RubyGems - polariscope - Versions diffs - 0.3.0 → 0.4.0 - Mend

polariscope 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +4 -4
data/.rubocop.yml +1 -4
data/CHANGELOG.md +5 -0
data/lib/polariscope/scanner/advisories_health_score.rb +28 -0
data/lib/polariscope/scanner/audit_database.rb +35 -0
data/lib/polariscope/scanner/calculation_context.rb +71 -0
data/lib/polariscope/scanner/dependency_context.rb +119 -0
data/lib/polariscope/scanner/gem_health_score.rb +29 -25
data/lib/polariscope/scanner/gem_versions.rb +19 -6
data/lib/polariscope/scanner/gemfile_health_score.rb +33 -112
data/lib/polariscope/scanner/ruby_scanner.rb +5 -11
data/lib/polariscope/scanner/ruby_versions.rb +29 -0
data/lib/polariscope/version.rb +1 -1
data/lib/polariscope.rb +8 -8
metadata +7 -3
data/lib/polariscope/scanner/codebase_health_score.rb +0 -69

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1c891a85ae5f5fed5a3cba46ddb78c81657baedfac15bcf31de9002fdae9c6df
-  data.tar.gz: 3864c4ecf3833289fb1cb1af30df8316a646f62714962f034e60ab42d0ab11f9
+  metadata.gz: 0d0728ac02d87facc2bbaf9297aee04343275420e267c7daf7240c3b3686b834
+  data.tar.gz: daa80c083d6a29aa9709ce9e34a55fea9f5842cc4e85967dd9cdb947ef274f9e
 SHA512:
-  metadata.gz: c008254c44678d2a936e027e33bba206ac12f48f7350d5aa63f5105e8897713fc851664d46afa02f665f11d53ad4459094b6795e3ba4caefaf58b3918d74fd47
-  data.tar.gz: 8e123d4cc077831e1fc252d846655b0994e3f78836affdc11af73ad9df9ae87bedf3c5ead5012be77f6b010d38585172d7e31800f23f86241f68b74cae3c97d2
+  metadata.gz: 26d92d6f8a81ef010a02dba51ec28deed8ce9d1c1ef0bf92a13694c29ada0cf062a5d375819cad2f7bed5db1a292fe978f7bd24225381530976d6a394c9bebb0
+  data.tar.gz: 24f52577172981309212e6de5ac8f45ef51b26c8ecf075f3d29aec930be1cc383ee8ed7ae9608c943782eed93cb3387dec498932f6041cd86f9dc1b481ba35cd

data/.rubocop.yml CHANGED Viewed

@@ -21,8 +21,5 @@ Style/FrozenStringLiteralComment:
   Exclude:
     - 'exe/polariscope'
-Rails/TimeZone:
-  Enabled: false
-Rails/Date:
+Rails:
   Enabled: false

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,10 @@
 ## [Unreleased]
+## [0.4.0] - 2024-10-25
+- Count Ruby versions towards health score
+- Update audit database if older than one day
 ## [0.3.0] - 2024-10-17
 - Count Ruby advisories towards health score

data/lib/polariscope/scanner/advisories_health_score.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+module Polariscope
+  module Scanner
+    class AdvisoriesHealthScore
+      def initialize(dependency_context, calculation_context)
+        @dependency_context = dependency_context
+        @calculation_context = calculation_context
+      end
+      def health_score
+        (1 + advisories_penalty)**-Math.log(calculation_context.advisory_severity)
+      end
+      private
+      attr_reader :dependency_context
+      attr_reader :calculation_context
+      def advisories_penalty
+        dependency_context
+          .advisories
+          .map(&:criticality)
+          .sum { |criticality| calculation_context.advisory_penalty_for(criticality) }
+      end
+    end
+  end
+end

data/lib/polariscope/scanner/audit_database.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+require 'bundler/audit/database'
+module Polariscope
+  module Scanner
+    module AuditDatabase
+      extend self
+      ONE_DAY = 24 * 60 * 60
+      def update_if_necessary
+        update_audit_database! if database_outdated?
+      end
+      private
+      def update_audit_database!
+        Bundler::Audit::Database.update!(quiet: true)
+      end
+      def database_outdated?
+        audit_db_missing? || audit_db_stale?
+      end
+      def audit_db_missing?
+        !Bundler::Audit::Database.exists?
+      end
+      def audit_db_stale?
+        ((Time.now - Bundler::Audit::Database.new.last_updated_at) / ONE_DAY) > 1.0
+      end
+    end
+  end
+end

