Advisories¶

Advisory¶

class ghastoolkit.Advisory(ghsa_id: str, severity: str, aliases: ~typing.List[str] = <factory>, summary: str | None = None, description: str | None = None, url: str | None = None, cve_id: str | None = None, cwes: ~typing.List[str] = <factory>, cvss: dict | None = None, cvss_severities: ~typing.Dict[str, dict] = <factory>, identifiers: ~typing.List[dict] = <factory>, references: ~typing.List[dict] = <factory>, published_at: str | None = None, updated_at: str | None = None, withdrawn_at: str | None = None, affected: ~typing.List[~ghastoolkit.supplychain.advisories.AdvisoryAffect] = <factory>)¶

GitHub Advisory.

__post_init__()¶: Post Init.

affected: List[AdvisoryAffect]¶: Affected versions

aliases: List[str]¶: List of aliases (CVEs)

check(dependency: Dependency) → Advisory | None¶: Check if dependency is affected by advisory.

cve_id: str | None = None¶: CVE ID (if applicable)

cvss: dict | None = None¶: CVSS Score

cvss_score(version: int = 3) → float | None¶: Get CVSS Score.

cvss_severities: Dict[str, dict]¶: CVSS Severities

cwes: List[str]¶: List of CWEs

description: str | None = None¶: Description of the advisory

ghsa_id: str¶: GitHub Security Advisory Identifier

identifiers: List[dict]¶: List of identifiers

static load(path: str) → Advisory¶: Load Advisory from path using GitHub Advisory Spec.

static loadJson(path: str) → Advisory¶: Load Advisory from JSON file.

published_at: str | None = None¶: Published Timestamp

references: List[dict]¶: List of references

severity: str¶: Severity level

summary: str | None = None¶: Summary / Description of the advisory

updated_at: str | None = None¶: Updated Timestamp

url: str | None = None¶: Reference URL

Advisories¶

class ghastoolkit.Advisories¶

GitHub Advisory List.

__init__() → None¶: Initialise Advisories.

__len__() → int¶: To String.

append(advisory: Advisory)¶: Append advisory.

check(dependency: Dependency) → List[Advisory]¶: Check if dependency is affected by any advisory in the list of advisories.

find(search: str) → Advisory | None¶: Find by id or aliases.

loadAdvisories(path: str)¶: Load a single file or folder of advisories.

loadAdvisory(path: str)¶: Load file with an advisory.

AdvisoryAffect¶

class ghastoolkit.supplychain.advisories.AdvisoryAffect(ecosystem: str, package: str, introduced: str | None = None, fixed: str | None = None, package_dependency: Dependency | None = None)¶

Advisory Affected.

check(dependency: Dependency) → bool¶: Check to see in the dependency is affected by the advisory.

checkVersion(version: str) → bool¶: Check version data.

ecosystem: str¶: Ecosystem / Dependency Manager / PURL type

fixed: str | None = None¶: Fixed Version

introduced: str | None = None¶: Introduced Version

static loadAffect(data: dict) → AdvisoryAffect¶

Load affects from data.

https://github.com/github/advisory-database

package: str¶: Package Full Name ([namespace +] name

Advisories¶

Advisory¶

Advisories¶

AdvisoryAffect¶

GHAS Toolkit

Navigation

Related Topics