cve_monitor 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 866577f2a4228cefe67d204cd5f8a6c6e74bf7ab474666863882456e4a844110
+  data.tar.gz: 34fa84b9253ec670e6cd54f8c273cf2ae1993a126471fff9da78a40a5fee065d
+SHA512:
+  metadata.gz: 2c168942f00174f244400e76d7f151be8146f2a401a9563365f91216d39da7acfb15b3d11309202c9db03bb141a52b46af7453f50be18a162df1b27f8e325351
+  data.tar.gz: 347b91776546ba071a428226ee0fae972ae17b96206bd7626222404008c06f8f74975e66ec094ca652ebd39359164b41e900fa4b1351b8a877f03af2f8cee9bc

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+gemspec
+
+gem "rake", "~> 12.0"
+gem "minitest", "~> 5.0"
+gem "citrus", "~> 3.0"
+gem "pry", "~> 0.12.2", :groups => [:development, :test]
+gem "pry-byebug", "~> 3.8", :groups => [:development, :test]

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Jeremy Symon
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,9 @@
+= cve_monitor
+
+Maintain a list of software/devices you care about (CPEs), and identify any new
+vulnerabilties registered against them from NIST's CVE feed.
+
+Uses https://github.com/jtsymon/cpe23 for parsing and comparing CPEs.
+
+:include:cve_monitor.rdoc
+

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+task :default => :test

data/bin/cve_monitor

@@ -0,0 +1,107 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'gli'
+require 'cve_monitor'
+require 'cpe23'
+require 'open-uri'
+require 'zlib'
+require 'json'
+require 'pry'
+
+class App
+  extend GLI::App
+  include CveMonitor
+
+  program_desc 'Monitor CVEs for a list of CPEs'
+
+  version CveMonitor::VERSION
+
+  subcommand_option_handling :normal
+  arguments :strict
+
+  desc 'Add CPE(s) to monitor'
+  arg_name '[CPE...]'
+  command :add do |c|
+    c.action do |_global_options, _options, args|
+      args = [CpeBuilder.build] if args.empty? || args.all?(&:empty?)
+
+      # TODO: de-duplicate entries.
+      # Need to implement a way of comparing CPEs and determining which one is
+      # more generic. The most generic CPE should be retained.
+      @cpe_list.add! args
+      @cpe_list.save!
+    end
+  end
+
+  desc 'Remove monitored CPE(s)'
+  arg_name '[CPE...]'
+  command :remove do |c|
+    c.action do |_global_options, _options, args|
+      args = [CpeBuilder.build] if args.empty? || args.all?(&:empty?)
+
+      # TODO: Should entries be removed if the CPE matches, or only if they are
+      # identical?
+      @cpe_list.remove! args
+      @cpe_list.save!
+    end
+  end
+
+  desc 'Displays monitored CPEs'
+  command :list do |c|
+    c.action do |_global_options, _options, _args|
+      puts @cpe_list.to_s
+    end
+  end
+
+  desc 'Check for CVEs against monitored CPEs'
+  arg_name 'year...'
+  command :check do |c|
+    c.desc 'Checks against recent CVE list'
+    c.command :recent do |c1|
+      c1.action do |_global_options, _options, _args|
+        CveFeed.new('recent').check(@cpe_list)
+      end
+    end
+
+    c.desc 'Check against modified CVE list'
+    c.command :modified do |c1|
+      c1.action do |_global_options, _options, _args|
+        CveFeed.new('modified').check(@cpe_list)
+      end
+    end
+
+    c.default_desc 'Check against CVEs for the given year(s)'
+    c.action do |_global_options, _options, args|
+      raise 'Must specify at least one year' unless args&.any?
+
+      args.each do |year|
+        CveFeed.new(year).check(@cpe_list)
+      end
+    end
+  end
+
+  pre do |_global, _command, _options, _args|
+    # Pre logic here
+    # Return true to proceed; false to abort and not call the
+    # chosen command
+    # Use skips_pre before a command to skip this block
+    # on that command only
+    @cpe_list = CpeList.new('cpes.txt')
+    true
+  end
+
+  post do |global, command, options, args|
+    # Post logic here
+    # Use skips_post before a command to skip this
+    # block on that command only
+  end
+
+  on_error do |_exception|
+    # Error logic here
+    # return false to skip default error handling
+    true
+  end
+end
+
+exit App.run(ARGV)

data/cve_monitor.gemspec

@@ -0,0 +1,23 @@
+# Ensure we require the local version and not one we might have installed already
+require File.join([File.dirname(__FILE__),'lib','cve_monitor','version.rb'])
+spec = Gem::Specification.new do |s|
+  s.name = 'cve_monitor'
+  s.version = CveMonitor::VERSION
+  s.author = 'Jeremy Symon'
+  s.email = 'jeremy@symon.nz'
+  s.homepage = 'https://github.com/jtsymon/cve_monitor'
+  s.platform = Gem::Platform::RUBY
+  s.summary = 'Monitor CVEs for a list of CPEs'
+  s.files = `git ls-files`.split("
+")
+  s.require_paths << 'lib'
+  s.extra_rdoc_files = ['README.rdoc','cve_monitor.rdoc']
+  s.rdoc_options << '--title' << 'cve_monitor' << '--main' << 'README.rdoc' << '-ri'
+  s.bindir = 'bin'
+  s.executables << 'cve_monitor'
+  s.add_development_dependency('rake')
+  s.add_development_dependency('rdoc')
+  s.add_development_dependency('aruba')
+  s.add_runtime_dependency('gli','2.19.0')
+  s.add_runtime_dependency('cpe23','0.1.0')
+end

