module Bundler::Security::Voting::Versions::Local

Module responsible for preparing current or current/new versions of gems

Constants

ME_PATH

Definition of a local path, if it matches it means that we are the source

ME_SOURCES

Sources that we expect to match ourselves too

Public Class Methods

call(command, definition) click to toggle source

@param command [String] either install or update @param definition [Bundler::Definition] definition for your source

# File lib/bundler/security/voting/versions/local.rb, line 21
def call(command, definition)
  Bundler.ui.silence { definition.resolve_remotely! }

  case command
  when Commands::INSTALL then build_install(definition)
  when Commands::UPDATE then build_update(definition)
  else
    raise ArgumentError, "invalid command: #{command}"
  end
end

Private Class Methods

build_install(definition) click to toggle source

@param definition [Bundler::Definition] definition for your source

# File lib/bundler/security/voting/versions/local.rb, line 35
def build_install(definition)
  requested_specs = definition.requested_specs
  # Support case without Gemfile.lock
  if definition.locked_gems
    locked_specs = definition.locked_gems.specs
    introduced = requested_specs.map(&:name) - locked_specs.map(&:name)
    introduced_specs = requested_specs.select { |spec| introduced.include?(spec.name) }
    introduced_specs.concat(locked_specs)
  else
    introduced_specs = requested_specs
  end

  introduced_specs.each_with_object({}) do |spec, hash|
    next if skip?(spec.source)

    hash[spec.name] = ['', spec.version.to_s]
  end
end
build_update(definition) click to toggle source

@param definition [Bundler::Definition] definition for your source

# File lib/bundler/security/voting/versions/local.rb, line 55
def build_update(definition)
  locked_specs = definition.locked_gems.specs

  definition.requested_specs.each_with_object({}) do |spec, hash|
    next if skip?(spec.source)

    locked_spec = locked_specs.find { |s| s.name == spec.name }

    hash[spec.name] = if locked_spec
                        [locked_spec.version.to_s, spec.version.to_s]
                      else
                        ['', spec.version.to_s]
                      end
  end
end
git?(source) click to toggle source

Checks if it's a git source

@param source [Bundler::Source::Git, Bundler::Source::Rubygems]

@return [Boolean] true if it's a git source, false otherwise

# File lib/bundler/security/voting/versions/local.rb, line 88
def git?(source)
  source.instance_of?(Bundler::Source::Git)
end
me?(source) click to toggle source

Checks if it's a self source, this happens for repositories that are a gem

@param source [Bundler::Source::Path,Bundler::Source::Git,Bundler::Source::Rubygems]

@return [Boolean] true if it's a self source, false otherwise

# File lib/bundler/security/voting/versions/local.rb, line 97
def me?(source)
  return false unless ME_SOURCES.include?(source.class)

  source.path.to_s == ME_PATH
end
skip?(source) click to toggle source

Checks if we should skip a source

@param source [Bundler::Source::Git, Bundler::Source::Rubygems]

@return [Boolean] true if we should skip this source, false otherwise

# File lib/bundler/security/voting/versions/local.rb, line 76
def skip?(source)
  return true if git?(source)
  return true if me?(source)

  false
end