nvd_feed_api 0.2.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 38ab69d805d125729995fc9ea26d79e0b324414f
-  data.tar.gz: 7c9838e134a5f503d21979a5915db3cd9d9e823b
+SHA256:
+  metadata.gz: d03fa81fd296a62aba7a9356b3c41135851febb254af4db13758c5b76475739f
+  data.tar.gz: c0d716121dccaeaee6944ccd3e0d85cf59854084ae68d0f7347fb678dc4760bf
 SHA512:
-  metadata.gz: eda8d75faf07c0189cf6fdf9bbea8296fce70f0aaf380e8af2a3af83d1216f6ae360319cd01e727659f4cac527cd284ac9e9555dfb1dc79f1982f93309940129
-  data.tar.gz: eb9eb999eee1ef44b3b64de314f3fb37b0cc857df67a7ae580ed6f71ef51e827f3ec93de5b5fdfdd0205a0f280f6825e673a858e67248c9a684dc77a1342adea
+  metadata.gz: b5bef50a5709e8bd53a138110e80f6a5ee34d02f5849e1a3d9add0c9573e963926adbdf6eeb610b75d04d25d285b4450b8e99aa724582d382ed072ef46c89a8a
+  data.tar.gz: 7be0a9191d6efb0e7a80e7a868d8d019186268008473e3e731fe9e4e3e1d21b85b7cc6189c912d5315495dbb12dbaaa688ca077823ba844a01d91b11696ae954

data/.github/FUNDING.yml

@@ -0,0 +1,3 @@
+github: noraj
+issuehunt: noraj
+ko_fi: noraj

data/.gitignore

@@ -50,4 +50,4 @@ build-iPhoneSimulator/
 .rvmrc
 
 # do not check Gemfile.lock fror gems
-Gemfile.lock
+#Gemfile.lock

data/.gitlab-ci.yml

@@ -1,36 +1,43 @@
 # Official language image. Look for the different tagged releases at:
 # https://hub.docker.com/r/library/ruby/tags/
-image: ruby:2.4-alpine
 
+# Caching: https://docs.gitlab.com/ee/ci/caching/#caching-ruby-dependencies
 cache:
+  key: ${CI_COMMIT_REF_SLUG}
   paths:
     - vendor/ruby # cache gems in between builds
 
 before_script:
   - ruby -v # Print out ruby version for debugging
-  - gem install bundler  --no-ri --no-rdoc # Bundler is not installed with the image
+  - gem install bundler --no-document # Bundler is not installed with the image
   # install nproc (coreutils) for bundle -j
   # install git for building the gemspec
   # install make, gcc for building gem native extension (commonmarker)
   # libc-dev for musl-dev dependency (stdlib.h) needed by gcc
   - apk --no-cache add coreutils git make gcc libc-dev
   - bundle install -j $(nproc) --path vendor # Install dependencies into ./vendor/ruby
-  - rake install # install the gem
+  - bundle exec rake install # install the gem
 
-rubocop:
+# Anchors: https://docs.gitlab.com/ee/ci/yaml/README.html#anchors
+.test_template: &job_definition
   stage: test
   script:
-    - rubocop
+  - bundle exec rubocop
+  - bundle exec rake test
 
-test:
-  stage: test
-  script:
-    - rake test
+#test:2.4:
+#  <<: *job_definition
+#  image: ruby:2.4-alpine
+
+test:3.1:
+  <<: *job_definition
+  image: ruby:3.1-alpine
 
 pages:
   stage: deploy
+  image: ruby:3.1-alpine
   script:
-    - yard doc
+    - bundle exec yard doc
     - mkdir public
     - mv doc/* public/
   artifacts:

data/.rubocop.yml

@@ -1,5 +1,12 @@
 AllCops:
-  TargetRubyVersion: 2.4
+  TargetRubyVersion: 2.7
+  NewCops: enable
+
+Layout/HashAlignment:
+  EnforcedHashRocketStyle: table
+
+Layout/LineLength:
+  Enabled: false
 
 # Rubocop is too stupid too see that the variable is used
 Lint/UselessAssignment:
@@ -18,10 +25,7 @@ Metrics/ClassLength:
   Enabled: false
 
 Metrics/CyclomaticComplexity:
-  Max: 20
-
-Metrics/LineLength:
-  Enabled: false
+  Max: 25
 
 Metrics/MethodLength:
   Max: 100
@@ -35,6 +39,9 @@ Naming/VariableName:
 Security/JSONLoad:
   Enabled: false
 
+Style/CaseLikeIf:
+  Enabled: true
+
 Style/FrozenStringLiteralComment:
   EnforcedStyle: never
 
