Module: Gem::Guardian

Defined in:
lib/gem/guardian/cli.rb,
lib/gem/guardian/error.rb,
lib/gem/guardian/version.rb,
lib/gem/guardian/checksum.rb,
lib/gem/guardian/progress.rb,
lib/gem/guardian/registry.rb,
lib/gem/guardian/verifier.rb,
lib/gem/guardian/dependency.rb,
lib/gem/guardian/configuration.rb,
lib/gem/guardian/github_client.rb,
lib/gem/guardian/artifact_store.rb,
lib/gem/guardian/registry_audit.rb,
lib/gem/guardian/report_builder.rb,
lib/gem/guardian/result_printer.rb,
lib/gem/guardian/lockfile_parser.rb,
lib/gem/guardian/rubygems_client.rb,
lib/gem/guardian/checksum_provider.rb,
lib/gem/guardian/provenance_verifier.rb,
lib/gem/guardian/github_release_verifier.rb

Overview

Command-line interface and output helpers.

Defined Under Namespace

Modules: Checksum, ChecksumProvider, Progress Classes: ArtifactStore, CLI, Configuration, Dependency, GitHubClient, GitHubReleaseResult, GitHubReleaseVerifier, LockfileParser, ProvenanceResult, ProvenanceVerifier, Registry, RegistryAudit, ReportBuilder, ResultPrinter, RubygemsClient, VerificationResult, Verifier

Constant Summary collapse

Error =

Base error type for gem-guardian failures.

Class.new(StandardError)
ChecksumNotFound =

Raised when RubyGems does not expose a checksum for a gem version.

Class.new(Error)
ArtifactFetchError =

Raised when downloading or writing a gem artifact fails.

Class.new(Error)
LockfileError =

Raised when a lockfile cannot be read or parsed.

Class.new(Error)
VERSION =

gem-guardian version.

"0.4.0"

Instance Attribute Summary collapse

Instance Attribute Details

#actual_sha256String? (readonly)

Returns SHA256 computed from the downloaded .gem artifact.

Returns:

  • (String, nil)

    SHA256 computed from the downloaded .gem artifact



28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/gem/guardian/verifier.rb', line 28

VerificationResult = Data.define(:dependency, :expected_sha256, :actual_sha256, :artifact_path, :status, :error,
                                 :checksum_source, :registry_sha256, :registry_checksum_provider,
                                 :registry_checksum_uri) do
  # Indicates whether the verification result is successful.
  #
  # For +:artifact+ results, success means the artifact digest was recorded,
  # not that an independent checksum comparison occurred.
  #
  # @return [Boolean] +true+ when +status+ is +:ok+
  def ok?
    status == :ok
  end
end

#artifact_pathString? (readonly)

Returns local path to the downloaded artifact.

Returns:

  • (String, nil)

    local path to the downloaded artifact



28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/gem/guardian/verifier.rb', line 28

VerificationResult = Data.define(:dependency, :expected_sha256, :actual_sha256, :artifact_path, :status, :error,
                                 :checksum_source, :registry_sha256, :registry_checksum_provider,
                                 :registry_checksum_uri) do
  # Indicates whether the verification result is successful.
  #
  # For +:artifact+ results, success means the artifact digest was recorded,
  # not that an independent checksum comparison occurred.
  #
  # @return [Boolean] +true+ when +status+ is +:ok+
  def ok?
    status == :ok
  end
end

#checksum_sourceSymbol? (readonly)

Returns +:lockfile+, +:registry+, or +:artifact+.

Returns:

  • (Symbol, nil)

    +:lockfile+, +:registry+, or +:artifact+



28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/gem/guardian/verifier.rb', line 28

VerificationResult = Data.define(:dependency, :expected_sha256, :actual_sha256, :artifact_path, :status, :error,
                                 :checksum_source, :registry_sha256, :registry_checksum_provider,
                                 :registry_checksum_uri) do
  # Indicates whether the verification result is successful.
  #
  # For +:artifact+ results, success means the artifact digest was recorded,
  # not that an independent checksum comparison occurred.
  #
  # @return [Boolean] +true+ when +status+ is +:ok+
  def ok?
    status == :ok
  end
end

#dependencyDependency (readonly)

Returns dependency being verified.

Returns:



28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/gem/guardian/verifier.rb', line 28

VerificationResult = Data.define(:dependency, :expected_sha256, :actual_sha256, :artifact_path, :status, :error,
                                 :checksum_source, :registry_sha256, :registry_checksum_provider,
                                 :registry_checksum_uri) do
  # Indicates whether the verification result is successful.
  #
  # For +:artifact+ results, success means the artifact digest was recorded,
  # not that an independent checksum comparison occurred.
  #
  # @return [Boolean] +true+ when +status+ is +:ok+
  def ok?
    status == :ok
  end
end

#errorException? (readonly)

Returns verification error when +status+ is +:error+.

Returns:

  • (Exception, nil)

    verification error when +status+ is +:error+



28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/gem/guardian/verifier.rb', line 28

VerificationResult = Data.define(:dependency, :expected_sha256, :actual_sha256, :artifact_path, :status, :error,
                                 :checksum_source, :registry_sha256, :registry_checksum_provider,
                                 :registry_checksum_uri) do
  # Indicates whether the verification result is successful.
  #
  # For +:artifact+ results, success means the artifact digest was recorded,
  # not that an independent checksum comparison occurred.
  #
  # @return [Boolean] +true+ when +status+ is +:ok+
  def ok?
    status == :ok
  end
end

#expected_sha256String? (readonly)

Returns independent checksum used as the primary expected digest, or +nil+ when the artifact was only recorded.

Returns:

  • (String, nil)

    independent checksum used as the primary expected digest, or +nil+ when the artifact was only recorded



28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/gem/guardian/verifier.rb', line 28

VerificationResult = Data.define(:dependency, :expected_sha256, :actual_sha256, :artifact_path, :status, :error,
                                 :checksum_source, :registry_sha256, :registry_checksum_provider,
                                 :registry_checksum_uri) do
  # Indicates whether the verification result is successful.
  #
  # For +:artifact+ results, success means the artifact digest was recorded,
  # not that an independent checksum comparison occurred.
  #
  # @return [Boolean] +true+ when +status+ is +:ok+
  def ok?
    status == :ok
  end
end

#registry_checksum_providerString? (readonly)

Returns checksum provider name, such as +rubygems-api+, +compact-index+, or +url+.

Returns:

  • (String, nil)

    checksum provider name, such as +rubygems-api+, +compact-index+, or +url+



28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/gem/guardian/verifier.rb', line 28

VerificationResult = Data.define(:dependency, :expected_sha256, :actual_sha256, :artifact_path, :status, :error,
                                 :checksum_source, :registry_sha256, :registry_checksum_provider,
                                 :registry_checksum_uri) do
  # Indicates whether the verification result is successful.
  #
  # For +:artifact+ results, success means the artifact digest was recorded,
  # not that an independent checksum comparison occurred.
  #
  # @return [Boolean] +true+ when +status+ is +:ok+
  def ok?
    status == :ok
  end
end

#registry_checksum_uriString? (readonly)

Returns sanitized URI where the registry or publisher checksum can be inspected.

Returns:

  • (String, nil)

    sanitized URI where the registry or publisher checksum can be inspected



28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/gem/guardian/verifier.rb', line 28

VerificationResult = Data.define(:dependency, :expected_sha256, :actual_sha256, :artifact_path, :status, :error,
                                 :checksum_source, :registry_sha256, :registry_checksum_provider,
                                 :registry_checksum_uri) do
  # Indicates whether the verification result is successful.
  #
  # For +:artifact+ results, success means the artifact digest was recorded,
  # not that an independent checksum comparison occurred.
  #
  # @return [Boolean] +true+ when +status+ is +:ok+
  def ok?
    status == :ok
  end
end

#registry_sha256String? (readonly)

Returns registry or publisher checksum used as an optional cross-check.

Returns:

  • (String, nil)

    registry or publisher checksum used as an optional cross-check



28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/gem/guardian/verifier.rb', line 28

VerificationResult = Data.define(:dependency, :expected_sha256, :actual_sha256, :artifact_path, :status, :error,
                                 :checksum_source, :registry_sha256, :registry_checksum_provider,
                                 :registry_checksum_uri) do
  # Indicates whether the verification result is successful.
  #
  # For +:artifact+ results, success means the artifact digest was recorded,
  # not that an independent checksum comparison occurred.
  #
  # @return [Boolean] +true+ when +status+ is +:ok+
  def ok?
    status == :ok
  end
end

#statusSymbol (readonly)

Returns +:ok+, +:mismatch+, or +:error+.

Returns:

  • (Symbol)

    +:ok+, +:mismatch+, or +:error+



28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/gem/guardian/verifier.rb', line 28

VerificationResult = Data.define(:dependency, :expected_sha256, :actual_sha256, :artifact_path, :status, :error,
                                 :checksum_source, :registry_sha256, :registry_checksum_provider,
                                 :registry_checksum_uri) do
  # Indicates whether the verification result is successful.
  #
  # For +:artifact+ results, success means the artifact digest was recorded,
  # not that an independent checksum comparison occurred.
  #
  # @return [Boolean] +true+ when +status+ is +:ok+
  def ok?
    status == :ok
  end
end