data/lib/polariscope/scanner/calculation_context.rb ADDED Viewed

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+module Polariscope
+  module Scanner
+    class CalculationContext
+      DEPENDENCY_PRIORITIES = { ruby: 10.0, rails: 10.0 }.freeze
+      GROUP_PRIORITIES = { default: 2.0, production: 2.0 }.freeze
+      DEFAULT_DEPENDENCY_PRIORITY = 1.0
+      ADVISORY_SEVERITY = 1.09
+      ADVISORY_PENALTIES = {
+        none: 0.0,
+        low: 0.5,
+        medium: 1.0,
+        high: 3.0,
+        critical: 5.0
+      }.freeze
+      FALLBACK_ADVISORY_PENALTY = 0.5
+      MAJOR_VERSION_PENALTY = 1
+      NEW_VERSIONS_SEVERITY = 1.07
+      SEGMENT_SEVERITIES = [1.7, 1.15, 1.01].freeze
+      FALLBACK_SEGMENT_SEVERITY = 1.0
+      def initialize(**opts)
+        @dependency_priorities = opts.fetch(:dependency_priorities, DEPENDENCY_PRIORITIES)
+        @group_priorities = opts.fetch(:group_priorities, GROUP_PRIORITIES)
+        @default_dependency_priority = opts.fetch(:default_dependency_priority, DEFAULT_DEPENDENCY_PRIORITY)
+        @advisory_severity = opts.fetch(:advisory_severity, ADVISORY_SEVERITY)
+        @advisory_penalties = opts.fetch(:advisory_penalties, ADVISORY_PENALTIES)
+        @fallback_advisory_penalty = opts.fetch(:fallback_advisory_penalty, FALLBACK_ADVISORY_PENALTY)
+        @major_version_penalty = opts.fetch(:major_version_penalty, MAJOR_VERSION_PENALTY)
+        @new_versions_severity = opts.fetch(:new_versions_severity, NEW_VERSIONS_SEVERITY)
+        @segment_severities = opts.fetch(:segment_severities, SEGMENT_SEVERITIES)
+        @fallback_segment_severity = opts.fetch(:fallback_segment_severity, FALLBACK_SEGMENT_SEVERITY)
+      end
+      def priority_for(dependency)
+        dependency_priorities[dependency.name.to_sym] ||
+          group_priorities[dependency.groups.first] ||
+          default_dependency_priority
+      end
+      def advisory_penalty_for(criticality)
+        advisory_penalties.fetch(criticality, fallback_advisory_penalty)
+      end
+      def segment_severity(segment)
+        return 1.0 unless segment
+        segment_severities.fetch(segment, fallback_segment_severity)
+      end
+      attr_reader :advisory_severity
+      attr_reader :new_versions_severity
+      attr_reader :major_version_penalty
+      private
+      attr_reader :dependency_priorities
+      attr_reader :default_dependency_priority
+      attr_reader :group_priorities
+      attr_reader :advisory_penalties
+      attr_reader :fallback_advisory_penalty
+      attr_reader :segment_severities
+      attr_reader :fallback_segment_severity
+    end
+  end
+end

