File Coverage

blib/lib/SBOM/CycloneDX/Vulnerability/Analysis.pm

Criterion	Covered	Total	%
statement	29	38	76.3
branch	0	12	0.0
condition			n/a
subroutine	10	11	90.9
pod	1	1	100.0
total	40	62	64.5

line	stmt	bran	sub	pod	time	code
1						package SBOM::CycloneDX::Vulnerability::Analysis;
2
3	1		1		1608	use 5.010001;
	1				4
4	1		1		6	use strict;
	1				4
	1				47
5	1		1		6	use warnings;
	1				2
	1				68
6	1		1		5	use utf8;
	1				3
	1				8
7
8	1		1		36	use SBOM::CycloneDX::Enum;
	1				3
	1				56
9	1		1		6	use SBOM::CycloneDX::Timestamp;
	1				3
	1				41
10
11	1		1		5	use Types::Standard qw(Str Enum InstanceOf);
	1				3
	1				9
12	1		1		3660	use Types::TypeTiny qw(ArrayLike);
	1				2
	1				7
13
14	1		1		605	use Moo;
	1				2
	1				9
15	1		1		444	use namespace::autoclean;
	1				3
	1				11
16
17						extends 'SBOM::CycloneDX::Base';
18
19						has state => (is => 'rw', isa => Enum [SBOM::CycloneDX::Enum->values('IMPACT_ANALYSIS_STATE')]);
20
21						has justification => (is => 'rw', isa => Enum [SBOM::CycloneDX::Enum->values('IMPACT_ANALYSIS_JUSTIFICATION')]);
22
23						has response => (
24						is => 'rw',
25						isa => ArrayLike [Enum [qw(can_not_fix will_not_fix update rollback workaround_available)]],
26						default => sub { SBOM::CycloneDX::List->new }
27						);
28
29						has detail => (is => 'rw', isa => Str);
30
31						has first_issued => (
32						is => 'rw',
33						isa => InstanceOf ['SBOM::CycloneDX::Timestamp'],
34						coerce => sub { ref($_[0]) ? $_[0] : SBOM::CycloneDX::Timestamp->new($_[0]) }
35						);
36
37						has last_updated => (
38						is => 'rw',
39						isa => InstanceOf ['SBOM::CycloneDX::Timestamp'],
40						coerce => sub { ref($_[0]) ? $_[0] : SBOM::CycloneDX::Timestamp->new($_[0]) }
41						);
42
43						sub TO_JSON {
44
45	0		0	1		my $self = shift;
46
47	0					my $json = {};
48
49	0	0				$json->{state} = $self->state if $self->state;
50	0	0				$json->{justification} = $self->justification if $self->justification;
51	0	0				$json->{response} = $self->response if $self->response;
52	0	0				$json->{detail} = $self->detail if $self->detail;
53	0	0				$json->{firstIssued} = $self->first_issued if $self->first_issued;
54	0	0				$json->{lastUpdated} = $self->last_updated if $self->last_updated;
55
56	0					return $json;
57
58						}
59
60						1;
61
62						=encoding utf-8
63
64						=head1 NAME
65
66						SBOM::CycloneDX::Vulnerability::Analysis - Impact Analysis
67
68						=head1 SYNOPSIS
69
70						SBOM::CycloneDX::Vulnerability::Analysis->new();
71
72
73						=head1 DESCRIPTION
74
75						L An assessment of the impact and
76						exploitability of the vulnerability.
77
78						=head2 METHODS
79
80						L inherits all methods from L
81						and implements the following new ones.
82
83						=over
84
85						=item SBOM::CycloneDX::Vulnerability::Analysis->new( %PARAMS )
86
87						Properties:
88
89						=over
90
91						=item * C, Detailed description of the impact including methods used
92						during assessment. If a vulnerability is not exploitable, this field should
93						include specific details on why the component or service is not impacted by
94						this vulnerability.
95
96						=item * C, The date and time (timestamp) when the analysis was
97						first issued.
98
99						=item * C, The rationale of why the impact analysis state was asserted.
100
101						=item * C, The date and time (timestamp) when the analysis was
102						last updated.
103
104						=item * C, A response to the vulnerability by the manufacturer,
105						supplier, or project responsible for the affected component or service.
106						More than one response is allowed. Responses are strongly encouraged for
107						vulnerabilities where the analysis state is exploitable.
108
109						=item * C, Declares the current state of an occurrence of a vulnerability,
110						after automated or manual analysis.
111
112						=back
113
114						=item $analysis->detail
115
116						=item $analysis->first_issued
117
118						=item $analysis->justification
119
120						=item $analysis->last_updated
121
122						=item $analysis->response
123
124						=item $analysis->state
125
126						=back
127
128
129						=head1 SUPPORT
130
131						=head2 Bugs / Feature Requests
132
133						Please report any bugs or feature requests through the issue tracker
134						at L.
135						You will be notified automatically of any progress on your issue.
136
137						=head2 Source Code
138
139						This is open source software. The code repository is available for
140						public review and contribution under the terms of the license.
141
142						L
143
144						git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
145
146
147						=head1 AUTHOR
148
149						=over 4
150
151						=item * Giuseppe Di Terlizzi
152
153						=back
154
155
156						=head1 LICENSE AND COPYRIGHT
157
158						This software is copyright (c) 2025-2026 by Giuseppe Di Terlizzi.
159
160						This is free software; you can redistribute it and/or modify it under
161						the same terms as the Perl 5 programming language system itself.
162
163						=cut