Sha256: 799b68a767d87bce9992e4be90c5565e93959c1a11c0ee241594e54a37bae407
Contents?: true
Size: 1.18 KB
Versions: 1
Compression:
Stored size: 1.18 KB
Contents
module HackerOne
module Client
class Weakness
class << self
def extract_cwe_number(cwe)
fail StandardError::ArgumentError unless cwe.upcase.start_with?('CWE-')
cwe.split('CWE-').last.to_i
end
end
OWASP_TOP_10_2013_TO_CWE = {
'A1-Injection' => [77, 78, 88, 89, 90, 91, 564],
'A2-AuthSession' =>
[287, 613, 522, 256, 384, 472, 346, 441, 523, 620, 640, 319, 311],
'A3-XSS' => [79],
'A4-DirectObjRef' => [639, 99, 22],
'A5-Misconfig' => [16, 2, 215, 548, 209],
'A6-DataExposure' => [312, 319, 310, 326, 320, 311, 325, 328, 327],
'A7-MissingACL' => [285, 287],
'A8-CSRF' => [352, 642, 613, 346, 441],
'A9-KnownVuln' => [],
'A10-Redirects' => [601],
}.freeze
OWASP_DEFAULT = 'A0-Other'.freeze
def initialize(weakness)
@attributes = weakness
end
def to_owasp
OWASP_TOP_10_2013_TO_CWE.map do |owasp, cwes|
owasp if cwes.include?(self.class.extract_cwe_number(to_cwe))
end.compact.first || OWASP_DEFAULT
end
def to_cwe
@attributes[:external_id]
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| hackerone-client-0.2.1 | lib/hackerone/client/weakness.rb |