JSON structure

Jakub Suder edited this page Dec 11, 2013 · 1 revision
Clone this wiki locally

Structure of the data.json file:

  • min_version (string, required) - oldest version of HolePicker compatible with this file, if you run it on an older version you will get an error; this is included to make it possible to make changes to the format that break compatibility
  • vulnerabilities: (array of hashes, required) - describes specific gem checks:
    • gems (hash, required): includes pairs: gem_name => array of version strings
      • this should include the versions that fix the problem, so e.g. ["4.0.2", "3.2.16"] means that 4.0.1 and below and 3.2.15 and below are vulnerable
      • versions higher than the highest listed (e.g. 4.1.x, 4.2.x, 5.x in the example above) are considered not affected
      • versions lower than the lowest listed (e.g. 3.1.x, 3.0.x, 2.x) are considered affected, so for example if the problem doesn't affect the 2.x line at all, add "2.0" to the list
      • the hash can include more than one gem if problems in all of them are announced together
    • url (string, required): URL of the announcement post (preferably a blog or something like that)
    • date (string, required): date of the announcement in ISO format (e.g. "2013-01-28T21:08Z")
    • note (string, optional): includes a short note to be displayed when a vulnerable version is found; add this only if there's something unusual about this vulnerability/version, e.g. if the latest version is introducing other bugs or problems