Class: Bundler::Audit::Advisory
- Inherits:
-
Struct
- Object
- Struct
- Bundler::Audit::Advisory
- Defined in:
- lib/bundler/audit/advisory.rb
Instance Attribute Summary collapse
-
#cvss_v2 ⇒ Object
Returns the value of attribute cvss_v2.
-
#description ⇒ Object
Returns the value of attribute description.
-
#id ⇒ Object
(also: #to_s)
Returns the value of attribute id.
-
#patched_versions ⇒ Object
Returns the value of attribute patched_versions.
-
#path ⇒ Object
Returns the value of attribute path.
-
#title ⇒ Object
Returns the value of attribute title.
-
#unaffected_versions ⇒ Object
Returns the value of attribute unaffected_versions.
-
#url ⇒ Object
Returns the value of attribute url.
Class Method Summary collapse
-
.load(path) ⇒ Advisory
Loads the advisory from a YAML file.
Instance Method Summary collapse
-
#criticality ⇒ :low, ...
Determines how critical the vulnerability is.
-
#patched?(version) ⇒ Boolean
Checks whether the version is patched against the advisory.
-
#unaffected?(version) ⇒ Boolean
Checks whether the version is not affected by the advisory.
-
#vulnerable?(version) ⇒ Boolean
Checks whether the version is vulnerable to the advisory.
Instance Attribute Details
#cvss_v2 ⇒ Object
Returns the value of attribute cvss_v2
24 25 26 |
# File 'lib/bundler/audit/advisory.rb', line 24 def cvss_v2 @cvss_v2 end |
#description ⇒ Object
Returns the value of attribute description
24 25 26 |
# File 'lib/bundler/audit/advisory.rb', line 24 def description @description end |
#id ⇒ Object Also known as: to_s
Returns the value of attribute id
24 25 26 |
# File 'lib/bundler/audit/advisory.rb', line 24 def id @id end |
#patched_versions ⇒ Object
Returns the value of attribute patched_versions
24 25 26 |
# File 'lib/bundler/audit/advisory.rb', line 24 def patched_versions @patched_versions end |
#path ⇒ Object
Returns the value of attribute path
24 25 26 |
# File 'lib/bundler/audit/advisory.rb', line 24 def path @path end |
#title ⇒ Object
Returns the value of attribute title
24 25 26 |
# File 'lib/bundler/audit/advisory.rb', line 24 def title @title end |
#unaffected_versions ⇒ Object
Returns the value of attribute unaffected_versions
24 25 26 |
# File 'lib/bundler/audit/advisory.rb', line 24 def unaffected_versions @unaffected_versions end |
#url ⇒ Object
Returns the value of attribute url
24 25 26 |
# File 'lib/bundler/audit/advisory.rb', line 24 def url @url end |
Class Method Details
.load(path) ⇒ Advisory
Loads the advisory from a YAML file.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/bundler/audit/advisory.rb', line 43 def self.load(path) id = File.basename(path).chomp('.yml') data = YAML.load_file(path) unless data.kind_of?(Hash) raise("advisory data in #{path.dump} was not a Hash") end parse_versions = lambda { |versions| Array(versions).map do |version| Gem::Requirement.new(*version.split(', ')) end } return new( path, id, data['url'], data['title'], data['description'], data['cvss_v2'], parse_versions[data['unaffected_versions']], parse_versions[data['patched_versions']] ) end |
Instance Method Details
#criticality ⇒ :low, ...
Determines how critical the vulnerability is.
75 76 77 78 79 80 81 |
# File 'lib/bundler/audit/advisory.rb', line 75 def criticality case cvss_v2 when 0.0..3.3 then :low when 3.3..6.6 then :medium when 6.6..10.0 then :high end end |
#patched?(version) ⇒ Boolean
Checks whether the version is patched against the advisory.
111 112 113 114 115 |
# File 'lib/bundler/audit/advisory.rb', line 111 def patched?(version) patched_versions.any? do |patched_version| patched_version === version end end |
#unaffected?(version) ⇒ Boolean
Checks whether the version is not affected by the advisory.
94 95 96 97 98 |
# File 'lib/bundler/audit/advisory.rb', line 94 def unaffected?(version) unaffected_versions.any? do |unaffected_version| unaffected_version === version end end |
#vulnerable?(version) ⇒ Boolean
Checks whether the version is vulnerable to the advisory.
126 127 128 |
# File 'lib/bundler/audit/advisory.rb', line 126 def vulnerable?(version) !patched?(version) && !unaffected?(version) end |