fidius-cvedb 0.0.7 → 0.0.8

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a51a4d9cc186dc4fd41a52ac5163da4220ba6deb
+  data.tar.gz: 356f5c41283003acb19c72a19e9922bbbc9297c4
+SHA512:
+  metadata.gz: 76bfdad7efe5986e650fc67bd108eb8ea3d2702c69f155ed7a0dbfbde6b187b0692a5cfaf77957f3e65df1306b9aa14f9c963c1102251d7b32edc257ab84a124
+  data.tar.gz: 3b9974a9240aa9e6571f422544b4a17f9dc2eed377f55649c8ed193ee914234cd39e12be23a0f315d30387d308a933ccec797ffd9a9db6ee19df09dfaadc34e2

data/.gitignore

@@ -0,0 +1,3 @@
+.project
+pkg/
+*.gem

data/Gemfile.lock

@@ -0,0 +1,21 @@
+PATH
+  remote: .
+  specs:
+    fidius-cvedb (0.0.8)
+      nokogiri
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    mysql2 (0.3.11)
+    nokogiri (1.5.9)
+    rake (0.9.6)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  fidius-cvedb!
+  mysql2
+  nokogiri
+  rake

data/fidius-cvedb.gemspec

@@ -7,8 +7,8 @@ Gem::Specification.new do |s|
   s.version     = FIDIUS::CveDb::VERSION
   s.platform    = Gem::Platform::RUBY
   s.add_dependency('nokogiri') 
-  s.authors     = ["Andreas Bender", "Jens Färber"]
-  s.email       = ["bender@tzi.de", "jfaerber@tzi.de"]
+  s.authors     = ["Andreas Bender", "Jens Färber", "Michael Carlson"]
+  s.email       = ["bender@tzi.de", "jfaerber@tzi.de", "me@mbcarlson.org"]
   s.homepage    = "http://fidius.me"
   s.summary     = %q{Provides a parser and ActiveRecord models for the Common Vulnerability and Exposures (CVE) entries offered by the National Vulnerability Database (http://nvd.nist.gov/). }
   s.description = %q{This gem provides an opportunity to run a vulnerability database in your own environment. Therefore it comes with a parser for the National Vulnerability Database and ActiveRecord models for storing the entries in a local database and accessing Entries comfortable with Rails. }
@@ -19,4 +19,6 @@ Gem::Specification.new do |s|
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
+
+  s.add_development_dependency 'rake'
 end

data/lib/fidius-cvedb/version.rb

@@ -1,5 +1,5 @@
 module FIDIUS
   module CveDb
-    VERSION = "0.0.7"
+    VERSION = "0.0.8"
   end
 end

data/lib/models/fidius/cve_db/cvss.rb

@@ -1,4 +1,6 @@
 class FIDIUS::CveDb::Cvss < FIDIUS::CveDb::CveConnection
+  attr_accessible :score, :source, :generated_on, :access_vector, :access_complexity, :authentication,
+    :confidentiality_impact_id, :integrity_impact_id, :availability_impact_id
   has_one :confidentiality_impact
   has_one :availability_impact
   has_one :integrity_impact

data/lib/models/fidius/cve_db/impact.rb

@@ -1,2 +1,3 @@
 class FIDIUS::CveDb::Impact < FIDIUS::CveDb::CveConnection
+  attr_accessible :name
 end

data/lib/models/fidius/cve_db/mscve.rb

@@ -1,3 +1,4 @@
 class FIDIUS::CveDb::Mscve < FIDIUS::CveDb::CveConnection
+  attr_accessible :nvd_entry_id, :name
   belongs_to :nvd_entry
 end

data/lib/models/fidius/cve_db/nvd_entry.rb

@@ -1,5 +1,5 @@
 class FIDIUS::CveDb::NvdEntry < FIDIUS::CveDb::CveConnection
-  
+  attr_accessible :cve, :cwe, :summary, :published, :last_modified, :cvss
   has_one :cvss
   has_one :mscve
   

data/lib/models/fidius/cve_db/product.rb

@@ -1,5 +1,5 @@
 class FIDIUS::CveDb::Product < FIDIUS::CveDb::CveConnection
-  
+  attr_accessible :part, :vendor, :product, :version, :update_nr, :edition, :language
   has_many :vulnerable_softwares
   has_many :nvd_entries, :through => :vulnerable_softwares
   

data/lib/models/fidius/cve_db/vulnerability_reference.rb

@@ -1,3 +1,4 @@
 class FIDIUS::CveDb::VulnerabilityReference < FIDIUS::CveDb::CveConnection
+  attr_accessible :name, :link, :source, :nvd_entry_id
   belongs_to :nvd_entry
 end

data/lib/models/fidius/cve_db/vulnerable_configuration.rb

@@ -1,5 +1,5 @@
 class FIDIUS::CveDb::VulnerableConfiguration < FIDIUS::CveDb::CveConnection
-  
+  attr_accessible :nvd_entry_id, :product_id
   belongs_to :nvd_entry
   belongs_to :product
   

data/lib/models/fidius/cve_db/vulnerable_software.rb

@@ -1,5 +1,5 @@
 class FIDIUS::CveDb::VulnerableSoftware < FIDIUS::CveDb::CveConnection
-  
+  attr_accessible :nvd_entry_id, :product_id
   belongs_to :nvd_entry
   belongs_to :product
   

data/lib/models/fidius/cve_db/xml.rb

@@ -1,2 +1,3 @@
 class FIDIUS::CveDb::Xml < FIDIUS::CveDb::CveConnection
+  attr_accessible :name, :create_time
 end

data/lib/tasks/parse_cves.rake

@@ -4,13 +4,15 @@ require 'nokogiri'
 require 'fidius-cvedb'
 
