Class: Gem::Guardian::CLI::LockfileDataView

Inherits:

Data

• Object
• Data
• Gem::Guardian::CLI::LockfileDataView

Defined in:

lib/gem/guardian/cli.rb

Overview

Lightweight lockfile data adapter used when a user verifies only a subset of gems from a Bundler lockfile.

LockfileParser returns the full dependency graph and all parsed checksum entries. When the CLI receives both --lockfile and explicit GEM:VERSION[:PLATFORM] arguments, this view narrows that data to the requested dependencies while preserving the same reader methods consumed by Verifier, ReportBuilder, and ResultPrinter.

Instance Attribute Summary

• #checksums ⇒ Hash{Dependency => Hash{String => String}} readonly

  Checksum algorithms keyed by dependency.

• #checksums_section_present ⇒ Boolean readonly

  Whether the source lockfile contained a CHECKSUMS section.

• #dependencies ⇒ Array<Dependency> readonly

  Dependencies selected for verification.

Instance Method Summary

• #checksum_for(dependency, algorithm = "sha256") ⇒ String^?

  Looks up a checksum for a dependency and algorithm.

• #checksums_present? ⇒ Boolean

  Indicates whether the original lockfile contained a CHECKSUMS section.

• #missing_checksum_dependencies ⇒ Array<Dependency>

  Lists selected dependencies that do not have SHA256 lockfile coverage.

• #sha256_checksums ⇒ Hash{Dependency => String}

  Returns only SHA256 checksums from the filtered lockfile data.

Instance Attribute Details

#checksums ⇒ Hash{Dependency => Hash{String => String}} (readonly)

Returns checksum algorithms keyed by dependency.

Returns:

• (Hash{Dependency => Hash{String => String}}) —

  checksum algorithms keyed by dependency

# File 'lib/gem/guardian/cli.rb', line 29

LockfileDataView = Data.define(:dependencies, :checksums, :checksums_section_present) do
  # Looks up a checksum for a dependency and algorithm.
  #
  # @param dependency [Dependency] dependency to look up
  # @param algorithm [String] checksum algorithm name, currently usually
  #   +"sha256"+
  # @return [String, nil] checksum digest when present, otherwise +nil+
  def checksum_for(dependency, algorithm = "sha256")
    checksums.fetch(dependency, {}).fetch(algorithm, nil)
  end

  # Returns only SHA256 checksums from the filtered lockfile data.
  #
  # @return [Hash{Dependency => String}] selected dependencies mapped to
  #   their SHA256 digest
  def sha256_checksums
    checksums.each_with_object({}) do |(dependency, algorithms), memo|
      digest = algorithms["sha256"]
      memo[dependency] = digest if digest
    end
  end

  # Lists selected dependencies that do not have SHA256 lockfile coverage.
  #
  # @return [Array<Dependency>] dependencies missing a SHA256 checksum in
  #   the lockfile view
  def missing_checksum_dependencies
    dependencies.reject { |dependency| sha256_checksums.key?(dependency) }
  end

  # Indicates whether the original lockfile contained a +CHECKSUMS+
  # section.
  #
  # @return [Boolean] +true+ when the source lockfile had checksum metadata
  def checksums_present?
    checksums_section_present
  end
end

#checksums_section_present ⇒ Boolean (readonly)

Returns whether the source lockfile contained a CHECKSUMS section.

Returns:

• (Boolean) —

  whether the source lockfile contained a CHECKSUMS section

# File 'lib/gem/guardian/cli.rb', line 29

LockfileDataView = Data.define(:dependencies, :checksums, :checksums_section_present) do
  # Looks up a checksum for a dependency and algorithm.
  #
  # @param dependency [Dependency] dependency to look up
  # @param algorithm [String] checksum algorithm name, currently usually
  #   +"sha256"+
  # @return [String, nil] checksum digest when present, otherwise +nil+
  def checksum_for(dependency, algorithm = "sha256")
    checksums.fetch(dependency, {}).fetch(algorithm, nil)
  end

