nvd_feed_api 0.0.3 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -1
- data/lib/nvd_feed_api.rb +11 -0
- data/lib/nvd_feed_api/version.rb +1 -1
- data/pages/CHANGELOG.md +11 -4
- data/pages/EXAMPLES.md +3 -5
- data/test/test_nvd_feed_api.rb +42 -42
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 421862fc8896856c94ac947b15d78b2538a9c13c
|
|
4
|
+
data.tar.gz: 23daab198d07a5da168a8884d2476a73feb21ee7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ddfcce9f3483fee3d46e70a7a9fcc839f22c15a1bbc9c8090df47bfda8de118d0f71ea21d639df8b54ea6efb0c19dfdae383e7b7c71bea026a009a1122fff888
|
|
7
|
+
data.tar.gz: b8f1755ce9de8c03da15699f4c17f57433d60a02b9b421a38ce420ba4188d59f79ec3cc4069600ee7ed99e63f2981994f511a74ffeebd13fcebc3b2118ba42ce
|
data/.rubocop.yml
CHANGED
data/lib/nvd_feed_api.rb
CHANGED
|
@@ -483,6 +483,8 @@ class NVDFeedScraper
|
|
|
483
483
|
break
|
|
484
484
|
end
|
|
485
485
|
end
|
|
486
|
+
# CVE-2002 feed (the 1st one) contains CVE from 1999 to 2002
|
|
487
|
+
matched_feed = 'CVE-2002' if matched_feed.nil? && ('1999'..'2001').to_a.include?(year)
|
|
486
488
|
raise "bad CVE year in #{arg_cve}" if matched_feed.nil?
|
|
487
489
|
f = feeds(matched_feed)
|
|
488
490
|
f.json_pull
|
|
@@ -501,8 +503,17 @@ class NVDFeedScraper
|
|
|
501
503
|
feed_names = available_feeds.to_set
|
|
502
504
|
feed_names.delete('CVE-Modified')
|
|
503
505
|
feed_names.delete('CVE-Recent')
|
|
506
|
+
# CVE-2002 feed (the 1st one) contains CVE from 1999 to 2002
|
|
507
|
+
virtual_feeds = ['CVE-1999', 'CVE-2000', 'CVE-2001']
|
|
508
|
+
# So virtually add those feed...
|
|
509
|
+
feed_names.merge(virtual_feeds)
|
|
504
510
|
raise 'unexisting CVE year was provided in some CVE' unless feeds_to_match.subset?(feed_names)
|
|
505
511
|
matched_feeds = feeds_to_match.intersection(feed_names)
|
|
512
|
+
# and now that the intersection is done remove those virtual feeds and add CVE-2002 instead if needed
|
|
513
|
+
unless matched_feeds.intersection(virtual_feeds.to_set).empty?
|
|
514
|
+
matched_feeds.subtract(virtual_feeds)
|
|
515
|
+
matched_feeds.add('CVE-2002')
|
|
516
|
+
end
|
|
506
517
|
feeds_arr = feeds(matched_feeds.to_a)
|
|
507
518
|
feeds_arr.each do |feed|
|
|
508
519
|
feed.json_pull
|
data/lib/nvd_feed_api/version.rb
CHANGED
data/pages/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,11 @@
|
|
|
1
|
-
# [0.0
|
|
1
|
+
# [0.1.0] - 17 January 2018
|
|
2
|
+
|
|
3
|
+
[0.1.0]: https://gitlab.com/noraj/nvd_api/tags/v0.1.0
|
|
4
|
+
|
|
5
|
+
- add support for CVE from 1999 to 2001
|
|
6
|
+
- fix tests
|
|
7
|
+
|
|
8
|
+
# [0.0.3] - 6 January 2018
|
|
2
9
|
|
|
3
10
|
[0.0.3]: https://gitlab.com/noraj/nvd_api/tags/v0.0.3
|
|
4
11
|
|
|
@@ -6,14 +13,14 @@
|
|
|
6
13
|
- new badges on README
|
|
7
14
|
- As rubydoc.info seems bug, use gitlab pages instead for hosting YARD doc
|
|
8
15
|
|
|
9
|
-
# [0.0.2.pre] - 5 January
|
|
16
|
+
# [0.0.2.pre] - 5 January 2018
|
|
10
17
|
|
|
11
18
|
[0.0.2.pre]: https://gitlab.com/noraj/nvd_api/tags/v0.0.2.pre
|
|
12
19
|
|
|
13
20
|
- Test a new version number to fix a bug with rubygems.org
|
|
14
21
|
- Correct month name in the dates in the CHANGELOG
|
|
15
22
|
|
|
16
|
-
# [0.0.1.rc2] - 4 January
|
|
23
|
+
# [0.0.1.rc2] - 4 January 2018
|
|
17
24
|
|
|
18
25
|
[0.0.1.rc2]: https://gitlab.com/noraj/nvd_api/tags/v0.0.1.rc2
|
|
19
26
|
|
|
@@ -21,7 +28,7 @@
|
|
|
21
28
|
- Improve the README to be a good entrypoint.
