module Bundler::Security::Voting

Verifies voting verdicts for gems

Constants

RemotePolicy

Remote policy settings from Coditsu

Public Class Methods

build_gems(policy, gems) click to toggle source

Build gems that don't have enough approvals

@param policy [Voting::RemotePolicy] remote policy settings @param gems [Hash] remote gem statistics

@return [Array] gems that don't have enough approvals based on remote policy

# File lib/bundler/security/voting.rb, line 24
def build_gems(policy, gems)
  gems.each_with_object([]) do |(name, data), errors|
    gem_policy = GemPolicy.new(name, data, policy)

    next if gem_policy.approved?
    next unless gem_policy.rejected?

    errors << BuildUnsafeGem.call(gem_policy)
  end
end
build_remote_policy(policy) click to toggle source

Build remote policy based on Coditsu differ settings

@param policy [Hash] remote policy settings

@return [Voting::RemotePolicy]

# File lib/bundler/security/voting.rb, line 50
def build_remote_policy(policy)
  RemotePolicy.new(
    policy['type'], policy['threshold']
  )
end
build_status(remote_policy_type, command, errors) click to toggle source

Build security verdict

@param remote_policy_type [String] @param command [String] either install or update @param errors [Array] detected security errors

# File lib/bundler/security/voting.rb, line 61
def build_status(remote_policy_type, command, errors)
  if errors.empty?
    BuildSuccess.call(remote_policy_type, command)
  else
    BuildFailure.call(remote_policy_type, command, errors)
    exit 1
  end
end
call(command, definition) click to toggle source

Build verdict

@param command [String] either install or update @param definition [Bundler::Definition] definition for your source

# File lib/bundler/security/voting.rb, line 12
def call(command, definition)
  remote_data(command, definition)
    .then { |policy, gems| [policy, build_gems(policy, gems)] }
    .then { |policy, errors| build_status(policy.type, command, errors) }
end
remote_data(command, definition) click to toggle source

Fetch data from the differ

@param command [String] either install or update @param definition [Bundler::Definition]

# File lib/bundler/security/voting.rb, line 39
def remote_data(command, definition)
  Versions::Remote
    .call(command, definition)
    .yield_self { |response| [build_remote_policy(response['policy']), response['gems']] }
end