nvd-json_feeds 0.1.0

data/spec/gz_feed_file_spec.rb

@@ -0,0 +1,66 @@
+require 'spec_helper'
+require 'feed_file_examples'
+require 'nvd/json_feeds/gz_feed_file'
+
+require 'fileutils'
+require 'shellwords'
+
+describe NVD::JSONFeeds::GzFeedFile do
+  let(:fixtures_dir)  { File.expand_path('../fixtures',__FILE__) }
+  let(:json_filename) { 'nvdcve-1.1-recent.json'                 }
+  let(:json_file)     { File.join(fixtures_dir,json_filename)    }
+
+  let(:gz_filename) { "#{json_filename}.gz"                  }
+  let(:dir)         { File.join(fixtures_dir,'gz_feed_file') }
+  let(:path)        { File.join(dir,gz_filename)             }
+
+  subject { described_class.new(path) }
+
+  include_examples "FeedFile"
+
+  describe "#json_filename" do
+    it "must return the '.json' filename without the '.gz' extension" do
+      expect(subject.json_filename).to eq(json_filename)
+    end
+  end
+
+  describe "#read" do
+    it "must read the ungziped contents" do
+      expect(subject.read).to be == File.read(json_file)
+    end
+
+    context "when gunzip is not installed" do
+      before do
+        expect(subject).to receive(:`).and_raise(Errno::ENOENT)
+      end
+
+      it do
+        expect { subject.read }.to raise_error(ReadFailed)
+      end
+    end
+  end
+
+  describe "#extract" do
+    let(:extracted_json_file) { File.join(dir,json_filename) }
+
+    it "must gunzip the '.gz' file and return a JSONFeedfile" do
+      feed_file = subject.extract
+
+      expect(feed_file).to be_kind_of(JSONFeedFile)
+      expect(feed_file.path).to eq(extracted_json_file)
+      expect(File.file?(extracted_json_file)).to be(true)
+    end
+
+    context "when gunzip fails" do
+      before do
+        allow(subject).to receive(:system).and_return(false)
+      end
+
+      it do
+        expect { subject.extract }.to raise_error(ExtractFailed)
+      end
+    end
+
+    after { FileUtils.rm_f(extracted_json_file) }
+  end
+end

data/spec/gz_feed_uri_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+require 'nvd/json_feeds/gz_feed_uri'
+
+require 'fileutils'
+
+describe NVD::JSONFeeds::GzFeedURI do
+  let(:fixtures_dir) { File.expand_path('../fixtures',__FILE__) }
+
+  let(:name) { :recent }
+  let(:ext)  { '.json.gz' }
+  
+  subject { described_class.new(name,ext) }
+
+  describe "#download", :integration do
+    let(:download_dir) { File.join(fixtures_dir,'download') }
+    let(:dest) { File.join(download_dir,subject.filename) }
+
+    before do
+      FileUtils.mkdir_p(download_dir)
+      FileUtils.rm_f(dest)
+    end
+
+    it "must return a GzFeedFile object for the newly downloaded file" do
+      feed_file = subject.download(dest)
+
+      expect(feed_file).to be_kind_of(GzFeedFile)
+      expect(feed_file.path).to eq(dest)
+      expect(File.file?(dest)).to be(true)
+    end
+
+    after do
+      FileUtils.rm_f(dest)
+    end
+  end
+end

data/spec/json_feed_file_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+require 'feed_file_examples'
+require 'nvd/json_feeds/json_feed_file'
+
+describe JSONFeedFile do
+  let(:fixtures_dir) { File.expand_path('../fixtures',__FILE__)         }
+  let(:path)         { File.join(fixtures_dir,'nvdcve-1.1-recent.json') }
+
+  subject { described_class.new(path) }
+
+  include_examples "FeedFile"
+
+  describe "#read" do
+    it "must read the contents of the json file" do
+      expect(subject.read).to eq(File.read(path))
+    end
+  end
+end

data/spec/json_feeds_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+require 'nvd/json_feeds'
+
+describe NVD::JSONFeeds do
+  it "should have a VERSION constant" do
+    expect(subject.const_get('VERSION')).to_not be_empty
+  end
+end

