diff --git a/CHANGELOG.md b/CHANGELOG.md index 045e173..040a2a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/) +## [0.10.2] - 2026-02-20 + +### Fixed +- Fixed version sorting to use semantic versioning instead of lexicographic ordering (`Gem::Version`), so that e.g. `0.10` correctly sorts above `0.9` + ## [0.10.1] - 2026-02-20 ### Fixed diff --git a/lib/bmt.rb b/lib/bmt.rb index 6b69451..9f80559 100644 --- a/lib/bmt.rb +++ b/lib/bmt.rb @@ -51,7 +51,9 @@ def methodology_keys(version: current_version) # in the repo. # The returned list is in order with the current version first. def versions - @versions ||= json_dir_names.sort.reverse! + # START Contributions by Cursor. + @versions ||= json_dir_names.sort_by { |v| Gem::Version.new(v) }.reverse! + # END Cursor. end def methodology_json(key, version: current_version) @@ -67,6 +69,8 @@ def json_dir_names DATA_DIR.entries .map(&:basename) .map(&:to_s) - .grep(/^[0-9]+\.[0-9]/).sort + # START Contributions by Cursor. + .grep(/^[0-9]+\.[0-9]/) + # END Cursor. end end diff --git a/lib/bmt/version.rb b/lib/bmt/version.rb index 687e35f..7ffeb70 100644 --- a/lib/bmt/version.rb +++ b/lib/bmt/version.rb @@ -1,5 +1,5 @@ module Bmt # START Contributions by Cursor. - VERSION = '0.10.1'.freeze + VERSION = '0.10.2'.freeze # END Cursor. end diff --git a/spec/bmt_spec.rb b/spec/bmt_spec.rb index bc14f6b..4ac88f7 100644 --- a/spec/bmt_spec.rb +++ b/spec/bmt_spec.rb @@ -4,16 +4,18 @@ describe '#versions' do subject { described_class.versions } + # START Contributions by Cursor. it 'return all of the versions in the filesystem in reverse semver order' do - expect(subject).to eq(['2.1', '1.0']) + expect(subject).to eq(['10.0', '2.1', '1.0']) end + # END Cursor. end describe '#current_version' do subject { described_class.current_version } it 'return the most recent version number for the vrt' do - expect(subject).to eq('2.1') + expect(subject).to eq('10.0') end end diff --git a/spec/sample/10.0/methodologies/outback-animal-testing.json b/spec/sample/10.0/methodologies/outback-animal-testing.json new file mode 100644 index 0000000..5da0a54 --- /dev/null +++ b/spec/sample/10.0/methodologies/outback-animal-testing.json @@ -0,0 +1,71 @@ +{ + "metadata": { + "title": "The Outback Animal Checklist", + "release_date": "2021-05-31T00:00:00+00:00", + "description": "The right way to make sure you have the right Australian animals", + "vrt_version": "10.0.1" + }, + "content": { + "steps": [ + { + "key": "koala", + "title": "Check that you have a Koala", + "description": "# Does it look like one?\nIt is easy to find out.\n", + "type": "checklist", + "items": [ + { + "key": "marsupial", + "title": "Is it a marsupial?", + "caption": "Marsupials are obviously mammalian and have a pouch on their underside", + "description": "Check for the pouch", + "tools": "Eyes", + "vrt_category": "insecure_data_storage" + }, + { + "key": "diet", + "title": "Make sure it eats eucalyptus", + "caption": "Almost no other animal can eat eucaluptus leaves, so this is a good diagnostic", + "description": "Take some eucalyptus branches, remove some leaves and try to feed the alleged koala", + "tools": "Leaves and Branches" + }, + { + "key": "behavior", + "title": "Does it sleep the whole day?", + "caption": "Usually sleeps on trees", + "description": "The alleged Koala should sleep the whole day if provided a tree.", + "tools": "Trees, Dawn" + } + ] + }, + { + "key": "kangaroo", + "title": "Ensure you have a kangaroo", + "description": "Does it look like one?", + "type": "checklist", + "items": [ + { + "key": "marsupial", + "title": "Is it a marsupial?", + "description": "Marsupials are obviously mammalian but possess a pouch on their underside" + }, + { + "key": "tail", + "title": "Does it have a long tail?", + "description": "Kangaroos use their thick tail as a balance when jumping, and can use it as a support to rear up on when kicking" + }, + { + "key": "jump", + "title": "Does it jump around?", + "description": "Over very short distances kangaroos will use their forepaws to balance on the ground and swing their legs forward. For longer distance movement, their jumping locomotion is unmistakeable." + } + ] + }, + { + "key": "executive_summary", + "title": "Executive summary", + "description": "The executive summary should be written with a high-level view of both risk and business impact. It should be concise and clear, therefore it is important to use plain English. This ensures that non-technical readers can gain insight into security concerns outlined in your report.", + "type": "executive_summary" + } + ] + } +} \ No newline at end of file diff --git a/spec/sample/10.0/methodologies/website-testing.json b/spec/sample/10.0/methodologies/website-testing.json new file mode 100644 index 0000000..99f4892 --- /dev/null +++ b/spec/sample/10.0/methodologies/website-testing.json @@ -0,0 +1,40 @@ +{ + "metadata": { + "title": "Bugcrowd Website Testing", + "release_date": "2021-06-15T00:00:00+00:00", + "description": "Bugcrowd Website Testing methodology", + "vrt_version": "10.0.0" + }, + "content": { + "steps": [ + { + "key": "information", + "title": "Information gathering", + "description": "", + "type": "checklist", + "items": [ + { + "key": "search_engine_discovery_and_reconnaissance", + "title": "Conduct Search Engine Discovery and Reconnaissance for Information Leakage", + "description": "OTG-INFO-001, WAHHM - Recon and Analysis", + "vrt_category": "sensitive_data_exposure" + } + ] + }, + { + "key": "config_and_deploy_management", + "title": "Configuration and Deploy Management Testing", + "description": "", + "type": "checklist", + "items": [ + { + "key": "network_and_infrastructure", + "title": "Test Network/Infrastructure Configuration", + "description": "OTG-CONFIG-001, WAHHM - Recon and Analysis, Assess Application Hosting", + "vrt_category": "server_security_misconfiguration" + } + ] + } + ] + } +}