data/lib/polariscope/scanner/dependency_context.rb ADDED Viewed

@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+require_relative 'ruby_scanner'
+require 'tempfile'
+require 'bundler/audit/configuration'
+module Polariscope
+  module Scanner
+    class DependencyContext
+      DEFAULT_SPEC_TYPE = :released
+      def initialize(**opts)
+        @gemfile_content = opts.fetch(:gemfile_content, nil)
+        @gemfile_lock_content = opts.fetch(:gemfile_lock_content, nil)
+        @bundler_audit_config_content = opts.fetch(:bundler_audit_config_content, '')
+        @spec_type = opts.fetch(:spec_type, DEFAULT_SPEC_TYPE)
+      end
+      def no_dependencies?
+        blank_value?(gemfile_content) || blank_value?(gemfile_lock_content) || dependencies.empty?
+      end
+      def dependencies
+        @dependencies ||= dependencies_with_ruby
+      end
+      def dependency_versions(dependency)
+        [current_dependency_version(dependency), gem_versions.versions_for(dependency.name)]
+      end
+      def advisories
+        specs
+          .flat_map { |gem| audit_database.check_gem(gem).to_a }
+          .concat(ruby_scanner.vulnerable_advisories)
+          .reject { |advisory| ignored_advisories.intersect?(advisory.identifiers.to_set) }
+      end
+      private
+      attr_reader :gemfile_content
+      attr_reader :gemfile_lock_content
+      attr_reader :bundler_audit_config_content
+      attr_reader :spec_type
+      def ruby_scanner
+        @ruby_scanner ||= RubyScanner.new(bundle_definition.locked_ruby_version_object)
+      end
+      def gem_versions
+        @gem_versions ||= GemVersions.new(dependencies.map(&:name), spec_type: spec_type)
+      end
+      def bundle_definition
+        @bundle_definition ||=
+          ::Tempfile.create do |gemfile|
+            ::Tempfile.create do |gemfile_lock|
+              gemfile.puts parseable_gemfile_content
+              gemfile.rewind
+              gemfile_lock.puts gemfile_lock_content
+              gemfile_lock.rewind
+              Bundler::Definition.build(gemfile.path, gemfile_lock.path, false)
+            end
+          end
+      end
+      def current_dependency_version(dependency)
+        return ruby_scanner.version if dependency.name == GemVersions::RUBY_NAME
+        specs.find { |spec| dependency.name == spec.name }.version
+      end
+      def dependencies_with_ruby
+        return installed_dependencies unless ruby_scanner.version
+        installed_dependencies + [Bundler::Dependency.new(GemVersions::RUBY_NAME, false)]
+      end
+      def installed_dependencies
+        spec_names = specs.to_set(&:name)
+        bundle_definition.dependencies.select { |dependency| spec_names.include?(dependency.name) }
+      end
+      def specs
+        bundle_definition.locked_gems.specs
+      end
+      def ignored_advisories
+        audit_configuration.ignore
+      end
+      def audit_configuration
+        @audit_configuration ||= Tempfile.create do |file|
+          file.puts bundler_audit_config_content
+          file.rewind
+          Bundler::Audit::Configuration.load(file.path)
+        rescue StandardError
+          Bundler::Audit::Configuration.new
+        end
+      end
+      def audit_database
+        @audit_database ||= Bundler::Audit::Database.new
+      end
+      def parseable_gemfile_content
+        gemfile_content.gsub("gemspec\n", '').gsub(/^ruby.*$\R/, '')
+      end
+      def blank_value?(value)
+        value.nil? || value.empty?
+      end
+    end
+  end
+end

data/lib/polariscope/scanner/gem_health_score.rb CHANGED Viewed

@@ -3,29 +3,37 @@
 module Polariscope
   module Scanner
     class GemHealthScore
-      def initialize(all_versions:, current_version:, severities: [])
-        @all_versions = all_versions
-        @current_version = current_version
-        @severities = severities
+      def initialize(dependency_context, calculation_context, dependency)
+        @calculation_context = calculation_context
+        @current_version, @all_versions = dependency_context.dependency_versions(dependency)
       end
       def health_score
-        return 100 if up_to_date?
+        return 1.0 if up_to_date?
-        score = 100
-        score *= (1.0 + first_outdated_segment)**-Math.log(first_outdated_segment_severity)
-        score *= (1.0 + new_versions.count)**-Math.log(1.07)
+        score = 1.0
+        score *= (1 + first_outdated_segment)**-Math.log(first_outdated_segment_severity)
+        score *= (1 + new_versions.count)**-Math.log(calculation_context.new_versions_severity)
         score
       end
+      def major_version_penalty
+        major_version_outdated? ? calculation_context.major_version_penalty : 0
+      end
+      private
+      attr_reader :calculation_context
+      attr_reader :current_version
+      attr_reader :all_versions
       def up_to_date?
         current_version == latest_version
       end
       def first_outdated_segment_severity
-        return 1 if first_outdated_segment_index.nil?
-        severities[first_outdated_segment_index]
+        calculation_context.segment_severity(first_outdated_segment_index)
       end
       def first_outdated_segment_index
@@ -36,17 +44,15 @@ module Polariscope
         segments_delta.find(&:positive?) || 0
       end
-      def segments_delta
-        current_version.segments.grep(Integer).zip(latest_version.segments.grep(Integer))
-                       .map { |current, latest| current && latest ? latest - current : 0 }
+      def major_version_outdated?
+        segments_delta.first.positive?
       end
-      def major_version_penalty
-        major_outdated? ? 1 : 0
-      end
-      def major_outdated?
-        latest_version.segments[0] > current_version.segments[0]
+      def segments_delta
+        @segments_delta ||=
+          version_segments(latest_version)
+          .zip(version_segments(current_version))
+          .map { |latest, current| latest && current ? latest - current : 0 }
       end
       def latest_version
@@ -57,11 +63,9 @@ module Polariscope
         @new_versions ||= all_versions.select { |version| version > current_version }
       end
-      private
-      attr_reader :all_versions
-      attr_reader :current_version
-      attr_reader :severities
+      def version_segments(version)
+        version.segments.grep(Integer)
+      end
     end
   end
 end

