cve_schema 0.1.0

data/spec/impact/cvss_v3_spec.rb

@@ -0,0 +1,118 @@
+require 'spec_helper'
+require 'shared_examples'
+require 'cve_schema/cve/impact/cvss_v3'
+
+describe CVESchema::CVE::Impact::CVSSv3 do
+  describe "#initialize" do
+    context "when given the bm: keyword" do
+      let(:bm) { double(:BM) }
+
+      subject { described_class.new(bm: bm) }
+
+      it "must set #bm" do
+        expect(subject.bm).to be(bm)
+      end
+    end
+
+    context "when given the tm: keyword" do
+      let(:tm) { double(:TM) }
+
+      subject { described_class.new(tm: tm) }
+
+      it "must set #tm" do
+        expect(subject.tm).to be(tm)
+      end
+    end
+
+    context "when given the em: keyword" do
+      let(:em) { double(:EM) }
+
+      subject { described_class.new(em: em) }
+
+      it "must set #em" do
+        expect(subject.em).to be(em)
+      end
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:cve_id) { 'CVE-2020-4700' }
+    let(:json_node) { json_tree['impact']['cvssv3'] }
+
+    context '"BM":' do
+      it { expect(subject.bm).to be_kind_of(described_class::BM) }
+    end
+
+    context '"TM":' do
+      it { expect(subject.bm).to be_kind_of(described_class::BM) }
+    end
+
+    context '"EM":' do
+      pending 'need to find a CVE containing "EM":' do
+        it { expect(subject.bm).to be_kind_of(described_class::BM) }
+      end
+    end
+  end
+
+  describe described_class::BM do
+    describe "#initialize" do
+    end
+
+    describe ".load" do
+      include_examples ".load"
+
+      let(:cve_id) { 'CVE-2020-4700' }
+      let(:json_node) { json_tree['impact']['cvssv3']['BM'] }
+
+      {'AV' => :av, 'AC' => :ac, 'PR' => :pr, 'UI' => :ui, 'S' => :s, 'C' => :c, 'I' => :i, 'A' => :a}.each do |json_key,attr|
+        context "\"#{json_key}\":" do
+          it "must set ##{attr}" do
+            expect(subject.send(attr)).to eq(json_node[json_key].to_sym)
+          end
+        end
+      end
+
+      context '"SCORE":' do
+        it "must set #score" do
+          expect(subject.score).to eq(json_node['SCORE'])
+        end
+      end
+    end
+  end
+
+  describe described_class::TM do
+    describe "#initialize" do
+    end
+
+    describe ".load" do
+      include_examples ".load"
+
+      let(:cve_id) { 'CVE-2020-4700' }
+      let(:json_node) { json_tree['impact']['cvssv3']['TM'] }
+
+      {'E' => :e, 'RL' => :rl, 'RC' => :rc}.each do |json_key,attr|
+        context "\"#{json_key}\":" do
+          it "must set ##{attr}" do
+            expect(subject.send(attr)).to eq(json_node[json_key].to_sym)
+          end
+        end
+      end
+    end
+  end
+
+  describe described_class::EM do
+    describe "#initialize" do
+    end
+
+    describe ".load" do
+      include_examples ".load"
+
+      let(:cve_id) { 'CVE-2020-4700' }
+      let(:json_node) { json_tree['impact']['cvssv3']['EM'] }
+
+      pending 'need to find a CVE containing "EM":'
+    end
+  end
+end

data/spec/impact_spec.rb

@@ -0,0 +1,45 @@
+require 'spec_helper'
+require 'shared_examples'
+require 'cve_schema/cve/impact'
+
+describe CVESchema::CVE::Impact do
+  describe "#initialize" do
+    context "when cvss_v2: is given" do
+      let(:cvssv2) { double(:CVSSv2) }
+
+      subject { described_class.new(cvssv2: cvssv2) }
+
+      it "must set #cvssv2" do
+        expect(subject.cvss_v2).to be(cvssv2)
+      end
+    end
+
+    context "when cvssv3: is given" do
+      let(:cvssv3) { double(:CVSSv3) }
+
+      subject { described_class.new(cvssv3: cvssv3) }
+
+      it "must set #cvss_v3" do
+        expect(subject.cvss_v3).to be(cvssv3)
+      end
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:json_node) { json_tree['impact'] }
+
+    context '"cvssv2":' do
+      pending 'need to find a CVE with a "cvssv2": key' do
+        it { expect(subject.cvssv2).to be_kind_of(described_class::CVSSv2) }
+      end
+    end
+
+    context '"cvssv3":' do
+      let(:cve_id) { 'CVE-2020-4700' }
+
+      it { expect(subject.cvssv3).to be_kind_of(described_class::CVSSv3) }
+    end
+  end
+end

