class YAVDB::Sources::FriendsOfPHP::Client

Constants

PACKAGE_MANAGER
REPOSITORY_URLS

Public Class Methods

advisories() click to toggle source
# File lib/yavdb/sources/friends_of_php.rb, line 35
def self.advisories
  REPOSITORY_URLS.map do |repository_url|
    YAVDB::SourceTypes::GitRepo.search('*/*/*.yaml', repository_url).map do |repo_path, file_paths|
      Dir.chdir(repo_path) do
        file_paths.map do |file_path|
          advisory_hash = YAML.load_file(file_path)
          url           = "#{repository_url}/blob/master/#{file_path}"
          filename      = File.basename(file_path, '.yaml')
          create(url, filename, advisory_hash)
        end
      end
    end
  end.flatten
end
create(url, filename, advisory_hash) click to toggle source
# File lib/yavdb/sources/friends_of_php.rb, line 50
def self.create(url, filename, advisory_hash)
  date = Date.parse('1970-01-01')

  versions = advisory_hash['branches'].map do |_, info|
    date = Date.strptime(info['time'].to_s, '%Y-%m-%d %H:%M:%S') if info['time']
    info['versions'].join(' ')
  end.flatten

  cves = [advisory_hash['cve']].reject { |cve| cve == '~' }

  package_name = advisory_hash['reference'].gsub(%r{composer:\/\/(.*)}, '\1')

  vuln_id = "friendsofphp:packagist:#{package_name}:#{filename}"

  YAVDB::Advisory.new(
    vuln_id,
    advisory_hash['title'],
    nil, #:description
    package_name,
    versions, #:vulnerable_versions
    nil, #:unaffected_versions
    nil, #:patched_versions
    nil, #:severity
    PACKAGE_MANAGER,
    cves,
    nil, #:cwe
    nil, #:osvdb
    nil, #:cvss_v2_vector
    nil, #:cvss_v2
    nil, #:cvss_v3_vector
    nil, #:cvss_v3
    date,
    date,
    date,
    ['FriendsOfPHP'],
    [advisory_hash['link']],
    url
  )
end