data/lib/polariscope/scanner/gem_versions.rb CHANGED Viewed

@@ -1,30 +1,43 @@
 # frozen_string_literal: true
+require_relative 'ruby_versions'
 require 'set'
 module Polariscope
   module Scanner
     class GemVersions
+      RUBY_NAME = 'ruby'
       def initialize(dependency_names, spec_type:)
         @dependency_names = dependency_names.to_set
         @spec_type = spec_type
-        @gem_versions = Hash.new { |h, k| h[k] = [] }
+        @gem_versions = Hash.new { |h, k| h[k] = Set.new }
         fetch_gems
+        fetch_ruby_versions if dependency_names.include?(RUBY_NAME)
       end
       def versions_for(gem_name)
-        @gem_versions[gem_name]
+        gem_versions[gem_name]
       end
       private
+      attr_reader :dependency_names
+      attr_reader :spec_type
+      attr_reader :gem_versions
+      def fetch_ruby_versions
+        gem_versions[RUBY_NAME] = RubyVersions.available_versions
+      end
       def fetch_gems
-        gem_tuples = Gem::SpecFetcher.fetcher.detect(@spec_type) do |name_tuple|
-          @dependency_names.include?(name_tuple.name)
-        end
+        gem_tuples.each { |(name_tuple, _)| gem_versions[name_tuple.name] << name_tuple.version }
+      end
-        gem_tuples.each { |gem_tuple| @gem_versions[gem_tuple.first.name] << gem_tuple.first.version }
+      def gem_tuples
+        Gem::SpecFetcher.fetcher.detect(spec_type) { |name_tuple| dependency_names.include?(name_tuple.name) }
       end
     end
   end

