RubyGems - cve_schema - Versions diffs - 0.1.0 - Mend

cve_schema 0.1.0

Files changed (70) hide show

checksums.yaml +7 -0
data/.document +3 -0
data/.github/workflows/ruby.yml +28 -0
data/.gitignore +6 -0
data/.rspec +1 -0
data/.yardopts +1 -0
data/ChangeLog.md +26 -0
data/Gemfile +14 -0
data/LICENSE.txt +20 -0
data/README.md +50 -0
data/Rakefile +23 -0
data/benchmark.rb +47 -0
data/cve_schema.gemspec +61 -0
data/gemspec.yml +19 -0
data/lib/cve_schema.rb +2 -0
data/lib/cve_schema/cve.rb +257 -0
data/lib/cve_schema/cve/affects.rb +55 -0
data/lib/cve_schema/cve/configuration.rb +14 -0
data/lib/cve_schema/cve/credit.rb +14 -0
data/lib/cve_schema/cve/data_meta.rb +185 -0
data/lib/cve_schema/cve/description.rb +24 -0
data/lib/cve_schema/cve/exploit.rb +14 -0
data/lib/cve_schema/cve/has_lang_value.rb +93 -0
data/lib/cve_schema/cve/id.rb +79 -0
data/lib/cve_schema/cve/impact.rb +75 -0
data/lib/cve_schema/cve/impact/cvss_v2.rb +318 -0
data/lib/cve_schema/cve/impact/cvss_v3.rb +388 -0
data/lib/cve_schema/cve/na.rb +8 -0
data/lib/cve_schema/cve/problem_type.rb +56 -0
data/lib/cve_schema/cve/product.rb +79 -0
data/lib/cve_schema/cve/reference.rb +82 -0
data/lib/cve_schema/cve/solution.rb +14 -0
data/lib/cve_schema/cve/source.rb +75 -0
data/lib/cve_schema/cve/timeline.rb +65 -0
data/lib/cve_schema/cve/timestamp.rb +25 -0
data/lib/cve_schema/cve/vendor.rb +83 -0
data/lib/cve_schema/cve/version.rb +126 -0
data/lib/cve_schema/cve/work_around.rb +14 -0
data/lib/cve_schema/exceptions.rb +20 -0
data/lib/cve_schema/version.rb +6 -0
data/spec/affects_spec.rb +28 -0
data/spec/configuration_spec.rb +6 -0
data/spec/credit_spec.rb +6 -0
data/spec/cve_schema_spec.rb +8 -0
data/spec/cve_spec.rb +414 -0
data/spec/data_meta_spec.rb +167 -0
data/spec/description.rb +24 -0
data/spec/exploit_spec.rb +6 -0
data/spec/fixtures/CVE-2020-1994.json +140 -0
data/spec/fixtures/CVE-2020-2005.json +152 -0
data/spec/fixtures/CVE-2020-2050.json +233 -0
data/spec/fixtures/CVE-2020-4700.json +99 -0
data/spec/has_lang_value_spec.rb +56 -0
data/spec/id_spec.rb +91 -0
data/spec/impact/cvss_v3_spec.rb +118 -0
data/spec/impact_spec.rb +45 -0
data/spec/na_spec.rb +14 -0
data/spec/problem_type_spec.rb +26 -0
data/spec/product_spec.rb +73 -0
data/spec/reference_spec.rb +70 -0
data/spec/shared_examples.rb +19 -0
data/spec/solution_spec.rb +6 -0
data/spec/source_spec.rb +84 -0
data/spec/spec_helper.rb +4 -0
data/spec/timeline_spec.rb +86 -0
data/spec/timestamp_spec.rb +24 -0
data/spec/vendor_spec.rb +73 -0
data/spec/version_spec.rb +104 -0
data/spec/work_around_spec.rb +6 -0
metadata +133 -0

@@ -0,0 +1,4 @@
+require 'rspec'
+require 'cve_schema/version'
+include CVESchema

data/spec/timeline_spec.rb ADDED

@@ -0,0 +1,86 @@
+require 'spec_helper'
+require 'shared_examples'
+require 'cve_schema/cve/timeline'
+describe CVESchema::CVE::Timeline do
+  it { expect(described_class).to include(CVESchema::CVE::HasLangValue) }
+  describe "#initialize" do
+    let(:time)  { Time.now }
+    let(:lang)  { 'eng' }
+    let(:value) { 'Initial publication' }
+    describe "required keywords" do
+      context "when time: is not given" do
+        it do
+          expect {
+            described_class.new(lang: lang, value: value)
+          }.to raise_error(ArgumentError)
+        end
+      end
+      context "when lang: is not given" do
+        it do
+          expect {
+            described_class.new(time: time, value: value)
+          }.to raise_error(ArgumentError)
+        end
+      end
+      context "when value: is not given" do
+        it do
+          expect {
+            described_class.new(time: time, lang: lang)
+          }.to raise_error(ArgumentError)
+        end
+      end
+    end
+    subject do
+      described_class.new(
+        time: time,
+        lang: lang,
+        value: value
+      )
+    end
+    it "must set #time" do
+      expect(subject.time).to eq(time)
+    end
+    it "must set #lang" do
+      expect(subject.lang).to eq(lang)
+    end
+    it "must set #value" do
+      expect(subject.value).to eq(value)
+    end
+  end
+  describe ".load" do
+    include_examples ".load"
+    let(:json_node) { json_tree['timeline'][0] }
+    context '"time":' do
+      let(:json_value) { json_node['time'] }
+      let(:expected)   { CVESchema::CVE::Timestamp.parse(json_value) }
+      it 'must parse the "time": value and set #time' do
+        expect(subject.time).to eq(expected)
+      end
+    end
+    context '"lang":' do
+      it 'must parse the "lang": value and set #lang' do
+        expect(subject.lang).to eq(json_node['lang'])
+      end
+    end
+    context '"value":' do
+      it 'must parse the "value": value and set #value' do
+        expect(subject.value).to eq(json_node['value'])
+      end
+    end
+  end
+end

