Class: GemGuard::CLI

Inherits:

Thor

• Object
• Thor
• GemGuard::CLI

Defined in:

lib/gem_guard/cli.rb

Constant Summary

EXIT_SUCCESS =

Exit codes for CI/CD integration

0

EXIT_VULNERABILITIES_FOUND =

1

EXIT_ERROR =

2

Class Method Summary

• .exit_on_failure? ⇒ Boolean

Instance Method Summary

• #config ⇒ Object
• #fix ⇒ Object
• #interactive ⇒ Object
• #sbom ⇒ Object
• #scan ⇒ Object
• #typosquat ⇒ Object
• #version ⇒ Object

Class Method Details

.exit_on_failure? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gem_guard/cli.rb', line 14

def self.exit_on_failure?
  true
end

Instance Method Details

#config ⇒ Object

# File 'lib/gem_guard/cli.rb', line 173

def config
  config_file = Config.new(options[:path])

  if options[:init]
    if File.exist?(options[:path])
      puts "Config file #{options[:path]} already exists"
      exit EXIT_ERROR
    end

    # Create default config file
    default_config = {
      "lockfile" => "Gemfile.lock",
      "format" => "table",
      "fail_on_vulnerabilities" => true,
      "severity_threshold" => "low",
      "ignore_vulnerabilities" => [],
      "ignore_gems" => [],
      "output_file" => nil,
      "project_name" => config_file.send(:detect_project_name),
      "sbom" => {
        "format" => "spdx",
        "include_dev_dependencies" => false
      },
      "scan" => {
        "sources" => ["osv", "ruby_advisory_db"],
        "timeout" => 30
      }
    }

    File.write(options[:path], YAML.dump(default_config))
    puts "Created #{options[:path]} with default configuration"
  elsif options[:show]
    if config_file.exists?
      puts File.read(options[:path])
    else
      puts "No config file found at #{options[:path]}"
      puts "Run 'gem_guard config --init' to create one"
    end
  else
    puts "Usage: gem_guard config [--init|--show] [--path PATH]"
    puts "  --init  Create a new .gemguard.yml config file"
    puts "  --show  Display current configuration"
    puts "  --path  Specify config file path (default: .gemguard.yml)"
  end
end

#fix ⇒ Object

# File 'lib/gem_guard/cli.rb', line 226

def fix
  config = Config.new(options[:config] || ".gemguard.yml")

  lockfile_path = options[:lockfile] || config.lockfile_path
  gemfile_path = options[:gemfile] || "Gemfile"
  dry_run = options[:dry_run] || false
  interactive = options[:interactive] || false
  create_backup = !options[:no_backup]

  unless File.exist?(lockfile_path)
    puts "Error: #{lockfile_path} not found"
    verbose_diagnostics([lockfile_path])
    exit EXIT_ERROR
  end

  unless File.exist?(gemfile_path)
    puts "Error: #{gemfile_path} not found. Auto-fix requires a Gemfile."
    verbose_diagnostics([gemfile_path])
    exit EXIT_ERROR
  end

  begin
    # First, scan for vulnerabilities
    dependencies = Parser.new.parse(lockfile_path)
    vulnerabilities = VulnerabilityFetcher.new.fetch_for(dependencies)
    analysis = Analyzer.new.analyze(dependencies, vulnerabilities)

    if analysis.vulnerable_dependencies.empty?
      puts "✅ No vulnerabilities found. Nothing to fix!"
      exit EXIT_SUCCESS
    end

    # Apply fixes
    auto_fixer = AutoFixer.new(lockfile_path, gemfile_path)
    result = auto_fixer.fix_vulnerabilities(
      analysis.vulnerable_dependencies,
      dry_run: dry_run,
      interactive: interactive,
      backup: create_backup
    )

    case result[:status]
    when :no_fixes_needed
      puts "ℹ️  #{result[:message]}"
      exit EXIT_SUCCESS
    when :dry_run
      puts "🔍 Dry run — no files will be modified."
      puts "=" * 40
      result[:fixes].each do |fix|
        puts "✅ Would update #{fix[:gem_name]} #{fix[:current_version]} → #{fix[:target_version]}"
      end
      puts "\n#{result[:message]}"
      puts "Run without --dry-run to apply these fixes."
      exit EXIT_SUCCESS
    when :cancelled
      puts "❌ #{result[:message]}"
      exit EXIT_SUCCESS
    when :completed
      puts "🎉 #{result[:message]}"
      puts "\n📋 Applied Fixes:"
      result[:fixes].each do |fix|
        puts "✅ #{fix[:gem_name]}: #{fix[:current_version]} → #{fix[:target_version]}"
      end
      puts "\n💡 Run 'gem_guard scan' to verify fixes."
      exit EXIT_SUCCESS
    else
      puts "❌ Unexpected error during fix operation"
      exit EXIT_ERROR
    end
  rescue GemGuard::InvalidLockfileError => e
    puts "Invalid Gemfile.lock: #{e.message}"
    puts "Tip: Run 'bundle install' to regenerate your lockfile."
    exit EXIT_ERROR
  rescue GemGuard::FileError => e
    puts "File error: #{e.message}"
    exit EXIT_ERROR
  rescue => e
    puts "Error: #{e.message}"
    exit EXIT_ERROR
  end
end

#interactive ⇒ Object

# File 'lib/gem_guard/cli.rb', line 317

def interactive
  config = Config.new(options[:config] || ".gemguard.yml")
  lockfile_path = options[:lockfile] || config.lockfile_path

