ronin-db-activerecord 0.1.0.beta1

data/spec/advisory_spec.rb

@@ -0,0 +1,277 @@
+require 'spec_helper'
+require 'ronin/db/advisory'
+
+describe Ronin::DB::Advisory do
+  describe described_class::ID do
+    describe ".parse" do
+      subject { described_class }
+
+      context "when given a CVE ID" do
+        let(:year)       { 2020   }
+        let(:identifier) { '1234' }
+        let(:id)         { "CVE-#{year}-#{identifier}" }
+
+        it "must return a Hash containing the ID, 'CVE' prefix, the year, and the identifier" do
+          expect(subject.parse(id)).to eq(
+            {
+              id:         id,
+              prefix:     'CVE',
+              year:       year,
+              identifier: identifier
+            }
+          )
+        end
+      end
+
+      context "when given a MS ID" do
+        let(:year)       { 2017  }
+        let(:identifier) { '010' }
+        let(:id)         { "MS#{year - 2000}-#{identifier}" }
+
+        it "must return a Hash containing the ID, 'MS' prefix, the full year, and the identifier" do
+          expect(subject.parse(id)).to eq(
+            {
+              id:         id,
+              prefix:     'MS',
+              year:       year,
+              identifier: identifier
+            }
+          )
+        end
+      end
+
+      context "when given a RHSA ID" do
+        let(:year)       { 2022   }
+        let(:identifier) { '6187' }
+        let(:id)         { "RHSA-#{year}:#{identifier}" }
+
+        it "must return a Hash containing the ID, 'RHSA' prefix, the year, and the identifier" do
+          expect(subject.parse(id)).to eq(
+            {
+              id:         id,
+              prefix:     'RHSA',
+              year:       year,
+              identifier: identifier
+            }
+          )
+        end
+      end
+
+      context "when given a GHSA ID" do
+        let(:identifier) { '3hhc-qp5v-9p2j'     }
+        let(:id)         { "GHSA-#{identifier}" }
+
+        it "must return a Hash containing the ID and the identifier" do
+          expect(subject.parse(id)).to eq(
+            {
+              id:         id,
+              prefix:     'GHSA',
+              identifier: identifier
+            }
+          )
+        end
+      end
+    end
+  end
+
+  describe "validations" do
+    describe "prefix" do
+      subject do
+      end
+
+      it "must require a preifx" do
+        advisory = described_class.new(
+          id:         'CVE-2022-1234',
+          year:       2022,
+          identifier: '2022-1234'
+        )
+        expect(advisory).to_not be_valid
+        expect(advisory.errors[:prefix]).to eq(["can't be blank"])
+
+        advisory = described_class.new(
+          id:         'CVE-2022-1234',
+          prefix:     'CVE',
+          year:       2022,
+          identifier: '2022-1234'
+        )
+        expect(advisory).to be_valid
+      end
+    end
+
+    describe "year" do
+      it "must accept a nil value" do
+        advisory = described_class.new(
+          id:         'GHSA-3hhc-qp5v-9p2j',
+          prefix:     'GHSA',
+          year:       nil,
+          identifier: '3hhc-qp5v-9p2j',
+        )
+
+        advisory.valid?
+        p advisory.errors
+        expect(advisory).to be_valid
+      end
+
+      it "must accept a numberic value" do
+        advisory = described_class.new(
+          id:         'CVE-2022-1234',
+          prefix:     'CVE',
+          year:       2022,
+          identifier: '2022-1234'
+        )
+
+        expect(advisory).to be_valid
+      end
+    end
+
+    describe "identifier" do
+      it "must require a preifx" do
+        advisory = described_class.new(
+          id:         'CVE-2022-1234',
+          prefix:     'CVE',
+          year:       2022
+        )
+        expect(advisory).to_not be_valid
+        expect(advisory.errors[:identifier]).to eq(["can't be blank"])
+
+        advisory = described_class.new(
+          id:         'CVE-2022-1234',
+          prefix:     'CVE',
+          year:       2022,
+          identifier: '2022-1234'
+        )
+        expect(advisory).to be_valid
+      end
+    end
+  end
+
+  let(:prefix)     { 'CVE'  }
+  let(:year)       { 2022   }
+  let(:identifier) { '1234' }
+  let(:id)         { "#{prefix}-#{year}-#{identifier}" }
+
+  describe ".lookup" do
+    let(:id) { 'CVE-2022-1234' }
+
+    before do
+      described_class.create(
+        id:         'CVE-2000-1234',
+        prefix:     'CVE',
+        year:       2000,
