Class: HackerOne::Client::Weakness

Inherits:

Object

Object
HackerOne::Client::Weakness

show all

Defined in:: lib/hackerone/client/weakness.rb

Constant Summary collapse

CLASSIFICATION_MAPPING =

{
  "None Applicable" => "A0-Other",
  "Denial of Service" => "A0-Other",
  "Memory Corruption" => "A0-Other",
  "Cryptographic Issue" => "A0-Other",
  "Privilege Escalation" => "A0-Other",
  "UI Redressing (Clickjacking)" => "A0-Other",
  "Command Injection" => "A1-Injection",
  "Remote Code Execution" => "A1-Injection",
  "SQL Injection" => "A1-Injection",
  "Authentication" => "A2-AuthSession",
  "Cross-Site Scripting (XSS)" => "A3-XSS",
  "Information Disclosure" => "A6-DataExposure",
  "Cross-Site Request Forgery (CSRF)" => "A8-CSRF",
  "Unvalidated / Open Redirect" => "A10-Redirects"
}

OWASP_TOP_10_2013_TO_CWE =

{
  'A1-Injection' => [77, 78, 88, 89, 90, 91, 564],
  'A2-AuthSession' =>
    [287, 613, 522, 256, 384, 472, 346, 441, 523, 620, 640, 319, 311],
  'A3-XSS' => [79],
  'A4-DirectObjRef' => [639, 99, 22],
  'A5-Misconfig' => [16, 2, 215, 548, 209],
  'A6-DataExposure' => [312, 319, 310, 326, 320, 311, 325, 328, 327],
  'A7-MissingACL' => [285, 287],
  'A8-CSRF' => [352, 642, 613, 346, 441],
  'A9-KnownVuln' => [],
  'A10-Redirects' => [601],
}.freeze

OWASP_DEFAULT =

'A0-Other'.freeze

Class Method Summary collapse

.extract_cwe_number(cwe) ⇒ Object

Instance Method Summary collapse

#initialize(weakness) ⇒ Weakness constructor

A new instance of Weakness.
#to_cwe ⇒ Object
#to_owasp ⇒ Object

Constructor Details

#initialize(weakness) ⇒ `Weakness`

Returns a new instance of Weakness.



46
47
48

# File 'lib/hackerone/client/weakness.rb', line 46

def initialize(weakness)
  @attributes = weakness
end

Class Method Details

.extract_cwe_number(cwe) ⇒ `Object`

# File 'lib/hackerone/client/weakness.rb', line 5

def extract_cwe_number(cwe)
  return if cwe.nil?
  fail StandardError::ArgumentError unless cwe.upcase.start_with?('CWE-')

  cwe.split('CWE-').last.to_i
end

Instance Method Details

#to_cwe ⇒ `Object`



58
59
60

# File 'lib/hackerone/client/weakness.rb', line 58

def to_cwe
  @attributes[:external_id]
end

#to_owasp ⇒ `Object`

# File 'lib/hackerone/client/weakness.rb', line 50

def to_owasp
  from_cwe = OWASP_TOP_10_2013_TO_CWE.map do |owasp, cwes|
    owasp if cwes.include?(self.class.extract_cwe_number(to_cwe))
  end.compact.first

  from_cwe || CLASSIFICATION_MAPPING[@attributes[:name]] || OWASP_DEFAULT
end

Class: HackerOne::Client::Weakness

Constant Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(weakness) ⇒ Weakness

Class Method Details

.extract_cwe_number(cwe) ⇒ Object

Instance Method Details

#to_cwe ⇒ Object

#to_owasp ⇒ Object

#initialize(weakness) ⇒ `Weakness`

.extract_cwe_number(cwe) ⇒ `Object`

#to_cwe ⇒ `Object`

#to_owasp ⇒ `Object`