Class: RedmineAudit::Database

Inherits:

Object

Object
RedmineAudit::Database

show all

Defined in:: lib/redmine_audit/database.rb

Overview

Redmine advisory database

Constant Summary collapse

URL =

'http://www.redmine.org/projects/redmine/wiki/Security_Advisories'

TABLE_XPATH =

'//*[@id="content"]/div[2]/table'

Instance Attribute Summary collapse

#vulnerabilities ⇒ Object readonly

Returns the value of attribute vulnerabilities.

Instance Method Summary collapse

#advisories(v) ⇒ [Redmine::Advisory]

Get unfixed advisories against specified Redmine version.

Instance Attribute Details

#vulnerabilities ⇒ `Object` (readonly)

Returns the value of attribute vulnerabilities.



11
12
13

# File 'lib/redmine_audit/database.rb', line 11

def vulnerabilities
  @vulnerabilities
end

Instance Method Details

#advisories(v) ⇒ `[Redmine::Advisory]`

Get unfixed advisories against specified Redmine version.

Parameters:

version (String) —

The Redmine version to compare against #unaffected_versions.

Returns:

([Redmine::Advisory]) —

The array of Redmine::Advisory unfixed.

# File 'lib/redmine_audit/database.rb', line 20

def advisories(v)
  if @known_advisories.nil?
    @known_advisories = []
    html = fetch_advisory_data
    doc = Nokogiri::HTML(html)
    doc.xpath(TABLE_XPATH).xpath('tr')[1..-1].each do |tr|
      if res = parse_tds(tr.xpath('td'))
        @known_advisories << Advisory.new(*res)
      end
    end
  end

  # tarball version has '.stable'.
  # This is hack to avoid treating prerelease by Gem::Version.
  # TODO: refactoring such as fix Gem::Version like setting @prerelease = false.
  redmine_version = Gem::Version.new(v.gsub(/\.stable\z/, ''))
  unfixed_advisories = []
  @known_advisories.each do |advisory|
    if advisory.vulnerable?(redmine_version)
      unfixed_advisories.push(advisory)
    end
  end
  return unfixed_advisories
end