|
|
22
29
|
- Improve the FEATURES.
|
|
23
30
|
|
|
24
|
-
# [0.0.1.rc1] - 4 January
|
|
31
|
+
# [0.0.1.rc1] - 4 January 2018
|
|
25
32
|
|
|
26
33
|
[0.0.1.rc1]: https://gitlab.com/noraj/nvd_api/tags/v0.0.1.rc1
|
|
27
34
|
|
data/pages/EXAMPLES.md
CHANGED
|
@@ -12,10 +12,8 @@ s.scrap
|
|
|
12
12
|
# Change the default feed storage location beacause default value is '/tmp/'.
|
|
13
13
|
# '/tmp/' is mounted as tmpFS and is cleaned at every start.
|
|
14
14
|
# This will considerably speed up your performance is you have to reboot.
|
|
15
|
-
NVDFeedScraper::Feed.default_storage_location = "/home/
|
|
15
|
+
NVDFeedScraper::Feed.default_storage_location = "/home/user/Dev/cve_feeds"
|
|
16
16
|
# Create a {Feed} object for all available feeds
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
f.json_pull
|
|
20
|
-
end
|
|
17
|
+
# and for each one download the JSON file and fill the attributes.
|
|
18
|
+
s.feeds(s.available_feeds).each(&:json_pull)
|
|
21
19
|
```
|
data/test/test_nvd_feed_api.rb
CHANGED
|
@@ -9,7 +9,7 @@ class NVDAPITest < Minitest::Test
|
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def test_scraper_scrap
|
|
12
|
-
assert_equal(@s.scrap,
|
|
12
|
+
assert_equal(0, @s.scrap, 'scrap method return nothing')
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def test_scraper_feeds_noarg
|
|
@@ -51,27 +51,27 @@ class NVDAPITest < Minitest::Test
|
|
|
51
51
|
refute_empty(@s.cve(['CVE-2014-0160', 'cve-2009-3555']), 'cve returns an empty array')
|
|
52
52
|
# bad arg
|
|
53
53
|
## string but not a CVE ID
|
|
54
|
-
assert_raises(RuntimeError) do
|
|
55
|
-
|
|
56
|
-
assert_equal(err.message, 'bad CVE name')
|
|
54
|
+
err = assert_raises(RuntimeError) do
|
|
55
|
+
@s.cve('e')
|
|
57
56
|
end
|
|
57
|
+
assert_equal('bad CVE name', err.message)
|
|
58
58
|
## correct CVE ID but bad year
|
|
59
|
-
assert_raises(RuntimeError) do
|
|
60
|
-
|
|
61
|
-
assert_equal(err.message, 'bad CVE year in ["CVE-2001-31337"]')
|
|
59
|
+
err = assert_raises(RuntimeError) do
|
|
60
|
+
@s.cve('CVE-1800-31337')
|
|
62
61
|
end
|
|
62
|
+
assert_equal('bad CVE year in ["CVE-1800-31337"]', err.message)
|
|
63
63
|
## correct CVE ID and year but unexisting CVE
|
|
64
64
|
assert_nil(@s.cve('CVE-2004-31337'))
|
|
65
65
|
## correct CVE ID and year but unexisting CVE with array arg
|
|
66
|
-
assert_raises(RuntimeError) do
|
|
67
|
-
|
|
68
|
-
assert_equal(err.message, 'CVE-2005-31337 are unexisting CVEs in this feed')
|
|
66
|
+
err = assert_raises(RuntimeError) do
|
|
67
|
+
@s.cve(['CVE-2004-31337', 'CVE-2005-31337'])
|
|
69
68
|
end
|
|
69
|
+
assert_equal('CVE-2005-31337 are unexisting CVEs in this feed', err.message)
|
|
70
70
|
## wrong arg type
|
|
71
|
-
assert_raises(RuntimeError) do
|
|
72
|
-
|
|
73
|
-
assert_equal(err.message, 'the provided argument (1) is nor a String or an Array')
|
|
71
|
+
err = assert_raises(RuntimeError) do
|
|
72
|
+
@s.cve(1)
|
|
74
73
|
end
|
|
74
|
+
assert_equal('the provided argument (1) is nor a String or an Array', err.message)
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
def test_scraper_update_feeds
|
|
@@ -87,10 +87,10 @@ class NVDAPITest < Minitest::Test
|
|
|
87
87
|
refute_empty(@s.update_feeds([f2017, f_modified]), 'update_feeds returns an empty array')
|
|
88
88
|
# bad arg
|
|
89
89
|
## wrong arg type
|
|
90
|
