nvd-json_feeds 0.1.0

data/nvd-json_feeds.gemspec

@@ -0,0 +1,61 @@
+# encoding: utf-8
+
+require 'yaml'
+
+Gem::Specification.new do |gem|
+  gemspec = YAML.load_file('gemspec.yml')
+
+  gem.name    = gemspec.fetch('name')
+  gem.version = gemspec.fetch('version') do
+                  lib_dir = File.join(File.dirname(__FILE__),'lib')
+                  $LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+
+                  require 'nvd/json_feeds/version'
+                  NVD::JSONFeeds::VERSION
+                end
+
+  gem.summary     = gemspec['summary']
+  gem.description = gemspec['description']
+  gem.licenses    = Array(gemspec['license'])
+  gem.authors     = Array(gemspec['authors'])
+  gem.email       = gemspec['email']
+  gem.homepage    = gemspec['homepage']
+  gem.metadata    = gemspec['metadata'] if gemspec['metadata']
+
+  glob = lambda { |patterns| gem.files & Dir[*patterns] }
+
+  gem.files = `git ls-files`.split($/)
+  gem.files = glob[gemspec['files']] if gemspec['files']
+
+  gem.executables = gemspec.fetch('executables') do
+    glob['bin/*'].map { |path| File.basename(path) }
+  end
+  gem.default_executable = gem.executables.first if Gem::VERSION < '1.7.'
+
+  gem.extensions       = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
+  gem.test_files       = glob[gemspec['test_files'] || '{test/{**/}*_test.rb']
+  gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
+
+  gem.require_paths = Array(gemspec.fetch('require_paths') {
+    %w[ext lib].select { |dir| File.directory?(dir) }
+  })
+
+  gem.requirements              = Array(gemspec['requirements'])
+  gem.required_ruby_version     = gemspec['required_ruby_version']
+  gem.required_rubygems_version = gemspec['required_rubygems_version']
+  gem.post_install_message      = gemspec['post_install_message']
+
+  split = lambda { |string| string.split(/,\s*/) }
+
+  if gemspec['dependencies']
+    gemspec['dependencies'].each do |name,versions|
+      gem.add_dependency(name,split[versions])
+    end
+  end
+
+  if gemspec['development_dependencies']
+    gemspec['development_dependencies'].each do |name,versions|
+      gem.add_development_dependency(name,split[versions])
+    end
+  end
+end

data/spec/feed_file_examples.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+RSpec.shared_examples_for "FeedFile" do
+  describe "#read" do
+    subject { super().read }
+
+    it "must return a String" do
+      expect(subject).to be_kind_of(String)
+      expect(subject).to_not be_empty
+    end
+  end
+
+  describe "#json" do
+    subject { super().json }
+
+    it "must return a parsed JSON Hash" do
+      expect(subject).to be_kind_of(Hash)
+      expect(subject).to_not be_empty
+    end
+  end
+
+  describe "#parse" do
+    it "must return a CVEFeed object" do
+      expect(subject.parse).to be_kind_of(Schema::CVEFeed)
+    end
+  end
+end

data/spec/feed_file_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper'
+require 'nvd/json_feeds/feed_file'
+
+describe FeedFile do
+  let(:fixtures_dir) { File.expand_path('../fixtures',__FILE__) }
+  let(:filename)     { 'nvdcve-1.1-recent.json'                 }
+  let(:path)         { File.join(fixtures_dir,filename)         }
+  
+  subject { described_class.new(path) }
+
+  describe "#initialize" do
+    it "must set #path" do
+      expect(subject.path).to eq(path)
+    end
+
+    context "when given a relative path" do
+      let(:path) { File.join('../fixtures',filename) }
+
+      it "must expand the relative path" do
+        expect(subject.path).to eq(File.expand_path(path))
+      end
+    end
+  end
+
+  describe "#read" do
+    it do
+      expect { subject.read }.to raise_error(NotImplementedError)
+    end
+  end
+
+  describe "#to_s" do
+    it "must the #path" do
+      expect(subject.to_s).to eq(subject.path)
+    end
+  end
+
+  describe "#inspect" do
+    it "must include the class name and path" do
+      expect(subject.inspect).to eq("#<#{described_class}: #{subject.path}>")
+    end
+  end
+end

