nvd_feed_api 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0365df5462570fa4b9483e27ef5d6b7edf48cde8599c199932b86bda75c7790d
-  data.tar.gz: 52c270979c88f7154edd2c06f9dcec28c9fccffd3ff0606f6bda817a2f6ffd6a
+  metadata.gz: 77fb8e2cb880ccd6376de4a63dc9ca016a3553cb8b52ad28463a6db7c8f28203
+  data.tar.gz: a6efdc897b58302b4fc8bf3f49a1cb31f3e00dcaa7deafcac9c1dc5e0642dfd9
 SHA512:
-  metadata.gz: aceb9c1aa76e74ad7d87329900417abccd5c01f47a9fb76cdddf870e00654257dacf9506eb3b87e4cb9148a2ae2829191e2357ae56f4af4cd35b904073bb89fe
-  data.tar.gz: cfb064247356ab4f559d6b50cb997a7f332ab26f1172dafab8baf2ab5d30c204da7594a438b710e671204633cc77c6ca66a1c5f1056f2da721a69760b65faab8
+  metadata.gz: 8d2795f2b8b16563df4b8af0980fecdf167de7c875b4bc1c944931a65cebf02ee0ff689b299307bb3ec51c985c29cc2e830e5e01286095ccbb11167662f978ce
+  data.tar.gz: 3c9d6acb0c8a2736fd416dc4b6b6431f90a7f7ce30d1c748e85892f2c27e6c88e85082cbf2e0f6be39c90bab81d7179bd3010ff9930dbff8341edac3952b07e3

data/Gemfile

@@ -5,7 +5,7 @@ source 'https://rubygems.org'
 gemspec
 
 group :runtime, :cli do
-  gem 'archive-zip', '~> 0.11'
+  gem 'archive-zip', '0.13.0.pre1'
   gem 'nokogiri', '~> 1.11'
   gem 'oj', '>= 3.7.8', '<4'
 end

data/Gemfile.lock

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: .
   specs:
-    nvd_feed_api (0.5.0)
+    nvd_feed_api (0.6.0)
       archive-zip (~> 0.11)
       nokogiri (~> 1.11)
       oj (>= 3.7.8, < 4)
@@ -17,46 +17,46 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    archive-zip (0.12.0)
-      io-like (~> 0.3.0)
+    archive-zip (0.13.0.pre1)
+      io-like (~> 0.4.0.pre1)
     ast (2.4.3)
     bigdecimal (3.1.9)
-    commonmarker (2.2.0)
+    commonmarker (2.3.0)
       rb_sys (~> 0.9)
-    commonmarker (2.2.0-aarch64-linux)
-    commonmarker (2.2.0-aarch64-linux-musl)
-    commonmarker (2.2.0-arm64-darwin)
-    commonmarker (2.2.0-x86_64-darwin)
-    commonmarker (2.2.0-x86_64-linux)
-    commonmarker (2.2.0-x86_64-linux-musl)
-    io-like (0.3.1)
-    json (2.10.2)
-    language_server-protocol (3.17.0.4)
+    commonmarker (2.3.0-aarch64-linux)
+    commonmarker (2.3.0-aarch64-linux-musl)
+    commonmarker (2.3.0-arm64-darwin)
+    commonmarker (2.3.0-x86_64-darwin)
+    commonmarker (2.3.0-x86_64-linux)
+    commonmarker (2.3.0-x86_64-linux-musl)
+    io-like (0.4.0.pre1)
+    json (2.12.0)
+    language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
-    logger (1.6.6)
+    logger (1.7.0)
     minitest (5.25.5)
-    nokogiri (1.18.6-aarch64-linux-gnu)
+    nokogiri (1.18.8-aarch64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.6-aarch64-linux-musl)
+    nokogiri (1.18.8-aarch64-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.6-arm-linux-gnu)
+    nokogiri (1.18.8-arm-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.6-arm-linux-musl)
+    nokogiri (1.18.8-arm-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.6-arm64-darwin)
+    nokogiri (1.18.8-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.6-x86_64-darwin)
+    nokogiri (1.18.8-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.6-x86_64-linux-gnu)
+    nokogiri (1.18.8-x86_64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.6-x86_64-linux-musl)
+    nokogiri (1.18.8-x86_64-linux-musl)
       racc (~> 1.4)
     oj (3.16.10)
       bigdecimal (>= 3.0)
       ostruct (>= 0.2)
     ostruct (0.6.1)
-    parallel (1.26.3)
-    parser (3.3.7.3)
+    parallel (1.27.0)
+    parser (3.3.8.0)
       ast (~> 2.4.1)
       racc
     prism (1.4.0)
@@ -67,7 +67,7 @@ GEM
     rb_sys (0.9.111)
       rake-compiler-dock (= 1.9.1)
     regexp_parser (2.10.0)
-    rubocop (1.75.1)
+    rubocop (1.75.7)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -75,15 +75,15 @@ GEM
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.43.0, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.43.0)
+    rubocop-ast (1.44.1)
       parser (>= 3.3.7.2)
       prism (~> 1.4)
-    rubocop-minitest (0.37.1)
+    rubocop-minitest (0.38.0)
       lint_roller (~> 1.1)
-      rubocop (>= 1.72.1, < 2.0)
+      rubocop (>= 1.75.0, < 2.0)
       rubocop-ast (>= 1.38.0, < 2.0)
     ruby-progressbar (1.13.0)
     unicode-display_width (3.1.4)
@@ -101,7 +101,7 @@ PLATFORMS
   x86_64-linux-musl
 
