Class: Bundler::Audit::Scanner

Inherits:
Object
  • Object
show all
Defined in:
lib/bundler/audit/scanner.rb

Defined Under Namespace

Classes: InsecureSource, UnpatchedGem

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(root = Dir.pwd, gemfile_lock = 'Gemfile.lock') ⇒ Scanner

Initializes a scanner.

Parameters:

  • root (String) (defaults to: Dir.pwd)

    The path to the project root.

  • gemfile_lock (String) (defaults to: 'Gemfile.lock')

    Alternative name for the Gemfile.lock file.



42
43
44
45
46
47
48
# File 'lib/bundler/audit/scanner.rb', line 42

def initialize(root=Dir.pwd,gemfile_lock='Gemfile.lock')
  @root     = File.expand_path(root)
  @database = Database.new
  @lockfile = LockfileParser.new(
    File.read(File.join(@root,gemfile_lock))
  )
end

Instance Attribute Details

#databaseDatabase (readonly)

The advisory database

Returns:



23
24
25
# File 'lib/bundler/audit/scanner.rb', line 23

def database
  @database
end

#lockfileBundler::LockfileParser (readonly)

The parsed Gemfile.lock from the project

Returns:

  • (Bundler::LockfileParser)


31
32
33
# File 'lib/bundler/audit/scanner.rb', line 31

def lockfile
  @lockfile
end

#rootObject (readonly)

Project root directory



26
27
28
# File 'lib/bundler/audit/scanner.rb', line 26

def root
  @root
end

Instance Method Details

#scan(options = {}) {|result| ... } ⇒ Enumerator

Scans the project for issues.

Parameters:

  • options (Hash) (defaults to: {})

    Additional options.

Options Hash (options):

  • :ignore (Array<String>)

    The advisories to ignore.

Yields:

  • (result)

    The given block will be passed the results of the scan.

Yield Parameters:

Returns:

  • (Enumerator)

    If no block is given, an Enumerator will be returned.



68
69
70
71
72
73
74
75
76
77
78
# File 'lib/bundler/audit/scanner.rb', line 68

def scan(options={},&block)
  return enum_for(__method__,options) unless block

  ignore = Set[]
  ignore += options[:ignore] if options[:ignore]

  scan_sources(options,&block)
  scan_specs(options,&block)

  return self
end

#scan_sources(options = {}) {|result| ... } ⇒ Enumerator

Scans the gem sources in the lockfile.

Parameters:

  • options (Hash) (defaults to: {})

    Additional options.

Yields:

  • (result)

    The given block will be passed the results of the scan.

Yield Parameters:

Returns:

  • (Enumerator)

    If no block is given, an Enumerator will be returned.

Since:

  • 0.4.0



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# File 'lib/bundler/audit/scanner.rb', line 99

def scan_sources(options={})
  return enum_for(__method__,options) unless block_given?

  @lockfile.sources.map do |source|
    case source
    when Source::Git
      case source.uri
      when /^git:/, /^http:/
        unless internal_source?(source.uri)
          yield InsecureSource.new(source.uri)
        end
      end
    when Source::Rubygems
      source.remotes.each do |uri|
        if (uri.scheme == 'http' && !internal_source?(uri))
          yield InsecureSource.new(uri.to_s)
        end
      end
    end
  end
end

#scan_specs(options = {}) {|result| ... } ⇒ Enumerator

Scans the gem sources in the lockfile.

Parameters:

  • options (Hash) (defaults to: {})

    Additional options.

Options Hash (options):

  • :ignore (Array<String>)

    The advisories to ignore.

Yields:

  • (result)

    The given block will be passed the results of the scan.

Yield Parameters:

Returns:

  • (Enumerator)

    If no block is given, an Enumerator will be returned.

Since:

  • 0.4.0



143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# File 'lib/bundler/audit/scanner.rb', line 143

def scan_specs(options={})
  return enum_for(__method__,options) unless block_given?

  ignore = Set[]
  ignore += options[:ignore] if options[:ignore]

  @lockfile.specs.each do |gem|
    @database.check_gem(gem) do |advisory|
      unless (ignore.include?(advisory.cve_id) ||
              ignore.include?(advisory.osvdb_id))
        yield UnpatchedGem.new(gem,advisory)
      end
    end
  end
end