class Unwrappr::Researchers::SecurityVulnerabilities

Checks for security vulnerabilities using the Advisory DB github.com/rubysec/ruby-advisory-db

Implements the `gem_researcher` interface required by the LockFileAnnotator.

Constants

Vulnerabilites

Public Instance Methods

research(gem_change, gem_change_info) click to toggle source
# File lib/unwrappr/researchers/security_vulnerabilities.rb, line 15
def research(gem_change, gem_change_info)
  gem_change_info.merge(
    security_vulnerabilities: vulnerabilities(gem_change)
  )
end

Private Instance Methods

database() click to toggle source
# File lib/unwrappr/researchers/security_vulnerabilities.rb, line 34
def database
  return @database if defined?(@database)

  Bundler::Audit::Database.update!(quiet: true)
  @database = Bundler::Audit::Database.new
end
vulnerabilities(gem) click to toggle source
# File lib/unwrappr/researchers/security_vulnerabilities.rb, line 23
def vulnerabilities(gem)
  advisories = database.advisories_for(gem.name)
  base_advisories = vulnerable_advisories(gem.base_version, advisories)
  head_advisories = vulnerable_advisories(gem.head_version, advisories)
  Vulnerabilites.new(
    base_advisories - head_advisories,
    head_advisories - base_advisories,
    base_advisories & head_advisories
  )
end
vulnerable_advisories(gem_version, advisories) click to toggle source
# File lib/unwrappr/researchers/security_vulnerabilities.rb, line 41
def vulnerable_advisories(gem_version, advisories)
  return [] if gem_version.nil?

  advisories.select do |advisory|
    advisory.vulnerable?(gem_version.version)
  end
end