data/lib/polariscope/scanner/gemfile_health_score.rb CHANGED Viewed

@@ -1,147 +1,68 @@
 # frozen_string_literal: true
-require 'bundler'
-require 'bundler/audit/configuration'
-require 'bundler/audit/database'
-require 'set'
-require_relative 'gem_versions'
+require_relative 'advisories_health_score'
+require_relative 'audit_database'
+require_relative 'calculation_context'
+require_relative 'dependency_context'
 require_relative 'gem_health_score'
-require_relative 'ruby_scanner'
 module Polariscope
   module Scanner
-    class GemfileHealthScore # rubocop:disable Metrics/ClassLength
-      GEM_PRIORITIES = { rails: 10.0 }.freeze
-      DEFAULT_PRIORITY = 1.0
-      GROUP_PRIORITIES = { default: 2.0, production: 2.0 }.freeze
-      SEVERITIES = [1.7, 1.15, 1.01, 1.005].freeze
-      FALLBACK_ADVISORY_PENALTY = 0.5
-      ADVISORY_PENALTY_MAP = {
-        none: 0.0,
-        low: 0.5,
-        medium: 1.0,
-        high: 3.0,
-        critical: 5.0
-      }.freeze
-      def initialize( # rubocop:disable Metrics/ParameterLists, Metrics/MethodLength
-        gemfile_path:, gemfile_lock_content:, gem_priorities: GEM_PRIORITIES, default_priority: DEFAULT_PRIORITY,
-        group_priorities: GROUP_PRIORITIES, severities: SEVERITIES, spec_type: :released,
-        advisory_penalty_map: ADVISORY_PENALTY_MAP, fallback_advisory_penalty: FALLBACK_ADVISORY_PENALTY,
-        update_audit_database: false, bundler_audit_config_path: ''
-      )
-        @lockfile_parser = Bundler::LockfileParser.new(gemfile_lock_content)
-        @ruby_scanner = RubyScanner.new(@lockfile_parser)
-        @gemfile_path = gemfile_path
-        @dependencies = installed_dependencies
-        @gem_priorities = gem_priorities
-        @default_priority = default_priority
-        @group_priorities = group_priorities
-        @severities = severities
-        @spec_type = spec_type
-        @advisory_penalty_map = advisory_penalty_map
-        @fallback_advisory_penalty = fallback_advisory_penalty
-        @bundler_audit_config_path = bundler_audit_config_path
-        update_audit_database! if update_audit_database
+    class GemfileHealthScore
+      def initialize(**opts)
+        @dependency_context = DependencyContext.new(**opts)
+        @calculation_context = CalculationContext.new(**opts)
+        AuditDatabase.update_if_necessary
       end
       def health_score
-        return nil if dependencies.empty?
+        return nil if dependency_context.no_dependencies?
-        ((1.0 - major_version_penalty_score) * weighted_gem_health_score * advisories_score).round(2)
+        (100.0 * weighted_major_version_score * weighted_dependency_health_score * advisories_score).round(2)
       end
       private
-      attr_reader :dependencies
-      attr_reader :lockfile_parser
-      attr_reader :ruby_scanner
-      attr_reader :advisory_penalty_map
-      attr_reader :fallback_advisory_penalty
-      attr_reader :bundler_audit_config_path
-      def major_version_penalties
-        dependencies.map do |dependency|
-          current_version, all_versions = dependency_versions(dependency)
+      attr_reader :dependency_context
+      attr_reader :calculation_context
-          GemHealthScore.new(all_versions: all_versions, current_version: current_version).major_version_penalty
-        end
+      def weighted_major_version_score
+        1.0 - weighted_major_version_penalty
       end
-      def major_version_penalty_score
-        dependency_priorities.zip(major_version_penalties).sum { |a| a.inject(:*) } / dependency_priorities.sum
-      end
-      def weighted_gem_health_score
-        dependency_priorities.zip(dependency_health_scores).sum { |a| a.inject(:*) } / dependency_priorities.sum
-      end
-      def dependency_health_scores
-        dependencies.map do |dependency|
-          current_version, all_versions = dependency_versions(dependency)
-          GemHealthScore.new(
-            all_versions: all_versions,
-            current_version: current_version,
-            severities: @severities
-          ).health_score
-        end
-      end
-      def dependency_priorities
-        @dependency_priorities ||= dependencies.map { |dependency| dependency_priority(dependency) }
+      def weighted_major_version_penalty
+        dependency_priorities.zip(major_version_penalties).sum { |a, b| a * b } / dependency_priorities.sum
       end
-      def dependency_priority(dependency)
-        @gem_priorities[dependency.name.to_sym] || @group_priorities[dependency.groups.first] || @default_priority
+      def weighted_dependency_health_score
+        dependency_priorities.zip(dependency_health_scores).sum { |a, b| a * b } / dependency_priorities.sum
       end
-      def dependency_versions(dependency)
-        [current_dependency_version(dependency), gem_versions.versions_for(dependency.name)]
+      def major_version_penalties
+        gem_health_scores.map(&:major_version_penalty)
       end
-      def current_dependency_version(dependency)
-        lockfile_parser.specs.find { |spec| dependency.name == spec.name }.version
+      def dependency_health_scores
+        gem_health_scores.map(&:health_score)
       end
-      def installed_dependencies
-        spec_names = @lockfile_parser.specs.to_set(&:name)
-        dependencies = Bundler::Definition.build(@gemfile_path, nil, nil).dependencies
-        dependencies.select { |dependency| spec_names.include?(dependency.name) }
+      def gem_health_scores
+        @gem_health_scores ||= dependencies.map do |dependency|
+          GemHealthScore.new(dependency_context, calculation_context, dependency)
+        end
       end
-      def gem_versions
-        @gem_versions ||= GemVersions.new(dependencies.map(&:name), spec_type: @spec_type)
+      def dependency_priorities
+        @dependency_priorities ||= dependencies.map { |dependency| calculation_context.priority_for(dependency) }
       end
       def advisories_score
-        (1 + advisories_penalty)**-Math.log(1.09)
-      end
-      def advisories_penalty
-        advisories.map(&:criticality)
-                  .sum { |criticality| advisory_penalty_map.fetch(criticality, fallback_advisory_penalty) }
-      end
-      def advisories
-        database = Bundler::Audit::Database.new
-        lockfile_parser.specs
-                       .flat_map { |gem| database.check_gem(gem).to_a }
-                       .concat(ruby_scanner.vulnerable_advisories)
-                       .reject { |advisory| ignored_advisories.intersect?(advisory.identifiers.to_set) }
-      end
-      def ignored_advisories
-        @ignored_advisories ||= Bundler::Audit::Configuration.load(bundler_audit_config_path).ignore.to_set
-      rescue Bundler::Audit::Configuration::FileNotFound, Bundler::Audit::Configuration::InvalidConfigurationError
-        @ignored_advisories = Set.new
+        AdvisoriesHealthScore.new(dependency_context, calculation_context).health_score
       end
-      def update_audit_database!
-        Bundler::Audit::Database.update!(quiet: true)
+      def dependencies
+        dependency_context.dependencies
       end
     end
   end

