Skip to main content

Advisory

gem_audit::advisory

Struct Advisory 

Source 
pub struct Advisory {
Show 15 fields
    pub id: String,
    pub name: String,
    pub kind: AdvisoryKind,
    pub cve: Option<String>,
    pub osvdb: Option<String>,
    pub ghsa: Option<String>,
    pub url: Option<String>,
    pub title: Option<String>,
    pub date: Option<String>,
    pub description: Option<String>,
    pub cvss_v2: Option<f64>,
    pub cvss_v3: Option<f64>,
    pub framework: Option<String>,
    pub patched_versions: Vec<Requirement>,
    pub unaffected_versions: Vec<Requirement>,

}
Expand description

A security advisory loaded from the ruby-advisory-db.

Fields§

§id: String

The advisory identifier (filename without .yml).

§name: String

The affected gem or Ruby engine name.

§kind: AdvisoryKind

Whether this advisory is for a gem or a Ruby interpreter.

§cve: Option<String>

CVE identifier (e.g., “2020-1234”).

§osvdb: Option<String>

OSVDB identifier.

§ghsa: Option<String>

GitHub Security Advisory identifier (e.g., “aaaa-bbbb-cccc”).

§url: Option<String>

URL with vulnerability details.

§title: Option<String>

Vulnerability title.

§date: Option<String>

Discovery/publication date.

§description: Option<String>

Full vulnerability description.

§cvss_v2: Option<f64>

CVSS v2 score (0.0-10.0).

§cvss_v3: Option<f64>

CVSS v3 score (0.0-10.0).

§framework: Option<String>

Framework (e.g., “rails”).

§patched_versions: Vec<Requirement>

Version requirements for patched versions.

§unaffected_versions: Vec<Requirement>

Version requirements for unaffected versions.

Implementations§

Source§

impl Advisory

Source

pub fn load(path: &Path) -> Result<Self, AdvisoryError>

Load an advisory from a YAML file.

Source

pub fn from_yaml(yaml: &str, path: &Path) -> Result<Self, AdvisoryError>

Parse an advisory from a YAML string with a path for ID extraction.

Source

pub fn patched(&self, version: &Version) -> bool

Check if the given version is patched against this advisory.

Source

pub fn unaffected(&self, version: &Version) -> bool

Check if the given version is unaffected by this advisory.

Source

pub fn vulnerable(&self, version: &Version) -> bool

Check if the given version is vulnerable to this advisory.

A version is vulnerable if it is neither patched nor unaffected.

Source

pub fn cve_id(&self) -> Option<String>

The CVE identifier string (e.g., “CVE-2020-1234”).

Source

pub fn osvdb_id(&self) -> Option<String>

The OSVDB identifier string (e.g., “OSVDB-91452”).

Source

pub fn ghsa_id(&self) -> Option<String>

The GHSA identifier string (e.g., “GHSA-aaaa-bbbb-cccc”).

Source

pub fn identifiers(&self) -> Vec<String>

All identifiers (CVE, OSVDB, GHSA) as a list.

Source

pub fn criticality(&self) -> Option<Criticality>

Determine the criticality based on CVSS scores.

CVSS v3 is preferred over v2. Scoring follows NIST/NVD guidelines.

Trait Implementations§

Source§

impl Clone for Advisory

Source§

fn clone(&self) -> Advisory

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Advisory

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for Advisory

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T> ToStringFallible for T
where T: Display,

Source§

fn try_to_string(&self) -> Result<String, TryReserveError>

ToString::to_string, but without panic on OOM.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more