nvd_feed_api 0.0.3 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: eede7e83299ed5178ac0ef1563ac49378b90bf6f
-  data.tar.gz: 82f073efcb5f266a8d848e5e93a2e6969ecd01db
+SHA256:
+  metadata.gz: 158649a33021b95393055afc6861185443aeae4665cc6acd86814f29a866d8f0
+  data.tar.gz: 75ca47cdcece6352581ed8ddfe9339ce393e48199ba4c895e6e49e05e959b08b
 SHA512:
-  metadata.gz: e398a51fa724e9028aea8e6966a5b8620d34b9b7a0a20311259e810d99103a04eb0977db8aa46ce8edc4d70d2ee4049903a212309ea570cff752ce01defc37b3
-  data.tar.gz: 235093a028f0bb61bf18879cb6dd3fe42e4e8e45b451ba8de41c6e697edadfc73bf10665ecdd3705ecc8e0220eb6b78edafef92cf22d63058bedc16ad6f6ed19
+  metadata.gz: 66c08b3167c12da6168331f84caa557d945ebb16c76e565cefa6ac44c7960e5eb8bae840a2231c16d2cc9ef982bd13eb9b68289dff66dbee4af0c115a45e20f4
+  data.tar.gz: 2729e066d04f9f29e9fd3fbd76c88cb3c208c2a82eab331e3202fca9a42a7f658d7645f7d3c17f5df770c54b1eb8e084b611f6e23eefab90c7e4cada90e114f0

data/.gitignore

@@ -50,4 +50,4 @@ build-iPhoneSimulator/
 .rvmrc
 
 # do not check Gemfile.lock fror gems
-Gemfile.lock
+#Gemfile.lock

data/.gitlab-ci.yml

@@ -1,36 +1,51 @@
 # Official language image. Look for the different tagged releases at:
 # https://hub.docker.com/r/library/ruby/tags/
-image: ruby:2.4-alpine
 
+# Caching: https://docs.gitlab.com/ee/ci/caching/#caching-ruby-dependencies
 cache:
+  key: ${CI_COMMIT_REF_SLUG}
   paths:
     - vendor/ruby # cache gems in between builds
 
 before_script:
   - ruby -v # Print out ruby version for debugging
-  - gem install bundler  --no-ri --no-rdoc # Bundler is not installed with the image
+  - gem install bundler --no-document # Bundler is not installed with the image
   # install nproc (coreutils) for bundle -j
   # install git for building the gemspec
   # install make, gcc for building gem native extension (commonmarker)
   # libc-dev for musl-dev dependency (stdlib.h) needed by gcc
   - apk --no-cache add coreutils git make gcc libc-dev
   - bundle install -j $(nproc) --path vendor # Install dependencies into ./vendor/ruby
-  - rake install # install the gem
+  - bundle exec rake install # install the gem
 
-rubocop:
+# Anchors: https://docs.gitlab.com/ee/ci/yaml/README.html#anchors
+.test_template: &job_definition
   stage: test
   script:
-    - rubocop
+  - bundle exec rubocop
+  - bundle exec rake test
 
-test:
-  stage: test
-  script:
-    - rake test
+test:2.4:
+  <<: *job_definition
+  image: ruby:2.4-alpine
+
+test:2.5:
+  <<: *job_definition
+  image: ruby:2.5-alpine
+
+test:2.6:
+  <<: *job_definition
+  image: ruby:2.6-alpine
+
+test:2.7:
+  <<: *job_definition
+  image: ruby:2.7-alpine
 
 pages:
   stage: deploy
+  image: ruby:2.4-alpine
   script:
-    - yard doc
+    - bundle exec yard doc
     - mkdir public
     - mv doc/* public/
   artifacts:

data/.rubocop.yml

@@ -1,5 +1,12 @@
 AllCops:
-  TargetRubyVersion: 2.4
+  TargetRubyVersion: 2.7
+  NewCops: enable
+
+Layout/HashAlignment:
+  EnforcedHashRocketStyle: table
+
+Layout/LineLength:
+  Enabled: false
 
 # Rubocop is too stupid too see that the variable is used
 Lint/UselessAssignment:
@@ -18,10 +25,7 @@ Metrics/ClassLength:
   Enabled: false
 
