Class: YAVDB::Sources::FriendsOfPHP::Client
- Inherits:
-
Object
- Object
- YAVDB::Sources::FriendsOfPHP::Client
- Defined in:
- lib/yavdb/sources/friends_of_php.rb
Constant Summary collapse
- REPOSITORY_URLS =
[ 'https://github.com/FriendsOfPHP/security-advisories', 'https://github.com/Cotya/magento-security-advisories' ].freeze
- PACKAGE_MANAGER =
'packagist'.freeze
Class Method Summary collapse
Class Method Details
.advisories ⇒ Object
35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/yavdb/sources/friends_of_php.rb', line 35 def self.advisories REPOSITORY_URLS.map do |repository_url| YAVDB::SourceTypes::GitRepo.search('*/*/*.yaml', repository_url).map do |repo_path, file_paths| Dir.chdir(repo_path) do file_paths.map do |file_path| advisory_hash = YAML.load_file(file_path) url = "#{repository_url}/blob/master/#{file_path}" filename = File.basename(file_path, '.yaml') create(url, filename, advisory_hash) end end end end.flatten end |
.create(url, filename, advisory_hash) ⇒ Object
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
# File 'lib/yavdb/sources/friends_of_php.rb', line 50 def self.create(url, filename, advisory_hash) date = Date.parse('1970-01-01') versions = advisory_hash['branches'].map do |_, info| date = Date.strptime(info['time'].to_s, '%Y-%m-%d %H:%M:%S') if info['time'] info['versions'].join(' ') end.flatten cves = [advisory_hash['cve']].reject { |cve| cve == '~' } package_name = advisory_hash['reference'].gsub(%r{composer:\/\/(.*)}, '\1') vuln_id = "friendsofphp:packagist:#{package_name}:#{filename}" YAVDB::Advisory.new( vuln_id, advisory_hash['title'], nil, #:description package_name, versions, #:vulnerable_versions nil, #:unaffected_versions nil, #:patched_versions nil, #:severity PACKAGE_MANAGER, cves, nil, #:cwe nil, #:osvdb nil, #:cvss_v2_vector nil, #:cvss_v2 nil, #:cvss_v3_vector nil, #:cvss_v3 date, date, date, ['FriendsOfPHP'], [advisory_hash['link']], url ) end |