fidius-cvedb 0.0.5 → 0.0.6

Sign up to get free protection for your applications and to get access to all the features.
data/Rakefile CHANGED
@@ -1,4 +1,4 @@
1
- require 'rubygems'
1
+ require 'rubygems' # ruby 1.8
2
2
  require 'bundler'
3
3
  require 'rake/clean'
4
4
 
@@ -6,10 +6,11 @@ Bundler::GemHelper.install_tasks
6
6
 
7
7
  CLOBBER.include 'pkg'
8
8
 
9
+ TEST_FILE = File.join('test', 'cve_parser_test.rb')
9
10
 
10
11
  namespace :nvd do
11
-
12
12
  desc 'Test parsing functionality of the gem.'
13
13
  task :test do
14
+ sh "ruby #{TEST_FILE}"
14
15
  end
15
16
  end
@@ -1,7 +1,8 @@
1
1
  # Author:: FIDIUS (mailto:grp-fidius@tzi.de)
2
2
  # License:: Distributes under the same terms as fidius-cvedb Gem
3
+ PARSER_DIR = File.dirname(File.expand_path(__FILE__))
3
4
 
4
- require "#{FIDIUS::CveDb::GEM_BASE}/cveparser/parser_model"
5
+ require "#{PARSER_DIR}/parser_model"
5
6
  require 'rubygems'
6
7
  require 'nokogiri'
7
8
 
@@ -1,4 +1,5 @@
1
1
  require 'fidius-cvedb/version'
2
+ require 'active_record'
2
3
 
3
4
  module FIDIUS
4
5
  module CveDb
@@ -1,5 +1,5 @@
1
1
  module FIDIUS
2
2
  module CveDb
3
- VERSION = "0.0.5"
3
+ VERSION = "0.0.6"
4
4
  end
5
5
  end
@@ -1,4 +1,7 @@
1
- $LOAD_PATH.unshift File.expand_path("../lib/cveparser/")
1
+ TEST_DIR = File.dirname(File.expand_path(__FILE__))
2
+ LIB_DIR = File.join(TEST_DIR, '..', 'lib', 'cveparser')
3
+
4
+ $LOAD_PATH.unshift LIB_DIR
2
5
  require 'parser'
3
6
  require 'test/unit'
4
7
 
@@ -7,17 +10,20 @@ class TestCveParser < Test::Unit::TestCase
7
10
  include FIDIUS::NVDParser
8
11
 
9
12
  def test_should_parse_2_0_only
10
- assert_raise(RuntimeError) { FIDIUS::NVDParser.parse_cve_file 'test_v2.xml' }
13
+ assert_raise(RuntimeError) { FIDIUS::NVDParser.parse_cve_file(
14
+ File.join(TEST_DIR, 'test_v2.xml')) }
11
15
  end
12
16
 
13
17
  def test_should_find_1_reference
14
- entries = FIDIUS::NVDParser.parse_cve_file 'test_references.xml'
18
+ entries = FIDIUS::NVDParser.parse_cve_file(
19
+ File.join(TEST_DIR, 'test_references.xml'))
15
20
  assert_equal 1, entries.first.references.size, "The test_references.xml " +
16
21
  "contains one reference which should be found."
17
22
  end
18
23
 
