lib/codesake/dawn/kb/ruby_version_check.rb in codesake-dawn-0.85 vs lib/codesake/dawn/kb/ruby_version_check.rb in codesake-dawn-1.0.0.rc1
- old
+ new
@@ -25,11 +25,11 @@
vengine = self.is_vulnerable_engine?(detected_ruby[:engine], vv_e)
vv = self.is_vulnerable_version?(detected_ruby[:version], vv_a)
ve = false
ve = self.is_same_version?(detected_ruby[:version], vv_a)
- vp = is_vulnerable_patchlevel?(detected_ruby[:patchlevel], detected_ruby[:version])
+ vp = is_vulnerable_patchlevel?(detected_ruby[:version], detected_ruby[:patchlevel])
debug_me("D:#{self.name}, VENGINE=#{vengine}, VV=#{vv}, VE=#{ve}, VP=#{vp}->#{vv && vengine}, #{(ve && vp && vengine )}")
debug_me("S:#{@safe_rubies}")
debug_me("DD:#{@detected_ruby}")
@@ -64,17 +64,23 @@
return true if f == target
end
false
end
- def is_vulnerable_patchlevel?(target, version)
+ def is_vulnerable_patchlevel?(version, patchlevel)
fixes = []
+ debug_me "is_vulnerable_patchlevel? called with VERSION=#{version} and PLEVEL=#{patchlevel}"
+ debug_me "SAFE_RUBIES=#{@safe_rubies}"
@safe_rubies.each do |ss|
fixes << ss[:patchlevel].split("p")[1].to_i if ss[:version] == version
end
- t = target.split("p")[1].to_i
+ debug_me "FIXES IS EMPTY" if fixes.empty?
+ return true if fixes.empty?
+
+ t = patchlevel.split("p")[1].to_i
fixes.each do |f|
+ debug_me "PATCHLEVEL FIXES = #{f}, PATCHLEVEL TARGET = #{t}"
return true if f > t
end
false
end
end