Class: Gem::Guardian::CLI

Inherits:

Object

• Object
• Gem::Guardian::CLI

Defined in:

lib/gem/guardian/cli.rb

Overview

Command-line entry point for gem-guardian. rubocop:disable Metrics/ClassLength

Defined Under Namespace

Classes: LockfileDataView

Instance Attribute Summary

• #checksums ⇒ Hash{Dependency => Hash{String => String}} readonly

  Checksum algorithms keyed by dependency.

• #checksums_section_present ⇒ Boolean readonly

  Whether the source lockfile contained a +CHECKSUMS+ section.

• #dependencies ⇒ Array<Dependency> readonly

  Dependencies selected for verification.

Class Method Summary

• .start(argv) ⇒ Object

  Starts the CLI with the provided argv.

Instance Method Summary

• #initialize(argv, stdout: $stdout, stderr: $stderr, verifier_class: Verifier, lockfile_parser_class: LockfileParser, provenance_verifier_class: ProvenanceVerifier, report_builder_class: ReportBuilder) ⇒ CLI constructor

  A new instance of CLI.

• #run ⇒ Object

  Dispatches the requested subcommand and returns an exit status.

Constructor Details

#initialize(argv, stdout: $stdout, stderr: $stderr, verifier_class: Verifier, lockfile_parser_class: LockfileParser, provenance_verifier_class: ProvenanceVerifier, report_builder_class: ReportBuilder) ⇒ CLI

Returns a new instance of CLI.

# File 'lib/gem/guardian/cli.rb', line 73

def initialize(argv, stdout: $stdout, stderr: $stderr, verifier_class: Verifier,
               lockfile_parser_class: LockfileParser, provenance_verifier_class: ProvenanceVerifier,
               report_builder_class: ReportBuilder)
  @argv = argv.dup
  @stdout = stdout
  @stderr = stderr
  @verifier_class = verifier_class
  @lockfile_parser_class = lockfile_parser_class
  @provenance_verifier_class = provenance_verifier_class
  @report_builder_class = report_builder_class
  @result_printer = ResultPrinter.new(stdout:)
end

Instance Attribute Details

#checksums ⇒ Hash{Dependency => Hash{String => String}} (readonly)

Returns checksum algorithms keyed by dependency.

Returns:

• (Hash{Dependency => Hash{String => String}}) —

  checksum algorithms keyed by dependency

# File 'lib/gem/guardian/cli.rb', line 29

LockfileDataView = Data.define(:dependencies, :checksums, :checksums_section_present) do
  # Looks up a checksum for a dependency and algorithm.
  #
  # @param dependency [Dependency] dependency to look up
  # @param algorithm [String] checksum algorithm name, currently usually
  #   +"sha256"+
  # @return [String, nil] checksum digest when present, otherwise +nil+
  def checksum_for(dependency, algorithm = "sha256")
    checksums.fetch(dependency, {}).fetch(algorithm, nil)
  end

  # Returns only SHA256 checksums from the filtered lockfile data.
  #
  # @return [Hash{Dependency => String}] selected dependencies mapped to
  #   their SHA256 digest
  def sha256_checksums
    checksums.each_with_object({}) do |(dependency, algorithms), memo|
      digest = algorithms["sha256"]
      memo[dependency] = digest if digest
    end
  end

  # Lists selected dependencies that do not have SHA256 lockfile coverage.
  #
  # @return [Array<Dependency>] dependencies missing a SHA256 checksum in
  #   the lockfile view
  def missing_checksum_dependencies
    dependencies.reject { |dependency| sha256_checksums.key?(dependency) }
  end

  # Indicates whether the original lockfile contained a +CHECKSUMS+
  # section.
  #
  # @return [Boolean] +true+ when the source lockfile had checksum metadata
  def checksums_present?
    checksums_section_present
  end
end

#checksums_section_present ⇒ Boolean (readonly)

Returns whether the source lockfile contained a +CHECKSUMS+ section.

Returns:

• (Boolean) —

  whether the source lockfile contained a +CHECKSUMS+ section

# File 'lib/gem/guardian/cli.rb', line 29

LockfileDataView = Data.define(:dependencies, :checksums, :checksums_section_present) do
  # Looks up a checksum for a dependency and algorithm.
  #
  # @param dependency [Dependency] dependency to look up
  # @param algorithm [String] checksum algorithm name, currently usually
  #   +"sha256"+
  # @return [String, nil] checksum digest when present, otherwise +nil+
  def checksum_for(dependency, algorithm = "sha256")
    checksums.fetch(dependency, {}).fetch(algorithm, nil)
  end

  # Returns only SHA256 checksums from the filtered lockfile data.
  #
  # @return [Hash{Dependency => String}] selected dependencies mapped to
  #   their SHA256 digest
  def sha256_checksums
    checksums.each_with_object({}) do |(dependency, algorithms), memo|
      digest = algorithms["sha256"]
      memo[dependency] = digest if digest
    end
  end

  # Lists selected dependencies that do not have SHA256 lockfile coverage.
  #
  # @return [Array<Dependency>] dependencies missing a SHA256 checksum in
  #   the lockfile view
  def missing_checksum_dependencies
    dependencies.reject { |dependency| sha256_checksums.key?(dependency) }
  end

  # Indicates whether the original lockfile contained a +CHECKSUMS+
  # section.
  #
  # @return [Boolean] +true+ when the source lockfile had checksum metadata
  def checksums_present?
    checksums_section_present
  end
end

#dependencies ⇒ Array<Dependency> (readonly)

Returns dependencies selected for verification.

Returns:

• (Array<Dependency>) —

  dependencies selected for verification

# File 'lib/gem/guardian/cli.rb', line 29

LockfileDataView = Data.define(:dependencies, :checksums, :checksums_section_present) do
  # Looks up a checksum for a dependency and algorithm.
  #
  # @param dependency [Dependency] dependency to look up
  # @param algorithm [String] checksum algorithm name, currently usually
  #   +"sha256"+
  # @return [String, nil] checksum digest when present, otherwise +nil+
  def checksum_for(dependency, algorithm = "sha256")
    checksums.fetch(dependency, {}).fetch(algorithm, nil)
  end

  # Returns only SHA256 checksums from the filtered lockfile data.
  #
  # @return [Hash{Dependency => String}] selected dependencies mapped to
  #   their SHA256 digest
  def sha256_checksums
    checksums.each_with_object({}) do |(dependency, algorithms), memo|
      digest = algorithms["sha256"]
      memo[dependency] = digest if digest
    end
  end

  # Lists selected dependencies that do not have SHA256 lockfile coverage.
  #
  # @return [Array<Dependency>] dependencies missing a SHA256 checksum in
  #   the lockfile view
  def missing_checksum_dependencies
    dependencies.reject { |dependency| sha256_checksums.key?(dependency) }
  end

  # Indicates whether the original lockfile contained a +CHECKSUMS+
  # section.
  #
  # @return [Boolean] +true+ when the source lockfile had checksum metadata
  def checksums_present?
    checksums_section_present
  end
end

Class Method Details

.start(argv) ⇒ Object

Starts the CLI with the provided argv.

# File 'lib/gem/guardian/cli.rb', line 69

def self.start(argv)
  new(argv).run
end

Instance Method Details

#run ⇒ Object

Dispatches the requested subcommand and returns an exit status.

# File 'lib/gem/guardian/cli.rb', line 87

def run
  dispatch(@argv.shift)
end