lib/cisa/kev/vulnerability.rb
# frozen_string_literal: true
require 'date'
module CISA
module KEV
#
# Represents a parsed vulnerability in the [CISA KEV] catalog.
#
# [CISA KEV]: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
#
class Vulnerability
# The CVE ID of the vulnerability.
#
# @return [String]
attr_reader :cve_id
alias cve cve_id
# The vendor project.
#
# @return [String]
attr_reader :vendor_project
# The vendor's product.
#
# @return [String]
attr_reader :product
# The vulnerability name or title.
#
# @return [String]
attr_reader :vulnerability_name
alias name vulnerability_name
# The date the vulnerability was added to the CISA KEV catalog.
#
# @return [Date]
attr_reader :date_added
# A short description of the vulnerability.
#
# @return [String]
attr_reader :short_description
alias description short_description
# The required action to resolve the vulnerability.
#
# @return [String]
attr_reader :required_action
# The due date.
#
# @return [Date]
attr_reader :due_date
# Whether the vulnerability is currently being used in ransomware
# campaigns.
#
# @return [Boolean]
attr_reader :known_ransomware_campaign_use
alias known_ransomware_campaign_use? known_ransomware_campaign_use
# Any additional notes for the vulnerability.
#
# @return [String, nil]
attr_reader :notes
#
# Initializes the vulnerability.
#
# @param [String] cve_id
# The CVE ID of the vulnerability.
#
# @param [String] vendor_project
# The vendor project.
#
# @param [String] product
# The vendor's product.
#
# @param [String] vulnerability_name
# The vulnerability name or title.
#
# @param [Date] date_added
# The date the vulnerability was added to the CISA KEV catalog.
#
# @param [String] short_description
# A short description of the vulnerability.
#
# @param [String] required_action
# The required action to resolve the vulnerability.
#
# @param [Date] due_date
# The due date.
#
# @param [Boolean] known_ransomware_campaign_use
# Indicates whether the vulnerability is currently being used in
# ransomware campaigns.
#
# @param [String, nil] notes
# Additional notes.
#
# @api private
#
def initialize(cve_id: ,
vendor_project: ,
product: ,
vulnerability_name: ,
date_added: ,
short_description: ,
required_action: ,
due_date: ,
known_ransomware_campaign_use: false,
notes: nil)
@cve_id = cve_id
@vendor_project = vendor_project
@product = product
@vulnerability_name = vulnerability_name
@date_added = date_added
@short_description = short_description
@required_action = required_action
@due_date = due_date
@known_ransomware_campaign_use = known_ransomware_campaign_use
@notes = notes
end
#
# Loads the vulnerability from a parsed JSON hash.
#
# @param [Hash{String => String}] json
# The parsed JSON hash.
#
# @return [Vulnerability]
#
# @api private
#
def self.from_json(json)
new(
cve_id: json.fetch('cveID'),
vendor_project: json.fetch('vendorProject'),
product: json.fetch('product'),
vulnerability_name: json.fetch('vulnerabilityName'),
date_added: Date.parse(json.fetch('dateAdded')),
short_description: json.fetch('shortDescription'),
required_action: json.fetch('requiredAction'),
due_date: Date.parse(json.fetch('dueDate')),
known_ransomware_campaign_use: (json['knownRansomwareCampaignUse'] == 'Known'),
notes: if (notes = json['notes']) && !notes.empty?
notes
end
)
end
#
# Converts the vulnerability to a String.
#
# @return [String]
# The {#vulnerability_name}.
#
def to_s
@vulnerability_name
end
end
end
end