@@ -44,3 +51,6 @@ Style/PerlBackrefs:
 # Allow explicit return
 Style/RedundantReturn:
   Enabled: false
+
+Style/WordArray:
+  EnforcedStyle: brackets

data/.tool-versions

@@ -0,0 +1 @@
+ruby 3.1.0

data/.yardopts

@@ -1,6 +1,8 @@
 --protected
 --private
 --output-dir doc/
+--markup markdown
+--markup-provider commonmarker
 -
 --main README.md
 LICENSE.txt

data/Gemfile

@@ -1,4 +1,27 @@
 source 'https://rubygems.org'
 
-# Specify your gem's dependencies in .gemspec
 gemspec
+
+group :runtime, :cli do
+  gem 'archive-zip', '~> 0.11'
+  gem 'nokogiri', '~> 1.11'
+  gem 'oj', '>= 3.7.8', '<4'
+end
+
+group :development, :install do
+  gem 'bundler', '~> 2.1'
+end
+
+group :development, :test do
+  gem 'minitest', '~> 5.12'
+  gem 'rake', '~> 13.0'
+end
+
+group :development, :lint do
+  gem 'rubocop', '~> 1.23'
+end
+
+group :development, :docs do
+  gem 'commonmarker', '~> 0.21' # for markdown support in YARD
+  gem 'yard', ['>= 0.9.27', '< 0.10']
+end

data/Gemfile.lock

@@ -0,0 +1,64 @@
+PATH
+  remote: .
+  specs:
+    nvd_feed_api (0.4.0)
+      archive-zip (~> 0.11)
+      nokogiri (~> 1.11)
+      oj (>= 3.7.8, < 4)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    archive-zip (0.12.0)
+      io-like (~> 0.3.0)
+    ast (2.4.2)
+    commonmarker (0.23.2)
+    io-like (0.3.1)
+    mini_portile2 (2.7.1)
+    minitest (5.15.0)
+    nokogiri (1.13.1)
+      mini_portile2 (~> 2.7.0)
+      racc (~> 1.4)
+    oj (3.13.10)
+    parallel (1.21.0)
+    parser (3.0.3.2)
+      ast (~> 2.4.1)
+    racc (1.6.0)
+    rainbow (3.0.0)
+    rake (13.0.6)
+    regexp_parser (2.2.0)
+    rexml (3.2.5)
+    rubocop (1.24.1)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.15.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.15.1)
+      parser (>= 3.0.1.1)
+    ruby-progressbar (1.11.0)
+    unicode-display_width (2.1.0)
+    webrick (1.7.0)
+    yard (0.9.27)
+      webrick (~> 1.7.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  archive-zip (~> 0.11)
+  bundler (~> 2.1)
+  commonmarker (~> 0.21)
+  minitest (~> 5.12)
+  nokogiri (~> 1.11)
+  nvd_feed_api!
+  oj (>= 3.7.8, < 4)
+  rake (~> 13.0)
+  rubocop (~> 1.23)
+  yard (>= 0.9.27, < 0.10)
+
+BUNDLED WITH
+   2.3.6

data/README.md

@@ -5,6 +5,7 @@
 [![Gem stable](https://img.shields.io/gem/dv/nvd_feed_api/stable.svg)][rubygems]
 [![Gem latest](https://img.shields.io/gem/dtv/nvd_feed_api.svg)][rubygems]
 [![Gem total download](https://img.shields.io/gem/dt/nvd_feed_api.svg)][rubygems]
+[![Rawsec's CyberSecurity Inventory](https://inventory.rawsec.ml/img/badges/Rawsec-inventoried-FF5050_flat.svg)](https://inventory.rawsec.ml/tools.html#nvd_feed_api)
 
 [rubygems]:https://rubygems.org/gems/nvd_feed_api/
 
@@ -12,7 +13,7 @@
 
 **nvd_feed_api** is a simple ruby API for NVD CVE feeds.
 
-The API will help you to download and manage NVD Data Feeds, search for CVEs, build your vulerability assesment platform or vulnerability database.
+The API will help you to download and manage NVD Data Feeds, search for CVEs, build your vulnerability assessment platform or vulnerability database.
 
