yavdb 0.1.0.pre.alpha.2 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/Gemfile.lock +11 -11
- data/lib/yavdb/dtos/advisory.rb +24 -26
- data/lib/yavdb/sources/nodesecurity_io.rb +1 -1
- data/lib/yavdb/sources/ossindex.rb +1 -1
- data/lib/yavdb/sources/snyk_io.rb +3 -3
- data/lib/yavdb/version.rb +1 -1
- data/yavdb.gemspec +2 -2
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fd062110c51d9689d598371876e03165cc28396d
|
4
|
+
data.tar.gz: cc170d5a5f4c1d3c112118a8271cfa5e0251c812
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7533531416e987b92834f03340504a0def81f6ad9077600ea8ab4b29aed411efb6e39baefd9171cfbd7e7374814b0ebf6aa486c3ca93fdfe839315733c308d06
|
7
|
+
data.tar.gz: 282b89abd9a24fa69e6581a538b966f00901895604f219b115be2b3a2e1caa52df8a3a4696125e22cb603527cebd5381e8ac5f76a93f850892978eb695485213
|
data/.rubocop.yml
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
yavdb (0.1.
|
4
|
+
yavdb (0.1.1)
|
5
5
|
json (~> 2.1)
|
6
6
|
kramdown (~> 1.17)
|
7
7
|
oga (~> 2.15)
|
@@ -13,10 +13,10 @@ GEM
|
|
13
13
|
specs:
|
14
14
|
ansi (1.5.0)
|
15
15
|
ast (2.4.0)
|
16
|
-
codacy-coverage (
|
16
|
+
codacy-coverage (2.1.0)
|
17
17
|
simplecov
|
18
18
|
diff-lcs (1.3)
|
19
|
-
docile (1.1
|
19
|
+
docile (1.3.1)
|
20
20
|
jaro_winkler (1.5.1)
|
21
21
|
json (2.1.0)
|
22
22
|
kramdown (1.17.0)
|
@@ -28,7 +28,7 @@ GEM
|
|
28
28
|
ast (~> 2.4.0)
|
29
29
|
powerpack (0.1.2)
|
30
30
|
rainbow (3.0.0)
|
31
|
-
rake (12.3.
|
31
|
+
rake (12.3.1)
|
32
32
|
rspec (3.8.0)
|
33
33
|
rspec-core (~> 3.8.0)
|
34
34
|
rspec-expectations (~> 3.8.0)
|
@@ -44,7 +44,7 @@ GEM
|
|
44
44
|
rspec-support (3.8.0)
|
45
45
|
rspec_junit_formatter (0.4.1)
|
46
46
|
rspec-core (>= 2, < 4, != 2.12.0)
|
47
|
-
rubocop (0.
|
47
|
+
rubocop (0.59.2)
|
48
48
|
jaro_winkler (~> 1.5.1)
|
49
49
|
parallel (~> 1.10)
|
50
50
|
parser (>= 2.5, != 2.5.1.1)
|
@@ -52,15 +52,15 @@ GEM
|
|
52
52
|
rainbow (>= 2.2.2, < 4.0)
|
53
53
|
ruby-progressbar (~> 1.7)
|
54
54
|
unicode-display_width (~> 1.0, >= 1.0.1)
|
55
|
-
rubocop-rspec (1.
|
56
|
-
rubocop (>= 0.
|
55
|
+
rubocop-rspec (1.29.1)
|
56
|
+
rubocop (>= 0.58.0)
|
57
57
|
ruby-ll (2.1.2)
|
58
58
|
ansi
|
59
59
|
ast
|
60
60
|
ruby-progressbar (1.10.0)
|
61
61
|
semantic_interval (0.1.0)
|
62
|
-
simplecov (0.
|
63
|
-
docile (~> 1.1
|
62
|
+
simplecov (0.16.1)
|
63
|
+
docile (~> 1.1)
|
64
64
|
json (>= 1.8, < 3)
|
65
65
|
simplecov-html (~> 0.10.0)
|
66
66
|
simplecov-html (0.10.2)
|
@@ -76,8 +76,8 @@ DEPENDENCIES
|
|
76
76
|
rake (~> 12.3)
|
77
77
|
rspec (~> 3.8)
|
78
78
|
rspec_junit_formatter (~> 0.4)
|
79
|
-
rubocop (~> 0.
|
80
|
-
rubocop-rspec (~> 1.
|
79
|
+
rubocop (~> 0.59)
|
80
|
+
rubocop-rspec (~> 1.29)
|
81
81
|
simplecov
|
82
82
|
yavdb!
