nvd-json_feeds 0.1.0

data/spec/schema/cpe/name_spec.rb

@@ -0,0 +1,54 @@
+require 'spec_helper'
+require 'schema/shared_examples'
+require 'nvd/json_feeds/schema/cpe/name'
+
+describe Schema::CPE::Name do
+  describe "#initialize" do
+    context "when cpe23uri: is given" do
+      let(:cpe23uri) { 'cpe:2.3:a:bitcoinsv:bitcoin_sv:*:*:*:*:*:*:*:*' }
+
+      subject { described_class.new(cpe23uri: cpe23uri) }
+
+      it "must set #cpe23uri" do
+        expect(subject.cpe23uri).to eq(cpe23uri)
+      end
+
+      context "and when last_modified_date: is given" do
+        let(:last_modified_date) { DateTime.now }
+
+        subject do
+          described_class.new(
+            cpe23uri:           cpe23uri,
+            last_modified_date: last_modified_date
+          )
+        end
+
+        it "must set #last_modified_date" do
+          expect(subject.last_modified_date).to eq(last_modified_date)
+        end
+      end
+
+      context "but when last_modified_date: is not given" do
+        it { expect(subject.last_modified_date).to be(nil) }
+      end
+    end
+
+    context "but when cpe23uri: is not given" do
+      it do
+        expect {
+          described_class.new
+        }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe ".load" do
+    pending 'need to find an example containing the "cpe_name" key' do
+      include_examples ".load"
+
+      let(:json_node) do
+        json_tree['CVE_Items'][0]['configurations']['nodes'][0]['cpe_match'][0]['cpe_name']
+      end
+    end
+  end
+end

data/spec/schema/cve_feed_spec.rb

@@ -0,0 +1,162 @@
+require 'spec_helper'
+require 'schema/shared_examples'
+require 'nvd/json_feeds/schema/cve_feed'
+
+describe NVD::JSONFeeds::Schema::CVEFeed do
+  describe "#initialize" do
+    let(:data_version) { :"4.0" }
+    let(:data_type)    { :CVE   }
+    let(:data_format)  { :MITRE }
+    let(:cve_items)    { [double(:CVEItem1), double(:CVEItem2)] }
+
+    subject do
+      described_class.new(
+        data_version: data_version,
+        data_type:    data_type,
+        data_format:  data_format,
+        cve_items:    cve_items
+      )
+    end
+
+    it "must set #data_version" do
+      expect(subject.data_version).to eq(data_version)
+    end
+
+    it "must set #data_type" do
+      expect(subject.data_type).to eq(data_type)
+    end
+
+    it "must set #data_format" do
+      expect(subject.data_format).to eq(data_format)
+    end
+
+    it "must set #cve_items" do
+      expect(subject.cve_items).to eq(cve_items)
+    end
+
+    context "and when data_number_of_cves: is given" do
+      let(:data_number_of_cves) { 2 }
+
+      subject do
+        described_class.new(
+          data_version:        data_version,
+          data_type:           data_type,
+          data_format:         data_format,
+          data_number_of_cves: data_number_of_cves,
+          cve_items:           cve_items
+        )
+      end
+
+      it "must set #data_number_of_cves" do
+        expect(subject.data_number_of_cves).to eq(data_number_of_cves)
+      end
+    end
+
+    context "but when data_number_of_cves: is not given" do
+      it { expect(subject.data_number_of_cves).to be(nil) }
+    end
+
+    context "and when data_timestamp: is given" do
+      let(:data_timestamp) { DateTime.now }
+
+      subject do
+        described_class.new(
+          data_version:   data_version,
+          data_type:      data_type,
+          data_format:    data_format,
+          data_timestamp: data_timestamp,
+          cve_items:      cve_items
+        )
+      end
+
+      it "must set #data_timestamp" do
+        expect(subject.data_timestamp).to eq(data_timestamp)
+      end
+    end
+
+    context "but when data_timestamp: is not given" do
+      it { expect(subject.data_timestamp).to be(nil) }
+    end
+
+    context "but when data_version: is not given" do
+      it do
+        expect {
+          described_class.new(
+            data_type:   data_type,
+            data_format: data_format,
+            cve_items:   cve_items
+          )
+        }.to raise_error(ArgumentError)
+      end
+    end
+
+    context "but when data_type: is not given" do
+      it do
+        expect {
+          described_class.new(
+            data_version: data_version,
+            data_format:  data_format,
+            cve_items:    cve_items
+          )
+        }.to raise_error(ArgumentError)
+      end
+    end
+
+    context "but when data_format: is not given" do
+      it do
+        expect {
+          described_class.new(
+            data_version: data_version,
+            data_type:    data_type,
+            cve_items:    cve_items
+          )
+        }.to raise_error(ArgumentError)
+      end
+    end
+
+    context "but when cve_items: is not given" do
+      it do
+        expect {
+          described_class.new(
+            data_version: data_version,
+            data_type:    data_type,
+            data_format:  data_format
+          )
+        }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    include_examples "JSON field", json_key: 'CVE_data_type',
+                                   required: true,
+                                   method:   :data_type,
+                                   map:      described_class::DATA_TYPES
+
+    include_examples "JSON field", json_key: 'CVE_data_format',
+                                   required: true,
+                                   method:   :data_format,
+                                   map:      described_class::DATA_FORMATS
+
+    include_examples "JSON field", json_key: 'CVE_data_version',
+                                   required: true,
+                                   method:   :data_version,
+                                   map:      described_class::DATA_VERSIONS
+
+    include_examples "JSON field", json_key: 'CVE_data_numberOfCVEs',
+                                   required: true,
+                                   method:   :data_number_of_cves,
+                                   value:    ->{ json_value.to_i }
+
+    include_examples "JSON field", json_key: 'CVE_data_timestamp',
+                                   method:   :data_timestamp,
+                                   value:    ->{ Schema::Timestamp.parse(json_value) }
+
+    include_examples "JSON Array field", json_key:      'CVE_Items',
+                                         method:        :cve_items,
+                                         required:      true,
+                                         element_class: Schema::CVEItem
+  end
+end

