Adjust mappings organization (#213)

* re-organize mappings * adjust docs * adjust GitHub PR template * Make tests support both nested and unnested mappings * Use a ternary * Clean up list comprehension * Add docstring and readability improvements * Remove useless +
bugcrowd · Mar 1, 2019 · 22caa2f · 22caa2f
1 parent c298b8d
commit 22caa2f
Show file tree

Hide file tree

Showing 11 changed files with 16 additions and 21 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,9 +1,9 @@
 **Issue**: Resolves #
 
-**[CVSS v3 Mapping](https://github.com/bugcrowd/vulnerability-rating-taxonomy/blob/master/mappings/cvss_v3.json)**:
+**[CVSS v3 Mapping](https://github.com/bugcrowd/vulnerability-rating-taxonomy/blob/master/mappings/cvss_v3/cvss_v3.json)**:
 
-**[CWE Mapping](https://github.com/bugcrowd/vulnerability-rating-taxonomy/blob/master/mappings/cwe.json)**:
+**[CWE Mapping](https://github.com/bugcrowd/vulnerability-rating-taxonomy/blob/master/mappings/cwe/cwe.json)**:
 
-**[Remediation Advice Mapping](https://github.com/bugcrowd/vulnerability-rating-taxonomy/blob/master/mappings/remediation_advice.json)**:
+**[Remediation Advice Mapping](https://github.com/bugcrowd/vulnerability-rating-taxonomy/blob/master/mappings/remediation_advice/remediation_advice.json)**:
 
 **[Deprecated Node Mapping](https://github.com/bugcrowd/vulnerability-rating-taxonomy/blob/master/deprecated-node-mapping.json)** (_if needed_):
diff --git a/README.md b/README.md
@@ -112,12 +112,12 @@ _2 nodes being collapsed into 1_
 
 ### Mapping to Other Systems
 Sometimes it is useful to convert VRT IDs to other vulnerability classification systems, eg CVSS.
-Such mappings are supported by adding a mapping file to the [mappings](mappings) directory.
+Such mappings are supported by adding a mapping folder/files to the [mappings](mappings) directory.
 These files have a similar structure to the main VRT file but only include the `id` and `children` attributes,
 plus an additional mapping attribute with the same name as the file.
 
 For example, suppose we wish to map to a traffic light system which maps all vulnerabilities to red, green or yellow.
-We would add a mapping file called `mappings/traffic_light.json` with contents like:
+We would add a mapping file called `mappings/traffic_light/traffic_light.json` with contents like:
 
 ```
 {
@@ -151,9 +151,9 @@ All VRT IDs nested below `server_side_injection` would map to `red`, except for
 `server_side_injection.content_spoofing.iframe_injection` which would map to `yellow`.
 
 #### Supported Mappings
-- [CVSS v3](mappings/cvss_v3.json)
-- [CWE](mappings/cwe.json)
-- [Remediation Advice](mappings/remediation_advice.json)
+- [CVSS v3](mappings/cvss_v3/cvss_v3.json)
+- [CWE](mappings/cwe/cwe.json)
+- [Remediation Advice](mappings/remediation_advice/remediation_advice.json)
 
 ## Supported Libraries
 - [Ruby](https://github.com/bugcrowd/vrt-ruby)

diff --git a/mappings/cvss_v3.json → mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3.json → mappings/cvss_v3/cvss_v3.json
diff --git a/mappings/cvss_v3.schema.json → mappings/cvss_v3/cvss_v3.schema.json b/mappings/cvss_v3.schema.json → mappings/cvss_v3/cvss_v3.schema.json
diff --git a/mappings/cwe.json → mappings/cwe/cwe.json b/mappings/cwe.json → mappings/cwe/cwe.json
diff --git a/mappings/cwe.schema.json → mappings/cwe/cwe.schema.json b/mappings/cwe.schema.json → mappings/cwe/cwe.schema.json
diff --git a/mappings/remediation_advice.json → ...emediation_advice/remediation_advice.json b/mappings/remediation_advice.json → ...emediation_advice/remediation_advice.json
diff --git a/mappings/remediation_advice.schema.json → ...ion_advice/remediation_advice.schema.json b/mappings/remediation_advice.schema.json → ...ion_advice/remediation_advice.schema.json
diff --git a/tests/test_vrt.py b/tests/test_vrt.py
@@ -2,19 +2,14 @@
 import unittest
 import subprocess
 import jsonschema
-import os
 import glob
-
+import os
 
 class TestVrt(unittest.TestCase):
     def setUp(self):
         self.mappings = [
-            {
-                'filename': f,
-                'name': os.path.splitext(os.path.basename(f))[0]
-            }
-            for f in glob.glob(utils.MAPPING_DIR + '/*.json')
-            if 'schema' not in f
+            { 'filename': f, 'name': os.path.splitext(os.path.basename(f))[0] }
+            for f in glob.glob(utils.MAPPING_DIR + '/**/*.json', recursive=True) if 'schema' not in f
         ]
 
     @unittest.skip('need to decide the best way to handle this')
@@ -40,7 +35,10 @@ def test_vrt_schema(self):
 
     def test_mapping_schemas(self):
         for mapping in self.mappings:
-            schema_file = os.path.join(utils.MAPPING_DIR, mapping['name'] + '.schema.json')
+            schema_file = glob.glob(
+                f'{utils.MAPPING_DIR}/**/{mapping["name"]}.schema.json',
+                recursive=True
+            )[0]
             self.assertTrue(os.path.isfile(schema_file), 'Missing schema file for %s mapping' % mapping['name'])
             self.validate_schema(schema_file, mapping['filename'])
 

diff --git a/tests/utils.py b/tests/utils.py
@@ -1,18 +1,15 @@
 import json
 import git
 
-
 VRT_FILENAME = 'vulnerability-rating-taxonomy.json'
 DEPRECATED_MAPPING_FILENAME = 'deprecated-node-mapping.json'
 VRT_SCHEMA_FILENAME = 'vrt.schema.json'
 MAPPING_DIR = 'mappings'
 
-
 def get_json(filename):
     with open(filename) as f:
         return json.loads(f.read())
 
-
 def all_versions(filename):
     """
     Find, open and parse all tagged versions of a json file, including the current version

diff --git a/validate_vrt.py b/validate_vrt.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 import unittest
 import sys