fidius-cvedb 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +3 -2
- data/lib/cveparser/parser.rb +2 -1
- data/lib/fidius-cvedb.rb +1 -0
- data/lib/fidius-cvedb/version.rb +1 -1
- data/test/cve_parser_test.rb +10 -4
- data/test/test_3_entries.xml +99 -0
- metadata +4 -3
data/Rakefile
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
require 'rubygems'
|
1
|
+
require 'rubygems' # ruby 1.8
|
2
2
|
require 'bundler'
|
3
3
|
require 'rake/clean'
|
4
4
|
|
@@ -6,10 +6,11 @@ Bundler::GemHelper.install_tasks
|
|
6
6
|
|
7
7
|
CLOBBER.include 'pkg'
|
8
8
|
|
9
|
+
TEST_FILE = File.join('test', 'cve_parser_test.rb')
|
9
10
|
|
10
11
|
namespace :nvd do
|
11
|
-
|
12
12
|
desc 'Test parsing functionality of the gem.'
|
13
13
|
task :test do
|
14
|
+
sh "ruby #{TEST_FILE}"
|
14
15
|
end
|
15
16
|
end
|
data/lib/cveparser/parser.rb
CHANGED
@@ -1,7 +1,8 @@
|
|
1
1
|
# Author:: FIDIUS (mailto:grp-fidius@tzi.de)
|
2
2
|
# License:: Distributes under the same terms as fidius-cvedb Gem
|
3
|
+
PARSER_DIR = File.dirname(File.expand_path(__FILE__))
|
3
4
|
|
4
|
-
require "#{
|
5
|
+
require "#{PARSER_DIR}/parser_model"
|
5
6
|
require 'rubygems'
|
6
7
|
require 'nokogiri'
|
7
8
|
|
data/lib/fidius-cvedb.rb
CHANGED
data/lib/fidius-cvedb/version.rb
CHANGED
data/test/cve_parser_test.rb
CHANGED
@@ -1,4 +1,7 @@
|
|
1
|
-
|
1
|
+
TEST_DIR = File.dirname(File.expand_path(__FILE__))
|
2
|
+
LIB_DIR = File.join(TEST_DIR, '..', 'lib', 'cveparser')
|
3
|
+
|
4
|
+
$LOAD_PATH.unshift LIB_DIR
|
2
5
|
require 'parser'
|
3
6
|
require 'test/unit'
|
4
7
|
|
@@ -7,17 +10,20 @@ class TestCveParser < Test::Unit::TestCase
|
|
7
10
|
include FIDIUS::NVDParser
|
8
11
|
|
9
12
|
def test_should_parse_2_0_only
|
10
|
-
assert_raise(RuntimeError) { FIDIUS::NVDParser.parse_cve_file
|
13
|
+
assert_raise(RuntimeError) { FIDIUS::NVDParser.parse_cve_file(
|
14
|
+
File.join(TEST_DIR, 'test_v2.xml')) }
|
11
15
|
end
|
12
16
|
|
13
17
|
def test_should_find_1_reference
|
14
|
-
entries = FIDIUS::NVDParser.parse_cve_file
|
18
|
+
entries = FIDIUS::NVDParser.parse_cve_file(
|
19
|
+
File.join(TEST_DIR, 'test_references.xml'))
|
15
20
|
assert_equal 1, entries.first.references.size, "The test_references.xml " +
|
16
21
|
"contains one reference which should be found."
|
17
22
|
end
|
18
23
|
|
19
24
|
def test_should_find_3_nvd_entries
|
20
|
-
entries = FIDIUS::NVDParser.parse_cve_file
|
25
|
+
entries = FIDIUS::NVDParser.parse_cve_file(
|
26
|
+
File.join(TEST_DIR, 'test_3_entries.xml'))
|
21
27
|
assert_equal 3, entries.size, "The test_entries.xml contains 3 NVD " +
|
22
28
|
"entries which should be returned in an array."
