class YAVDB::Sources::FriendsOfPHP::Client
Constants
- PACKAGE_MANAGER
- REPOSITORY_URLS
Public Class Methods
advisories()
click to toggle source
# File lib/yavdb/sources/friends_of_php.rb, line 35 def self.advisories REPOSITORY_URLS.map do |repository_url| YAVDB::SourceTypes::GitRepo.search('*/*/*.yaml', repository_url).map do |repo_path, file_paths| Dir.chdir(repo_path) do file_paths.map do |file_path| advisory_hash = YAML.load_file(file_path) url = "#{repository_url}/blob/master/#{file_path}" filename = File.basename(file_path, '.yaml') create(url, filename, advisory_hash) end end end end.flatten end
create(url, filename, advisory_hash)
click to toggle source
# File lib/yavdb/sources/friends_of_php.rb, line 50 def self.create(url, filename, advisory_hash) date = Date.parse('1970-01-01') versions = advisory_hash['branches'].map do |_, info| date = Date.strptime(info['time'].to_s, '%Y-%m-%d %H:%M:%S') if info['time'] info['versions'].join(' ') end.flatten cves = [advisory_hash['cve']].reject { |cve| cve == '~' } package_name = advisory_hash['reference'].gsub(%r{composer:\/\/(.*)}, '\1') vuln_id = "friendsofphp:packagist:#{package_name}:#{filename}" YAVDB::Advisory.new( vuln_id, advisory_hash['title'], nil, #:description package_name, versions, #:vulnerable_versions nil, #:unaffected_versions nil, #:patched_versions nil, #:severity PACKAGE_MANAGER, cves, nil, #:cwe nil, #:osvdb nil, #:cvss_v2_vector nil, #:cvss_v2 nil, #:cvss_v3_vector nil, #:cvss_v3 date, date, date, ['FriendsOfPHP'], [advisory_hash['link']], url ) end