Module: VRT

Extended by:
CrossVersionMapping
Defined in:
lib/vrt.rb,
lib/vrt/map.rb,
lib/vrt/node.rb,
lib/vrt/mapping.rb,
lib/vrt/cross_version_mapping.rb

Defined Under Namespace

Modules: CrossVersionMapping Classes: Map, Mapping, Node

Constant Summary collapse

DIR = 
Pathname.new(__dir__).join('data')
OTHER_OPTION = 
{ 'id' => 'other',
'name' => 'Other',
'priority' => nil,
'type' => 'category' }.freeze
MAPPINGS = 
i[cvss_v3 remediation_advice cwe].freeze

Class Method Summary collapse

Methods included from CrossVersionMapping

cross_version_category_mapping, deprecated_node?, deprecated_node_json, find_deprecated_node, find_valid_parent_node, latest_version_for_deprecated_node

Class Method Details

.all_matching_categories(categories) ⇒ Object

Get all deprecated ids that would match in the given categories from the current version



60
61
62
63
64
65
66
 
# File 'lib/vrt.rb', line 60

def all_matching_categories(categories)
  cross_version_category_mapping
    .select { |key, _value| categories.include?(key) }
    .values
    .flatten
    .uniq
end

.current_categoriesObject 



55
56
57
 
# File 'lib/vrt.rb', line 55

def current_categories
  get_map.categories
end

.current_versionObject

Get the most recent version of the VRT.



38
39
40
 
# File 'lib/vrt.rb', line 38

def current_version
  versions.first
end

.current_version?(version) ⇒ Boolean

Returns:

  • (Boolean) 


42
43
44
 
# File 'lib/vrt.rb', line 42

def current_version?(version)
  version == current_version
end

.find_node(vrt_id:, preferred_version: nil, max_depth: 'variant', version: nil) ⇒ VRT::Node|Nil

Finds the best match valid node. First looks at valid nodes in the given new version or finds the appropriate deprecated mapping. If neither is found it will walk up the tree to find a valid parent node before giving up and returning nil.

Parameters:

  • vrt_id (String)

    A valid vrt_id

  • preferred_version (string) (defaults to: nil)

    (Optional) The preferred vrt_version of the returned node (defaults to current_version)

  • max_depth (String) (defaults to: 'variant')

    (Optional) The maximum depth to match in

  • version (String) (defaults to: nil)

    (deprecated) This parameter is no longer used

Returns:

  • (VRT::Node|Nil)

    A valid VRT::Node object or nil if no best match could be found



78
79
80
81
82
83
84
85
86
87
 
# File 'lib/vrt.rb', line 78

def find_node(vrt_id:, preferred_version: nil, max_depth: 'variant', version: nil) # rubocop:disable Lint/UnusedMethodArgument
  new_version = preferred_version || current_version
  if get_map(version: new_version).valid?(vrt_id)
    get_map(version: new_version).find_node(vrt_id, max_depth: max_depth)
  elsif deprecated_node?(vrt_id)
    find_deprecated_node(vrt_id, preferred_version, max_depth)
  else
    find_valid_parent_node(vrt_id, new_version, max_depth)
  end
end

.get_json(version: nil, other: true) ⇒ Object

Load the VRT from text files, and parse it as JSON. If other: true, we append the OTHER_OPTION hash at runtime (not cached)



91
92
93
94
95
 
# File 'lib/vrt.rb', line 91

def get_json(version: nil, other: true)
  version ||= current_version
  @version_json[version] ||= json_for_version(version)
  other ? @version_json[version] + [OTHER_OPTION] : @version_json[version]
end

.get_map(version: nil) ⇒ Object 



97
98
99
100
 
# File 'lib/vrt.rb', line 97

def get_map(version: nil)
  version ||= current_version
  @maps[version] ||= Map.new(version)
end

.json_dir_namesObject

Get names of directories matching lib/data/<major>-<minor>/



103
104
105
106
107
108
 
# File 'lib/vrt.rb', line 103

def json_dir_names
  DIR.entries
     .map(&:basename)
     .map(&:to_s)
     .select { |dirname| dirname =~ /^[0-9]+\.[0-9]/ }.sort
end

.json_for_version(version) ⇒ Object

Load and parse JSON for some VRT version



116
117
118
 
# File 'lib/vrt.rb', line 116

def json_for_version(version)
  JSON.parse(json_pathname(version).read)['content']
end

.json_pathname(version) ⇒ Object

Get the Pathname for a particular version



111
112
113
 
# File 'lib/vrt.rb', line 111

def json_pathname(version)
  DIR.join(version, 'vulnerability-rating-taxonomy.json')
end

.last_updated(version = nil) ⇒ Object

Get the last updated timestamp of the VRT data (not schema!) Passing nil for version will return the latest version.



48
49
50
51
52
53
 
# File 'lib/vrt.rb', line 48

def last_updated(version = nil)
  version ||= current_version
  return @last_update[version] if @last_update[version]
  metadata = JSON.parse(json_pathname(version).read)['metadata']
  @last_update[version] = Date.parse(metadata['release_date'])
end

.mappingsObject 



120
121
122
 
# File 'lib/vrt.rb', line 120

def mappings
  @mappings ||= Hash[MAPPINGS.map { |name| [name, VRT::Mapping.new(name)] }]
end

.reload!Object

Cache the VRT contents in-memory, so we’re not hitting File I/O multiple times per request that needs it.



126
127
128
129
130
131
132
133
 
# File 'lib/vrt.rb', line 126

def reload!
  unload!
  versions
  get_json
  get_map
  last_updated
  mappings
end

.unload!Object

We separate unload! out, as we need to call it in test environments.



136
137
138
139
140
141
142
 
# File 'lib/vrt.rb', line 136

def unload!
  @versions = nil
  @version_json = {}
  @last_update = {}
  @maps = {}
  @mappings = nil
end

.versionsObject

Infer the available versions of the VRT from the names of the files in the repo. The returned list is in semver order with the current version first.



33
34
35
 
# File 'lib/vrt.rb', line 33

def versions
  @versions ||= json_dir_names.sort_by { |v| Gem::Version.new(v) }.reverse!
end