Class: Veracode::Vulnerability

Inherits:

Object

• Object
• Veracode::Vulnerability

Defined in:

lib/veracode/vulnerability.rb

Instance Attribute Summary

• #xml_vulnerability ⇒ Object readonly

  Returns the value of attribute xml_vulnerability.

Instance Method Summary

• #initialize(xml_vulnerability) ⇒ Vulnerability constructor

  A new instance of Vulnerability.

• #method_missing(method, *args) ⇒ Object

  This method is invoked by Ruby when a method that is not defined in this instance is called.

• #respond_to?(method, include_private = false) ⇒ Boolean

  This allows external callers (and specs) to check for implemented properties.

• #supported_tags ⇒ Object

  List of supported tags.

Constructor Details

#initialize(xml_vulnerability) ⇒ Vulnerability

Returns a new instance of Vulnerability.

# File 'lib/veracode/vulnerability.rb', line 5

def initialize(xml_vulnerability)
  @xml = xml_vulnerability
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method, *args) ⇒ Object

This method is invoked by Ruby when a method that is not defined in this instance is called.

In our case we inspect the @method@ parameter and try to find the attribute, simple descendent or collection that it maps to in the XML tree.

# File 'lib/veracode/vulnerability.rb', line 32

def method_missing(method, *args)
  # We could remove this check and return nil for any non-recognized tag.
  # The problem would be that it would make tricky to debug problems with
  # typos. For instance: <>.potr would return nil instead of raising an
  # exception
  unless supported_tags.include?(method)
    super
    return
  end

  method_name = method.to_s

  if method_name == 'mitigation'
    return @xml.xpath('.//*:mitigation').map do |mitigation|
      "#{mitigation.attr('action')}\n#{mitigation.attr('description')}\n#{mitigation.attr('date')}"
    end.join("\n\n")
  end

  # First we try the attributes
  return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)

  # Next we try the parent <component> attributes
  component = @xml.parent.parent
  return component.attributes[method_name].value if component.attributes.key?(method_name)
end

Instance Attribute Details

#xml_vulnerability ⇒ Object (readonly)

Returns the value of attribute xml_vulnerability.

# File 'lib/veracode/vulnerability.rb', line 3

def xml_vulnerability
  @xml_vulnerability
end

Instance Method Details

#respond_to?(method, include_private = false) ⇒ Boolean

This allows external callers (and specs) to check for implemented properties

Returns:

• (Boolean)

# File 'lib/veracode/vulnerability.rb', line 21

def respond_to?(method, include_private = false)
  return true if supported_tags.include?(method.to_sym)
  super
end

#supported_tags ⇒ Object

List of supported tags. They can be attributes, simple descendans or collections (e.g. <references/>, <tags/>)

# File 'lib/veracode/vulnerability.rb', line 11

def supported_tags
  [
    :cve_id, :cve_summary, :cvss_score, :cwe_id, :file_name, :file_path,
    :library, :library_id, :mitigation, :severity, :severity_desc,
    :vulnerability_affects_policy_compliance
  ]
end