GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → bugcrowd → vrt-ruby

bugcrowd / vrt-ruby

Licence: MIT license
Ruby library for interacting with Bugcrowd's VRT

Programming Languages

ruby
36898 projects - #4 most used programming language
Dockerfile
14818 projects

Labels

gemtaxonomyvulnerabilityvrtbugcrowd

Projects that are alternatives of or similar to vrt-ruby

Api Fuzzer
API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities
Stars: ✭ 238 (+1486.67%)
Mutual labels:  gem, vulnerability
PayloadsAll
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (+106.67%)
Mutual labels:  vulnerability, bugcrowd
Gemsurance
Gem vulnerability checker using rubysec/ruby-advisory-db
Stars: ✭ 207 (+1280%)
Mutual labels:  gem, vulnerability
Forest Rails
🌱 Rails Liana for Forest Admin
Stars: ✭ 247 (+1546.67%)
Mutual labels:  gem
gvm-tools
Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance
Stars: ✭ 143 (+853.33%)
Mutual labels:  vulnerability
omniauth-multi-provider-saml
An extension to omniauth-saml for handling multiple identity providers
Stars: ✭ 14 (-6.67%)
Mutual labels:  gem
extra extra
Manage in-app release notes for your Rails application using Markdown
Stars: ✭ 21 (+40%)
Mutual labels:  gem
Victor
Ruby SVG Image Builder
Stars: ✭ 237 (+1480%)
Mutual labels:  gem
lightly
Ruby file cache for performing heavy tasks, lightly.
Stars: ✭ 37 (+146.67%)
Mutual labels:  gem
memo wise
The wise choice for Ruby memoization
Stars: ✭ 486 (+3140%)
Mutual labels:  gem
open dota api
Ruby client for Dota 2 from OpenDotaAPI
Stars: ✭ 19 (+26.67%)
Mutual labels:  gem
cve-2016-1764
Extraction of iMessage Data via XSS
Stars: ✭ 52 (+246.67%)
Mutual labels:  vulnerability
metacoder
Parsing, Manipulation, and Visualization of Metabarcoding/Taxonomic data
Stars: ✭ 120 (+700%)
Mutual labels:  taxonomy
FIDL
A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research
Stars: ✭ 421 (+2706.67%)
Mutual labels:  vulnerability
aemscan
Adobe Experience Manager Vulnerability Scanner
Stars: ✭ 161 (+973.33%)
Mutual labels:  vulnerability
schked
Framework agnostic scheduler to run recurring jobs.
Stars: ✭ 78 (+420%)
Mutual labels:  gem
dheater
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (+846.67%)
Mutual labels:  vulnerability
react-taxonomypicker
A Taxonomy Picker control built with TypeScript for React. Built for use in Office 365 / SharePoint
Stars: ✭ 23 (+53.33%)
Mutual labels:  taxonomy
graphql authorize
Authorization helpers for ruby-graphql fields
Stars: ✭ 23 (+53.33%)
Mutual labels:  gem
slackify
Build Slackbot on Rails using Slack Event API
Stars: ✭ 20 (+33.33%)
Mutual labels:  gem
View All Similar Projects ➔

VRT Ruby Wrapper

While the Content and Structure is defined in the Vulnerability Rating Taxonomy Repository, this defines methods to allow for easy handling of VRT logic. This gem is used and maintained by Bugcrowd Engineering.

Getting Started

Add this line to your application's Gemfile:

gem 'vrt'

To create the initializer:

rails generate vrt:install

Usage

For convenience in development, we provide a utility for spinning up a playground for playing with the gem. You can invoke it with:

bin/console

When one has a VRT Classification ID, one can check it's validity:

vrt = VRT::Map.new

vrt.valid?('server_side_injection')
=> true

vrt.valid?('test_vrt_classification')
=> false

Get a pretty output for its lineage:

vrt = VRT::Map.new

vrt.get_lineage('server_side_injection.file_inclusion.local')
=> "Server-Side Injection > File Inclusion > Local"

The information within that node:

vrt = VRT::Map.new

vrt.find_node('server_side_injection.file_inclusion.local')

Which returns the corresponding VRT::Node. This node has a variety of methods:

vrt_map = VRT::Map.new

node = vrt_map.find_node('server_side_injection.file_inclusion.local')

node.children # Returns Child Nodes

node.parent # Returns Parent Node

node.priority

node.id

node.name

node.mappings # The node's mappings to other classifications

If you need to deal with translating between versions

VRT module also has a find_node method that is version agnostic. This is used to find the best match for a node under any version and has options to specify a preferred version.

Examples:

# Find a node in a given preferred version that best maps to the given id
VRT.find_node(
  vrt_id: 'social_engineering',
  preferred_version: '1.1'
)
# returns 'other'

# Aggregate vulnerabilities by category
VRT.find_node(
  vrt_id: vrt_id,
  max_depth: 'category'
)

# Query for vulnerabilities by category while maintaining deprecated mappings by adding
# deprecated ids to the search with `all_matching_categories`
categories_to_search_for += VRT.all_matching_categories(categories_to_search_for)

Mappings and external links

Mappings

A mapping is a relationship defined from a node to another classification like cvss or cwe or to more information like remediation advice. The relationships that are defined in mappings are maintained by the Bugcrowd team as well as external contributors to the VRT repo.

Example getting the CWE for a particular VRT ID
VRT.find_node(
  vrt_id: 'server_security_misconfiguration.unsafe_cross_origin_resource_sharing'
).mappings[:cwe]

=> ["CWE-942", "CWE-16"]

Third party links

These are simillar to mappings, but the relationships are maintained by an external party instead of Bugcrowd.

Example getting Secure Code Warrior training link for a particular VRT ID
VRT.find_node(
  vrt_id: 'server_security_misconfiguration.unsafe_cross_origin_resource_sharing'
).third_party_links[:scw]

=> "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_cross_origin_resource_sharing&redirect=true"
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].