require 'minitest/autorun'
require 'nvd_feed_api'
require 'date'
class NVDAPITest < Minitest::Test
def setup
@s = NVDFeedScraper.new
@s.scrap # needed for feeds method
end
def test_scraper_scrap
assert_equal(0, @s.scrap, 'scrap method return nothing')
end
def test_scraper_feeds_noarg
assert_instance_of(Array, @s.feeds, "feeds doesn't return an array") # same as #assert(@s.feeds.instance_of?(Array), 'error')
refute_empty(@s.feeds, 'feeds returns an empty array')
end
def test_scraper_feeds_witharg
# one arg
assert_instance_of(NVDFeedScraper::Feed, @s.feeds('CVE-2017'), "feeds doesn't return a Feed object")
# two args
assert_instance_of(Array, @s.feeds('CVE-2017', 'CVE-Modified'), "feeds doesn't return an array")
refute_empty(@s.feeds('CVE-2017', 'CVE-Modified'), 'feeds returns an empty array')
# array arg
assert_instance_of(Array, @s.feeds(['CVE-2016', 'CVE-Recent']), "feeds doesn't return an array")
refute_empty(@s.feeds(['CVE-2016', 'CVE-Recent']), 'feeds returns an empty array')
# bad arg
assert_nil(@s.feeds('wrong'), 'feeds')
end
def test_scraper_available_feeds
assert_instance_of(Array, @s.available_feeds, "available_feeds doesn't return an array")
refute_empty(@s.available_feeds, 'available_feeds returns an empty array')
end
def test_scraper_available_cves
assert_instance_of(Array, @s.available_cves, "available_cves doesn't return an array")
refute_empty(@s.available_cves, 'available_cves returns an empty array')
end
def test_scraper_cve
# one arg
assert_instance_of(Hash, @s.cve('CVE-2015-0235'), "cve doesn't return a hash")
# two args
assert_instance_of(Array, @s.cve('CVE-2015-0235', 'CVE-2013-3893'), "cve doesn't return an array")
refute_empty(@s.cve('CVE-2015-0235', 'CVE-2013-3893'), 'cve returns an empty array')
# array arg
assert_instance_of(Array, @s.cve(['CVE-2014-0160', 'cve-2009-3555']), "cve doesn't return an array")
refute_empty(@s.cve(['CVE-2014-0160', 'cve-2009-3555']), 'cve returns an empty array')
# bad arg
## string but not a CVE ID
err = assert_raises(RuntimeError) do
@s.cve('e')
end
assert_equal('bad CVE name', err.message)
## correct CVE ID but bad year
err = assert_raises(RuntimeError) do
@s.cve('CVE-1800-31337')
end
assert_equal('bad CVE year in ["CVE-1800-31337"]', err.message)
## correct CVE ID and year but unexisting CVE
assert_nil(@s.cve('CVE-2004-31337'))
## correct CVE ID and year but unexisting CVE with array arg
err = assert_raises(RuntimeError) do
@s.cve(['CVE-2004-31337', 'CVE-2005-31337'])
end
assert_equal('CVE-2005-31337 are unexisting CVEs in this feed', err.message)
## wrong arg type
err = assert_raises(RuntimeError) do
@s.cve(1)
end
assert_equal('the provided argument (1) is nor a String or an Array', err.message)
end
def test_scraper_update_feeds
f2017, f2016, f_modified = @s.feeds('CVE-2017', 'CVE-2016', 'CVE-Modified')
# one arg
# can't use assert_instance_of because there is no boolean class
assert(%w[TrueClass FalseClass].include?(@s.update_feeds(f2017).class.to_s), "update_feeds doesn't return a boolean")
# two args
assert_instance_of(Array, @s.update_feeds(f2017, f2016), "update_feeds doesn't return an array")
refute_empty(@s.update_feeds(f2017, f2016), 'update_feeds returns an empty array')
# array arg
assert_instance_of(Array, @s.update_feeds([f2017, f_modified]), "update_feeds doesn't return an array")
refute_empty(@s.update_feeds([f2017, f_modified]), 'update_feeds returns an empty array')
# bad arg
## wrong arg type
err = assert_raises(RuntimeError) do
@s.update_feeds(1)
end
assert_equal(err.message, 'the provided argument 1 is not a Feed or an Array')
## empty array
assert_empty(@s.update_feeds([]))
end
def test_feed_default_storage_location
