Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
VRT Ruby Wrapper
While the Content and Structure is defined in the Vulnerability Rating Taxonomy Repository, this defines methods to allow for easy handling of VRT logic. This gem is used and maintained by Bugcrowd Engineering.
Getting Started
Add this line to your application's Gemfile:
gem 'vrt'To create the initializer:
rails generate vrt:installUsage
For convenience in development, we provide a utility for spinning up a playground for playing with the gem. You can invoke it with:
bin/consoleWhen one has a VRT Classification ID, one can check it's validity:
vrt = VRT::Map.new
vrt.valid?('server_side_injection')
=> true
vrt.valid?('test_vrt_classification')
=> falseGet a pretty output for its lineage:
vrt = VRT::Map.new
vrt.get_lineage('server_side_injection.file_inclusion.local')
=> "Server-Side Injection > File Inclusion > Local"The information within that node:
vrt = VRT::Map.new
vrt.find_node('server_side_injection.file_inclusion.local')Which returns the corresponding VRT::Node. This node has a variety of methods:
vrt_map = VRT::Map.new
node = vrt_map.find_node('server_side_injection.file_inclusion.local')
node.children # Returns Child Nodes
node.parent # Returns Parent Node
node.priority
node.id
node.name
node.mappingsIf you need to deal with mappings between versions
VRT module also has a find_node method that is version agnostic. This is used to find the best
match for a node under any version and has options to specify a preferred version.
Examples:
# Find a node in a given preferred version that best maps to the given id
VRT.find_node(
vrt_id: 'social_engineering',
preferred_version: '1.1'
)
# returns 'other'
# Aggregate vulnerabilities by category
VRT.find_node(
vrt_id: vrt_id,
max_depth: 'category'
)
# Query for vulnerabilities by category while maintaining deprecated mappings by adding
# deprecated ids to the search with `all_matching_categories`
categories_to_search_for += VRT.all_matching_categories(categories_to_search_for)