Class: Gem::Guardian::ResultPrinter

Inherits:
Object
  • Object
show all
Defined in:
lib/gem/guardian/result_printer.rb

Overview

Formats verification results for human-readable CLI output. rubocop:disable Metrics/ClassLength

Constant Summary collapse

USAGE =

CLI usage text.

<<~USAGE.freeze
  gem-guardian #{VERSION}

  Usage:
    gem-guardian verify [--lockfile Gemfile.lock] [--json] [--provenance]
    gem-guardian verify GEM:VERSION[:PLATFORM] [GEM:VERSION[:PLATFORM] ...]
    gem-guardian verify --lockfile Gemfile.lock [--provenance] GEM:VERSION[:PLATFORM] [...]
    gem-guardian version
    gem-guardian help

  Examples:
    gem-guardian verify
  gem-guardian verify rails:8.1.3
  gem-guardian verify --lockfile Gemfile.lock --provenance mammoth:0.1.1
  gem-guardian verify cdc-sidekiq:0.1.1
  gem-guardian verify nokogiri:1.18.9:x86_64-linux
  gem-guardian verify --json --provenance ratomic:0.4.1
USAGE

Instance Method Summary collapse

Constructor Details

#initialize(stdout:) ⇒ ResultPrinter

Returns a new instance of ResultPrinter.

Parameters:

  • stdout (IO)

    output stream for formatted messages



9
10
11
 
# File 'lib/gem/guardian/result_printer.rb', line 9

def initialize(stdout:)
  @stdout = stdout
end

Instance Method Details

Prints an unexpected verifier error.



49
50
51
52
 
# File 'lib/gem/guardian/result_printer.rb', line 49

def print_error_result(result, label)
  @stdout.puts "ERROR #{label}"
  @stdout.puts "      #{result.error.class}: #{result.error.message}"
end

#print_lockfile_coverage(lockfile_data) ⇒ Object

Prints lockfile checksum coverage.



55
56
57
58
59
60
61
62
63
 
# File 'lib/gem/guardian/result_printer.rb', line 55

def print_lockfile_coverage(lockfile_data)
  covered = lockfile_data.dependencies.size - lockfile_data.missing_checksum_dependencies.size
  total = lockfile_data.dependencies.size
  @stdout.puts "CHECKSUMS coverage: #{covered}/#{total}"

  lockfile_data.missing_checksum_dependencies.each do |dependency|
    @stdout.puts "MISSING #{dependency.name} #{dependency.version} #{dependency.platform}"
  end
end

#print_mismatch_result(result, label) ⇒ Object

Prints a checksum mismatch.



41
42
43
44
45
46
 
# File 'lib/gem/guardian/result_printer.rb', line 41

def print_mismatch_result(result, label)
  @stdout.puts "FAIL #{label}"
  @stdout.puts "     expected #{result.expected_sha256}"
  @stdout.puts "     registry #{result.registry_sha256}" if result.respond_to?(:registry_sha256) && result.registry_sha256
  @stdout.puts "     actual   #{result.actual_sha256}"
end

#print_mismatched_provenance_result(result, label) ⇒ Object

Prints a provenance checksum mismatch.



93
94
95
96
97
 
# File 'lib/gem/guardian/result_printer.rb', line 93

def print_mismatched_provenance_result(result, label)
  @stdout.puts "PROVENANCE FAIL #{label}"
  @stdout.puts "     expected #{result.expected_sha256}"
  @stdout.puts "     actual   #{result.actual_sha256}"
end

#print_ok_result(result, label, lockfile_mode) ⇒ Object

Prints a successful verification result.



31
32
33
34
35
36
37
38
 
# File 'lib/gem/guardian/result_printer.rb', line 31

def print_ok_result(result, label, lockfile_mode)
  prefix = ok_result_prefix(result, lockfile_mode)
  @stdout.puts "#{prefix} #{label}"
  @stdout.puts "     sha256 #{result.actual_sha256}"
  @stdout.puts "     source #{result.checksum_source}" if show_checksum_source?(result, lockfile_mode)
  print_registry_cross_check(result)
  print_registry_provider(result)
end

#print_provenance_result(result) ⇒ Object

Prints one provenance verification result.



73
74
75
76
77
78
79
80
 
# File 'lib/gem/guardian/result_printer.rb', line 73

def print_provenance_result(result)
  label = result_label(result)
  case result.status
  when :verified then print_verified_provenance_result(result, label)
  when :mismatch then print_mismatched_provenance_result(result, label)
  else print_unsupported_provenance_result(result, label)
  end
end

#print_provenance_results(results) ⇒ Object

Prints provenance verification results.



66
67
68
69
70
 
# File 'lib/gem/guardian/result_printer.rb', line 66

def print_provenance_results(results)
  results.each do |result|
    print_provenance_result(result)
  end
end

#print_result(result, lockfile_mode:) ⇒ Object

Prints one verification result.



21
22
23
24
25
26
27
28
 
# File 'lib/gem/guardian/result_printer.rb', line 21

def print_result(result, lockfile_mode:)
  label = result_label(result)
  case result.status
  when :ok then print_ok_result(result, label, lockfile_mode)
  when :mismatch then print_mismatch_result(result, label)
  else print_error_result(result, label)
  end
end

#print_results(results, lockfile_mode:) ⇒ Object

Prints a collection of verification results.



14
15
16
17
18
 
# File 'lib/gem/guardian/result_printer.rb', line 14

def print_results(results, lockfile_mode:)
  results.each do |result|
    print_result(result, lockfile_mode:)
  end
end

#print_unsupported_provenance_result(_result, label) ⇒ Object

Prints a provenance result when no trusted publishing data is available.



100
101
102
 
# File 'lib/gem/guardian/result_printer.rb', line 100

def print_unsupported_provenance_result(_result, label)
  @stdout.puts "PROVENANCE UNSUPPORTED #{label}"
end

#print_verified_provenance_result(result, label) ⇒ Object

Prints a successful provenance verification result.



83
84
85
86
87
88
89
90
 
# File 'lib/gem/guardian/result_printer.rb', line 83

def print_verified_provenance_result(result, label)
  @stdout.puts "PROVENANCE PASS #{label}"
  @stdout.puts "           source trusted-publishing"
  provenance_fields(result).each do |label_name, value|
    @stdout.puts format_provenance_field(label_name, value) if value
  end
  print_github_release_result(result.github_release) if result.github_release
end

#usageObject

Prints the CLI usage text.



105
106
107
 
# File 'lib/gem/guardian/result_printer.rb', line 105

def usage
  @stdout.puts(USAGE)
end