  # 1. Scan for vulnerabilities
  puts "Scanning for vulnerabilities..."
  dependencies = Parser.new.parse(lockfile_path)
  vulnerabilities = VulnerabilityFetcher.new.fetch_for(dependencies)
  analysis = Analyzer.new.analyze(dependencies, vulnerabilities)

  if analysis.vulnerable_dependencies.empty?
    puts "✅ No vulnerabilities found."
    exit EXIT_SUCCESS
  end

  # 2. Report vulnerabilities
  Reporter.new.report(analysis, format: "table")

  # 3. Ask to fix
  prompt = TTY::Prompt.new
  if prompt.yes?("\nWould you like to fix these vulnerabilities interactively?")
    invoke :fix, [], options.slice("lockfile", "gemfile", "config").merge(interactive: true)
  end
end

#sbom ⇒ Object

# File 'lib/gem_guard/cli.rb', line 86

def sbom
  lockfile_path = options[:lockfile]

  unless File.exist?(lockfile_path)
    puts "Error: #{lockfile_path} not found"
    verbose_diagnostics([lockfile_path])
    exit EXIT_ERROR
  end

  dependencies = Parser.new.parse(lockfile_path)
  generator = SbomGenerator.new

  sbom_data = case options[:format].downcase
  when "spdx"
    generator.generate_spdx(dependencies, options[:project])
  when "cyclone-dx", "cyclonedx"
    generator.generate_cyclone_dx(dependencies, options[:project])
  else
    puts "Error: Unsupported format '#{options[:format]}'. Use 'spdx' or 'cyclone-dx'"
    exit EXIT_ERROR
  end

  output_json = JSON.pretty_generate(sbom_data)

  if options[:output]
    File.write(options[:output], output_json)
    puts "SBOM written to #{options[:output]}"
  else
    puts output_json
  end
end

#scan ⇒ Object

# File 'lib/gem_guard/cli.rb', line 25

def scan
  config = Config.new(options[:config])

  # Override config with CLI options
  lockfile_path = options[:lockfile] || config.lockfile_path
  format = options[:format] || config.output_format
  fail_on_vulns = options[:fail_on_vulnerabilities].nil? ? config.fail_on_vulnerabilities? : options[:fail_on_vulnerabilities]
  severity_threshold = options[:severity_threshold] || config.severity_threshold
  output_file = options[:output] || config.output_file

  unless File.exist?(lockfile_path)
    puts "Error: #{lockfile_path} not found"
    verbose_diagnostics([lockfile_path])
    exit EXIT_ERROR
  end

  begin
    dependencies = Parser.new.parse(lockfile_path)
    vulnerabilities = VulnerabilityFetcher.new.fetch_for(dependencies)

    # Filter vulnerabilities based on config
    filtered_vulnerabilities = filter_vulnerabilities(vulnerabilities, config)

    analysis = Analyzer.new.analyze(dependencies, filtered_vulnerabilities)

    # Filter analysis based on severity threshold
    filtered_analysis = filter_analysis_by_severity(analysis, severity_threshold, config)

    if output_file
      output_content = capture_report_output(filtered_analysis, format)
      File.write(output_file, output_content)
      puts "Report written to #{output_file}"
    else
      Reporter.new.report(filtered_analysis, format: format)
    end

    # Exit with appropriate code for CI/CD
    if filtered_analysis.has_vulnerabilities? && fail_on_vulns
      exit EXIT_VULNERABILITIES_FOUND
    else
      exit EXIT_SUCCESS
    end
  rescue GemGuard::InvalidLockfileError => e
    puts "Invalid Gemfile.lock: #{e.message}"
    puts "Tip: Run 'bundle install' to regenerate your lockfile."
    exit EXIT_ERROR
  rescue GemGuard::FileError => e
    puts "File error: #{e.message}"
    verbose_diagnostics([lockfile_path, output_file].compact)
    exit EXIT_ERROR
  rescue => e
    puts "Error: #{e.message}"
    exit EXIT_ERROR
  end
end

#typosquat ⇒ Object

# File 'lib/gem_guard/cli.rb', line 123

def typosquat
  config = Config.new(options[:config] || ".gemguard.yml")

  lockfile_path = options[:lockfile] || config.lockfile_path
  format = options[:format] || config.output_format
  output_file = options[:output] || config.output_file

  unless File.exist?(lockfile_path)
    puts "Error: #{lockfile_path} not found"
    verbose_diagnostics([lockfile_path])
    exit EXIT_ERROR
  end

  begin
    dependencies = Parser.new.parse(lockfile_path)
    checker = TyposquatChecker.new
    suspicious_gems = checker.check_dependencies(dependencies)

    if output_file
      output_content = format_typosquat_output(suspicious_gems, format)
      File.write(output_file, output_content)
      puts "Typosquat report written to #{output_file}"
    else
      display_typosquat_results(suspicious_gems, format)
    end

    # Exit with appropriate code
    if suspicious_gems.any? { |sg| sg[:risk_level] == "critical" || sg[:risk_level] == "high" }
      exit EXIT_VULNERABILITIES_FOUND
    else
      exit EXIT_SUCCESS
    end
  rescue GemGuard::InvalidLockfileError => e
    puts "Invalid Gemfile.lock: #{e.message}"
    puts "Tip: Run 'bundle install' to regenerate your lockfile."
    exit EXIT_ERROR
  rescue GemGuard::FileError => e
    puts "File error: #{e.message}"
    verbose_diagnostics([lockfile_path, output_file].compact)
    exit EXIT_ERROR
  rescue => e
    puts "Error: #{e.message}"
    exit EXIT_ERROR
  end
end

#version ⇒ Object

# File 'lib/gem_guard/cli.rb', line 309

def version
  puts GemGuard::VERSION
end