 DEPENDENCIES
-  archive-zip (~> 0.11)
+  archive-zip (= 0.13.0.pre1)
   bundler (~> 2.1)
   commonmarker (~> 2.0)
   logger (< 2.0)

data/lib/nvd_feed_api/feed.rb

@@ -34,17 +34,17 @@ class NVDFeedScraper
 
     # @return [String] the URL of the metadata file of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.meta'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.meta'
     attr_reader :meta_url
 
     # @return [String] the URL of the gz archive of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.gz'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.json.gz'
     attr_reader :gz_url
 
     # @return [String] the URL of the zip archive of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.zip'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.json.zip'
     attr_reader :zip_url
 
     # @return [Meta] the {Meta} object of the feed.
@@ -170,11 +170,11 @@ class NVDFeedScraper
         # Set data
         if @data_type.nil?
           doc = Oj::Doc.open(File.read(@json_file))
-          @data_type = doc.fetch('/CVE_data_type')
-          @data_format = doc.fetch('/CVE_data_format')
-          @data_version = doc.fetch('/CVE_data_version').to_f
-          @data_number_of_cves = doc.fetch('/CVE_data_numberOfCVEs').to_i
-          @data_timestamp = Date.strptime(doc.fetch('/CVE_data_timestamp'), '%FT%RZ')
+          @data_type = 'CVE' # @data_type was doc.fetch('/CVE_data_type') in 1.1 schema but was removed in 2.0 so keep this string for retrocompatibility
+          @data_format = doc.fetch('/format')
+          @data_version = doc.fetch('/version').to_f
+          @data_number_of_cves = doc.fetch('/totalResults').to_i
+          @data_timestamp = Date.strptime(doc.fetch('/timestamp'), '%FT%T.%N')
           doc.close
         end
       else
@@ -189,11 +189,11 @@ class NVDFeedScraper
 
         # update data
         doc = Oj::Doc.open(File.read(@json_file))
-        @data_type = doc.fetch('/CVE_data_type')
-        @data_format = doc.fetch('/CVE_data_format')
-        @data_version = doc.fetch('/CVE_data_version').to_f
-        @data_number_of_cves = doc.fetch('/CVE_data_numberOfCVEs').to_i
-        @data_timestamp = Date.strptime(doc.fetch('/CVE_data_timestamp'), '%FT%RZ')
+        @data_type = 'CVE' # @data_type was doc.fetch('/CVE_data_type') in 1.1 schema but was removed in 2.0 so keep this string for retrocompatibility
+        @data_format = doc.fetch('/format')
+        @data_version = doc.fetch('/version').to_f
+        @data_number_of_cves = doc.fetch('/totalResults').to_i
+        @data_timestamp = Date.strptime(doc.fetch('/timestamp'), '%FT%T.%N')
         doc.close
       end
       return @json_file
@@ -215,8 +215,7 @@ class NVDFeedScraper
     #   @return [Array] an Array of CVE, each CVE is a Ruby Hash. May not be in the same order as provided.
     # @note {#json_pull} is needed before using this method. Remember you're searching only in the current feed.
     # @todo implement a CVE Class instead of returning a Hash.
-    # @see https://scap.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema
-    # @see https://scap.nist.gov/schema/nvd/feed/0.1/CVE_JSON_4.0_min.schema
+    # @see https://csrc.nist.gov/schema/nvd/api/2.0/cve_api_json_2.0.schema
     # @example
     #   s = NVDFeedScraper.new
     #   s.scrap
@@ -236,10 +235,10 @@ class NVDFeedScraper
           raise "bad CVE name (#{arg_cve[0]})" unless /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(arg_cve[0])
 
           doc = Oj::Doc.open(File.read(@json_file))
-          # Quicker than doc.fetch('/CVE_Items').size
+          # Quicker than doc.fetch('/vulnerabilities').size
           (1..@data_number_of_cves).each do |i|
-            if arg_cve[0].upcase == doc.fetch("/CVE_Items/#{i}/cve/CVE_data_meta/ID")
-              return_value = doc.fetch("/CVE_Items/#{i}")
+            if arg_cve[0].upcase == doc.fetch("/vulnerabilities/#{i}/cve/id")
+              return_value = doc.fetch("/vulnerabilities/#{i}")
               break
             end
           end
@@ -253,10 +252,10 @@ class NVDFeedScraper
           raise 'bad CVE name' unless cves_to_find.all? { |x| /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(x) }
 
           doc = Oj::Doc.open(File.read(@json_file))
-          # Quicker than doc.fetch('/CVE_Items').size
+          # Quicker than doc.fetch('/vulnerabilities').size
           (1..@data_number_of_cves).each do |i|
-            doc.move("/CVE_Items/#{i}")
-            cve_id = doc.fetch('cve/CVE_data_meta/ID')
+            doc.move("/vulnerabilities/#{i}")
+            cve_id = doc.fetch('cve/id')
             if cves_to_find.include?(cve_id)
               return_value.push(doc.fetch)
               cves_to_find.delete(cve_id)
@@ -283,11 +282,11 @@ class NVDFeedScraper
       raise "json_file (#{@json_file}) doesn't exist" unless File.file?(@json_file)
 
       doc = Oj::Doc.open(File.read(@json_file))
-      # Quicker than doc.fetch('/CVE_Items').size
+      # Quicker than doc.fetch('/vulnerabilities').size
       cve_names = []
       (1..@data_number_of_cves).each do |i|
-        doc.move("/CVE_Items/#{i}")
-        cve_names.push(doc.fetch('cve/CVE_data_meta/ID'))
+        doc.move("/vulnerabilities/#{i}")
+        cve_names.push(doc.fetch('cve/id'))
       end
       doc.close
       return cve_names
@@ -316,7 +315,7 @@ class NVDFeedScraper
     # @param arg_meta_url [String] the new URL of the metadata file of the feed.
     # @return [String] the new URL of the metadata file of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.meta'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.meta'
     def meta_url=(arg_meta_url)
       raise "meta_url (#{arg_meta_url}) is not a string" unless arg_meta_url.is_a?(String)
 
@@ -326,7 +325,7 @@ class NVDFeedScraper
     # @param arg_gz_url [String] the new URL of the gz archive of the feed.
     # @return [String] the new URL of the gz archive of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.gz'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.json.gz'
     def gz_url=(arg_gz_url)
       raise "gz_url (#{arg_gz_url}) is not a string" unless arg_gz_url.is_a?(String)
 
@@ -336,7 +335,7 @@ class NVDFeedScraper
     # @param arg_zip_url [String] the new URL of the zip archive of the feed.
     # @return [String] the new URL of the zip archive of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.zip'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.json.zip'
     def zip_url=(arg_zip_url)
       raise "zip_url (#{arg_zip_url}) is not a string" unless arg_zip_url.is_a?(String)
 

data/lib/nvd_feed_api/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module NvdFeedApi
-  VERSION = '0.5.0'
+  VERSION = '0.6.0'
 end

data/lib/nvd_feed_api.rb

@@ -42,7 +42,7 @@ class NVDFeedScraper
     doc = Nokogiri::HTML(html)
     @feeds = []
     tmp_feeds = {}
-    doc.css('#vuln-feed-table table.xml-feed-table tr[data-testid]').each do |tr|
+    doc.css('div[data-testid=nvd-json-2-feed-table] table.xml-feed-table tr[data-testid]').each do |tr|
       num, type = tr.attr('data-testid')[13..].split('-')
       case type
       when 'meta'
@@ -130,7 +130,7 @@ class NVDFeedScraper
   # Return a list with the name of all available feeds. Returned feed names can be use as argument for {#feeds} method. Can only be called after {#scrap}.
   # @return [Array<String>] List with the name of all available feeds.
   # @example
-  #   scraper.available_feeds => ["CVE-Modified", "CVE-Recent", "CVE-2017", "CVE-2016", "CVE-2015", "CVE-2014", "CVE-2013", "CVE-2012", "CVE-2011", "CVE-2010", "CVE-2009", "CVE-2008", "CVE-2007", "CVE-2006", "CVE-2005", "CVE-2004", "CVE-2003", "CVE-2002"]
+  #   scraper.available_feeds => ["CVE-Modified", "CVE-Recent", "CVE-2025", "[…]", "CVE-2002"]
   def available_feeds
     raise 'call scrap method before using available_feeds method' if @feeds.nil?
 
@@ -153,8 +153,7 @@ class NVDFeedScraper
   #   @return [Array] an Array of CVE, each CVE is a Ruby Hash.
   # @todo implement a CVE Class instead of returning a Hash. May not be in the same order as provided.
   # @note {#scrap} is needed before using this method.
-  # @see https://scap.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema
-  # @see https://scap.nist.gov/schema/nvd/feed/0.1/CVE_JSON_4.0_min.schema
+  # @see https://csrc.nist.gov/schema/nvd/api/2.0/cve_api_json_2.0.schema
   # @example
   #   s = NVDFeedScraper.new
   #   s.scrap

data/pages/CHANGELOG.md

@@ -1,3 +1,12 @@
+# [0.6.0] - 29 May 2025
+
+- Enhancements and fixes:
+  - migrating from CVE JSON 1.1 to 2.0 spec
+    - 1.1 feeds will be removed in the future
+    - 1.1 feeds do not contain Deferred status CVEs
+- Chore:
+  - Update dependencies
+
 # [0.5.0] - 30 March 2025
 
 - Breaking changes:
@@ -85,7 +94,7 @@
 
 [0.0.1.rc2]: https://gitlab.com/noraj/nvd_api/tags/v0.0.1.rc2
 
-- Add some contribution guidelines, issue and MR templates.
+- Add some contribution guidelines, issues and MR templates.
 - Improve the README to be a good entrypoint.
 - Improve the FEATURES.
 

data/pages/INSTALL.md

@@ -4,42 +4,42 @@
 
 ### Install from rubygems.org
 
-```
-$ gem install nvd_feed_api
+```bash
+gem install nvd_feed_api
 ```
 
 ## Development
 
-It's better to use [rbenv](https://github.com/rbenv/rbenv) to have latests version of ruby and to avoid trashing your system ruby.
+It's better to use [rbenv](https://github.com/rbenv/rbenv) or [asdf-vm](https://asdf-vm.com/) to have latests version of ruby and to avoid trashing your system ruby.
 
 ### Install from rubygems.org
 
-```
-$ gem install --development nvd_feed_api
+```bash
+gem install --development nvd_feed_api
 ```
 
 ### Build from git
 
 Just replace `x.x.x` with the gem version you see after `gem build`.
 
-```
-$ git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
-$ cd nvd_feed_api
-$ gem install bundle
-$ ./bin/nvd_feed_api_setup
-$ rake install
+```bash
+git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
+cd nvd_feed_api
+gem install bundle
+./bin/nvd_feed_api_setup
+rake install
 ```
 
 You can use `nvd_feed_api_console` to launch `irb` with the API required.
 
 Alternatively to build you can use:
 
-```
-$ git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
-$ cd nvd_feed_api
-$ gem install bundle
-$ gem build nvd_feed_api.gemspec
-$ gem install --development nvd_feed_api-x.x.x.gem
+```bash
+git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
+cd nvd_feed_api
+gem install bundle
+gem build nvd_feed_api.gemspec
+gem install --development nvd_feed_api-x.x.x.gem
 ```
 
 Note: if an automatic install is needed you can get the version with `$ gem build nvd_feed_api.gemspec | grep Version | cut -d' ' -f4`.
@@ -48,10 +48,10 @@ Note: if an automatic install is needed you can get the version with `$ gem buil
 
 Useful when you want to try your changes without building the gem and re-installing it each time.
 
-```
-$ git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
-$ cd nvd_feed_api
-$ gem install bundle
-$ ./bin/nvd_feed_api_setup
-$ irb -Ilib -rnvd_feed_api
+```bash
+git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
+cd nvd_feed_api
+gem install bundle
+./bin/nvd_feed_api_setup
+irb -Ilib -rnvd_feed_api
 ```

data/test/test_nvd_feed_api.rb

@@ -112,9 +112,9 @@ class NVDAPITest < Minitest::Test
 
   def test_feed_attributes
     name = 'CVE-2010'
-    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.meta'
-    gz_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.json.gz'
-    zip_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.json.zip'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2010.meta'
+    gz_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2010.json.gz'
+    zip_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2010.json.zip'
     f = @s.feeds('CVE-2010')
     # Test name
     assert_instance_of(String, f.name, "name doesn't return a string")
@@ -250,28 +250,28 @@ class NVDAPITest < Minitest::Test
   end
 
   def test_meta_parse_noarg
-    m = NVDFeedScraper::Meta.new('https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta')
+    m = NVDFeedScraper::Meta.new('https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2015.meta')
 
     assert_equal(0, m.parse, 'parse method return nothing')
   end
 
   def test_meta_parse_witharg
     m = NVDFeedScraper::Meta.new
-    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2015.meta'
 
     assert_equal(0, m.parse(meta_url), 'parse method return nothing')
   end
 
   def test_meta_url_setter
     m = NVDFeedScraper::Meta.new
-    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2015.meta'
 
     assert_equal(meta_url, m.url = meta_url, 'the meta URL is not set correctly')
   end
 
   def test_meta_attributes
     m = NVDFeedScraper::Meta.new
-    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2015.meta'
     m.url = meta_url
     m.parse
     # Test gz_size

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: nvd_feed_api
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Alexandre ZANNI
 bindir: bin
 cert_chain: []
-date: 2025-03-30 00:00:00.000000000 Z
+date: 2025-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: archive-zip