data/spec/na_spec.rb

@@ -0,0 +1,14 @@
+require 'spec_helper'
+require 'cve_schema/cve/na'
+
+describe "CVESchema::CVE::NA" do
+  subject { CVESchema::CVE::NA }
+
+  it "must equal 'n/a'" do
+    expect(subject).to eq('n/a')
+  end
+
+  it "must be froozen" do
+    expect(subject).to be_frozen
+  end
+end

data/spec/problem_type_spec.rb

@@ -0,0 +1,26 @@
+require 'spec_helper'
+require 'shared_examples'
+require 'cve_schema/cve/problem_type'
+
+describe CVESchema::CVE::ProblemType do
+  describe "#initialize" do
+    let(:description) { double(:description) }
+
+    subject { described_class.new(description) }
+
+    it "must set #description" do
+      expect(subject.description).to be(description)
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:json_node) { json_tree['problemtype']['problemtype_data'][0] }
+
+    context '"description":' do
+      it { expect(subject.description).to_not be_empty }
+      it { expect(subject.description).to all(be_kind_of(CVESchema::CVE::Description)) }
+    end
+  end
+end

data/spec/product_spec.rb

@@ -0,0 +1,73 @@
+require 'spec_helper'
+require 'shared_examples'
+require 'cve_schema/cve/product'
+
+describe CVESchema::CVE::Product do
+  let(:product_name) { 'Example' }
+  let(:version)     { ['1.2.3', '2.0.0'] }
+
+  describe "#initialize" do
+    describe "required keywords" do
+      it "must require a product_name:" do
+        expect {
+          described_class.new(version: version)
+        }.to raise_error(ArgumentError)
+      end
+    end
+
+    context "when a product_name: keyword is given" do
+      subject { described_class.new(product_name: product_name) }
+
+      it "must set #product_name" do
+        expect(subject.product_name).to eq(product_name)
+      end
+    end
+
+    context "when a verisons: keyword is given" do
+      subject do
+        described_class.new(product_name: product_name, version: version)
+      end
+
+      it "must set #product_name" do
+        expect(subject.version).to eq(version)
+      end
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:json_node) do
+      json_tree['affects']['vendor']['vendor_data'][0]['product']['product_data'][0]
+    end
+
+    context '"product_name":' do
+      it "must set #product_name" do
+        expect(subject.product_name).to eq(json_node['product_name'])
+      end
+    end
+
+    context '"version":' do
+      it { expect(subject.version).to_not be_empty }
+      it { expect(subject.version).to all(be_kind_of(CVESchema::CVE::Version)) }
+    end
+  end
+
+  describe "#na?" do
+    subject do
+      described_class.new(product_name: product_name, version: version)
+    end
+
+    context "when value is 'n/a'" do
+      let(:product_name) { 'n/a' }
+
+      it { expect(subject.na?).to be(true) }
+    end
+
+    context "when value is not 'n/a'" do
+      let(:product_name) { 'foo' }
+
+      it { expect(subject.na?).to be(false) }
+    end
+  end
+end

