Class: Bundler::Audit::Database

Inherits:

Object

• Object
• Bundler::Audit::Database

Defined in:

lib/bundler/audit/database.rb

Overview

Represents the directory of advisories, grouped by gem name and CVE number.

Constant Summary

URL =

Git URL of the ruby-advisory-db

'https://github.com/rubysec/ruby-advisory-db.git'

PATH =

Path to the user's copy of the ruby-advisory-db

File.expand_path(File.join(ENV['HOME'],'.local','share','ruby-advisory-db'))

Instance Attribute Summary

• #path ⇒ Object readonly

  The path to the advisory database.

Class Method Summary

• .install! ⇒ Boolean

  Downloads the database.

• .path ⇒ String

  The default path for the database.

• .path=(new_path) ⇒ String

  Sets the default path for the database.

• .update! ⇒ Boolean

  Updates the user's ruby-advisory-db.

Instance Method Summary

• #advisories {|advisory| ... } ⇒ Enumerator

  Enumerates over every advisory in the database.

• #advisories_for(name) {|advisory| ... } ⇒ Enumerator

  Enumerates over advisories for the given gem.

• #check_gem(gem) {|advisory| ... } ⇒ Enumerator

  Verifies whether the gem is effected by any advisories.

• #each_advisory_path {|path| ... } ⇒ Object protected

  Enumerates over every advisory path in the database.

• #each_advisory_path_for(name) {|path| ... } ⇒ Object protected

  Enumerates over the advisories for the given gem.

• #initialize(path = self.class.path) ⇒ Database constructor

  Initializes the Advisory Database.

• #inspect ⇒ String

  Inspects the database.

• #last_updated ⇒ Time

  Determines when the database was last updated.

• #size ⇒ Integer

  The number of advisories within the database.

• #to_s ⇒ String

  Converts the database to a String.

• #update! ⇒ Boolean

  Updates the database.

Constructor Details

#initialize(path = self.class.path) ⇒ Database

Initializes the Advisory Database.

Parameters:

• path (String) (defaults to: self.class.path) —

  The path to the advisory database.

Raises:

• (ArgumentError) —

  The path was not a directory.

# File 'lib/bundler/audit/database.rb', line 51

def initialize(path=self.class.path)
  unless File.directory?(path)
    raise(ArgumentError,"#{path.dump} is not a directory")
  end

  @path = path
end

Instance Attribute Details

#path ⇒ Object (readonly)

The path to the advisory database

# File 'lib/bundler/audit/database.rb', line 40

def path
  @path
end

Class Method Details

.install! ⇒ Boolean

Downloads the database.

Returns:

• (Boolean) —

  Specifies whether the download was successful.

Since:

• 0.4.0

# File 'lib/bundler/audit/database.rb', line 87

def self.install!
  system 'git', 'clone', URL, path
end

.path ⇒ String

The default path for the database.

Returns:

• (String) —

  The path to the database directory. Defaults to PATH.

# File 'lib/bundler/audit/database.rb', line 65

def self.path
  @@path ||= PATH
end

.path=(new_path) ⇒ String

Sets the default path for the database.

Returns:

• (String) —

  The new default path for the database.

# File 'lib/bundler/audit/database.rb', line 75

def self.path=(new_path)
  @@path = new_path
end

.update! ⇒ Boolean

Updates the user's ruby-advisory-db.

Returns:

• (Boolean) —

  Specifies whether the update was successful.

See Also:

• #update!

Since:

• 0.3.0

# File 'lib/bundler/audit/database.rb', line 101

def self.update!
  if File.directory?(File.join(path, '.git'))
    new(path).update!
  else
    install!
  end
end

Instance Method Details

#advisories {|advisory| ... } ⇒ Enumerator

Enumerates over every advisory in the database.

Yields:

• (advisory) —

  If a block is given, it will be passed each advisory.

Yield Parameters:

• advisory (Advisory) —

  An advisory from the database.

