class Bundler::Audit::Scanner

def initialize(root=Dir.pwd,gemfile_lock='Gemfile.lock',database=Database.new,config_dot_file='.bundler-audit.yml')

Raises:
  • (Bundler::GemfileLockNotFound) -

Parameters:
  • database (Database) --
  • gemfile_lock (String) --
  • root (String) -- 
def initialize(root=Dir.pwd,gemfile_lock='Gemfile.lock',database=Database.new,config_dot_file='.bundler-audit.yml')
  @root     = File.expand_path(root)
  @database = database
  gemfile_lock_path = File.join(@root,gemfile_lock)
  unless File.file?(gemfile_lock_path)
    raise(Bundler::GemfileLockNotFound,"Could not find #{gemfile_lock.inspect} in #{@root.inspect}")
  end
  @lockfile = LockfileParser.new(File.read(gemfile_lock_path))
  config_dot_file_full_path = File.join(@root,config_dot_file)
  @config = if File.exist?(config_dot_file_full_path)
              Configuration.load(config_dot_file_full_path)
            else
              Configuration.new
            end
end

def internal_host?(host)

Returns:
  • (Boolean) -

Parameters:
  • host (String) -- 
def internal_host?(host)
  Resolv.getaddresses(host).all? { |ip| internal_ip?(ip) }
rescue URI::Error
  false
end

def internal_ip?(ip)

Returns:
  • (Boolean) -

Parameters:
  • ip (String) -- 
def internal_ip?(ip)
  INTERNAL_SUBNETS.any? { |subnet| subnet.include?(ip) }
end

def internal_source?(uri)

Returns:
  • (Boolean) -

Parameters:
  • uri (URI, String) -- 
def internal_source?(uri)
  uri = URI.parse(uri.to_s)
  internal_host?(uri.host) if uri.host
end

def report(options={})

Other tags:
    Since: - 0.8.0

Returns:
  • (Report) -

Other tags:
    Yieldparam: result -

Other tags:
    Yield: -

Options Hash: (**options)
  • :ignore (Array) --

Parameters:
  • options (Hash) -- 
def report(options={})
  report = Report.new()
  scan(options) do |result|
    report << result
    yield result if block_given?
  end
  return report
end

def scan(options={},&block)

Returns:
  • (Enumerator) -

Other tags:
    Yieldparam: result -

Other tags:
    Yield: -

Options Hash: (**options)
  • :ignore (Array) --

Parameters:
  • options (Hash) -- 
def scan(options={},&block)
  return enum_for(__method__,options) unless block
  scan_sources(options,&block)
  scan_specs(options,&block)
  return self
end

def scan_sources(options={})

Other tags:
    Since: - 0.4.0

Other tags:
    Api: - semipublic

Returns:
  • (Enumerator) -

Other tags:
    Yieldparam: result -

Other tags:
    Yield: -

Parameters:
  • options (Hash) -- 
def scan_sources(options={})
  return enum_for(__method__,options) unless block_given?
  @lockfile.sources.map do |source|
    case source
    when Source::Git
      case source.uri
      when /^git:/, /^http:/
        unless internal_source?(source.uri)
          yield Results::InsecureSource.new(source.uri)
        end
      end
    when Source::Rubygems
      source.remotes.each do |uri|
        if (uri.scheme == 'http' && !internal_source?(uri))
          yield Results::InsecureSource.new(uri.to_s)
        end
      end
    end
  end
end

def scan_specs(options={})

Other tags:
    Since: - 0.4.0

Other tags:
    Api: - semipublic

Returns:
  • (Enumerator) -

Other tags:
    Yieldparam: result -

Other tags:
    Yield: -

Options Hash: (**options)
  • :ignore (Array) --

Parameters:
  • options (Hash) -- 
def scan_specs(options={})
  return enum_for(__method__,options) unless block_given?
  ignore = if options[:ignore] then Set.new(options[:ignore])
           else                     config.ignore
           end
  @lockfile.specs.each do |gem|
    @database.check_gem(gem) do |advisory|
      is_ignored = ignore.intersect?(advisory.identifiers.to_set)
      next if is_ignored
      yield Results::UnpatchedGem.new(gem,advisory)
    end
  end
end