data/cve_monitor.rdoc

@@ -0,0 +1,51 @@
+== cve_monitor - Monitor CVEs for a list of CPEs
+
+v0.0.1
+
+=== Global Options
+=== --help
+Show this message
+
+
+
+=== --version
+Display the program version
+
+
+
+=== Commands
+==== Command: <tt>add  [CPE...]</tt>
+Add CPE(s) to monitor
+
+
+==== Command: <tt>check  year...</tt>
+Check for CVEs against monitored CPEs
+
+
+===== Commands
+====== Command: <tt>modified </tt>
+Check against modified CVE list
+
+
+====== Command: <tt>recent </tt>
+Checks against recent CVE list
+
+
+==== Command: <tt>help  command</tt>
+Shows a list of commands or help for one command
+
+Gets help for the application or its commands. Can also list the commands in a way helpful to creating a bash-style completion function
+===== Options
+===== -c
+List commands one per line, to assist with shell completion
+
+
+
+==== Command: <tt>list </tt>
+Displays monitored CPEs
+
+
+==== Command: <tt>remove  [CPE...]</tt>
+Remove monitored CPE(s)
+
+

data/features/cve_monitor.feature

@@ -0,0 +1,8 @@
+Feature: My bootstrapped app kinda works
+  In order to get going on coding my awesome app
+  I want to have aruba and cucumber setup
+  So I don't have to do it myself
+
+  Scenario: App just runs
+    When I get help for "cve_monitor"
+    Then the exit status should be 0

data/features/step_definitions/cve_monitor_steps.rb

@@ -0,0 +1,6 @@
+When /^I get help for "([^"]*)"$/ do |app_name|
+  @app_name = app_name
+  step %(I run `#{app_name} help`)
+end
+
+# Add more step definitions here

data/features/support/env.rb

@@ -0,0 +1,15 @@
+require 'aruba/cucumber'
+
+ENV['PATH'] = "#{File.expand_path(File.dirname(__FILE__) + '/../../bin')}#{File::PATH_SEPARATOR}#{ENV['PATH']}"
+LIB_DIR = File.join(File.expand_path(File.dirname(__FILE__)),'..','..','lib')
+
+Before do
+  # Using "announce" causes massive warnings on 1.9.2
+  @puts = true
+  @original_rubylib = ENV['RUBYLIB']
+  ENV['RUBYLIB'] = LIB_DIR + File::PATH_SEPARATOR + ENV['RUBYLIB'].to_s
+end
+
+After do
+  ENV['RUBYLIB'] = @original_rubylib
+end

data/lib/cve_monitor.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'cve_monitor/version'
+require 'cve_monitor/lazy_hash'
+require 'cve_monitor/cpe_builder'
+require 'cve_monitor/cpe_list'
+require 'cve_monitor/cve_feed'
+
+# Add requires for other files you add to your project here, so
+# you just need to require this one file in your bin file
+

data/lib/cve_monitor/cpe_builder.rb

@@ -0,0 +1,67 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'cpe23'
+
+module CveMonitor
+  class CpeBuilder
+    attr_accessor :skip
+
+    def initialize
+      @skip = false
+    end
+
+    def prompt(name, default = nil, *options)
+      print "#{name}: "
+      print "[#{default}] " unless default.nil?
+      options.each do |option|
+        print "| #{option} "
+      end
+      print '> '
+      default = default&.downcase
+      if @skip
+        puts
+        default
+      else
+        input = STDIN.gets
+        if input.nil?
+          @skip = true
+          puts
+          default
+        else
+          input.chomp!.downcase!
+          input = default if input.empty? && !default.nil?
+          input
+        end
+      end
+    end
+
+    def self.build
+      instance = new
+      cpe = Cpe23.new
+
+      until %w[a o h].include? cpe.part
+        input = instance.prompt('Part', 'Application', 'Operating System', 'Hardware')
+        cpe.part = case input
+                   when '', 'application', 'app' then 'a'
+                   when 'operating system', 'os' then 'o'
+                   when 'hardware', 'hw' then 'h'
+                   else input
+                   end
+      end
+
+      cpe.vendor = instance.prompt('Vendor') || '*'
+      cpe.product = instance.prompt('Product') || '*'
+      cpe.version = instance.prompt('Version', '*')
+      cpe.update = instance.prompt('Update', '*')
+      cpe.edition = '*' # deprecated
+      cpe.language = instance.prompt('Language', '*')
+      cpe.sw_edition = instance.prompt('Software Edition', '*')
+      cpe.target_sw = instance.prompt('Target Software', '*')
+      cpe.target_hw = instance.prompt('Target Hardware', '*')
+      cpe.other = instance.prompt('Other', '*')
+
+      cpe
+    end
+  end
+end

