fidius-cvedb 0.0.7 → 0.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +3 -0
- data/Gemfile.lock +21 -0
- data/fidius-cvedb.gemspec +4 -2
- data/lib/fidius-cvedb/version.rb +1 -1
- data/lib/models/fidius/cve_db/cvss.rb +2 -0
- data/lib/models/fidius/cve_db/impact.rb +1 -0
- data/lib/models/fidius/cve_db/mscve.rb +1 -0
- data/lib/models/fidius/cve_db/nvd_entry.rb +1 -1
- data/lib/models/fidius/cve_db/product.rb +1 -1
- data/lib/models/fidius/cve_db/vulnerability_reference.rb +1 -0
- data/lib/models/fidius/cve_db/vulnerable_configuration.rb +1 -1
- data/lib/models/fidius/cve_db/vulnerable_software.rb +1 -1
- data/lib/models/fidius/cve_db/xml.rb +1 -0
- data/lib/tasks/parse_cves.rake +13 -3
- metadata +61 -57
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: a51a4d9cc186dc4fd41a52ac5163da4220ba6deb
|
4
|
+
data.tar.gz: 356f5c41283003acb19c72a19e9922bbbc9297c4
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 76bfdad7efe5986e650fc67bd108eb8ea3d2702c69f155ed7a0dbfbde6b187b0692a5cfaf77957f3e65df1306b9aa14f9c963c1102251d7b32edc257ab84a124
|
7
|
+
data.tar.gz: 3b9974a9240aa9e6571f422544b4a17f9dc2eed377f55649c8ed193ee914234cd39e12be23a0f315d30387d308a933ccec797ffd9a9db6ee19df09dfaadc34e2
|
data/.gitignore
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
fidius-cvedb (0.0.8)
|
5
|
+
nokogiri
|
6
|
+
|
7
|
+
GEM
|
8
|
+
remote: http://rubygems.org/
|
9
|
+
specs:
|
10
|
+
mysql2 (0.3.11)
|
11
|
+
nokogiri (1.5.9)
|
12
|
+
rake (0.9.6)
|
13
|
+
|
14
|
+
PLATFORMS
|
15
|
+
ruby
|
16
|
+
|
17
|
+
DEPENDENCIES
|
18
|
+
fidius-cvedb!
|
19
|
+
mysql2
|
20
|
+
nokogiri
|
21
|
+
rake
|
data/fidius-cvedb.gemspec
CHANGED
@@ -7,8 +7,8 @@ Gem::Specification.new do |s|
|
|
7
7
|
s.version = FIDIUS::CveDb::VERSION
|
8
8
|
s.platform = Gem::Platform::RUBY
|
9
9
|
s.add_dependency('nokogiri')
|
10
|
-
s.authors = ["Andreas Bender", "Jens Färber"]
|
11
|
-
s.email = ["bender@tzi.de", "jfaerber@tzi.de"]
|
10
|
+
s.authors = ["Andreas Bender", "Jens Färber", "Michael Carlson"]
|
11
|
+
s.email = ["bender@tzi.de", "jfaerber@tzi.de", "me@mbcarlson.org"]
|
12
12
|
s.homepage = "http://fidius.me"
|
13
13
|
s.summary = %q{Provides a parser and ActiveRecord models for the Common Vulnerability and Exposures (CVE) entries offered by the National Vulnerability Database (http://nvd.nist.gov/). }
|
14
14
|
s.description = %q{This gem provides an opportunity to run a vulnerability database in your own environment. Therefore it comes with a parser for the National Vulnerability Database and ActiveRecord models for storing the entries in a local database and accessing Entries comfortable with Rails. }
|
@@ -19,4 +19,6 @@ Gem::Specification.new do |s|
|
|
19
19
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
20
20
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
21
21
|
s.require_paths = ["lib"]
|
22
|
+
|
23
|
+
s.add_development_dependency 'rake'
|
22
24
|
end
|
data/lib/fidius-cvedb/version.rb
CHANGED
@@ -1,4 +1,6 @@
|
|
1
1
|
class FIDIUS::CveDb::Cvss < FIDIUS::CveDb::CveConnection
|
2
|
+
attr_accessible :score, :source, :generated_on, :access_vector, :access_complexity, :authentication,
