Module: StillActive::VulnerabilityHelper

Extended by:: VulnerabilityHelper

Included in:: VulnerabilityHelper

Defined in:: lib/helpers/vulnerability_helper.rb

Constant Summary collapse

SEVERITY_ORDER =

["low", "medium", "high", "critical"].freeze

Instance Method Summary collapse

#highest_severity(vulnerabilities) ⇒ Object
#merge_advisories(deps_dev:, ruby_advisory_db:) ⇒ Object

Combines advisories from deps.dev and ruby-advisory-db (via bundler-audit), deduplicating on shared identifiers.
#severity_at_or_above?(vulnerabilities, threshold) ⇒ Boolean

Instance Method Details

#highest_severity(vulnerabilities) ⇒ `Object`

# File 'lib/helpers/vulnerability_helper.rb', line 9

def highest_severity(vulnerabilities)
  return if vulnerabilities.nil? || vulnerabilities.empty?

  max_score = vulnerabilities.filter_map { |v| v[:cvss3_score] || v[:cvss2_score] }.max
  return if max_score.nil?

  severity_label(max_score)
end

#merge_advisories(deps_dev:, ruby_advisory_db:) ⇒ `Object`

Combines advisories from deps.dev and ruby-advisory-db (via bundler-audit), deduplicating on shared identifiers. deps.dev is preferred for CVSS/title/url (it carries the vector string); ruby-advisory-db fills gaps. Advisories present in both sources are tagged source: “merged”; otherwise the per-source tag is kept.

# File 'lib/helpers/vulnerability_helper.rb', line 29

def merge_advisories(deps_dev:, ruby_advisory_db:)
  merged = deps_dev.map(&:dup)

  ruby_advisory_db.each do |advisory|
    existing = merged.find { |m| identifiers(m).intersect?(identifiers(advisory)) }
    if existing
      combine!(existing, advisory)
    else
      merged << advisory
    end
  end

  merged
end

#severity_at_or_above?(vulnerabilities, threshold) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/helpers/vulnerability_helper.rb', line 18

def severity_at_or_above?(vulnerabilities, threshold)
  highest = highest_severity(vulnerabilities)
  return false if highest.nil?

  SEVERITY_ORDER.index(highest) >= SEVERITY_ORDER.index(threshold)
end