Class: Bundler::Patch::AdvisoryConsolidator

Inherits:
Object
  • Object
show all
Defined in:
lib/bundler/patch/advisory_consolidator.rb

Instance Method Summary collapse

Constructor Details

#initialize(options = {}, all_ads = nil) ⇒ AdvisoryConsolidator

Returns a new instance of AdvisoryConsolidator.



3
4
5
6
7
8
9
10
11
12
13
14
15
 
# File 'lib/bundler/patch/advisory_consolidator.rb', line 3

def initialize(options={}, all_ads=nil)
  @options = options
  @all_ads = all_ads || [].tap do |a|
    unless options[:skip_bundler_advise]
      if options[:ruby_advisory_db_path]
        a << Bundler::Advise::Advisories.new(dir: options[:ruby_advisory_db_path])
      else
        a << Bundler::Advise::Advisories.new # annoying
      end
    end
    a << Bundler::Advise::Advisories.new(dir: options[:advisory_db_path], repo: nil) if options[:advisory_db_path]
  end
end

Instance Method Details

#patch_gemfile_and_get_gem_specs_to_patchObject 



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/bundler/patch/advisory_consolidator.rb', line 34

def patch_gemfile_and_get_gem_specs_to_patch
  gem_update_specs = vulnerable_gems
  locked = File.exist?(Bundler.default_lockfile) ?
    Bundler::LockfileParser.new(Bundler.read_file(Bundler.default_lockfile)).specs : []

  gem_update_specs.map(&:update) # modify requirements in Gemfile if necessary

  gem_update_specs.map do |up_spec|
    old_version = locked.detect { |s| s.name == up_spec.gem_name }.version.to_s
    new_version = up_spec.calc_new_version(old_version)
    if new_version
      GemPatch.new(gem_name: up_spec.gem_name, old_version: old_version,
                   new_version: new_version, patched_versions: up_spec.patched_versions)
    else
      GemPatch.new(gem_name: up_spec.gem_name, old_version: old_version, patched_versions: up_spec.patched_versions)
    end
  end
end

#vulnerable_gemsObject 



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/bundler/patch/advisory_consolidator.rb', line 17

def vulnerable_gems
  @all_ads.map do |ads|
    ads.update if ads.repo
    File.exist?(Bundler.default_lockfile) ? Bundler::Advise::GemAdviser.new(advisories: ads).scan_lockfile : []
  end.flatten.map do |advisory|
    patched = advisory.patched_versions.map do |pv|
      # this is a little stupid for compound requirements, but works itself out in consolidate_gemfiles
      pv.requirements.map { |_, v| v.to_s }
    end.flatten
    Gemfile.new(gem_name: advisory.gem, patched_versions: patched)
  end.group_by do |gemfile|
    gemfile.gem_name
  end.map do |_, gemfiles|
    consolidate_gemfiles(gemfiles)
  end.flatten
end