Class: Purl::Advisory

Inherits:
Object
  • Object
show all
Defined in:
lib/purl/advisory.rb

Overview

Provides advisory lookup functionality for packages using the advisories.ecosyste.ms API

Constant Summary collapse

ADVISORIES_API_BASE = 
"https://advisories.ecosyste.ms/api/v1"

Instance Method Summary collapse

Constructor Details

#initialize(user_agent: nil, timeout: 10) ⇒ Advisory

Initialize a new Advisory instance

Parameters:

  • user_agent (String) (defaults to: nil)

    User agent string for API requests

  • timeout (Integer) (defaults to: 10)

    Request timeout in seconds



17
18
19
20
 
# File 'lib/purl/advisory.rb', line 17

def initialize(user_agent: nil, timeout: 10)
  @user_agent = user_agent || "purl-ruby/#{Purl::VERSION}"
  @timeout = timeout
end

Instance Method Details

#lookup(purl) ⇒ Array<Hash>?

Look up security advisories for a given PURL

Examples:

advisory = Purl::Advisory.new
advisories = advisory.lookup("pkg:npm/[email protected]")
advisories.each { |adv| puts adv[:title] }

Parameters:

  • purl (String, PackageURL)

    PURL string or PackageURL object

Returns:

  • (Array<Hash>, nil)

    Array of advisory hashes or nil if none found

Raises:

  • (AdvisoryError)

    if the lookup fails due to network or API errors



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/purl/advisory.rb', line 32

def lookup(purl)
  purl_obj = purl.is_a?(PackageURL) ? purl : PackageURL.parse(purl.to_s)

  # Query advisories API
  uri = URI("#{ADVISORIES_API_BASE}/advisories/lookup")
  uri.query = URI.encode_www_form({ purl: purl_obj.to_s })

  response_data = make_request(uri)

  if response_data.is_a?(Array) && response_data.length > 0
    advisories = response_data.map { |advisory_data| extract_advisory_info(advisory_data) }

    # Filter by version if specified
    if purl_obj.version
      advisories = filter_by_version(advisories, purl_obj.version)
    end

    return advisories
  end

  []
end