cve_schema 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. checksums.yaml +7 -0
  2. data/.document +3 -0
  3. data/.github/workflows/ruby.yml +28 -0
  4. data/.gitignore +6 -0
  5. data/.rspec +1 -0
  6. data/.yardopts +1 -0
  7. data/ChangeLog.md +26 -0
  8. data/Gemfile +14 -0
  9. data/LICENSE.txt +20 -0
  10. data/README.md +50 -0
  11. data/Rakefile +23 -0
  12. data/benchmark.rb +47 -0
  13. data/cve_schema.gemspec +61 -0
  14. data/gemspec.yml +19 -0
  15. data/lib/cve_schema.rb +2 -0
  16. data/lib/cve_schema/cve.rb +257 -0
  17. data/lib/cve_schema/cve/affects.rb +55 -0
  18. data/lib/cve_schema/cve/configuration.rb +14 -0
  19. data/lib/cve_schema/cve/credit.rb +14 -0
  20. data/lib/cve_schema/cve/data_meta.rb +185 -0
  21. data/lib/cve_schema/cve/description.rb +24 -0
  22. data/lib/cve_schema/cve/exploit.rb +14 -0
  23. data/lib/cve_schema/cve/has_lang_value.rb +93 -0
  24. data/lib/cve_schema/cve/id.rb +79 -0
  25. data/lib/cve_schema/cve/impact.rb +75 -0
  26. data/lib/cve_schema/cve/impact/cvss_v2.rb +318 -0
  27. data/lib/cve_schema/cve/impact/cvss_v3.rb +388 -0
  28. data/lib/cve_schema/cve/na.rb +8 -0
  29. data/lib/cve_schema/cve/problem_type.rb +56 -0
  30. data/lib/cve_schema/cve/product.rb +79 -0
  31. data/lib/cve_schema/cve/reference.rb +82 -0
  32. data/lib/cve_schema/cve/solution.rb +14 -0
  33. data/lib/cve_schema/cve/source.rb +75 -0
  34. data/lib/cve_schema/cve/timeline.rb +65 -0
  35. data/lib/cve_schema/cve/timestamp.rb +25 -0
  36. data/lib/cve_schema/cve/vendor.rb +83 -0
  37. data/lib/cve_schema/cve/version.rb +126 -0
  38. data/lib/cve_schema/cve/work_around.rb +14 -0
  39. data/lib/cve_schema/exceptions.rb +20 -0
  40. data/lib/cve_schema/version.rb +6 -0
  41. data/spec/affects_spec.rb +28 -0
  42. data/spec/configuration_spec.rb +6 -0
  43. data/spec/credit_spec.rb +6 -0
  44. data/spec/cve_schema_spec.rb +8 -0
  45. data/spec/cve_spec.rb +414 -0
  46. data/spec/data_meta_spec.rb +167 -0
  47. data/spec/description.rb +24 -0
  48. data/spec/exploit_spec.rb +6 -0
  49. data/spec/fixtures/CVE-2020-1994.json +140 -0
  50. data/spec/fixtures/CVE-2020-2005.json +152 -0
  51. data/spec/fixtures/CVE-2020-2050.json +233 -0
  52. data/spec/fixtures/CVE-2020-4700.json +99 -0
  53. data/spec/has_lang_value_spec.rb +56 -0
  54. data/spec/id_spec.rb +91 -0
  55. data/spec/impact/cvss_v3_spec.rb +118 -0
  56. data/spec/impact_spec.rb +45 -0
  57. data/spec/na_spec.rb +14 -0
  58. data/spec/problem_type_spec.rb +26 -0
  59. data/spec/product_spec.rb +73 -0
  60. data/spec/reference_spec.rb +70 -0
  61. data/spec/shared_examples.rb +19 -0
  62. data/spec/solution_spec.rb +6 -0
  63. data/spec/source_spec.rb +84 -0
  64. data/spec/spec_helper.rb +4 -0
  65. data/spec/timeline_spec.rb +86 -0
  66. data/spec/timestamp_spec.rb +24 -0
  67. data/spec/vendor_spec.rb +73 -0
  68. data/spec/version_spec.rb +104 -0
  69. data/spec/work_around_spec.rb +6 -0
  70. metadata +133 -0
@@ -0,0 +1,4 @@
1
+ require 'rspec'
2
+ require 'cve_schema/version'
3
+
4
+ include CVESchema
@@ -0,0 +1,86 @@
1
+ require 'spec_helper'
2
+ require 'shared_examples'
3
+ require 'cve_schema/cve/timeline'
4
+
5
+ describe CVESchema::CVE::Timeline do
6
+ it { expect(described_class).to include(CVESchema::CVE::HasLangValue) }
7
+
8
+ describe "#initialize" do
9
+ let(:time) { Time.now }
10
+ let(:lang) { 'eng' }
11
+ let(:value) { 'Initial publication' }
12
+
13
+ describe "required keywords" do
14
+ context "when time: is not given" do
15
+ it do
16
+ expect {
17
+ described_class.new(lang: lang, value: value)
18
+ }.to raise_error(ArgumentError)
19