Returns:

• (Enumerator) —

  If no block is given, an Enumerator will be returned.

# File 'lib/bundler/audit/database.rb', line 150

def advisories(&block)
  return enum_for(__method__) unless block_given?

  each_advisory_path do |path|
    yield Advisory.load(path)
  end
end

#advisories_for(name) {|advisory| ... } ⇒ Enumerator

Enumerates over advisories for the given gem.

Parameters:

• name (String) —

  The gem name to lookup.

Yields:

• (advisory) —

  If a block is given, each advisory for the given gem will be yielded.

Yield Parameters:

• advisory (Advisory) —

  An advisory for the given gem.

Returns:

• (Enumerator) —

  If no block is given, an Enumerator will be returned.

# File 'lib/bundler/audit/database.rb', line 173

def advisories_for(name)
  return enum_for(__method__,name) unless block_given?

  each_advisory_path_for(name) do |path|
    yield Advisory.load(path)
  end
end

#check_gem(gem) {|advisory| ... } ⇒ Enumerator

Verifies whether the gem is effected by any advisories.

Parameters:

• gem (Gem::Specification) —

  The gem to verify.

Yields:

• (advisory) —

  If a block is given, it will be passed advisories that effect the gem.

Yield Parameters:

• advisory (Advisory) —

  An advisory that effects the specific version of the gem.

Returns:

• (Enumerator) —

  If no block is given, an Enumerator will be returned.

# File 'lib/bundler/audit/database.rb', line 197

def check_gem(gem)
  return enum_for(__method__,gem) unless block_given?

  advisories_for(gem.name) do |advisory|
    if advisory.vulnerable?(gem.version)
      yield advisory
    end
  end
end

#each_advisory_path {|path| ... } ⇒ Object (protected)

Enumerates over every advisory path in the database.

Yields:

• (path) —

  The given block will be passed each advisory path.

Yield Parameters:

• path (String) —

  A path to an advisory .yml file.

# File 'lib/bundler/audit/database.rb', line 248

def each_advisory_path(&block)
  Dir.glob(File.join(@path,'gems','*','*.yml'),&block)
end

#each_advisory_path_for(name) {|path| ... } ⇒ Object (protected)

Enumerates over the advisories for the given gem.

Parameters:

• name (String) —

  The gem of the gem.

Yields:

• (path) —

  The given block will be passed each advisory path.

Yield Parameters:

• path (String) —

  A path to an advisory .yml file.

# File 'lib/bundler/audit/database.rb', line 264

def each_advisory_path_for(name,&block)
  Dir.glob(File.join(@path,'gems',name,'*.yml'),&block)
end

#inspect ⇒ String

Inspects the database.

Returns:

• (String) —

  The inspected database.

# File 'lib/bundler/audit/database.rb', line 233

def inspect
  "#<#{self.class}:#{self}>"
end

#last_updated ⇒ Time

Determines when the database was last updated.

Returns:

• (Time) —

  The time of the last update.

Since:

• 0.4.0

# File 'lib/bundler/audit/database.rb', line 134

def last_updated
  Dir.chdir(@path) { Time.parse(`git log -1 --format=%ad`) }
end

#size ⇒ Integer

The number of advisories within the database.

Returns:

• (Integer) —

  The number of advisories.

# File 'lib/bundler/audit/database.rb', line 213

def size
  each_advisory_path.count
end

#to_s ⇒ String

Converts the database to a String.

Returns:

• (String) —

  The path to the database.

# File 'lib/bundler/audit/database.rb', line 223

def to_s
  @path
end

#update! ⇒ Boolean

Note:

Requires network access.

Updates the database.

Returns:

• (Boolean) —

  Specifies whether the update was successful.

See Also:

• Bundler::Audit::Database.00.40.4.0

# File 'lib/bundler/audit/database.rb', line 120

def update!
  Dir.chdir(@path) do
    system 'git', 'pull', 'origin', 'master'
  end
end