cvelist 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d5f0ca46bdd362287b4845fed77c588ef591bb86e11219f3b248b70470d5e1b0
+  data.tar.gz: 1507b6e252a6b4c4f721e842a23ae8d20d65c08b6644a4fce8fe31eb388fa8b4
+SHA512:
+  metadata.gz: ccc4c2da9456bc2708bb7f30d59042d4e77d32fc12bc0524e81b23f93dcfd87c4c7bfa315f66a0840fe4c66d761daf780823486ded35fda482968b462804dbf5
+  data.tar.gz: ad330548abb01672b25493a0c0bd84d319b172c175f7cdd7156efed1e150eeb3e4a6bb2556adaf3be9b0c21b402539e0c3476220235ec246d4790b43eddba747

data/.document

@@ -0,0 +1,3 @@
+- 
+ChangeLog.md
+LICENSE.txt

data/.github/workflows/ruby.yml

@@ -0,0 +1,29 @@
+name: CI
+
+on: [ push, pull_request ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          # - 2.4
+          # - 2.5
+          # - 2.6
+          - 2.7
+          - 3.0
+          # TODO: uncomment when jruby supports ruby >= 2.7
+          # - jruby
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run tests
+        run: bundle exec rake test

data/.gitignore

@@ -0,0 +1,6 @@
+/.bundle
+/.yardoc/
+/Gemfile.lock
+/doc/
+/pkg/
+/vendor/cache/*.gem

data/.rspec

@@ -0,0 +1 @@
+--colour --format documentation

data/.yardopts

@@ -0,0 +1 @@
+--markup markdown --title "CVEList Documentation" --protected

data/ChangeLog.md

@@ -0,0 +1,10 @@
+### 0.1.0 / 2021-01-14
+
+* Initial release:
+  * Supports [CVE JSON Schema v4.0][1].
+  * Added {CVEList::Repository}.
+  * Added {CVEList::YearDir}.
+  * Added {CVEList::RangeDir}.
+  * Added {CVEList::CVE}.
+  * Added {CVEList::MalformedCVE}.
+

data/Gemfile

@@ -0,0 +1,13 @@
+source 'https://rubygems.org'
+
+gemspec
+
+group :development do
+  gem 'rake'
+  gem 'rubygems-tasks', '~> 0.2'
+
+  gem 'rspec', '~> 3.0'
+
+  gem 'kramdown'
+  gem 'yard', '~> 0.9'
+end

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2020-2021 Hal Brodigan
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,82 @@
+# cvelist.rb
+
+* [Homepage](https://github.com/postmodern/cvelist.rb#readme)
+* [Issues](https://github.com/postmodern/cvelist.rb/issues)
+* [Documentation](http://rubydoc.info/gems/cvelist/frames)
+* [Email](mailto:postmodern.mod3 at gmail.com)
+
+## Description
+
+A Ruby library for parsing the CVE JSON in the [cvelist] git repository.
+
+## Features
+
+* Supports downloading/updating [cvelist] Git repository.
+* Supports [CVE JSON Schema v4.0][1]
+
+## Examples
+
+    require 'cvelist'
+
+Cloning the [cvelist] repository:
+
+    repo = CVEList::Repository.clone('path/to/cvelist')
+
+Using an existing [cvelist] repository:
+
+    repo = CVEList::Repository.new('path/to/cvelist')
+
+Updating an existing [cvelist] repository:
+
+    repo.pull!
+
+Get the total number of CVEs in the repository:
+
+    repo.size
+
+Access an individual [CVE] in the repository:
+
+    repo['CVE-2020-0001']
+
+Enumerating over every [CVE] in the repository:
+
+    repo.each do |cve|
+      puts cve.id
+    end
+
+Enumerating over every [CVE] in a certain year:
+
+    repo.year(2020).each do |cve|
+      puts cve.id
+    end
+
+## Requirements
+
+* [multi_json] ~> 1.0
+* [cve_schema] ~> 0.1
+
+## Install
+
+    $ gem install cvelist
+
+## Benchmark
+
+    Warming up the disk cache with a first run. This may take a while ...
+    Parsing all 192879 CVE .json files ...
+    
+    Total:	 18.285097   1.651155  19.936252 ( 20.144566)
+    Avg:	  0.000095   0.000009   0.000103 (  0.000104)
+
+## Copyright
+
+Copyright (c) 2020-2021 Hal Brodigan
+
+See {file:LICENSE.txt} for details.
+
+[cvelist]: https://github.com/CVEProject/cvelist
+[1]: https://github.com/CVEProject/cve-schema/blob/master/schema/v4.0/DRAFT-JSON-file-format-v4.md
+
+[multi_json]: https://github.com/intridea/multi_json#readme
+[cve_schema]: https://github.com/postmodern/cve_schema.rb#readme
+
+[CVE]: https://rubydoc.info/gems/cve_schema/CVESchema/CVE/frames