data/spec/schema/cve_item_spec.rb

@@ -0,0 +1,116 @@
+require 'spec_helper'
+require 'schema/shared_examples'
+require 'nvd/json_feeds/schema/cve_item'
+
+describe NVD::JSONFeeds::Schema::CVEItem do
+  describe "#initialize" do
+    context "when cve: is given" do
+      let(:cve) { double("CVESchema::CVE") }
+
+      subject { described_class.new(cve: cve) }
+
+      it "must set #cve" do
+        expect(subject.cve).to eq(cve)
+      end
+
+      context "and when configurations: is given" do
+        let(:configurations) { double(:Configurations) }
+
+        subject do
+          described_class.new(cve: cve, configurations: configurations)
+        end
+
+        it "must set #configurations" do
+          expect(subject.configurations).to eq(configurations)
+        end
+      end
+
+      context "and when configurations: is not given" do
+        it { expect(subject.configurations).to be(nil) }
+      end
+
+      context "and when impact: is given" do
+        let(:impact) { double(:Impact) }
+
+        subject do
+          described_class.new(cve: cve, impact: impact)
+        end
+
+        it "must set #impact" do
+          expect(subject.impact).to eq(impact)
+        end
+      end
+
+      context "and when impact: is not given" do
+        it { expect(subject.impact).to be(nil) }
+      end
+
+      context "and when published_date: is given" do
+        let(:published_date) { double(:published_date) }
+
+        subject do
+          described_class.new(cve: cve, published_date: published_date)
+        end
+
+        it "must set #published_date" do
+          expect(subject.published_date).to eq(published_date)
+        end
+      end
+
+      context "and when published_date: is not given" do
+        it { expect(subject.published_date).to be(nil) }
+      end
+
+      context "and when last_modified_date: is given" do
+        let(:last_modified_date) { double(:last_modified_date) }
+
+        subject do
+          described_class.new(cve: cve, last_modified_date: last_modified_date)
+        end
+
+        it "must set #last_modified_date" do
+          expect(subject.last_modified_date).to eq(last_modified_date)
+        end
+      end
+
+      context "and when last_modified_date: is not given" do
+        it { expect(subject.last_modified_date).to be(nil) }
+      end
+    end
+
+    context "when cve: is not given" do
+      it do
+        expect {
+          described_class.new
+        }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:json_node) { json_tree['CVE_Items'][0] }
+
+    include_examples "JSON Object field", json_key:     'cve',
+                                          required:     true,
+                                          method:       :cve,
+                                          object_class: CVESchema::CVE
+
+    include_examples "JSON Object field", json_key:     'configurations',
+                                          method:       :configurations,
+                                          object_class: Schema::Configurations
+
+    include_examples "JSON Object field", json_key:     'impact',
+                                          method:       :impact,
+                                          object_class: Schema::Impact
+
+    include_examples "JSON field", json_key: 'publishedDate',
+                                   method:   :published_date,
+                                   value:    ->{ Schema::Timestamp.parse(json_value) }
+
+    include_examples "JSON field", json_key: 'lastModifiedDate',
+                                   method:   :last_modified_date,
+                                   value:    ->{ Schema::Timestamp.parse(json_value) }
+  end
+end

