nvd 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a882d44796a5863b20c0a416ff519a6998b354a2
+  data.tar.gz: 202c210f928e8f7ca9952eeb36bb966a15567783
+SHA512:
+  metadata.gz: cc0145c0d7ede5f9f8c18b984247b0476d76d239c243acd734ab6aaede10d5c609b68c8e7688753be2163357d3cbced3d225b6e64ea3307186207853724a3041
+  data.tar.gz: 5497bc4652471fc39a02a49e688fce3dee02c93f1a28d60d7b19b385250a52260d01ab3d421102c6f3ec7ba3f5d14ac174500f260a8645d8ea38d8f95cad16a8

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in nvd.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Ben Hamilton
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,60 @@
+# Nvd
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'nvd'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install nvd
+
+## Usage
+
+To use:
+  require 'nvd'
+  cve_data = {}
+  cve_data.merge! NVD::Feeds.fetch("cve_modified")
+  cve_data.merge! NVD::Feeds.fetch("cve_recent")
+  cve_data.keys #=> ["cve_recent", "cve_modified"]
+
+  # First run returns parsed values
+  NVD::Feeds.fetch("cve_modified")
+    #=> {"cve_modified"=>[<An Array of Entries>]}
+  # Second run return the etag if the etag is unchanged; otherwise,
+  # the parsed values are returned.
+  NVD::Feeds.fetch("cve_modified")
+    #=> {"cve_modified"=>"\"89e2a7785a6ce1:0\""}
+
+  # If you've stored the etag
+  NVD::Feeds.fetch("cve_modified", "\"89e2a7785a6ce1:0\"")
+
+  # If you want to skip etag checking
+  NVD::Feeds.fetch!("cve_modified")
+  # OR
+  NVD::Feeds.fetch("cve_modified", "\"89e2a7785a6ce1:0\"")
+
+## Available Feeds
+
+  cpe_dictionary, cve_2002, cve_2003, cve_2004,
+  cve_2005, cve_2006, cve_2007, cve_2008, cve_2009,
+  cve_2010, cve_2011, cve_2012, cve_2013,
+  cve_modified, cve_recent
+
+  NOTE: cve_YEAR is populated dynamically to be future proof
+
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/nvd.rb

@@ -0,0 +1,8 @@
+require 'httparty'
+require "nvd/version"
+require "nvd/feed.rb"
+
+
+module NVD
+  # Your code goes here...
+end

data/lib/nvd/feed.rb

@@ -0,0 +1,44 @@
+require './lib/nvd/feed/cve.rb'
+require './lib/nvd/feed/cpe.rb'
+module NVD
+  module Feed
+    @@feeds ||= []
+    @@etags ||= {}
+
+    def self.etags
+      @@etags
+    end
+
+    def self.fetch!(tag,etag=nil)
+      etags.delete tag
+      fetch(tag, etag)
+    end
+
+    def self.fetch(tag,etag=nil)
+      feed = @@feeds.detect {|f| f::LOCATIONS.any? {|k,v| k == tag || v == tag}}
+      location = feed::LOCATIONS.detect {|k,v| k == tag || v == tag}
+      return nil unless location
+      tag = location[0]
+      etag = (etags[tag] || "") unless etag
+      puts "Fetching entries for #{tag} ..."
+      {tag => feed.fetch(tag,etag)}
+    end
+
+    def self.gunzip(gdata)
+      zi = Zlib::Inflate.new(Zlib::MAX_WBITS + 32)
+      begin
+        return zi.inflate(gdata)
+  		rescue Zlib::DataError => e
+  		  raise "please provide gzipped data"
+  		rescue => e
+  		  raise e
+	  end
+
+  	end
+
+  	def self.feeds
+  	  @@feeds
+  	end
+
+  end
+end

data/lib/nvd/feed/cpe.rb

@@ -0,0 +1,46 @@
+module NVD
+  module Feed
+
+    module CPE
+      LOCATIONS = {} unless defined? LOCATIONS
+      LOCATIONS["cpe_dictionary"] = "http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz"
+
+      def self.fetch(tag,etag=nil)
+        location = LOCATIONS[tag]
+        return nil unless location
+        retval = {}
+        etag = (NVD::Feed.etags[tag] || "" ) unless etag
+        data = HTTParty.get(location, {:headers => {"If-None-Match" => etag}})
+        NVD::Feed.etags[tag] = data.response.header["etag"]
+        return NVD::Feed.etags[tag] if data.nil?
+        if location.match(/gz$/)
+          data = NVD::Feed.gunzip(data)
+          if location.match(/\.xml/)
+            xml = HTTParty::Parser.new(data, :xml).parse
+            data = []
+            xml["cpe_list"]["cpe_item"].each do |item|
+              item.each do |k,v|
+                v = v.detect {|i| i["lang"] == "en-US"} if v.is_a?(Array)
+                item[k] = v["__content__"] if v["__content__"]
+              end
+              item.delete "cpe23_item"
+              data << item
+            end
+          end
+        end
+        retval[name] = data
+      end
+
+      def self.fetch_all
+        retval = {}
+        LOCATIONS.each do |name, location|
+        end
+        retval
+      end #end method
+    end #end CPE module
+
+    @@feeds ||= []
+    @@feeds << CPE
+
+  end
+end

