rustsec 0.7.0-alpha1

//! An `Advisory` for which a particular crate in a `Lockfile` is vulnerable

use advisory::Advisory;
use db::AdvisoryDatabase;
use lockfile::Lockfile;
use package::Package;

/// A vulnerable package and the associated advisory
#[derive(Debug, PartialEq, Clone)]
pub struct Vulnerability {
    /// A security advisory for which the package is vulnerable
    pub advisory: Advisory,

    /// A vulnerable package
    pub package: Package,
}

impl Vulnerability {
    /// Find all vulnerabilities for a given `AdvisoryDatabase` and `Lockfile`
    pub fn find_all(db: &AdvisoryDatabase, lockfile: &Lockfile) -> Vec<Vulnerability> {
        let mut vulns = vec![];

        for package in &lockfile.packages {
            for advisory in db.advisories_for_crate(package.name.clone(), &package.version) {
                vulns.push(Self::new(advisory, &package))
            }
        }

        vulns
    }

    /// Create a new vulnerability object from the given references
    pub fn new(advisory: &Advisory, package: &Package) -> Self {
        Self {
            advisory: advisory.clone(),
            package: package.clone(),
        }
    }
}