+        identifier: '2000-1234'
+      )
+      described_class.create(
+        id:         id,
+        prefix:     prefix,
+        year:       year,
+        identifier: identifier
+      )
+      described_class.create(
+        id:         'CVE-2000-5678',
+        prefix:     'CVE',
+        year:       2000,
+        identifier: '2000-5678'
+      )
+    end
+
+    it "must query the #{described_class} with the matching ID" do
+      advisory = described_class.lookup(id)
+
+      expect(advisory).to be_kind_of(described_class)
+      expect(advisory.id).to eq(id)
+    end
+
+    after { described_class.destroy_all }
+  end
+
+  describe ".import" do
+    let(:id)        { 'CVE-2022-1234' }
+    let(:parsed_id) { described_class::ID.parse(id) }
+
+    subject { described_class.import(id) }
+
+    it "must parse and import the advisory ID and return a new #{described_class}" do
+      expect(subject.id).to eq(id)
+      expect(subject.prefix).to     eq(parsed_id[:prefix])
+      expect(subject.year).to       eq(parsed_id[:year])
+      expect(subject.identifier).to eq(parsed_id[:identifier])
+    end
+
+    after { described_class.destroy_all }
+  end
+
+  subject do
+    described_class.new(
+      id:         id,
+      prefix:     prefix,
+      year:       year,
+      identifier: identifier
+    )
+  end
+
+  describe "#url" do
+    context "when #prefix is 'CVE'" do
+      let(:prefix)     { 'CVE'  }
+      let(:year)       { 2022   }
+      let(:identifier) { '1234' }
+      let(:id)         { "#{prefix}-#{year}-#{identifier}" }
+
+      subject do
+        described_class.new(
+          id:         id,
+          prefix:     prefix,
+          year:       year,
+          identifier: identifier
+        )
+      end
+
+      it "must return 'https://nvd.nist.gov/vuln/detail/CVE-YYYY-NNNN'" do
+        expect(subject.url).to eq("https://nvd.nist.gov/vuln/detail/#{id}")
+      end
+    end
+
+    context "when #prefix is 'RHSA'" do
+      let(:prefix)     { 'RHSA' }
+      let(:year)       { 2022   }
+      let(:identifier) { '6187' }
+      let(:id)         { "#{prefix}-#{year}:#{identifier}" }
+
+      subject do
+        described_class.new(
+          id:         id,
+          prefix:     prefix,
+          year:       year,
+          identifier: identifier
+        )
+      end
+
+      it "must return 'https://access.redhat.com/errata/RHSA-YYYY-NNNN'" do
+        expect(subject.url).to eq("https://access.redhat.com/errata/#{id}")
+      end
+    end
+
+    context "when #prefix is 'GHSA'" do
+      let(:prefix)     { 'GHSA' }
+      let(:identifier) { '3hhc-qp5v-9p2j'     }
+      let(:id)         { "#{prefix}-#{identifier}" }
+
+      subject do
+        described_class.new(
+          id:         id,
+          prefix:     prefix,
+          identifier: identifier
+        )
+      end
+
+      it "must return 'https://github.com/advisories/GHSA-...'" do
+        expect(subject.url).to eq("https://github.com/advisories/#{id}")
+      end
+    end
+  end
+
+  describe "#to_s" do
+    it "must return the #id" do
+      expect(subject.to_s).to eq(id)
+    end
+  end
+end

data/spec/arch_spec.rb

@@ -0,0 +1,228 @@
+require 'spec_helper'
+require 'ronin/db/arch'
+
+describe Ronin::DB::Arch do
+  it "must use the 'ronin_arches' table" do
+    expect(described_class.table_name).to eq('ronin_arches')
+  end
+
+  let(:name)      { 'cats'  }
+  let(:endian)    { :little }
+  let(:word_size) { 4       }
+
+  it "must include Ronin::DB::Model" do
+    expect(described_class).to include(Ronin::DB::Model)
+  end
+
+  it "must include Ronin::DB::Model::HasUniqueName" do
+    expect(described_class).to include(Ronin::DB::Model::HasUniqueName)
+  end
+
+  describe "validations" do
+    describe "name" do
+      it "must requier a name" do
+        arch = described_class.new(endian: endian, word_size: word_size)
+        expect(arch).to_not be_valid
+        expect(arch.errors[:name]).to eq(
+          ["can't be blank"]
+        )
+
+        arch = described_class.new(
+          name:      name,
+          endian:    endian,
+          word_size: word_size
+        )
+        expect(arch).to be_valid
+      end
+    end
+
+    describe "endian" do
+      subject do
+        described_class.new(
+          name:      name,
+          word_size: word_size
+        )
+      end
+
+      it "must accept :little" do
+        arch = described_class.new(
+          name:      name,
+          endian:    :little,
+          word_size: word_size
+        )
