yavdb 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/yavdb/sources/ruby_advisory.rb +7 -3
- data/lib/yavdb/sources/snyk_io.rb +1 -1
- data/lib/yavdb/sources/victims.rb +8 -4
- data/lib/yavdb/utils/semver.rb +1 -1
- data/lib/yavdb/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ca645bf2ce6d083015c0c97363f5f46aab4e27cf
|
|
4
|
+
data.tar.gz: 1cff5ebc4091c93e0ed8d57c4b692ca3c7861b85
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a00a4a250b92d3d3cb2549a906124470002e62ddf4cde55f51e2d002ab97c6509d7d8ba52ada201d70ff4932a948e57262e36ca4c6749809911fc2671bb150b3
|
|
7
|
+
data.tar.gz: a4484eec314817c4344b6f3dd793369d37cffe297c98aeda0eb3b11e883d32a71e9f761df0e669cb1be4bc516b2816f8c3ee4e01c9b85522a394b30058547873
|
data/Gemfile.lock
CHANGED
|
@@ -62,9 +62,9 @@ module YAVDB
|
|
|
62
62
|
advisory_hash['title'],
|
|
63
63
|
advisory_hash['description'],
|
|
64
64
|
advisory_hash['gem'],
|
|
65
|
-
vulnerable_versions,
|
|
66
|
-
advisory_hash['unaffected_versions'],
|
|
67
|
-
advisory_hash['patched_versions'],
|
|
65
|
+
clean_version(vulnerable_versions),
|
|
66
|
+
clean_version(advisory_hash['unaffected_versions']),
|
|
67
|
+
clean_version(advisory_hash['patched_versions']),
|
|
68
68
|
severity,
|
|
69
69
|
PACKAGE_MANAGER,
|
|
70
70
|
cve,
|
|
@@ -83,6 +83,10 @@ module YAVDB
|
|
|
83
83
|
)
|
|
84
84
|
end
|
|
85
85
|
|
|
86
|
+
def clean_version(versions)
|
|
87
|
+
versions&.map { |version| version.gsub(',', ' ') }
|
|
88
|
+
end
|
|
89
|
+
|
|
86
90
|
def references(advisory_hash)
|
|
87
91
|
references = [REPOSITORY_URL]
|
|
88
92
|
|
|
@@ -105,7 +105,7 @@ module YAVDB
|
|
|
105
105
|
elsif ['maven', 'nuget', 'pypi'].include?(package_manager)
|
|
106
106
|
[vulnerable_versions]
|
|
107
107
|
else
|
|
108
|
-
[vulnerable_versions.gsub(',', '
|
|
108
|
+
[vulnerable_versions.gsub(',', ' ')]
|
|
109
109
|
end
|
|
110
110
|
|
|
111
111
|
sidebar_data = parse_side_bar(advisory_page)
|
|
@@ -67,12 +67,12 @@ module YAVDB
|
|
|
67
67
|
advisory_hash['title'],
|
|
68
68
|
advisory_hash['description'],
|
|
69
69
|
language.name_parser[affected_package],
|
|
70
|
-
affected_package['version'],
|
|
71
|
-
affected_package['unaffected'],
|
|
72
|
-
affected_package['fixedin'],
|
|
70
|
+
split_versions(affected_package['version']),
|
|
71
|
+
split_versions(affected_package['unaffected']),
|
|
72
|
+
split_versions(affected_package['fixedin']),
|
|
73
73
|
severity(advisory_hash['cvss_v2']),
|
|
74
74
|
language.package_manager,
|
|
75
|
-
[advisory_hash['cve']],
|
|
75
|
+
[advisory_hash['cve']].map { |cve| "CVE-#{cve}" },
|
|
76
76
|
nil, #:cwe
|
|
77
77
|
nil, #:osvdb
|
|
78
78
|
nil, #:cvss_v2_vector
|
|
@@ -89,6 +89,10 @@ module YAVDB
|
|
|
89
89
|
end.flatten
|
|
90
90
|
end
|
|
91
91
|
|
|
92
|
+
def split_versions(versions)
|
|
93
|
+
versions&.map { |version| version.split(',') }&.flatten
|
|
94
|
+
end
|
|
95
|
+
|
|
92
96
|
def severity(cvss_score)
|
|
93
97
|
case cvss_score
|
|
94
98
|
when 0.0..3.3 then
|
data/lib/yavdb/utils/semver.rb
CHANGED
data/lib/yavdb/version.rb
CHANGED