class YAVDB::Sources::RustSec::Client

Constants

PACKAGE_MANAGER
REPOSITORY_URL

Public Class Methods

advisories() click to toggle source
# File lib/yavdb/sources/rustsec.rb, line 31
def self.advisories
  YAVDB::SourceTypes::GitRepo.search('crates/**/*.toml', REPOSITORY_URL).map do |repo_path, file_paths|
    Dir.chdir(repo_path) do
      file_paths.map do |file_path|
        advisory_hash = TomlRB.load_file(file_path)
        create(advisory_hash['advisory'])
      end
    end
  end.flatten
end

Private Class Methods

create(advisory_hash) click to toggle source
# File lib/yavdb/sources/rustsec.rb, line 46
def create(advisory_hash)
  date       = Date.strptime(advisory_hash['date'].to_s, '%Y-%m-%d')
  severity   = 'high' # since no value is provided will use highest
  cve        = advisory_hash['aliases']&.select { |a| a.start_with?('CVE') }
  references = advisory_hash['url'] && [advisory_hash['url']]

  vuln_id = "rustsec:cargo:#{advisory_hash['package']}:#{advisory_hash['id']}"

  vulnerable_versions = (['*'] if (advisory_hash['unaffected_versions'].nil? || advisory_hash['unaffected_versions'].empty?) && (advisory_hash['patched_versions'].nil? || advisory_hash['patched_versions'].empty?))

  YAVDB::Advisory.new(
    vuln_id,
    advisory_hash['title'],
    advisory_hash['description'],
    advisory_hash['package'],
    vulnerable_versions,
    advisory_hash['unaffected_versions'],
    advisory_hash['patched_versions'],
    severity,
    PACKAGE_MANAGER,
    cve,
    nil, #:cwe
    nil,
    nil, #:cvss_v2_vector
    nil,
    nil, #:cvss_v3_vector
    nil,
    date,
    date,
    date,
    ['RustSec'],
    references,
    generate_url(advisory_hash)
  )
end
generate_url(advisory_hash) click to toggle source
# File lib/yavdb/sources/rustsec.rb, line 82
def generate_url(advisory_hash)
  "#{REPOSITORY_URL}/blob/master/crates/#{advisory_hash['package']}/#{advisory_hash['id']}.toml"
end