 Metrics/CyclomaticComplexity:
-  Max: 15
-
-Metrics/LineLength:
-  Enabled: false
+  Max: 20
 
 Metrics/MethodLength:
   Max: 100
@@ -44,3 +48,6 @@ Style/PerlBackrefs:
 # Allow explicit return
 Style/RedundantReturn:
   Enabled: false
+
+Style/WordArray:
+  EnforcedStyle: brackets

data/.tool-versions

@@ -0,0 +1 @@
+ruby 2.7.1

data/Gemfile.lock

@@ -0,0 +1,67 @@
+PATH
+  remote: .
+  specs:
+    nvd_feed_api (0.3.1)
+      archive-zip (~> 0.11)
+      nokogiri (~> 1.10)
+      oj (>= 3.7.8, < 4)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    archive-zip (0.12.0)
+      io-like (~> 0.3.0)
+    ast (2.4.1)
+    commonmarker (0.21.0)
+      ruby-enum (~> 0.5)
+    concurrent-ruby (1.1.7)
+    github-markup (3.0.4)
+    i18n (1.8.5)
+      concurrent-ruby (~> 1.0)
+    io-like (0.3.1)
+    mini_portile2 (2.4.0)
+    minitest (5.14.2)
+    nokogiri (1.10.10)
+      mini_portile2 (~> 2.4.0)
+    oj (3.10.14)
+    parallel (1.19.2)
+    parser (2.7.1.5)
+      ast (~> 2.4.1)
+    rainbow (3.0.0)
+    rake (13.0.1)
+    redcarpet (3.5.0)
+    regexp_parser (1.8.1)
+    rexml (3.2.4)
+    rubocop (0.92.0)
+      parallel (~> 1.10)
+      parser (>= 2.7.1.5)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.7)
+      rexml
+      rubocop-ast (>= 0.5.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (0.7.1)
+      parser (>= 2.7.1.5)
+    ruby-enum (0.8.0)
+      i18n
+    ruby-progressbar (1.10.1)
+    unicode-display_width (1.7.0)
+    yard (0.9.25)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 2.1)
+  commonmarker (~> 0.21)
+  github-markup (~> 3.0)
+  minitest (~> 5.14)
+  nvd_feed_api!
+  rake (~> 13.0)
+  redcarpet (~> 3.5)
+  rubocop (~> 0.92)
+  yard (~> 0.9)
+
+BUNDLED WITH
+   2.1.4

data/README.md

@@ -5,6 +5,7 @@
 [![Gem stable](https://img.shields.io/gem/dv/nvd_feed_api/stable.svg)][rubygems]
 [![Gem latest](https://img.shields.io/gem/dtv/nvd_feed_api.svg)][rubygems]
 [![Gem total download](https://img.shields.io/gem/dt/nvd_feed_api.svg)][rubygems]
+[![Rawsec's CyberSecurity Inventory](https://inventory.rawsec.ml/img/badges/Rawsec-inventoried-FF5050_flat.svg)](https://inventory.rawsec.ml/tools.html#nvd_feed_api)
 
 [rubygems]:https://rubygems.org/gems/nvd_feed_api/
 
@@ -12,7 +13,7 @@
 
 **nvd_feed_api** is a simple ruby API for NVD CVE feeds.
 
-The API will help you to download and manage NVD Data Feeds, search for CVEs, build your vulerability assesment platform or vulnerability database.
+The API will help you to download and manage NVD Data Feeds, search for CVEs, build your vulnerability assessment platform or vulnerability database.
 
 Name            | Link
 ---             | ---

data/lib/nvd_feed_api.rb

@@ -1,15 +1,13 @@
 # @author Alexandre ZANNI <alexandre.zanni@engineer.com>
 
 # Ruby internal
-require 'digest'
 require 'net/https'
 require 'set'
 # External
-require 'archive/zip'
 require 'nokogiri'
-require 'oj'
 # Project internal
 require 'nvd_feed_api/version'
+require 'nvd_feed_api/feed'
 
