initial gem commit

Author: Jens Färber

Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in fidius-cvedb.gemspec
+gemspec

LICENSE

@@ -0,0 +1,57 @@
+The Simplified BSD License
+
+Copyright (C) 2010-2011  FIDIUS Intrusion Detection with Intelligent
+User Support (FIDIUS). All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY FIDIUS ``AS IS'' AND ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL FIDIUS OR CONTRIBUTORS BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+The views and conclusions contained in the software and documentation
+are those of the authors and should not be interpreted as representing
+official policies, either expressed or implied, of FIDIUS.
+
+
+*OR*
+
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+Copyright (C) 2010-2011  FIDIUS Intrusion Detection with Intelligent
+User Suppport.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along
+with this program; if not, write to the Free Software Foundation, Inc.,
+51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+A digital copy is also available for download here:
+http://www.gnu.org/licenses/gpl-2.0.txt.

README.md

@@ -0,0 +1,70 @@
+
+
+
+
+#TODO
+#Database Example config
+#Gemfile requirements (nokogiri)
+#cve establich connection
+#rake tasks
+
+
+
+
+# FIDIUS fidius-cvedb
+
+The purpose of this package is...
+
+We will use these concepts to describe $foo: ...
+
+This package is targeted at...
+
+
+## Installation
+
+Simply install this package with Rubygems:
+
+    $ gem install fidius-cvedb
+
+
+## Example of use
+
+To use this package as library, follow these steps:
+
+1. do this
+2. and
+3. that
+
+
+## Synopsis
+
+This package comes with an executable script. You may invoke it as
+
+    $ gemname-runner [--opt=x|--no-opt=y] <file>
+
+where
+
+* `--opt` does absolutely nothing with `x`
+* `--no-opt` does aparently nothing with `y`
+* `<file>` is ignores
+
+
+## Authors and Contact
+
+fidius-cvedb was written by
+
+* FIDIUS Intrusion Detection with Intelligent User Support
+  <[email protected]>, <http://fidius.me>
+* in particular:
+ * Andreas Bender <[email protected]>
+ * Jens Färber <[email protected]>
+
+If you have any questions, remarks, suggestion, improvements,
+etc. feel free to drop a line at the addresses given above.
+You might also join `#fidius` on Freenode or use the contact
+form on our [website](http://fidius.me/en/contact).
+
+
+## License
+
+Simplified BSD License and GNU GPLv2. See also the file LICENSE.

Rakefile

@@ -0,0 +1,57 @@
+require 'bundler'
+require 'rake/hooks'
+require 'rake/clean'
+require 'digest/sha1'
+require 'find'
+require 'rubygems'
+
+Bundler::GemHelper.install_tasks
+
+CLOBBER.include 'pkg'
+
+RAILS_PATH = File.expand_path(File.join('..', '..', 'cve-db', 'cveprovider'))
+
+before :build do
+  
+  #TODO:
+  #copy tests
+  #edit readme
+  #give db-hints
+  #change module for all files to Fidius
+  #(git autocommit after copy)
+  #implement runner script
+  
+  copy_files File.join('app', 'models')
+  copy_files 'cveparser'
+  copy_files File.join('lib', 'tasks')
+  copy_files File.join('db', 'migrate')
+  
+end
+
+# Copies files from cveprovider directory to gem's lib directory
+# Only new and changed files will be copied (based on SHA1 Hash) 
+def copy_files path
+  changed_files = false
+  Find.find(File.expand_path(File.join(RAILS_PATH, path))) do |src|
+    unless File.directory? src
+      rel_src = src.sub(File.join(RAILS_PATH, path.split('/')[0...-1]), "")
+      dst = File.expand_path(File.join(File.dirname(__FILE__), 'lib', rel_src))
+      
+      if File.exists? dst 
+        unless Digest::SHA1.hexdigest(File.read(src)) == 
+               Digest::SHA1.hexdigest(File.read(dst))
+           puts "CHANGE: #{dst}"
+           FileUtils.cp(src, dst)
+        end
+        changed_files = true
+      
+      else
+        FileUtils.mkdir_p(File.dirname(dst))
+        FileUtils.cp(src, dst)
+        puts "NEW: #{dst}"
+        changed_files = true
+      end
+    end
+  end
+  changed_files
+end

