cve_schema 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +3 -0
- data/.github/workflows/ruby.yml +28 -0
- data/.gitignore +6 -0
- data/.rspec +1 -0
- data/.yardopts +1 -0
- data/ChangeLog.md +26 -0
- data/Gemfile +14 -0
- data/LICENSE.txt +20 -0
- data/README.md +50 -0
- data/Rakefile +23 -0
- data/benchmark.rb +47 -0
- data/cve_schema.gemspec +61 -0
- data/gemspec.yml +19 -0
- data/lib/cve_schema.rb +2 -0
- data/lib/cve_schema/cve.rb +257 -0
- data/lib/cve_schema/cve/affects.rb +55 -0
- data/lib/cve_schema/cve/configuration.rb +14 -0
- data/lib/cve_schema/cve/credit.rb +14 -0
- data/lib/cve_schema/cve/data_meta.rb +185 -0
- data/lib/cve_schema/cve/description.rb +24 -0
- data/lib/cve_schema/cve/exploit.rb +14 -0
- data/lib/cve_schema/cve/has_lang_value.rb +93 -0
- data/lib/cve_schema/cve/id.rb +79 -0
- data/lib/cve_schema/cve/impact.rb +75 -0
- data/lib/cve_schema/cve/impact/cvss_v2.rb +318 -0
- data/lib/cve_schema/cve/impact/cvss_v3.rb +388 -0
- data/lib/cve_schema/cve/na.rb +8 -0
- data/lib/cve_schema/cve/problem_type.rb +56 -0
- data/lib/cve_schema/cve/product.rb +79 -0
- data/lib/cve_schema/cve/reference.rb +82 -0
- data/lib/cve_schema/cve/solution.rb +14 -0
- data/lib/cve_schema/cve/source.rb +75 -0
- data/lib/cve_schema/cve/timeline.rb +65 -0
- data/lib/cve_schema/cve/timestamp.rb +25 -0
- data/lib/cve_schema/cve/vendor.rb +83 -0
- data/lib/cve_schema/cve/version.rb +126 -0
- data/lib/cve_schema/cve/work_around.rb +14 -0
- data/lib/cve_schema/exceptions.rb +20 -0
- data/lib/cve_schema/version.rb +6 -0
- data/spec/affects_spec.rb +28 -0
- data/spec/configuration_spec.rb +6 -0
- data/spec/credit_spec.rb +6 -0
- data/spec/cve_schema_spec.rb +8 -0
- data/spec/cve_spec.rb +414 -0
- data/spec/data_meta_spec.rb +167 -0
- data/spec/description.rb +24 -0
- data/spec/exploit_spec.rb +6 -0
- data/spec/fixtures/CVE-2020-1994.json +140 -0
- data/spec/fixtures/CVE-2020-2005.json +152 -0
- data/spec/fixtures/CVE-2020-2050.json +233 -0
- data/spec/fixtures/CVE-2020-4700.json +99 -0
- data/spec/has_lang_value_spec.rb +56 -0
- data/spec/id_spec.rb +91 -0
- data/spec/impact/cvss_v3_spec.rb +118 -0
- data/spec/impact_spec.rb +45 -0
- data/spec/na_spec.rb +14 -0
- data/spec/problem_type_spec.rb +26 -0
- data/spec/product_spec.rb +73 -0
- data/spec/reference_spec.rb +70 -0
- data/spec/shared_examples.rb +19 -0
- data/spec/solution_spec.rb +6 -0
- data/spec/source_spec.rb +84 -0
- data/spec/spec_helper.rb +4 -0
- data/spec/timeline_spec.rb +86 -0
- data/spec/timestamp_spec.rb +24 -0
- data/spec/vendor_spec.rb +73 -0
- data/spec/version_spec.rb +104 -0
- data/spec/work_around_spec.rb +6 -0
- metadata +133 -0
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,86 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'shared_examples'
|
3
|
+
require 'cve_schema/cve/timeline'
|
4
|
+
|
5
|
+
describe CVESchema::CVE::Timeline do
|
6
|
+
it { expect(described_class).to include(CVESchema::CVE::HasLangValue) }
|
7
|
+
|
8
|
+
describe "#initialize" do
|
9
|
+
let(:time) { Time.now }
|
10
|
+
let(:lang) { 'eng' }
|
11
|
+
let(:value) { 'Initial publication' }
|
12
|
+
|
13
|
+
describe "required keywords" do
|
14
|
+
context "when time: is not given" do
|
15
|
+
it do
|
16
|
+
expect {
|
17
|
+
described_class.new(lang: lang, value: value)
|
18
|
+
}.to raise_error(ArgumentError)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
context "when lang: is not given" do
|
23
|
+
it do
|
24
|
+
expect {
|
25
|
+
described_class.new(time: time, value: value)
|
26
|
+
}.to raise_error(ArgumentError)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
context "when value: is not given" do
|
31
|
+
it do
|
32
|
+
expect {
|
33
|
+
described_class.new(time: time, lang: lang)
|
34
|
+
}.to raise_error(ArgumentError)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
subject do
|
40
|
+
described_class.new(
|
41
|
+
