nvd_feed_api 0.2.1.yank → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 6787ce3cf4a7b489e422d52f0be48642ea091e60
-  data.tar.gz: 5e41fab281567c47a8323997f6b6ef4e5759320a
+SHA256:
+  metadata.gz: a5b514ce502cdd7ed0c110fc51e834735f0431d18724ce805a7d43ab6c48573b
+  data.tar.gz: 2ad857a72403943feee5a60f3a7ac8e8f642eb96e4ebb5956d2cdaeb3d635a46
 SHA512:
-  metadata.gz: c30c2411484e44cd49878ff6396ca21cf9fb172ec095e2b48bd15ced3ba05d245df89917eceb10f6e00331794462898aa4b02f1f66241ba0e8886ed24beaf55a
-  data.tar.gz: 86eb79764eddc1d8ffdbf76f3f105d819c4482b64fedbedf597ac86ae54858c97cefc2155bf5fa3e0f267d1a6e0ceb5c0ead1036312e5b8318a0a5ac08f650ca
+  metadata.gz: 830a36b97968d09491bd7827393e261aff2ec6fc410167cfcada0848e86809979c01a7c7c9bbfcfa6cf86b0a357279b26cb45719ceefde01f2e2456d2c03f272
+  data.tar.gz: dab48f73efd733dd71c94ad619289727c625526b6099b09906203ed19b776aa2d97b21868cf1b10a4bba095f6d4a26a06da7c23cacc4f6776eb2cc5486f9d5c7

data/.gitignore

@@ -50,4 +50,4 @@ build-iPhoneSimulator/
 .rvmrc
 
 # do not check Gemfile.lock fror gems
-Gemfile.lock
+#Gemfile.lock

data/.gitlab-ci.yml

@@ -1,40 +1,47 @@
 # Official language image. Look for the different tagged releases at:
 # https://hub.docker.com/r/library/ruby/tags/
 
+# Caching: https://docs.gitlab.com/ee/ci/caching/#caching-ruby-dependencies
 cache:
+  key: ${CI_COMMIT_REF_SLUG}
   paths:
     - vendor/ruby # cache gems in between builds
 
 before_script:
   - ruby -v # Print out ruby version for debugging
-  - gem install bundler  --no-ri --no-rdoc # Bundler is not installed with the image
+  - gem install bundler --no-document # Bundler is not installed with the image
   # install nproc (coreutils) for bundle -j
   # install git for building the gemspec
   # install make, gcc for building gem native extension (commonmarker)
   # libc-dev for musl-dev dependency (stdlib.h) needed by gcc
   - apk --no-cache add coreutils git make gcc libc-dev
   - bundle install -j $(nproc) --path vendor # Install dependencies into ./vendor/ruby
-  - rake install # install the gem
+  - bundle exec rake install # install the gem
 
-test:2.4:
+# Anchors: https://docs.gitlab.com/ee/ci/yaml/README.html#anchors
+.test_template: &job_definition
   stage: test
-  image: ruby:2.4-alpine
   script:
-    - rubocop
-    - rake test
+  - bundle exec rubocop
+  - bundle exec rake test
+
+test:2.4:
+  <<: *job_definition
+  image: ruby:2.4-alpine
 
 test:2.5:
-  stage: test
+  <<: *job_definition
   image: ruby:2.5-alpine
-  script:
-    - rubocop
-    - rake test
+
+test:2.6:
+  <<: *job_definition
+  image: ruby:2.6-alpine
 
 pages:
   stage: deploy
   image: ruby:2.4-alpine
   script:
-    - yard doc
+    - bundle exec yard doc
     - mkdir public
     - mv doc/* public/
   artifacts:

data/.rubocop.yml

@@ -1,6 +1,9 @@
 AllCops:
   TargetRubyVersion: 2.4
 
+Layout/AlignHash:
+  EnforcedHashRocketStyle: table
+
 # Rubocop is too stupid too see that the variable is used
 Lint/UselessAssignment:
   Enabled: false