 Name            | Link
 ---             | ---

data/lib/nvd_feed_api/feed.rb

@@ -13,7 +13,7 @@ class NVDFeedScraper
   class Feed
     class << self
       # Get / set default feed storage location, where will be stored JSON feeds and archives by default.
-      # @return [String] default feed storage location. Default to +/tmp/+.
+      # @return [String] default feed storage location. Default to `/tmp/`.
       # @example
       #   NVDFeedScraper::Feed.default_storage_location = '/srv/downloads/'
       attr_accessor :default_storage_location
@@ -69,11 +69,11 @@ class NVDFeedScraper
     #   f.json_file # => "/tmp/nvdcve-1.0-2014.json"
     attr_reader :json_file
 
-    # @return [String] the type of the feed, should always be +CVE+.
+    # @return [String] the type of the feed, should always be `CVE`.
     # @note Return nil if not previously loaded by {#json_pull}.
     attr_reader :data_type
 
-    # @return [String] the format of the feed, should always be +MITRE+.
+    # @return [String] the format of the feed, should always be `MITRE`.
     # @note Return nil if not previously loaded by {#json_pull}.
     attr_reader :data_format
 
@@ -96,7 +96,7 @@ class NVDFeedScraper
     # @param gz_url [String] see {#gz_url}.
     # @param zip_url [String] see {#zip_url}.
     def initialize(name, updated, meta_url, gz_url, zip_url)
-      # Frome meta file
+      # From meta file
       @name = name
       @updated = updated
       @meta_url = meta_url
@@ -146,7 +146,7 @@ class NVDFeedScraper
     # Download the JSON feed and fill the attribute.
     # @param opts [Hash] see {#download_file}.
     # @return [String] the path of the saved JSON file. Default use {Feed#default_storage_location}.
-    # @note Will downlaod and save the zip of the JSON file, unzip and save it. This massively consume time.
+    # @note Will download and save the zip of the JSON file, unzip and save it. This massively consume time.
     # @see #json_file
     def json_pull(opts = {})
       opts[:destination_path] ||= Feed.default_storage_location
@@ -184,6 +184,7 @@ class NVDFeedScraper
         # Verify hash integrity
         computed_h = Digest::SHA256.file(@json_file)
         raise "File corruption: #{@json_file}" unless meta.sha256.casecmp(computed_h.hexdigest).zero?
+
         # update data
         doc = Oj::Doc.open(File.read(@json_file))
         @data_type = doc.fetch('/CVE_data_type')
@@ -223,11 +224,15 @@ class NVDFeedScraper
     def cve(*arg_cve)
       raise 'json_file is nil, it needs to be populated with json_pull' if @json_file.nil?
       raise "json_file (#{@json_file}) doesn't exist" unless File.file?(@json_file)
+
       return_value = nil
       raise 'no argument provided, 1 or more expected' if arg_cve.empty?
+
       if arg_cve.length == 1
-        if arg_cve[0].is_a?(String)
+        case arg_cve[0]
+        when String
           raise "bad CVE name (#{arg_cve[0]})" unless /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(arg_cve[0])
+
           doc = Oj::Doc.open(File.read(@json_file))
           # Quicker than doc.fetch('/CVE_Items').size
           (1..@data_number_of_cves).each do |i|
@@ -237,13 +242,14 @@ class NVDFeedScraper
             end
           end
           doc.close
-        elsif arg_cve[0].is_a?(Array)
+        when Array
           return_value = []
           # Sorting CVE can allow us to parse quicker
           # Upcase to be sure include? works
           cves_to_find = arg_cve[0].map(&:upcase).sort
           raise 'one of the provided arguments is not a String' unless cves_to_find.all? { |x| x.is_a?(String) }
           raise 'bad CVE name' unless cves_to_find.all? { |x| /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(x) }
+
           doc = Oj::Doc.open(File.read(@json_file))
           # Quicker than doc.fetch('/CVE_Items').size
           (1..@data_number_of_cves).each do |i|
@@ -273,6 +279,7 @@ class NVDFeedScraper
     def available_cves
       raise 'json_file is nil, it needs to be populated with json_pull' if @json_file.nil?
       raise "json_file (#{@json_file}) doesn't exist" unless File.file?(@json_file)
+
       doc = Oj::Doc.open(File.read(@json_file))
       # Quicker than doc.fetch('/CVE_Items').size
       cve_names = []
@@ -290,6 +297,7 @@ class NVDFeedScraper
     #   'CVE-2007'
     def name=(arg_name)
       raise "name (#{arg_name}) is not a string" unless arg_name.is_a?(String)
+
       @name = arg_name
     end
 
@@ -299,6 +307,7 @@ class NVDFeedScraper
     #   '10/19/2017 3:27:02 AM -04:00'
     def updated=(arg_updated)
       raise "updated date (#{arg_updated}) is not a string" unless arg_updated.is_a?(String)
+
       @updated = arg_updated
     end
 
@@ -308,6 +317,7 @@ class NVDFeedScraper
     #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.meta'
     def meta_url=(arg_meta_url)
       raise "meta_url (#{arg_meta_url}) is not a string" unless arg_meta_url.is_a?(String)
+
       @meta_url = arg_meta_url
     end
 
@@ -317,6 +327,7 @@ class NVDFeedScraper
     #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.gz'
     def gz_url=(arg_gz_url)
       raise "gz_url (#{arg_gz_url}) is not a string" unless arg_gz_url.is_a?(String)
+
       @gz_url = arg_gz_url
     end
 