-
assert_raises(RuntimeError) do
|
|
91
|
-
|
|
92
|
-
assert_equal(err.message, 'the provided argument 1 is not a Feed or an Array')
|
|
90
|
+
err = assert_raises(RuntimeError) do
|
|
91
|
+
@s.update_feeds(1)
|
|
93
92
|
end
|
|
93
|
+
assert_equal(err.message, 'the provided argument 1 is not a Feed or an Array')
|
|
94
94
|
## empty array
|
|
95
95
|
assert_empty(@s.update_feeds([]))
|
|
96
96
|
end
|
|
@@ -102,7 +102,7 @@ class NVDAPITest < Minitest::Test
|
|
|
102
102
|
assert_instance_of(String, default_val, "default_storage_location doesn't return a string")
|
|
103
103
|
# check new value
|
|
104
104
|
new_val = '/srv/downloads/'
|
|
105
|
-
assert_equal(NVDFeedScraper::Feed.default_storage_location = new_val,
|
|
105
|
+
assert_equal(new_val, NVDFeedScraper::Feed.default_storage_location = new_val, 'the new value was not set properly')
|
|
106
106
|
# put the default value back / restore context
|
|
107
107
|
NVDFeedScraper::Feed.default_storage_location = default_val
|
|
108
108
|
end
|
|
@@ -116,7 +116,7 @@ class NVDAPITest < Minitest::Test
|
|
|
116
116
|
# Test name
|
|
117
117
|
assert_instance_of(String, f.name, "name doesn't return a string")
|
|
118
118
|
refute_empty(f.name, 'name is empty')
|
|
119
|
-
assert_equal(
|
|
119
|
+
assert_equal(name, f.name, 'The name of the feed was modified')
|
|
120
120
|
# Test updated
|
|
121
121
|
assert_instance_of(String, f.updated, "updated doesn't return a string")
|
|
122
122
|
refute_empty(f.updated, 'updated is empty')
|
|
@@ -127,15 +127,15 @@ class NVDAPITest < Minitest::Test
|
|
|
127
127
|
# Test gz_url
|
|
128
128
|
assert_instance_of(String, f.gz_url, "gz_url doesn't return a string")
|
|
129
129
|
refute_empty(f.gz_url, 'gz_url is empty')
|
|
130
|
-
assert_equal(
|
|
130
|
+
assert_equal(gz_url, f.gz_url, 'The gz_url of the feed was modified')
|
|
131
131
|
# Test zip_url
|
|
132
132
|
assert_instance_of(String, f.zip_url, "zip_url doesn't return a string")
|
|
133
133
|
refute_empty(f.zip_url, 'zip_url is empty')
|
|
134
|
-
assert_equal(
|
|
134
|
+
assert_equal(zip_url, f.zip_url, 'The zip_url url of the feed was modified')
|
|
135
135
|
# Test meta_url
|
|
136
136
|
assert_instance_of(String, f.meta_url, "meta_url doesn't return a string")
|
|
137
137
|
refute_empty(f.meta_url, 'meta_url is empty')
|
|
138
|
-
assert_equal(
|
|
138
|
+
assert_equal(meta_url, f.meta_url, 'The meta_url url of the feed was modified')
|
|
139
139
|
end
|
|
140
140
|
|
|
141
141
|
def test_feed_available_cves
|
|
@@ -149,31 +149,31 @@ class NVDAPITest < Minitest::Test
|
|
|
149
149
|
f = @s.feeds('CVE-2012')
|
|
150
150
|
f.json_pull
|
|
151
151
|
# one arg
|
|
152
|
-
assert_instance_of(Hash,
|
|
152
|
+
assert_instance_of(Hash, f.cve('CVE-2012-4969'), "cve doesn't return a hash")
|
|
153
153
|
# two args
|
|
154
|
-
assert_instance_of(Array,
|
|
155
|
-
refute_empty(
|
|
154
|
+
assert_instance_of(Array, f.cve('CVE-2012-4969', 'cve-2012-1889'), "cve doesn't return an array")
|
|
155
|
+
refute_empty(f.cve('CVE-2012-4969', 'cve-2012-1889'), 'cve returns an empty array')
|
|
156
156
|
# array arg
|
|
157
|
-
assert_instance_of(Array,
|
|
158
|
-
refute_empty(
|
|
157
|
+
assert_instance_of(Array, f.cve(['CVE-2012-4969', 'cve-2012-1889']), "cve doesn't return an array")
|
|
158
|
+
refute_empty(f.cve(['CVE-2012-4969', 'cve-2012-1889']), 'cve returns an empty array')