 # The class that parse NVD website to get information.
 # @example Initialize a NVDFeedScraper object, get the feeds and see them:
@@ -20,332 +18,12 @@ require 'nvd_feed_api/version'
 #   scraper.feeds("CVE-2007")
 #   cve2007, cve2015 = scraper.feeds("CVE-2007", "CVE-2015")
 class NVDFeedScraper
+  BASE = 'https://nvd.nist.gov'.freeze
   # The NVD url where is located the data feeds.
-  URL = 'https://nvd.nist.gov/vuln/data-feeds'.freeze
+  URL = "#{BASE}/vuln/data-feeds".freeze
   # Load constants
   include NvdFeedApi
 
-  # Feed object.
-  class Feed
-    class << self
-      # Get / set default feed storage location, where will be stored JSON feeds and archives by default.
-      # @return [String] default feed storage location. Default to +/tmp/+.
-      # @example
-      #   NVDFeedScraper::Feed.default_storage_location = '/srv/downloads/'
-      attr_accessor :default_storage_location
-    end
-    @default_storage_location = '/tmp/'
-
-    # @return [String] the name of the feed.
-    # @example
-    #   'CVE-2007'
-    attr_reader :name
-
-    # @return [String] the last update date of the feed information on the NVD website.
-    # @example
-    #   '10/19/2017 3:27:02 AM -04:00'
-    attr_reader :updated
-
-    # @return [String] the URL of the metadata file of the feed.
-    # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.meta'
-    attr_reader :meta_url
-
-    # @return [String] the URL of the gz archive of the feed.
-    # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.gz'
-    attr_reader :gz_url
-
-    # @return [String] the URL of the zip archive of the feed.
-    # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.zip'
-    attr_reader :zip_url
-
-    # @return [Meta] the {Meta} object of the feed.
-    # @note
-    #   Return nil if not previously loaded by {#meta_pull}.
-    #   Note that {#json_pull} also calls {#meta_pull}.
-    # @example
-    #   s = NVDFeedScraper.new
-    #   s.scrap
-    #   f = s.feeds("CVE-2014")
-    #   f.meta # => nil
-    #   f.meta_pull
-    #   f.meta # => #<NVDFeedScraper::Meta:0x00555b53027570 ... >
-    attr_reader :meta
-
-    # @return [String] the path of the saved JSON file.
-    # @note Return nil if not previously loaded by {#json_pull}.
-    # @example
-    #   s = NVDFeedScraper.new
-    #   s.scrap
-    #   f = s.feeds("CVE-2014")
-    #   f.json_file # => nil
-    #   f.json_pull
-    #   f.json_file # => "/tmp/nvdcve-1.0-2014.json"
-    attr_reader :json_file
-
-    # A new instance of Feed.
-    # @param name [String] see {#name}.
-    # @param updated [String] see {#updated}.
-    # @param meta_url [String] see {#meta_url}.
-    # @param gz_url [String] see {#gz_url}.
-    # @param zip_url [String] see {#zip_url}.
-    def initialize(name, updated, meta_url, gz_url, zip_url)
-      @name = name
-      @updated = updated
-      @meta_url = meta_url
-      @gz_url = gz_url
-      @zip_url = zip_url
-      # do not pull meta and json automatically for speed and memory footprint
-      @meta = nil
-      @json_file = nil
-    end
-
-    # Create or update the {Meta} object (fill the attribute).
-    # @return [Meta] the updated {Meta} object of the feed.
-    # @see #meta
-    def meta_pull
-      meta_content = NVDFeedScraper::Meta.new(@meta_url)
-      meta_content.parse
-      # update @meta
-      @meta = meta_content
-    end
-
-    # Download the gz archive of the feed.
-    # @param opts [Hash] see {#download_file}.
-    # @return [String] the saved gz file path.
-    # @example
-    #   afeed.download_gz
-    #   afeed.download_gz(destination_path: '/srv/save/')
-    def download_gz(opts = {})
-      download_file(@gz_url, opts)
-    end
-
-    # Download the zip archive of the feed.
-    # @param opts [Hash] see {#download_file}.
-    # @return [String] the saved zip file path.
-    # @example
-    #   afeed.download_zip
-    #   afeed.download_zip(destination_path: '/srv/save/')
-    def download_zip(opts = {})
-      download_file(@zip_url, opts)
-    end
-
-    # Download the JSON feed and fill the attribute.
-    # @param opts [Hash] see {#download_file}.
-    # @return [String] the path of the saved JSON file. Default use {Feed#default_storage_location}.
-    # @note Will downlaod and save the zip of the JSON file, unzip and save it. This massively consume time.
-    # @see #json_file
-    def json_pull(opts = {})
-      opts[:destination_path] ||= Feed.default_storage_location
-
-      skip_download = false
-      destination_path = opts[:destination_path]