@@ -326,6 +337,7 @@ class NVDFeedScraper
     #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.zip'
     def zip_url=(arg_zip_url)
       raise "zip_url (#{arg_zip_url}) is not a string" unless arg_zip_url.is_a?(String)
+
       @zip_url = arg_zip_url
     end
 
@@ -352,30 +364,28 @@ class NVDFeedScraper
       uri = URI(file_url)
       filename = uri.path.split('/').last
       destination_file = destination_path + filename
-      unless opts[:sha256].nil?
-        if File.file?(destination_file)
-          # Verify hash to see if it is the latest
-          computed_h = Digest::SHA256.file(destination_file)
-          skip_download = true if opts[:sha256].casecmp(computed_h.hexdigest).zero?
-        end
+      if !opts[:sha256].nil? && File.file?(destination_file)
+        # Verify hash to see if it is the latest
+        computed_h = Digest::SHA256.file(destination_file)
+        skip_download = true if opts[:sha256].casecmp(computed_h.hexdigest).zero?
       end
       unless skip_download
         res = Net::HTTP.get_response(uri)
         raise "#{file_url} ended with #{res.code} #{res.message}" unless res.is_a?(Net::HTTPSuccess)
-        open(destination_file, 'wb') do |file|
-          file.write(res.body)
-        end
+
+        File.binwrite(destination_file, res.body)
       end
       return destination_file
     end
 
     # Update the feed
     # @param fresh_feed [Feed] the fresh feed from which the feed will be updated.
-    # @return [Boolean] +true+ if the feed was updated, +false+ if it wasn't.
+    # @return [Boolean] `true` if the feed was updated, `false` if it wasn't.
     # @note Is not intended to be used directly, use {NVDFeedScraper#update_feeds} instead.
     def update!(fresh_feed)
       return_value = false
       raise "#{fresh_feed} is not a Feed" unless fresh_feed.is_a?(Feed)
+
       # update attributes
       if updated != fresh_feed.updated
         self.name = fresh_feed.name

data/lib/nvd_feed_api/meta.rb

@@ -76,26 +76,26 @@ class NVDFeedScraper
     # Parse the meta file from the URL and set the attributes.
     # @overload parse
     #   Parse the meta file from the URL and set the attributes.
-    #   @return [Integer] Returns +0+ when there is no error.
+    #   @return [Integer] Returns `0` when there is no error.
     # @overload parse(url)
     #   Set the URL of the meta file of the feed and
     #   parse the meta file from the URL and set the attributes.
     #   @param url [String] see {Feed.meta_url}
-    #   @return [Integer] Returns +0+ when there is no error.
+    #   @return [Integer] Returns `0` when there is no error.
     def parse(*arg)
-      if arg.empty?
-      elsif arg.length == 1 # arg = url
+      if arg.length == 1 # arg = url
         self.url = arg[0]
-      else
+      elsif arg.length > 1
         raise 'Too much arguments'
       end
 
       raise "Can't parse if the URL is empty" if @url.nil?
+
       uri = URI(@url)
 
       meta = Net::HTTP.get(uri)
 
-      meta = Hash[meta.split.map { |x| x.split(':', 2) }]
+      meta = meta.split.to_h { |x| x.split(':', 2) }
 
       raise 'no lastModifiedDate attribute found' unless meta['lastModifiedDate']
       raise 'no valid size attribute found' unless /[0-9]+/.match?(meta['size'])

data/lib/nvd_feed_api/version.rb

@@ -1,3 +1,3 @@
 module NvdFeedApi
-  VERSION = '0.2.0'.freeze
+  VERSION = '0.4.0'.freeze
 end

data/lib/nvd_feed_api.rb

@@ -18,8 +18,9 @@ require 'nvd_feed_api/feed'
 #   scraper.feeds("CVE-2007")
 #   cve2007, cve2015 = scraper.feeds("CVE-2007", "CVE-2015")
 class NVDFeedScraper
+  BASE = 'https://nvd.nist.gov'.freeze
   # The NVD url where is located the data feeds.
-  URL = 'https://nvd.nist.gov/vuln/data-feeds'.freeze
+  URL = "#{BASE}/vuln/data-feeds".freeze
   # Load constants
   include NvdFeedApi
 
