yavdb 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/yavdb/sources/ruby_advisory.rb +7 -3
- data/lib/yavdb/sources/snyk_io.rb +1 -1
- data/lib/yavdb/sources/victims.rb +8 -4
- data/lib/yavdb/utils/semver.rb +1 -1
- data/lib/yavdb/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ca645bf2ce6d083015c0c97363f5f46aab4e27cf
|
|
4
|
+
data.tar.gz: 1cff5ebc4091c93e0ed8d57c4b692ca3c7861b85
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a00a4a250b92d3d3cb2549a906124470002e62ddf4cde55f51e2d002ab97c6509d7d8ba52ada201d70ff4932a948e57262e36ca4c6749809911fc2671bb150b3
|
|
7
|
+
data.tar.gz: a4484eec314817c4344b6f3dd793369d37cffe297c98aeda0eb3b11e883d32a71e9f761df0e669cb1be4bc516b2816f8c3ee4e01c9b85522a394b30058547873
|
data/Gemfile.lock
CHANGED
|
@@ -62,9 +62,9 @@ module YAVDB
|
|
|
62
62
|
advisory_hash['title'],
|
|
63
63
|
advisory_hash['description'],
|
|
64
64
|
advisory_hash['gem'],
|
|
65
|
-
vulnerable_versions,
|
|
66
|
-
advisory_hash['unaffected_versions'],
|
|
67
|
-
advisory_hash['patched_versions'],
|
|
65
|
+
clean_version(vulnerable_versions),
|
|
66
|
+
clean_version(advisory_hash['unaffected_versions']),
|
|
67
|
+
clean_version(advisory_hash['patched_versions']),
|
|
68
68
|
severity,
|
|
69
69
|
PACKAGE_MANAGER,
|
|
70
70
|
cve,
|
|
@@ -83,6 +83,10 @@ module YAVDB
|
|
|
83
83
|
)
|
|
84
84
|
end
|
|
85
85
|
|
|
86
|
+
def clean_version(versions)
|
|
87
|
+
versions&.map { |version| version.gsub(',', ' ') }
|
|
88
|
+
end
|
|
89
|
+
|
|
86
90
|
def references(advisory_hash)
|
|
87
91
|
references = [REPOSITORY_URL]
|
|
88
92
|
|
|
@@ -105,7 +105,7 @@ module YAVDB
|
|
|
105
105
|
elsif ['maven', 'nuget', 'pypi'].include?(package_manager)
|
|
106
106
|
[vulnerable_versions]
|
|
107
107
|
else
|
|
108
|
-
[vulnerable_versions.gsub(',', '
|
|
108
|
+
[vulnerable_versions.gsub(',', ' ')]
|
|
109
109
|
end
|
|
110
110
|
|
|
111
111
|
sidebar_data = parse_side_bar(advisory_page)
|
|
@@ -67,12 +67,12 @@ module YAVDB
|
|
|
67
67
|
advisory_hash['title'],
|
|
68
68
|
advisory_hash['description'],
|
|
69
69
|
language.name_parser[affected_package],
|
|
70
|
-
affected_package['version'],
|
|
71
|
-
affected_package['unaffected'],
|
|
72
|
-
affected_package['fixedin'],
|
|
70
|
+
split_versions(affected_package['version']),
|
|
71
|
+
split_versions(affected_package['unaffected']),
|
|
72
|
+
split_versions(affected_package['fixedin']),
|
|
73
73
|
severity(advisory_hash['cvss_v2']),
|
|
74
74
|
language.package_manager,
|
|
75
|
-
[advisory_hash['cve']],
|
|
75
|
+
[advisory_hash['cve']].map { |cve| "CVE-#{cve}" },
|
|
76
76
|
nil, #:cwe
|
|
77
77
|
nil, #:osvdb
|
|
78
78
|
nil, #:cvss_v2_vector
|
|
@@ -89,6 +89,10 @@ module YAVDB
|
|
|
89
89
|
end.flatten
|
|
90
90
|
end
|
|
91
91
|
|
|
92
|
+
def split_versions(versions)
|
|
93
|
+
versions&.map { |version| version.split(',') }&.flatten
|
|
94
|
+
end
|
|
95
|
+
|
|
92
96
|
def severity(cvss_score)
|
|
93
97
|
case cvss_score
|
|
94
98
|
when 0.0..3.3 then
|
data/lib/yavdb/utils/semver.rb
CHANGED
data/lib/yavdb/version.rb
CHANGED