# save default value / save context
default_val = NVDFeedScraper::Feed.default_storage_location
# check type
assert_instance_of(String, default_val, "default_storage_location doesn't return a string")
# check new value
new_val = '/srv/downloads/'
assert_equal(new_val, NVDFeedScraper::Feed.default_storage_location = new_val, 'the new value was not set properly')
# put the default value back / restore context
NVDFeedScraper::Feed.default_storage_location = default_val
end
def test_feed_attributes
name = 'CVE-2010'
meta_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.meta'
gz_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.json.gz'
zip_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.json.zip'
f = @s.feeds('CVE-2010')
# Test name
assert_instance_of(String, f.name, "name doesn't return a string")
refute_empty(f.name, 'name is empty')
assert_equal(name, f.name, 'The name of the feed was modified')
# Test updated
assert_instance_of(String, f.updated, "updated doesn't return a string")
refute_empty(f.updated, 'updated is empty')
# Test gz_url
assert_instance_of(String, f.gz_url, "gz_url doesn't return a string")
refute_empty(f.gz_url, 'gz_url is empty')
assert_equal(gz_url, f.gz_url, 'The gz_url of the feed was modified')
# Test zip_url
assert_instance_of(String, f.zip_url, "zip_url doesn't return a string")
refute_empty(f.zip_url, 'zip_url is empty')
assert_equal(zip_url, f.zip_url, 'The zip_url url of the feed was modified')
# Test meta_url
assert_instance_of(String, f.meta_url, "meta_url doesn't return a string")
refute_empty(f.meta_url, 'meta_url is empty')
assert_equal(meta_url, f.meta_url, 'The meta_url url of the feed was modified')
# Test meta (before json_pull)
assert_nil(f.meta)
# Test json_file
assert_nil(f.json_file)
f.json_pull
assert_instance_of(String, f.json_file, "json_file doesn't return a string")
refute_empty(f.json_file, 'json_file is empty')
# Test meta (after json_pull)
f.meta_pull
assert_instance_of(NVDFeedScraper::Meta, f.meta, "meta doesn't return a Meta object")
# Test data (require json_pull)
# Test data_type
assert_instance_of(String, f.data_type, "data_type doesn't return a String")
refute_empty(f.data_type, 'data_type is empty')
# Test data_format
assert_instance_of(String, f.data_format, "data_format doesn't return a String")
refute_empty(f.data_format, 'data_format is empty')
# Test data_version
assert_instance_of(Float, f.data_version, "data_version doesn't return a Float")
# Test data_number_of_cves
assert_instance_of(Integer, f.data_number_of_cves, "data_number_of_cves doesn't return an Integer")
# Test data_timestamp
assert_instance_of(Date, f.data_timestamp, "data_timestamp doesn't return a Date")
end
def test_feed_available_cves
f = @s.feeds('CVE-2011')
f.json_pull
assert_instance_of(Array, f.available_cves, "available_cves doesn't return an array")
refute_empty(f.available_cves, 'available_cves returns an empty array')
end
def test_feed_cve
f = @s.feeds('CVE-2012')
f.json_pull
# one arg
assert_instance_of(Hash, f.cve('CVE-2012-4969'), "cve doesn't return a hash")
# two args
assert_instance_of(Array, f.cve('CVE-2012-4969', 'cve-2012-1889'), "cve doesn't return an array")
refute_empty(f.cve('CVE-2012-4969', 'cve-2012-1889'), 'cve returns an empty array')
# array arg
assert_instance_of(Array, f.cve(['CVE-2012-4969', 'cve-2012-1889']), "cve doesn't return an array")
refute_empty(f.cve(['CVE-2012-4969', 'cve-2012-1889']), 'cve returns an empty array')
# bad arg
## string but not a CVE ID
err = assert_raises(RuntimeError) do
f.cve('e')
end
assert_equal('bad CVE name (e)', err.message)
## bad year
assert_nil(f.cve('CVE-2004-31337'))
