class YAVDB::Sources::RubyAdvisory::Client
Constants
- PACKAGE_MANAGER
- REPOSITORY_URL
Public Class Methods
advisories()
click to toggle source
# File lib/yavdb/sources/ruby_advisory.rb, line 31 def self.advisories YAVDB::SourceTypes::GitRepo.search('gems/**/*.yml', REPOSITORY_URL).map do |repo_path, file_paths| Dir.chdir(repo_path) do file_paths.map do |file_path| advisory_hash = YAML.load_file(file_path) create(file_path, advisory_hash) end end end.flatten end
Private Class Methods
clean_version(versions)
click to toggle source
# File lib/yavdb/sources/ruby_advisory.rb, line 86 def clean_version(versions) versions&.map { |version| version.tr(',', ' ') } end
create(file_path, advisory_hash)
click to toggle source
# File lib/yavdb/sources/ruby_advisory.rb, line 46 def create(file_path, advisory_hash) date = Date.strptime(advisory_hash['date'].to_s, '%Y-%m-%d') severity = severity(advisory_hash['cvss_v2'], advisory_hash['cvss_v3']) cve = advisory_hash['cve'] && "CVE-#{advisory_hash['cve']}" references = references(advisory_hash) filename = File.basename(file_path, '.yml') vulnerable_versions = if advisory_hash['unaffected_versions'] || advisory_hash['patched_versions'] nil else ['*'] end vuln_id = "rubyadvisory:rubygems:#{advisory_hash['gem']}:#{filename}" YAVDB::Advisory.new( vuln_id, advisory_hash['title'], advisory_hash['description'], advisory_hash['gem'], clean_version(vulnerable_versions), clean_version(advisory_hash['unaffected_versions']), clean_version(advisory_hash['patched_versions']), severity, PACKAGE_MANAGER, cve && [cve], nil, #:cwe advisory_hash['osvdb'], nil, #:cvss_v2_vector advisory_hash['cvss_v2'], nil, #:cvss_v3_vector advisory_hash['cvss_v3'], date, date, date, ['Rubysec'], references, advisory_hash['url'] ) end
references(advisory_hash)
click to toggle source
# File lib/yavdb/sources/ruby_advisory.rb, line 90 def references(advisory_hash) references = [REPOSITORY_URL] if advisory_hash['related'] && advisory_hash['related']['url'] references.concat(advisory_hash['related']['url']) else references end end
severity(cvss_v2_score, cvss_v3_score)
click to toggle source
# File lib/yavdb/sources/ruby_advisory.rb, line 100 def severity(cvss_v2_score, cvss_v3_score) if cvss_v3_score severity_level(cvss_v3_score) elsif cvss_v2_score severity_level(cvss_v2_score) end end
severity_level(cvss_score)
click to toggle source
# File lib/yavdb/sources/ruby_advisory.rb, line 108 def severity_level(cvss_score) case cvss_score when 0.0..3.3 'low' when 3.3..6.6 'medium' else 'high' end end