cve_schema 0.1.0

data/lib/cve_schema/cve/version.rb

@@ -0,0 +1,126 @@
+# frozen_string_literal: true
+
+require 'cve_schema/exceptions'
+require 'cve_schema/cve/na'
+
+module CVESchema
+  class CVE
+    #
+    # Represents an element within the `"version_data"` JSON Array.
+    #
+    class Version
+
+      # @return [String]
+      attr_reader :version_value
+
+      VERSION_AFFECTED = {
+        '='   => :"=",  # affects version_value
+        '<'   => :"<",  # affects versions prior to version_value
+        '>'   => :">",  # affects versions later than version_value
+        '<='  => :"<=", # affects version_value and prior versions
+        '>='  => :">=", # affects version_value and later versions
+        '!'   => :"!",  # doesn't affect version_value
+        '!<'  => :"!<", # doesn't affect versions prior to version_value
+        '!>'  => :"!>", # doesn't affect versions later than version_value
+        '!<=' => :"!<=",# doesn't affect version_value and prior versions
+        '!>=' => :"!>=",# doesn't affect version_value and later versions
+        '?'   => :"?",  # status of version_value is unknown
+        '?<'  => :"?<", # status of versions prior to version_value is unknown
+        '?>'  => :"?>", # status of versions later than version_value is unknown
+        '?<=' => :"?<=",# status of version_value and prior versions is unknown
+        '?>=' => :"?>=",# status of version_value and later versions is unknown
+      }
+
+      # @return [nil, :'=', :'<', :'>', :'<=', , :'>=', :'!', :'!<', :'!>', :'!<=', :'!>=', :'?', :'?<', :'?>', :'?<=', :'?>=']
+      attr_reader :version_affected
+
+      # @return [nil, String]
+      attr_reader :version_name
+
+      #
+      # Initializes the version.
+      #
+      # @param [String] version_value
+      #
+      # @param [String, nil] version_name
+      #
+      # @param [nil, :'=', :'<', :'>', :'<=', , :'>=', :'!', :'!<', :'!>', :'!<=', :'!>=', :'?', :'?<', :'?>', :'?<=', :'?>='] version_affected
+      #   The version comparison operator. See {VERSION_AFFECTED}.
+      #
+      def initialize(version_value: , version_name: nil, version_affected: nil)
+        @version_value    = version_value
+        @version_name     = version_name
+        @version_affected = version_affected
+      end
+
+      #
+      # Maps the parsed JSON to a Symbol Hash for {#initialize}.
+      #
+      # @param [Hash{String => String}] json
+      #   The parsed JSON.
+      #
+      # @return [Hash{Symbol => Object}]
+      #   The mapped Symbol Hash.
+      #
+      # @raise [UnknownJSONValue]
+      #   The `"version_affected"` JSON value was unknown.
+      #
+      # @api semipublic
+      #
+      def self.from_json(json)
+        {
+          version_affected: if (version_affected = json['version_affected'])
+                              VERSION_AFFECTED.fetch(version_affected) do
+                                raise UnknownJSONValue.new('version_affected',version_affected)
+                              end
+                            end,
+
+          version_name:     json['version_name'],
+          version_value:    json['version_value']
+        }
+      end
+
+      #
+      # Loads the version object from parsed JSON.
+      #
+      # @param [Hash{String => String}] json
+      #   The parsed JSON.
+      #
+      # @return [Version]
+      #   The loaded version object.
+      #
+      # @raise [UnknownJSONValue]
+      #   The `"version_affected"` JSON value was unknown.
+      #
+      # @api semipublic
+      #
+      def self.load(json)
+        new(**from_json(json))
+      end
+
+      #
+      # Determines if the {#version_value} is `n/a`.
+      #
+      # @return [Boolean]
+      #
+      def na?
+        @version_value == NA
+      end
+
+      #
+      # Converts the version into a String.
+      #
+      # @return [String]
+      #   The {#version_value} and additionally the {#version_affected}.
+      #
+      def to_s
+        if @version_affected
+          "#{@version_affected} #{@version_value}"
+        else
+          @version_value
+        end
+      end
+
+    end
+  end
+end

