Class: Bundler::Audit::Advisory

Inherits:

Struct

• Object
• Struct
• Bundler::Audit::Advisory

Defined in:

lib/bundler/audit/advisory.rb

Instance Attribute Summary

• #cve ⇒ Object

  Returns the value of attribute cve.

• #cvss_v2 ⇒ Object

  Returns the value of attribute cvss_v2.

• #description ⇒ Object

  Returns the value of attribute description.

• #patched_versions ⇒ Object

  Returns the value of attribute patched_versions.

• #title ⇒ Object

  Returns the value of attribute title.

• #url ⇒ Object

  Returns the value of attribute url.

Class Method Summary

• .load(path) ⇒ Advisory

  Loads the advisory from a YAML file.

Instance Method Summary

• #criticality ⇒ :low, ...

  Determines how critical the vulnerability is.

• #vulnerable?(version) ⇒ Boolean

  Checks whether the version is vulnerable to the advisory.

Instance Attribute Details

#cve ⇒ Object

Returns the value of attribute cve

Returns:

• (Object) —

  the current value of cve

# File 'lib/bundler/audit/advisory.rb', line 22

def cve
  @cve
end

#cvss_v2 ⇒ Object

Returns the value of attribute cvss_v2

Returns:

• (Object) —

  the current value of cvss_v2

# File 'lib/bundler/audit/advisory.rb', line 22

def cvss_v2
  @cvss_v2
end

#description ⇒ Object

Returns the value of attribute description

Returns:

• (Object) —

  the current value of description

# File 'lib/bundler/audit/advisory.rb', line 22

def description
  @description
end

#patched_versions ⇒ Object

Returns the value of attribute patched_versions

Returns:

• (Object) —

  the current value of patched_versions

# File 'lib/bundler/audit/advisory.rb', line 22

def patched_versions
  @patched_versions
end

#title ⇒ Object

Returns the value of attribute title

Returns:

• (Object) —

  the current value of title

# File 'lib/bundler/audit/advisory.rb', line 22

def title
  @title
end

#url ⇒ Object

Returns the value of attribute url

Returns:

• (Object) —

  the current value of url

# File 'lib/bundler/audit/advisory.rb', line 22

def url
  @url
end

Class Method Details

.load(path) ⇒ Advisory

Loads the advisory from a YAML file.

Parameters:

• path (String) —

  The path to the advisory YAML file.

Returns:

• (Advisory)

# File 'lib/bundler/audit/advisory.rb', line 39

def self.load(path)
  cve  = File.basename(path).chomp('.yml')
  data = YAML.load_file(path)

  unless data.kind_of?(Hash)
    raise("advisory data in #{path.dump} was not a Hash")
  end

  return new(
    cve,
    data['url'],
    data['title'],
    data['description'],
    data['cvss_v2'],
    Array(data['patched_versions']).map { |version|
      Gem::Requirement.new(*version.split(', '))
    },
  )
end

Instance Method Details

#criticality ⇒ :low, ...

Determines how critical the vulnerability is.

Returns:

• (:low, :medium, :high) —

  The criticality of the vulnerability based on the CVSSv2 score.

# File 'lib/bundler/audit/advisory.rb', line 65

def criticality
  case cvss_v2
  when 0.0..3.3  then :low
  when 3.3..6.6  then :medium
  when 6.6..10.0 then :high
  end
end

#vulnerable?(version) ⇒ Boolean

Checks whether the version is vulnerable to the advisory.

Parameters:

• version (Gem::Version) —

  The version to compare against #patched_versions.

Returns:

• (Boolean) —

  Specifies whether the version is vulnerable to the advisory or not.

# File 'lib/bundler/audit/advisory.rb', line 82

def vulnerable?(version)
  !patched_versions.any? do |patched_version|
    patched_version === version
  end
end