: https://github.com/bugcrowd/vrt-ruby/issues
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -156,16 +217,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.12
-signing_key:
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Ruby wrapper for Bugcrowd's Vulnerability Rating Taxonomy
 test_files: []