class Bundler::Audit::Advisory
def self.load(path)
- Api: - semipublic
Returns:
-
(Advisory)-
Parameters:
-
path(String) --
def self.load(path) id = File.basename(path).chomp('.yml') data = YAML.load_file(path) unless data.kind_of?(Hash) raise("advisory data in #{path.dump} was not a Hash") end parse_versions = lambda { |versions| Array(versions).map do |version| Gem::Requirement.new(*version.split(', ')) end } return new( path, id, data['url'], data['title'], data['date'], data['description'], data['cvss_v2'], data['cve'], data['osvdb'], parse_versions[data['unaffected_versions']], parse_versions[data['patched_versions']] ) end
def criticality
-
(:low, :medium, :high)-
def criticality case cvss_v2 when 0.0..3.3 then :low when 3.3..6.6 then :medium when 6.6..10.0 then :high end end
def cve_id
-
(String, nil)-
def cve_id "CVE-#{cve}" if cve end
def osvdb_id
-
(String, nil)-
def osvdb_id "OSVDB-#{osvdb}" if osvdb end
def patched?(version)
- Since: - 0.2.0
Returns:
-
(Boolean)-
Parameters:
-
version(Gem::Version) --
def patched?(version) patched_versions.any? do |patched_version| patched_version === version end end
def unaffected?(version)
- Since: - 0.2.0
Returns:
-
(Boolean)-
Parameters:
-
version(Gem::Version) --
def unaffected?(version) unaffected_versions.any? do |unaffected_version| unaffected_version === version end end
def vulnerable?(version)
-
(Boolean)-
Parameters:
-
version(Gem::Version) --
def vulnerable?(version) !patched?(version) && !unaffected?(version) end