class Bundler::Audit::Advisory

def self.load(path)
  id   = File.basename(path).chomp('.yml')
  data = File.open(path) do |yaml|
           YAML.safe_load(yaml, permitted_classes: [Date])
         end
  unless data.kind_of?(Hash)
    raise("advisory data in #{path.dump} was not a Hash")
  end
  parse_versions = lambda { |versions|
    Array(versions).map do |version|
      Gem::Requirement.new(*version.split(', '))
    end
  }
  return new(
    path,
    id,
    data['url'],
    data['title'],
    data['date'],
    data['description'],
    data['cvss_v2'],
    data['cvss_v3'],
    data['cve'],
    data['osvdb'],
    data['ghsa'],
    parse_versions[data['unaffected_versions']],
    parse_versions[data['patched_versions']]
  )
end

def ==(other)
  id == other.id
end

def criticality
  if cvss_v3
    case cvss_v3
    when 0.0       then :none
    when 0.1..3.9  then :low
    when 4.0..6.9  then :medium
    when 7.0..8.9  then :high
    when 9.0..10.0 then :critical
    end
  elsif cvss_v2
    case cvss_v2
    when 0.0..3.9  then :low
    when 4.0..6.9  then :medium
    when 7.0..10.0 then :high
    end
  end
end

def cve_id
  "CVE-#{cve}" if cve
end

def ghsa_id
  "GHSA-#{ghsa}" if ghsa
end

def identifiers
  [
    cve_id,
    osvdb_id,
    ghsa_id
  ].compact
end

def osvdb_id
  "OSVDB-#{osvdb}" if osvdb
end

def patched?(version)
  patched_versions.any? do |patched_version|
    patched_version === version
  end
end

def to_h
  super.merge({
    criticality: criticality
  })
end

def unaffected?(version)
  unaffected_versions.any? do |unaffected_version|
    unaffected_version === version
  end
end

def vulnerable?(version)
  !patched?(version) && !unaffected?(version)
end