data/lib/cve_schema/cve/work_around.rb

@@ -0,0 +1,14 @@
+require 'cve_schema/cve/has_lang_value'
+
+module CVESchema
+  class CVE
+    #
+    # Represents an entry within the `"work_around"` JSON Array.
+    #
+    class WorkAround
+
+      include HasLangValue
+
+    end
+  end
+end

data/lib/cve_schema/exceptions.rb

@@ -0,0 +1,20 @@
+module CVESchema
+  class InvalidJSON < StandardError
+  end
+
+  class MissingJSONKey < InvalidJSON
+
+    def initialize(key)
+      super("missing #{key.inspect} key")
+    end
+
+  end
+
+  class UnknownJSONValue < InvalidJSON
+
+    def initialize(key,value)
+      super("unknown #{key.inspect} value: #{value.inspect}")
+    end
+
+  end
+end

data/lib/cve_schema/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module CVESchema
+  # cve_schema version
+  VERSION = "0.1.0"
+end

data/spec/affects_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+require 'shared_examples'
+require 'cve_schema/cve/affects'
+
+describe CVESchema::CVE::Affects do
+  describe "#initialize" do
+    let(:vendor) { double(:vendor) }
+
+    subject { described_class.new(vendor) }
+
+    it "must set #vendor" do
+      expect(subject.vendor).to be(vendor)
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:json_node) { json_tree['affects'] }
+
+    context '"vendor":' do
+      context '"vendor_data":' do
+        it { expect(subject.vendor).to_not be_empty }
+        it { expect(subject.vendor).to all(be_kind_of(CVESchema::CVE::Vendor)) }
+      end
+    end
+  end
+end

data/spec/configuration_spec.rb

@@ -0,0 +1,6 @@
+require 'spec_helper'
+require 'cve_schema/cve/configuration'
+
+describe CVESchema::CVE::Configuration do
+  it { expect(described_class).to include(CVESchema::CVE::HasLangValue) }
+end

data/spec/credit_spec.rb

@@ -0,0 +1,6 @@
+require 'spec_helper'
+require 'cve_schema/cve/credit'
+
+describe CVESchema::CVE::Credit do
+  it { expect(described_class).to include(CVESchema::CVE::HasLangValue) }
+end

data/spec/cve_schema_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+require 'cve_schema'
+
+describe CVESchema do
+  it "should have a VERSION constant" do
+    expect(subject.const_get('VERSION')).to_not be_empty
+  end
+end