data/spec/reference_spec.rb

@@ -0,0 +1,70 @@
+require 'spec_helper'
+require 'shared_examples'
+require 'cve_schema/cve/reference'
+
+describe CVESchema::CVE::Reference do
+  describe "#initialize" do
+    let(:url)       { 'https://example.com/foo.html' }
+    let(:name)      { 'foo' }
+    let(:refsource) { :MISC }
+
+    context "required keywords" do
+      context "when the url: keyword is not given" do
+        it do
+          expect {
+            described_class.new(name: name, refsource: refsource)
+          }.to raise_error(ArgumentError)
+        end
+      end
+    end
+
+    subject { described_class.new(url: url) }
+
+    it "must set #url" do
+      expect(subject.url).to be(url)
+    end
+
+    context "when the name: keyword is given" do
+      subject { described_class.new(url: url, name: name) }
+
+      it "must set #name" do
+        expect(subject.name).to be(name)
+      end
+    end
+
+    context "when the refsource: keyword is given" do
+      subject { described_class.new(url: url, refsource: refsource) }
+
+      it "must set #refsource" do
+        expect(subject.refsource).to be(refsource)
+      end
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:json_node) { json_tree['references']['reference_data'][0] }
+
+    context '"refsource":' do
+      let(:json_value) { json_node['refsource'] }
+      let(:expected)   { json_value.to_sym      }
+
+      it 'must parse the "refsource": value and set #refsource' do
+        expect(subject.refsource).to eq(expected)
+      end
+    end
+
+    context '"url":' do
+      it "muset set #url" do
+        expect(subject.url).to eq(json_node['url'])
+      end
+    end
+
+    context '"name":' do
+      it "must set #name" do
+        expect(subject.name).to eq(json_node['name'])
+      end
+    end
+  end
+end

data/spec/shared_examples.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+require 'json'
+
+RSpec.shared_examples ".from_json" do
+  let(:cve_id) { 'CVE-2020-1994' }
+  let(:file)   { File.expand_path("../fixtures/#{cve_id}.json",__FILE__) }
+
+  let(:json_tree) { JSON.parse(File.read(file)) }
+  let(:json_node) { json_tree }
+
+  subject { described_class.from_json(json_node) }
+end
+
+RSpec.shared_examples ".load" do
+  include_examples ".from_json"
+
+  subject { described_class.load(json_node) }
+end

data/spec/solution_spec.rb

@@ -0,0 +1,6 @@
+require 'spec_helper'
+require 'cve_schema/cve/solution'
+
+describe CVESchema::CVE::Solution do
+  it { expect(described_class).to include(CVESchema::CVE::HasLangValue) }
+end

data/spec/source_spec.rb

@@ -0,0 +1,84 @@
+require 'spec_helper'
+require 'shared_examples'
+require 'cve_schema/cve/source'
+
+describe CVESchema::CVE::Source do
+  describe "#initialize" do
+    let(:defect)    { ['PAN-123391'] }
+    let(:discovery) { :USER }
+    let(:advisory)  { 'VENDOR-12345' }
+
+    context "required keywords" do
+      context "when the discovery: keyword is not given" do
+        it do
+          expect {
+            described_class.new(defect: defect, advisory: advisory)
+          }.to raise_error(ArgumentError)
+        end
+      end
+    end
+
+    subject do
+      described_class.new(discovery: discovery)
+    end
+
+    it "must set #discovery" do
+      expect(subject.discovery).to be(discovery)
+    end
+
+    context "when the defect: keyword is given" do
+      subject do
+        described_class.new(
+          discovery: discovery,
+          defect:    defect
+        )
+      end
+
+      it "must set #defect" do
+        expect(subject.defect).to be(defect)
+      end
+    end
+
+    context "when the advisory: keyword is given" do
+      subject do
+        described_class.new(
+          discovery: discovery,
+          advisory:  advisory
+        )
+      end
+
+      it "must set #advisory" do
+        expect(subject.advisory).to be(advisory)
+      end
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:json_node) { json_tree['source'] }
+
+    context '"defect":' do
+      it "must set #defect" do
+        expect(subject.defect).to eq(json_node['defect'])
+      end
+    end
+
+    context '"discovery":' do
+      let(:json_value) { json_node['discovery'] }
+      let(:expected)   { json_value.to_sym      }
+
+      it "must set #discovery" do
+        expect(subject.discovery).to eq(expected.to_sym)
+      end
+    end
+
+    context '"advisory":' do
+      pending 'need to find a CVE with the "advisory": key' do
+        it "must set #advisory" do
+          expect(subject.advisory).to eq(json_node['advisory'])
+        end
+      end
+    end
+  end
+end