data/spec/feed_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+require 'nvd/json_feeds/feed'
+
+describe Feed do
+  let(:name) { :recent }
+
+  subject { described_class.new(name) }
+
+  describe "#initialize" do
+    it "must set #name" do
+      expect(subject.name).to eq(name)
+    end
+
+    describe "#meta" do
+      subject { super().meta }
+
+      it { expect(subject).to be_kind_of(MetaFeedURI) }
+
+      it "must have the same name" do
+        expect(subject.name).to eq(name)
+      end
+
+      it "must use '.meta' for the extension" do
+        expect(subject.ext).to eq('.meta')
+      end
+    end
+
+    describe "#gz" do
+      subject { super().gz }
+
+      it { expect(subject).to be_kind_of(GzFeedURI) }
+
+      it "must have the same name" do
+        expect(subject.name).to eq(name)
+      end
+
+      it "must use '.json.gz' for the extension" do
+        expect(subject.ext).to eq('.json.gz')
+      end
+    end
+
+    describe "#zip" do
+      subject { super().zip }
+
+      it { expect(subject).to be_kind_of(ZipFeedURI) }
+
+      it "must have the same name" do
+        expect(subject.name).to eq(name)
+      end
+
+      it "must use '.json.zip' for the extension" do
+        expect(subject.ext).to eq('.json.zip')
+      end
+    end
+  end
+end

data/spec/feed_uri_spec.rb

@@ -0,0 +1,81 @@
+require 'spec_helper'
+require 'nvd/json_feeds/feed_uri'
+
+describe FeedURI do
+  let(:name) { :recent }
+  let(:ext)  { '.json.gz' }
+  
+  subject { described_class.new(name,ext) }
+
+  describe "#initialize" do
+    it "must set #name" do
+      expect(subject.name).to eq(name)
+    end
+
+    it "must set #ext" do
+      expect(subject.ext).to eq(ext)
+    end
+
+    it "must set #filename" do
+      expect(subject.filename).to eq("nvdcve-1.1-#{name}#{ext}")
+    end
+  end
+
+  describe "#get", :integration do
+    let(:contents) { Net::HTTP.get(subject.uri) }
+
+    context "when not given a block" do
+      it "must return the full String of the file" do
+        expect(subject.get).to eq(contents)
+      end
+    end
+
+    context "when given a block" do
+      it "must yield each chunk of the file" do
+        chunks = []
+
+        subject.get { |chunk| chunks << chunk } 
+
+        expect(chunks.join).to eq(contents)
+      end
+    end
+  end
+
+  describe "#download", :integration do
+    context "when given a file" do
+      it "must return the path to the newly downloaded file" do
+      end
+    end
+
+    context "when given a directory" do
+      it "must return the path to the newly downloaded file in the directory" do
+      end
+    end
+  end
+
+  describe "#uri" do
+    subject { super().uri }
+
+    it { expect(subject).to be_kind_of(URI::HTTPS) }
+
+    describe "host" do
+      it { expect(subject.host).to eq('nvd.nist.gov') }
+    end
+
+    describe "path" do
+      it { expect(subject.path).to start_with('/feeds/json/cve/1.1/') }
+    end
+  end
+
+  describe "#to_s" do
+    it "must the String version of the URI" do
+      expect(subject.to_s).to eq(subject.uri.to_s)
+    end
+  end
+
+  describe "#inspect" do
+    it "must include the class name and URI" do
+      expect(subject.inspect).to eq("#<#{described_class}: #{subject.uri}>")
+    end
+  end
+end

