Class: Gem::Guardian::ResultPrinter

Inherits:
Object
  • Object
show all
Defined in:
lib/gem/guardian/result_printer.rb

Overview

Formats verification results for human-readable CLI output. rubocop:disable Metrics/ClassLength

Constant Summary collapse

USAGE =

CLI usage text.

<<~USAGE.freeze
  gem-guardian #{VERSION}

  Usage:
    gem-guardian verify [--lockfile Gemfile.lock] [--json] [--provenance]
    gem-guardian verify GEM:VERSION[:PLATFORM] [GEM:VERSION[:PLATFORM] ...]
    gem-guardian version
    gem-guardian help

  Examples:
    gem-guardian verify
  gem-guardian verify sidekiq:8.1.6
  gem-guardian verify cdc-sidekiq:0.1.1
  gem-guardian verify nokogiri:1.18.9:x86_64-linux
  gem-guardian verify --json --provenance ratomic:0.4.1
USAGE

Instance Method Summary collapse

Constructor Details

#initialize(stdout:) ⇒ ResultPrinter

Returns a new instance of ResultPrinter.

Parameters:

  • stdout (IO)

    output stream for formatted messages



9
10
11
 
# File 'lib/gem/guardian/result_printer.rb', line 9

def initialize(stdout:)
  @stdout = stdout
end

Instance Method Details

Prints an unexpected verifier error.



46
47
48
49
 
# File 'lib/gem/guardian/result_printer.rb', line 46

def print_error_result(result, label)
  @stdout.puts "ERROR #{label}"
  @stdout.puts "      #{result.error.class}: #{result.error.message}"
end

#print_lockfile_coverage(lockfile_data) ⇒ Object

Prints lockfile checksum coverage.



52
53
54
55
56
57
58
59
60
 
# File 'lib/gem/guardian/result_printer.rb', line 52

def print_lockfile_coverage(lockfile_data)
  covered = lockfile_data.dependencies.size - lockfile_data.missing_checksum_dependencies.size
  total = lockfile_data.dependencies.size
  @stdout.puts "CHECKSUMS coverage: #{covered}/#{total}"

  lockfile_data.missing_checksum_dependencies.each do |dependency|
    @stdout.puts "MISSING #{dependency.name} #{dependency.version} #{dependency.platform}"
  end
end

#print_mismatch_result(result, label) ⇒ Object

Prints a checksum mismatch.



39
40
41
42
43
 
# File 'lib/gem/guardian/result_printer.rb', line 39

def print_mismatch_result(result, label)
  @stdout.puts "FAIL #{label}"
  @stdout.puts "     expected #{result.expected_sha256}"
  @stdout.puts "     actual   #{result.actual_sha256}"
end

#print_mismatched_provenance_result(result, label) ⇒ Object

Prints a provenance checksum mismatch.



90
91
92
93
94
 
# File 'lib/gem/guardian/result_printer.rb', line 90

def print_mismatched_provenance_result(result, label)
  @stdout.puts "PROVENANCE FAIL #{label}"
  @stdout.puts "     expected #{result.expected_sha256}"
  @stdout.puts "     actual   #{result.actual_sha256}"
end

#print_ok_result(result, label, lockfile_mode) ⇒ Object

Prints a successful verification result.



31
32
33
34
35
36
 
# File 'lib/gem/guardian/result_printer.rb', line 31

def print_ok_result(result, label, lockfile_mode)
  prefix = lockfile_mode && result.checksum_source == :rubygems ? "FALLBACK" : "PASS"
  @stdout.puts "#{prefix} #{label}"
  @stdout.puts "     sha256 #{result.actual_sha256}"
  @stdout.puts "     source #{result.checksum_source}" if lockfile_mode && result.checksum_source
end

#print_provenance_result(result) ⇒ Object

Prints one provenance verification result.



70
71
72
73
74
75
76
77
 
# File 'lib/gem/guardian/result_printer.rb', line 70

def print_provenance_result(result)
  label = result_label(result)
  case result.status
  when :verified then print_verified_provenance_result(result, label)
  when :mismatch then print_mismatched_provenance_result(result, label)
  else print_unsupported_provenance_result(result, label)
  end
end

#print_provenance_results(results) ⇒ Object

Prints provenance verification results.



63
64
65
66
67
 
# File 'lib/gem/guardian/result_printer.rb', line 63

def print_provenance_results(results)
  results.each do |result|
    print_provenance_result(result)
  end
end

#print_result(result, lockfile_mode:) ⇒ Object

Prints one verification result.



21
22
23
24
25
26
27
28
 
# File 'lib/gem/guardian/result_printer.rb', line 21

def print_result(result, lockfile_mode:)
  label = result_label(result)
  case result.status
  when :ok then print_ok_result(result, label, lockfile_mode)
  when :mismatch then print_mismatch_result(result, label)
  else print_error_result(result, label)
  end
end

#print_results(results, lockfile_mode:) ⇒ Object

Prints a collection of verification results.



14
15
16
17
18
 
# File 'lib/gem/guardian/result_printer.rb', line 14

def print_results(results, lockfile_mode:)
  results.each do |result|
    print_result(result, lockfile_mode:)
  end
end

#print_unsupported_provenance_result(_result, label) ⇒ Object

Prints a provenance result when no trusted publishing data is available.



97
98
99
 
# File 'lib/gem/guardian/result_printer.rb', line 97

def print_unsupported_provenance_result(_result, label)
  @stdout.puts "PROVENANCE UNSUPPORTED #{label}"
end

#print_verified_provenance_result(result, label) ⇒ Object

Prints a successful provenance verification result.



80
81
82
83
84
85
86
87
 
# File 'lib/gem/guardian/result_printer.rb', line 80

def print_verified_provenance_result(result, label)
  @stdout.puts "PROVENANCE PASS #{label}"
  @stdout.puts "           source trusted-publishing"
  provenance_fields(result).each do |label_name, value|
    @stdout.puts format_provenance_field(label_name, value) if value
  end
  print_github_release_result(result.github_release) if result.github_release
end

#usageObject

Prints the CLI usage text.



102
103
104
 
# File 'lib/gem/guardian/result_printer.rb', line 102

def usage
  @stdout.puts(USAGE)
end