cisa-kev 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.document +3 -0
- data/.github/workflows/ruby.yml +28 -0
- data/.gitignore +7 -0
- data/.rspec +1 -0
- data/.yardopts +1 -0
- data/ChangeLog.md +6 -0
- data/Gemfile +18 -0
- data/LICENSE.txt +20 -0
- data/README.md +66 -0
- data/Rakefile +23 -0
- data/cisa-kev.gemspec +61 -0
- data/gemspec.yml +20 -0
- data/lib/cisa/kev/catalog.rb +205 -0
- data/lib/cisa/kev/version.rb +8 -0
- data/lib/cisa/kev/vulnerability.rb +168 -0
- data/lib/cisa/kev.rb +4 -0
- data/spec/catalog_spec.rb +88 -0
- data/spec/fixtures/known_exploited_vulnerabilities.json +13268 -0
- data/spec/spec_helper.rb +3 -0
- data/spec/vulnerability_spec.rb +59 -0
- metadata +85 -0
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'webmock/rspec'
|
|
3
|
+
require 'cisa/kev/catalog'
|
|
4
|
+
|
|
5
|
+
describe CISA::KEV::Catalog do
|
|
6
|
+
let(:fixtures_dir) { File.join(__dir__,'fixtures') }
|
|
7
|
+
let(:json_file) { File.join(fixtures_dir,'known_exploited_vulnerabilities.json') }
|
|
8
|
+
let(:raw_json) { File.read(json_file) }
|
|
9
|
+
let(:json) { JSON.parse(raw_json) }
|
|
10
|
+
|
|
11
|
+
before { WebMock.disable_net_connect! }
|
|
12
|
+
|
|
13
|
+
describe ".request" do
|
|
14
|
+
subject { described_class }
|
|
15
|
+
|
|
16
|
+
it "must return JSON data" do
|
|
17
|
+
stub_request(:get, 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json')
|
|
18
|
+
|
|
19
|
+
subject.request
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
describe ".load" do
|
|
24
|
+
subject { described_class.load }
|
|
25
|
+
|
|
26
|
+
it "must return a parsed #{described_class} object" do
|
|
27
|
+
stub_request(:get, 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json').to_return(body: raw_json)
|
|
28
|
+
|
|
29
|
+
expect(subject).to be_kind_of(described_class)
|
|
30
|
+
expect(subject.title).to eq(json.fetch('title'))
|
|
31
|
+
expect(subject.catalog_version).to eq(json.fetch('catalogVersion'))
|
|
32
|
+
expect(subject.date_released).to eq(Time.parse(json.fetch('dateReleased')))
|
|
33
|
+
expect(subject.count).to eq(json.fetch('count').to_i)
|
|
34
|
+
expect(subject.vulnerabilities).to_not be_empty
|
|
35
|
+
expect(subject.vulnerabilities).to all(be_kind_of(CISA::KEV::Vulnerability))
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
describe ".open" do
|
|
40
|
+
subject { described_class.open(json_file) }
|
|
41
|
+
|
|
42
|
+
it "must read the file and return a parsed #{described_class}" do
|
|
43
|
+
expect(subject).to be_kind_of(described_class)
|
|
44
|
+
expect(subject.catalog_version).to eq(json.fetch('catalogVersion'))
|
|
45
|
+
expect(subject.date_released).to eq(Time.parse(json.fetch('dateReleased')))
|
|
46
|
+
expect(subject.count).to eq(json.fetch('count').to_i)
|
|
47
|
+
expect(subject.vulnerabilities).to_not be_empty
|
|
48
|
+
expect(subject.vulnerabilities).to all(be_kind_of(CISA::KEV::Vulnerability))
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
describe ".parse" do
|
|
53
|
+
subject { described_class.parse(raw_json) }
|
|
54
|
+
|
|
55
|
+
it "must parse the JSON and return a parsed #{described_class}" do
|
|
56
|
+
expect(subject).to be_kind_of(described_class)
|
|
57
|
+
expect(subject.catalog_version).to eq(json.fetch('catalogVersion'))
|
|
58
|
+
expect(subject.date_released).to eq(Time.parse(json.fetch('dateReleased')))
|
|
59
|
+
expect(subject.count).to eq(json.fetch('count').to_i)
|
|
60
|
+
expect(subject.vulnerabilities).to_not be_empty
|
|
61
|
+
expect(subject.vulnerabilities).to all(be_kind_of(CISA::KEV::Vulnerability))
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
subject { described_class.open(json_file) }
|
|
66
|
+
|
|
67
|
+
describe "#each" do
|
|
68
|
+
context "when given a block" do
|
|
69
|
+
it "must yield every CISA::KEV::Vulnerability in #vulnerabilities" do
|
|
70
|
+
expect { |b|
|
|
71
|
+
subject.each(&b)
|
|
72
|
+
}.to yield_successive_args(*subject.vulnerabilities)
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
context "when no block is given" do
|
|
77
|
+
it "must return an Enumerator" do
|
|
78
|
+
expect(subject.each.to_a).to eq(subject.vulnerabilities)
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
describe "#to_s" do
|
|
84
|
+
it "must return a String containing the #title and #date_released" do
|
|
85
|
+
expect(subject.to_s).to eq("#{subject.title} (#{subject.date_released})")
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
end
|