## bad year not in the feed with array arg
err = assert_raises(RuntimeError) do
f.cve(['CVE-2004-31337', 'CVE-2005-31337'])
end
assert_equal('CVE-2004-31337, CVE-2005-31337 are unexisting CVEs in this feed', err.message)
## wrong arg type
err = assert_raises(RuntimeError) do
f.cve(1)
end
assert_equal('the provided argument (1) is nor a String or an Array', err.message)
end
def test_feed_download_gz
f = @s.feeds('CVE-2013')
return_value = f.download_gz
assert_instance_of(String, return_value, "download_gz doesn't return a string")
refute_empty(return_value, 'download_gz returns an empty string')
assert(File.file?(return_value), 'download_gz returns an unexisting file')
end
def test_feed_download_zip
f = @s.feeds('CVE-2003')
return_value = f.download_zip
assert_instance_of(String, return_value, "download_zip doesn't return a string")
refute_empty(return_value, 'download_zip returns an empty string')
assert(File.file?(return_value), 'download_zip returns an unexisting file')
end
def test_feed_json_pull
f = @s.feeds('CVE-2004')
return_value = f.json_pull
assert_instance_of(String, return_value, "json_pull doesn't return a string")
refute_empty(return_value, 'json_pull returns an empty string')
assert(File.file?(return_value), 'json_pull returns an unexisting file')
end
def test_feed_meta_pull
f = @s.feeds('CVE-2005')
assert_instance_of(NVDFeedScraper::Meta, f.meta_pull, "meta_pull doesn't return a Meta object")
end
def test_feed_update!
f = @s.feeds('CVE-2006')
@s.scrap
f_new = @s.feeds('CVE-2006')
# Right arg
# can't use assert_instance_of because there is no boolean class
assert(%w[TrueClass FalseClass].include?(f.update!(f_new).class.to_s), "update! doesn't return a boolean")
# Bad arg
err = assert_raises(RuntimeError) do
f.update!('bad_arg')
end
assert_equal('bad_arg is not a Feed', err.message)
end
def test_meta_parse_noarg
m = NVDFeedScraper::Meta.new('https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.meta')
assert_equal(0, m.parse, 'parse method return nothing')
end
def test_meta_parse_witharg
m = NVDFeedScraper::Meta.new
meta_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.meta'
assert_equal(0, m.parse(meta_url), 'parse method return nothing')
end
def test_meta_url_setter
m = NVDFeedScraper::Meta.new
meta_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.meta'
assert_equal(meta_url, m.url = meta_url, 'the meta URL is not set correctly')
end
def test_meta_attributes
m = NVDFeedScraper::Meta.new
meta_url = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.meta'
m.url = meta_url
m.parse
# Test gz_size
assert_instance_of(String, m.gz_size, "Meta gz_size method doesn't return a string")
assert(m.gz_size.match?(/[0-9]+/), 'Meta gz_size is not an integer')
# Test last_modified_date
assert_instance_of(String, m.last_modified_date, "Meta last_modified_date method doesn't return a string")
## Date and time of day for calendar date (extended) '%FT%T%:z'
assert(Date.rfc3339(m.last_modified_date), 'Meta last_modified_date is not a rfc3339 date')
# Test sha256
assert_instance_of(String, m.sha256, "Meta sha256 method doesn't return a string")
assert(m.sha256.match?(/[0-9A-F]{64}/), 'Meta sha256 is not a sha256 string matching /[0-9A-F]{64}/')
# Test size
assert_instance_of(String, m.size, "Meta size method doesn't return a string")
assert(m.size.match?(/[0-9]+/), 'Meta size is not an integer')
# Test url
assert_instance_of(String, m.url, "Meta url method doesn't return a string")
assert_equal(meta_url, m.url, 'The Meta url was modified')
# Test zip_size
assert_instance_of(String, m.zip_size, "Meta zip_size method doesn't return a string")
assert(m.zip_size.match?(/[0-9]+/), 'Meta zip_size is not an integer')
end
end