data/Gemfile.lock

@@ -0,0 +1,64 @@
+PATH
+  remote: .
+  specs:
+    nvd_feed_api (0.3.0)
+      archive-zip (~> 0.11)
+      nokogiri (~> 1.10)
+      oj (>= 3.7.8, < 4)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    archive-zip (0.11.0)
+      io-like (~> 0.3.0)
+    ast (2.4.0)
+    commonmarker (0.18.2)
+      ruby-enum (~> 0.5)
+    concurrent-ruby (1.1.4)
+    github-markup (3.0.2)
+    i18n (1.5.3)
+      concurrent-ruby (~> 1.0)
+    io-like (0.3.0)
+    jaro_winkler (1.5.2)
+    mini_portile2 (2.4.0)
+    minitest (5.11.3)
+    nokogiri (1.10.1)
+      mini_portile2 (~> 2.4.0)
+    oj (3.7.8)
+    parallel (1.13.0)
+    parser (2.6.0.0)
+      ast (~> 2.4.0)
+    powerpack (0.1.2)
+    rainbow (3.0.0)
+    rake (12.3.2)
+    redcarpet (3.4.0)
+    rubocop (0.63.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.5, != 2.5.1.1)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.4.0)
+    ruby-enum (0.7.2)
+      i18n
+    ruby-progressbar (1.10.0)
+    unicode-display_width (1.4.1)
+    yard (0.9.16)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 2.0)
+  commonmarker (~> 0.18)
+  github-markup (~> 3.0)
+  minitest (~> 5.11)
+  nvd_feed_api!
+  rake (~> 12.3)
+  redcarpet (~> 3.4)
+  rubocop (~> 0.63)
+  yard (~> 0.9)
+
+BUNDLED WITH
+   2.0.1

data/lib/nvd_feed_api.rb

@@ -31,7 +31,7 @@ class NVDFeedScraper
 
   # Scrap / parse the website to get the feeds and fill the {#feeds} attribute.
   # @note {#scrap} need to be called only once but can be called again to update if the NVD feed page changed.
-  # @return [Integer] +0+ when there is no error.
+  # @return [Integer] Number of scrapped feeds.
   def scrap
     uri = URI(@url)
     html = Net::HTTP.get(uri)
@@ -46,6 +46,7 @@ class NVDFeedScraper
       zip = tr.css('+ tr + tr > td > a').attr('href').value
       @feeds.push(Feed.new(name, updated, meta, gz, zip))
     end
+    return @feeds.size
   end
 
   # Return feeds. Can only be called after {#scrap}.
@@ -72,6 +73,7 @@ class NVDFeedScraper
   # @see https://nvd.nist.gov/vuln/data-feeds
   def feeds(*arg_feeds)
     raise 'call scrap method before using feeds method' if @feeds.nil?
+
     return_value = nil
     if arg_feeds.empty?
       return_value = @feeds
@@ -83,6 +85,7 @@ class NVDFeedScraper
         # if nothing found return nil
       elsif arg_feeds[0].is_a?(Array)
         raise 'one of the provided arguments is not a String' unless arg_feeds[0].all? { |x| x.is_a?(String) }
+
         # Sorting CVE can allow us to parse quicker
         # Upcase to be sure include? works
         # Does not use map(&:upcase) to preserve CVE-Recent and CVE-Modified
@@ -114,6 +117,7 @@ class NVDFeedScraper
   #   scraper.available_feeds => ["CVE-Modified", "CVE-Recent", "CVE-2017", "CVE-2016", "CVE-2015", "CVE-2014", "CVE-2013", "CVE-2012", "CVE-2011", "CVE-2010", "CVE-2009", "CVE-2008", "CVE-2007", "CVE-2006", "CVE-2005", "CVE-2004", "CVE-2003", "CVE-2002"]
   def available_feeds
     raise 'call scrap method before using available_feeds method' if @feeds.nil?
+
     feed_names = []
     @feeds.each do |feed| # feed is an objet
       feed_names.push(feed.name)
@@ -146,9 +150,11 @@ class NVDFeedScraper
   def cve(*arg_cve)
     return_value = nil
     raise 'no argument provided, 1 or more expected' if arg_cve.empty?
+
     if arg_cve.length == 1
       if arg_cve[0].is_a?(String)
         raise 'bad CVE name' unless /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(arg_cve[0])
+
         year = /^CVE-([0-9]{4})-[0-9]{4,}$/i.match(arg_cve[0]).captures[0]
         matched_feed = nil
         feed_names = available_feeds
@@ -163,12 +169,14 @@ class NVDFeedScraper
         # CVE-2002 feed (the 1st one) contains CVE from 1999 to 2002
         matched_feed = 'CVE-2002' if matched_feed.nil? && ('1999'..'2001').to_a.include?(year)
         raise "bad CVE year in #{arg_cve}" if matched_feed.nil?
+
         f = feeds(matched_feed)
         f.json_pull
         return_value = f.cve(arg_cve[0])
       elsif arg_cve[0].is_a?(Array)
         raise 'one of the provided arguments is not a String' unless arg_cve[0].all? { |x| x.is_a?(String) }
         raise 'bad CVE name' unless arg_cve[0].all? { |x| /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(x) }
+
         return_value = []
         # Sorting CVE can allow us to parse quicker
         # Upcase to be sure include? works
@@ -185,6 +193,7 @@ class NVDFeedScraper
         # So virtually add those feed...
         feed_names.merge(virtual_feeds)
         raise 'unexisting CVE year was provided in some CVE' unless feeds_to_match.subset?(feed_names)
+
         matched_feeds = feeds_to_match.intersection(feed_names)
         # and now that the intersection is done remove those virtual feeds and add CVE-2002 instead if needed
         unless matched_feeds.intersection(virtual_feeds.to_set).empty?
@@ -235,6 +244,7 @@ class NVDFeedScraper
   def update_feeds(*arg_feed)
     return_value = false
     raise 'no argument provided, 1 or more expected' if arg_feed.empty?
+
     scrap
     if arg_feed.length == 1
       if arg_feed[0].is_a?(Feed)