-      destination_path += '/' unless destination_path[-1] == '/'
-      filename = URI(@zip_url).path.split('/').last.chomp('.zip')
-      # do not use @json_file for destination_file because of offline loading
-      destination_file = destination_path + filename
-      meta_pull
-      if File.file?(destination_file)
-        # Verify hash to see if it is the latest
-        computed_h = Digest::SHA256.file(destination_file)
-        skip_download = true if meta.sha256.casecmp(computed_h.hexdigest).zero?
-      end
-      if skip_download
-        @json_file = destination_file
-      else
-        zip_path = download_zip(opts)
-        Archive::Zip.open(zip_path) do |z|
-          z.extract(destination_path, flatten: true)
-        end
-        @json_file = zip_path.chomp('.zip')
-        # Verify hash integrity
-        computed_h = Digest::SHA256.file(@json_file)
-        raise "File corruption: #{@json_file}" unless meta.sha256.casecmp(computed_h.hexdigest).zero?
-      end
-      return @json_file
-    end
-
-    # Search for CVE in the feed.
-    # @overload cve(cve)
-    #   One CVE.
-    #   @param cve [String] CVE ID, case insensitive.
-    #   @return [Hash] a Ruby Hash corresponding to the CVE.
-    # @overload cve(cve_arr)
-    #   An array of CVEs.
-    #   @param cve_arr [Array<String>] Array of CVE ID, case insensitive.
-    #   @return [Array] an Array of CVE, each CVE is a Ruby Hash. May not be in the same order as provided.
-    # @overload cve(cve, *)
-    #   Multiple CVEs.
-    #   @param cve [String] CVE ID, case insensitive.
-    #   @param * [String] As many CVE ID as you want.
-    #   @return [Array] an Array of CVE, each CVE is a Ruby Hash. May not be in the same order as provided.
-    # @note {#json_pull} is needed before using this method. Remember you're searching only in the current feed.
-    # @todo implement a CVE Class instead of returning a Hash.
-    # @see https://scap.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema
-    # @see https://scap.nist.gov/schema/nvd/feed/0.1/CVE_JSON_4.0_min.schema
-    # @example
-    #   s = NVDFeedScraper.new
-    #   s.scrap
-    #   f = s.feeds("CVE-2014")
-    #   f.json_pull
-    #   f.cve("CVE-2014-0002", "cve-2014-0001")
-    def cve(*arg_cve)
-      raise 'json_file is nil, it needs to be populated with json_pull' if @json_file.nil?
-      raise "json_file (#{@json_file}) doesn't exist" unless File.file?(@json_file)
-      return_value = nil
-      raise 'no argument provided, 1 or more expected' if arg_cve.empty?
-      if arg_cve.length == 1
-        if arg_cve[0].is_a?(String)
-          raise "bad CVE name (#{arg_cve[0]})" unless /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(arg_cve[0])
-          doc = Oj::Doc.open(File.read(@json_file))
-          # Quicker than doc.fetch('/CVE_Items').size
-          doc_size = doc.fetch('/CVE_data_numberOfCVEs').to_i
-          (1..doc_size).each do |i|
-            if arg_cve[0].upcase == doc.fetch("/CVE_Items/#{i}/cve/CVE_data_meta/ID")
-              return_value = doc.fetch("/CVE_Items/#{i}")
-              break
-            end
-          end
-          doc.close
-        elsif arg_cve[0].is_a?(Array)
-          return_value = []
-          # Sorting CVE can allow us to parse quicker
-          # Upcase to be sure include? works
-          cves_to_find = arg_cve[0].map(&:upcase).sort
-          raise 'one of the provided arguments is not a String' unless cves_to_find.all? { |x| x.is_a?(String) }
-          raise 'bad CVE name' unless cves_to_find.all? { |x| /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(x) }
-          doc = Oj::Doc.open(File.read(@json_file))
-          # Quicker than doc.fetch('/CVE_Items').size
-          doc_size = doc.fetch('/CVE_data_numberOfCVEs').to_i
-          (1..doc_size).each do |i|
-            doc.move("/CVE_Items/#{i}")
-            cve_id = doc.fetch('cve/CVE_data_meta/ID')
-            if cves_to_find.include?(cve_id)
-              return_value.push(doc.fetch)
-              cves_to_find.delete(cve_id)
-            elsif cves_to_find.empty?
-              break
-            end
-          end
-          raise "#{cves_to_find.join(', ')} are unexisting CVEs in this feed" unless cves_to_find.empty?
-        else
-          raise "the provided argument (#{arg_cve[0]}) is nor a String or an Array"
-        end
-      else
-        # Overloading a list of arguments as one array argument
-        return_value = cve(arg_cve)
-      end
-      return return_value
-    end
-
-    # Return a list with the name of all available CVEs in the feed.
