class Bundler::Audit::Scanner

def initialize(root=Dir.pwd,gemfile_lock='Gemfile.lock')
  @root     = File.expand_path(root)
  @database = Database.new
  @lockfile = LockfileParser.new(
    File.read(File.join(@root,gemfile_lock))
  )
end

def internal_host?(host)
  Resolv.getaddresses(host).all? { |ip| internal_ip?(ip) }
rescue URI::Error
  false
end

def internal_ip?(ip)
  INTERNAL_SUBNETS.any? { |subnet| subnet.include?(ip) }
end

def internal_source?(uri)
  uri = URI(uri)
  internal_host?(uri.host) if uri.host
end

def scan(options={},&block)
  return enum_for(__method__,options) unless block
  ignore = Set[]
  ignore += options[:ignore] if options[:ignore]
  scan_sources(options,&block)
  scan_specs(options,&block)
  return self
end

def scan_sources(options={})
  return enum_for(__method__,options) unless block_given?
  @lockfile.sources.map do |source|
    case source
    when Source::Git
      case source.uri
      when /^git:/, /^http:/
        unless internal_source?(source.uri)
          yield InsecureSource.new(source.uri)
        end
      end
    when Source::Rubygems
      source.remotes.each do |uri|
        if (uri.scheme == 'http' && !internal_source?(uri))
          yield InsecureSource.new(uri.to_s)
        end
      end
    end
  end
end

def scan_specs(options={})
  return enum_for(__method__,options) unless block_given?
  ignore = Set[]
  ignore += options[:ignore] if options[:ignore]
  @lockfile.specs.each do |gem|
    @database.check_gem(gem) do |advisory|
      unless (ignore.include?(advisory.cve_id) ||
              ignore.include?(advisory.osvdb_id))
        yield UnpatchedGem.new(gem,advisory)
      end
    end
  end
end