+ end
20
+ end
21
+
22
+ context "when lang: is not given" do
23
+ it do
24
+ expect {
25
+ described_class.new(time: time, value: value)
26
+ }.to raise_error(ArgumentError)
27
+ end
28
+ end
29
+
30
+ context "when value: is not given" do
31
+ it do
32
+ expect {
33
+ described_class.new(time: time, lang: lang)
34
+ }.to raise_error(ArgumentError)
35
+ end
36
+ end
37
+ end
38
+
39
+ subject do
40
+ described_class.new(
41
+ time: time,
42
+ lang: lang,
43
+ value: value
44
+ )
45
+ end
46
+
47
+ it "must set #time" do
48
+ expect(subject.time).to eq(time)
49
+ end
50
+
51
+ it "must set #lang" do
52
+ expect(subject.lang).to eq(lang)
53
+ end
54
+
55
+ it "must set #value" do
56
+ expect(subject.value).to eq(value)
57
+ end
58
+ end
59
+
60
+ describe ".load" do
61
+ include_examples ".load"
62
+
63
+ let(:json_node) { json_tree['timeline'][0] }
64
+
65
+ context '"time":' do
66
+ let(:json_value) { json_node['time'] }
67
+ let(:expected) { CVESchema::CVE::Timestamp.parse(json_value) }
68
+
69
+ it 'must parse the "time": value and set #time' do
70
+ expect(subject.time).to eq(expected)
71
+ end
72
+ end
73
+
74
+ context '"lang":' do
75
+ it 'must parse the "lang": value and set #lang' do
76
+ expect(subject.lang).to eq(json_node['lang'])
77
+ end
78
+ end
79
+
80
+ context '"value":' do
81
+ it 'must parse the "value": value and set #value' do
82
+ expect(subject.value).to eq(json_node['value'])
83
+ end
84
+ end
85
+ end
86
+ end
@@ -0,0 +1,24 @@
1
+ require 'spec_helper'
2
+ require 'cve_schema/cve/timestamp'
3
+
4
+ describe CVESchema::CVE::Timestamp do
5
+ describe ".parse" do
6
+ context "when given a ISO 8601 timestamp" do
7
+ let(:timestamp) { '2020-05-13T16:00:00.000Z' }
8
+
9
+ it "must parse it" do
10
+ expect(subject.parse(timestamp)).to eq(DateTime.parse(timestamp))
11
+ end
12
+ end
13
+
14
+ context "when given a non-ISO 8601 timestamp" do
15
+ let(:timestamp) { '2021-01-05 00:35:14 -0800' }
16
+
17
+ it do
18
+ expect {
19
+ subject.parse(timestamp)
20
+ }.to raise_error(CVESchema::CVE::InvalidJSON)
21
+ end
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,73 @@
1
+ require 'spec_helper'
2
+ require 'shared_examples'
3
+ require 'cve_schema/cve/vendor'
4
+
5
+ describe CVESchema::CVE::Vendor do
6
+ let(:vendor_name) { 'Example Co' }
7
+ let(:product) { [double(:Product)] }
8
+
9
+ describe "#initialize" do
10
+ describe "required keywords" do
11
+ context "when vendor_name: is not given" do
12
+ it do
13
+ expect {
14
+ described_class.new(product: product)
15
+ }.to raise_error(ArgumentError)
16
+ end
17
+ end
18
+
19
+ context "when product: is not given" do
20
+ it do
21
+ expect {
22
+ described_class.new(vendor_name: vendor_name)
23
+ }.to raise_error(ArgumentError)
24
+ end
25
+ end
26
+ end
27
+
28
+ subject { described_class.new(vendor_name: vendor_name, product: product) }
29
+
30
+ it "must set #vendor_name" do
31
+ expect(subject.vendor_name).to eq(vendor_name)
32
+ end
33
+
34
+ it "must set #product" do
35
+ expect(subject.product).to eq(product)
36
+ end
37
+ end
38
+
39
+ describe ".load" do
40
+ include_examples ".load"
41
+
42
+ let(:json_node) do
43
+ json_tree['affects']['vendor']['vendor_data'][0]
44
+ end
45
+
46
+ context '"vendor_name":' do
47
+ it "must set #vendor_name" do
48
+ expect(subject.vendor_name).to eq(json_node['vendor_name'])
49
+ end
50
+ end
51
+
52
+ context '"product":' do
53
+ it { expect(subject.product).to_not be_empty }
54
+ it { expect(subject.product).to all(be_kind_of(CVESchema::CVE::Product)) }
55
+ end
56
+ end
57
+
58
+ describe "#na?" do
59
