Class: Commissar::Scanner

Inherits:

Object

• Object
• Commissar::Scanner

Defined in:

lib/commissar.rb

Constant Summary

RUBYGEMS_API =

"https://rubygems.org/api/v1"

HOMOGLYPH_RE =

/[аеорсхѕіїӏορᴏᴀ]/

Instance Attribute Summary

• #findings ⇒ Object readonly

  Returns the value of attribute findings.

• #gem_name ⇒ Object readonly

  Returns the value of attribute gem_name.

• #version ⇒ Object readonly

  Returns the value of attribute version.

Instance Method Summary

• #initialize(gem_name, version: nil, local_path: nil) ⇒ Scanner constructor

  A new instance of Scanner.

• #report(format: :text, io: $stdout) ⇒ Object
• #risk_score ⇒ Object
• #scan(quiet: false) ⇒ Object

Constructor Details

#initialize(gem_name, version: nil, local_path: nil) ⇒ Scanner

Returns a new instance of Scanner.

# File 'lib/commissar.rb', line 94

def initialize(gem_name, version: nil, local_path: nil)
	@gem_name   = gem_name
	@version    = version
	@local_path = local_path
	@findings   = []
	@metadata   = {}
	@files      = {}
	@spec       = nil
	@owners     = :pending
	@suspicious_urls      = Config.load("suspicious_urls.txt")
	@suspicious_functions = Config.load("suspicious_functions.txt")
	@suspicious_shell     = Config.load("suspicious_shell.txt")
	@credential_paths     = Config.load("credential_paths.txt")
	@clipboard_patterns      = Config.load("clipboard_patterns.txt")
	@post_install_patterns   = Config.load("post_install_patterns.txt")
	@known_bad_wallets       = Config.load_known_wallets
	@complex_gems         = Config.load_complex_gems
	@top_gems             = Config.load("top_gems.txt")
end

Instance Attribute Details

#findings ⇒ Object (readonly)

Returns the value of attribute findings.

# File 'lib/commissar.rb', line 92

def findings
  @findings
end

#gem_name ⇒ Object (readonly)

Returns the value of attribute gem_name.

# File 'lib/commissar.rb', line 92

def gem_name
  @gem_name
end

#version ⇒ Object (readonly)

Returns the value of attribute version.

# File 'lib/commissar.rb', line 92

def version
  @version
end

Instance Method Details

#report(format: :text, io: $stdout) ⇒ Object

# File 'lib/commissar.rb', line 135

def report(format: :text, io: $stdout)
	case format
	when :csv   then report_csv(io)
	when :json  then report_json(io)
	when :table then report_table(io)
	else             report_text(io)
	end
end

#risk_score ⇒ Object

# File 'lib/commissar.rb', line 130

def risk_score
	raw = @findings.sum(&:weight)
	[raw, 100].min
end

#scan(quiet: false) ⇒ Object

# File 'lib/commissar.rb', line 114

def scan(quiet: false)
	puts "\n#{"[*] Scanning: #{gem_name}".colorize(:white)} #{version_label}" unless quiet
	fetch_metadata unless @local_path
	fetch_and_unpack
	run_metadata_checks
	run_diff_checks unless @local_path
	run_gemspec_checks
	run_function_checks
	run_url_checks
	run_shell_checks
	run_encoding_checks
	run_credential_checks
	run_web3_checks
	self
end