data/lib/nvd_feed_api/feed.rb

@@ -184,6 +184,7 @@ class NVDFeedScraper
         # Verify hash integrity
         computed_h = Digest::SHA256.file(@json_file)
         raise "File corruption: #{@json_file}" unless meta.sha256.casecmp(computed_h.hexdigest).zero?
+
         # update data
         doc = Oj::Doc.open(File.read(@json_file))
         @data_type = doc.fetch('/CVE_data_type')
@@ -223,11 +224,14 @@ class NVDFeedScraper
     def cve(*arg_cve)
       raise 'json_file is nil, it needs to be populated with json_pull' if @json_file.nil?
       raise "json_file (#{@json_file}) doesn't exist" unless File.file?(@json_file)
+
       return_value = nil
       raise 'no argument provided, 1 or more expected' if arg_cve.empty?
+
       if arg_cve.length == 1
         if arg_cve[0].is_a?(String)
           raise "bad CVE name (#{arg_cve[0]})" unless /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(arg_cve[0])
+
           doc = Oj::Doc.open(File.read(@json_file))
           # Quicker than doc.fetch('/CVE_Items').size
           (1..@data_number_of_cves).each do |i|
@@ -244,6 +248,7 @@ class NVDFeedScraper
           cves_to_find = arg_cve[0].map(&:upcase).sort
           raise 'one of the provided arguments is not a String' unless cves_to_find.all? { |x| x.is_a?(String) }
           raise 'bad CVE name' unless cves_to_find.all? { |x| /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(x) }
+
           doc = Oj::Doc.open(File.read(@json_file))
           # Quicker than doc.fetch('/CVE_Items').size
           (1..@data_number_of_cves).each do |i|
@@ -273,6 +278,7 @@ class NVDFeedScraper
     def available_cves
       raise 'json_file is nil, it needs to be populated with json_pull' if @json_file.nil?
       raise "json_file (#{@json_file}) doesn't exist" unless File.file?(@json_file)
+
       doc = Oj::Doc.open(File.read(@json_file))
       # Quicker than doc.fetch('/CVE_Items').size
       cve_names = []
@@ -290,6 +296,7 @@ class NVDFeedScraper
     #   'CVE-2007'
     def name=(arg_name)
       raise "name (#{arg_name}) is not a string" unless arg_name.is_a?(String)
+
       @name = arg_name
     end
 
@@ -299,6 +306,7 @@ class NVDFeedScraper
     #   '10/19/2017 3:27:02 AM -04:00'
     def updated=(arg_updated)
       raise "updated date (#{arg_updated}) is not a string" unless arg_updated.is_a?(String)
+
       @updated = arg_updated
     end
 
@@ -308,6 +316,7 @@ class NVDFeedScraper
     #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.meta'
     def meta_url=(arg_meta_url)
       raise "meta_url (#{arg_meta_url}) is not a string" unless arg_meta_url.is_a?(String)
+
       @meta_url = arg_meta_url
     end
 
@@ -317,6 +326,7 @@ class NVDFeedScraper
     #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.gz'
     def gz_url=(arg_gz_url)
       raise "gz_url (#{arg_gz_url}) is not a string" unless arg_gz_url.is_a?(String)
+
       @gz_url = arg_gz_url
     end
 
@@ -326,6 +336,7 @@ class NVDFeedScraper
     #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.zip'
     def zip_url=(arg_zip_url)
       raise "zip_url (#{arg_zip_url}) is not a string" unless arg_zip_url.is_a?(String)
+
       @zip_url = arg_zip_url
     end
 
@@ -362,6 +373,7 @@ class NVDFeedScraper
       unless skip_download
         res = Net::HTTP.get_response(uri)
         raise "#{file_url} ended with #{res.code} #{res.message}" unless res.is_a?(Net::HTTPSuccess)
+
         File.open(destination_file, 'wb') do |file|
           file.write(res.body)
         end
@@ -376,6 +388,7 @@ class NVDFeedScraper
     def update!(fresh_feed)
       return_value = false
       raise "#{fresh_feed} is not a Feed" unless fresh_feed.is_a?(Feed)
+
       # update attributes
       if updated != fresh_feed.updated
         self.name = fresh_feed.name

