1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
//! ref: composer/src/Composer/Advisory/PartialSecurityAdvisory.php
use anyhow::Result;
use chrono::{DateTime, TimeZone, Utc};
use indexmap::IndexMap;
use shirabe_external_packages::composer::pcre::preg::Preg;
use shirabe_php_shim::{JsonSerializable, PhpMixed, UnexpectedValueException};
use shirabe_semver::constraint::constraint::Constraint;
use shirabe_semver::constraint::constraint_interface::ConstraintInterface;
use shirabe_semver::version_parser::VersionParser;
use crate::advisory::security_advisory::SecurityAdvisory;
#[derive(Debug)]
pub struct PartialSecurityAdvisory {
pub advisory_id: String,
pub package_name: String,
pub affected_versions: Box<dyn ConstraintInterface>,
}
impl PartialSecurityAdvisory {
pub fn create(
package_name: &str,
data: &IndexMap<String, PhpMixed>,
parser: &VersionParser,
) -> Result<Box<dyn std::any::Any>> {
let affected_versions_str = data["affectedVersions"].as_string().unwrap_or("");
let constraint: Box<dyn ConstraintInterface> = match parser.parse_constraints(affected_versions_str) {
Ok(c) => c,
Err(_) => {
let affected_version = Preg::replace(r"(^[>=<^~]*[\d.]+).*", "$1", affected_versions_str);
match parser.parse_constraints(&affected_version) {
Ok(c) => c,
Err(_) => Box::new(Constraint::new("==", "0.0.0-invalid-version")),
}
}
};
let has_full_data = data.contains_key("title")
&& data.contains_key("sources")
&& data.contains_key("reportedAt");
if has_full_data {
let reported_at: DateTime<Utc> = Utc
.datetime_from_str(
data["reportedAt"].as_string().unwrap_or(""),
"%Y-%m-%dT%H:%M:%S+00:00",
)
.unwrap_or_default();
let advisory = SecurityAdvisory::new(
package_name.to_string(),
data["advisoryId"].as_string().unwrap_or("").to_string(),
constraint,
data["title"].as_string().unwrap_or("").to_string(),
data["sources"].clone(),
reported_at,
data.get("cve").and_then(|v| v.as_string()).map(|s| s.to_string()),
data.get("link").and_then(|v| v.as_string()).map(|s| s.to_string()),
data.get("severity").and_then(|v| v.as_string()).map(|s| s.to_string()),
);
return Ok(Box::new(advisory));
}
Ok(Box::new(Self {
advisory_id: data["advisoryId"].as_string().unwrap_or("").to_string(),
package_name: package_name.to_string(),
affected_versions: constraint,
}))
}
pub fn new(
package_name: String,
advisory_id: String,
affected_versions: Box<dyn ConstraintInterface>,
) -> Self {
Self { advisory_id, package_name, affected_versions }
}
}
impl JsonSerializable for PartialSecurityAdvisory {
fn json_serialize(&self) -> PhpMixed {
use indexmap::IndexMap;
let mut data: IndexMap<String, Box<PhpMixed>> = IndexMap::new();
data.insert("advisoryId".to_string(), Box::new(PhpMixed::String(self.advisory_id.clone())));
data.insert("packageName".to_string(), Box::new(PhpMixed::String(self.package_name.clone())));
data.insert("affectedVersions".to_string(), Box::new(PhpMixed::String(self.affected_versions.get_pretty_string())));
PhpMixed::Array(data)
}
}
|