data/spec/timestamp_spec.rb ADDED

@@ -0,0 +1,24 @@
+require 'spec_helper'
+require 'cve_schema/cve/timestamp'
+describe CVESchema::CVE::Timestamp do
+  describe ".parse" do
+    context "when given a ISO 8601 timestamp" do
+      let(:timestamp) { '2020-05-13T16:00:00.000Z' }
+      it "must parse it" do
+        expect(subject.parse(timestamp)).to eq(DateTime.parse(timestamp))
+      end
+    end
+    context "when given a non-ISO 8601 timestamp" do
+      let(:timestamp) { '2021-01-05 00:35:14 -0800' }
+      it do
+        expect {
+          subject.parse(timestamp)
+        }.to raise_error(CVESchema::CVE::InvalidJSON)
+      end
+    end
+  end
+end

data/spec/vendor_spec.rb ADDED

@@ -0,0 +1,73 @@
+require 'spec_helper'
+require 'shared_examples'
+require 'cve_schema/cve/vendor'
+describe CVESchema::CVE::Vendor do
+  let(:vendor_name) { 'Example Co' }
+  let(:product)     { [double(:Product)] }
+  describe "#initialize" do
+    describe "required keywords" do
+      context "when vendor_name: is not given" do
+        it do
+          expect {
+            described_class.new(product: product)
+          }.to raise_error(ArgumentError)
+        end
+      end
+      context "when product: is not given" do
+        it do
+          expect {
+            described_class.new(vendor_name: vendor_name)
+          }.to raise_error(ArgumentError)
+        end
+      end
+    end
+    subject { described_class.new(vendor_name: vendor_name, product: product) }
+    it "must set #vendor_name" do
+      expect(subject.vendor_name).to eq(vendor_name)
+    end
+    it "must set #product" do
+      expect(subject.product).to eq(product)
+    end
+  end
+  describe ".load" do
+    include_examples ".load"
+    let(:json_node) do
+      json_tree['affects']['vendor']['vendor_data'][0]
+    end
+    context '"vendor_name":' do
+      it "must set #vendor_name" do
+        expect(subject.vendor_name).to eq(json_node['vendor_name'])
+      end
+    end
+    context '"product":' do
+      it { expect(subject.product).to_not be_empty }
+      it { expect(subject.product).to all(be_kind_of(CVESchema::CVE::Product)) }
+    end
+  end
+  describe "#na?" do
+    subject { described_class.new(vendor_name: vendor_name, product: product) }
+    context "when value is 'n/a'" do
+      let(:vendor_name) { 'n/a' }
+      it { expect(subject.na?).to be(true) }
+    end
+    context "when value is not 'n/a'" do
+      let(:vendor_name) { 'foo' }
+      it { expect(subject.na?).to be(false) }
+    end
+  end
+end

data/spec/version_spec.rb ADDED

@@ -0,0 +1,104 @@
+require 'spec_helper'
+require 'shared_examples'
+require 'cve_schema/cve/version'
+describe CVESchema::CVE::Version do
+  let(:version_value)    { '1.2.3' }
+  let(:version_name)     { '1.2'   }
+  let(:version_affected) { :"<"    }
+  describe "#initialize" do
+    describe "required keywords" do
+      context "when the version_value: keyword is not given" do
+        it do
+          expect {
+            described_class.new(version_name: version_name, version_affected: version_affected)
+          }.to raise_error(ArgumentError)
+        end
+      end
+    end
+    context "when version_value: is given" do
+      subject { described_class.new(version_value: version_value) }
+      it "must set #version_value" do
+        expect(subject.version_value).to eq(version_value)
+      end
+    end
+    context "when version_name: is given" do
+      subject do
+        described_class.new(
+          version_value: version_value,
+          version_name: version_name
+        )
+      end
+      it "must set #version_name" do
+        expect(subject.version_name).to eq(version_name)
+      end
+    end
+    context "when version_affected: is given" do
+      subject do
+        described_class.new(
+          version_value: version_value,
+          version_affected: version_affected
+        )
+      end
+      it "must set #version_affected" do
+        expect(subject.version_affected).to eq(version_affected)
+      end
+    end
+  end
+  describe ".load" do
+    include_examples ".load"
+    let(:json_node) do
+      json_tree['affects']['vendor']['vendor_data'][0]['product']['product_data'][0]['version']['version_data'][0]
+    end
+    context '"version_value":' do
+      it "must set #version_value" do
+        expect(subject.version_value).to eq(json_node['version_value'])
+      end
+    end
+    context '"version_name":' do
+      it "must set #version_name" do
+        expect(subject.version_name).to eq(json_node['version_name'])
+      end
+    end
+    context '"version_affected":' do
+      let(:json_value) { json_node['version_affected'] }
+      let(:expected)   { described_class::VERSION_AFFECTED[json_value] }
+      it "must set #version_affected" do
+        expect(subject.version_affected).to eq(expected)
+      end
+    end
+  end
+  describe "#na?" do
+    subject do
+      described_class.new(
+        version_value:    version_value,
+        version_name:     version_name,
+        version_affected: version_affected
+      )
+    end
+    context "when value is 'n/a'" do
+      let(:version_value) { 'n/a' }
+      it { expect(subject.na?).to be(true) }
+    end
+    context "when value is not 'n/a'" do
+      it { expect(subject.na?).to be(false) }
+    end
+  end
+end

