Class: Dependabot::SecurityAdvisory
- Inherits:
-
Object
- Object
- Dependabot::SecurityAdvisory
- Defined in:
- lib/dependabot/security_advisory.rb
Instance Attribute Summary collapse
-
#dependency_name ⇒ Object
readonly
Returns the value of attribute dependency_name.
-
#package_manager ⇒ Object
readonly
Returns the value of attribute package_manager.
-
#safe_versions ⇒ Object
readonly
Returns the value of attribute safe_versions.
-
#vulnerable_versions ⇒ Object
readonly
Returns the value of attribute vulnerable_versions.
Instance Method Summary collapse
-
#initialize(dependency_name:, package_manager:, vulnerable_versions: [], safe_versions: []) ⇒ SecurityAdvisory
constructor
A new instance of SecurityAdvisory.
- #vulnerable?(version) ⇒ Boolean
Constructor Details
#initialize(dependency_name:, package_manager:, vulnerable_versions: [], safe_versions: []) ⇒ SecurityAdvisory
Returns a new instance of SecurityAdvisory.
10 11 12 13 14 15 16 17 18 19 |
# File 'lib/dependabot/security_advisory.rb', line 10 def initialize(dependency_name:, package_manager:, vulnerable_versions: [], safe_versions: []) @dependency_name = dependency_name @package_manager = package_manager @vulnerable_versions = vulnerable_versions || [] @safe_versions = safe_versions || [] convert_string_version_requirements check_version_requirements end |
Instance Attribute Details
#dependency_name ⇒ Object (readonly)
Returns the value of attribute dependency_name.
7 8 9 |
# File 'lib/dependabot/security_advisory.rb', line 7 def dependency_name @dependency_name end |
#package_manager ⇒ Object (readonly)
Returns the value of attribute package_manager.
7 8 9 |
# File 'lib/dependabot/security_advisory.rb', line 7 def package_manager @package_manager end |
#safe_versions ⇒ Object (readonly)
Returns the value of attribute safe_versions.
7 8 9 |
# File 'lib/dependabot/security_advisory.rb', line 7 def safe_versions @safe_versions end |
#vulnerable_versions ⇒ Object (readonly)
Returns the value of attribute vulnerable_versions.
7 8 9 |
# File 'lib/dependabot/security_advisory.rb', line 7 def vulnerable_versions @vulnerable_versions end |
Instance Method Details
#vulnerable?(version) ⇒ Boolean
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/dependabot/security_advisory.rb', line 21 def vulnerable?(version) unless version.is_a?(version_class) || version.instance_of?(Gem::Version) raise ArgumentError, "must be a #{version_class}" end in_safe_range = safe_versions. any? { |r| r.satisfied_by?(version) } # If version is known safe for this advisory, it's not vulnerable return false if in_safe_range in_vulnerable_range = vulnerable_versions. any? { |r| r.satisfied_by?(version) } # If in the vulnerable range and not known safe, it's vulnerable return true if in_vulnerable_range # If a vulnerable range present but not met, it's not vulnerable return false if vulnerable_versions.any? # Finally, if no vulnerable range provided, but a safe range provided, # and this versions isn't included (checked earlier), it's vulnerable safe_versions.any? end |