diff options
| author |   Alex Legler <alex@a3li.li> | 2011-02-21 10:31:40 +0100 |
|---|---|---|
| committer | Alex Legler <alex@a3li.li> | 2011-02-21 10:31:40 +0100 |
| commit | 3944521345a3b2f118ef9f746d0da32d9f3e521a (patch) | |
| tree | 4d9aec77e4a56bb275149269dc7dd668ae15a335 | |
| parent | Better fixtures (diff) | |
| download | glsamaker-3944521345a3b2f118ef9f746d0da32d9f3e521a.tar.gz glsamaker-3944521345a3b2f118ef9f746d0da32d9f3e521a.tar.bz2 glsamaker-3944521345a3b2f118ef9f746d0da32d9f3e521a.zip | |
Add CVE#url method to get links to CVE info (NVD and MITRE currently)
| -rw-r--r-- | app/models/cve.rb | 13 | ||||
| -rw-r--r-- | test/fixtures/cves.yml | 14 | ||||
| -rw-r--r-- | test/test_helper.rb | 2 | ||||
| -rw-r--r-- | test/unit/cve_test.rb | 9 |
4 files changed, 27 insertions, 11 deletions
diff --git a/app/models/cve.rb b/app/models/cve.rb index 38a5239..147b3d0 100644 --- a/app/models/cve.rb +++ b/app/models/cve.rb @@ -18,10 +18,21 @@ class CVE < ActiveRecord::Base has_many :assignments, :class_name => "CVEAssignment", :foreign_key => "cve_id" def to_s(line_length = 78) - str = "#{self.cve_id} #{"(http://nvd.nist.gov/nvd.cfm?cvename=%s):" % self.cve_id}\n" + str = "#{self.cve_id} #{"(%s):" % url}\n" str += " " + Glsamaker::help.word_wrap(self.summary, line_length-2).gsub(/\n/, "\n ") end + # Returns the URL for this CVE at NVD (<tt>:nvd</tt>, default) or MITRE (<tt>:mitre</tt>) + def url(site = :nvd) + if site == :nvd + "http://nvd.nist.gov/nvd.cfm?cvename=%s" % self.cve_id + elsif site == :mitre + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=" % self.cve_id + else + raise ArgumentError, 'Invalid site' + end + end + # Concatenates the CVE descriptions of many cves, separated by separator def self.concat(cves, separator = "\n\n") txt = "" diff --git a/test/fixtures/cves.yml b/test/fixtures/cves.yml index 5bf0293..f098882 100644 --- a/test/fixtures/cves.yml +++ b/test/fixtures/cves.yml @@ -1,7 +1,7 @@ -# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html - -# one: -# column: value -# -# two: -# column: value +cve_one: + cve_id: CVE-2004-1776 + summary: Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. + cvss: 7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P + state: NFU + published_at: 2004-01-01 20:42:00 +
\ No newline at end of file diff --git a/test/test_helper.rb b/test/test_helper.rb index b9fe251..c91a0c6 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -28,6 +28,8 @@ class ActiveSupport::TestCase # then set this back to true. self.use_instantiated_fixtures = false + set_fixture_class :cves => 'CVE' + # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order. # # Note: You'll currently still have to declare fixtures explicitly in integration tests diff --git a/test/unit/cve_test.rb b/test/unit/cve_test.rb index 0ee5658..252c651 100644 --- a/test/unit/cve_test.rb +++ b/test/unit/cve_test.rb @@ -1,8 +1,11 @@ require 'test_helper' class CVETest < ActiveSupport::TestCase - # Replace this with your real tests. - test "the truth" do - assert true + test "URL generation" do + cve = cves(:cve_one) + + assert cve.url, 'http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776' + assert cve.url(:nvd), 'http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776' + assert cve.url(:mitre), 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776' end end |