data/lib/nvd/feed/cve.rb

@@ -0,0 +1,104 @@
+module NVD
+  module Feed
+    module CVE
+      LOCATIONS = {} unless defined? CVE_LOCATIONS
+      (["recent", "modified"] | (2002..Date.today.year).to_a).each do |key|
+        LOCATIONS["cve_" + key.to_s] = "https://nvd.nist.gov/static/feeds/xml/cve/nvdcve-2.0-#{key.to_s}.xml"
+      end
+
+      def self.fetch(tag,etag=nil)
+        retval = {}
+        location = LOCATIONS[tag]
+        return nil unless location
+        etag = (NVD::Feed.etags[tag] || "" ) unless etag
+        data = HTTParty.get(location, {:headers => {"If-None-Match" => etag}})
+        NVD::Feed.etags[tag] = data.response.header["etag"]
+        return NVD::Feed.etags[tag] if data.nil?
+        if location.match(/gz$/)
+          data = NVD::Feed.gunzip(data)
+          if location.match(/\.xml/)
+            xml = HTTParty::Parser.new(data, :xml).parse
+            data = []
+            binding.pry #unless xml["nvd"] && xml["nvd"]["entry"]
+            xml["nvd"]["entry"].each do |item|
+              # item = OpenStruct.new(item)
+              item.each_pair do |k,v|
+                v = v.detect {|i| i["lang"] == "en-US"} if v.is_a?(Array)
+                item[k] = v["__content__"] if v["__content__"]
+              end
+              data << item
+            end
+            retval[tag] = data
+          end
+        end
+
+        if data.class == HTTParty::Response
+          response = []
+          data["nvd"]["entry"].each do |item|
+            item["cvss"].each do |k,v|
+              v.each do |j,l|
+                item["cvss"][k][j] = Time.parse(l) if j.to_s.include?("datetime")
+                item["cvss"][k][j] = l.to_f if j.to_s.include?("score")
+              end if v.is_a?(Hash)
+            end if item["cvss"]
+            refs = []
+            [item["references"]].flatten.each do |r|
+              r.each do |k,v|
+                v = v.detect {|i| i["lang"] == "en-US"} if v.is_a?(Array)
+                r[k] = v["href"] if v["__content__"] && v["href"]
+              end if r
+              refs << r
+            end
+            item["references"] = refs
+            products = []
+            products = [item["vulnerable_software_list"]["product"]].flatten if item["vulnerable_software_list"]
+            item["vulnerable_software_list"] = products
+            item.each do |k,v|
+              item[k] = Time.parse(v) if k.to_s.include?("datetime")
+            end
+            response << item
+          end
+          retval = response
+        end
+        return retval
+      end
+
+      def self.fetch_all
+        retval = {}
+        LOCATIONS.each do |tag, location|
+          puts tag
+          retval[tag] = fetch(tag)
+          return retval
+        end
+        retval
+      end
+
+      def self.save_off(name,data)
+
+      end
+    end
+
+    @@feeds ||= []
+    @@feeds << CVE
+
+  end
+end
+
+
+class Person < OpenStruct
+  attr_accessor :name, :age, :gender
+  def work
+    puts "POOF! Eight more hours gone!"
+  end
+
+  def slumber(num=10)
+    puts "going to sleep"
+    sleep num
+    puts "waking up"
+    sleep num/10
+  end
+
+  def eat(meal="bacon and eggs")
+    puts "I'm sitting down to eat #{meal}"
+  end
+end

data/lib/nvd/version.rb

@@ -0,0 +1,3 @@
+module Nvd
+  VERSION = "0.0.1"
+end

data/nvd.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'nvd/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "nvd"
+  spec.version       = Nvd::VERSION
+  spec.authors       = ["Ben Hamilton"]
+  spec.email         = ["benhami@gmail.com"]
+  spec.description   = %q{A simple gem abstraction for MITRE NVD SCAP data}
+  spec.summary       = %q{MITRE NVD SCAP data}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+
+  spec.add_dependency "httparty"
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,17 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# Require this file using `require "spec_helper"` to ensure that it is only
+# loaded once.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end

metadata

@@ -0,0 +1,114 @@
+--- !ruby/object:Gem::Specification
+name: nvd
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Ben Hamilton
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-09-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A simple gem abstraction for MITRE NVD SCAP data
+email:
+- benhami@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/nvd.rb
+- lib/nvd/feed.rb
+- lib/nvd/feed/cpe.rb
+- lib/nvd/feed/cve.rb
+- lib/nvd/version.rb
+- nvd.gemspec
+- spec/spec_helper.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: MITRE NVD SCAP data
+test_files:
+- spec/spec_helper.rb