 BASE_URL = "http://static.nvd.nist.gov/feeds/xml/cve/"
-DOWNLOAD_URL = "http://nvd.nist.gov/download.cfm"
+BASE_SSL_URL = "https://nvd.nist.gov/static/feeds/xml/cve/"
+DOWNLOAD_URL = "https://nvd.nist.gov/download.cfm"
 #GEM_BASE = File.join(ENV['GEM_HOME'], 'gems', "fidius-cvedb-#{FIDIUS::CveDb::VERSION}", 'lib')
 XML_DIR = File.join(Dir.pwd, "cveparser", "xml")
 ANNUALLY_XML = /nvdcve-2[.]0-\d{4}[.]xml/
 
 # modified xml includes all recent published and modified cve entries
 MODIFIED_XML = "nvdcve-2.0-modified.xml"
+RECENT_XML = "nvdcve-2.0-recent.xml"
 
 namespace :nvd do 
   desc 'Parses local XML-File.'
@@ -47,6 +49,8 @@ namespace :nvd do
   task :update do
     wget MODIFIED_XML
     cve_main '-u', MODIFIED_XML
+    wget RECENT_XML
+    cve_main '-u', RECENT_XML
   end
 
   desc "Initializes the CVE-DB, parses all annual CVE-XMLs and removes duplicates."
@@ -89,6 +93,7 @@ def init
   puts "[*] I've found #{l_ann_xmls.size} annually XML files locally. I'll "+
     "download the missing XMLs now."
   r_ann_xmls.each do |xml|
+    puts "Downloading #{xml}."
     wget xml unless l_ann_xmls.include? xml
     puts "Downloaded #{xml}."
   end
@@ -118,7 +123,7 @@ end
 
 # Returns an array of available xmls or nil if none are found.
 def remote_xmls
-  doc = Nokogiri::HTML(open(DOWNLOAD_URL))
+  doc = Nokogiri::HTML open(DOWNLOAD_URL)
   links = doc.css("div.rightbar > a")
   xmls = []
   links.each do |link|
@@ -142,5 +147,10 @@ end
 # Simple wget 
 def wget file
   FileUtils.mkdir_p(XML_DIR)
-  sh "wget -O#{File.join(XML_DIR, file)} #{BASE_URL + file}"
+  #sh "curl -O #{File.join(XML_DIR, file)} #{BASE_URL + file}"
+  response = open("#{BASE_SSL_URL + file}")
+  open("#{File.join(XML_DIR, file)}", "wb") do |f|
+    # read the file object
+    f.write(response.read)
+  end
 end

metadata

@@ -1,48 +1,61 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: fidius-cvedb
-version: !ruby/object:Gem::Version 
-  prerelease: false
-  segments: 
-  - 0
-  - 0
-  - 7
-  version: 0.0.7
+version: !ruby/object:Gem::Version
+  version: 0.0.8
 platform: ruby
-authors: 
+authors:
 - Andreas Bender
-- "Jens F\xC3\xA4rber"
+- Jens Färber
+- Michael Carlson
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-03-03 00:00:00 +01:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2013-04-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: nokogiri
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        version: "0"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
-description: "This gem provides an opportunity to run a vulnerability database in your own environment. Therefore it comes with a parser for the National Vulnerability Database and ActiveRecord models for storing the entries in a local database and accessing Entries comfortable with Rails. "
-email: 
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 'This gem provides an opportunity to run a vulnerability database in
+  your own environment. Therefore it comes with a parser for the National Vulnerability
+  Database and ActiveRecord models for storing the entries in a local database and
+  accessing Entries comfortable with Rails. '
+email:
 - bender@tzi.de
 - jfaerber@tzi.de
-executables: 
+- me@mbcarlson.org
+executables:
 - fidius-cvedb
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
+- .gitignore
 - Gemfile
+- Gemfile.lock
 - LICENSE
 - README.md
 - Rakefile
@@ -85,37 +98,28 @@ files:
 - test/test_3_entries.xml
 - test/test_references.xml
 - test/test_v2.xml
-has_rdoc: true
 homepage: http://fidius.me
 licenses: []
-
+metadata: {}
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      segments: 
-      - 0
-      version: "0"
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
-rubyforge_project: ""
-rubygems_version: 1.3.7
+rubyforge_project: ''
+rubygems_version: 2.0.2
 signing_key: 
-specification_version: 3
-summary: Provides a parser and ActiveRecord models for the Common Vulnerability and Exposures (CVE) entries offered by the National Vulnerability Database (http://nvd.nist.gov/).
+specification_version: 4
+summary: Provides a parser and ActiveRecord models for the Common Vulnerability and
+  Exposures (CVE) entries offered by the National Vulnerability Database (http://nvd.nist.gov/).
 test_files: []
-