Class: CISA::KEV::Catalog

Inherits:
Object
  • Object
show all
Includes:
Enumerable
Defined in:
lib/cisa/kev/catalog.rb

Overview

Represents the parsed CISA KEV catalog.

Example

catalog = CISA::KEV::Catalog.load
catalog.select(&:known_ransomware_campaign_use).sort_by(&:date_added)
# =>
# [
#   ...
#  #<CISA::KEV::Vulnerability:0x00007fc0a6e715f8
#   @cve_id="CVE-2023-24955",
#   @date_added=#<Date: 2024-03-26 ((2460396j,0s,0n),+0s,2299161j)>,
#   @due_date=#<Date: 2024-04-16 ((2460417j,0s,0n),+0s,2299161j)>,
#   @known_ransomware_campaign_use=true,
#   @notes="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955",
#   @product="SharePoint Server",
#   @required_action=
#    "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
#   @short_description=
#    "Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.",
#   @vendor_project="Microsoft",
#   @vulnerability_name="Microsoft SharePoint Server Code Injection Vulnerability">]

Constant Summary collapse

URL =

The CISA KEV catalog in JSON format.

URI.parse('https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json')

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(title:, catalog_version:, date_released:, count:, vulnerabilities:) ⇒ Catalog

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the CISA KEV catalog.

Parameters:

  • title (String)

    The catalog title attribute.

  • catalog_version (String)

    The catalog version string.

  • date_released (Time)

    The time that the catalog was last updated.

  • count (Integer)

    The number of vulnerabilities in the catalog.

  • vulnerabilities (Array<Vulnerability>)

    The parsed vulnerabilities.



90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/cisa/kev/catalog.rb', line 90

def initialize(title:           ,
               catalog_version: ,
               date_released:   ,
               count:           ,
               vulnerabilities: )
  @title           = title
  @catalog_version = catalog_version
  @date_released   = date_released
  @count           = count

  @vulnerabilities = vulnerabilities
end

Instance Attribute Details

#catalog_versionString (readonly) Also known as: version

Catalog version string.

Returns:

  • (String) 


49
50
51
 
# File 'lib/cisa/kev/catalog.rb', line 49

def catalog_version
  @catalog_version
end

#countInteger (readonly) Also known as: size, length

Number of vulnerabilities current in the catalog.

Returns:

  • (Integer) 


60
61
62
 
# File 'lib/cisa/kev/catalog.rb', line 60

def count
  @count
end

#date_releasedTime (readonly)

Time that the catalog was last updated.

Returns:

  • (Time) 


55
56
57
 
# File 'lib/cisa/kev/catalog.rb', line 55

def date_released
  @date_released
end

#titleString (readonly)

Catalog title attribute.

Returns:

  • (String) 


44
45
46
 
# File 'lib/cisa/kev/catalog.rb', line 44

def title
  @title
end

#vulnerabilitiesArray<Vulnerability> (readonly) Also known as: vulns

Vulnerabilities in the catalog.

Returns:



67
68
69
 
# File 'lib/cisa/kev/catalog.rb', line 67

def vulnerabilities
  @vulnerabilities
end

Class Method Details

.loadCatalog

Note:

This method will perform a HTTP request to URL.

Loads the CISA KEV list.

Returns:

  • (Catalog)

    The loaded catalog.



128
129
130
 
# File 'lib/cisa/kev/catalog.rb', line 128

def self.load
  parse(request)
end

.open(path) ⇒ Catalog

Parses a previously downloaded CISA KEV catalog.

Parameters:

  • path (String)

    The file to parse.

Returns:

  • (Catalog)

    The parsed catalog.



143
144
145
 
# File 'lib/cisa/kev/catalog.rb', line 143

def self.open(path)
  parse(File.open(path).read)
end

.parse(contents) ⇒ Catalog

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Parses the CISA KEV JSON contents.

Parameters:

  • contents (String)

Returns:



156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
 
# File 'lib/cisa/kev/catalog.rb', line 156

def self.parse(contents)
  json = JSON.parse(contents)

  title           = json.fetch('title')
  catalog_version = json.fetch('catalogVersion')
  date_released   = Time.parse(json.fetch('dateReleased'))
  count           = json.fetch('count').to_i

  vulnerabilities = json.fetch('vulnerabilities').map do |attributes|
    Vulnerability.from_json(attributes)
  end

  return new(
    title:           title,
    catalog_version: catalog_version,
    date_released:   date_released,
    count:           count,
    vulnerabilities: vulnerabilities
  )
end

.requestString

Performs an HTTP request for the CISA KEV catalog JSON file.

Returns:

  • (String)

    The response body containing the CISA KEV catalog JSON.



114
115
116
 
# File 'lib/cisa/kev/catalog.rb', line 114

def self.request
  Net::HTTP.get(URL)
end

Instance Method Details

#each {|vuln| ... } ⇒ Enumerator

Enumerates over each vulnerability in the CISA KEV list.

Yields:

  • (vuln)

    If a block is given, it will be passed every vulnerability in the catalog.

Yield Parameters:

  • vuln (Vulnerability)

    A parsed vulnerability in the catalog.

Returns:

  • (Enumerator) 


189
190
191
 
# File 'lib/cisa/kev/catalog.rb', line 189

def each(&block)
  @vulnerabilities.each(&block)
end

#to_sString

Converts the list to a String.

Returns:

  • (String)

    The string containing the title and date released attributes.



199
200
201
 
# File 'lib/cisa/kev/catalog.rb', line 199

def to_s
  "#{@title} (#{@date_released})"
end