Fix version splits

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    yavdb (0.3.0)
+    yavdb (0.4.0)
       json (~> 2.1)
       kramdown (~> 1.17)
       oga (~> 2.15)

lib/yavdb/sources/ruby_advisory.rb

@@ -62,9 +62,9 @@ def create(advisory_hash)
               advisory_hash['title'],
               advisory_hash['description'],
               advisory_hash['gem'],
-              vulnerable_versions,
-              advisory_hash['unaffected_versions'],
-              advisory_hash['patched_versions'],
+              clean_version(vulnerable_versions),
+              clean_version(advisory_hash['unaffected_versions']),
+              clean_version(advisory_hash['patched_versions']),
               severity,
               PACKAGE_MANAGER,
               cve,
@@ -83,6 +83,10 @@ def create(advisory_hash)
             )
           end
 
+          def clean_version(versions)
+            versions&.map { |version| version.gsub(',', ' ') }
+          end
+
           def references(advisory_hash)
             references = [REPOSITORY_URL]
 

lib/yavdb/sources/snyk_io.rb

@@ -105,7 +105,7 @@ def create(advisory_url, advisory_page)
                                   elsif ['maven', 'nuget', 'pypi'].include?(package_manager)
                                     [vulnerable_versions]
                                   else
-                                    [vulnerable_versions.gsub(',', ' && ')]
+                                    [vulnerable_versions.gsub(',', ' ')]
                                   end
 
             sidebar_data = parse_side_bar(advisory_page)

lib/yavdb/sources/victims.rb

@@ -67,12 +67,12 @@ def create(advisory_hash, language, url)
                 advisory_hash['title'],
                 advisory_hash['description'],
                 language.name_parser[affected_package],
-                affected_package['version'],
-                affected_package['unaffected'],
-                affected_package['fixedin'],
+                split_versions(affected_package['version']),
+                split_versions(affected_package['unaffected']),
+                split_versions(affected_package['fixedin']),
                 severity(advisory_hash['cvss_v2']),
                 language.package_manager,
-                [advisory_hash['cve']],
+                [advisory_hash['cve']].map { |cve| "CVE-#{cve}" },
                 nil, #:cwe
                 nil, #:osvdb
                 nil, #:cvss_v2_vector
@@ -89,6 +89,10 @@ def create(advisory_hash, language, url)
             end.flatten
           end
 
+          def split_versions(versions)
+            versions&.map { |version| version.split(',') }&.flatten
+          end
+
           def severity(cvss_score)
             case cvss_score
               when 0.0..3.3 then

lib/yavdb/utils/semver.rb

@@ -69,7 +69,7 @@ def convert_to_semver(version)
         def split_versions(version)
           version
             .strip
-            .split(',')
+            .split(/,|\|\|/)
         end
 
       end

lib/yavdb/version.rb

@@ -16,6 +16,6 @@
 
 module YAVDB
 
-  VERSION = '0.3.0'
+  VERSION = '0.4.0'
 
 end

spec/snyk_io_spec.rb

@@ -125,7 +125,7 @@
       expect(vuln).to have_attributes(:title => 'Authorization Bypass')
       expect(vuln).to have_attributes(:description => "[`sorcery`][1] Provides common authentication needs such as signing\nin/out, activating by email and resetting password.\n\nAffected versions of the package are vulnerable to Authorization Bypass.\nThe `state` field was kept between requests.\n\n\n\n[1]: https://rubygems.org/gems/sorcery\n")
       expect(vuln).to have_attributes(:affected_package => 'sorcery')
-      expect(vuln).to have_attributes(:vulnerable_versions => ['<0.9.1 &&  >=0.8.3'])
+      expect(vuln).to have_attributes(:vulnerable_versions => ['<0.9.1  >=0.8.3'])
       expect(vuln).to have_attributes(:severity => 'low')
       expect(vuln).to have_attributes(:package_manager => 'rubygems')
       expect(vuln).to have_attributes(:cve => nil)
@@ -179,7 +179,7 @@
       expect(vuln).to have_attributes(:title => 'SQL Injection')
       expect(vuln).to have_attributes(:description => "Affected versions of [`contao/listing-bundle`][1] are vulnerable to SQL\nInjection\n\nBoth the search filter in the back end and the \\\"listing\\\" module in the\nfront end are vulnerable. To exploit the vulnerability in the back end,\na back end user has to be logged in, whereas the front end vulnerability\ncan be exploited by anyone.\n\n\n\n[1]: https://packagist.org/packages/contao/listing-bundle\n")
       expect(vuln).to have_attributes(:affected_package => 'contao/listing-bundle')
-      expect(vuln).to have_attributes(:vulnerable_versions => ['>=3 &&  <3.5.30 || >=4 &&  <4.4.8'])
+      expect(vuln).to have_attributes(:vulnerable_versions => ['>=3  <3.5.30 || >=4  <4.4.8'])
       expect(vuln).to have_attributes(:severity => 'medium')
       expect(vuln).to have_attributes(:package_manager => 'packagist')
       expect(vuln).to have_attributes(:cve => ['CVE-2017-16558'])