|
23
29
|
end
|
@@ -0,0 +1,99 @@
|
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
|
+
<nvd xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" nvd_xml_version="2.0" pub_date="2011-02-10T06:05:00" xsi:schemaLocation="http://scap.nist.gov/schema/feed/vulnerability/2.0 http://nvd.nist.gov/schema/nvd-cve-feed_2.0.xsd">
|
3
|
+
<entry id="CVE-2009-5051">
|
4
|
+
<vuln:vulnerable-configuration id="http://nvd.nist.gov">
|
5
|
+
<cpe-lang:logical-test negate="false" operator="OR">
|
6
|
+
<cpe-lang:fact-ref name="cpe:/a:hastymail:hastymail2::beta1" />
|
7
|
+
</cpe-lang:logical-test>
|
8
|
+
</vuln:vulnerable-configuration>
|
9
|
+
<vuln:vulnerable-software-list>
|
10
|
+
<vuln:product>cpe:/a:hastymail:hastymail2::rc7</vuln:product>
|
11
|
+
</vuln:vulnerable-software-list>
|
12
|
+
<vuln:cve-id>CVE-2009-5051</vuln:cve-id>
|
13
|
+
<vuln:published-datetime>2011-01-18T13:03:06.533-05:00</vuln:published-datetime>
|
14
|
+
<vuln:last-modified-datetime>2011-01-18T00:00:00.000-05:00</vuln:last-modified-datetime>
|
15
|
+
<vuln:cvss>
|
16
|
+
<cvss:base_metrics>
|
17
|
+
<cvss:score>5.0</cvss:score>
|
18
|
+
<cvss:access-vector>NETWORK</cvss:access-vector>
|
19
|
+
<cvss:access-complexity>LOW</cvss:access-complexity>
|
20
|
+
<cvss:authentication>NONE</cvss:authentication>
|
21
|
+
<cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
|
22
|
+
<cvss:integrity-impact>NONE</cvss:integrity-impact>
|
23
|
+
<cvss:availability-impact>NONE</cvss:availability-impact>
|
24
|
+
<cvss:source>http://nvd.nist.gov</cvss:source>
|
25
|
+
<cvss:generated-on-datetime>2011-01-18T13:11:00.000-05:00</cvss:generated-on-datetime>
|
26
|
+
</cvss:base_metrics>
|
27
|
+
</vuln:cvss>
|
28
|
+
<vuln:cwe id="CWE-16" />
|
29
|
+
<vuln:references xml:lang="en" reference_type="UNKNOWN">
|
30
|
+
<vuln:source>CONFIRM</vuln:source>
|
31
|
+
<vuln:reference xml:lang="en" href="http://www.hastymail.org/security/">http://www.hastymail.org/security/</vuln:reference>
|
32
|
+
</vuln:references>
|
33
|
+
<vuln:summary>Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.</vuln:summary>
|
34
|
+
</entry>
|
35
|
+
<entry id="CVE-2010-4166">
|
36
|
+
<vuln:vulnerable-configuration id="http://nvd.nist.gov">
|
37
|
+
<cpe-lang:logical-test negate="false" operator="OR">
|
38
|
+
<cpe-lang:fact-ref name="cpe:/a:joomla:joomla%21:1.5.13" />
|
39
|
+
</cpe-lang:logical-test>
|
40
|
+
</vuln:vulnerable-configuration>
|
41
|
+
<vuln:vulnerable-software-list>
|
42
|
+
<vuln:product>cpe:/a:joomla:joomla%21:1.5.9</vuln:product>
|
43
|
+
</vuln:vulnerable-software-list>
|
44
|
+
<vuln:cve-id>CVE-2010-4166</vuln:cve-id>
|
45
|
+
<vuln:published-datetime>2011-01-18T13:03:06.830-05:00</vuln:published-datetime>
|
46
|
+
<vuln:last-modified-datetime>2011-01-20T00:00:00.000-05:00</vuln:last-modified-datetime>
|
47
|
+
<vuln:cvss>
|
48
|
+
<cvss:base_metrics>
|
49
|
+
<cvss:score>7.5</cvss:score>
|
50
|
+
<cvss:access-vector>NETWORK</cvss:access-vector>
|
51
|
+
<cvss:access-complexity>LOW</cvss:access-complexity>
|
52
|
+
<cvss:authentication>NONE</cvss:authentication>
|
53
|
+
<cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
|
54
|
+
<cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
