Class: Bundler::Audit::Advisory

Inherits:
Struct
  • Object
show all
Defined in:
lib/bundler/audit/advisory.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#cveObject

Returns the value of attribute cve

Returns:

  • (Object)

    the current value of cve



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def cve
  @cve
end

#cvss_v2Object

Returns the value of attribute cvss_v2

Returns:

  • (Object)

    the current value of cvss_v2



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def cvss_v2
  @cvss_v2
end

#dateObject

Returns the value of attribute date

Returns:

  • (Object)

    the current value of date



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def date
  @date
end

#descriptionObject

Returns the value of attribute description

Returns:

  • (Object)

    the current value of description



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def description
  @description
end

#ghsaObject

Returns the value of attribute ghsa

Returns:

  • (Object)

    the current value of ghsa



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def ghsa
  @ghsa
end

#idObject Also known as: to_s

Returns the value of attribute id

Returns:

  • (Object)

    the current value of id



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def id
  @id
end

#osvdbObject

Returns the value of attribute osvdb

Returns:

  • (Object)

    the current value of osvdb



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def osvdb
  @osvdb
end

#patched_versionsObject

Returns the value of attribute patched_versions

Returns:

  • (Object)

    the current value of patched_versions



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def patched_versions
  @patched_versions
end

#pathObject

Returns the value of attribute path

Returns:

  • (Object)

    the current value of path



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def path
  @path
end

#titleObject

Returns the value of attribute title

Returns:

  • (Object)

    the current value of title



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def title
  @title
end

#unaffected_versionsObject

Returns the value of attribute unaffected_versions

Returns:

  • (Object)

    the current value of unaffected_versions



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def unaffected_versions
  @unaffected_versions
end

#urlObject

Returns the value of attribute url

Returns:

  • (Object)

    the current value of url



22
23
24
 
# File 'lib/bundler/audit/advisory.rb', line 22

def url
  @url
end

Class Method Details

.load(path) ⇒ Advisory

Loads the advisory from a YAML file.

Parameters:

  • path (String)

    The path to the advisory YAML file.

Returns:



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/bundler/audit/advisory.rb', line 45

def self.load(path)
  id   = File.basename(path).chomp('.yml')
  data = YAML.load_file(path)

  unless data.kind_of?(Hash)
    raise("advisory data in #{path.dump} was not a Hash")
  end

  parse_versions = lambda { |versions|
    Array(versions).map do |version|
      Gem::Requirement.new(*version.split(', '))
    end
  }

  return new(
    path,
    id,
    data['url'],
    data['title'],
    data['date'],
    data['description'],
    data['cvss_v2'],
    data['cve'],
    data['osvdb'],
    data['ghsa'],
    parse_versions[data['unaffected_versions']],
    parse_versions[data['patched_versions']]
  )
end

Instance Method Details

#criticality:low, ...

Determines how critical the vulnerability is.

Returns:

  • (:low, :medium, :high)

    The criticality of the vulnerability based on the CVSSv2 score.



118
119
120
121
122
123
124
 
# File 'lib/bundler/audit/advisory.rb', line 118

def criticality
  case cvss_v2
  when 0.0..3.3  then :low
  when 3.3..6.6  then :medium
  when 6.6..10.0 then :high
  end
end

#cve_idString?

The CVE identifier.

Returns:

  • (String, nil) 


80
81
82
 
# File 'lib/bundler/audit/advisory.rb', line 80

def cve_id
  "CVE-#{cve}" if cve
end

#ghsa_idString?

The GHSA (GitHub Security Advisory) identifier

Returns:

  • (String, nil) 


98
99
100
 
# File 'lib/bundler/audit/advisory.rb', line 98

def ghsa_id
  "GHSA-#{ghsa}" if ghsa
end

#identifiersObject

Return a compacted list of all ids



104
105
106
107
108
109
110
 
# File 'lib/bundler/audit/advisory.rb', line 104

def identifiers
  [
    cve_id,
    osvdb_id,
    ghsa_id
  ].compact
end

#osvdb_idString?

The OSVDB identifier.

Returns:

  • (String, nil) 


89
90
91
 
# File 'lib/bundler/audit/advisory.rb', line 89

def osvdb_id
  "OSVDB-#{osvdb}" if osvdb
end

#patched?(version) ⇒ Boolean

Checks whether the version is patched against the advisory.

Parameters:

Returns:

  • (Boolean)

    Specifies whether the version is patched against the advisory.

Since:

  • 0.2.0



154
155
156
157
158
 
# File 'lib/bundler/audit/advisory.rb', line 154

def patched?(version)
  patched_versions.any? do |patched_version|
    patched_version === version
  end
end

#unaffected?(version) ⇒ Boolean

Checks whether the version is not affected by the advisory.

Parameters:

Returns:

  • (Boolean)

    Specifies whether the version is not affected by the advisory.

Since:

  • 0.2.0



137
138
139
140
141
 
# File 'lib/bundler/audit/advisory.rb', line 137

def unaffected?(version)
  unaffected_versions.any? do |unaffected_version|
    unaffected_version === version
  end
end

#vulnerable?(version) ⇒ Boolean

Checks whether the version is vulnerable to the advisory.

Parameters:

Returns:

  • (Boolean)

    Specifies whether the version is vulnerable to the advisory or not.



169
170
171
 
# File 'lib/bundler/audit/advisory.rb', line 169

def vulnerable?(version)
  !patched?(version) && !unaffected?(version)
end