nvd-json_feeds 0.1.0

data/lib/nvd/json_feeds/feed_uri.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+require 'net/https'
+
+module NVD
+  module JSONFeeds
+    #
+    # Base class for all feed URIs.
+    #
+    class FeedURI
+
+      SCHEMA_VERSION = '1.1'
+
+      BASE_URI = "https://nvd.nist.gov/feeds/json/cve/#{SCHEMA_VERSION}"
+
+      # The feed name or year.
+      #
+      # @return [:modified, :recent, Integer]
+      attr_reader :name
+
+      # The feed file extension.
+      #
+      # @return [String]
+      attr_reader :ext
+
+      # The file name of the feed.
+      #
+      # @return [String]
+      attr_reader :filename
+
+      # The feed URI.
+      #
+      # @return [URI::HTTPS]
+      attr_reader :uri
+
+      #
+      # Initializes the feed URI.
+      #
+      # @param [:modified, :recent, Integer] name
+      #   The feed name or year.
+      #
+      # @param [String] ext
+      #   The feed file extension (ex: `.json.gz`).
+      #
+      def initialize(name,ext)
+        @name = name
+        @ext  = ext
+
+        @filename = "nvdcve-#{SCHEMA_VERSION}-#{@name}#{@ext}"
+        @uri      = URI("#{BASE_URI}/#{@filename}")
+      end
+
+      #
+      # Performs and HTTP GET request to the feed URI.
+      #
+      # @yield [chunk]
+      #   If a block is given, it will be passed each chunk read from the
+      #   response.
+      #
+      # @yieldparam [String] chunk
+      #   A chunk of data read from the response body.
+      #
+      # @return [String]
+      #   If no block is given, the full response body will be returned.
+      #
+      def get(&block)
+        if block
+          Net::HTTP.start(@uri.host,@uri.port, use_ssl: true) do |http|
+            request = Net::HTTP::Get.new(uri)
+
+            http.request(request) do |response|
+              response.read_body(&block)
+            end
+          end
+        else
+          Net::HTTP.get(@uri)
+        end
+      end
+
+      #
+      # Downloads the feed to the given destination.
+      #
+      # @param [String] dest
+      #   Either a destination file or directory.
+      #
+      def download(dest)
+        dest_path = if File.directory?(dest) then File.join(dest,@filename)
+                    else                          dest
+                    end
+
+        File.open(dest_path,'w') do |file|
+          get do |chunk|
+            file.write(chunk)
+          end
+        end
+
+        return dest_path
+      end
+
+      #
+      # Converts the feed URI to a regular URI.
+      #
+      # @return [URI::HTTPS]
+      #   The feed URI.
+      #
+      def to_uri
+        @uri
+      end
+
+      #
+      # Converts the feed URI to a String.
+      #
+      # @return [String]
+      #   The String version of the feed URI.
+      #
+      def to_s
+        @uri.to_s
+      end
+
+      #
+      # Inspects the feed URI.
+      #
+      # @return [String]
+      #
+      def inspect
+        "#<#{self.class}: #{self}>"
+      end
+
+    end
+  end
+end

data/lib/nvd/json_feeds/gz_feed_file.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require 'nvd/json_feeds/feed_file'
+require 'nvd/json_feeds/json_feed_file'
+require 'nvd/json_feeds/exceptions'
+
+require 'shellwords'
+
+module NVD
+  module JSONFeeds
+    class GzFeedFile < FeedFile
+
+      #
+      # The filename of the `.json` file within the `.gz` archive.
+      #
+      # @return [String]
+      #
+      def json_filename
+        File.basename(@path,'.gz')
+      end
+
+      #
+      # Reads the compressed feed file.
+      #
+      # @return [String]
+      #
+      # @raise [ReadFailed]
+      #   The `gunzip` command is not installed.
+      #
+      def read
+        `gunzip -q -c -k #{Shellwords.escape(@path)}`
+      rescue Errno::ENOENT
+        raise(ReadFailed,"gunzip command is not installed")
+      end
+
+      #
+      # Extracts the feed file.
+      #
+      # @return [JSONFeedFile]
+      #
+      # @raise [ExtractFailed]
+      #   The `gunzip` command failed or did the `.json` file was not extracted.
+      #
+      def extract
+        unless system('gunzip', '-q', '-k', @path)
+          raise(ExtractFailed,"gunzip command failed")
+        end
+
+        extracted_dir  = File.dirname(@path)
+        extracted_path = File.join(extracted_dir,json_filename)
+
+        unless File.file?(extracted_path)
+          raise(ExtractFailed,"extraction failed: #{@path.inspect}")
+        end
+
+        return JSONFeedFile.new(extracted_path)
+      end
+    end
+  end
+end

data/lib/nvd/json_feeds/gz_feed_uri.rb

@@ -0,0 +1,25 @@
+require 'nvd/json_feeds/feed_uri'
+require 'nvd/json_feeds/gz_feed_file'
+
+module NVD
+  module JSONFeeds
+    #
+    # Represents a URI to a `.json.gz` feed file.
+    #
+    class GzFeedURI < FeedURI
+
+      #
+      # Downloads the compressed feed file.
+      #
+      # @param [String] dest
+      #   The destination file or directory.
+      #
+      # @return [GzFeedFile]
+      #
+      def download(dest)
+        GzFeedFile.new(super(dest))
+      end
+
+    end
+  end
+end

