Skip to content

Commit a23ad28

Browse files
dblandindblandin
committed
Extract Remediation class for point calculation
1 parent a0b6b6b commit a23ad28

File tree

3 files changed

+56
-38
lines changed

3 files changed

+56
-38
lines changed

lib/cc/engine/bundler_audit.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
require "versionomy"
55

66
require "cc/engine/bundler_audit/analyzer"
7+
require "cc/engine/bundler_audit/remediation"
78
require "cc/engine/bundler_audit/result"
89

910
module CC

lib/cc/engine/bundler_audit/remediation.rb

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
module CC
2+
module Engine
3+
module BundlerAudit
4+
class Remediation
5+
def initialize(gem_version, patched_versions)
6+
@gem_version = gem_version
7+
@patched_versions = patched_versions
8+
end
9+
10+
def points
11+
if upgrade_versions.any?
12+
upgrade_versions.map do |upgrade_version|
13+
case
14+
when current_version.major != upgrade_version.major
15+
50_000_000
16+
when current_version.minor != upgrade_version.minor
17+
5_000_000
18+
when current_version.tiny != upgrade_version.tiny
19+
500_000
20+
end
21+
end.min
22+
else
23+
500_000_000
24+
end
25+
end
26+
27+
private
28+
29+
attr_reader :gem_version, :patched_versions
30+
31+
def current_version
32+
@current_version ||= Versionomy.parse(gem_version.to_s)
33+
end
34+
35+
def upgrade_versions
36+
@upgrade_versions ||= patched_versions.map do |gem_requirement|
37+
requirements = Gem::Requirement.parse(gem_requirement)
38+
unqualified_version = requirements.last
39+
40+
Versionomy.parse(unqualified_version.to_s)
41+
end
42+
end
43+
end
44+
end
45+
end
46+
end

lib/cc/engine/bundler_audit/result.rb

Lines changed: 9 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -42,72 +42,43 @@ def to_issue
4242

4343
attr_reader :advisory, :gem, :gemfile_lock
4444

45-
def_delegators :gem, :name, :version
46-
def_delegators :advisory, :criticality, :title, :cve, :patched_versions, :url
47-
4845
def content_body
4946
[
5047
"**Advisory**: #{identifier}",
51-
"**Criticality**: #{criticality.capitalize}",
52-
"**URL**: #{url}",
48+
"**Criticality**: #{advisory.criticality.capitalize}",
49+
"**URL**: #{advisory.url}",
5350
"**Solution**: #{solution}",
5451
].join("\n\n")
5552
end
5653

5754
def line_number
5855
@line_number ||= begin
5956
gemfile_lock.find_index do |line|
60-
(match = GEM_REGEX.match(line)) && match[:name] == name
57+
(match = GEM_REGEX.match(line)) && match[:name] == gem.name
6158
end + 1
6259
end
6360
end
6461

6562
def remediation_points
66-
if patched_versions.any?
67-
upgrade_versions.map do |upgrade_version|
68-
case
69-
when current_version.major != upgrade_version.major
70-
50_000_000
71-
when current_version.minor != upgrade_version.minor
72-
5_000_000
73-
when current_version.tiny != upgrade_version.tiny
74-
500_000
75-
end
76-
end.min
77-
else
78-
500_000_000
79-
end
63+
Remediation.new(gem.version, advisory.patched_versions).points
8064
end
8165

8266
def severity
83-
SEVERITIES[criticality]
67+
SEVERITIES[advisory.criticality]
8468
end
8569

8670
def solution
87-
if patched_versions.any?
88-
"upgrade to #{patched_versions.join(', ')}"
71+
if advisory.patched_versions.any?
72+
"upgrade to #{advisory.patched_versions.join(', ')}"
8973
else
9074
"remove or disable this gem until a patch is available!"
9175
end
9276
end
9377

9478
def identifier
9579
case
96-
when cve then "CVE-#{cve}"
97-
when osvdb then osvdb
98-
end
99-
end
100-
101-
def current_version
102-
Versionomy.parse(version.to_s)
103-
end
104-
105-
def upgrade_versions
106-
patched_versions.map do |gem_requirement|
107-
requirements = Gem::Requirement.parse(gem_requirement)
108-
unqualified_version = requirements.last
109-
110-
Versionomy.parse(unqualified_version.to_s)
80+
when advisory.cve then "CVE-#{advisory.cve}"
81+
when advisory.osvdb then advisory.osvdb
11182
end
11283
end
11384
end

0 commit comments

Comments
 (0)