From 04777b7f8c6b3c535a2e61ce8cbf87483422d788 Mon Sep 17 00:00:00 2001 From: Barnett Klane Date: Thu, 17 Dec 2020 15:42:38 -0800 Subject: [PATCH 1/9] move to mappings directory --- .../remediation_training}/scw_links.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {remediation_training => mappings/remediation_training}/scw_links.json (100%) diff --git a/remediation_training/scw_links.json b/mappings/remediation_training/scw_links.json similarity index 100% rename from remediation_training/scw_links.json rename to mappings/remediation_training/scw_links.json From e920309b4d9d5a3b2ae39373ff546ee406e0500b Mon Sep 17 00:00:00 2001 From: Barnett Klane Date: Thu, 17 Dec 2020 15:44:04 -0800 Subject: [PATCH 2/9] fix link to scw mapping --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e2d0f428..8331f178 100644 --- a/README.md +++ b/README.md @@ -167,7 +167,7 @@ Each mapping should be setup in the following structure: - [Remediation Advice](mappings/remediation_advice/remediation_advice.json) #### Remediation Training -- [Secure Code Warriors](remediation_training/) +- [Secure Code Warriors](mappings/remediation_training/scw_links.json) ## Supported Libraries - [Ruby](https://github.com/bugcrowd/vrt-ruby) From 79c2f902b1f1061095b4471d132500cbb181e110 Mon Sep 17 00:00:00 2001 From: Barnett Klane Date: Thu, 17 Dec 2020 15:48:05 -0800 Subject: [PATCH 3/9] move to third party mapping location --- .../remediation_training/secure-code-warriors-links.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename mappings/remediation_training/scw_links.json => third-party-mappings/remediation_training/secure-code-warriors-links.json (100%) diff --git a/mappings/remediation_training/scw_links.json b/third-party-mappings/remediation_training/secure-code-warriors-links.json similarity index 100% rename from mappings/remediation_training/scw_links.json rename to third-party-mappings/remediation_training/secure-code-warriors-links.json From 0fffd1d607547725c6386bfca0eb45f2caba1f9f Mon Sep 17 00:00:00 2001 From: Barnett Klane Date: Thu, 17 Dec 2020 15:48:58 -0800 Subject: [PATCH 4/9] fix link to scw mapping --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8331f178..cf9fa0a9 100644 --- a/README.md +++ b/README.md @@ -167,7 +167,7 @@ Each mapping should be setup in the following structure: - [Remediation Advice](mappings/remediation_advice/remediation_advice.json) #### Remediation Training -- [Secure Code Warriors](mappings/remediation_training/scw_links.json) +- [Secure Code Warriors](third-party-mappings/remediation_training/secure-code-warriors-links.json) ## Supported Libraries - [Ruby](https://github.com/bugcrowd/vrt-ruby) From 07c9daa218fe77982859772beff6986c04e756f2 Mon Sep 17 00:00:00 2001 From: Barnett Klane Date: Thu, 17 Dec 2020 15:55:00 -0800 Subject: [PATCH 5/9] fix validation for new file location --- lib/validate_artifacts.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/validate_artifacts.py b/lib/validate_artifacts.py index e23d7a35..82c76ab6 100644 --- a/lib/validate_artifacts.py +++ b/lib/validate_artifacts.py @@ -3,11 +3,12 @@ import json from utils import utils -ARTIFACT_FILENAME = 'scw_links.json' +ARTIFACT_FILENAME = 'secure-code-warriors-links.json' ARTIFACT_DIR = 'remediation_training' +ARTIFACT_PARENT_DIR = 'third-party-mappings artifact_json = utils.get_json(ARTIFACT_FILENAME) -repo_path = os.path.join(ARTIFACT_DIR, ARTIFACT_FILENAME) +repo_path = os.path.join(ARTIFACT_PARENT_DIR, ARTIFACT_DIR, ARTIFACT_FILENAME) print(os.path.abspath(repo_path)) repo_json = utils.get_json(repo_path) From 47d9f7b3874a43067830b8600f021765d7f44178 Mon Sep 17 00:00:00 2001 From: Barnett Klane Date: Thu, 17 Dec 2020 16:04:23 -0800 Subject: [PATCH 6/9] end quote --- lib/validate_artifacts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validate_artifacts.py b/lib/validate_artifacts.py index 82c76ab6..1245db98 100644 --- a/lib/validate_artifacts.py +++ b/lib/validate_artifacts.py @@ -5,7 +5,7 @@ ARTIFACT_FILENAME = 