class YAVDB::Sources::Victims::Client
Constants
- LANGUAGES
- Language
- REPOSITORY_URL
Public Class Methods
advisories()
click to toggle source
# File lib/yavdb/sources/victims.rb, line 37 def self.advisories LANGUAGES.map do |language| glob = language_glob(language.name) YAVDB::SourceTypes::GitRepo.search(glob, REPOSITORY_URL).map do |repo_path, file_paths| Dir.chdir(repo_path) do file_paths.map do |file_path| advisory_hash = YAML.load_file(file_path) url = "#{REPOSITORY_URL}/blob/master/#{file_path}" create(advisory_hash, language, url) end end end end.flatten end
Private Class Methods
create(advisory_hash, language, url)
click to toggle source
# File lib/yavdb/sources/victims.rb, line 60 def create(advisory_hash, language, url) advisory_hash['affected'].map do |affected_package| vuln_id_stamp = advisory_hash['cve'] || 'date' vuln_id = "victims:#{language.package_manager}:#{language.name_parser[affected_package]}:#{vuln_id_stamp}" YAVDB::Advisory.new( vuln_id, advisory_hash['title'], advisory_hash['description'], language.name_parser[affected_package], split_versions(affected_package['version']), split_versions(affected_package['unaffected']), split_versions(affected_package['fixedin']), severity(advisory_hash['cvss_v2']), language.package_manager, [advisory_hash['cve']].map { |cve| "CVE-#{cve}" }, nil, #:cwe nil, #:osvdb nil, #:cvss_v2_vector advisory_hash['cvss_v2'], nil, #:cvss_v3_vector nil, #:cvss_v3 nil, nil, nil, ['Victims CVE Database'], advisory_hash['references'], url ) end.flatten end
language_glob(language)
click to toggle source
# File lib/yavdb/sources/victims.rb, line 56 def language_glob(language) "database/#{language}/*/*.*" end
severity(cvss_score)
click to toggle source
# File lib/yavdb/sources/victims.rb, line 96 def severity(cvss_score) case cvss_score when 0.0..3.3 'low' when 3.3..6.6 'medium' else 'high' end end
split_versions(versions)
click to toggle source
# File lib/yavdb/sources/victims.rb, line 92 def split_versions(versions) versions&.map { |version| version.split(',') }&.flatten end