yavdb 0.4.1 → 0.4.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/.circleci/config.yml +3 -3
  3. data/Gemfile.lock +1 -1
  4. data/lib/yavdb/dtos/advisory.rb +11 -5
  5. data/lib/yavdb/sources/ossindex.rb +1 -0
  6. data/lib/yavdb/sources/ruby_advisory.rb +5 -4
  7. data/lib/yavdb/version.rb +1 -1
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1be5fc747b3ec539e16cdb7d4ba3d83da0373cc5
4
- data.tar.gz: c8895b7259b34b931f0df57f32cb045d45d9eb8e
3
+ metadata.gz: 7898e92755673e9d35d1451a3a9b042b2dd0ddf5
4
+ data.tar.gz: 7a4c82745c283f1c0d9570d49ce82d8652267edc
5
5
  SHA512:
6
- metadata.gz: 4e2b14ec2b6de43c1a41bc0cb71133a0c83f9caad00a3ff19b6193deb0ead7d971425f6b3ef6f4b2bb9fc304bc24e9f480d5cca88a9bec4836e337465fa94d07
7
- data.tar.gz: 2813a004bb9fb2735e834e879ad842502eb22d4e9d70f0466f20408d51128dd7dd3dd0d02504e74730b0f07b02a755ccdf3aff3e01745d771042f528d18987da
6
+ metadata.gz: c8b6722934c83a3e0bb9052898f79fe145982ee39c5f23eecb9395e9a749351430249a09ada0b5dcefeea7d3879eff877de785ebd66ed80649ff57b9a96250e3
7
+ data.tar.gz: eca513a3484308b9f1e12749f262f18c857bcd4ae2f32f4e5dcab4ff34ea760547c69e00dca13e912a3019aa99fdddaef92e1d509571e59634f32b166293a70f
data/.circleci/config.yml CHANGED
@@ -25,8 +25,8 @@ jobs:
25
25
  - name: Restore yavdb cache
26
26
  type: cache-restore
27
27
  keys:
28
- - crawler-yavdb-cache-1
29
- - crawler-yavdb-cache-
28
+ - crawler-yavdb-cache-1-{{ checksum "/tmp/yavdb.cache.log" }}
29
+ - crawler-yavdb-cache-1-
30
30
 
31
31
  - name: Bundle Install
32
32
  type: shell
@@ -48,7 +48,7 @@ jobs:
48
48
 
49
49
  - name: Save yavdb cache
50
50
  type: cache-save
51
- key: crawler-yavdb-cache-{{ checksum "/tmp/yavdb.cache.log" }}
51
+ key: crawler-yavdb-cache-1-{{ checksum "/tmp/yavdb.cache.log" }}
52
52
  paths:
53
53
  - ~/.yavdb/cache
54
54
 
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- yavdb (0.4.1)
4
+ yavdb (0.4.2)
5
5
  json (~> 2.1)
6
6
  kramdown (~> 1.17)
7
7
  oga (~> 2.15)
data/lib/yavdb/dtos/advisory.rb CHANGED
@@ -79,11 +79,17 @@ module YAVDB
79
79
  def to_map
80
80
  map = {}
81
81
  members.each do |m|
82
- next if !self[m] ||
83
- (self[m].is_a?(String) && self[m].empty?) ||
84
- (self[m].is_a?(Array) && self[m].none?)
85
-
86
- map[m.to_s] = self[m] if self[m]
82
+ if !self[m] ||
83
+ (self[m].is_a?(String) && self[m].empty?) ||
84
+ (self[m].is_a?(Array) && self[m].none?)
85
+ next
86
+ elsif self[m].is_a?(Struct)
87
+ map[m.to_s] = self[m].to_map
88
+ elsif self[m].is_a?(Array)
89
+ map[m.to_s] = self[m].sort_by { |c| c.to_s.downcase }
90
+ else
91
+ map[m.to_s] = self[m]
92
+ end
87
93
  end
88
94
  map
89
95
  end
data/lib/yavdb/sources/ossindex.rb CHANGED
@@ -93,6 +93,7 @@ module YAVDB
93
93
  .map(&:strip)
94
94
  .reject(&:empty?)
95
95
  .reject { |v| v == '-' }
96
+ .map { |version| version.gsub("''", '') }
96
97
  versions = ['*'] unless versions.any?
97
98
 
98
99
  vuln_id_stamp = (cve && cve[0]) || published_date
data/lib/yavdb/sources/ruby_advisory.rb CHANGED
@@ -33,7 +33,7 @@ module YAVDB
33
33
  Dir.chdir(repo_path) do
34
34
  file_paths.map do |file_path|
35
35
  advisory_hash = YAML.load_file(file_path)
36
- create(advisory_hash)
36
+ create(file_path, advisory_hash)
37
37
  end
38
38
  end
39
39
  end.flatten
@@ -43,10 +43,11 @@ module YAVDB
43
43
 
44
44
  private
45
45
 
46
- def create(advisory_hash)
46
+ def create(_file_path, advisory_hash)
47
47
  date = Date.strptime(advisory_hash['date'].to_s, '%Y-%m-%d')
48
48
  severity = severity(advisory_hash['cvss_v2'], advisory_hash['cvss_v3'])
49
- cve = ["CVE-#{advisory_hash['cve']}"]
49
+ cve = advisory_hash['cve'] && "CVE-#{advisory_hash['cve']}"
50
+ osvdb = advisory_hash['osvdb'] && "OSVDB-#{advisory_hash['osvdb']}"
50
51
  references = references(advisory_hash)
51
52
  vulnerable_versions = if advisory_hash['unaffected_versions'] || advisory_hash['patched_versions']
52
53
  nil
@@ -54,7 +55,7 @@ module YAVDB
54
55
  ['*']
55
56
  end
56
57
 
57
- vuln_id_stamp = (cve && cve[0]) || date
58
+ vuln_id_stamp = cve || osvdb || date
58
59
  vuln_id = "rubyadvisory:rubygems:#{advisory_hash['gem']}:#{vuln_id_stamp}"
59
60
 
60
61
  YAVDB::Advisory.new(
data/lib/yavdb/version.rb CHANGED
@@ -16,6 +16,6 @@
16
16
 
17
17
  module YAVDB
18
18
 
19
- VERSION = '0.4.1'
19
+ VERSION = '0.4.2'
20
20
 
21
21
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yavdb
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rodrigo Fernandes
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-28 00:00:00.000000000 Z
11
+ date: 2018-11-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler