Class: Dependabot::Bun::UpdateChecker::VulnerabilityAuditor

Inherits:

Object

Object
Dependabot::Bun::UpdateChecker::VulnerabilityAuditor

show all

Extended by:: T::Sig

Defined in:: lib/dependabot/bun/update_checker/vulnerability_auditor.rb

Instance Method Summary collapse

#audit(dependency:, security_advisories:) ⇒ Object
#initialize(dependency_files:, credentials:) ⇒ VulnerabilityAuditor constructor

A new instance of VulnerabilityAuditor.

Constructor Details

#initialize(dependency_files:, credentials:) ⇒ `VulnerabilityAuditor`

Returns a new instance of VulnerabilityAuditor.

# File 'lib/dependabot/bun/update_checker/vulnerability_auditor.rb', line 30

def initialize(dependency_files:, credentials:)
  @dependency_files = dependency_files
  @credentials = credentials
end

Instance Method Details

#audit(dependency:, security_advisories:) ⇒ `Object`

# File 'lib/dependabot/bun/update_checker/vulnerability_auditor.rb', line 64

def audit(dependency:, security_advisories:)
  Dependabot.logger.info("VulnerabilityAuditor: starting audit")

  fix_unavailable = {
    "dependency_name" => dependency.name,
    "fix_available" => false,
    "fix_updates" => [],
    "top_level_ancestors" => []
  }

  SharedHelpers.in_a_temporary_directory do
    dependency_files_builder = DependencyFilesBuilder.new(
      dependency: dependency,
      dependency_files: dependency_files,
      credentials: credentials
    )
    dependency_files_builder.write_temporary_dependency_files

    vuln_versions = security_advisories.map do |a|
      {
        dependency_name: a.dependency_name,
        affected_versions: a.vulnerable_version_strings
      }
    end

    audit_result = T.cast(
      SharedHelpers.run_helper_subprocess(
        command: NativeHelpers.helper_path,
        function: "npm:vulnerabilityAuditor",
        args: [Dir.pwd, vuln_versions]
      ),
      T::Hash[String, T.untyped]
    )

    validation_result = validate_audit_result(audit_result, security_advisories)
    if validation_result != :viable
      Dependabot.logger.info("VulnerabilityAuditor: audit result not viable: #{validation_result}")
      fix_unavailable["explanation"] = explain_fix_unavailable(validation_result, dependency)
      return fix_unavailable
    end

    Dependabot.logger.info("VulnerabilityAuditor: audit result viable")
    audit_result
  end
rescue SharedHelpers::HelperSubprocessFailed => e
  log_helper_subprocess_failure(dependency, e)
  T.must(fix_unavailable)
end

Class: Dependabot::Bun::UpdateChecker::VulnerabilityAuditor

Instance Method Summary collapse

Constructor Details

#initialize(dependency_files:, credentials:) ⇒ VulnerabilityAuditor

Instance Method Details

#audit(dependency:, security_advisories:) ⇒ Object

#initialize(dependency_files:, credentials:) ⇒ `VulnerabilityAuditor`

#audit(dependency:, security_advisories:) ⇒ `Object`