data/spec/cve_spec.rb

@@ -0,0 +1,414 @@
+require 'spec_helper'
+require 'shared_examples'
+require 'cve_schema/cve'
+
+describe CVESchema::CVE do
+  describe "#initialize" do
+    let(:data_type)    { :CVE   }
+    let(:data_format)  { :MITRE }
+    let(:data_version) { :"4.0" }
+    let(:data_meta)    { double(:DataMeta) }
+
+    context "required keywords" do
+      context "when the data_type: keyword is not given" do
+        it do
+          expect { 
+            described_class.new(
+              data_format:  data_format,
+              data_version: data_version,
+              data_meta:    data_meta
+            )
+          }.to raise_error(ArgumentError)
+        end
+      end
+
+      context "when the data_format: keyword is not given" do
+        it do
+          expect { 
+            described_class.new(
+              data_type:    data_type,
+              data_version: data_version,
+              data_meta:    data_meta
+            )
+          }.to raise_error(ArgumentError)
+        end
+      end
+
+      context "when the data_version: keyword is not given" do
+        it do
+          expect { 
+            described_class.new(
+              data_type:   data_type,
+              data_format: data_format,
+              data_meta:   data_meta
+            )
+          }.to raise_error(ArgumentError)
+        end
+      end
+
+      context "when the data_meta: keyword is not given" do
+        it do
+          expect { 
+            described_class.new(
+              data_type:    data_type,
+              data_format:  data_format,
+              data_version: data_version,
+            )
+          }.to raise_error(ArgumentError)
+        end
+      end
+    end
+
+    context "default values" do
+      subject do
+        described_class.new(
+          data_type:    data_type,
+          data_format:  data_format,
+          data_version: data_version,
+          data_meta:    data_meta
+        )
+      end
+
+      it { expect(subject.affects).to eq(nil)       }
+      it { expect(subject.configurations).to eq([]) }
+      it { expect(subject.problemtype).to eq([])    }
+      it { expect(subject.references).to eq([])     }
+      it { expect(subject.description).to eq([])    }
+      it { expect(subject.exploit).to eq([])        }
+      it { expect(subject.credit).to eq([])         }
+      it { expect(subject.impact).to eq(nil)        }
+      it { expect(subject.solution).to eq([])       }
+      it { expect(subject.source).to eq(nil)        }
+      it { expect(subject.work_around).to eq([])    }
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    it "must return a new CVE object" do
+      expect(subject).to be_kind_of(described_class)
+    end
+
+    context '"data_type":' do
+      let(:json_value) { json_node['data_type'] }
+      let(:expected)   { described_class::DATA_TYPES[json_value] }
+
+      it "must convert and set #data_type" do
+        expect(subject.data_type).to eq(expected)
+      end
+
+      context 'whne "data_type" key is missing' do
+        before { json_node.delete('data_type') }
+
+        it do
+          expect {
+            described_class.load(json_node)
+          }.to raise_error(described_class::MissingJSONKey)
+        end
+      end
+    end
+
+    context '"data_format":' do
+      let(:json_value) { json_node['data_format'] }
+      let(:expected)   { described_class::DATA_FORMAT[json_value] }
+
+      it "must convert and set #data_format" do
+        expect(subject.data_format).to eq(expected)
+      end
+
+      context 'whne "data_format" key is missing' do
+        before { json_node.delete('data_format') }
+
+        it do
+          expect {
+            described_class.load(json_node)
+          }.to raise_error(described_class::MissingJSONKey)
+        end
+      end
+    end
+
+    context '"data_version":' do
+      let(:json_value) { json_node['data_version'] }
+      let(:expected)   { described_class::DATA_VERSIONS[json_value] }
+
+      it "must convert and set #data_version" do
+        expect(subject.data_version).to eq(expected)
+      end
+
+      context 'whne "data_version" key is missing' do
+        before { json_node.delete('data_version') }
+
+        it do
+          expect {
+            described_class.load(json_node)
+          }.to raise_error(described_class::MissingJSONKey)
+        end
+      end
+    end
+
+    context '"data_meta":' do
+      let(:json_value) { json_node['CVE_data_meta'] }
+
+      it "must convert the JSON Hash into a DataMeta objects and set #data_meta" do
+        expect(subject.data_meta).to be_kind_of(described_class::DataMeta)
+      end
+
+      context 'when "CVE_data_meta" key is missing' do
+        before { json_node.delete('CVE_data_meta') }
+
+        it do
+          expect {
+            described_class.load(json_node)
+          }.to raise_error(described_class::MissingJSONKey)
+        end
+      end
+    end
+
+    context '"affects":' do
+      context "when present" do
+        describe "#affects" do
+          it do
+            expect(subject.affects).to be_kind_of(described_class::Affects)
+          end
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('affects') }
+
+        describe "#affects" do
+          it { expect(subject.affects).to be_nil }
+        end
+      end
+    end
+
+    context '"configuration":' do
+      let(:cve_id) { 'CVE-2020-2005' }
+
+      context "when present" do
+        describe "#configuration" do
+          it { expect(subject.configuration).to be_kind_of(Array) }