time: time,
|
42
|
+
lang: lang,
|
43
|
+
value: value
|
44
|
+
)
|
45
|
+
end
|
46
|
+
|
47
|
+
it "must set #time" do
|
48
|
+
expect(subject.time).to eq(time)
|
49
|
+
end
|
50
|
+
|
51
|
+
it "must set #lang" do
|
52
|
+
expect(subject.lang).to eq(lang)
|
53
|
+
end
|
54
|
+
|
55
|
+
it "must set #value" do
|
56
|
+
expect(subject.value).to eq(value)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
describe ".load" do
|
61
|
+
include_examples ".load"
|
62
|
+
|
63
|
+
let(:json_node) { json_tree['timeline'][0] }
|
64
|
+
|
65
|
+
context '"time":' do
|
66
|
+
let(:json_value) { json_node['time'] }
|
67
|
+
let(:expected) { CVESchema::CVE::Timestamp.parse(json_value) }
|
68
|
+
|
69
|
+
it 'must parse the "time": value and set #time' do
|
70
|
+
expect(subject.time).to eq(expected)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
context '"lang":' do
|
75
|
+
it 'must parse the "lang": value and set #lang' do
|
76
|
+
expect(subject.lang).to eq(json_node['lang'])
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
context '"value":' do
|
81
|
+
it 'must parse the "value": value and set #value' do
|
82
|
+
expect(subject.value).to eq(json_node['value'])
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'cve_schema/cve/timestamp'
|
3
|
+
|
4
|
+
describe CVESchema::CVE::Timestamp do
|
5
|
+
describe ".parse" do
|
6
|
+
context "when given a ISO 8601 timestamp" do
|
7
|
+
let(:timestamp) { '2020-05-13T16:00:00.000Z' }
|
8
|
+
|
9
|
+
it "must parse it" do
|
10
|
+
expect(subject.parse(timestamp)).to eq(DateTime.parse(timestamp))
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
context "when given a non-ISO 8601 timestamp" do
|
15
|
+
let(:timestamp) { '2021-01-05 00:35:14 -0800' }
|
16
|
+
|
17
|
+
it do
|
18
|
+
expect {
|
19
|
+
subject.parse(timestamp)
|
20
|
+
}.to raise_error(CVESchema::CVE::InvalidJSON)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
data/spec/vendor_spec.rb
ADDED
@@ -0,0 +1,73 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'shared_examples'
|
3
|
+
require 'cve_schema/cve/vendor'
|
4
|
+
|
5
|
+
describe CVESchema::CVE::Vendor do
|
6
|
+
let(:vendor_name) { 'Example Co' }
|
7
|
+
let(:product) { [double(:Product)] }
|
8
|
+
|
9
|
+
describe "#initialize" do
|
10
|
+
describe "required keywords" do
|
11
|
+
context "when vendor_name: is not given" do
|
12
|
+
it do
|
13
|
+
expect {
|
14
|
+
described_class.new(product: product)
|
15
|
+
}.to raise_error(ArgumentError)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
context "when product: is not given" do
|
20
|
+
it do
|
21
|
+
expect {
|
22
|
+
described_class.new(vendor_name: vendor_name)
|
23
|
+
}.to raise_error(ArgumentError)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
subject { described_class.new(vendor_name: vendor_name, product: product) }
|
29
|
+
|
30
|
+
it "must set #vendor_name" do
|
31
|
+
expect(subject.vendor_name).to eq(vendor_name)
|
32
|
+
end
|
33
|
+
|
34
|
+
it "must set #product" do
|
35
|
+
expect(subject.product).to eq(product)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
describe ".load" do
|
40
|
+
include_examples ".load"
|
41
|
+
|
42
|
+
let(:json_node) do
|
43
|
+
json_tree['affects']['vendor']['vendor_data'][0]
|
44
|
+
end
|
45
|
+
|
46
|
+
context '"vendor_name":' do
|
47
|
+
it "must set #vendor_name" do
|
48
|
+
expect(subject.vendor_name).to eq(json_node['vendor_name'])
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
context '"product":' do
|
53
|
+
it { expect(subject.product).to_not be_empty }
|
54
|
+
it { expect(subject.product).to all(be_kind_of(CVESchema::CVE::Product)) }
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
describe "#na?" do
|
59
|
+
subject { described_class.new(vendor_name: vendor_name, product: product) }
|
60
|
+
|
61
|
+
context "when value is 'n/a'" do
|
62
|
+
let(:vendor_name) { 'n/a' }
|
63
|
+
