class Bundler::Audit::Scanner

Constants

InsecureSource

Represents a plain-text source

UnpatchedGem

Represents a gem that is covered by an Advisory

Attributes

database[R]

The advisory database

@return [Database]

lockfile[R]

The parsed ‘Gemfile.lock` from the project

@return [Bundler::LockfileParser]

root[R]

Project root directory

Public Class Methods

new(root=Dir.pwd) click to toggle source

Initializes a scanner.

@param [String] root

The path to the project root.
# File lib/bundler/audit/scanner.rb, line 36
def initialize(root=Dir.pwd)
  @root     = File.expand_path(root)
  @database = Database.new
  @lockfile = LockfileParser.new(
    File.read(File.join(@root,'Gemfile.lock'))
  )
end

Public Instance Methods

scan(options={}) { |source| ... } click to toggle source

Scans the project for issues.

@param [Hash] options

Additional options.

@option options [Array<String>] :ignore

The advisories to ignore.

@yield [result]

The given block will be passed the results of the scan.

@yieldparam [InsecureSource, UnpatchedGem] result

A result from the scan.

@return [Enumerator]

If no block is given, an Enumerator will be returned.
# File lib/bundler/audit/scanner.rb, line 62
def scan(options={})
  return enum_for(__method__,options) unless block_given?

  get_insecure_sources.each { |source| yield source }
  get_unpatched_gems(options[:ignore]).each { |gem| yield gem }

  return self
end

Protected Instance Methods

get_insecure_sources() click to toggle source
# File lib/bundler/audit/scanner.rb, line 73
def get_insecure_sources
  insecure = []
  @lockfile.sources.each do |source|
    case source
    when Source::Git
      next unless(source.uri =~ /^(git|http):/)

      insecure << InsecureSource.new(source.uri)
    when Source::Rubygems
      source.remotes.map do |uri|
        next unless uri.scheme == 'http'

        insecure << InsecureSource.new(uri.to_s)
      end
    end
  end

  return insecure
end
get_unpatched_gems(ignore) click to toggle source
# File lib/bundler/audit/scanner.rb, line 93
def get_unpatched_gems(ignore)
  ignore = Set.new(ignore) # If ignore is empty the Set will contain nil,
                           # but since we should never have a nil version
                           # that's a non-issue.
  unpatched = []
  @lockfile.specs.each do |gem|
    @database.check_gem(gem) do |advisory|
      next if ignore.include?(advisory.id)

      unpatched << UnpatchedGem.new(gem,advisory)
    end
  end
  return unpatched
end