+          it { expect(subject.configuration).to_not be_empty }
+          it do
+            expect(subject.configuration).to all(be_kind_of(described_class::Configuration))
+          end
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('configuration') }
+
+        describe "#configuration" do
+          it { expect(subject.configuration).to eq([]) }
+        end
+      end
+    end
+
+    context '"problemtype":' do
+      context "when present" do
+        describe "#problemtype" do
+          it { expect(subject.problemtype).to be_kind_of(Array) }
+          it { expect(subject.problemtype).to_not be_empty      }
+
+          it do
+            expect(subject.problemtype).to all(be_kind_of(described_class::ProblemType))
+          end
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('problemtype') }
+
+        describe "#problemtype" do
+          it { expect(subject.problemtype).to eq([]) }
+        end
+      end
+    end
+
+    context '"references":' do
+      context "when present" do
+        describe "#references" do
+          it { expect(subject.references).to be_kind_of(Array) }
+          it { expect(subject.references).to_not be_empty      }
+
+          it do
+            expect(subject.references).to all(be_kind_of(described_class::Reference))
+          end
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('references') }
+
+        describe "#references" do
+          it { expect(subject.references).to eq([]) }
+        end
+      end
+    end
+
+    context '"description":' do
+      context "when present" do
+        describe "#description" do
+          it { expect(subject.description).to be_kind_of(Array) }
+          it { expect(subject.description).to_not be_empty      }
+
+          it do
+            expect(subject.description).to all(be_kind_of(described_class::Description))
+          end
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('description') }
+
+        describe "#description" do
+          it { expect(subject.description).to eq([]) }
+        end
+      end
+    end
+
+    context '"exploit":' do
+      let(:cve_id) { 'CVE-2020-2050' }
+
+      context "when present" do
+        describe "#exploit" do
+          it { expect(subject.exploit).to be_kind_of(Array) }
+          it { expect(subject.exploit).to_not be_empty      }
+
+          it do
+            expect(subject.exploit).to all(be_kind_of(described_class::Exploit))
+          end
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('exploit') }
+
+        describe "#exploit" do
+          it { expect(subject.exploit).to eq([]) }
+        end
+      end
+    end
+
+    context '"credit":' do
+      context "when present" do
+        describe "#credit" do
+          it { expect(subject.credit).to be_kind_of(Array) }
+          it { expect(subject.credit).to_not be_empty      }
+
+          it do
+            expect(subject.credit).to all(be_kind_of(described_class::Credit))
+          end
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('credit') }
+
+        describe "#credit" do
+          it { expect(subject.credit).to eq([]) }
+        end
+      end
+    end
+
+    context '"impact":' do
+      context "when present" do
+        describe "#impact" do
+          it { expect(subject.impact).to be_kind_of(described_class::Impact) }
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('impact') }
+
+        describe "#impact" do
+          it { expect(subject.impact).to be_nil }
+        end
+      end
+    end
+
+    context '"solution":' do
+      context "when present" do
+        describe "#solution" do
+          it { expect(subject.solution).to be_kind_of(Array) }
+          it { expect(subject.solution).to_not be_empty      }
+
+          it do
+            expect(subject.solution).to all(be_kind_of(described_class::Solution))
+          end
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('solution') }
+
+        describe "#solution" do
+          it { expect(subject.solution).to eq([]) }
+        end
+      end
+    end
+
+    context '"source":' do
+      context "when present" do
+        describe "#source" do
+          it { expect(subject.source).to be_kind_of(described_class::Source) }
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('source') }
+
+        describe "#source" do
+          it { expect(subject.source).to be_nil }
+        end
+      end
+    end
+
+    context '"work_around":' do
+      let(:cve_id) { 'CVE-2020-2005' }
+
+      context "when present" do
+        describe "#work_around" do
+          it { expect(subject.work_around).to be_kind_of(Array) }
+          it { expect(subject.work_around).to_not be_empty      }
+
+          it do
+            expect(subject.work_around).to all(be_kind_of(described_class::WorkAround))
+          end
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('work_around') }
+
+        describe "#work_around" do
+          it { expect(subject.work_around).to eq([]) }
+        end
+      end
+    end
+
+    context '"timeline":' do
+      let(:cve_id) { 'CVE-2020-2005' }
+
+      context "when present" do
+        describe "#timeline" do
+          it { expect(subject.timeline).to be_kind_of(Array) }
+          it { expect(subject.timeline).to_not be_empty      }
+
+          it do
+            expect(subject.timeline).to all(be_kind_of(described_class::Timeline))
+          end
+        end
+      end
+
+      context "when missing" do
+        before { json_node.delete('timeline') }
+
+        describe "#timeline" do
+          it { expect(subject.timeline).to eq([]) }
+        end
+      end
+    end
+  end
+end