-    # Can only be called after {#json_pull}.
-    # @return [Array<String>] List with the name of all available CVEs. May return thousands CVEs.
-    def available_cves
-      raise 'json_file is nil, it needs to be populated with json_pull' if @json_file.nil?
-      raise "json_file (#{@json_file}) doesn't exist" unless File.file?(@json_file)
-      doc = Oj::Doc.open(File.read(@json_file))
-      # Quicker than doc.fetch('/CVE_Items').size
-      doc_size = doc.fetch('/CVE_data_numberOfCVEs').to_i
-      cve_names = []
-      (1..doc_size).each do |i|
-        doc.move("/CVE_Items/#{i}")
-        cve_names.push(doc.fetch('cve/CVE_data_meta/ID'))
-      end
-      doc.close
-      return cve_names
-    end
-
-    protected
-
-    # @param arg_name [String] the new name of the feed.
-    # @return [String] the new name of the feed.
-    # @example
-    #   'CVE-2007'
-    def name=(arg_name)
-      raise "name (#{arg_name}) is not a string" unless arg_name.is_a(String)
-      @name = arg_name
-    end
-
-    # @param arg_updated [String] the last update date of the feed information on the NVD website.
-    # @return [String] the new date.
-    # @example
-    #   '10/19/2017 3:27:02 AM -04:00'
-    def updated=(arg_updated)
-      raise "updated date (#{arg_updated}) is not a string" unless arg_updated.is_a(String)
-      @updated = arg_updated
-    end
-
-    # @param arg_meta_url [String] the new URL of the metadata file of the feed.
-    # @return [String] the new URL of the metadata file of the feed.
-    # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.meta'
-    def meta_url=(arg_meta_url)
-      raise "meta_url (#{arg_meta_url}) is not a string" unless arg_meta_url.is_a(String)
-      @meta_url = arg_meta_url
-    end
-
-    # @param arg_gz_url [String] the new URL of the gz archive of the feed.
-    # @return [String] the new URL of the gz archive of the feed.
-    # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.gz'
-    def gz_url=(arg_gz_url)
-      raise "gz_url (#{arg_gz_url}) is not a string" unless arg_gz_url.is_a(String)
-      @gz_url = arg_gz_url
-    end
-
-    # @param arg_zip_url [String] the new URL of the zip archive of the feed.
-    # @return [String] the new URL of the zip archive of the feed.
-    # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.zip'
-    def zip_url=(arg_zip_url)
-      raise "zip_url (#{arg_zip_url}) is not a string" unless arg_zip_url.is_a(String)
-      @zip_url = arg_zip_url
-    end
-
-    # Download a file.
-    # @param file_url [String] the URL of the file.
-    # @param opts [Hash] the optional downlaod parameters.
-    # @option opts [String] :destination_path the destination path (may
-    #   overwrite existing file).
-    #   Default use {Feed#default_storage_location}.
-    # @option opts [String] :sha256 the SHA256 hash to check, if the file
-    #   already exist and the hash matches then the download will be skipped.
-    # @return [String] the saved file path.
-    # @example
-    #   download_file('https://example.org/example.zip') # => '/tmp/example.zip'
-    #   download_file('https://example.org/example.zip', destination_path: '/srv/save/') # => '/srv/save/example.zip'
-    #   download_file('https://example.org/example.zip', {destination_path: '/srv/save/', sha256: '70d6ea136d5036b6ce771921a949357216866c6442f44cea8497f0528c54642d'}) # => '/srv/save/example.zip'
-    def download_file(file_url, opts = {})
-      opts[:destination_path] ||= Feed.default_storage_location
-      opts[:sha256] ||= nil
-
-      destination_path = opts[:destination_path]
-      destination_path += '/' unless destination_path[-1] == '/'
-      skip_download = false
-      uri = URI(file_url)
-      filename = uri.path.split('/').last
-      destination_file = destination_path + filename
-      unless opts[:sha256].nil?
-        if File.file?(destination_file)
-          # Verify hash to see if it is the latest
-          computed_h = Digest::SHA256.file(destination_file)
-          skip_download = true if opts[:sha256].casecmp(computed_h.hexdigest).zero?
-        end
-      end
-      unless skip_download
-        res = Net::HTTP.get_response(uri)
-        raise "#{file_url} ended with #{res.code} #{res.message}" unless res.is_a?(Net::HTTPSuccess)
-        open(destination_file, 'wb') do |file|
-          file.write(res.body)
-        end
-      end
-      return destination_file
-    end
-  end
-
   # Initialize the scraper
   def initialize
     @url = URL
@@ -354,21 +32,33 @@ class NVDFeedScraper
 