@@ -31,21 +32,34 @@ class NVDFeedScraper
 
   # Scrap / parse the website to get the feeds and fill the {#feeds} attribute.
   # @note {#scrap} need to be called only once but can be called again to update if the NVD feed page changed.
-  # @return [Integer] +0+ when there is no error.
+  # @return [Integer] Number of scrapped feeds.
   def scrap
     uri = URI(@url)
     html = Net::HTTP.get(uri)
 
     doc = Nokogiri::HTML(html)
     @feeds = []
-    doc.css('h3#JSON_FEED ~ div.row:first-of-type table.xml-feed-table > tbody > tr[data-testid*=desc]').each do |tr|
-      name = tr.css('td')[0].text
-      updated = tr.css('td')[1].text
-      meta = tr.css('td')[2].css('> a').attr('href').value
-      gz = tr.css('+ tr > td > a').attr('href').value
-      zip = tr.css('+ tr + tr > td > a').attr('href').value
-      @feeds.push(Feed.new(name, updated, meta, gz, zip))
+    tmp_feeds = {}
+    doc.css('#vuln-feed-table table.xml-feed-table tr[data-testid]').each do |tr|
+      num, type = tr.attr('data-testid')[13..].split('-')
+      case type
+      when 'meta'
+        tmp_feeds[num] = {}
+        tmp_feeds[num][:name] = tr.css('td')[0].text
+        tmp_feeds[num][:updated] = tr.css('td')[1].text
+        tmp_feeds[num][:meta] = BASE + tr.css('td')[2].css('> a').attr('href').value
+      when 'gz'
+        tmp_feeds[num][:gz] = BASE + tr.css('td > a').attr('href').value
+      when 'zip'
+        tmp_feeds[num][:zip] = BASE + tr.css('td > a').attr('href').value
+        @feeds.push(Feed.new(tmp_feeds[num][:name],
+                             tmp_feeds[num][:updated],
+                             tmp_feeds[num][:meta],
+                             tmp_feeds[num][:gz],
+                             tmp_feeds[num][:zip]))
+      end
     end
+    return @feeds.size
   end
 
   # Return feeds. Can only be called after {#scrap}.
@@ -72,17 +86,20 @@ class NVDFeedScraper
   # @see https://nvd.nist.gov/vuln/data-feeds
   def feeds(*arg_feeds)
     raise 'call scrap method before using feeds method' if @feeds.nil?
+
     return_value = nil
     if arg_feeds.empty?
       return_value = @feeds
     elsif arg_feeds.length == 1
-      if arg_feeds[0].is_a?(String)
+      case arg_feeds[0]
+      when String
         @feeds.each do |feed| # feed is an object
           return_value = feed if arg_feeds.include?(feed.name)
         end
         # if nothing found return nil
-      elsif arg_feeds[0].is_a?(Array)
+      when Array
         raise 'one of the provided arguments is not a String' unless arg_feeds[0].all? { |x| x.is_a?(String) }
+
         # Sorting CVE can allow us to parse quicker
         # Upcase to be sure include? works
         # Does not use map(&:upcase) to preserve CVE-Recent and CVE-Modified
@@ -114,6 +131,7 @@ class NVDFeedScraper
   #   scraper.available_feeds => ["CVE-Modified", "CVE-Recent", "CVE-2017", "CVE-2016", "CVE-2015", "CVE-2014", "CVE-2013", "CVE-2012", "CVE-2011", "CVE-2010", "CVE-2009", "CVE-2008", "CVE-2007", "CVE-2006", "CVE-2005", "CVE-2004", "CVE-2003", "CVE-2002"]
   def available_feeds
     raise 'call scrap method before using available_feeds method' if @feeds.nil?
+
     feed_names = []
     @feeds.each do |feed| # feed is an objet
       feed_names.push(feed.name)
@@ -146,9 +164,12 @@ class NVDFeedScraper
   def cve(*arg_cve)
     return_value = nil
     raise 'no argument provided, 1 or more expected' if arg_cve.empty?
+
     if arg_cve.length == 1
-      if arg_cve[0].is_a?(String)
+      case arg_cve[0]
+      when String
         raise 'bad CVE name' unless /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(arg_cve[0])
+
         year = /^CVE-([0-9]{4})-[0-9]{4,}$/i.match(arg_cve[0]).captures[0]
         matched_feed = nil
         feed_names = available_feeds
@@ -163,12 +184,14 @@ class NVDFeedScraper
         # CVE-2002 feed (the 1st one) contains CVE from 1999 to 2002
         matched_feed = 'CVE-2002' if matched_feed.nil? && ('1999'..'2001').to_a.include?(year)
         raise "bad CVE year in #{arg_cve}" if matched_feed.nil?
+
         f = feeds(matched_feed)
         f.json_pull
         return_value = f.cve(arg_cve[0])
-      elsif arg_cve[0].is_a?(Array)
+      when Array
         raise 'one of the provided arguments is not a String' unless arg_cve[0].all? { |x| x.is_a?(String) }
         raise 'bad CVE name' unless arg_cve[0].all? { |x| /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(x) }
+
         return_value = []
         # Sorting CVE can allow us to parse quicker
         # Upcase to be sure include? works
@@ -185,6 +208,7 @@ class NVDFeedScraper
         # So virtually add those feed...
         feed_names.merge(virtual_feeds)
         raise 'unexisting CVE year was provided in some CVE' unless feeds_to_match.subset?(feed_names)
+
         matched_feeds = feeds_to_match.intersection(feed_names)
         # and now that the intersection is done remove those virtual feeds and add CVE-2002 instead if needed
         unless matched_feeds.intersection(virtual_feeds.to_set).empty?
@@ -195,9 +219,10 @@ class NVDFeedScraper
         feeds_arr.each do |feed|
           feed.json_pull
           cves_obj = feed.cve(cves_to_find.select { |cve| cve.include?(feed.name) })
-          if cves_obj.is_a?(Hash)
+          case cves_obj
+          when Hash
             return_value.push(cves_obj)
-          elsif cves_obj.is_a?(Array)
+          when Array
             return_value.push(*cves_obj)
           else
             raise 'cve() method of the feed instance returns wrong value'
@@ -217,16 +242,16 @@ class NVDFeedScraper
   # @overload update_feeds(feed)
   #   One feed.
   #   @param feed [Feed] feed object to update.
-  #   @return [Boolean] +true+ if the feed was updated, +false+ if it wasn't.
+  #   @return [Boolean] `true` if the feed was updated, `false` if it wasn't.
   # @overload update_feeds(feed_arr)
   #   An array of feed.
   #   @param feed_arr [Array<Feed>] array of feed objects to update.
-  #   @return [Array<Boolean>] +true+ if the feed was updated, +false+ if it wasn't.
+  #   @return [Array<Boolean>] `true` if the feed was updated, `false` if it wasn't.
   # @overload update_feeds(feed, *)
   #   Multiple feeds.
   #   @param feed [Feed] feed object to update.
   #   @param * [Feed] As many feed objects as you want.
-  #   @return [Array<Boolean>] +true+ if the feed was updated, +false+ if it wasn't.
+  #   @return [Array<Boolean>] `true` if the feed was updated, `false` if it wasn't.
   # @example
   #   s = NVDFeedScraper.new
   #   s.scrap
@@ -235,13 +260,15 @@ class NVDFeedScraper
   def update_feeds(*arg_feed)
     return_value = false
     raise 'no argument provided, 1 or more expected' if arg_feed.empty?
+
     scrap
     if arg_feed.length == 1
-      if arg_feed[0].is_a?(Feed)
+      case arg_feed[0]
+      when Feed
         new_feed = feeds(arg_feed[0].name)
         # update attributes
         return_value = arg_feed[0].update!(new_feed)
-      elsif arg_feed[0].is_a?(Array)
+      when Array
         return_value = []
         arg_feed[0].each do |f|
           res = update_feeds(f)

