added support for cisa known exploits json feed

app/controllers/cisa_known_exploits_controller.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class CisaKnownExploitsController < ApplicationController
+  def index
+    @cisa_known_exploits = CisaKnownExploit.all
+    render json: @cisa_known_exploits.to_json
+  end
+
+  def show
+    @cisa_known_exploit = CisaKnownExploit.find(params[:cve_id])
+    render json: @cisa_known_exploit.to_json
+  end
+end

app/models/cisa_known_exploit.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class CisaKnownExploit < ActiveRecord::Base
+  def self.find_by_id(id)
+    find_by(cve_id: id)
+  end
+
+  def self.from_year(year)
+    where('cve_id LIKE ?', "CVE-#{year}-%")
+  end
+end

app/views/cisa_known_exploits/index.html.erb

@@ -0,0 +1 @@
+<h1>CisaKnownExploits#index</h1>

app/workers/cisa_known_exploit_importer_worker.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require '/data_importer/lib/importers/cisa_known_exploit_importer'
+
+class CisaKnownExploitImporterWorker
+  include Faktory::Job
+
+  def perform(*args)
+    puts "Hello, I am #{jid} with args #{args}"
+    CisaKnownExploitImporter.new.import
+  end
+end

crontab.yaml

@@ -59,4 +59,10 @@ jobs:
     schedule: "@every 4h00m00s"
     retries: 1
     queue: default
+    priority: 5
+  - job: CisaKnownExploitImporterWorker
+    args: []
+    schedule: "@every 6h00m00s"
+    retries: 1
+    queue: default
     priority: 5

db/migrate/20220427043126_create_cisa_known_exploits.rb

@@ -0,0 +1,13 @@
+class CreateCisaKnownExploits < ActiveRecord::Migration[7.0]
+  def change
+    create_table :cisa_known_exploits do |t|
+      t.string :title
+      t.string :catalog_version
+      t.date :date_released
+      t.index :date_released, unique: true
+      t.integer :count
+      t.jsonb :vulnerabilities
+      t.timestamps
+    end
+  end
+end

db/schema.rb

@@ -10,10 +10,21 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2022_04_19_203353) do
+ActiveRecord::Schema[7.0].define(version: 2022_04_27_043126) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
+  create_table "cisa_known_exploits", force: :cascade do |t|
+    t.string "title"
+    t.string "catalog_version"
+    t.date "date_released"
+    t.integer "count"
+    t.jsonb "vulnerabilities"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["date_released"], name: "index_cisa_known_exploits_on_date_released", unique: true
+  end
+
   create_table "cnas", force: :cascade do |t|
     t.string "short_name"
     t.string "cna_id"

db/seeds.rb

@@ -18,6 +18,7 @@ require '/data_importer/lib/importers/cna_importer'
 require '/data_importer/lib/importers/github_advisory_importer'
 require '/data_importer/lib/importers/github_user_importer'
 require '/data_importer/lib/importers/gsd_importer.rb'
+require '/data_importer/lib/importers/cisa_known_exploit_importer.rb'
 
 def line_sep
   puts '----------' * 12
@@ -30,6 +31,7 @@ def perform
   import_trickest_poc_cves
   import_inthewild_cve_exploits
   import_cvemon_cves
+  import_cisa_known_exploits
   import_cpes
   import_cnas
   import_github_advisories
@@ -71,6 +73,11 @@ def import_inthewild_cve_exploits
   InthewildCveExploitImporter.new.import
 end
 
+def import_cisa_known_exploits
+  line_sep
+  CisaKnownExploitImporter.new.import
+end
+
 def import_trickest_poc_cves
   line_sep
   TrickestPocCveImporter.new.import

lib/importers/cisa_known_exploit_importer.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require '/data_importer/lib/json_helper'
+
+class CisaKnownExploitImporter
+  attr_accessor :feed_url 
+
+  EXPECTED_KEYS = %i[
+    title
+    catalog_version
+    date_released
+    count
+    vulnerabilities
+  ].freeze
+
+  EMPTY_HASH = EXPECTED_KEYS.map { |k| [k, nil] }.to_h.freeze
+
+  def initialize
+    @feed_url = 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'
+  end
+
+  def get_and_transform_json
+    json = JsonHelper.read_json_from_url(feed_url)
+    json_transformed = JsonHelper.deep_transform_keys(json)
+    #json_transformed.map { |h| h.slice(*EXPECTED_KEYS).reverse_merge(EMPTY_HASH) }
+  end
+
+
+  def import
+    puts "Now starting import Cisa Known Exploits for #{feed_url}."
+    puts '----------' * 12
+    cisa_known_exploits = [ get_and_transform_json ] 
+    CisaKnownExploit.upsert_all(cisa_known_exploits, unique_by: :date_released)
+  end
+end

lib/json_helper.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+require 'rest-client'
 
 class JsonHelper
   def self.deep_transform_keys(json_hash)
@@ -17,4 +18,19 @@ class JsonHelper
     s.gsub("`\u0000`", "null_byte")
   end
 
+  def self.read_json_from_file(filename)
+    JSON.parse(File.read(filename), symbolize_names: true)
+  end
+
+  def self.read_json_from_url(url)
+    r = RestClient::Request.execute(
+      :method => :get,
+      :url => url
+    )
+    if r.code == 200
+      JSON.parse(r.body, symobilize_names: true)
+    else
+      puts "Http Code: #{r.code}"
+    end
+  end
 end