data/spec/meta_spec.rb

@@ -0,0 +1,141 @@
+require 'spec_helper'
+require 'nvd/json_feeds/meta'
+
+describe Meta do
+  let(:last_modified_date_string) { '2021-01-18T08:01:40-05:00' }
+  let(:last_modified_date) { DateTime.parse(last_modified_date_string) }
+  let(:size) { 3499526 }
+  let(:zip_size) {212317 }
+  let(:gz_size) { 212173 }
+  let(:sha256) { '9013088A0E882B4FBB590A25D8CC00431AE4CA465CB66EF9E2F7F231EE54BE6F' }
+
+  describe "#initialize" do
+    subject do
+      described_class.new(last_modified_date,size,zip_size,gz_size,sha256)
+    end
+
+    it "must set #last_modified_date" do
+      expect(subject.last_modified_date).to eq(last_modified_date)
+    end
+
+    it "must set #size" do
+      expect(subject.size).to eq(size)
+    end
+
+    it "must set #zip_size" do
+      expect(subject.zip_size).to eq(zip_size)
+    end
+
+    it "must set #gz_size" do
+      expect(subject.gz_size).to eq(gz_size)
+    end
+
+    it "must set #sha256" do
+      expect(subject.sha256).to eq(sha256)
+    end
+  end
+
+  describe ".parse" do
+    let(:string) do
+      [
+        "lastModifiedDate:#{last_modified_date_string}",
+        "size:#{size}",
+        "zipSize:#{zip_size}",
+        "gzSize:#{gz_size}",
+        "sha256:#{sha256}"
+      ].join("\r\n")
+    end
+
+    subject { described_class }
+
+    it "must return a #{described_class} object" do
+      expect(subject.parse(string)).to be_kind_of(described_class)
+    end
+
+    context "lastModifiedDate" do
+      subject { described_class.parse(string) }
+
+      it "must parse into a DatEtime" do
+        expect(subject.last_modified_date).to be_kind_of(DateTime)
+      end
+
+      it { expect(subject.last_modified_date).to eq(last_modified_date) }
+    end
+
+    context "size" do
+      subject { described_class.parse(string) }
+
+      it "must convert into an Integer" do
+        expect(subject.size).to be_kind_of(Integer)
+      end
+
+      it { expect(subject.size).to eq(size) }
+    end
+
+    context "zipSize" do
+      subject { described_class.parse(string) }
+
+      it "must convert into an Integer" do
+        expect(subject.zip_size).to be_kind_of(Integer)
+      end
+
+      it { expect(subject.zip_size).to eq(zip_size) }
+    end
+
+    context "gzSize" do
+      subject { described_class.parse(string) }
+
+      it "must convert into an Integer" do
+        expect(subject.gz_size).to be_kind_of(Integer)
+      end
+
+      it { expect(subject.gz_size).to eq(gz_size) }
+    end
+
+    context "sha256" do
+      subject { described_class.parse(string) }
+
+      it { expect(subject.sha256).to eq(sha256) }
+    end
+
+    context "when lastModifiedDate is missing" do
+      let(:string) { super().sub(/^lastModifiedDate:.*$/,'') }
+
+      it do
+        expect { subject.parse(string) }.to raise_error(MetaParseError)
+      end
+    end
+
+    context "when size is missing" do
+      let(:string) { super().sub(/^size:.*$/,'') }
+
+      it do
+        expect { subject.parse(string) }.to raise_error(MetaParseError)
+      end
+    end
+
+    context "when zipSize is missing" do
+      let(:string) { super().sub(/^zipSize:.*$/,'') }
+
+      it do
+        expect { subject.parse(string) }.to raise_error(MetaParseError)
+      end
+    end
+
+    context "when gzSize is missing" do
+      let(:string) { super().sub(/^gzSize:.*$/,'') }
+
+      it do
+        expect { subject.parse(string) }.to raise_error(MetaParseError)
+      end
+    end
+
+    context "when sha256 is missing" do
+      let(:string) { super().sub(/^sha256:.*$/,'') }
+
+      it do
+        expect { subject.parse(string) }.to raise_error(MetaParseError)
+      end
+    end
+  end
+end