   # Scrap / parse the website to get the feeds and fill the {#feeds} attribute.
   # @note {#scrap} need to be called only once but can be called again to update if the NVD feed page changed.
-  # @return [Integer] +0+ when there is no error.
+  # @return [Integer] Number of scrapped feeds.
   def scrap
     uri = URI(@url)
     html = Net::HTTP.get(uri)
 
     doc = Nokogiri::HTML(html)
     @feeds = []
-    doc.css('h3#JSON_FEED ~ div.row:first-of-type table.xml-feed-table > tbody > tr[data-testid*=desc]').each do |tr|
-      name = tr.css('td')[0].text
-      updated = tr.css('td')[1].text
-      meta = tr.css('td')[2].css('> a').attr('href').value
-      gz = tr.css('+ tr > td > a').attr('href').value
-      zip = tr.css('+ tr + tr > td > a').attr('href').value
-      @feeds.push(Feed.new(name, updated, meta, gz, zip))
+    tmp_feeds = {}
+    doc.css('#vuln-feed-table table.xml-feed-table tr[data-testid]').each do |tr|
+      num, type = tr.attr('data-testid')[13..].split('-')
+      if type == 'meta'
+        tmp_feeds[num] = {}
+        tmp_feeds[num][:name] = tr.css('td')[0].text
+        tmp_feeds[num][:updated] = tr.css('td')[1].text
+        tmp_feeds[num][:meta] = BASE + tr.css('td')[2].css('> a').attr('href').value
+      elsif type == 'gz'
+        tmp_feeds[num][:gz] = BASE + tr.css('td > a').attr('href').value
+      elsif type == 'zip'
+        tmp_feeds[num][:zip] = BASE + tr.css('td > a').attr('href').value
+        @feeds.push(Feed.new(tmp_feeds[num][:name],
+                             tmp_feeds[num][:updated],
+                             tmp_feeds[num][:meta],
+                             tmp_feeds[num][:gz],
+                             tmp_feeds[num][:zip]))
+      end
     end
+    return @feeds.size
   end
 