data/nvd_feed_api.gemspec

@@ -1,12 +1,9 @@
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'nvd_feed_api/version'
+require_relative 'lib/nvd_feed_api/version'
 
 Gem::Specification.new do |s|
   s.name          = 'nvd_feed_api'
   s.version       = NvdFeedApi::VERSION
   s.platform      = Gem::Platform::RUBY
-  s.date          = '2018-01-06'
   s.summary       = 'API for NVD CVE feeds'
   s.description   = 'A simple API for NVD CVE feeds'
   s.authors       = ['Alexandre ZANNI']
@@ -20,27 +17,19 @@ Gem::Specification.new do |s|
   s.require_paths = ['lib']
 
   s.metadata = {
-    'yard.run'          => 'yard',
-    'bug_tracker_uri'   => 'https://gitlab.com/noraj/nvd_api/issues',
-    'changelog_uri'     => 'https://noraj.gitlab.io/nvd_api/file.CHANGELOG.html',
-    'documentation_uri' => 'https://noraj.gitlab.io/nvd_api/',
-    'homepage_uri'      => 'https://noraj.gitlab.io/nvd_api/',
-    'source_code_uri'   => 'https://gitlab.com/noraj/nvd_api/tree/master',
-    'wiki_uri'          => 'https://gitlab.com/noraj/nvd_api/wikis/home'
+    'yard.run'              => 'yard',
+    'bug_tracker_uri'       => 'https://gitlab.com/noraj/nvd_api/issues',
+    'changelog_uri'         => 'https://noraj.gitlab.io/nvd_api/file.CHANGELOG.html',
+    'documentation_uri'     => 'https://noraj.gitlab.io/nvd_api/',
+    'homepage_uri'          => 'https://noraj.gitlab.io/nvd_api/',
+    'source_code_uri'       => 'https://gitlab.com/noraj/nvd_api/tree/master',
+    'wiki_uri'              => 'https://gitlab.com/noraj/nvd_api/wikis/home',
+    'rubygems_mfa_required' => 'true'
   }
 
