class RedmineAudit::PluginDatabase
Redmine plugin advisory database
Constants
- URL
Public Instance Methods
advisories()
click to toggle source
Get unfixed plugin advisories against specified Redmine version.
@return [[Redmine::Advisory]]
The array of plugin's Redmine::Advisory unfixed.
# File lib/redmine_audit/plugin_database.rb, line 19 def advisories if @known_advisories.nil? @known_advisories = {} YAML.load(fetch_advisory_data).each do |plugin_id, advisories| @known_advisories[plugin_id] ||= [] advisories.each do |cve_id, attrs| unaffected_vers = (attrs['unaffected_versions'] || []).map { |ver| Gem::Requirement.new(ver) } patched_vers = (attrs['patched_versions'] || []).map { |ver| Gem::Requirement.new(ver) } args = [ nil, attrs['title'], [attrs['url']], unaffected_vers, patched_vers, cve_id, attrs['cvss_v2'], attrs['cvss_v3'], ] @known_advisories[plugin_id] << Advisory.new(*args) end end end unfixed_advisories = {} Redmine::Plugin.all.each do |plugin| advisories = @known_advisories[plugin.id] next if advisories.nil? || advisories.empty? advisories.each do |advisory| if advisory.vulnerable?(Gem::Version.new(plugin.version)) unfixed_advisories[plugin] ||= [] unfixed_advisories[plugin].push(advisory) end end end return unfixed_advisories end
Private Instance Methods
fetch_advisory_data(url = URL)
click to toggle source
# File lib/redmine_audit/plugin_database.rb, line 58 def fetch_advisory_data(url = URL) open(url).read end