1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
//! ref: composer/src/Composer/Advisory/PartialSecurityAdvisory.php
use crate::advisory::SecurityAdvisory;
use crate::repository::PartialOrSecurityAdvisory;
use anyhow::Result;
use chrono::{DateTime, TimeZone, Utc};
use indexmap::IndexMap;
use shirabe_external_packages::composer::pcre::Preg;
use shirabe_php_shim::{PhpMixed, UnexpectedValueException};
use shirabe_semver::constraint::AnyConstraint;
use shirabe_semver::constraint::SimpleConstraint;
use shirabe_semver::version_parser::VersionParser;
fn serialize_constraint<S: serde::Serializer>(
c: &AnyConstraint,
serializer: S,
) -> Result<S::Ok, S::Error> {
serializer.serialize_str(&c.get_pretty_string())
}
#[derive(Debug, serde::Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PartialSecurityAdvisory {
pub advisory_id: String,
pub package_name: String,
#[serde(serialize_with = "serialize_constraint")]
pub affected_versions: AnyConstraint,
}
impl PartialSecurityAdvisory {
pub fn create(
package_name: &str,
data: &IndexMap<String, PhpMixed>,
parser: &VersionParser,
) -> Result<PartialOrSecurityAdvisory> {
let affected_versions_str = data["affectedVersions"].as_string().unwrap_or("");
let constraint: AnyConstraint = match parser.parse_constraints(affected_versions_str) {
Ok(c) => c,
Err(_) => {
let affected_version =
Preg::replace(r"(^[>=<^~]*[\d.]+).*", "$1", affected_versions_str);
match parser.parse_constraints(affected_version.as_deref().unwrap_or("")) {
Ok(c) => c,
Err(_) => SimpleConstraint::new(
"==".to_string(),
"0.0.0-invalid-version".to_string(),
None,
)
.into(),
}
}
};
let has_full_data = data.contains_key("title")
&& data.contains_key("sources")
&& data.contains_key("reportedAt");
if has_full_data {
let reported_at: DateTime<Utc> = Utc
.datetime_from_str(
data["reportedAt"].as_string().unwrap_or(""),
"%Y-%m-%dT%H:%M:%S+00:00",
)
.unwrap_or_default();
let advisory = SecurityAdvisory::new(
package_name.to_string(),
data["advisoryId"].as_string().unwrap_or("").to_string(),
constraint,
data["title"].as_string().unwrap_or("").to_string(),
// TODO(phase-b): parse PhpMixed sources array into Vec<IndexMap<String, String>>
todo!(),
reported_at,
data.get("cve")
.and_then(|v| v.as_string())
.map(|s| s.to_string()),
data.get("link")
.and_then(|v| v.as_string())
.map(|s| s.to_string()),
data.get("severity")
.and_then(|v| v.as_string())
.map(|s| s.to_string()),
);
return Ok(PartialOrSecurityAdvisory::Full(advisory));
}
Ok(PartialOrSecurityAdvisory::Partial(Self {
advisory_id: data["advisoryId"].as_string().unwrap_or("").to_string(),
package_name: package_name.to_string(),
affected_versions: constraint,
}))
}
pub fn new(
package_name: String,
advisory_id: String,
affected_versions: AnyConstraint,
) -> Self {
Self {
advisory_id,
package_name,
affected_versions,
}
}
}
|
