Class: CISA::KEV::Vulnerability

Inherits:
Object
  • Object
show all
Defined in:
lib/cisa/kev/vulnerability.rb

Overview

Represents a parsed vulnerability in the CISA KEV catalog.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(cve_id:, vendor_project:, product:, vulnerability_name:, date_added:, short_description:, required_action:, due_date:, known_ransomware_campaign_use: false, notes: nil) ⇒ Vulnerability

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the vulnerability.

Parameters:

  • cve_id (String)

    The CVE ID of the vulnerability.

  • vendor_project (String)

    The vendor project.

  • product (String)

    The vendor's product.

  • vulnerability_name (String)

    The vulnerability name or title.

  • date_added (Date)

    The date the vulnerability was added to the CISA KEV catalog.

  • short_description (String)

    A short description of the vulnerability.

  • required_action (String)

    The required action to resolve the vulnerability.

  • due_date (Date)

    The due date.

  • known_ransomware_campaign_use (Boolean) (defaults to: false)

    Indicates whether the vulnerability is currently being used in ransomware campaigns.

  • notes (String, nil) (defaults to: nil)

    Additional notes.



105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'lib/cisa/kev/vulnerability.rb', line 105

def initialize(cve_id: ,
               vendor_project: , 
               product: ,
               vulnerability_name: ,
               date_added: ,
               short_description: ,
               required_action: ,
               due_date: ,
               known_ransomware_campaign_use: false,
               notes: nil)
  @cve_id             = cve_id
  @vendor_project     = vendor_project
  @product            = product
  @vulnerability_name = vulnerability_name
  @date_added         = date_added
  @short_description  = short_description
  @required_action    = required_action
  @due_date           = due_date

  @known_ransomware_campaign_use = known_ransomware_campaign_use
  @notes = notes
end

Instance Attribute Details

#cve_idString (readonly) Also known as: cve

The CVE ID of the vulnerability.

Returns:

  • (String) 


17
18
19
 
# File 'lib/cisa/kev/vulnerability.rb', line 17

def cve_id
  @cve_id
end

#date_addedDate (readonly)

The date the vulnerability was added to the CISA KEV catalog.

Returns:

  • (Date) 


39
40
41
 
# File 'lib/cisa/kev/vulnerability.rb', line 39

def date_added
  @date_added
end

#due_dateDate (readonly)

The due date.

Returns:

  • (Date) 


55
56
57
 
# File 'lib/cisa/kev/vulnerability.rb', line 55

def due_date
  @due_date
end

#known_ransomware_campaign_useBoolean (readonly) Also known as: known_ransomware_campaign_use?

Whether the vulnerability is currently being used in ransomware campaigns.

Returns:

  • (Boolean) 


61
62
63
 
# File 'lib/cisa/kev/vulnerability.rb', line 61

def known_ransomware_campaign_use
  @known_ransomware_campaign_use
end

#notesString? (readonly)

Any additional notes for the vulnerability.

Returns:

  • (String, nil) 


67
68
69
 
# File 'lib/cisa/kev/vulnerability.rb', line 67

def notes
  @notes
end

#productString (readonly)

The vendor's product.

Returns:

  • (String) 


28
29
30
 
# File 'lib/cisa/kev/vulnerability.rb', line 28

def product
  @product
end

#required_actionString (readonly)

The required action to resolve the vulnerability.

Returns:

  • (String) 


50
51
52
 
# File 'lib/cisa/kev/vulnerability.rb', line 50

def required_action
  @required_action
end

#short_descriptionString (readonly) Also known as: description

A short description of the vulnerability.

Returns:

  • (String) 


44
45
46
 
# File 'lib/cisa/kev/vulnerability.rb', line 44

def short_description
  @short_description
end

#vendor_projectString (readonly)

The vendor project.

Returns:

  • (String) 


23
24
25
 
# File 'lib/cisa/kev/vulnerability.rb', line 23

def vendor_project
  @vendor_project
end

#vulnerability_nameString (readonly) Also known as: name

The vulnerability name or title.

Returns:

  • (String) 


33
34
35
 
# File 'lib/cisa/kev/vulnerability.rb', line 33

def vulnerability_name
  @vulnerability_name
end

Class Method Details

.from_json(json) ⇒ Vulnerability

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Loads the vulnerability from a parsed JSON hash.

Parameters:

  • json (Hash{String => String})

    The parsed JSON hash.

Returns:



138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/cisa/kev/vulnerability.rb', line 138

def self.from_json(json)
  new(
    cve_id:             json.fetch('cveID'),
    vendor_project:     json.fetch('vendorProject'),
    product:            json.fetch('product'),
    vulnerability_name: json.fetch('vulnerabilityName'),
    date_added:         Date.parse(json.fetch('dateAdded')),
    short_description:  json.fetch('shortDescription'),
    required_action:    json.fetch('requiredAction'),
    due_date:           Date.parse(json.fetch('dueDate')),

    known_ransomware_campaign_use: (json['knownRansomwareCampaignUse'] == 'Known'),
    notes: if (notes = json['notes']) && !notes.empty?
             notes
           end
  )
end

Instance Method Details

#to_sString

Converts the vulnerability to a String.

Returns:



162
163
164
 
# File 'lib/cisa/kev/vulnerability.rb', line 162

def to_s
  @vulnerability_name
end