Module: Bundler::Vivarium
- Defined in:
- lib/bundler/vivarium.rb,
lib/bundler/vivarium/version.rb
Overview
Bundler plugin that audits ‘bundle install` behavior using the Vivarium security observation library. It hooks into Bundler’s install lifecycle and starts a Vivarium observation session so that any low-level activity (file access, process exec, network connections, etc.) triggered while resolving and installing gems is recorded and reported.
Defined Under Namespace
Classes: Error
Constant Summary collapse
- DISABLE_ENV =
Set to a truthy value to silence the plugin entirely.
"BUNDLER_VIVARIUM_DISABLE"- EVENTS_ENV =
Comma-separated list of event names to display (e.g. “path_open,sock_connect”). When unset, every event type is shown (subject to the path_open default below).
"BUNDLER_VIVARIUM_EVENTS"- LOG_DEST_ENV =
Path to a file where Vivarium should write its log output. When set, the plugin opens this file and passes it to Vivarium’s observer.
"BUNDLER_VIVARIUM_LOG_DEST"- VERSION =
"0.1.0"
Class Method Summary collapse
-
.register_hooks! ⇒ Object
Registers the Bundler hook.
-
.start_observation(dependencies) ⇒ Object
Starts a top-level Vivarium observation session before gems are installed.
Class Method Details
.register_hooks! ⇒ Object
Registers the Bundler hook. Called from the gem’s plugins.rb when the plugin is loaded by Bundler.
28 29 30 31 32 |
# File 'lib/bundler/vivarium.rb', line 28 def register_hooks! Bundler::Plugin::API.hook(Bundler::Plugin::Events::GEM_BEFORE_INSTALL_ALL) do |dependencies| Bundler::Vivarium.start_observation(dependencies) end end |
.start_observation(dependencies) ⇒ Object
Starts a top-level Vivarium observation session before gems are installed. The session keeps observing for the lifetime of the Bundler process and renders its report at exit, so the whole install is audited.
Failures here must never break ‘bundle install`, so every error is caught and surfaced as a warning instead.
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/bundler/vivarium.rb', line 40 def start_observation(dependencies) return if disabled? require "vivarium" filter = build_filter dest = build_log_dest announce(dependencies, filter, dest) opts = {} opts[:filter] = filter if filter opts[:dest] = dest if dest @session = ::Vivarium.observe(**opts) rescue LoadError => e warn_ui("vivarium library is not available, skipping audit: #{e.}") nil rescue StandardError => e warn_ui("failed to start audit: #{e.class}: #{e.}") nil end |