+ subject { described_class.new(vendor_name: vendor_name, product: product) }
60
+
61
+ context "when value is 'n/a'" do
62
+ let(:vendor_name) { 'n/a' }
63
+
64
+ it { expect(subject.na?).to be(true) }
65
+ end
66
+
67
+ context "when value is not 'n/a'" do
68
+ let(:vendor_name) { 'foo' }
69
+
70
+ it { expect(subject.na?).to be(false) }
71
+ end
72
+ end
73
+ end
@@ -0,0 +1,104 @@
1
+ require 'spec_helper'
2
+ require 'shared_examples'
3
+ require 'cve_schema/cve/version'
4
+
5
+ describe CVESchema::CVE::Version do
6
+ let(:version_value) { '1.2.3' }
7
+ let(:version_name) { '1.2' }
8
+ let(:version_affected) { :"<" }
9
+
10
+ describe "#initialize" do
11
+ describe "required keywords" do
12
+ context "when the version_value: keyword is not given" do
13
+ it do
14
+ expect {
15
+ described_class.new(version_name: version_name, version_affected: version_affected)
16
+ }.to raise_error(ArgumentError)
17
+ end
18
+ end
19
+ end
20
+
21
+ context "when version_value: is given" do
22
+ subject { described_class.new(version_value: version_value) }
23
+
24
+ it "must set #version_value" do
25
+ expect(subject.version_value).to eq(version_value)
26
+ end
27
+ end
28
+
29
+ context "when version_name: is given" do
30
+ subject do
31
+ described_class.new(
32
+ version_value: version_value,
33
+ version_name: version_name
34
+ )
35
+ end
36
+
37
+ it "must set #version_name" do
38
+ expect(subject.version_name).to eq(version_name)
39
+ end
40
+ end
41
+
42
+ context "when version_affected: is given" do
43
+ subject do
44
+ described_class.new(
45
+ version_value: version_value,
46
+ version_affected: version_affected
47
+ )
48
+ end
49
+
50
+ it "must set #version_affected" do
51
+ expect(subject.version_affected).to eq(version_affected)
52
+ end
53
+ end
54
+ end
55
+
56
+ describe ".load" do
57
+ include_examples ".load"
58
+
59
+ let(:json_node) do
60
+ json_tree['affects']['vendor']['vendor_data'][0]['product']['product_data'][0]['version']['version_data'][0]
61
+ end
62
+
63
+ context '"version_value":' do
64
+ it "must set #version_value" do
65
+ expect(subject.version_value).to eq(json_node['version_value'])
66
+ end
67
+ end
68
+
69
+ context '"version_name":' do
70
+ it "must set #version_name" do
71
+ expect(subject.version_name).to eq(json_node['version_name'])
72
+ end
73
+ end
74
+
75
+ context '"version_affected":' do
76
+ let(:json_value) { json_node['version_affected'] }
77
+ let(:expected) { described_class::VERSION_AFFECTED[json_value] }
78
+
79
+ it "must set #version_affected" do
80
+ expect(subject.version_affected).to eq(expected)
81
+ end
82
+ end
83
+ end
84
+
85
+ describe "#na?" do
86
+ subject do
87
+ described_class.new(
88
+ version_value: version_value,
89
+ version_name: version_name,
90
+ version_affected: version_affected
91
+ )
92
+ end
93
+
94
+ context "when value is 'n/a'" do
95
+ let(:version_value) { 'n/a' }
96
+
97
+ it { expect(subject.na?).to be(true) }
98
+ end
99
+
100
+ context "when value is not 'n/a'" do
101
+ it { expect(subject.na?).to be(false) }
102
+ end
103
+ end
104
+ end
@@ -0,0 +1,6 @@
1
+ require 'spec_helper'
2
+ require 'cve_schema/cve/work_around'
3
+
4
+ describe CVESchema::CVE::WorkAround do
5
+ it { expect(described_class).to include(CVESchema::CVE::HasLangValue) }
6
+ end
metadata ADDED
@@ -0,0 +1,133 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: cve_schema
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Postmodern
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-01-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ description: 'CVESchema provides common classes for CVE data and loading it from JSON.
