module VRT
Constants
- DIR
- MAPPINGS
- OTHER_OPTION
Public Instance Methods
Get all deprecated ids that would match in the given categories from the current version
# File lib/vrt.rb, line 62 def all_matching_categories(categories) cross_version_category_mapping .select { |key, _value| categories.include?(key) } .values .flatten .uniq end
# File lib/vrt.rb, line 57 def current_categories get_map.categories end
Get the most recent version of the VRT.
# File lib/vrt.rb, line 39 def current_version versions.first end
# File lib/vrt.rb, line 43 def current_version?(version) version == current_version end
Finds the best match valid node. First looks at valid nodes in the given new version or finds the appropriate deprecated mapping. If neither is found it will walk up the tree to find a valid parent node before giving up and returning nil.
@param [String] vrt_id A valid vrt_id @param [string] preferred_version (Optional) The preferred vrt_version of the returned node
(defaults to current_version)
@param [String] max_depth (Optional) The maximum depth to match in @param [String] version (deprecated) This parameter is no longer used @return [VRT::Node|Nil] A valid VRT::Node object or nil if no best match could be found
# File lib/vrt.rb, line 80 def find_node(vrt_id:, preferred_version: nil, max_depth: 'variant', version: nil) # rubocop:disable Lint/UnusedMethodArgument new_version = preferred_version || current_version if get_map(version: new_version).valid?(vrt_id) get_map(version: new_version).find_node(vrt_id, max_depth: max_depth) elsif deprecated_node?(vrt_id) find_deprecated_node(vrt_id, preferred_version, max_depth) else find_valid_parent_node(vrt_id, new_version, max_depth) end end
Load the VRT from text files, and parse it as JSON. If other: true, we append the OTHER_OPTION hash at runtime (not cached)
# File lib/vrt.rb, line 93 def get_json(version: nil, other: true) version ||= current_version @version_json[version] ||= json_for_version(version) other ? @version_json[version] + [OTHER_OPTION] : @version_json[version] end
# File lib/vrt.rb, line 99 def get_map(version: nil) version ||= current_version @maps[version] ||= Map.new(version) end
Get names of directories matching lib/data/<major>-<minor>/
# File lib/vrt.rb, line 105 def json_dir_names DIR.entries .map(&:basename) .map(&:to_s) .select { |dirname| dirname =~ /^[0-9]+\.[0-9]/ }.sort end
Load and parse JSON for some VRT version
# File lib/vrt.rb, line 118 def json_for_version(version) JSON.parse(json_pathname(version).read)['content'] end
Get the Pathname for a particular version
# File lib/vrt.rb, line 113 def json_pathname(version) DIR.join(version, 'vulnerability-rating-taxonomy.json') end
Get the last updated timestamp of the VRT data (not schema!) Passing nil for version will return the latest version.
# File lib/vrt.rb, line 49 def last_updated(version = nil) version ||= current_version return @last_update[version] if @last_update[version] metadata = JSON.parse(json_pathname(version).read)['metadata'] @last_update[version] = Date.parse(metadata['release_date']) end
# File lib/vrt.rb, line 122 def mappings @mappings ||= Hash[MAPPINGS.map { |name| [name, VRT::Mapping.new(name)] }] end
Cache the VRT contents in-memory, so we're not hitting File I/O multiple times per request that needs it.
# File lib/vrt.rb, line 128 def reload! unload! versions get_json get_map last_updated mappings end
We separate unload! out, as we need to call it in test environments.
# File lib/vrt.rb, line 138 def unload! @versions = nil @version_json = {} @last_update = {} @maps = {} @mappings = nil end
Infer the available versions of the VRT from the names of the files in the repo. The returned list is in semver order with the current version first.
# File lib/vrt.rb, line 34 def versions @versions ||= json_dir_names.sort_by { |v| Gem::Version.new(v) }.reverse! end