data/spec/work_around_spec.rb ADDED

@@ -0,0 +1,6 @@
+require 'spec_helper'
+require 'cve_schema/cve/work_around'
+describe CVESchema::CVE::WorkAround do
+  it { expect(described_class).to include(CVESchema::CVE::HasLangValue) }
+end

metadata ADDED

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification
+name: cve_schema
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Postmodern
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-01-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+description: 'CVESchema provides common classes for CVE data and loading it from JSON.
+  '
+email: postmodern.mod3@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- ChangeLog.md
+- LICENSE.txt
+- README.md
+files:
+- ".document"
+- ".github/workflows/ruby.yml"
+- ".gitignore"
+- ".rspec"
+- ".yardopts"
+- ChangeLog.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- benchmark.rb
+- cve_schema.gemspec
+- gemspec.yml
+- lib/cve_schema.rb
+- lib/cve_schema/cve.rb
+- lib/cve_schema/cve/affects.rb
+- lib/cve_schema/cve/configuration.rb
+- lib/cve_schema/cve/credit.rb
+- lib/cve_schema/cve/data_meta.rb
+- lib/cve_schema/cve/description.rb
+- lib/cve_schema/cve/exploit.rb
+- lib/cve_schema/cve/has_lang_value.rb
+- lib/cve_schema/cve/id.rb
+- lib/cve_schema/cve/impact.rb
+- lib/cve_schema/cve/impact/cvss_v2.rb
+- lib/cve_schema/cve/impact/cvss_v3.rb
+- lib/cve_schema/cve/na.rb
+- lib/cve_schema/cve/problem_type.rb
+- lib/cve_schema/cve/product.rb
+- lib/cve_schema/cve/reference.rb
+- lib/cve_schema/cve/solution.rb
+- lib/cve_schema/cve/source.rb
+- lib/cve_schema/cve/timeline.rb
+- lib/cve_schema/cve/timestamp.rb
+- lib/cve_schema/cve/vendor.rb
+- lib/cve_schema/cve/version.rb
+- lib/cve_schema/cve/work_around.rb
+- lib/cve_schema/exceptions.rb
+- lib/cve_schema/version.rb
+- spec/affects_spec.rb
+- spec/configuration_spec.rb
+- spec/credit_spec.rb
+- spec/cve_schema_spec.rb
+- spec/cve_spec.rb
+- spec/data_meta_spec.rb
+- spec/description.rb
+- spec/exploit_spec.rb
+- spec/fixtures/CVE-2020-1994.json
+- spec/fixtures/CVE-2020-2005.json
+- spec/fixtures/CVE-2020-2050.json
+- spec/fixtures/CVE-2020-4700.json
+- spec/has_lang_value_spec.rb
+- spec/id_spec.rb
+- spec/impact/cvss_v3_spec.rb
+- spec/impact_spec.rb
+- spec/na_spec.rb
+- spec/problem_type_spec.rb
+- spec/product_spec.rb
+- spec/reference_spec.rb
+- spec/shared_examples.rb
+- spec/solution_spec.rb
+- spec/source_spec.rb
+- spec/spec_helper.rb
+- spec/timeline_spec.rb
+- spec/timestamp_spec.rb
+- spec/vendor_spec.rb
+- spec/version_spec.rb
+- spec/work_around_spec.rb
+homepage: https://github.com/postmodern/cve_schema.rb#readme
+licenses:
+- MIT
+metadata:
+  documentation_uri: https://rubydoc.info/gems/cve_schema
+  source_code_uri: https://github.com/postmodern/cve_schema.rb
+  bug_tracker_uri: https://github.com/postmodern/cve_schema.rb/issues
+  changelog_uri: https://github.com/postmodern/cve_schema.rb/blob/main/ChangeLog.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key:
+specification_version: 4
+summary: Common classes for CVE data
+test_files: []