data/spec/schema/configurations/node_spec.rb

@@ -0,0 +1,87 @@
+require 'spec_helper'
+require 'schema/shared_examples'
+require 'nvd/json_feeds/schema/configurations/node'
+
+describe Schema::Configurations::Node do
+  describe "#initialize" do
+    context "when operator: is given" do
+      let(:operator) { :AND }
+
+      subject { described_class.new(operator: operator) }
+
+      it "must set #operator" do
+        expect(subject.operator).to eq(operator)
+      end
+    end
+
+    context "when operator: is not given" do
+      it { expect(subject.operator).to be(nil) }
+    end
+
+    context "when negate: is given" do
+      let(:negate) { true }
+
+      subject { described_class.new(negate: negate) }
+
+      it "must set #negate" do
+        expect(subject.negate).to eq(negate)
+      end
+    end
+
+    context "when negate: is not given" do
+      it { expect(subject.negate).to be(nil) }
+    end
+
+    context "when children: is given" do
+      let(:children) { [double(:Node1), double(:Node2)] }
+
+      subject { described_class.new(children: children) }
+
+      it "must set #children" do
+        expect(subject.children).to eq(children)
+      end
+    end
+
+    context "when children: is not given" do
+      it { expect(subject.children).to eq([]) }
+    end
+
+    context "when cpe_match: is given" do
+      let(:cpe_match) { [double("CPE::Match1"), double("CPE::Match2")] }
+
+      subject { described_class.new(cpe_match: cpe_match) }
+
+      it "must set #cpe_match" do
+        expect(subject.cpe_match).to eq(cpe_match)
+      end
+    end
+
+    context "when cpe_match: is not given" do
+      it { expect(subject.cpe_match).to eq([]) }
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:json_node) { json_tree['CVE_Items'][0]['configurations']['nodes'][0] }
+
+    include_examples "JSON field", json_key: 'operator',
+                                   method:   :operator,
+                                   map:      described_class::OPERATORS
+
+    include_examples "JSON field", json_key: 'negate',
+                                   method:   :negate
+
+    pending 'need an example containing \"children\"'do
+      include_examples "JSON Array field", json_key:     'children',
+                                           method:        :children,
+                                           element_class: described_class
+    end
+
+    include_examples "JSON Array field", json_key:     'cpe_match',
+                                         method:        :cpe_match,
+                                         element_class: Schema::CPE::Match
+
+  end
+end

data/spec/schema/configurations_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper'
+require 'schema/shared_examples'
+require 'nvd/json_feeds/schema/configurations'
+
+describe Schema::Configurations do
+  describe "#initialize" do
+    let(:data_version) { :"4.0" }
+
+    context "when data_version: is given" do
+      subject { described_class.new(data_version: data_version) }
+
+      it "must set #data_version" do
+        expect(subject.data_version).to eq(data_version)
+      end
+
+      context "and when nodes: is given" do
+        let(:nodes) { [double(:Node1), double(:Node2)] }
+
+        subject do
+          described_class.new(data_version: data_version, nodes: nodes)
+        end
+
+        it "must set #nodes" do
+          expect(subject.nodes).to eq(nodes)
+        end
+      end
+
+      context "but when nodes: is not given" do
+        it { expect(subject.nodes).to eq([]) }
+      end
+    end
+
+    context "when data_version: is not given" do
+      it do
+        expect {
+          described_class.new
+        }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:json_node) { json_tree['CVE_Items'][0]['configurations'] }
+
+    include_examples "JSON field", json_key: 'CVE_data_version',
+                                   required: true,
+                                   method:   :data_version,
+                                   map:      described_class::DATA_VERSIONS
+
+    include_examples "JSON Array field", json_key: 'nodes',
+                                         method: :nodes,
+                                         element_class: described_class::Node
+
+  end
+end

