cisa-kev 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (22) hide show
  1. checksums.yaml +7 -0
  2. data/.document +3 -0
  3. data/.github/workflows/ruby.yml +28 -0
  4. data/.gitignore +7 -0
  5. data/.rspec +1 -0
  6. data/.yardopts +1 -0
  7. data/ChangeLog.md +6 -0
  8. data/Gemfile +18 -0
  9. data/LICENSE.txt +20 -0
  10. data/README.md +66 -0
  11. data/Rakefile +23 -0
  12. data/cisa-kev.gemspec +61 -0
  13. data/gemspec.yml +20 -0
  14. data/lib/cisa/kev/catalog.rb +205 -0
  15. data/lib/cisa/kev/version.rb +8 -0
  16. data/lib/cisa/kev/vulnerability.rb +168 -0
  17. data/lib/cisa/kev.rb +4 -0
  18. data/spec/catalog_spec.rb +88 -0
  19. data/spec/fixtures/known_exploited_vulnerabilities.json +13268 -0
  20. data/spec/spec_helper.rb +3 -0
  21. data/spec/vulnerability_spec.rb +59 -0
  22. metadata +85 -0
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,3 @@
1
+ require 'rspec'
2
+ require 'simplecov'
3
+ SimpleCov.start
data/spec/vulnerability_spec.rb ADDED
@@ -0,0 +1,59 @@
1
+ require 'spec_helper'
2
+ require 'cisa/kev/vulnerability'
3
+
4
+ describe CISA::KEV::Vulnerability do
5
+ let(:fixtures_dir) { File.join(__dir__,'fixtures') }
6
+ let(:json_file) { File.join(fixtures_dir,'known_exploited_vulnerabilities.json') }
7
+ let(:raw_json) { File.read(json_file) }
8
+ let(:json) { JSON.parse(raw_json)['vulnerabilities'][0] }
9
+
10
+ describe ".from_json" do
11
+ subject { described_class.from_json(json) }
12
+
13
+ it "must parse the JSON attributes and return a #{described_class} object" do
14
+ expect(subject).to be_kind_of(described_class)
15
+ expect(subject.cve_id).to eq(json['cveID'])
16
+ expect(subject.vendor_project).to eq(json['vendorProject'])
17
+ expect(subject.product).to eq(json['product'])
18
+ expect(subject.vulnerability_name).to eq(json['vulnerabilityName'])
19
+ expect(subject.date_added).to eq(Date.parse(json['dateAdded']))
20
+ expect(subject.short_description).to eq(json['shortDescription'])
21
+ expect(subject.required_action).to eq(json['requiredAction'])
22
+ expect(subject.due_date).to eq(Date.parse(json['dueDate']))
23
+ end
24
+
25
+ context "when the 'knownRansomwareCampaignUse' attribute is 'Known'" do
26
+ let(:json) { super().merge('knownRansomwareCampaignUse' => 'Known') }
27
+
28
+ it "must set #known_ransomware_campaign_use to true" do
29
+ expect(subject.known_ransomware_campaign_use).to be(true)
30
+ end
31
+ end
32
+
33
+ context "when the 'knownRansomwareCampaignUse' attribute is not 'Known'" do
34
+ let(:json) { super().merge('knownRansomwareCampaignUse' => 'Unknown') }
35
+
36
+ it "must set #known_ransomware_campaign_use to false" do
37
+ expect(subject.known_ransomware_campaign_use).to be(false)
38
+ end
39
+ end
40
+
41
+ context "when the 'notes' attribute is not empty" do
42
+ let(:notes) { 'Foo bar baz' }
43
+ let(:json) { super().merge('notes' => notes) }
44
+
45
+ it "must set #notes" do
46
+ expect(subject.notes).to eq(notes)
47
+ end
48
+ end
49
+
50
+ context "when the 'notes' attribute is empty" do
51
+ let(:notes) { '' }
52
+ let(:json) { super().merge('notes' => notes) }
53
+
54
+ it "must not set #notes" do
55
+ expect(subject.notes).to be(nil)
56
+ end
57
+ end
58
+ end
59
+ end
metadata ADDED
@@ -0,0 +1,85 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: cisa-kev
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Postmodern
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2024-05-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ description: |
28
+ A simple Ruby library for parsing the CISA KEV (Known Exploited
29
+ Vulnerabilities) catalog
30
+ email: postmodern.mod3@gmail.com
31
+ executables: []
32
+ extensions: []
33
+ extra_rdoc_files:
34
+ - ChangeLog.md
35
+ - LICENSE.txt
36
+ - README.md
37
+ files:
38
+ - ".document"
39
+ - ".github/workflows/ruby.yml"
40
+ - ".gitignore"
41
+ - ".rspec"
42
+ - ".yardopts"
43
+ - ChangeLog.md
44
+ - Gemfile
45
+ - LICENSE.txt
46
+ - README.md
47
+ - Rakefile
48
+ - cisa-kev.gemspec
49
+ - gemspec.yml
50
+ - lib/cisa/kev.rb
51
+ - lib/cisa/kev/catalog.rb
52
+ - lib/cisa/kev/version.rb
53
+ - lib/cisa/kev/vulnerability.rb
54
+ - spec/catalog_spec.rb
55
+ - spec/fixtures/known_exploited_vulnerabilities.json
56
+ - spec/spec_helper.rb
57
+ - spec/vulnerability_spec.rb
58
+ homepage: https://github.com/postmodern/cisa-kev.rb#readme
59
+ licenses:
60
+ - MIT
61
+ metadata:
62
+ documentation_uri: https://rubydoc.info/gems/cisa-kev
63
+ source_code_uri: https://github.com/postmodern/cisa-kev.rb
64
+ bug_tracker_uri: https://github.com/postmodern/cisa-kev.rb/issues
65
+ changelog_uri: https://github.com/postmodern/cisa-kev.rb/blob/main/ChangeLog.md
66
+ post_install_message:
67
+ rdoc_options: []
68
+ require_paths:
69
+ - lib
70
+ required_ruby_version: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: 3.0.0
75
+ required_rubygems_version: !ruby/object:Gem::Requirement
76
+ requirements:
77
+ - - ">="
78
+ - !ruby/object:Gem::Version
79
+ version: '0'
80
+ requirements: []
81
+ rubygems_version: 3.4.19
82
+ signing_key:
83
+ specification_version: 4
84
+ summary: A simple library for parsing the CISA KEV catalog
85
+ test_files: []