Class: Bundler::Audit::Advisory
- Inherits:
-
Struct
- Object
- Struct
- Bundler::Audit::Advisory
- Defined in:
- lib/bundler/audit/advisory.rb
Overview
Represents an advisory loaded from the Database.
Instance Attribute Summary collapse
-
#cve ⇒ Object
Returns the value of attribute cve.
-
#cvss_v2 ⇒ Object
Returns the value of attribute cvss_v2.
-
#cvss_v3 ⇒ Object
Returns the value of attribute cvss_v3.
-
#date ⇒ Object
Returns the value of attribute date.
-
#description ⇒ Object
Returns the value of attribute description.
-
#ghsa ⇒ Object
Returns the value of attribute ghsa.
-
#id ⇒ Object
(also: #to_s)
Returns the value of attribute id.
-
#osvdb ⇒ Object
Returns the value of attribute osvdb.
-
#patched_versions ⇒ Object
Returns the value of attribute patched_versions.
-
#path ⇒ Object
Returns the value of attribute path.
-
#title ⇒ Object
Returns the value of attribute title.
-
#unaffected_versions ⇒ Object
Returns the value of attribute unaffected_versions.
-
#url ⇒ Object
Returns the value of attribute url.
Class Method Summary collapse
-
.load(path) ⇒ Advisory
Loads the advisory from a YAML file.
Instance Method Summary collapse
-
#==(other) ⇒ Boolean
Compares two advisories.
-
#criticality ⇒ :none, ...
Determines how critical the vulnerability is.
-
#cve_id ⇒ String?
The CVE identifier.
-
#ghsa_id ⇒ String?
The GHSA (GitHub Security Advisory) identifier.
-
#identifiers ⇒ Array<String>
Return a compacted list of all ids.
-
#osvdb_id ⇒ String?
The OSVDB identifier.
-
#patched?(version) ⇒ Boolean
Checks whether the version is patched against the advisory.
-
#to_h ⇒ Hash{Symbol => Object}
Converts the advisory to a Hash.
-
#unaffected?(version) ⇒ Boolean
Checks whether the version is not affected by the advisory.
-
#vulnerable?(version) ⇒ Boolean
Checks whether the version is vulnerable to the advisory.
Instance Attribute Details
#cve ⇒ Object
Returns the value of attribute cve
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def cve @cve end |
#cvss_v2 ⇒ Object
Returns the value of attribute cvss_v2
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def cvss_v2 @cvss_v2 end |
#cvss_v3 ⇒ Object
Returns the value of attribute cvss_v3
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def cvss_v3 @cvss_v3 end |
#date ⇒ Object
Returns the value of attribute date
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def date @date end |
#description ⇒ Object
Returns the value of attribute description
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def description @description end |
#ghsa ⇒ Object
Returns the value of attribute ghsa
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def ghsa @ghsa end |
#id ⇒ Object Also known as: to_s
Returns the value of attribute id
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def id @id end |
#osvdb ⇒ Object
Returns the value of attribute osvdb
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def osvdb @osvdb end |
#patched_versions ⇒ Object
Returns the value of attribute patched_versions
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def patched_versions @patched_versions end |
#path ⇒ Object
Returns the value of attribute path
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def path @path end |
#title ⇒ Object
Returns the value of attribute title
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def title @title end |
#unaffected_versions ⇒ Object
Returns the value of attribute unaffected_versions
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def unaffected_versions @unaffected_versions end |
#url ⇒ Object
Returns the value of attribute url
25 26 27 |
# File 'lib/bundler/audit/advisory.rb', line 25 def url @url end |
Class Method Details
.load(path) ⇒ Advisory
Loads the advisory from a YAML file.
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'lib/bundler/audit/advisory.rb', line 49 def self.load(path) id = File.basename(path).chomp('.yml') data = File.open(path) do |yaml| if Psych::VERSION >= '3.1.0' YAML.safe_load(yaml, permitted_classes: [Date]) else # XXX: psych < 3.1.0 YAML.safe_load calling convention YAML.safe_load(yaml, [Date]) end end unless data.kind_of?(Hash) raise("advisory data in #{path.dump} was not a Hash") end parse_versions = lambda { |versions| Array(versions).map do |version| Gem::Requirement.new(*version.split(', ')) end } return new( path, id, data['url'], data['title'], data['date'], data['description'], data['cvss_v2'], data['cvss_v3'], data['cve'], data['osvdb'], data['ghsa'], parse_versions[data['unaffected_versions']], parse_versions[data['patched_versions']] ) end |
Instance Method Details
#==(other) ⇒ Boolean
Compares two advisories.
209 210 211 |
# File 'lib/bundler/audit/advisory.rb', line 209 def ==(other) id == other.id end |
#criticality ⇒ :none, ...
Determines how critical the vulnerability is.
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 |
# File 'lib/bundler/audit/advisory.rb', line 137 def criticality if cvss_v3 case cvss_v3 when 0.0 then :none when 0.1..3.9 then :low when 4.0..6.9 then :medium when 7.0..8.9 then :high when 9.0..10.0 then :critical end elsif cvss_v2 case cvss_v2 when 0.0..3.9 then :low when 4.0..6.9 then :medium when 7.0..10.0 then :high end end end |
#cve_id ⇒ String?
The CVE identifier.
92 93 94 |
# File 'lib/bundler/audit/advisory.rb', line 92 def cve_id "CVE-#{cve}" if cve end |
#ghsa_id ⇒ String?
The GHSA (GitHub Security Advisory) identifier
112 113 114 |
# File 'lib/bundler/audit/advisory.rb', line 112 def ghsa_id "GHSA-#{ghsa}" if ghsa end |
#identifiers ⇒ Array<String>
Return a compacted list of all ids
123 124 125 126 127 128 129 |
# File 'lib/bundler/audit/advisory.rb', line 123 def identifiers [ cve_id, osvdb_id, ghsa_id ].compact end |
#osvdb_id ⇒ String?
The OSVDB identifier.
101 102 103 |
# File 'lib/bundler/audit/advisory.rb', line 101 def osvdb_id "OSVDB-#{osvdb}" if osvdb end |
#patched?(version) ⇒ Boolean
Checks whether the version is patched against the advisory.
183 184 185 186 187 |
# File 'lib/bundler/audit/advisory.rb', line 183 def patched?(version) patched_versions.any? do |patched_version| patched_version === version end end |
#to_h ⇒ Hash{Symbol => Object}
Converts the advisory to a Hash.
218 219 220 221 222 |
# File 'lib/bundler/audit/advisory.rb', line 218 def to_h super.merge({ criticality: criticality }) end |
#unaffected?(version) ⇒ Boolean
Checks whether the version is not affected by the advisory.
166 167 168 169 170 |
# File 'lib/bundler/audit/advisory.rb', line 166 def unaffected?(version) unaffected_versions.any? do |unaffected_version| unaffected_version === version end end |
#vulnerable?(version) ⇒ Boolean
Checks whether the version is vulnerable to the advisory.
198 199 200 |
# File 'lib/bundler/audit/advisory.rb', line 198 def vulnerable?(version) !patched?(version) && !unaffected?(version) end |