|
64
|
+
it { expect(subject.na?).to be(true) }
|
65
|
+
end
|
66
|
+
|
67
|
+
context "when value is not 'n/a'" do
|
68
|
+
let(:vendor_name) { 'foo' }
|
69
|
+
|
70
|
+
it { expect(subject.na?).to be(false) }
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
@@ -0,0 +1,104 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'shared_examples'
|
3
|
+
require 'cve_schema/cve/version'
|
4
|
+
|
5
|
+
describe CVESchema::CVE::Version do
|
6
|
+
let(:version_value) { '1.2.3' }
|
7
|
+
let(:version_name) { '1.2' }
|
8
|
+
let(:version_affected) { :"<" }
|
9
|
+
|
10
|
+
describe "#initialize" do
|
11
|
+
describe "required keywords" do
|
12
|
+
context "when the version_value: keyword is not given" do
|
13
|
+
it do
|
14
|
+
expect {
|
15
|
+
described_class.new(version_name: version_name, version_affected: version_affected)
|
16
|
+
}.to raise_error(ArgumentError)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
context "when version_value: is given" do
|
22
|
+
subject { described_class.new(version_value: version_value) }
|
23
|
+
|
24
|
+
it "must set #version_value" do
|
25
|
+
expect(subject.version_value).to eq(version_value)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
context "when version_name: is given" do
|
30
|
+
subject do
|
31
|
+
described_class.new(
|
32
|
+
version_value: version_value,
|
33
|
+
version_name: version_name
|
34
|
+
)
|
35
|
+
end
|
36
|
+
|
37
|
+
it "must set #version_name" do
|
38
|
+
expect(subject.version_name).to eq(version_name)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
context "when version_affected: is given" do
|
43
|
+
subject do
|
44
|
+
described_class.new(
|
45
|
+
version_value: version_value,
|
46
|
+
version_affected: version_affected
|
47
|
+
)
|
48
|
+
end
|
49
|
+
|
50
|
+
it "must set #version_affected" do
|
51
|
+
expect(subject.version_affected).to eq(version_affected)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
describe ".load" do
|
57
|
+
include_examples ".load"
|
58
|
+
|
59
|
+
let(:json_node) do
|
60
|
+
json_tree['affects']['vendor']['vendor_data'][0]['product']['product_data'][0]['version']['version_data'][0]
|
61
|
+
end
|
62
|
+
|
63
|
+
context '"version_value":' do
|
64
|
+
it "must set #version_value" do
|
65
|
+
expect(subject.version_value).to eq(json_node['version_value'])
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
context '"version_name":' do
|
70
|
+
it "must set #version_name" do
|
71
|
+
expect(subject.version_name).to eq(json_node['version_name'])
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
context '"version_affected":' do
|
76
|
+
let(:json_value) { json_node['version_affected'] }
|
77
|
+
let(:expected) { described_class::VERSION_AFFECTED[json_value] }
|
78
|
+
|
79
|
+
it "must set #version_affected" do
|
80
|
+
expect(subject.version_affected).to eq(expected)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
describe "#na?" do
|
86
|
+
subject do
|
87
|
+
described_class.new(
|
88
|
+
version_value: version_value,
|
89
|
+
version_name: version_name,
|
90
|
+
version_affected: version_affected
|
91
|
+
)
|
92
|
+
end
|
93
|
+
|
94
|
+
context "when value is 'n/a'" do
|
95
|
+
let(:version_value) { 'n/a' }
|
96
|
+
|
97
|
+
it { expect(subject.na?).to be(true) }
|
98
|
+
end
|
99
|
+
|
100
|
+
context "when value is not 'n/a'" do
|
101
|
+
it { expect(subject.na?).to be(false) }
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
metadata
ADDED
@@ -0,0 +1,133 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: cve_schema
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Postmodern
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2021-01-14 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '2.0'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '2.0'
|
27
|
+
description: 'CVESchema provides common classes for CVE data and loading it from JSON.