|
3
|
+
:confidentiality_impact_id, :integrity_impact_id, :availability_impact_id
|
2
4
|
has_one :confidentiality_impact
|
3
5
|
has_one :availability_impact
|
4
6
|
has_one :integrity_impact
|
data/lib/tasks/parse_cves.rake
CHANGED
@@ -4,13 +4,15 @@ require 'nokogiri'
|
|
4
4
|
require 'fidius-cvedb'
|
5
5
|
|
6
6
|
BASE_URL = "http://static.nvd.nist.gov/feeds/xml/cve/"
|
7
|
-
|
7
|
+
BASE_SSL_URL = "https://nvd.nist.gov/static/feeds/xml/cve/"
|
8
|
+
DOWNLOAD_URL = "https://nvd.nist.gov/download.cfm"
|
8
9
|
#GEM_BASE = File.join(ENV['GEM_HOME'], 'gems', "fidius-cvedb-#{FIDIUS::CveDb::VERSION}", 'lib')
|
9
10
|
XML_DIR = File.join(Dir.pwd, "cveparser", "xml")
|
10
11
|
ANNUALLY_XML = /nvdcve-2[.]0-\d{4}[.]xml/
|
11
12
|
|
12
13
|
# modified xml includes all recent published and modified cve entries
|
13
14
|
MODIFIED_XML = "nvdcve-2.0-modified.xml"
|
15
|
+
RECENT_XML = "nvdcve-2.0-recent.xml"
|
14
16
|
|
15
17
|
namespace :nvd do
|
16
18
|
desc 'Parses local XML-File.'
|
@@ -47,6 +49,8 @@ namespace :nvd do
|
|
47
49
|
task :update do
|
48
50
|
wget MODIFIED_XML
|
49
51
|
cve_main '-u', MODIFIED_XML
|
52
|
+
wget RECENT_XML
|
53
|
+
cve_main '-u', RECENT_XML
|
50
54
|
end
|
51
55
|
|
52
56
|
desc "Initializes the CVE-DB, parses all annual CVE-XMLs and removes duplicates."
|
@@ -89,6 +93,7 @@ def init
|
|
89
93
|
puts "[*] I've found #{l_ann_xmls.size} annually XML files locally. I'll "+
|
90
94
|
"download the missing XMLs now."
|
91
95
|
r_ann_xmls.each do |xml|
|
96
|
+
puts "Downloading #{xml}."
|
92
97
|
wget xml unless l_ann_xmls.include? xml
|
93
98
|
puts "Downloaded #{xml}."
|
94
99
|
end
|
@@ -118,7 +123,7 @@ end
|
|
118
123
|
|
119
124
|
# Returns an array of available xmls or nil if none are found.
|
120
125
|
def remote_xmls
|
121
|
-
doc = Nokogiri::HTML
|
126
|
+
doc = Nokogiri::HTML open(DOWNLOAD_URL)
|
122
127
|
links = doc.css("div.rightbar > a")
|
123
128
|
xmls = []
|
124
129
|
links.each do |link|
|
@@ -142,5 +147,10 @@ end
|
|
142
147
|
# Simple wget
|
143
148
|
def wget file
|
144
149
|
FileUtils.mkdir_p(XML_DIR)
|
145
|
-
sh "
|
150
|
+
#sh "curl -O #{File.join(XML_DIR, file)} #{BASE_URL + file}"
|
151
|
+
response = open("#{BASE_SSL_URL + file}")
|
152
|
+
open("#{File.join(XML_DIR, file)}", "wb") do |f|
|
153
|
+
# read the file object
|
154
|
+
f.write(response.read)
|
155
|
+
end
|
146
156
|
end
|
metadata
CHANGED
@@ -1,48 +1,61 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: fidius-cvedb
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
segments:
|
6
|
-
- 0
|
7
|
-
- 0
|
8
|
-
- 7
|
9
|
-
version: 0.0.7
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.8
|
10
5
|
platform: ruby
|
11
|
-
authors:
|
6
|
+
authors:
|
12
7
|
- Andreas Bender
|
13
|
-
-
|
8
|
+
- Jens Färber
|
9
|
+
- Michael Carlson
|
14
10
|
autorequire:
|
15
11
|
bindir: bin
|
16
12
|
cert_chain: []
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
dependencies:
|
21
|
-
- !ruby/object:Gem::Dependency
|
13
|
+
date: 2013-04-15 00:00:00.000000000 Z
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
