cisa-kev 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. checksums.yaml +7 -0
  2. data/.document +3 -0
  3. data/.github/workflows/ruby.yml +28 -0
  4. data/.gitignore +7 -0
  5. data/.rspec +1 -0
  6. data/.yardopts +1 -0
  7. data/ChangeLog.md +6 -0
  8. data/Gemfile +18 -0
  9. data/LICENSE.txt +20 -0
  10. data/README.md +66 -0
  11. data/Rakefile +23 -0
  12. data/cisa-kev.gemspec +61 -0
  13. data/gemspec.yml +20 -0
  14. data/lib/cisa/kev/catalog.rb +205 -0
  15. data/lib/cisa/kev/version.rb +8 -0
  16. data/lib/cisa/kev/vulnerability.rb +168 -0
  17. data/lib/cisa/kev.rb +4 -0
  18. data/spec/catalog_spec.rb +88 -0
  19. data/spec/fixtures/known_exploited_vulnerabilities.json +13268 -0
  20. data/spec/spec_helper.rb +3 -0
  21. data/spec/vulnerability_spec.rb +59 -0
  22. metadata +85 -0
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,3 @@
1
+ require 'rspec'
2
+ require 'simplecov'
3
+ SimpleCov.start
data/spec/vulnerability_spec.rb ADDED
@@ -0,0 +1,59 @@
1
+ require 'spec_helper'
2
+ require 'cisa/kev/vulnerability'
3
+
4
+ describe CISA::KEV::Vulnerability do
5
+ let(:fixtures_dir) { File.join(__dir__,'fixtures') }
6
+ let(:json_file) { File.join(fixtures_dir,'known_exploited_vulnerabilities.json') }
7
+ let(:raw_json) { File.read(json_file) }
8
+ let(:json) { JSON.parse(raw_json)['vulnerabilities'][0] }
9
+
10
+ describe ".from_json" do
11
+ subject { described_class.from_json(json) }
12
+
13
+ it "must parse the JSON attributes and return a #{described_class} object" do
14
+ expect(subject).to be_kind_of(described_class)
15
+ expect(subject.cve_id).to eq(json['cveID'])
16
+ expect(subject.vendor_project).to eq(json['vendorProject'])
17
+ expect(subject.product).to eq(json['product'])
18
+ expect(subject.vulnerability_name).to eq(json['vulnerabilityName'])
19
+ expect(subject.date_added).to eq(Date.parse(json['dateAdded']))
20
+ expect(subject.short_description).to eq(json['shortDescription'])
21
+ expect(subject.required_action).to eq(json['requiredAction'])
22
+ expect(subject.due_date).to eq(Date.parse(json['dueDate']))
23
+ end
24
+
25
+ context "when the 'knownRansomwareCampaignUse' attribute is 'Known'" do
26
+ let(:json) { super().merge('knownRansomwareCampaignUse' => 'Known') }
27
+
28
+ it "must set #known_ransomware_campaign_use to true" do
29
+ expect(subject.known_ransomware_campaign_use).to be(true)
30
+ end
31
+ end
32
+
33
+ context "when the 'knownRansomwareCampaignUse' attribute is not 'Known'" do
34
+ let(:json) { super().merge('knownRansomwareCampaignUse' => 'Unknown') }
35
+
36
+ it "must set #known_ransomware_campaign_use to false" do
37
+ expect(subject.known_ransomware_campaign_use).to be(false)
38
+ end
39
+ end
40
+
41
+ context "when the 'notes' attribute is not empty" do
42
+ let(:notes) { 'Foo bar baz' }
43
+ let(:json) { super().merge('notes' => notes) }
44
+
45
+ it "must set #notes" do
46
+ expect(subject.notes).to eq(notes)
47
+ end
48
+ end
49
+
50
+ context "when the 'notes' attribute is empty" do
51
+ let(:notes) { '' }
52
+ let(:json) { super().merge('notes' => notes) }
53
+
54
+ it "must not set #notes" do
55
+ expect(subject.notes).to be(nil)
56
+ end
57
+ end
58
+ end
59
+ end
metadata ADDED
@@ -0,0 +1,85 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: cisa-kev
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Postmodern
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2024-05-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ description: |
28
+ A simple Ruby library for parsing the CISA KEV (Known Exploited
29
+ Vulnerabilities) catalog
30
+ email: postmodern.mod3@gmail.com
31
+ executables: []
32
+ extensions: []
33
+ extra_rdoc_files:
34
+ - ChangeLog.md
35
+ - LICENSE.txt
36
+ - README.md
37
+ files:
38
+ - ".document"
39
+ - ".github/workflows/ruby.yml"
40
+ - ".gitignore"
41
+ - ".rspec"
42
+ - ".yardopts"
43
+ - ChangeLog.md
44
+ - Gemfile
45
+ - LICENSE.txt
46
+ - README.md
47
+ - Rakefile
48
+ - cisa-kev.gemspec
49
+ - gemspec.yml
50
+ - lib/cisa/kev.rb
51
+ - lib/cisa/kev/catalog.rb
52
+ - lib/cisa/kev/version.rb
53
+ - lib/cisa/kev/vulnerability.rb
54
+ - spec/catalog_spec.rb
55
+ - spec/fixtures/known_exploited_vulnerabilities.json
56
+ - spec/spec_helper.rb
57
+ - spec/vulnerability_spec.rb
58
+ homepage: https://github.com/postmodern/cisa-kev.rb#readme
59
+ licenses:
60
+ - MIT
61
+ metadata:
62
+ documentation_uri: https://rubydoc.info/gems/cisa-kev
63
+ source_code_uri: https://github.com/postmodern/cisa-kev.rb
64
+ bug_tracker_uri: https://github.com/postmodern/cisa-kev.rb/issues
65
+ changelog_uri: https://github.com/postmodern/cisa-kev.rb/blob/main/ChangeLog.md
66
+ post_install_message:
67
+ rdoc_options: []
68
+ require_paths:
69
+ - lib
70
+ required_ruby_version: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: 3.0.0
75
+ required_rubygems_version: !ruby/object:Gem::Requirement
76
+ requirements:
77
+ - - ">="
78
+ - !ruby/object:Gem::Version
79
+ version: '0'
80
+ requirements: []
81
+ rubygems_version: 3.4.19
82
+ signing_key:
83
+ specification_version: 4
84
+ summary: A simple library for parsing the CISA KEV catalog
85
+ test_files: []