Module: CertBot::AdvisoryParser

Defined in:

lib/cert_bot/advisory_parser.rb

Overview

This module queries the advisories to a given id from the rss feed to extract the additional information which are stored in the json object that is return from the api

Class Method Summary

• .filter_flat_map(list, type) ⇒ Array private

  private helper method the traverse the json and find the entries of the given type in the list.

• .get_and_parse_advisory(wid) ⇒ Hash

  method to retrieve the json object of the advisory @param wid the wid of the advisory.

• .retrieve_affected_products(wid) ⇒ Array

  method to retrieve the list of affected products from the advisory json.

• .retrieve_cves(wid) ⇒ Array

  method to retrieve the list of cves from the advisory json.

• .retrieve_cvss_score(wid) ⇒ Hash

  method to retrieve the cvss values of the advisory @param wid the wid of the advisory.

• .retrieve_update_status(wid) ⇒ String

  method to retrieve the update status of the advisory @param wid the wid of the advisory.

Class Method Details

.filter_flat_map(list, type) ⇒ Array (private)

private helper method the traverse the json and find the entries of the given type in the list

Parameters:

• list (Hash) —

  the subtree of the json that need to be checked to entries of the given type

• type (String) —

  the keyword that is searched for

Returns:

• (Array) —

  the list with the results

# File 'lib/cert_bot/advisory_parser.rb', line 61

private_class_method def self.filter_flat_map(list, type) 
  list["children"].flat_map {|child| 
    yield child if (child["type"] == type) 
  }.compact
end

.get_and_parse_advisory(wid) ⇒ Hash

method to retrieve the json object of the advisory @param wid the wid of the advisory

Returns:

• (Hash) —

  the json hash of the advisory

# File 'lib/cert_bot/advisory_parser.rb', line 14

def self.get_and_parse_advisory(wid)
  uuid_url = "https://wid.cert-bund.de/content/public/securityAdvisory/kurzinfo-uuid-by-name/#{wid}"
  wid_request = Net::HTTP.get(URI(uuid_url))
  cert_url = "https://wid.cert-bund.de/content/public/content/#{JSON.parse(wid_request)}"
  cert_request = Net::HTTP.get(URI(cert_url))
  JSON.parse(cert_request)
end

.retrieve_affected_products(wid) ⇒ Array

method to retrieve the list of affected products from the advisory json

Returns:

• (Array) —

  an array with key-value pairs “productReference”=>“<product>”

# File 'lib/cert_bot/advisory_parser.rb', line 36

def self.retrieve_affected_products(wid)
  cert_json = AdvisoryParser.get_and_parse_advisory(wid)
  filter_flat_map(cert_json, "productReferenceListe") {|cve_id_list| filter_flat_map(cve_id_list, "productReference") {|note| note["properties"] } }
end

.retrieve_cves(wid) ⇒ Array

method to retrieve the list of cves from the advisory json

Returns:

• (Array) —

  an array with the cve identifiers

# File 'lib/cert_bot/advisory_parser.rb', line 24

def self.retrieve_cves(wid)
  cert_json = AdvisoryParser.get_and_parse_advisory(wid)
  cve_ids = filter_flat_map(cert_json, "cveIdListe") {|cve_id_list| filter_flat_map(cve_id_list, "cveId") {|note| note["properties"] } }
  results = Array.new()
  cve_ids.each { |cve_id| 
    results << cve_id["cveId"]
  }
  results
end

.retrieve_cvss_score(wid) ⇒ Hash

method to retrieve the cvss values of the advisory @param wid the wid of the advisory

Returns:

• (Hash) —

  the hash with the cvss score values

# File 'lib/cert_bot/advisory_parser.rb', line 52

def self.retrieve_cvss_score(wid)
  cert_json = AdvisoryParser.get_and_parse_advisory(wid)
  filter_flat_map(cert_json, "scoreListe") {|score_list|  filter_flat_map(score_list, "score") {|note| note["properties"] } }[0]
end

.retrieve_update_status(wid) ⇒ String

method to retrieve the update status of the advisory @param wid the wid of the advisory

Returns:

• (String) —

  the string of the property update type

# File 'lib/cert_bot/advisory_parser.rb', line 44

def self.retrieve_update_status(wid)
  cert_json = AdvisoryParser.get_and_parse_advisory(wid)
  cert_json["properties"]["updatetype"]
end