+        expect(arch).to be_valid
+      end
+
+      it "must accept :big" do
+        arch = described_class.new(
+          name:      name,
+          endian:    :big,
+          word_size: word_size
+        )
+        expect(arch).to be_valid
+      end
+
+      context "otherwise" do
+        let(:endian) { :foo }
+
+        it do
+          expect {
+            described_class.new(
+              name:      name,
+              endian:    endian,
+              word_size: word_size
+            )
+          }.to raise_error(ArgumentError,"'#{endian}' is not a valid endian")
+        end
+      end
+    end
+
+    describe "word_size" do
+      it "must require a word_size" do
+        arch = described_class.new(name: name, endian: endian)
+        expect(arch).to_not be_valid
+        expect(arch.errors[:word_size]).to include("can't be blank")
+
+        arch = described_class.new(
+          name:      name,
+          endian:    endian,
+          word_size: word_size
+        )
+        expect(arch).to be_valid
+      end
+
+      it "must accept a word_size of 4" do
+        arch = described_class.new(
+          name:      name,
+          endian:    endian,
+          word_size: 4 
+        )
+        expect(arch).to be_valid
+      end
+
+      it "must accept a word_size of 8" do
+        arch = described_class.new(
+          name:      name,
+          endian:    endian,
+          word_size: 8 
+        )
+        expect(arch).to be_valid
+      end
+
+      context "otherwise" do
+        let(:word_size) { 3 }
+
+        it do
+          arch = described_class.new(
+            name:      name,
+            endian:    endian,
+            word_size: word_size
+          )
+          expect(arch).to_not be_valid
+          expect(arch.errors[:word_size]).to eq(
+            ['is not included in the list']
+          )
+        end
+      end
+    end
+  end
+
+  describe ".x86" do
+    subject { described_class.x86 }
+
+    it "should return the x86 architecture" do
+      expect(subject).to be_kind_of(described_class)
+      expect(subject.name).to eq('x86')
+    end
+  end
+
+  describe ".i686" do
+    subject { described_class.i686 }
+
+    it "should return the i686 architecture" do
+      expect(subject).to be_kind_of(described_class)
+      expect(subject.name).to eq('i686')
+    end
+  end
+
+  describe ".x86_64" do
+    subject { described_class.x86_64 }
+
+    it "should return the x86-64 architecture" do
+      expect(subject).to be_kind_of(described_class)
+      expect(subject.name).to eq('x86-64')
+    end
+  end
+
+  describe ".ppc" do
+    subject { described_class.ppc }
+
+    it "should return the PPC architecture" do
+      expect(subject).to be_kind_of(described_class)
+      expect(subject.name).to eq('PPC')
+    end
+  end
+
+  describe ".ppc64" do
+    subject { described_class.ppc64 }
+
+    it "should return the PPC64 architecture" do
+      expect(subject).to be_kind_of(described_class)
+      expect(subject.name).to eq('PPC64')
+    end
+  end
+
+  describe ".mips" do
+    subject { described_class.mips }
+
+    it "should return the MIPS architecture" do
+      expect(subject).to be_kind_of(described_class)
+      expect(subject.name).to eq('MIPS')
+    end
+  end
+
+  describe ".mips_le" do
+    subject { described_class.mips_le }
+
+    it "should return the MIPS (Little-Endian) architecture" do
+      expect(subject).to be_kind_of(described_class)
+      expect(subject.name).to eq('MIPS (Little-Endian)')
+    end
+  end
+
+  describe ".mips_be" do
+    subject { described_class.mips_be }
+
+    it "should return the MIPS (Big-Endian) architecture" do
+      expect(subject).to be_kind_of(described_class)
+      expect(subject.name).to eq('MIPS (Big-Endian)')
+    end
+  end
+
+  describe ".arm" do
+    subject { described_class.arm }
+
+    it "should return the ARM architecture" do
+      expect(subject).to be_kind_of(described_class)
+      expect(subject.name).to eq('ARM')
+    end
+  end
+
+  describe ".arm_le" do
+    subject { described_class.arm_le }
+
+    it "should return the ARM (Little-Endian) architecture" do
+      expect(subject).to be_kind_of(described_class)
+      expect(subject.name).to eq('ARM (Little-Endian)')
+    end
+  end
+
+  describe ".arm_be" do
+    subject { described_class.arm_be }
+
+    it "should return the ARM (Big-Endian) architecture" do
+      expect(subject).to be_kind_of(described_class)
+      expect(subject.name).to eq('ARM (Big-Endian)')
+    end
+  end
+end