data/spec/fixtures/nvdcve-1.1-recent.json

@@ -0,0 +1,180 @@
+{
+  "CVE_data_type" : "CVE",
+  "CVE_data_format" : "MITRE",
+  "CVE_data_version" : "4.0",
+  "CVE_data_numberOfCVEs" : "343",
+  "CVE_data_timestamp" : "2020-12-30T11:00Z",
+  "CVE_Items" : [ {
+    "cve" : {
+      "data_type" : "CVE",
+      "data_format" : "MITRE",
+      "data_version" : "4.0",
+      "CVE_data_meta" : {
+        "ID" : "CVE-2018-1000891",
+        "ASSIGNER" : "cve@mitre.org"
+      },
+      "problemtype" : {
+        "problemtype_data" : [ {
+          "description" : [ {
+            "lang" : "en",
+            "value" : "CWE-400"
+          } ]
+        } ]
+      },
+      "references" : {
+        "reference_data" : [ {
+          "url" : "https://bitcoinsv.io/2019/03/01/denial-of-service-vulnerabilities-repaired-in-bitcoin-sv-version-0-1-1/",
+          "name" : "https://bitcoinsv.io/2019/03/01/denial-of-service-vulnerabilities-repaired-in-bitcoin-sv-version-0-1-1/",
+          "refsource" : "MISC",
+          "tags" : [ "Vendor Advisory" ]
+        } ]
+      },
+      "description" : {
+        "description_data" : [ {
+          "lang" : "en",
+          "value" : "Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invalid checksums."
+        } ]
+      }
+    },
+    "configurations" : {
+      "CVE_data_version" : "4.0",
+      "nodes" : [ {
+        "operator" : "OR",
+        "cpe_match" : [ {
+          "vulnerable" : true,
+          "cpe23Uri" : "cpe:2.3:a:bitcoinsv:bitcoin_sv:*:*:*:*:*:*:*:*",
+          "versionEndExcluding" : "0.1.1"
+        } ]
+      } ]
+    },
+    "impact" : {
+      "baseMetricV3" : {
+        "cvssV3" : {
+          "version" : "3.1",
+          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector" : "NETWORK",
+          "attackComplexity" : "LOW",
+          "privilegesRequired" : "NONE",
+          "userInteraction" : "NONE",
+          "scope" : "UNCHANGED",
+          "confidentialityImpact" : "NONE",
+          "integrityImpact" : "NONE",
+          "availabilityImpact" : "HIGH",
+          "baseScore" : 7.5,
+          "baseSeverity" : "HIGH"
+        },
+        "exploitabilityScore" : 3.9,
+        "impactScore" : 3.6
+      },
+      "baseMetricV2" : {
+        "cvssV2" : {
+          "version" : "2.0",
+          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+          "accessVector" : "NETWORK",
+          "accessComplexity" : "LOW",
+          "authentication" : "NONE",
+          "confidentialityImpact" : "NONE",
+          "integrityImpact" : "NONE",
+          "availabilityImpact" : "PARTIAL",
+          "baseScore" : 5.0
+        },
+        "severity" : "MEDIUM",
+        "exploitabilityScore" : 10.0,
+        "impactScore" : 2.9,
+        "acInsufInfo" : false,
+        "obtainAllPrivilege" : false,
+        "obtainUserPrivilege" : false,
+        "obtainOtherPrivilege" : false,
+        "userInteractionRequired" : false
+      }
+    },
+    "publishedDate" : "2020-12-23T17:15Z",
+    "lastModifiedDate" : "2020-12-23T20:10Z"
+  }, {
+    "cve" : {
+      "data_type" : "CVE",
+      "data_format" : "MITRE",
+      "data_version" : "4.0",
+      "CVE_data_meta" : {
+        "ID" : "CVE-2018-1000892",
+        "ASSIGNER" : "cve@mitre.org"
+      },
+      "problemtype" : {
+        "problemtype_data" : [ {
+          "description" : [ {
+            "lang" : "en",
+            "value" : "CWE-400"
+          } ]
+        } ]
+      },
+      "references" : {
+        "reference_data" : [ {
+          "url" : "https://bitcoinsv.io/2019/03/01/denial-of-service-vulnerabilities-repaired-in-bitcoin-sv-version-0-1-1/",
+          "name" : "https://bitcoinsv.io/2019/03/01/denial-of-service-vulnerabilities-repaired-in-bitcoin-sv-version-0-1-1/",
+          "refsource" : "MISC",
+          "tags" : [ "Vendor Advisory" ]
+        } ]
+      },
+      "description" : {
+        "description_data" : [ {
+          "lang" : "en",
+          "value" : "Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages."
+        } ]
+      }
+    },
+    "configurations" : {
+      "CVE_data_version" : "4.0",
+      "nodes" : [ {
+        "operator" : "OR",
+        "cpe_match" : [ {
+          "vulnerable" : true,
+          "cpe23Uri" : "cpe:2.3:a:bitcoinsv:bitcoin_sv:*:*:*:*:*:*:*:*",
+          "versionEndExcluding" : "0.1.1"
+        } ]
+      } ]
+    },
+    "impact" : {
+      "baseMetricV3" : {
+        "cvssV3" : {
+          "version" : "3.1",
+          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector" : "NETWORK",
+          "attackComplexity" : "LOW",
+          "privilegesRequired" : "NONE",
+          "userInteraction" : "NONE",
+          "scope" : "UNCHANGED",
+          "confidentialityImpact" : "NONE",
+          "integrityImpact" : "NONE",
+          "availabilityImpact" : "HIGH",
+          "baseScore" : 7.5,
+          "baseSeverity" : "HIGH"
+        },
+        "exploitabilityScore" : 3.9,
+        "impactScore" : 3.6
+      },
+      "baseMetricV2" : {
+        "cvssV2" : {
+          "version" : "2.0",
+          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+          "accessVector" : "NETWORK",
+          "accessComplexity" : "LOW",
+          "authentication" : "NONE",
+          "confidentialityImpact" : "NONE",
+          "integrityImpact" : "NONE",
+          "availabilityImpact" : "PARTIAL",
+          "baseScore" : 5.0
+        },
+        "severity" : "MEDIUM",
+        "exploitabilityScore" : 10.0,
+        "impactScore" : 2.9,
+        "acInsufInfo" : false,
+        "obtainAllPrivilege" : false,
+        "obtainUserPrivilege" : false,
+        "obtainOtherPrivilege" : false,
+        "userInteractionRequired" : false
+      }
+    },
+    "publishedDate" : "2020-12-23T17:15Z",
+    "lastModifiedDate" : "2020-12-23T20:10Z"
+  } ]
+}