data/Rakefile

@@ -0,0 +1,13 @@
+require 'rake'
+require 'rubygems/tasks'
+Gem::Tasks.new
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+
+task :test    => :spec
+task :default => :spec
+
+require 'yard'
+YARD::Rake::YardocTask.new
+task :doc => :yard

data/benchmark.rb

@@ -0,0 +1,38 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'cvelist/repository'
+require 'json'
+require 'benchmark'
+
+CVELIST = ENV.fetch('CVELIST',File.join(Gem.user_home,'src','cvelist'))
+
+repo = if File.directory?(CVELIST)
+         CVEList::Repository.new(CVELIST)
+       else
+         puts "Cloning #{CVEList::Repository::URL} into #{CVELIST} ..."
+         CVEList::Repository.clone(CVELIST)
+       end
+
+begin
+  n = repo.total_cves
+
+  puts "Warming up the disk cache with a first run. This may take a while ..."
+  repo.each do |cve|
+    # no-op
+  end
+
+  puts "Parsing all #{n} CVE .json files ..."
+
+  results = Benchmark.measure do
+    repo.each do |cve|
+      # no-op
+    end
+  end
+
+  puts
+  puts "Total:\t#{results}"
+  puts "Avg:\t#{results / n}"
+rescue Interrupt
+  exit 130
+end

data/cvelist.gemspec

@@ -0,0 +1,61 @@
+# encoding: utf-8
+
+require 'yaml'
+
+Gem::Specification.new do |gem|
+  gemspec = YAML.load_file('gemspec.yml')
+
+  gem.name    = gemspec.fetch('name')
+  gem.version = gemspec.fetch('version') do
+                  lib_dir = File.join(File.dirname(__FILE__),'lib')
+                  $LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+
+                  require 'cvelist/version'
+                  CVEList::VERSION
+                end
+
+  gem.summary     = gemspec['summary']
+  gem.description = gemspec['description']
+  gem.licenses    = Array(gemspec['license'])
+  gem.authors     = Array(gemspec['authors'])
+  gem.email       = gemspec['email']
+  gem.homepage    = gemspec['homepage']
+  gem.metadata    = gemspec['metadata'] if gemspec['metadata']
+
+  glob = lambda { |patterns| gem.files & Dir[*patterns] }
+
+  gem.files = `git ls-files`.split($/)
+  gem.files = glob[gemspec['files']] if gemspec['files']
+
+  gem.executables = gemspec.fetch('executables') do
+    glob['bin/*'].map { |path| File.basename(path) }
+  end
+  gem.default_executable = gem.executables.first if Gem::VERSION < '1.7.'
+
+  gem.extensions       = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
+  gem.test_files       = glob[gemspec['test_files'] || '{test/{**/}*_test.rb']
+  gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
+
+  gem.require_paths = Array(gemspec.fetch('require_paths') {
+    %w[ext lib].select { |dir| File.directory?(dir) }
+  })
+
+  gem.requirements              = Array(gemspec['requirements'])
+  gem.required_ruby_version     = gemspec['required_ruby_version']
+  gem.required_rubygems_version = gemspec['required_rubygems_version']
+  gem.post_install_message      = gemspec['post_install_message']
+
+  split = lambda { |string| string.split(/,\s*/) }
+
+  if gemspec['dependencies']
+    gemspec['dependencies'].each do |name,versions|
+      gem.add_dependency(name,split[versions])
+    end
+  end
+
+  if gemspec['development_dependencies']
+    gemspec['development_dependencies'].each do |name,versions|
+      gem.add_development_dependency(name,split[versions])
+    end
+  end
+end