|
28
|
+
|
29
|
+
'
|
30
|
+
email: postmodern.mod3@gmail.com
|
31
|
+
executables: []
|
32
|
+
extensions: []
|
33
|
+
extra_rdoc_files:
|
34
|
+
- ChangeLog.md
|
35
|
+
- LICENSE.txt
|
36
|
+
- README.md
|
37
|
+
files:
|
38
|
+
- ".document"
|
39
|
+
- ".github/workflows/ruby.yml"
|
40
|
+
- ".gitignore"
|
41
|
+
- ".rspec"
|
42
|
+
- ".yardopts"
|
43
|
+
- ChangeLog.md
|
44
|
+
- Gemfile
|
45
|
+
- LICENSE.txt
|
46
|
+
- README.md
|
47
|
+
- Rakefile
|
48
|
+
- benchmark.rb
|
49
|
+
- cve_schema.gemspec
|
50
|
+
- gemspec.yml
|
51
|
+
- lib/cve_schema.rb
|
52
|
+
- lib/cve_schema/cve.rb
|
53
|
+
- lib/cve_schema/cve/affects.rb
|
54
|
+
- lib/cve_schema/cve/configuration.rb
|
55
|
+
- lib/cve_schema/cve/credit.rb
|
56
|
+
- lib/cve_schema/cve/data_meta.rb
|
57
|
+
- lib/cve_schema/cve/description.rb
|
58
|
+
- lib/cve_schema/cve/exploit.rb
|
59
|
+
- lib/cve_schema/cve/has_lang_value.rb
|
60
|
+
- lib/cve_schema/cve/id.rb
|
61
|
+
- lib/cve_schema/cve/impact.rb
|
62
|
+
- lib/cve_schema/cve/impact/cvss_v2.rb
|
63
|
+
- lib/cve_schema/cve/impact/cvss_v3.rb
|
64
|
+
- lib/cve_schema/cve/na.rb
|
65
|
+
- lib/cve_schema/cve/problem_type.rb
|
66
|
+
- lib/cve_schema/cve/product.rb
|
67
|
+
- lib/cve_schema/cve/reference.rb
|
68
|
+
- lib/cve_schema/cve/solution.rb
|
69
|
+
- lib/cve_schema/cve/source.rb
|
70
|
+
- lib/cve_schema/cve/timeline.rb
|
71
|
+
- lib/cve_schema/cve/timestamp.rb
|
72
|
+
- lib/cve_schema/cve/vendor.rb
|
73
|
+
- lib/cve_schema/cve/version.rb
|
74
|
+
- lib/cve_schema/cve/work_around.rb
|
75
|
+
- lib/cve_schema/exceptions.rb
|
76
|
+
- lib/cve_schema/version.rb
|
77
|
+
- spec/affects_spec.rb
|
78
|
+
- spec/configuration_spec.rb
|
79
|
+
- spec/credit_spec.rb
|
80
|
+
- spec/cve_schema_spec.rb
|
81
|
+
- spec/cve_spec.rb
|
82
|
+
- spec/data_meta_spec.rb
|
83
|
+
- spec/description.rb
|
84
|
+
- spec/exploit_spec.rb
|
85
|
+
- spec/fixtures/CVE-2020-1994.json
|
86
|
+
- spec/fixtures/CVE-2020-2005.json
|
87
|
+
- spec/fixtures/CVE-2020-2050.json
|
88
|
+
- spec/fixtures/CVE-2020-4700.json
|
89
|
+
- spec/has_lang_value_spec.rb
|
90
|
+
- spec/id_spec.rb
|
91
|
+
- spec/impact/cvss_v3_spec.rb
|
92
|
+
- spec/impact_spec.rb
|
93
|
+
- spec/na_spec.rb
|
94
|
+
- spec/problem_type_spec.rb
|
95
|
+
- spec/product_spec.rb
|
96
|
+
- spec/reference_spec.rb
|
97
|
+
- spec/shared_examples.rb
|
98
|
+
- spec/solution_spec.rb
|
99
|
+
- spec/source_spec.rb
|
100
|
+
- spec/spec_helper.rb
|
101
|
+
- spec/timeline_spec.rb
|
102
|
+
- spec/timestamp_spec.rb
|
103
|
+
- spec/vendor_spec.rb
|
104
|
+
- spec/version_spec.rb
|
105
|
+
- spec/work_around_spec.rb
|
106
|
+
homepage: https://github.com/postmodern/cve_schema.rb#readme
|
107
|
+
licenses:
|
108
|
+
- MIT
|
109
|
+
metadata:
|
110
|
+
documentation_uri: https://rubydoc.info/gems/cve_schema
|
111
|
+
source_code_uri: https://github.com/postmodern/cve_schema.rb
|
112
|
+
bug_tracker_uri: https://github.com/postmodern/cve_schema.rb/issues
|
113
|
+
changelog_uri: https://github.com/postmodern/cve_schema.rb/blob/main/ChangeLog.md
|
114
|
+
post_install_message:
|
115
|
+
rdoc_options: []
|
116
|
+
require_paths:
|
117
|
+
- lib
|
118
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
119
|
+
requirements:
|
120
|
+
- - ">="
|
121
|
+
- !ruby/object:Gem::Version
|
122
|
+
version: 2.7.0
|
123
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
124
|
+
requirements:
|
125
|
+
- - ">="
|
126
|
+
- !ruby/object:Gem::Version
|
127
|
+
version: '0'
|
128
|
+
requirements: []
|
129
|
+
rubygems_version: 3.1.4
|
130
|
+
signing_key:
|
131
|
+
specification_version: 4
|
132
|
+
summary: Common classes for CVE data
|
133
|
+
test_files: []
|