Class: Bundler::Audit::Database
- Inherits:
-
Object
- Object
- Bundler::Audit::Database
- Defined in:
- lib/bundler/audit/database.rb
Overview
Represents the directory of advisories, grouped by gem name and CVE number.
Defined Under Namespace
Classes: DownloadFailed, UpdateFailed
Constant Summary collapse
- URL =
Git URL of the ruby-advisory-db
'https://github.com/rubysec/ruby-advisory-db.git'
- USER_PATH =
Path to the user's copy of the ruby-advisory-db
File.(File.join(Gem.user_home,'.local','share','ruby-advisory-db'))
- DEFAULT_PATH =
Default path to the ruby-advisory-db
ENV['BUNDLER_AUDIT_DB'] || USER_PATH
Instance Attribute Summary collapse
-
#path ⇒ Object
readonly
The path to the advisory database.
Class Method Summary collapse
-
.download(options = {}) ⇒ Dataase
Downloads the ruby-advisory-db.
-
.exists?(path = DEFAULT_PATH) ⇒ Boolean
Tests whether the database exists.
-
.path ⇒ String
The default path for the database.
-
.update!(options = {}) ⇒ Boolean?
deprecated
Deprecated.
Use #update! instead.
Instance Method Summary collapse
-
#advisories {|advisory| ... } ⇒ Enumerator
Enumerates over every advisory in the database.
-
#advisories_for(name) {|advisory| ... } ⇒ Enumerator
Enumerates over advisories for the given gem.
-
#check_gem(gem) {|advisory| ... } ⇒ Enumerator
Verifies whether the gem is effected by any advisories.
-
#commit_id ⇒ String?
The last commit ID of the repository.
-
#each_advisory_path {|path| ... } ⇒ Object
protected
Enumerates over every advisory path in the database.
-
#each_advisory_path_for(name) {|path| ... } ⇒ Object
protected
Enumerates over the advisories for the given gem.
-
#git? ⇒ Boolean
Determines if the database is a git repository.
-
#initialize(path = self.class.path) ⇒ Database
constructor
Initializes the Advisory Database.
-
#inspect ⇒ String
Inspects the database.
-
#last_updated_at ⇒ Time
Determines the time when the database was last updated.
-
#size ⇒ Integer
The number of advisories within the database.
-
#to_s ⇒ String
Converts the database to a String.
-
#update!(options = {}) ⇒ true?
Updates the ruby-advisory-db.
Constructor Details
#initialize(path = self.class.path) ⇒ Database
Initializes the Advisory Database.
60 61 62 63 64 65 66 |
# File 'lib/bundler/audit/database.rb', line 60 def initialize(path=self.class.path) unless File.directory?(path) raise(ArgumentError,"#{path.dump} is not a directory") end @path = path end |
Instance Attribute Details
#path ⇒ Object (readonly)
The path to the advisory database
49 50 51 |
# File 'lib/bundler/audit/database.rb', line 49 def path @path end |
Class Method Details
.download(options = {}) ⇒ Dataase
Requires network access.
Downloads the ruby-advisory-db.
115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
# File 'lib/bundler/audit/database.rb', line 115 def self.download(={}) unless (.keys - [:path, :quiet]).empty? raise(ArgumentError,"Invalid option(s)") end path = .fetch(:path,DEFAULT_PATH) command = %w[git clone] command << '--quiet' if [:quiet] command << URL << path unless system(*command) raise(DownloadFailed,"failed to download #{URL} to #{path.inspect}") end return new(path) end |
.exists?(path = DEFAULT_PATH) ⇒ Boolean
Tests whether the database exists.
88 89 90 |
# File 'lib/bundler/audit/database.rb', line 88 def self.exists?(path=DEFAULT_PATH) File.directory?(path) && !(Dir.entries(path) - %w[. ..]).empty? end |
.path ⇒ String
The default path for the database.