data/lib/polariscope/scanner/ruby_scanner.rb CHANGED Viewed

@@ -1,17 +1,16 @@
 # frozen_string_literal: true
-require 'bundler'
 require 'bundler/audit/database'
 module Polariscope
   module Scanner
     class RubyScanner
-      def initialize(lockfile_parser)
-        @lockfile_parser = lockfile_parser
+      def initialize(bundler_ruby_version)
+        @bundler_ruby_version = bundler_ruby_version
       end
       def version
-        lockfile_ruby_version&.gem_version
+        bundler_ruby_version&.gem_version
       end
       def vulnerable_advisories
@@ -20,8 +19,7 @@ module Polariscope
       private
-      attr_reader :lockfile_parser
-      attr_reader :bundler_audit_database
+      attr_reader :bundler_ruby_version
       def advisories
         cve_paths.map { |path| Bundler::Audit::Advisory.load(path) }
@@ -34,11 +32,7 @@ module Polariscope
       end
       def engine
-        lockfile_ruby_version.engine
-      end
-      def lockfile_ruby_version
-        @lockfile_ruby_version ||= Bundler::RubyVersion.from_string(@lockfile_parser.ruby_version)
+        bundler_ruby_version.engine
       end
     end
   end

data/lib/polariscope/scanner/ruby_versions.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+require 'open-uri'
+module Polariscope
+  module Scanner
+    module RubyVersions
+      VERSIONS_INDEX_FILE_URL = 'https://cache.ruby-lang.org/pub/ruby/index.txt'
+      MINIMUM_RUBY_VERSION = Gem::Version.new('1.0.0')
+      OPEN_TIMEOUT = 5
+      READ_TIMEOUT = 5
+      module_function
+      def available_versions # rubocop:disable Metrics/AbcSize
+        URI
+          .parse(VERSIONS_INDEX_FILE_URL)
+          .open(open_timeout: OPEN_TIMEOUT, read_timeout: READ_TIMEOUT, &:readlines)
+          .drop(1) # header row
+          .map { |line| line.split("\t").first.sub('ruby-', 'ruby ') } # ruby-2.3.4 -> ruby 2.3.4
+          .filter_map { |ruby_version| Bundler::RubyVersion.from_string(ruby_version)&.gem_version }
+          .select { |gem_version| gem_version >= MINIMUM_RUBY_VERSION && gem_version.segments.size == 3 }
+          .to_set
+      rescue Timeout::Error
+        Set.new
+      end
+    end
+  end
+end

data/lib/polariscope/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Polariscope
-  VERSION = '0.3.0'
+  VERSION = '0.4.0'
 end

