Class: Bundler::Audit::CLI

Inherits:

Thor

• Object
• Thor
• Bundler::Audit::CLI

Defined in:

lib/bundler/audit/cli.rb

Constant Summary

CRITICALITY_MAP =

{
  :low    => ["Low"],
  :medium => ["Medium", :yellow],
  :high   => ["High", [:red, :bold]],
}

Instance Method Summary

• #check ⇒ Object
• #print_advisory(gem, advisory) ⇒ Object protected
• #print_advisory_details(advisory) ⇒ Object protected
• #print_advisory_solution(advisory) ⇒ Object protected
• #print_affected_gem(gem) ⇒ Object protected
• #print_setup_instructions ⇒ Object protected
• #print_warning(message) ⇒ Object protected
• #say(message = "", color = nil) ⇒ Object protected
• #update ⇒ Object
• #version ⇒ Object

Instance Method Details

#check ⇒ Object

# File 'lib/bundler/audit/cli.rb', line 38

def check
  begin
    scanner  = Scanner.new
  rescue ArgumentError
    print_setup_instructions
    exit 1
  end

  # attempt update the database before doing a scan
  scanner.database.update!

  unpatched_versions = false
  insecure_sources = false
  scanner.scan(:ignore => options.ignore) do |result|

    case result
    when Scanner::InsecureSource
    insecure_sources = true
      print_warning "Insecure Source URI found: #{result.source}"
    when Scanner::UnpatchedGem
      unpatched_versions = true
      print_advisory result.gem, result.advisory
    end
  end

  if unpatched_versions
    say "Unpatched versions found!", :red
  else
    say "No unpatched versions found", :green
  end

  if insecure_sources
    say "Insecure sources found!", :red
  else
    say "No insecure sources found", :green
  end

  if unpatched_versions || insecure_sources
    exit 1
  end
end

#print_advisory(gem, advisory) ⇒ Object (protected)

# File 'lib/bundler/audit/cli.rb', line 117

def print_advisory(gem, advisory)
  print_affected_gem(gem)

  say "Advisory: ", :red
  say advisory.id

  say "Criticality: ", :red
  say *(CRITICALITY_MAP[advisory.criticality] || "Unknown")

  say "URL: ", :red
  say advisory.url

  print_advisory_details advisory
  print_advisory_solution advisory

  say
end

#print_advisory_details(advisory) ⇒ Object (protected)

# File 'lib/bundler/audit/cli.rb', line 154

def print_advisory_details(advisory)
  if options.verbose?
    say "Description:", :red
    say

    print_wrapped advisory.description, :indent => 2
    say
  else
    say "Title: ", :red
    say advisory.title
  end
end

#print_advisory_solution(advisory) ⇒ Object (protected)

# File 'lib/bundler/audit/cli.rb', line 167

def print_advisory_solution(advisory)
  unless advisory.patched_versions.empty?
    say "Solution: upgrade to ", :red
    say advisory.patched_versions.join(', ')
  else
    say "Solution: ", :red
    say "remove or disable this gem until a patch is available!", [:red, :bold]
  end
end

#print_affected_gem(gem) ⇒ Object (protected)

# File 'lib/bundler/audit/cli.rb', line 146

def print_affected_gem(gem)
  say "Name: ", :red
  say gem.name

  say "Version: ", :red
  say gem.version
end

#print_setup_instructions ⇒ Object (protected)

# File 'lib/bundler/audit/cli.rb', line 137

def print_setup_instructions
  say ""
  print_warning "You don't have a copy of the Ruby vulnerabilities database yet."
  print_warning "To get the database, please run:"
  say ""
  print_warning "  #{$0} update"
  say ""
end

#print_warning(message) ⇒ Object (protected)

# File 'lib/bundler/audit/cli.rb', line 113

def print_warning(message)
  say message, :yellow
end

#say(message = "", color = nil) ⇒ Object (protected)

# File 'lib/bundler/audit/cli.rb', line 108

def say(message="", color=nil)
  color = nil unless $stdout.tty?
  super(message.to_s, color)
end

#update ⇒ Object

# File 'lib/bundler/audit/cli.rb', line 81

def update
  say "Updating ruby-advisory-db ..."

  Database.update!
  puts "ruby-advisory-db: #{Database.new.size} advisories"
end

#version ⇒ Object

# File 'lib/bundler/audit/cli.rb', line 89

def version
  cmd = File.basename($0)
  advisories = nil
  begin
    database = Database.new
    advisories = " (advisories: #{database.size})"
  rescue ArgumentError
    # Don't have a database yet.
  end

  say "#{cmd} #{VERSION}#{advisories}", :bold
  if advisories.nil?
    print_setup_instructions
    exit 1
  end
end