Class: Rails::Guarddog::Checkers::DependencyChecker

Inherits:
BaseChecker
  • Object
show all
Defined in:
lib/rails/guarddog/checkers/dependency_checker.rb

Instance Attribute Summary

Attributes inherited from BaseChecker

#findings

Instance Method Summary collapse

Methods inherited from BaseChecker

#initialize

Constructor Details

This class inherits a constructor from Rails::Guarddog::Checkers::BaseChecker

Instance Method Details

#runObject 



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
# File 'lib/rails/guarddog/checkers/dependency_checker.rb', line 5

def run
  gemfile = File.join(@root, 'Gemfile.lock')
  return [] unless File.exist?(gemfile)
  
  content = File.read(gemfile)
  
  # Check for typosquatted gems
  if content.match?(/raills|raill\s|rails-rails|active-model/) 
    add_finding(
      severity: :critical,
      message: "Possible typosquatted gem detected in Gemfile.lock",
      file: gemfile,
      line: 1,
      remediation: "Verify gem names carefully; check rubygems.org"
    )
  end
  
  findings
end