Class: Bundler::Audit::Advisory
- Inherits:
-
Struct
- Object
- Struct
- Bundler::Audit::Advisory
- Defined in:
- lib/bundler/audit/advisory.rb
Overview
Represents an advisory loaded from the Database.
Instance Attribute Summary collapse
-
#cve ⇒ Object
Returns the value of attribute cve.
-
#cvss_v2 ⇒ Object
Returns the value of attribute cvss_v2.
-
#cvss_v3 ⇒ Object
Returns the value of attribute cvss_v3.
-
#date ⇒ Object
Returns the value of attribute date.
-
#description ⇒ Object
Returns the value of attribute description.
-
#ghsa ⇒ Object
Returns the value of attribute ghsa.
-
#id ⇒ Object
(also: #to_s)
Returns the value of attribute id.
-
#osvdb ⇒ Object
Returns the value of attribute osvdb.
-
#patched_versions ⇒ Object
Returns the value of attribute patched_versions.
-
#path ⇒ Object
Returns the value of attribute path.
-
#title ⇒ Object
Returns the value of attribute title.
-
#unaffected_versions ⇒ Object
Returns the value of attribute unaffected_versions.
-
#url ⇒ Object
Returns the value of attribute url.
Class Method Summary collapse
-
.load(path) ⇒ Advisory
Loads the advisory from a YAML file.
Instance Method Summary collapse
-
#==(other) ⇒ Boolean
Compares two advisories.
-
#criticality ⇒ :none, ...
Determines how critical the vulnerability is.
-
#cve_id ⇒ String?
The CVE identifier.
-
#ghsa_id ⇒ String?
The GHSA (GitHub Security Advisory) identifier.
-
#identifiers ⇒ Array<String>
Return a compacted list of all ids.
-
#osvdb_id ⇒ String?
The OSVDB identifier.
-
#patched?(version) ⇒ Boolean
Checks whether the version is patched against the advisory.
-
#to_h ⇒ Hash{Symbol => Object}
Converts the advisory to a Hash.
-
#unaffected?(version) ⇒ Boolean
Checks whether the version is not affected by the advisory.
-
#vulnerable?(version) ⇒ Boolean
Checks whether the version is vulnerable to the advisory.
Instance Attribute Details
#cve ⇒ Object
Returns the value of attribute cve
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def cve @cve end |
#cvss_v2 ⇒ Object
Returns the value of attribute cvss_v2
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def cvss_v2 @cvss_v2 end |
#cvss_v3 ⇒ Object
Returns the value of attribute cvss_v3
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def cvss_v3 @cvss_v3 end |
#date ⇒ Object
Returns the value of attribute date
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def date @date end |
#description ⇒ Object
Returns the value of attribute description
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def description @description end |
#ghsa ⇒ Object
Returns the value of attribute ghsa
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def ghsa @ghsa end |
#id ⇒ Object Also known as: to_s
Returns the value of attribute id
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def id @id end |
#osvdb ⇒ Object
Returns the value of attribute osvdb
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def osvdb @osvdb end |
#patched_versions ⇒ Object
Returns the value of attribute patched_versions
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def patched_versions @patched_versions end |
#path ⇒ Object
Returns the value of attribute path
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def path @path end |
#title ⇒ Object
Returns the value of attribute title
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def title @title end |
#unaffected_versions ⇒ Object
Returns the value of attribute unaffected_versions
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def unaffected_versions @unaffected_versions end |
#url ⇒ Object
Returns the value of attribute url
26 27 28 |
# File 'lib/bundler/audit/advisory.rb', line 26 def url @url end |
Class Method Details
.load(path) ⇒ Advisory
Loads the advisory from a YAML file.
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
# File 'lib/bundler/audit/advisory.rb', line 50 def self.load(path) id = File.basename(path).chomp('.yml') data = File.open(path) do |yaml| if Psych::VERSION >= '3.1.0' YAML.safe_load(yaml, permitted_classes: [Date]) else # XXX: psych < 3.1.0 YAML.safe_load calling convention YAML.safe_load(yaml, [Date]) end end unless data.kind_of?(Hash) raise("advisory data in #{path.dump} was not a Hash") end parse_versions = lambda { |versions| Array(versions).map do |version| Gem::Requirement.new(*version.split(', ')) end } return new( path, id, data['url'], data['title'], data['date'], data['description'], data['cvss_v2'], data['cvss_v3'], data['cve'], data['osvdb'], data['ghsa'], parse_versions[data['unaffected_versions']], parse_versions[data['patched_versions']] ) end |
Instance Method Details
#==(other) ⇒ Boolean
Compares two advisories.
210 211 212 |
# File 'lib/bundler/audit/advisory.rb', line 210 def ==(other) id == other.id end |
#criticality ⇒ :none, ...
Determines how critical the vulnerability is.
138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 |
# File 'lib/bundler/audit/advisory.rb', line 138 def criticality if cvss_v3 case cvss_v3 when 0.0 then :none when 0.1..3.9 then :low when 4.0..6.9 then :medium when 7.0..8.9 then :high when 9.0..10.0 then :critical end elsif cvss_v2 case cvss_v2 when 0.0..3.9 then :low when 4.0..6.9 then :medium when 7.0..10.0 then :high end end end |
#cve_id ⇒ String?
The CVE identifier.
93 94 95 |
# File 'lib/bundler/audit/advisory.rb', line 93 def cve_id "CVE-#{cve}" if cve end |
#ghsa_id ⇒ String?
The GHSA (GitHub Security Advisory) identifier
113 114 115 |
# File 'lib/bundler/audit/advisory.rb', line 113 def ghsa_id "GHSA-#{ghsa}" if ghsa end |
#identifiers ⇒ Array<String>
Return a compacted list of all ids
124 125 126 127 128 129 130 |
# File 'lib/bundler/audit/advisory.rb', line 124 def identifiers [ cve_id, osvdb_id, ghsa_id ].compact end |
#osvdb_id ⇒ String?
The OSVDB identifier.
102 103 104 |
# File 'lib/bundler/audit/advisory.rb', line 102 def osvdb_id "OSVDB-#{osvdb}" if osvdb end |
#patched?(version) ⇒ Boolean
Checks whether the version is patched against the advisory.
184 185 186 187 188 |
# File 'lib/bundler/audit/advisory.rb', line 184 def patched?(version) patched_versions.any? do |patched_version| patched_version === version end end |
#to_h ⇒ Hash{Symbol => Object}
Converts the advisory to a Hash.
219 220 221 222 223 |
# File 'lib/bundler/audit/advisory.rb', line 219 def to_h super.merge({ criticality: criticality }) end |
#unaffected?(version) ⇒ Boolean
Checks whether the version is not affected by the advisory.
167 168 169 170 171 |
# File 'lib/bundler/audit/advisory.rb', line 167 def unaffected?(version) unaffected_versions.any? do |unaffected_version| unaffected_version === version end end |
#vulnerable?(version) ⇒ Boolean
Checks whether the version is vulnerable to the advisory.
199 200 201 |
# File 'lib/bundler/audit/advisory.rb', line 199 def vulnerable?(version) !patched?(version) && !unaffected?(version) end |