|
83
83
|
|
data/lib/yavdb/dtos/advisory.rb
CHANGED
@@ -16,32 +16,30 @@
|
|
16
16
|
|
17
17
|
module YAVDB
|
18
18
|
# TODO: Enable `Style/StructInheritance` - check `attr_reader:` or `initialize` method
|
19
|
-
class Advisory <
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
:source_url # [String]
|
44
|
-
)
|
19
|
+
class Advisory < Struct.new(
|
20
|
+
:id, # [String]
|
21
|
+
:title, # [String]
|
22
|
+
:description, # [String]
|
23
|
+
:affected_package, # [String]
|
24
|
+
:vulnerable_versions, # [Array<String>] (Optional)
|
25
|
+
:unaffected_versions, # [Array<String>] (Optional)
|
26
|
+
:patched_versions, # [Array<String>] (Optional)
|
27
|
+
:severity, # [String] (Optional)
|
28
|
+
:package_manager, # [String]
|
29
|
+
:cve, # [Array<String>] (Optional)
|
30
|
+
:cwe, # [Array<String>] (Optional)
|
31
|
+
:osvdb, # [String] (Optional)
|
32
|
+
:cvss_v2_vector, # [String] (Optional)
|
33
|
+
:cvss_v2_score, # [String] (Optional)
|
34
|
+
:cvss_v3_vector, # [String] (Optional)
|
35
|
+
:cvss_v3_score, # [String] (Optional)
|
36
|
+
:disclosed_date, # [Date]
|
37
|
+
:created_date, # [Date]
|
38
|
+
:last_modified_date, # [Date]
|
39
|
+
:credit, # [Array<String>]
|
40
|
+
:references, # [Array<String>]
|
41
|
+
:source_url # [String]
|
42
|
+
)
|
45
43
|
|
46
44
|
def self.load(path)
|
47
45
|
data = YAML.load_file(path)
|
@@ -44,7 +44,7 @@ module YAVDB
|
|
44
44
|
advisories = []
|
45
45
|
|
46
46
|
loop do
|
47
|
-
nodesecurity = YAVDB::Utils::HTTP.get_page_contents("#{API_URL}?offset=#{offset}",
|
47
|
+
nodesecurity = YAVDB::Utils::HTTP.get_page_contents("#{API_URL}?offset=#{offset}", false, 'nodesecurity.io/advisories')
|
48
48
|
advisories_json = JSON.parse(nodesecurity.join)
|
49
49
|
|
50
50
|
advisories_json['count'].positive? ? advisories = advisories.concat(advisories_json['results']) : break
|
@@ -45,7 +45,7 @@ module YAVDB
|
|
45
45
|
packages = []
|
46
46
|
|
47
47
|
while next_url
|
48
|
-
ossindex = YAVDB::Utils::HTTP.get_page_contents(next_url,
|
48
|
+
ossindex = YAVDB::Utils::HTTP.get_page_contents(next_url, false, 'ossindex/advisories')
|
49
49
|
ossindex_json = JSON.parse(ossindex.join)
|
50
50
|
page_packages = ossindex_json['packages']
|
51
51
|
|
@@ -30,7 +30,7 @@ module YAVDB
|
|
30
30
|
BASE_VULN_URL = "#{BASE_URL}/vuln"
|
31
31
|
INFO_SEP = '#=#'
|
32
32
|
|
33
|
-
|
33
|
+
PACKAGE_MANAGERS = ['composer', 'golang', 'maven', 'npm', 'nuget', 'pip', 'rubygems'].freeze
|
34
34
|
|
35
35
|
PACKAGE_MANAGER_ALIAS = Hash[
|
36
36
|
'composer' => 'packagist',
|
@@ -55,13 +55,13 @@ module YAVDB
|
|
55
55
|
private
|
56
56
|
|
57
57
|
def fetch_advisory_urls
|
58
|
-
|
58
|
+
PACKAGE_MANAGERS.map do |pm|
|
59
59
|
fetch_advisory_recursive("#{BASE_VULN_URL}?type=#{pm}")
|
60
60
|
end.flatten
|
61
61
|
end
|
62
62
|
|
63
63
|
def fetch_advisory_recursive(page_url)
|
64
|
-
snykio = get_page_html(page_url,
|
64
|
+
snykio = get_page_html(page_url, false, 'snyk.io/feed')
|
65
65
|
|
66
66
|
page_vuln_urls = snykio
|
67
67
|
.css('table tbody tr td span a')
|
data/lib/yavdb/version.rb
CHANGED
data/yavdb.gemspec
CHANGED
@@ -32,8 +32,8 @@ Gem::Specification.new do |spec|
|
|
32
32
|
spec.add_development_dependency 'simplecov'
|
33
33
|
|
34
34
|
# Linters
|
35
|
-
spec.add_development_dependency 'rubocop', ['~> 0.
|
36
|
-
spec.add_development_dependency 'rubocop-rspec', ['~> 1.
|
35
|
+
spec.add_development_dependency 'rubocop', ['~> 0.59']
|
36
|
+
spec.add_development_dependency 'rubocop-rspec', ['~> 1.29']
|
37
37
|
|
38
38
|
# Runtime
|
39
39
|
spec.add_runtime_dependency 'json', ['~> 2.1']
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: yavdb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rodrigo Fernandes
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-09-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -100,28 +100,28 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: '0.
|
103
|
+
version: '0.59'
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: '0.
|
110
|
+
version: '0.59'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: rubocop-rspec
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: '1.
|
117
|
+
version: '1.29'
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: '1.
|
124
|
+
version: '1.29'
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: json
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -255,9 +255,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
255
255
|
version: 2.3.7
|
256
256
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
257
257
|
requirements:
|
258
|
-
- - "
|
258
|
+
- - ">="
|
259
259
|
- !ruby/object:Gem::Version
|
260
|
-
version:
|
260
|
+
version: '0'
|
261
261
|
requirements: []
|
262
262
|
rubyforge_project:
|
263
263
|
rubygems_version: 2.5.2.3
|