|
55
|
+
<cvss:availability-impact>PARTIAL</cvss:availability-impact>
|
56
|
+
<cvss:source>http://nvd.nist.gov</cvss:source>
|
57
|
+
<cvss:generated-on-datetime>2011-01-18T13:26:00.000-05:00</cvss:generated-on-datetime>
|
58
|
+
</cvss:base_metrics>
|
59
|
+
</vuln:cvss>
|
60
|
+
<vuln:cwe id="CWE-89" />
|
61
|
+
<vuln:references xml:lang="en" reference_type="UNKNOWN">
|
62
|
+
<vuln:source>MISC</vuln:source>
|
63
|
+
<vuln:reference xml:lang="en" href="http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg">http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg</vuln:reference>
|
64
|
+
</vuln:references>
|
65
|
+
<vuln:summary>Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.</vuln:summary>
|
66
|
+
</entry>
|
67
|
+
<entry id="CVE-2010-4263">
|
68
|
+
<vuln:vulnerable-configuration id="http://nvd.nist.gov">
|
69
|
+
<cpe-lang:logical-test negate="false" operator="OR">
|
70
|
+
<cpe-lang:fact-ref name="cpe:/a:joomla:joomla%21:1.5.13" />
|
71
|
+
</cpe-lang:logical-test>
|
72
|
+
</vuln:vulnerable-configuration>
|
73
|
+
<vuln:vulnerable-software-list>
|
74
|
+
<vuln:product>cpe:/a:joomla:joomla%21:1.5.9</vuln:product>
|
75
|
+
</vuln:vulnerable-software-list>
|
76
|
+
<vuln:cve-id>CVE-2010-4166</vuln:cve-id>
|
77
|
+
<vuln:published-datetime>2011-01-18T13:03:06.830-05:00</vuln:published-datetime>
|
78
|
+
<vuln:last-modified-datetime>2011-01-20T00:00:00.000-05:00</vuln:last-modified-datetime>
|
79
|
+
<vuln:cvss>
|
80
|
+
<cvss:base_metrics>
|
81
|
+
<cvss:score>7.5</cvss:score>
|
82
|
+
<cvss:access-vector>NETWORK</cvss:access-vector>
|
83
|
+
<cvss:access-complexity>LOW</cvss:access-complexity>
|
84
|
+
<cvss:authentication>NONE</cvss:authentication>
|
85
|
+
<cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
|
86
|
+
<cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
|
87
|
+
<cvss:availability-impact>PARTIAL</cvss:availability-impact>
|
88
|
+
<cvss:source>http://nvd.nist.gov</cvss:source>
|
89
|
+
<cvss:generated-on-datetime>2011-01-18T13:26:00.000-05:00</cvss:generated-on-datetime>
|
90
|
+
</cvss:base_metrics>
|
91
|
+
</vuln:cvss>
|
92
|
+
<vuln:cwe id="CWE-89" />
|
93
|
+
<vuln:references xml:lang="en" reference_type="UNKNOWN">
|
94
|
+
<vuln:source>MISC</vuln:source>
|
95
|
+
<vuln:reference xml:lang="en" href="http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg">http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg</vuln:reference>
|
96
|
+
</vuln:references>
|
97
|
+
<vuln:summary>Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.</vuln:summary>
|
98
|
+
</entry>
|
99
|
+
</nvd>
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 0
|
8
|
-
-
|
9
|
-
version: 0.0.
|
8
|
+
- 6
|
9
|
+
version: 0.0.6
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Andreas Bender
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2011-02-
|
18
|
+
date: 2011-02-25 00:00:00 +01:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
@@ -82,6 +82,7 @@ files:
|
|
82
82
|
- lib/tasks/nvd_migrate.rake
|
83
83
|
- lib/tasks/parse_cves.rake
|
84
84
|
- test/cve_parser_test.rb
|
85
|
+
- test/test_3_entries.xml
|
85
86
|
- test/test_references.xml
|
86
87
|
- test/test_v2.xml
|
87
88
|
has_rdoc: true
|