-  s.required_ruby_version = '~> 2.4'
+  s.required_ruby_version = ['>= 2.7.0', '< 3.2']
 
-  s.add_dependency('archive-zip', '~> 0.10')
-  s.add_dependency('nokogiri', '~> 1.8')
-  s.add_dependency('oj', '~> 3.3')
-
-  s.add_development_dependency('bundler', '~> 1.15')
-  s.add_development_dependency('commonmarker', '~> 0.17') # for GMF support in YARD
-  s.add_development_dependency('github-markup', '~> 1.6') # for GMF support in YARD
-  s.add_development_dependency('minitest', '~> 5.10')
-  s.add_development_dependency('rake', '~> 12.3')
-  s.add_development_dependency('redcarpet', '~> 3.4') # for GMF support in YARD
-  s.add_development_dependency('rubocop', '~> 0.51')
-  s.add_development_dependency('yard', '~> 0.9')
+  s.add_dependency('archive-zip', '~> 0.11')
+  s.add_dependency('nokogiri', '~> 1.11')
+  s.add_dependency('oj', '>= 3.7.8', '<4')
 end

data/pages/CHANGELOG.md

@@ -1,3 +1,43 @@
+# [unreleased]
+
+# [0.4.0] - 31 January 2021
+
+- Dependencies:
+  - Update to yard [v0.9.27](https://github.com/lsegal/yard/releases/tag/v0.9.27)
+    - Move from Redcarpet to CommonMarker markdown provider
+    - Move doc syntax from Rdoc to markdown
+  - Move dev dependencies from gemspec to gemfile
+- Chore:
+  - Add support for Ruby 3.1
+  - Update rubocop rules
+
+# [0.3.1] - 13 October 2020
+
+[0.3.1]: https://gitlab.com/noraj/nvd_api/tags/v0.3.1
+
+- fix scrap method to reflect NVD feeds page changes
+- update dependencies
+- update rubocop rules
+
+# [0.3.0] - 22 January 2019
+
+[0.3.0]: https://gitlab.com/noraj/nvd_api/tags/v0.3.0
+
+- update dependencies: updated gemspec, ruby 2.6 support, fix gem doc flag, fix oj crash (seg fault)
+- Gemfile.lock: now Gemfile.lock is not ignored anymore
+- gitlab-ci: add ruby 2.6 test, add caching key, and anchors for better reuse, always use bundle
+- NVDFeedScraper `scrap` method: change return value
+- rubocop: fix lint
+
+# [0.2.1] - 2 May 2018
+
+[0.2.1]: https://gitlab.com/noraj/nvd_api/tags/v0.2.1
+
+- Gitlab-CI: test with ruby 2.4.x and 2.5.x
+- style: fix Style/ExpandPathArguments cop
+- security: fix Security/Open cop, protect from pipe command injection
+- test: fix NVD URL after NVD changed it
+
 # [0.2.0] - 20 January 2018
 
 [0.2.0]: https://gitlab.com/noraj/nvd_api/tags/v0.2.0

data/pages/INSTALL.md

@@ -10,14 +10,7 @@ $ gem install nvd_feed_api
 
 ## Development
 
-It's better to use [RVM](https://rvm.io/) to have latests version of ruby and to avoid trashing your system ruby.
-
-To keep clean gem dependencies create a gemset with rvm:
-
-```
-$ rvm gemset create nvd_feed_api
-$ rvm gemset use nvd_feed_api
-```
+It's better to use [rbenv](https://github.com/rbenv/rbenv) to have latests version of ruby and to avoid trashing your system ruby.
 
 ### Install from rubygems.org
 
@@ -53,7 +46,7 @@ Note: if an automatic install is needed you can get the version with `$ gem buil
 