data/lib/nvd_feed_api/meta.rb

@@ -91,6 +91,7 @@ class NVDFeedScraper
       end
 
       raise "Can't parse if the URL is empty" if @url.nil?
+
       uri = URI(@url)
 
       meta = Net::HTTP.get(uri)

data/lib/nvd_feed_api/version.rb

@@ -1,3 +1,3 @@
 module NvdFeedApi
-	VERSION = '0.2.1.yank'.freeze
+  VERSION = '0.3.0'.freeze
 end

data/nvd_feed_api.gemspec

@@ -6,7 +6,7 @@ Gem::Specification.new do |s|
   s.name          = 'nvd_feed_api'
   s.version       = NvdFeedApi::VERSION
   s.platform      = Gem::Platform::RUBY
-  s.date          = '2018-05-02'
+  s.date          = '2018-01-06'
   s.summary       = 'API for NVD CVE feeds'
   s.description   = 'A simple API for NVD CVE feeds'
   s.authors       = ['Alexandre ZANNI']
@@ -31,16 +31,16 @@ Gem::Specification.new do |s|
 
   s.required_ruby_version = '~> 2.4'
 
-  s.add_dependency('archive-zip', '~> 0.10')
-  s.add_dependency('nokogiri', '~> 1.8')
-  s.add_dependency('oj', '~> 3.3')
+  s.add_dependency('archive-zip', '~> 0.11')
+  s.add_dependency('nokogiri', '~> 1.10')
+  s.add_dependency('oj', '>= 3.7.8', '<4')
 
-  s.add_development_dependency('bundler', '~> 1.15')
-  s.add_development_dependency('commonmarker', '~> 0.17') # for GMF support in YARD
-  s.add_development_dependency('github-markup', '~> 1.6') # for GMF support in YARD
-  s.add_development_dependency('minitest', '~> 5.10')
+  s.add_development_dependency('bundler', '~> 2.0')
+  s.add_development_dependency('commonmarker', '~> 0.18') # for GMF support in YARD
+  s.add_development_dependency('github-markup', '~> 3.0') # for GMF support in YARD
+  s.add_development_dependency('minitest', '~> 5.11')
   s.add_development_dependency('rake', '~> 12.3')
   s.add_development_dependency('redcarpet', '~> 3.4') # for GMF support in YARD
-  s.add_development_dependency('rubocop', '~> 0.51')
+  s.add_development_dependency('rubocop', '~> 0.63')
   s.add_development_dependency('yard', '~> 0.9')
 end

data/pages/CHANGELOG.md

@@ -1,8 +1,18 @@
+# [0.3.0] - 22 January 2019
+
+[0.3.0]: https://gitlab.com/noraj/nvd_api/tags/v0.3.0
+
+- update dependencies: updated gemspec, ruby 2.6 support, fix gem doc flag, fix oj crash (seg fault)
+- Gemfile.lock: now Gemfile.lock is not ignored anymore
+- gitlab-ci: add ruby 2.6 test, add caching key, and anchors for better reuse, always use bundle
+- NVDFeedScraper `scrap` method: change return value
+- rubocop: fix lint
+
 # [0.2.1] - 2 May 2018
 
 [0.2.1]: https://gitlab.com/noraj/nvd_api/tags/v0.2.1
 
-- Gitlab-CI: test vith ruby 2.4.x and 2.5.x
+- Gitlab-CI: test with ruby 2.4.x and 2.5.x
 - style: fix Style/ExpandPathArguments cop
 - security: fix Security/Open cop, protect from pipe command injection
 - test: fix NVD URL after NVD changed it

data/test/test_nvd_feed_api.rb

@@ -9,7 +9,7 @@ class NVDAPITest < Minitest::Test
   end
 
   def test_scraper_scrap
-    assert_equal(0, @s.scrap, 'scrap method return nothing')
+    assert_operator(0, :<, @s.scrap, 'scrap method returns nothing')
   end
 
   def test_scraper_feeds_noarg

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nvd_feed_api
 version: !ruby/object:Gem::Version
-  version: 0.2.1.yank
+  version: 0.3.0
 platform: ruby
 authors:
 - Alexandre ZANNI
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-02 00:00:00.000000000 Z
+date: 2018-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: archive-zip
@@ -16,98 +16,104 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.11'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.10'
 - !ruby/object:Gem::Dependency
   name: oj
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.7.8
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '3.3'
+        version: '4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.7.8
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '3.3'
+        version: '4'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: commonmarker
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: '0.18'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: '0.18'
 - !ruby/object:Gem::Dependency
   name: github-markup
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.10'
+        version: '5.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.10'
+        version: '5.11'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -142,14 +148,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.51'
+        version: '0.63'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.51'
+        version: '0.63'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
@@ -182,6 +188,7 @@ files:
 - ".rubocop.yml"
 - ".yardopts"
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -220,12 +227,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: API for NVD CVE feeds