vrt 0.7.1 → 0.8.0

data/lib/generators/vrt/install_generator.rb

@@ -3,7 +3,7 @@ require 'rails/generators/base'
 module Vrt
   module Generators
     class InstallGenerator < Rails::Generators::Base
-      source_root(File.expand_path(File.dirname(__FILE__)))
+      source_root(File.expand_path(File.dirname(__dir__)))
       def create_initializer_file
         copy_file '../vrt.rb', 'config/initializers/vrt.rb'
       end

data/lib/vrt.rb

@@ -6,6 +6,7 @@ require 'vrt/map'
 require 'vrt/node'
 require 'vrt/mapping'
 require 'vrt/cross_version_mapping'
+require 'vrt/errors'
 
 require 'date'
 require 'json'
@@ -48,6 +49,7 @@ module VRT
   def last_updated(version = nil)
     version ||= current_version
     return @last_update[version] if @last_update[version]
+
     metadata = JSON.parse(json_pathname(version).read)['metadata']
     @last_update[version] = Date.parse(metadata['release_date'])
   end

data/lib/vrt/cross_version_mapping.rb

@@ -5,7 +5,7 @@ module VRT
     def cross_version_category_mapping
       category_map = {}
       deprecated_node_json.each do |key, value|
-        latest_version = value.keys.sort_by { |n| Gem::Version.new(n) }.last
+        latest_version = value.keys.max_by { |n| Gem::Version.new(n) }
         id_list = value[latest_version].split('.')
         cat_id = id_list[0]
         sub_id = id_list[0..1].join('.')
@@ -26,7 +26,7 @@ module VRT
     end
 
     def latest_version_for_deprecated_node(vrt_id)
-      deprecated_node_json[vrt_id].keys.sort_by { |n| Gem::Version.new(n) }.last
+      deprecated_node_json[vrt_id].keys.max_by { |n| Gem::Version.new(n) }
     end
 
     def find_deprecated_node(vrt_id, new_version = nil, max_depth = 'variant')
@@ -43,6 +43,7 @@ module VRT
       else
         parent = vrt_id.split('.')[0..-2].join('.')
         return nil if parent.empty?
+
         find_valid_parent_node(parent, new_version, max_depth)
       end
     end

data/lib/vrt/errors.rb

@@ -0,0 +1,5 @@
+module VRT
+  module Errors
+    class MappingNotFound < StandardError; end
+  end
+end

data/lib/vrt/map.rb

@@ -41,15 +41,20 @@ module VRT
     private
 
     def valid_identifier?(vrt_id)
-      # At least one string of lowercase or _, plus up to 2 more with stops
-      @_valid_identifiers[vrt_id] ||= vrt_id =~ /other|\A[a-z_\d]+(\.[a-z_\d]+){0,2}\z/
+      # The upstream json schema in the VRT has changed so we need to support both:
+      # Current: At least one string of lowercase letters or _, plus up to 2 more with stops (no digits)
+      # and Old: At least one string of lowercase letters, numbers, or _,
+      #          plus up to 2 more with stops and no leading numbers
+      @_valid_identifiers[vrt_id] ||= vrt_id =~ /other|\A[a-z][a-z_\d]*(\.[a-z][a-z_\d]*){0,2}\z/
     end
 
     def construct_lineage(string, max_depth)
       return unless valid_identifier?(string)
+
       lineage = ''
       walk_node_tree(string, max_depth: max_depth) do |ids, node, level|
         return unless node
+
         lineage += node.name
         lineage += ' > ' unless level == ids.length
       end
@@ -79,9 +84,7 @@ module VRT
 
     def build_node(memo, vrt, parent = nil)
       node = Node.new(vrt.merge('version' => @version, 'parent' => parent))
-      if node.children?
-        node.children = vrt['children'].reduce({}) { |m, v| build_node(m, v, node) }
-      end
+      node.children = vrt['children'].reduce({}) { |m, v| build_node(m, v, node) } if node.children?
       memo[node.id] = node
       memo
     end

data/lib/vrt/mapping.rb

@@ -39,8 +39,9 @@ module VRT
     def load_mappings
       @mappings = {}
       VRT.versions.each do |version|
-        filename = VRT::DIR.join(version, 'mappings', "#{@scheme}.json")
+        filename = mapping_file_path(version)
         next unless File.file?(filename)
+
         mapping = JSON.parse(File.read(filename))
         mapping['content'] = key_by_id(mapping['content'])
         @mappings[version] = mapping
@@ -48,6 +49,15 @@ module VRT
         # so this will end up as the earliest version with a mapping file
         @min_version = version
       end
+      raise VRT::Errors::MappingNotFound if @mappings.empty?
+    end
+
+    def mapping_file_path(version)
+      filename = VRT::DIR.join(version, 'mappings', "#{@scheme}.json")
+      return filename if File.file?(filename)
+
+      # Supports mappings that are nested under their scheme name e.g. `mappings/cvss/cvss.json`
+      VRT::DIR.join(version, 'mappings', @scheme, "#{@scheme}.json")
     end
 
     # Converts arrays to hashes keyed by the id attribute (as a symbol) for easier lookup. So
@@ -71,6 +81,7 @@ module VRT
       id_list.each do |id|
         entry = mapping[id]
         break unless entry # mapping file doesn't go this deep, return previous value
+
         best_guess = merge_arrays(best_guess, entry[key]) if entry[key]
         # use the children mapping for the next iteration
         mapping = entry['children'] || {}

data/lib/vrt/version.rb

@@ -1,3 +1,3 @@
 module Vrt
-  VERSION = '0.7.1'.freeze
+  VERSION = '0.8.0'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vrt
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.8.0
 platform: ruby
 authors:
 - Barnett Klane
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-27 00:00:00.000000000 Z
+date: 2019-03-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -27,7 +27,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.14'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -41,7 +41,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -55,33 +55,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.48.1
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.48.1
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.56.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.56.0
 description: 
 email:
 - barnett@bugcrowd.com
@@ -136,10 +136,20 @@ files:
 - lib/data/1.6/mappings/remediation_advice.schema.json
 - lib/data/1.6/vrt.schema.json
 - lib/data/1.6/vulnerability-rating-taxonomy.json
+- lib/data/1.7/deprecated-node-mapping.json
+- lib/data/1.7/mappings/cvss_v3/cvss_v3.json
+- lib/data/1.7/mappings/cvss_v3/cvss_v3.schema.json
+- lib/data/1.7/mappings/cwe/cwe.json
+- lib/data/1.7/mappings/cwe/cwe.schema.json
+- lib/data/1.7/mappings/remediation_advice/remediation_advice.json
+- lib/data/1.7/mappings/remediation_advice/remediation_advice.schema.json
+- lib/data/1.7/vrt.schema.json
+- lib/data/1.7/vulnerability-rating-taxonomy.json
 - lib/generators/vrt.rb
 - lib/generators/vrt/install_generator.rb
 - lib/vrt.rb
 - lib/vrt/cross_version_mapping.rb
+- lib/vrt/errors.rb
 - lib/vrt/map.rb
 - lib/vrt/mapping.rb
 - lib/vrt/node.rb
@@ -164,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.12
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Ruby wrapper for Bugcrowd's Vulnerability Rating Taxonomy