data/spec/schema/cpe/match_spec.rb

@@ -0,0 +1,188 @@
+require 'spec_helper'
+require 'schema/shared_examples'
+require 'nvd/json_feeds/schema/cpe/match'
+
+describe Schema::CPE::Match do
+  describe "#initialize" do
+    context "when cpe23uri: is given" do
+      let(:cpe23uri) { 'cpe:2.3:a:bitcoinsv:bitcoin_sv:*:*:*:*:*:*:*:*' }
+
+      context "and when vulnerable: is given" do
+        let(:vulnerable) { true }
+
+        subject do
+          described_class.new(
+            cpe23uri:   cpe23uri,
+            vulnerable: vulnerable
+          )
+        end
+
+        it "must set #vulnerable" do
+          expect(subject.vulnerable).to eq(vulnerable)
+        end
+
+        context "and when version_start_excluding: is given" do
+          let(:version) { '1.2.3' }
+
+          subject do
+            described_class.new(
+              cpe23uri:   cpe23uri,
+              vulnerable: vulnerable,
+              version_start_excluding: version
+            )
+          end
+
+          it "must set #version_start_excluding" do
+            expect(subject.version_start_excluding).to eq(version)
+          end
+        end
+
+        context "but when version_start_excluding: is not given" do
+          it { expect(subject.version_start_excluding).to be(nil) }
+        end
+
+        context "and when version_start_including: is given" do
+          let(:version) { '1.2.3' }
+
+          subject do
+            described_class.new(
+              cpe23uri:   cpe23uri,
+              vulnerable: vulnerable,
+              version_start_including: version
+            )
+          end
+
+          it "must set #version_start_including" do
+            expect(subject.version_start_including).to eq(version)
+          end
+        end
+
+        context "but when version_start_including: is not given" do
+          it { expect(subject.version_start_including).to be(nil) }
+        end
+
+        context "and when version_end_excluding: is given" do
+          let(:version) { '1.2.3' }
+
+          subject do
+            described_class.new(
+              cpe23uri:   cpe23uri,
+              vulnerable: vulnerable,
+              version_end_excluding: version
+            )
+          end
+
+          it "must set #version_end_excluding" do
+            expect(subject.version_end_excluding).to eq(version)
+          end
+        end
+
+        context "but when version_end_excluding: is not given" do
+          it { expect(subject.version_end_excluding).to be(nil) }
+        end
+
+        context "and when version_end_including: is given" do
+          let(:version) { '1.2.3' }
+
+          subject do
+            described_class.new(
+              cpe23uri:   cpe23uri,
+              vulnerable: vulnerable,
+              version_end_including: version
+            )
+          end
+
+          it "must set #version_end_including" do
+            expect(subject.version_end_including).to eq(version)
+          end
+        end
+
+        context "but when version_end_including: is not given" do
+          it { expect(subject.version_end_including).to be(nil) }
+        end
+
+        context "and when cpe_name: is given" do
+          let(:cpe_name) { [double("CPE::Name1"), double("CPE::Name2")] }
+
+          subject do
+            described_class.new(
+              cpe23uri:   cpe23uri,
+              vulnerable: vulnerable,
+              cpe_name:   cpe_name
+            )
+          end
+
+          it "must set #cpe_name" do
+            expect(subject.cpe_name).to eq(cpe_name)
+          end
+        end
+
+        context "but when cpe_name: is not given" do
+          it { expect(subject.cpe_name).to eq([]) }
+        end
+      end
+
+      context "but when vulnerable: is not given" do
+        it do
+          expect {
+            described_class.new
+          }.to raise_error(ArgumentError)
+        end
+      end
+    end
+
+    context "but when cpe23uri: is not given" do
+      it do
+        expect {
+          described_class.new
+        }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:json_node) do
+      json_tree['CVE_Items'][0]['configurations']['nodes'][0]['cpe_match'][0]
+    end
+
+    include_examples "JSON field", json_key: 'vulnerable',
+                                   required: true,
+                                   method:   :vulnerable
+
+    include_examples "JSON field", json_key: 'cpe23Uri',
+                                   required: true,
+                                   method:   :cpe23uri
+
+    pending 'need to find an example containing the "cpe22Uri" key' do
+      include_examples "JSON field", json_key: 'cpe22Uri',
+                                     required: true,
+                                     method:   :cpe22uri
+    end
+
+    pending 'need to find an example containing the "versionStartExcluding" key' do
+      include_examples "JSON field", json_key: 'versionStartExcluding',
+                                     method: :version_start_excluding
+    end
+
+    pending 'need to find an example containing the "versionStartIncluding" key' do
+      include_examples "JSON field", json_key: 'versionStartIncluding',
+                                     method: :version_start_including
+    end
+
+    include_examples "JSON field", json_key: 'versionEndExcluding',
+                                   method: :version_end_excluding
+
+    pending 'need to find an example containing the "versionEndIncluding" key' do
+      include_examples "JSON field", json_key: 'versionEndIncluding',
+                                     method: :version_end_including
+    end
+
+    pending 'need to find an example containing the "cpe_name" key' do
+      include_examples "JSON Array field", json_key: 'cpe_name',
+                                           method: :cpe_name,
+                                           element_class: Schema::CPE::Name
+    end
+  end
+end