  # Returns only SHA256 checksums from the filtered lockfile data.
  #
  # @return [Hash{Dependency => String}] selected dependencies mapped to
  #   their SHA256 digest
  def sha256_checksums
    checksums.each_with_object({}) do |(dependency, algorithms), memo|
      digest = algorithms["sha256"]
      memo[dependency] = digest if digest
    end
  end

  # Lists selected dependencies that do not have SHA256 lockfile coverage.
  #
  # @return [Array<Dependency>] dependencies missing a SHA256 checksum in
  #   the lockfile view
  def missing_checksum_dependencies
    dependencies.reject { |dependency| sha256_checksums.key?(dependency) }
  end

  # Indicates whether the original lockfile contained a +CHECKSUMS+
  # section.
  #
  # @return [Boolean] +true+ when the source lockfile had checksum metadata
  def checksums_present?
    checksums_section_present
  end
end

#dependencies ⇒ Array<Dependency> (readonly)

Returns dependencies selected for verification.

Returns:

• (Array<Dependency>) —

  dependencies selected for verification

# File 'lib/gem/guardian/cli.rb', line 29

LockfileDataView = Data.define(:dependencies, :checksums, :checksums_section_present) do
  # Looks up a checksum for a dependency and algorithm.
  #
  # @param dependency [Dependency] dependency to look up
  # @param algorithm [String] checksum algorithm name, currently usually
  #   +"sha256"+
  # @return [String, nil] checksum digest when present, otherwise +nil+
  def checksum_for(dependency, algorithm = "sha256")
    checksums.fetch(dependency, {}).fetch(algorithm, nil)
  end

  # Returns only SHA256 checksums from the filtered lockfile data.
  #
  # @return [Hash{Dependency => String}] selected dependencies mapped to
  #   their SHA256 digest
  def sha256_checksums
    checksums.each_with_object({}) do |(dependency, algorithms), memo|
      digest = algorithms["sha256"]
      memo[dependency] = digest if digest
    end
  end

  # Lists selected dependencies that do not have SHA256 lockfile coverage.
  #
  # @return [Array<Dependency>] dependencies missing a SHA256 checksum in
  #   the lockfile view
  def missing_checksum_dependencies
    dependencies.reject { |dependency| sha256_checksums.key?(dependency) }
  end

  # Indicates whether the original lockfile contained a +CHECKSUMS+
  # section.
  #
  # @return [Boolean] +true+ when the source lockfile had checksum metadata
  def checksums_present?
    checksums_section_present
  end
end

Instance Method Details

#checksum_for(dependency, algorithm = "sha256") ⇒ String^?

Looks up a checksum for a dependency and algorithm.

Parameters:

• dependency (Dependency) —

  dependency to look up

• algorithm (String) (defaults to: "sha256") —

  checksum algorithm name, currently usually "sha256"

Returns:

• (String, nil) —

  checksum digest when present, otherwise nil

# File 'lib/gem/guardian/cli.rb', line 36

def checksum_for(dependency, algorithm = "sha256")
  checksums.fetch(dependency, {}).fetch(algorithm, nil)
end

#checksums_present? ⇒ Boolean

Indicates whether the original lockfile contained a CHECKSUMS section.

Returns:

• (Boolean) —

  true when the source lockfile had checksum metadata

# File 'lib/gem/guardian/cli.rb', line 63

def checksums_present?
  checksums_section_present
end

#missing_checksum_dependencies ⇒ Array<Dependency>

Lists selected dependencies that do not have SHA256 lockfile coverage.

Returns:

• (Array<Dependency>) —

  dependencies missing a SHA256 checksum in the lockfile view

# File 'lib/gem/guardian/cli.rb', line 55

def missing_checksum_dependencies
  dependencies.reject { |dependency| sha256_checksums.key?(dependency) }
end

#sha256_checksums ⇒ Hash{Dependency => String}

Returns only SHA256 checksums from the filtered lockfile data.

Returns:

• (Hash{Dependency => String}) —

  selected dependencies mapped to their SHA256 digest

# File 'lib/gem/guardian/cli.rb', line 44

def sha256_checksums
  checksums.each_with_object({}) do |(dependency, algorithms), memo|
    digest = algorithms["sha256"]
    memo[dependency] = digest if digest
  end
end