bin/fidius-cvedb

@@ -0,0 +1,33 @@
+#!/usr/bin/env ruby
+require 'optparse'
+require 'fidius-cvedb/version'
+require 'fidius-cvedb'
+
+options = {}
+
+optparse = OptionParser.new do|opts|
+  
+  opts.banner = "Usage: fidius-cvedb-runner [options]"
+  
+  opts.on_tail("-f", "--fidius", "Initialize CVE-DB for Usage in FIDIUS C&C-Server") do
+    puts opts
+    exit
+  end
+  
+  opts.on_tail("-s", "--standalone", "Initialize CVE-DB standalone version") do
+    puts opts
+    exit
+  end
+  
+  opts.on_tail("-h", "--help", "Show this message") do
+    puts opts
+    exit
+  end
+
+  opts.on_tail("-v", "--version", "Show version") do
+    puts "FIDIUS CVE-DB, Version #{Fidius::Cvedb::VERSION}"
+    exit
+  end
+end
+
+optparse.parse!

fidius-cvedb.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "fidius-cvedb/version"
+
+Gem::Specification.new do |s|
+  s.name        = "fidius-cvedb"
+  s.version     = Fidius::Cvedb::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Andreas Bender, Jens Färber"]
+  s.email       = ["[email protected], [email protected]"]
+  s.homepage    = "http://www.fidius.me"
+  s.summary     = %q{Provides a parser and ActiveRecord models for the Common Vulnerability and Exposures (CVE) entries offered by the National Vulnerability Database (http://nvd.nist.gov/). }
+  s.description = %q{This gem provides an opportunity to run a vulnerability database in your own environt. Therefore it comes with a parser for the National Vulnerability Database and ActiveRecord models for storing the entries in a local database. }
+
+  s.rubyforge_project = "fidius-cvedb"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

lib/cveparser/main.rb

@@ -0,0 +1,32 @@
+require "#{Rails.root.to_s}/cveparser/parser"
+require "#{Rails.root.to_s}/cveparser/rails_store"
+require "#{Rails.root.to_s}/cveparser/ms_parser"
+
+include NVDParser
+include CveDb
+
+PARAMS = {
+  '-p' => 'Parse new XML file passed as 2nd param.',
+  '-f' => 'Fix duplicate products.',
+  '-u' => 'Updates CVE-Entries, needs modified.xml or recent.xml by nvd.org as 2nd argument.',
+  '-m' => 'Creates the mapping between CVEs and Microsoft Security Bulletin Notation entries in the database.'
+}
+
+case ARGV[0]
+  when '-p' 
+    entries = NVDParser.parse_cve_file ARGV[1]  
+    RailsStore.create_new_entries(ARGV[1].split("/").last, entries)
+  when '-f'
+    RailsStore.fix_product_duplicates
+  when '-u'
+    entries = NVDParser.parse_cve_file ARGV[1]
+    RailsStore.update_cves(entries)
+  when '-m'
+    MSParser.parse_ms_cve
+  else
+    puts "ERROR: You've passed none or an unknown parameter, available "+
+      "parameters are:"
+    PARAMS.each_key do |param|
+      puts "#{param}\t#{PARAMS[param]}"
+    end
+end

lib/cveparser/ms_parser.rb

@@ -0,0 +1,52 @@
+require 'open-uri'
+
+module MSParser
+  
+  include CveDb
+  
+  BASE_URL = "http://cve.mitre.org/data/refs/refmap/source-MS.html"
+  
+  def self.parse_ms_cve
+    entries = parse
+    counter = 0
+    entries.each_pair do |ms,cves|
+      cves.each do |cve|       
+        existing_cve = NvdEntry.find_by_cve(cve.strip)
+        if existing_cve
+          Mscve.find_or_create_by_nvd_entry_id_and_name(existing_cve.id, ms)
+          puts "Found: #{existing_cve.cve}."
+          counter += 1
+        end
+      end
+    end  
+    puts "Added #{counter} items to database."
+  end
+
+  def self.print_map
+    entries = parse    
+    entries.each_pair do |ms,cves|
+      puts "#{ms}"
+      cves.each {|cve| puts "----#{cve}"}
+    end
+  end 
+
+  private
+
+  def self.parse
+    doc = Nokogiri::HTML(open(BASE_URL))
+    entries = Hash.new("")
+    current_ms_entry = ""
+    doc.css('table[border="2"] > tr').each do |entry|
+      entry.css("td").each do |td|
+        if td.content =~ /CVE-\d{4}-\d{4}/
+          entries[current_ms_entry] = td.content.split("\n")
+        else
+          current_ms_entry = td.content.split(":").last
+          entries[current_ms_entry]
+        end
+      end
+    end
+    puts "Parsed #{entries.size} entries."
+    entries
+  end
+end