class YAVDB::Sources::RustSec::Client
Constants
- PACKAGE_MANAGER
- REPOSITORY_URL
Public Class Methods
advisories()
click to toggle source
# File lib/yavdb/sources/rustsec.rb, line 31 def self.advisories YAVDB::SourceTypes::GitRepo.search('crates/**/*.toml', REPOSITORY_URL).map do |repo_path, file_paths| Dir.chdir(repo_path) do file_paths.map do |file_path| advisory_hash = TomlRB.load_file(file_path) create(advisory_hash['advisory']) end end end.flatten end
Private Class Methods
create(advisory_hash)
click to toggle source
# File lib/yavdb/sources/rustsec.rb, line 46 def create(advisory_hash) date = Date.strptime(advisory_hash['date'].to_s, '%Y-%m-%d') severity = 'high' # since no value is provided will use highest cve = advisory_hash['aliases']&.select { |a| a.start_with?('CVE') } references = advisory_hash['url'] && [advisory_hash['url']] vuln_id = "rustsec:cargo:#{advisory_hash['package']}:#{advisory_hash['id']}" vulnerable_versions = (['*'] if (advisory_hash['unaffected_versions'].nil? || advisory_hash['unaffected_versions'].empty?) && (advisory_hash['patched_versions'].nil? || advisory_hash['patched_versions'].empty?)) YAVDB::Advisory.new( vuln_id, advisory_hash['title'], advisory_hash['description'], advisory_hash['package'], vulnerable_versions, advisory_hash['unaffected_versions'], advisory_hash['patched_versions'], severity, PACKAGE_MANAGER, cve, nil, #:cwe nil, nil, #:cvss_v2_vector nil, nil, #:cvss_v3_vector nil, date, date, date, ['RustSec'], references, generate_url(advisory_hash) ) end
generate_url(advisory_hash)
click to toggle source
# File lib/yavdb/sources/rustsec.rb, line 82 def generate_url(advisory_hash) "#{REPOSITORY_URL}/blob/master/crates/#{advisory_hash['package']}/#{advisory_hash['id']}.toml" end