Class: Bundler::Audit::Scanner

Inherits:

Object

• Object
• Bundler::Audit::Scanner

Defined in:

lib/bundler/audit/scanner.rb

Defined Under Namespace

Classes: InsecureSource, UnpatchedGem

Instance Attribute Summary

• #database ⇒ Database readonly

  The advisory database.

• #lockfile ⇒ Bundler::LockfileParser readonly

  The parsed Gemfile.lock from the project.

• #root ⇒ Object readonly

  Project root directory.

Instance Method Summary

• #get_insecure_sources ⇒ Object protected
• #get_unpatched_gems(ignore) ⇒ Object protected
• #initialize(root = Dir.pwd) ⇒ Scanner constructor

  Initializes a scanner.

• #scan(options = {}) {|result| ... } ⇒ Enumerator

  Scans the project for issues.

Constructor Details

#initialize(root = Dir.pwd) ⇒ Scanner

Initializes a scanner.

Parameters:

• root (String) (defaults to: Dir.pwd) —

  The path to the project root.

# File 'lib/bundler/audit/scanner.rb', line 36

def initialize(root=Dir.pwd)
  @root     = File.expand_path(root)
  @database = Database.new
  @lockfile = LockfileParser.new(
    File.read(File.join(@root,'Gemfile.lock'))
  )
end

Instance Attribute Details

#database ⇒ Database (readonly)

The advisory database

Returns:

• (Database)

# File 'lib/bundler/audit/scanner.rb', line 20

def database
  @database
end

#lockfile ⇒ Bundler::LockfileParser (readonly)

The parsed Gemfile.lock from the project

Returns:

• (Bundler::LockfileParser)

# File 'lib/bundler/audit/scanner.rb', line 28

def lockfile
  @lockfile
end

#root ⇒ Object (readonly)

Project root directory

# File 'lib/bundler/audit/scanner.rb', line 23

def root
  @root
end

Instance Method Details

#get_insecure_sources ⇒ Object (protected)

# File 'lib/bundler/audit/scanner.rb', line 73

def get_insecure_sources
  insecure = []
  @lockfile.sources.each do |source|
    case source
    when Source::Git
      next unless(source.uri =~ /^(git|http):/)

      insecure << InsecureSource.new(source.uri)
    when Source::Rubygems
      source.remotes.map do |uri|
        next unless uri.scheme == 'http'

        insecure << InsecureSource.new(uri.to_s)
      end
    end
  end

  return insecure
end

#get_unpatched_gems(ignore) ⇒ Object (protected)

# File 'lib/bundler/audit/scanner.rb', line 93

def get_unpatched_gems(ignore)
  ignore = Set.new(ignore) # If ignore is empty the Set will contain nil,
                           # but since we should never have a nil version
                           # that's a non-issue.
  unpatched = []
  @lockfile.specs.each do |gem|
    @database.check_gem(gem) do |advisory|
      next if ignore.include?(advisory.id)

      unpatched << UnpatchedGem.new(gem,advisory)
    end
  end
  return unpatched
end

#scan(options = {}) {|result| ... } ⇒ Enumerator

Scans the project for issues.

Parameters:

• options (Hash) (defaults to: {}) —

  Additional options.

Options Hash (options):

• :ignore (Array<String>) —

  The advisories to ignore.

Yields:

• (result) —

  The given block will be passed the results of the scan.

Yield Parameters:

• result (InsecureSource, UnpatchedGem) —

  A result from the scan.

Returns:

• (Enumerator) —

  If no block is given, an Enumerator will be returned.

# File 'lib/bundler/audit/scanner.rb', line 62

def scan(options={})
  return enum_for(__method__,options) unless block_given?

  get_insecure_sources.each { |source| yield source }
  get_unpatched_gems(options[:ignore]).each { |gem| yield gem }

  return self
end