data/lib/nvd/json_feeds/json_feed_file.rb

@@ -0,0 +1,21 @@
+require 'nvd/json_feeds/feed_file'
+
+module NVD
+  module JSONFeeds
+    #
+    # Represents a `.json` feed file.
+    #
+    class JSONFeedFile < FeedFile
+
+      #
+      # Reads the JSON feed file.
+      #
+      # @return [String]
+      #
+      def read
+        File.read(@path)
+      end
+
+    end
+  end
+end

data/lib/nvd/json_feeds/meta.rb

@@ -0,0 +1,122 @@
+require 'nvd/json_feeds/exceptions'
+
+require 'time'
+
+module NVD
+  module JSONFeeds
+    #
+    # Represents the parsed contents of a `.meta` file.
+    #
+    class Meta
+
+      # The date the feed file was last updated.
+      #
+      # @return [DateTime]
+      attr_reader :last_modified_date
+
+      # The size of the uncompressed `.json` feed file.
+      #
+      # @return [Integer]
+      attr_reader :size
+
+      # The size of the `.zip` feed file.
+      #
+      # @return [Integer]
+      attr_reader :zip_size
+
+      # The size of the `.gz` feed file.
+      #
+      # @return [Integer]
+      attr_reader :gz_size
+
+      # The SHA256 checksum of the uncompressed `.json` feed file.
+      #
+      # @return [String]
+      # @note NVD uses all upper-case SHA256 checksums.
+      attr_reader :sha256
+
+      #
+      # Initializes the feed metadata.
+      #
+      # @param [DateTime] last_modified_date
+      #   The parsed `lastModifiedDate` timestamp.
+      #
+      # @param [Integer] size
+      #   The `size` value.
+      #
+      # @param [Integer] zip_size
+      #   The `zipSize` value.
+      #
+      # @param [Integer] gz_size
+      #   The `gzSize` value.
+      #
+      # @param [String] sha256
+      #   The `sha256` value.
+      #
+      def initialize(last_modified_date,size,zip_size,gz_size,sha256)
+        @last_modified_date = last_modified_date
+
+        @size     = size
+        @zip_size = zip_size
+        @gz_size  = gz_size
+        @sha256   = sha256
+      end
+
+      #
+      # Parses the text.
+      #
+      # @param [String] string
+      #   The raw meta string.
+      #
+      # @return [Meta]
+      #   The parsed meta information.
+      #
+      # @raise [MetaParseError]
+      #   The meta string was malformed.
+      #
+      def self.parse(string)
+        last_modified_date = nil
+        size     = nil
+        zip_size = nil
+        gz_size  = nil
+        sha256   = nil
+
+        string.each_line do |line|
+          name, value = line.chomp.split(':',2)
+
+          case name
+          when 'lastModifiedDate'
+            last_modified_date = DateTime.parse(value)
+          when 'size'    then size     = value.to_i
+          when 'zipSize' then zip_size = value.to_i
+          when 'gzSize'  then gz_size  = value.to_i
+          when 'sha256'  then sha256   = value
+          end
+        end
+
+        unless last_modified_date
+          raise(MetaParseError,"lastModifiedDate missing")
+        end
+
+        unless size
+          raise(MetaParseError,"size entry missing")
+        end
+
+        unless zip_size
+          raise(MetaParseError,"zipSize entry missing")
+        end
+
+        unless gz_size
+          raise(MetaParseError,"gzSize entry missing")
+        end
+
+        unless sha256
+          raise(MetaParseError,"sha256 entry missing")
+        end
+
+        return new(last_modified_date,size,zip_size,gz_size,sha256)
+      end
+
+    end
+  end
+end

data/lib/nvd/json_feeds/meta_feed_uri.rb

@@ -0,0 +1,22 @@
+require 'nvd/json_feeds/feed_uri'
+require 'nvd/json_feeds/meta'
+
+module NVD
+  module JSONFeeds
+    #
+    # Represents a URI to the `.meta` feed file.
+    #
+    class MetaFeedURI < FeedURI
+
+      #
+      # Requests and parses the feed metadata.
+      #
+      # @return [FeedMeta]
+      #
+      def parse
+        Meta.parse(get)
+      end
+
+    end
+  end
+end

data/lib/nvd/json_feeds/schema/configurations.rb

@@ -0,0 +1,61 @@
+require 'nvd/json_feeds/schema/configurations/node'
+require 'nvd/json_feeds/schema/has_data_version'
+
+module NVD
+  module JSONFeeds
+    module Schema
+      #
+      # Represents the `"configurations"` value.
+      #
+      class Configurations
+
+        include HasDataVersion
+
+        # The nodes of the configuration.
+        #
+        # @return [Array<Node>]
+        attr_reader :nodes
+
+        #
+        # Initializes the configuration.
+        #
+        # @param [Array<Node>] nodes
+        #
+        def initialize(nodes: [], **kwargs)
+          super(**kwargs)
+
+          @nodes = nodes
+        end
+
+        #
+        # Maps the parsed JSON to a Symbol Hash for {#initialize}.
+        #
+        # @param [Hash{String => Object}] json
+        #
+        # @return [Hash{Symbol => Object}]
+        #
+        def self.from_json(json)
+          {
+            **super(json),
+
+            nodes: Array(json['nodes']).map(&Node.method(:load))
+          }
+        end
+
+        #
+        # Loads the configuration from the parsed JSON.
+        #
+        # @param [Hash{String => Object}] json
+        #   The parsed JSON.
+        #
+        # @return [Cojnfiguration]
+        #   The loaded configuration object.
+        #
+        def self.load(json)
+          new(**from_json(json))
+        end
+
+      end
+    end
+  end
+end