   # Return feeds. Can only be called after {#scrap}.
@@ -395,6 +85,7 @@ class NVDFeedScraper
   # @see https://nvd.nist.gov/vuln/data-feeds
   def feeds(*arg_feeds)
     raise 'call scrap method before using feeds method' if @feeds.nil?
+
     return_value = nil
     if arg_feeds.empty?
       return_value = @feeds
@@ -406,6 +97,7 @@ class NVDFeedScraper
         # if nothing found return nil
       elsif arg_feeds[0].is_a?(Array)
         raise 'one of the provided arguments is not a String' unless arg_feeds[0].all? { |x| x.is_a?(String) }
+
         # Sorting CVE can allow us to parse quicker
         # Upcase to be sure include? works
         # Does not use map(&:upcase) to preserve CVE-Recent and CVE-Modified
@@ -437,6 +129,7 @@ class NVDFeedScraper
   #   scraper.available_feeds => ["CVE-Modified", "CVE-Recent", "CVE-2017", "CVE-2016", "CVE-2015", "CVE-2014", "CVE-2013", "CVE-2012", "CVE-2011", "CVE-2010", "CVE-2009", "CVE-2008", "CVE-2007", "CVE-2006", "CVE-2005", "CVE-2004", "CVE-2003", "CVE-2002"]
   def available_feeds
     raise 'call scrap method before using available_feeds method' if @feeds.nil?
+
     feed_names = []
     @feeds.each do |feed| # feed is an objet
       feed_names.push(feed.name)
@@ -469,9 +162,11 @@ class NVDFeedScraper
   def cve(*arg_cve)
     return_value = nil
     raise 'no argument provided, 1 or more expected' if arg_cve.empty?
+
     if arg_cve.length == 1
       if arg_cve[0].is_a?(String)
         raise 'bad CVE name' unless /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(arg_cve[0])
+
         year = /^CVE-([0-9]{4})-[0-9]{4,}$/i.match(arg_cve[0]).captures[0]
         matched_feed = nil
         feed_names = available_feeds
@@ -483,13 +178,17 @@ class NVDFeedScraper
             break
           end
         end
+        # CVE-2002 feed (the 1st one) contains CVE from 1999 to 2002
+        matched_feed = 'CVE-2002' if matched_feed.nil? && ('1999'..'2001').to_a.include?(year)
         raise "bad CVE year in #{arg_cve}" if matched_feed.nil?
+
         f = feeds(matched_feed)
         f.json_pull
         return_value = f.cve(arg_cve[0])
       elsif arg_cve[0].is_a?(Array)
         raise 'one of the provided arguments is not a String' unless arg_cve[0].all? { |x| x.is_a?(String) }
         raise 'bad CVE name' unless arg_cve[0].all? { |x| /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(x) }
+
         return_value = []
         # Sorting CVE can allow us to parse quicker
         # Upcase to be sure include? works
@@ -501,8 +200,18 @@ class NVDFeedScraper
         feed_names = available_feeds.to_set
         feed_names.delete('CVE-Modified')
         feed_names.delete('CVE-Recent')
+        # CVE-2002 feed (the 1st one) contains CVE from 1999 to 2002
+        virtual_feeds = ['CVE-1999', 'CVE-2000', 'CVE-2001']
+        # So virtually add those feed...
+        feed_names.merge(virtual_feeds)
         raise 'unexisting CVE year was provided in some CVE' unless feeds_to_match.subset?(feed_names)
+
         matched_feeds = feeds_to_match.intersection(feed_names)
+        # and now that the intersection is done remove those virtual feeds and add CVE-2002 instead if needed
+        unless matched_feeds.intersection(virtual_feeds.to_set).empty?
+          matched_feeds.subtract(virtual_feeds)
+          matched_feeds.add('CVE-2002')
+        end
         feeds_arr = feeds(matched_feeds.to_a)
         feeds_arr.each do |feed|
           feed.json_pull
@@ -547,23 +256,13 @@ class NVDFeedScraper
   def update_feeds(*arg_feed)
     return_value = false
     raise 'no argument provided, 1 or more expected' if arg_feed.empty?
+
     scrap
     if arg_feed.length == 1
       if arg_feed[0].is_a?(Feed)
         new_feed = feeds(arg_feed[0].name)
         # update attributes
-        if arg_feed[0].updated != new_feed.updated
-          arg_feed[0].name = new_feed.name
-          arg_feed[0].updated = new_feed.updated