28
+
29
+ '
30
+ email: postmodern.mod3@gmail.com
31
+ executables: []
32
+ extensions: []
33
+ extra_rdoc_files:
34
+ - ChangeLog.md
35
+ - LICENSE.txt
36
+ - README.md
37
+ files:
38
+ - ".document"
39
+ - ".github/workflows/ruby.yml"
40
+ - ".gitignore"
41
+ - ".rspec"
42
+ - ".yardopts"
43
+ - ChangeLog.md
44
+ - Gemfile
45
+ - LICENSE.txt
46
+ - README.md
47
+ - Rakefile
48
+ - benchmark.rb
49
+ - cve_schema.gemspec
50
+ - gemspec.yml
51
+ - lib/cve_schema.rb
52
+ - lib/cve_schema/cve.rb
53
+ - lib/cve_schema/cve/affects.rb
54
+ - lib/cve_schema/cve/configuration.rb
55
+ - lib/cve_schema/cve/credit.rb
56
+ - lib/cve_schema/cve/data_meta.rb
57
+ - lib/cve_schema/cve/description.rb
58
+ - lib/cve_schema/cve/exploit.rb
59
+ - lib/cve_schema/cve/has_lang_value.rb
60
+ - lib/cve_schema/cve/id.rb
61
+ - lib/cve_schema/cve/impact.rb
62
+ - lib/cve_schema/cve/impact/cvss_v2.rb
63
+ - lib/cve_schema/cve/impact/cvss_v3.rb
64
+ - lib/cve_schema/cve/na.rb
65
+ - lib/cve_schema/cve/problem_type.rb
66
+ - lib/cve_schema/cve/product.rb
67
+ - lib/cve_schema/cve/reference.rb
68
+ - lib/cve_schema/cve/solution.rb
69
+ - lib/cve_schema/cve/source.rb
70
+ - lib/cve_schema/cve/timeline.rb
71
+ - lib/cve_schema/cve/timestamp.rb
72
+ - lib/cve_schema/cve/vendor.rb
73
+ - lib/cve_schema/cve/version.rb
74
+ - lib/cve_schema/cve/work_around.rb
75
+ - lib/cve_schema/exceptions.rb
76
+ - lib/cve_schema/version.rb
77
+ - spec/affects_spec.rb
78
+ - spec/configuration_spec.rb
79
+ - spec/credit_spec.rb
80
+ - spec/cve_schema_spec.rb
81
+ - spec/cve_spec.rb
82
+ - spec/data_meta_spec.rb
83
+ - spec/description.rb
84
+ - spec/exploit_spec.rb
85
+ - spec/fixtures/CVE-2020-1994.json
86
+ - spec/fixtures/CVE-2020-2005.json
87
+ - spec/fixtures/CVE-2020-2050.json
88
+ - spec/fixtures/CVE-2020-4700.json
89
+ - spec/has_lang_value_spec.rb
90
+ - spec/id_spec.rb
91
+ - spec/impact/cvss_v3_spec.rb
92
+ - spec/impact_spec.rb
93
+ - spec/na_spec.rb
94
+ - spec/problem_type_spec.rb
95
+ - spec/product_spec.rb
96
+ - spec/reference_spec.rb
97
+ - spec/shared_examples.rb
98
+ - spec/solution_spec.rb
99
+ - spec/source_spec.rb
100
+ - spec/spec_helper.rb
101
+ - spec/timeline_spec.rb
102
+ - spec/timestamp_spec.rb
103
+ - spec/vendor_spec.rb
104
+ - spec/version_spec.rb
105
+ - spec/work_around_spec.rb
106
+ homepage: https://github.com/postmodern/cve_schema.rb#readme
107
+ licenses:
108
+ - MIT
109
+ metadata:
110
+ documentation_uri: https://rubydoc.info/gems/cve_schema
111
+ source_code_uri: https://github.com/postmodern/cve_schema.rb
112
+ bug_tracker_uri: https://github.com/postmodern/cve_schema.rb/issues
113
+ changelog_uri: https://github.com/postmodern/cve_schema.rb/blob/main/ChangeLog.md
114
+ post_install_message:
115
+ rdoc_options: []
116
+ require_paths:
117
+ - lib
118
+ required_ruby_version: !ruby/object:Gem::Requirement
119
+ requirements:
120
+ - - ">="
121
+ - !ruby/object:Gem::Version
122
+ version: 2.7.0
123
+ required_rubygems_version: !ruby/object:Gem::Requirement
124
+ requirements:
125
+ - - ">="
126
+ - !ruby/object:Gem::Version
127
+ version: '0'
128
+ requirements: []
129
+ rubygems_version: 3.1.4
130
+ signing_key:
131
+ specification_version: 4
132
+ summary: Common classes for CVE data
133
+ test_files: []