data/spec/schema/impact/base_metric_v2_spec.rb

@@ -0,0 +1,183 @@
+require 'spec_helper'
+require 'schema/shared_examples'
+require 'nvd/json_feeds/schema/impact/base_metric_v2'
+
+describe Schema::Impact::BaseMetricV2 do
+  describe "#initialize" do
+    context "when cvss_v2: is given" do
+      let(:cvss_v2) { double(:CVSSv3) }
+
+      subject { described_class.new(cvss_v2: cvss_v2) }
+
+      it "must set #cvss_v2" do
+        expect(subject.cvss_v2).to eq(cvss_v2)
+      end
+    end
+
+    context "when cvss_v2: is not given" do
+      it { expect(subject.cvss_v2).to be(nil) }
+    end
+
+    context "when severity: is given" do
+      let(:severity) { 'high' }
+
+      subject do
+        described_class.new(severity: severity)
+      end
+
+      it "must set #severity" do
+        expect(subject.severity).to eq(severity)
+      end
+    end
+
+    context "when severity: is not given" do
+      it { expect(subject.severity).to be(nil) }
+    end
+
+    context "when exploitability_score: is given" do
+      let(:exploitability_score) { 5.0 }
+
+      subject do
+        described_class.new(exploitability_score: exploitability_score)
+      end
+
+      it "must set #exploitability_score" do
+        expect(subject.exploitability_score).to eq(exploitability_score)
+      end
+    end
+
+    context "when exploitability_score: is not given" do
+      it { expect(subject.exploitability_score).to be(nil) }
+    end
+
+    context "when impact_score: is given" do
+      let(:impact_score) { 5.0 }
+
+      subject do
+        described_class.new(impact_score: impact_score)
+      end
+
+      it "must set #impact_score" do
+        expect(subject.impact_score).to eq(impact_score)
+      end
+    end
+
+    context "when impact_score: is not given" do
+      it { expect(subject.impact_score).to be(nil) }
+    end
+
+    context "when ac_insuf_info: is given" do
+      let(:ac_insuf_info) { 'high' }
+
+      subject do
+        described_class.new(ac_insuf_info: ac_insuf_info)
+      end
+
+      it "must set #ac_insuf_info" do
+        expect(subject.ac_insuf_info).to eq(ac_insuf_info)
+      end
+    end
+
+    context "when ac_insuf_info: is not given" do
+      it { expect(subject.ac_insuf_info).to be(nil) }
+    end
+
+    context "when obtain_all_privilege: is given" do
+      let(:obtain_all_privilege) { 'high' }
+
+      subject do
+        described_class.new(obtain_all_privilege: obtain_all_privilege)
+      end
+
+      it "must set #obtain_all_privileges" do
+        expect(subject.obtain_all_privilege).to eq(obtain_all_privilege)
+      end
+    end
+
+    context "when obtain_all_privilege: is not given" do
+      it { expect(subject.obtain_all_privilege).to be(nil) }
+    end
+
+    context "when obtain_user_privilege: is given" do
+      let(:obtain_user_privilege) { 'high' }
+
+      subject do
+        described_class.new(obtain_user_privilege: obtain_user_privilege)
+      end
+
+      it "must set #obtain_user_privilege" do
+        expect(subject.obtain_user_privilege).to eq(obtain_user_privilege)
+      end
+    end
+
+    context "when obtain_user_privilege: is not given" do
+      it { expect(subject.obtain_user_privilege).to be(nil) }
+    end
+
+    context "when obtain_other_privilege: is given" do
+      let(:obtain_other_privilege) { 'high' }
+
+      subject do
+        described_class.new(obtain_other_privilege: obtain_other_privilege)
+      end
+
+      it "must set #obtain_other_privilege" do
+        expect(subject.obtain_other_privilege).to eq(obtain_other_privilege)
+      end
+    end
+
+    context "when obtain_other_privilege: is not given" do
+      it { expect(subject.obtain_other_privilege).to be(nil) }
+    end
+
+    context "when user_interaction_required: is given" do
+      let(:user_interaction_required) { 'high' }
+
+      subject do
+        described_class.new(user_interaction_required: user_interaction_required)
+      end
+
+      it "must set #user_interaction_required" do
+        expect(subject.user_interaction_required).to eq(user_interaction_required)
+      end
+    end
+
+    context "when user_interaction_required: is not given" do
+      it { expect(subject.user_interaction_required).to be(nil) }
+    end
+  end
+
+  describe ".load" do
+    include_examples ".load"
+
+    let(:json_node) { json_tree['CVE_Items'][0]['impact']['baseMetricV2'] }
+
+    include_examples "JSON Object field", json_key:     'cvssV2',
+                                          method:       :cvss_v2,
+                                          object_class: Schema::CVSSv2
+
+    include_examples "JSON field", json_key: 'severity',
+                                   method:   :severity
+
+    include_examples "JSON field", json_key: 'exploitabilityScore',
+                                   method:   :exploitability_score
+
+    include_examples "JSON field", json_key: 'impactScore',
+                                   method:   :impact_score
+
+    include_examples "JSON field", json_key: 'acInsufInfo',
+                                   method:   :ac_insuf_info
+
+    include_examples "JSON field", json_key: 'obtainAllPrivilege',
+                                   method:   :obtain_all_privilege
+
+    include_examples "JSON field", json_key: 'obtainUserPrivilege',
+                                   method:   :obtain_user_privilege
+
+    include_examples "JSON field", json_key: 'obtainOtherPrivilege',
+                                   method:   :obtain_other_privilege
+
+    include_examples "JSON field", json_key: 'userInteractionRequired',
+                                   method:   :user_interaction_required
+  end
+end