-          arg_feed[0].meta_url = new_feed.meta_url
-          arg_feed[0].gz_url = new_feed.gz_url
-          arg_feed[0].zip_url = new_feed.zip_url
-          # update if @meta was set
-          arg_feed[0].meta_pull unless feed.meta.nil?
-          # update if @json_file was set
-          arg_feed[0].json_pull unless feed.json_file.nil?
-          return_value = true
-        end
+        return_value = arg_feed[0].update!(new_feed)
       elsif arg_feed[0].is_a?(Array)
         return_value = []
         arg_feed[0].each do |f|
@@ -597,115 +296,4 @@ class NVDFeedScraper
     end
     return cve_names
   end
-
-  # Manage the meta file from a feed.
-  #
-  # == Usage
-  #
-  # @example
-  #   s = NVDFeedScraper.new
-  #   s.scrap
-  #   metaUrl = s.feeds("CVE-2014").meta_url
-  #   m = NVDFeedScraper::Meta.new
-  #   m.url = metaUrl
-  #   m.parse
-  #   m.sha256
-  #
-  # Several ways to set the url:
-  #
-  #   m = NVDFeedScraper::Meta.new(metaUrl)
-  #   m.parse
-  #   # or
-  #   m = NVDFeedScraper::Meta.new
-  #   m.url = metaUrl
-  #   m.parse
-  #   # or
-  #   m = NVDFeedScraper::Meta.new
-  #   m.parse(metaUrl)
-  class Meta
-    # {Meta} last modified date getter
-    # @return [String] the last modified date and time.
-    # @example
-    #   '2017-10-19T03:27:02-04:00'
-    attr_reader :last_modified_date
-
-    # {Meta} JSON size getter
-    # @return [String] the size of the JSON file uncompressed.
-    # @example
-    #   '29443314'
-    attr_reader :size
-
-    # {Meta} zip size getter
-    # @return [String] the size of the zip file.
-    # @example
-    #   '2008493'
-    attr_reader :zip_size
-
-    # {Meta} gz size getter
-    # @return [String] the size of the gz file.
-    # @example
-    #   '2008357'
-    attr_reader :gz_size
-
-    # {Meta} JSON sha256 getter
-    # @return [String] the SHA256 value of the uncompressed JSON file.
-    # @example
-    #   '33ED52D451692596D644F23742ED42B4E350258B11ACB900F969F148FCE3777B'
-    attr_reader :sha256
-
-    # @param url [String, nil] see {Feed#meta_url}.
-    def initialize(url = nil)
-      @url = url
-    end
-
-    # {Meta} URL getter.
-    # @return [String] The URL of the meta file of the feed.
-    attr_reader :url
-
-    # {Meta} URL setter.
-    # @param url [String] see {Feed#meta_url}.
-    def url=(url)
-      @url = url
-      @last_modified_date = @size = @zip_size = @gz_size = @sha256 = nil
-    end
-
-    # Parse the meta file from the URL and set the attributes.
-    # @overload parse
-    #   Parse the meta file from the URL and set the attributes.
-    #   @return [Integer] Returns +0+ when there is no error.
-    # @overload parse(url)
-    #   Set the URL of the meta file of the feed and
-    #   parse the meta file from the URL and set the attributes.
-    #   @param url [String] see {Feed.meta_url}
-    #   @return [Integer] Returns +0+ when there is no error.
-    def parse(*arg)
-      if arg.empty?
-      elsif arg.length == 1 # arg = url
-        self.url = arg[0]
-      else
-        raise 'Too much arguments'
-      end
-
-      raise "Can't parse if the URL is empty" if @url.nil?
-      uri = URI(@url)
-
-      meta = Net::HTTP.get(uri)
-
-      meta = Hash[meta.split.map { |x| x.split(':', 2) }]
-
-      raise 'no lastModifiedDate attribute found' unless meta['lastModifiedDate']
-      raise 'no valid size attribute found' unless /[0-9]+/.match?(meta['size'])
-      raise 'no valid zipSize attribute found' unless /[0-9]+/.match?(meta['zipSize'])
-      raise 'no valid gzSize attribute found' unless /[0-9]+/.match?(meta['gzSize'])
-      raise 'no valid sha256 attribute found' unless /[0-9A-F]{64}/.match?(meta['sha256'])
-
-      @last_modified_date = meta['lastModifiedDate']
-      @size = meta['size']
-      @zip_size = meta['zipSize']
-      @gz_size = meta['gzSize']
-      @sha256 = meta['sha256']
-
-      0
-    end
-  end
 end