22
16
|
name: nokogiri
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
- !ruby/object:Gem::Version
|
29
|
-
segments:
|
30
|
-
- 0
|
31
|
-
version: "0"
|
17
|
+
requirement: !ruby/object:Gem::Requirement
|
18
|
+
requirements:
|
19
|
+
- - '>='
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '0'
|
32
22
|
type: :runtime
|
33
|
-
|
34
|
-
|
35
|
-
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
requirements:
|
26
|
+
- - '>='
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
version: '0'
|
29
|
+
- !ruby/object:Gem::Dependency
|
30
|
+
name: rake
|
31
|
+
requirement: !ruby/object:Gem::Requirement
|
32
|
+
requirements:
|
33
|
+
- - '>='
|
34
|
+
- !ruby/object:Gem::Version
|
35
|
+
version: '0'
|
36
|
+
type: :development
|
37
|
+
prerelease: false
|
38
|
+
version_requirements: !ruby/object:Gem::Requirement
|
39
|
+
requirements:
|
40
|
+
- - '>='
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
version: '0'
|
43
|
+
description: 'This gem provides an opportunity to run a vulnerability database in
|
44
|
+
your own environment. Therefore it comes with a parser for the National Vulnerability
|
45
|
+
Database and ActiveRecord models for storing the entries in a local database and
|
46
|
+
accessing Entries comfortable with Rails. '
|
47
|
+
email:
|
36
48
|
- bender@tzi.de
|
37
49
|
- jfaerber@tzi.de
|
38
|
-
|
50
|
+
- me@mbcarlson.org
|
51
|
+
executables:
|
39
52
|
- fidius-cvedb
|
40
53
|
extensions: []
|
41
|
-
|
42
54
|
extra_rdoc_files: []
|
43
|
-
|
44
|
-
|
55
|
+
files:
|
56
|
+
- .gitignore
|
45
57
|
- Gemfile
|
58
|
+
- Gemfile.lock
|
46
59
|
- LICENSE
|
47
60
|
- README.md
|
48
61
|
- Rakefile
|
@@ -85,37 +98,28 @@ files:
|
|
85
98
|
- test/test_3_entries.xml
|
86
99
|
- test/test_references.xml
|
87
100
|
- test/test_v2.xml
|
88
|
-
has_rdoc: true
|
89
101
|
homepage: http://fidius.me
|
90
102
|
licenses: []
|
91
|
-
|
103
|
+
metadata: {}
|
92
104
|
post_install_message:
|
93
105
|
rdoc_options: []
|
94
|
-
|
95
|
-
require_paths:
|
106
|
+
require_paths:
|
96
107
|
- lib
|
97
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
requirements:
|
108
|
-
- - ">="
|
109
|
-
- !ruby/object:Gem::Version
|
110
|
-
segments:
|
111
|
-
- 0
|
112
|
-
version: "0"
|
108
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
109
|
+
requirements:
|
110
|
+
- - '>='
|
111
|
+
- !ruby/object:Gem::Version
|
112
|
+
version: '0'
|
113
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - '>='
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
113
118
|
requirements: []
|
114
|
-
|
115
|
-
|
116
|
-
rubygems_version: 1.3.7
|
119
|
+
rubyforge_project: ''
|
120
|
+
rubygems_version: 2.0.2
|
117
121
|
signing_key:
|
118
|
-
specification_version:
|
119
|
-
summary: Provides a parser and ActiveRecord models for the Common Vulnerability and
|
122
|
+
specification_version: 4
|
123
|
+
summary: Provides a parser and ActiveRecord models for the Common Vulnerability and
|
124
|
+
Exposures (CVE) entries offered by the National Vulnerability Database (http://nvd.nist.gov/).
|
120
125
|
test_files: []
|
121
|
-
|