class Bundler::Audit::Advisory
Public Class Methods
load(path)
click to toggle source
Loads the advisory from a YAML file.
@param [String] path
The path to the advisory YAML file.
@return [Advisory]
@api semipublic
# File lib/bundler/audit/advisory.rb, line 45 def self.load(path) id = File.basename(path).chomp('.yml') data = YAML.load_file(path) unless data.kind_of?(Hash) raise("advisory data in #{path.dump} was not a Hash") end parse_versions = lambda { |versions| Array(versions).map do |version| Gem::Requirement.new(*version.split(', ')) end } return new( path, id, data['url'], data['title'], data['date'], data['description'], data['cvss_v2'], data['cve'], data['osvdb'], data['ghsa'], parse_versions[data['unaffected_versions']], parse_versions[data['patched_versions']] ) end
Public Instance Methods
criticality()
click to toggle source
Determines how critical the vulnerability is.
@return [:low, :medium, :high]
The criticality of the vulnerability based on the CVSSv2 score.
# File lib/bundler/audit/advisory.rb, line 118 def criticality case cvss_v2 when 0.0..3.3 then :low when 3.3..6.6 then :medium when 6.6..10.0 then :high end end
cve_id()
click to toggle source
The CVE identifier.
@return [String, nil]
# File lib/bundler/audit/advisory.rb, line 80 def cve_id "CVE-#{cve}" if cve end
ghsa_id()
click to toggle source
The GHSA (GitHub Security Advisory
) identifier
@return [String, nil]
# File lib/bundler/audit/advisory.rb, line 98 def ghsa_id "GHSA-#{ghsa}" if ghsa end
identifiers()
click to toggle source
Return a compacted list of all ids
# File lib/bundler/audit/advisory.rb, line 104 def identifiers [ cve_id, osvdb_id, ghsa_id ].compact end
osvdb_id()
click to toggle source
The OSVDB identifier.
@return [String, nil]
# File lib/bundler/audit/advisory.rb, line 89 def osvdb_id "OSVDB-#{osvdb}" if osvdb end
patched?(version)
click to toggle source
Checks whether the version is patched against the advisory.
@param [Gem::Version] version
The version to compare against {#patched_versions}.
@return [Boolean]
Specifies whether the version is patched against the advisory.
@since 0.2.0
# File lib/bundler/audit/advisory.rb, line 154 def patched?(version) patched_versions.any? do |patched_version| patched_version === version end end
unaffected?(version)
click to toggle source
Checks whether the version is not affected by the advisory.
@param [Gem::Version] version
The version to compare against {#unaffected_versions}.
@return [Boolean]
Specifies whether the version is not affected by the advisory.
@since 0.2.0
# File lib/bundler/audit/advisory.rb, line 137 def unaffected?(version) unaffected_versions.any? do |unaffected_version| unaffected_version === version end end
vulnerable?(version)
click to toggle source
Checks whether the version is vulnerable to the advisory.
@param [Gem::Version] version
The version to compare against {#patched_versions}.
@return [Boolean]
Specifies whether the version is vulnerable to the advisory or not.
# File lib/bundler/audit/advisory.rb, line 169 def vulnerable?(version) !patched?(version) && !unaffected?(version) end