74 75 76 |
# File 'lib/bundler/audit/database.rb', line 74 def self.path DEFAULT_PATH end |
.update!(options = {}) ⇒ Boolean?
156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/bundler/audit/database.rb', line 156 def self.update!(={}) raise "Invalid option(s)" unless (.keys - [:quiet]).empty? if File.directory?(DEFAULT_PATH) begin new(DEFAULT_PATH).update!() rescue UpdateFailed then false end else begin download(.merge(path: DEFAULT_PATH)) rescue DownloadFailed then false end end end |
Instance Method Details
#advisories {|advisory| ... } ⇒ Enumerator
Enumerates over every advisory in the database.
260 261 262 263 264 265 266 |
# File 'lib/bundler/audit/database.rb', line 260 def advisories(&block) return enum_for(__method__) unless block_given? each_advisory_path do |path| yield Advisory.load(path) end end |
#advisories_for(name) {|advisory| ... } ⇒ Enumerator
Enumerates over advisories for the given gem.
283 284 285 286 287 288 289 |
# File 'lib/bundler/audit/database.rb', line 283 def advisories_for(name) return enum_for(__method__,name) unless block_given? each_advisory_path_for(name) do |path| yield Advisory.load(path) end end |
#check_gem(gem) {|advisory| ... } ⇒ Enumerator
Verifies whether the gem is effected by any advisories.
307 308 309 310 311 312 313 314 315 |
# File 'lib/bundler/audit/database.rb', line 307 def check_gem(gem) return enum_for(__method__,gem) unless block_given? advisories_for(gem.name) do |advisory| if advisory.vulnerable?(gem.version) yield advisory end end end |
#commit_id ⇒ String?
The last commit ID of the repository.
223 224 225 226 227 228 229 |
# File 'lib/bundler/audit/database.rb', line 223 def commit_id if git? Dir.chdir(@path) do `git rev-parse HEAD`.chomp end end end |
#each_advisory_path {|path| ... } ⇒ Object (protected)
Enumerates over every advisory path in the database.
358 359 360 |
# File 'lib/bundler/audit/database.rb', line 358 def each_advisory_path(&block) Dir.glob(File.join(@path,'gems','*','*.yml'),&block) end |
#each_advisory_path_for(name) {|path| ... } ⇒ Object (protected)
Enumerates over the advisories for the given gem.
374 375 376 |
# File 'lib/bundler/audit/database.rb', line 374 def each_advisory_path_for(name,&block) Dir.glob(File.join(@path,'gems',name,'*.yml'),&block) end |
#git? ⇒ Boolean
Determines if the database is a git repository.
179 180 181 |
# File 'lib/bundler/audit/database.rb', line 179 def git? File.directory?(File.join(@path,'.git')) end |
#inspect ⇒ String
Inspects the database.
343 344 345 |
# File 'lib/bundler/audit/database.rb', line 343 def inspect "#<#{self.class}:#{self}>" end |
#last_updated_at ⇒ Time
Determines the time when the database was last updated.
238 239 240 241 242 243 244 245 246 |
# File 'lib/bundler/audit/database.rb', line 238 def last_updated_at if git? Dir.chdir(@path) do Time.parse(`git log --date=iso8601 --pretty="%cd" -1`) end else File.mtime(@path) end end |
#size ⇒ Integer
The number of advisories within the database.
323 324 325 |
# File 'lib/bundler/audit/database.rb', line 323 def size each_advisory_path.count end |
#to_s ⇒ String
Converts the database to a String.
333 334 335 |
# File 'lib/bundler/audit/database.rb', line 333 def to_s @path end |
#update!(options = {}) ⇒ true?
Updates the ruby-advisory-db.
199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 |
# File 'lib/bundler/audit/database.rb', line 199 def update!(={}) if git? Dir.chdir(@path) do command = %w[git pull] command << '--quiet' if [:quiet] command << 'origin' << 'master' unless system(*command) raise(UpdateFailed,"failed to update #{@path.inspect}") end return true end end end |