'secure-code-warriors-links.json' ARTIFACT_DIR = 'remediation_training' -ARTIFACT_PARENT_DIR = 'third-party-mappings +ARTIFACT_PARENT_DIR = 'third-party-mappings' artifact_json = utils.get_json(ARTIFACT_FILENAME) repo_path = os.path.join(ARTIFACT_PARENT_DIR, ARTIFACT_DIR, ARTIFACT_FILENAME) From 4e4334435e2934d63264cf9bc37a2ec25ee97f28 Mon Sep 17 00:00:00 2001 From: Barnett Klane Date: Thu, 17 Dec 2020 16:05:47 -0800 Subject: [PATCH 7/9] add to changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d75819fe..7cf7c2d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p - insufficient_security_configurability.weak_two_fa_implementation.old_two_fa_code_is_not_invalidated_after_new_code_is_generated - broken_authentication_and_session_management.weak_login_function.over_http - server_security_misconfiguration.oauth_misconfiguration.account_squatting +- Third-party mapping to [Secure Code Warrior](https://www.securecodewarrior.com/) trainings ### Removed - insufficient_security_configurability.lack_of_verification_email From f5406fab7d5549a0a9bd64f2e89c7ee579dfe325 Mon Sep 17 00:00:00 2001 From: Barnett Klane Date: Thu, 17 Dec 2020 16:07:29 -0800 Subject: [PATCH 8/9] adjust headed for secure code warriors mapping --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cf9fa0a9..8a23fc16 100644 --- a/README.md +++ b/README.md @@ -166,7 +166,7 @@ Each mapping should be setup in the following structure: - [CWE](mappings/cwe/cwe.json) - [Remediation Advice](mappings/remediation_advice/remediation_advice.json) -#### Remediation Training +#### Third-Party Managed Mappings - [Secure Code Warriors](third-party-mappings/remediation_training/secure-code-warriors-links.json) ## Supported Libraries From 53135491e761b9015bc21f02cfc6c70b4b6c5b47 Mon Sep 17 00:00:00 2001 From: Adam David Date: Mon, 21 Dec 2020 13:52:42 -0800 Subject: [PATCH 9/9] Add test to validate artifact file location and format --- lib/tests/test_artifact_format.py | 20 ++++++++++++++++++++ lib/utils/utils.py | 4 ++++ lib/validate_artifacts.py | 9 +++------ 3 files changed, 27 insertions(+), 6 deletions(-) create mode 100644 lib/tests/test_artifact_format.py diff --git a/lib/tests/test_artifact_format.py b/lib/tests/test_artifact_format.py new file mode 100644 index 00000000..9555f9cb --- /dev/null +++ b/lib/tests/test_artifact_format.py @@ -0,0 +1,20 @@ +from utils import utils +import os +import unittest + +class TestArtifactFormat(unittest.TestCase): + def setUp(self): + self.scw_artifact_path = os.path.join( + utils.THIRD_PARTY_MAPPING_DIR, + utils.SCW_DIR, + utils.SCW_FILENAME + ) + + def test_artifact_loads_valid_json(self): + self.assertTrue( + utils.get_json(self.scw_artifact_path), + self.scw_artifact_path + ' is not valid JSON.' + ) + +if __name__ == "__main__": + unittest.main() \ No newline at end of file diff --git a/lib/utils/utils.py b/lib/utils/utils.py index 67cd0cb6..69d87034 100644 --- a/lib/utils/utils.py +++ b/lib/utils/utils.py @@ -6,6 +6,10 @@ VRT_SCHEMA_FILENAME = 'vrt.schema.json' MAPPING_DIR = 'mappings' +SCW_FILENAME = 'secure-code-warriors-links.json' +SCW_DIR = 'remediation_training' +THIRD_PARTY_MAPPING_DIR = 'third-party-mappings' + def get_json(filename): with open(filename) as f: return json.loads(f.read()) diff --git a/lib/validate_artifacts.py b/lib/validate_artifacts.py index 1245db98..355a5784 100644 --- a/lib/validate_artifacts.py +++ b/lib/validate_artifacts.py @@ -2,13 +2,10 @@ import sys import json from utils import utils +from artifacts import scw_artifact -ARTIFACT_FILENAME = 'secure-code-warriors-links.json' -ARTIFACT_DIR = 'remediation_training' -ARTIFACT_PARENT_DIR = 'third-party-mappings' - -artifact_json = utils.get_json(ARTIFACT_FILENAME) -repo_path = os.path.join(ARTIFACT_PARENT_DIR, ARTIFACT_DIR, ARTIFACT_FILENAME) +artifact_json = utils.get_json(scw_artifact.OUTPUT_FILENAME) +repo_path = os.path.join(utils.THIRD_PARTY_MAPPING_DIR, utils.SCW_DIR, utils.SCW_FILENAME) print(os.path.abspath(repo_path)) repo_json = utils.get_json(repo_path)