data/gemspec.yml

@@ -0,0 +1,21 @@
+name: cvelist
+summary: Parses cvelist JSON
+description: |
+  A Ruby library for parsing the CVE JSON in the cvelist git repository.
+license: MIT
+authors: Postmodern
+email: postmodern.mod3@gmail.com
+homepage: https://github.com/postmodern/cvelist.rb#readme
+
+metadata:
+  documentation_uri: https://rubydoc.info/gems/cvelist
+  source_code_uri:   https://github.com/postmodern/cvelist.rb
+  bug_tracker_uri:   https://github.com/postmodern/cvelist.rb/issues
+  changelog_uri:     https://github.com/postmodern/cvelist.rb/blob/main/ChangeLog.md
+
+dependencies:
+  multi_json: ~> 1.0
+  cve_schema: ~> 0.1
+
+development_dependencies:
+  bundler: ~> 2.0

data/lib/cvelist.rb

@@ -0,0 +1,2 @@
+require 'cvelist/repository'
+require 'cvelist/version'

data/lib/cvelist/cve.rb

@@ -0,0 +1,83 @@
+require 'cvelist/exceptions'
+require 'cve_schema/cve'
+require 'multi_json'
+
+module CVEList
+  #
+  # @see https://rubydoc.info/gems/cve_schema/CVESchema/CVE/frames
+  #
+  class CVE < CVESchema::CVE
+
+    # The path to the CVE JSON.
+    #
+    # @return [String]
+    attr_reader :path
+
+    #
+    # Initializes the CVE.
+    #
+    # @param [String] path
+    #   The path to the CVE JSON.
+    #
+    def initialize(path, **kwargs)
+      super(**kwargs)
+
+      @path = path
+    end
+
+    #
+    # Parses the given JSON.
+    #
+    # @param [String] json
+    #   The raw JSON.
+    #
+    # @return [Hash{String => Object}]
+    #   The parsed JSON.
+    #
+    # @raise [InvalidJSON]
+    #   Could not parse the JSON in the given file.
+    #
+    # @api semipublic
+    #
+    def self.parse(json)
+      MultiJson.load(json)
+    rescue MultiJson::ParseError => error
+      raise(InvalidJSON,error.message)
+    end
+
+    #
+    # Parses the JSON in the given file.
+    #
+    # @param [String] file
+    #   The path to the file.
+    #
+    # @return [Hash{String => Object}]
+    #   The parsed JSON.
+    #
+    # @raise [InvalidJSON]
+    #   Could not parse the JSON in the given file.
+    #
+    # @api semipublic
+    #
+    def self.read(file)
+      parse(File.read(file))
+    end
+
+    #
+    # Loads the CVE JSON from the given file.
+    #
+    # @param [String] file
+    #   The path to the file.
+    #
+    # @return [CVE]
+    #   The loaded CVE object.
+    #
+    # @raise [InvalidJSON, MissingJSONKey, UnknownJSONValue]
+    #   Failed to load the CVE JSON.
+    #
+    def self.load(file)
+      new(file, **from_json(read(file)))
+    end
+
+  end
+end

data/lib/cvelist/directory.rb

@@ -0,0 +1,80 @@
+module CVEList
+  #
+  # Represents a directory within the {Repository}.
+  #
+  class Directory
+
+    # The path to the directory.
+    #
+    # @return [String]
+    attr_reader :path
+
+    #
+    # Initializes the directory.
+    #
+    # @param [String] path
+    #   The path to the directory.
+    #
+    def initialize(path)
+      @path = File.expand_path(path)
+    end
+
+    #
+    # Joins the file/directory name(s) with the directory path.
+    #
+    # @param [Array<String>] names
+    #   The file/directory name(s).
+    #
+    # @return [String]
+    #
+    def join(*names)
+      File.join(@path,*names)
+    end
+
+    #
+    # Determines whether the directory has the givne file.
+    #
+    # @param [String] name
+    #
+    # @return [Boolean]
+    #
+    def file?(name)
+      File.file?(join(name))
+    end
+
+    #
+    # Determines whether the directory has the given directory.
+    #
+    # @param [String] name
+    #
+    # @return [Boolean]
+    #
+    def directory?(name)
+      File.directory?(join(name))
+    end
+
+    #
+    # Finds all files and directories matching the pattern.
+    #
+    # @param [String] pattern
+    #   The glob pattern.
+    #
+    # @return [Array<String>]
+    #   The matching file and directory paths.
+    #
+    def glob(pattern)
+      Dir[join(pattern)]
+    end
+
+    #
+    # Converts the directory to a String.
+    #
+    # @return [String]
+    #   The path to the directory.
+    #
+    def to_s
+      @path
+    end
+
+  end
+end