-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaffected.go
More file actions
111 lines (99 loc) · 2.4 KB
/
affected.go
File metadata and controls
111 lines (99 loc) · 2.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package vulns
import (
"github.com/git-pkgs/vers"
)
// isAffectedVersion checks if a version is affected according to the Affected entry.
func isAffectedVersion(affected Affected, version string) bool {
for _, v := range affected.Versions {
if v == version {
return true
}
}
for _, r := range affected.Ranges {
if r.Type != "SEMVER" && r.Type != "ECOSYSTEM" {
continue
}
if versionInRange(r.Events, version) {
return true
}
}
return false
}
func versionInRange(events []Event, version string) bool {
inRange := false
for _, e := range events {
if e.Introduced != "" {
inRange = e.Introduced == "0" || vers.Compare(version, e.Introduced) >= 0
}
if e.Fixed != "" && inRange && vers.Compare(version, e.Fixed) >= 0 {
inRange = false
}
if e.LastAffected != "" && inRange && vers.Compare(version, e.LastAffected) > 0 {
inRange = false
}
}
return inRange
}
// AffectedVersionRange returns a vers range string representing the affected versions.
// Events are processed sequentially, emitting a constraint for each
// introduced/fixed or introduced/lastAffected pair.
func AffectedVersionRange(affected Affected) string {
if len(affected.Versions) > 0 {
return versionsToRange(affected.Versions)
}
var parts []string
for _, r := range affected.Ranges {
parts = append(parts, rangeEventParts(r.Events)...)
}
if len(parts) == 0 {
return ""
}
result := parts[0]
for _, p := range parts[1:] {
result += "|" + p
}
return result
}
func rangeEventParts(events []Event) []string {
var parts []string
var introduced string
for _, e := range events {
if e.Introduced != "" {
introduced = e.Introduced
}
if e.Fixed != "" && introduced != "" {
parts = append(parts, formatRange(introduced, "<"+e.Fixed))
introduced = ""
}
if e.LastAffected != "" && introduced != "" {
parts = append(parts, formatRange(introduced, "<="+e.LastAffected))
introduced = ""
}
}
if introduced != "" {
parts = append(parts, formatRange(introduced, ""))
}
return parts
}
func formatRange(introduced, bound string) string {
if introduced == "0" {
if bound == "" {
return "*"
}
return bound
}
if bound == "" {
return ">=" + introduced
}
return ">=" + introduced + "|" + bound
}
func versionsToRange(versions []string) string {
if len(versions) == 0 {
return ""
}
result := "=" + versions[0]
for _, v := range versions[1:] {
result += "|=" + v
}
return result
}