class Unwrappr::Researchers::SecurityVulnerabilities
Checks for security vulnerabilities using the Advisory DB github.com/rubysec/ruby-advisory-db
Implements the `gem_researcher` interface required by the LockFileAnnotator
.
Constants
- Vulnerabilites
Public Instance Methods
research(gem_change, gem_change_info)
click to toggle source
# File lib/unwrappr/researchers/security_vulnerabilities.rb, line 15 def research(gem_change, gem_change_info) gem_change_info.merge( security_vulnerabilities: vulnerabilities(gem_change) ) end
Private Instance Methods
database()
click to toggle source
# File lib/unwrappr/researchers/security_vulnerabilities.rb, line 34 def database return @database if defined?(@database) Bundler::Audit::Database.update!(quiet: true) @database = Bundler::Audit::Database.new end
vulnerabilities(gem)
click to toggle source
# File lib/unwrappr/researchers/security_vulnerabilities.rb, line 23 def vulnerabilities(gem) advisories = database.advisories_for(gem.name) base_advisories = vulnerable_advisories(gem.base_version, advisories) head_advisories = vulnerable_advisories(gem.head_version, advisories) Vulnerabilites.new( base_advisories - head_advisories, head_advisories - base_advisories, base_advisories & head_advisories ) end
vulnerable_advisories(gem_version, advisories)
click to toggle source
# File lib/unwrappr/researchers/security_vulnerabilities.rb, line 41 def vulnerable_advisories(gem_version, advisories) return [] if gem_version.nil? advisories.select do |advisory| advisory.vulnerable?(gem_version.version) end end