data/lib/cve_monitor/cpe_list.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module CveMonitor
+  class CpeList
+    attr_reader :cpes
+
+    def initialize(path)
+      @path = path
+      @cpes = if File.exist?(path)
+                File.open(path).map do |line|
+                  Cpe23.parse(line)
+                end
+              else
+                []
+              end
+    end
+
+    def add!(cpes)
+      @cpes += ensure_cpes(cpes)
+    end
+
+    def remove!(cpes)
+      ensure_cpes(cpes).each do |cpe|
+        @cpes.reject! { |e| e == cpe }
+      end
+    end
+
+    def save!
+      File.open(@path, 'w') do |file|
+        @cpes.each do |cpe|
+          file.write("#{cpe.to_str}\n")
+        end
+      end
+    end
+
+    def match?(cpes)
+      cpes.select do |cpe|
+        @cpes.any? { |e| e == cpe }
+      end
+    end
+
+    def to_s
+      @cpes.map(&:to_s).join("\n")
+    end
+
+    private
+
+    def ensure_cpes(arr)
+      arr.map { |elem| ensure_cpe(elem) }
+    end
+
+    def ensure_cpe(obj)
+      case obj
+      when Cpe23 then obj
+      when String then Cpe23.parse(obj)
+      else raise 'Arguments must be CPEs'
+      end
+    end
+  end
+end

data/lib/cve_monitor/cve_feed.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module CveMonitor
+  class CveFeed
+    def initialize(feed)
+      @uri = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-#{feed}.json.gz"
+    end
+
+    def parse_node(node)
+      cpes = []
+      node['children']&.each do |child|
+        cpes += parse_node(child)
+      end
+
+      node['cpe_match']&.each do |cpe_match|
+        # This is used for vulnerable configurations where this particular
+        # component is not vulnerable.
+        # TODO: Handle "operator" key to handle combinations properly.
+        next if cpe_match['vulnerable'] == false
+
+        cpe_str = cpe_match['cpe23Uri'] || cpe_match['cpe22Uri']
+        # TODO: What about cpe_name array? Doesn't seem to be used.
+        next if cpe_str.nil?
+
+        cpes << Cpe23.parse(cpe_str)
+        # TODO: handle versionStart/versionEnd
+      end
+
+      cpes
+    end
+
+    def check(cpe_list)
+      cves = URI.open(@uri) do |f|
+        begin
+          gz = Zlib::GzipReader.new(f)
+          JSON.parse(gz.read)
+        ensure
+          gz&.close
+        end
+      end
+      cves['CVE_Items']&.each do |item|
+        cve = item['cve']
+        cve_id = cve.walk('CVE_data_meta', 'ID')
+        cpes = item.walk('configurations', 'nodes')&.flat_map do |node|
+          parse_node(node)
+        end
+        matching = cpe_list.match? cpes
+        next if matching.empty?
+
+        puts "https://nvd.nist.gov/vuln/detail/#{cve_id}", matching, "\n"
+      end
+    end
+  end
+end

data/lib/cve_monitor/lazy_hash.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class Hash
+  def walk(*keys)
+    val = self
+    keys.each do |key|
+      val = val[key]
+      break if val.nil?
+    end
+    val
+  end
+end

data/lib/cve_monitor/version.rb

@@ -0,0 +1,3 @@
+module CveMonitor
+  VERSION = '0.0.1'
+end

data/test/cve_monitor_test.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class CveMonitorTest < MiniTest::Test
+  def test_that_it_has_a_version_number
+    refute_nil ::CveMonitor::VERSION
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+$LOAD_PATH.unshift File.expand_path('../lib', __dir__)
+require 'cve_monitor'
+
+require 'minitest/autorun'

metadata

@@ -0,0 +1,139 @@
+--- !ruby/object:Gem::Specification
+name: cve_monitor
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Jeremy Symon
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-02-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aruba
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: gli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.19.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.19.0
+- !ruby/object:Gem::Dependency
+  name: cpe23
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+description: 
+email: jeremy@symon.nz
+executables:
+- cve_monitor
+extensions: []
+extra_rdoc_files:
+- README.rdoc
+- cve_monitor.rdoc
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.rdoc
+- Rakefile
+- bin/cve_monitor
+- cve_monitor.gemspec
+- cve_monitor.rdoc
+- features/cve_monitor.feature
+- features/step_definitions/cve_monitor_steps.rb
+- features/support/env.rb
+- lib/cve_monitor.rb
+- lib/cve_monitor/cpe_builder.rb
+- lib/cve_monitor/cpe_list.rb
+- lib/cve_monitor/cve_feed.rb
+- lib/cve_monitor/lazy_hash.rb
+- lib/cve_monitor/version.rb
+- test/cve_monitor_test.rb
+- test/test_helper.rb
+homepage: https://github.com/jtsymon/cve_monitor
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options:
+- "--title"
+- cve_monitor
+- "--main"
+- README.rdoc
+- "-ri"
+require_paths:
+- lib
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Monitor CVEs for a list of CPEs
+test_files: []