 ### Run the API in irb without installing the gem
 
-Usefull when you want to try your changes without building the gem and re-installing it each time.
+Useful when you want to try your changes without building the gem and re-installing it each time.
 
 ```
 $ git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api

data/renovate.json

@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "bundler": {
+    "enabled": true
+  },
+  "assignees": [
+    "noraj"
+  ],
+  "enabledManagers": [
+    "bundler",
+    "gitlabci"
+  ]
+}

data/test/test_nvd_feed_api.rb

@@ -9,7 +9,7 @@ class NVDAPITest < Minitest::Test
   end
 
   def test_scraper_scrap
-    assert_equal(0, @s.scrap, 'scrap method return nothing')
+    assert_operator(0, :<, @s.scrap, 'scrap method returns nothing')
   end
 
   def test_scraper_feeds_noarg
@@ -78,7 +78,7 @@ class NVDAPITest < Minitest::Test
     f2017, f2016, f_modified = @s.feeds('CVE-2017', 'CVE-2016', 'CVE-Modified')
     # one arg
     # can't use assert_instance_of because there is no boolean class
-    assert(%w[TrueClass FalseClass].include?(@s.update_feeds(f2017).class.to_s), "update_feeds doesn't return a boolean")
+    assert(['TrueClass', 'FalseClass'].include?(@s.update_feeds(f2017).class.to_s), "update_feeds doesn't return a boolean")
     # two args
     assert_instance_of(Array, @s.update_feeds(f2017, f2016), "update_feeds doesn't return an array")
     refute_empty(@s.update_feeds(f2017, f2016), 'update_feeds returns an empty array')
@@ -109,9 +109,9 @@ class NVDAPITest < Minitest::Test
 
   def test_feed_attributes
     name = 'CVE-2010'
-    meta_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.meta'
-    gz_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.json.gz'
-    zip_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.json.zip'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.meta'
+    gz_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.json.gz'
+    zip_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.json.zip'
     f = @s.feeds('CVE-2010')
     # Test name
     assert_instance_of(String, f.name, "name doesn't return a string")
@@ -231,7 +231,7 @@ class NVDAPITest < Minitest::Test
     f_new = @s.feeds('CVE-2006')
     # Right arg
     # can't use assert_instance_of because there is no boolean class
-    assert(%w[TrueClass FalseClass].include?(f.update!(f_new).class.to_s), "update! doesn't return a boolean")
+    assert(['TrueClass', 'FalseClass'].include?(f.update!(f_new).class.to_s), "update! doesn't return a boolean")
     # Bad arg
     err = assert_raises(RuntimeError) do
       f.update!('bad_arg')
@@ -240,25 +240,25 @@ class NVDAPITest < Minitest::Test
   end
 
   def test_meta_parse_noarg
-    m = NVDFeedScraper::Meta.new('https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.meta')
+    m = NVDFeedScraper::Meta.new('https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta')
     assert_equal(0, m.parse, 'parse method return nothing')
   end
 
   def test_meta_parse_witharg
     m = NVDFeedScraper::Meta.new
-    meta_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.meta'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta'
     assert_equal(0, m.parse(meta_url), 'parse method return nothing')
   end
 
   def test_meta_url_setter
     m = NVDFeedScraper::Meta.new
-    meta_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.meta'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta'
     assert_equal(meta_url, m.url = meta_url, 'the meta URL is not set correctly')
   end
 
   def test_meta_attributes
     m = NVDFeedScraper::Meta.new
-    meta_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.meta'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta'
     m.url = meta_url
     m.parse
     # Test gz_size

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nvd_feed_api
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Alexandre ZANNI
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-01-06 00:00:00.000000000 Z
+date: 2022-01-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: archive-zip
@@ -16,154 +16,48 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.11'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: oj
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.3'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.3'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.15'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.15'
-- !ruby/object:Gem::Dependency
-  name: commonmarker
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.17'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.17'
-- !ruby/object:Gem::Dependency
-  name: github-markup
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.6'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.6'
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.10'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '5.10'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '12.3'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '12.3'
-- !ruby/object:Gem::Dependency
-  name: redcarpet
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.4'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
+        version: 3.7.8
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '3.4'
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.51'
-  type: :development
+        version: '4'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.51'
-- !ruby/object:Gem::Dependency
-  name: yard
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
+        version: 3.7.8
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '4'
 description: A simple API for NVD CVE feeds
 email: alexandre.zanni@europe.com
 executables:
@@ -173,6 +67,7 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
 - ".gitignore"
 - ".gitlab-ci.yml"
 - ".gitlab/CONTRIBUTING.md"
@@ -180,8 +75,10 @@ files:
 - ".gitlab/issue_templates/Feature_proposal.md"
 - ".gitlab/merge_request_templates/MR.md"
 - ".rubocop.yml"
+- ".tool-versions"
 - ".yardopts"
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -197,6 +94,7 @@ files:
 - pages/EXAMPLES.md
 - pages/FEATURES.md
 - pages/INSTALL.md
+- renovate.json
 - test/test_nvd_feed_api.rb
 homepage: https://noraj.gitlab.io/nvd_api/
 licenses:
@@ -209,24 +107,27 @@ metadata:
   homepage_uri: https://noraj.gitlab.io/nvd_api/
   source_code_uri: https://gitlab.com/noraj/nvd_api/tree/master
   wiki_uri: https://gitlab.com/noraj/nvd_api/wikis/home
-post_install_message: 
+  rubygems_mfa_required: 'true'
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - "~>"
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+  - - "<"
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.14
-signing_key: 
+rubygems_version: 3.3.3
+signing_key:
 specification_version: 4
 summary: API for NVD CVE feeds
 test_files: