Class: Legion::Registry::SecurityScanner

Inherits:

Object

Object
Legion::Registry::SecurityScanner

show all

Defined in:: lib/legion/registry/security_scanner.rb

Constant Summary collapse

CHECKS =

%i[checksum naming_convention gemspec_metadata static_analysis].freeze

DANGEROUS_PATTERNS =

[
  { pattern: /\bKernel\.eval\b|\beval\s*\(/, label: 'eval' },
  { pattern: /\bKernel\.system\b|\bsystem\s*\(/, label: 'system' },
  { pattern: /\bKernel\.exec\b|\bexec\s*\(/, label: 'exec' },
  { pattern: /\bIO\.popen\b/, label: 'IO.popen' },
  { pattern: /\bOpen3\b/, label: 'Open3' },
  { pattern: /`[^`]+`/, label: 'backtick subshell' }
].freeze

Instance Method Summary collapse

#scan(gem_path: nil, name: nil, gemspec: nil, source_path: nil) ⇒ Object

Instance Method Details

#scan(gem_path: nil, name: nil, gemspec: nil, source_path: nil) ⇒ `Object`

# File 'lib/legion/registry/security_scanner.rb', line 19

def scan(gem_path: nil, name: nil, gemspec: nil, source_path: nil)
  results = CHECKS.map do |check|
    send(check, gem_path: gem_path, name: name, gemspec: gemspec, source_path: source_path)
  end
  {
    passed:     results.all? { |r| r[:status] != :fail },
    checks:     results,
    scanned_at: Time.now
  }
end