19
24
  def test_should_find_3_nvd_entries
20
- entries = FIDIUS::NVDParser.parse_cve_file 'test_entries.xml'
25
+ entries = FIDIUS::NVDParser.parse_cve_file(
26
+ File.join(TEST_DIR, 'test_3_entries.xml'))
21
27
  assert_equal 3, entries.size, "The test_entries.xml contains 3 NVD " +
22
28
  "entries which should be returned in an array."
23
29
  end
@@ -0,0 +1,99 @@
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
+ <nvd xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" nvd_xml_version="2.0" pub_date="2011-02-10T06:05:00" xsi:schemaLocation="http://scap.nist.gov/schema/feed/vulnerability/2.0 http://nvd.nist.gov/schema/nvd-cve-feed_2.0.xsd">
3
+ <entry id="CVE-2009-5051">
4
+ <vuln:vulnerable-configuration id="http://nvd.nist.gov">
5
+ <cpe-lang:logical-test negate="false" operator="OR">
6
+ <cpe-lang:fact-ref name="cpe:/a:hastymail:hastymail2::beta1" />
7
+ </cpe-lang:logical-test>
8
+ </vuln:vulnerable-configuration>
9
+ <vuln:vulnerable-software-list>
10
+ <vuln:product>cpe:/a:hastymail:hastymail2::rc7</vuln:product>
11
+ </vuln:vulnerable-software-list>
12
+ <vuln:cve-id>CVE-2009-5051</vuln:cve-id>
13
+ <vuln:published-datetime>2011-01-18T13:03:06.533-05:00</vuln:published-datetime>
14
+ <vuln:last-modified-datetime>2011-01-18T00:00:00.000-05:00</vuln:last-modified-datetime>
15
+ <vuln:cvss>
16
+ <cvss:base_metrics>
17
+ <cvss:score>5.0</cvss:score>
18
+ <cvss:access-vector>NETWORK</cvss:access-vector>
19
+ <cvss:access-complexity>LOW</cvss:access-complexity>
20
+ <cvss:authentication>NONE</cvss:authentication>
21
+ <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
22
+ <cvss:integrity-impact>NONE</cvss:integrity-impact>
23
+ <cvss:availability-impact>NONE</cvss:availability-impact>
24
+ <cvss:source>http://nvd.nist.gov</cvss:source>
25
+ <cvss:generated-on-datetime>2011-01-18T13:11:00.000-05:00</cvss:generated-on-datetime>
26
+ </cvss:base_metrics>
27
+ </vuln:cvss>
28
+ <vuln:cwe id="CWE-16" />
29
+ <vuln:references xml:lang="en" reference_type="UNKNOWN">
30
+ <vuln:source>CONFIRM</vuln:source>
31
+ <vuln:reference xml:lang="en" href="http://www.hastymail.org/security/">http://www.hastymail.org/security/</vuln:reference>
32
+ </vuln:references>
33
+ <vuln:summary>Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.</vuln:summary>
34
+ </entry>
35
+ <entry id="CVE-2010-4166">
36
+ <vuln:vulnerable-configuration id="http://nvd.nist.gov">
37
+ <cpe-lang:logical-test negate="false" operator="OR">
38
+ <cpe-lang:fact-ref name="cpe:/a:joomla:joomla%21:1.5.13" />
39
+ </cpe-lang:logical-test>
40
+ </vuln:vulnerable-configuration>
41
+ <vuln:vulnerable-software-list>
42
+ <vuln:product>cpe:/a:joomla:joomla%21:1.5.9</vuln:product>
43
+ </vuln:vulnerable-software-list>
44
+ <vuln:cve-id>CVE-2010-4166</vuln:cve-id>
45
+ <vuln:published-datetime>2011-01-18T13:03:06.830-05:00</vuln:published-datetime>
46
+ <vuln:last-modified-datetime>2011-01-20T00:00:00.000-05:00</vuln:last-modified-datetime>
47
+ <vuln:cvss>
48
+ <cvss:base_metrics>
49
+ <cvss:score>7.5</cvss:score>
50
+ <cvss:access-vector>NETWORK</cvss:access-vector>
51
+ <cvss:access-complexity>LOW</cvss:access-complexity>
52
+ <cvss:authentication>NONE</cvss:authentication>
53
+ <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
54
+ <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
55
+ <cvss:availability-impact>PARTIAL</cvss:availability-impact>
56
+ <cvss:source>http://nvd.nist.gov</cvss:source>
57
+ <cvss:generated-on-datetime>2011-01-18T13:26:00.000-05:00</cvss:generated-on-datetime>
58
+ </cvss:base_metrics>
59
+ </vuln:cvss>
60
+ <vuln:cwe id="CWE-89" />
61
+ <vuln:references xml:lang="en" reference_type="UNKNOWN">
62
+ <vuln:source>MISC</vuln:source>
63
+ <vuln:reference xml:lang="en" href="http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg">http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg</vuln:reference>
64
+ </vuln:references>
65
+ <vuln:summary>Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.</vuln:summary>
66
+ </entry>
67
+ <entry id="CVE-2010-4263">
68
+ <vuln:vulnerable-configuration id="http://nvd.nist.gov">
69
+ <cpe-lang:logical-test negate="false" operator="OR">
70
+ <cpe-lang:fact-ref name="cpe:/a:joomla:joomla%21:1.5.13" />
71
+ </cpe-lang:logical-test>
72
+ </vuln:vulnerable-configuration>
73
+ <vuln:vulnerable-software-list>
74
+ <vuln:product>cpe:/a:joomla:joomla%21:1.5.9</vuln:product>
75
+ </vuln:vulnerable-software-list>
76
+ <vuln:cve-id>CVE-2010-4166</vuln:cve-id>
77
+ <vuln:published-datetime>2011-01-18T13:03:06.830-05:00</vuln:published-datetime>
78
+ <vuln:last-modified-datetime>2011-01-20T00:00:00.000-05:00</vuln:last-modified-datetime>
79
+ <vuln:cvss>
80
+ <cvss:base_metrics>
81
+ <cvss:score>7.5</cvss:score>
82
+ <cvss:access-vector>NETWORK</cvss:access-vector>
83
+ <cvss:access-complexity>LOW</cvss:access-complexity>
84
+ <cvss:authentication>NONE</cvss:authentication>
85
+ <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
86
+ <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
87
+ <cvss:availability-impact>PARTIAL</cvss:availability-impact>
88
+ <cvss:source>http://nvd.nist.gov</cvss:source>
89
+ <cvss:generated-on-datetime>2011-01-18T13:26:00.000-05:00</cvss:generated-on-datetime>
90
+ </cvss:base_metrics>
91
+ </vuln:cvss>
92
+ <vuln:cwe id="CWE-89" />
93
+ <vuln:references xml:lang="en" reference_type="UNKNOWN">
94
+ <vuln:source>MISC</vuln:source>
95
+ <vuln:reference xml:lang="en" href="http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg">http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg</vuln:reference>
96
+ </vuln:references>
97
+ <vuln:summary>Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.</vuln:summary>
98
+ </entry>
99
+ </nvd>
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 0
8
- - 5
9
- version: 0.0.5
8
+ - 6
9
+ version: 0.0.6
10
10
  platform: ruby
11
11
  authors:
12
12
  - Andreas Bender
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-02-16 00:00:00 +01:00
18
+ date: 2011-02-25 00:00:00 +01:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -82,6 +82,7 @@ files:
82
82
  - lib/tasks/nvd_migrate.rake
83
83
  - lib/tasks/parse_cves.rake
84
84
  - test/cve_parser_test.rb
85
+ - test/test_3_entries.xml
85
86
  - test/test_references.xml
86
87
  - test/test_v2.xml
87
88
  has_rdoc: true