|
|
159
159
|
# bad arg
|
|
160
160
|
## string but not a CVE ID
|
|
161
|
-
assert_raises(RuntimeError) do
|
|
162
|
-
|
|
163
|
-
assert_equal(err.message, 'bad CVE name')
|
|
161
|
+
err = assert_raises(RuntimeError) do
|
|
162
|
+
f.cve('e')
|
|
164
163
|
end
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
164
|
+
assert_equal('bad CVE name (e)', err.message)
|
|
165
|
+
## bad year
|
|
166
|
+
assert_nil(f.cve('CVE-2004-31337'))
|
|
167
|
+
## bad year not in the feed with array arg
|
|
168
|
+
err = assert_raises(RuntimeError) do
|
|
169
|
+
f.cve(['CVE-2004-31337', 'CVE-2005-31337'])
|
|
171
170
|
end
|
|
171
|
+
assert_equal('CVE-2004-31337, CVE-2005-31337 are unexisting CVEs in this feed', err.message)
|
|
172
172
|
## wrong arg type
|
|
173
|
-
assert_raises(RuntimeError) do
|
|
174
|
-
|
|
175
|
-
assert_equal(err.message, 'the provided argument (1) is nor a String or an Array')
|
|
173
|
+
err = assert_raises(RuntimeError) do
|
|
174
|
+
f.cve(1)
|
|
176
175
|
end
|
|
176
|
+
assert_equal('the provided argument (1) is nor a String or an Array', err.message)
|
|
177
177
|
end
|
|
178
178
|
|
|
179
179
|
def test_feed_download_gz
|
|
@@ -208,19 +208,19 @@ class NVDAPITest < Minitest::Test
|
|
|
208
208
|
|
|
209
209
|
def test_meta_parse_noarg
|
|
210
210
|
m = NVDFeedScraper::Meta.new('https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.meta')
|
|
211
|
-
assert_equal(m.parse,
|
|
211
|
+
assert_equal(0, m.parse, 'parse method return nothing')
|
|
212
212
|
end
|
|
213
213
|
|
|
214
214
|
def test_meta_parse_witharg
|
|
215
215
|
m = NVDFeedScraper::Meta.new
|
|
216
216
|
meta_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.meta'
|
|
217
|
-
assert_equal(m.parse(meta_url),
|
|
217
|
+
assert_equal(0, m.parse(meta_url), 'parse method return nothing')
|
|
218
218
|
end
|
|
219
219
|
|
|
220
220
|
def test_meta_url_setter
|
|
221
221
|
m = NVDFeedScraper::Meta.new
|
|
222
222
|
meta_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.meta'
|
|
223
|
-
assert_equal(m.url = meta_url,
|
|
223
|
+
assert_equal(meta_url, m.url = meta_url, 'the meta URL is not set correctly')
|
|
224
224
|
end
|
|
225
225
|
|
|
226
226
|
def test_meta_attributes
|
|
@@ -243,7 +243,7 @@ class NVDAPITest < Minitest::Test
|
|
|
243
243
|
assert(m.size.match?(/[0-9]+/), 'Meta size is not an integer')
|
|
244
244
|
# Test url
|
|
245
245
|
assert_instance_of(String, m.url, "Meta url method doesn't return a string")
|
|
246
|
-
assert_equal(m.url,
|
|
246
|
+
assert_equal(meta_url, m.url, 'The Meta url was modified')
|
|
247
247
|
# Test zip_size
|
|
248
248
|
assert_instance_of(String, m.zip_size, "Meta zip_size method doesn't return a string")
|
|
249
249
|
assert(m.zip_size.match?(/[0-9]+/), 'Meta zip_size is not an integer')
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nvd_feed_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 0.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandre ZANNI
|
|
@@ -223,7 +223,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
223
223
|
version: '0'
|
|
224
224
|
requirements: []
|
|
225
225
|
rubyforge_project:
|
|
226
|
-
rubygems_version: 2.6.
|
|
226
|
+
rubygems_version: 2.6.14
|
|
227
227
|
signing_key:
|
|
228
228
|
specification_version: 4
|
|
229
229
|
summary: API for NVD CVE feeds
|