data/lib/polariscope.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require_relative 'polariscope/version'
-require_relative 'polariscope/scanner/codebase_health_score'
+require_relative 'polariscope/scanner/gemfile_health_score'
 require_relative 'polariscope/scanner/gem_versions'
 require_relative 'polariscope/file_content'
@@ -9,15 +9,15 @@ module Polariscope
   Error = Class.new(StandardError)
   class << self
-    def scan(gemfile_content: nil, gemfile_lock_content: nil, bundler_audit_config_content: nil)
-      Scanner::CodebaseHealthScore.new(
-        gemfile_content: gemfile_content || FileContent.for('Gemfile'),
-        gemfile_lock_content: gemfile_lock_content || FileContent.for('Gemfile.lock'),
-        bundler_audit_config_content: bundler_audit_config_content || FileContent.for('.bundler-audit.yml')
-      ).health_score
+    def scan(**opts)
+      Scanner::GemfileHealthScore.new(**opts.merge(
+        gemfile_content: opts.fetch(:gemfile_content, FileContent.for('Gemfile')),
+        gemfile_lock_content: opts.fetch(:gemfile_lock_content, FileContent.for('Gemfile.lock')),
+        bundler_audit_config_content: opts.fetch(:bundler_audit_config_content, FileContent.for('.bundler-audit.yml'))
+      )).health_score
     end
-    def gem_versions(dependency_names, spec_type: :released)
+    def gem_versions(dependency_names, spec_type: Scanner::DependencyContext::DEFAULT_SPEC_TYPE)
       Scanner::GemVersions.new(dependency_names, spec_type: spec_type)
     end
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: polariscope
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Rails team
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-10-17 00:00:00.000000000 Z
+date: 2024-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -56,11 +56,15 @@ files:
 - exe/polariscope
 - lib/polariscope.rb
 - lib/polariscope/file_content.rb
-- lib/polariscope/scanner/codebase_health_score.rb
+- lib/polariscope/scanner/advisories_health_score.rb
+- lib/polariscope/scanner/audit_database.rb
+- lib/polariscope/scanner/calculation_context.rb
+- lib/polariscope/scanner/dependency_context.rb
 - lib/polariscope/scanner/gem_health_score.rb
 - lib/polariscope/scanner/gem_versions.rb
 - lib/polariscope/scanner/gemfile_health_score.rb
 - lib/polariscope/scanner/ruby_scanner.rb
+- lib/polariscope/scanner/ruby_versions.rb
 - lib/polariscope/version.rb
 - polariscope.gemspec
 homepage: https://github.com/infinum/polariscope

data/lib/polariscope/scanner/codebase_health_score.rb DELETED Viewed

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-require 'tempfile'
-require_relative 'gemfile_health_score'
-module Polariscope
-  module Scanner
-    class CodebaseHealthScore
-      def initialize(gemfile_content:, gemfile_lock_content:, bundler_audit_config_content:)
-        @gemfile_content = gemfile_content
-        @gemfile_lock_content = gemfile_lock_content
-        @bundler_audit_config_content = bundler_audit_config_content
-      end
-      def health_score
-        return nil if blank?(gemfile_content) || blank?(gemfile_lock_content)
-        begin
-          GemfileHealthScore.new(gemfile_path: gemfile_file.path, gemfile_lock_content: gemfile_lock_content,
-                                 bundler_audit_config_path: bundler_audit_config_file.path,
-                                 update_audit_database: update_audit_database?).health_score
-        ensure
-          gemfile_file.unlink
-          bundler_audit_config_file.unlink
-        end
-      end
-      private
-      attr_reader :gemfile_content
-      attr_reader :gemfile_lock_content
-      attr_reader :bundler_audit_config_content
-      def gemfile_file
-        @gemfile_file ||= begin
-          file = Tempfile.new('Gemfile')
-          file.write(gemfile_content.gsub("gemspec\n", '').gsub(/^ruby.*$\R/, ''))
-          file.close
-          file
-        end
-      end
-      def bundler_audit_config_file
-        @bundler_audit_config_file ||= begin
-          file = Tempfile.new('.bundler-audit.yml')
-          file.write(bundler_audit_config_content)
-          file.close
-          file
-        end
-      end
-      def blank?(value)
-        value.nil? || value == ''
-      end
-      def update_audit_database?
-        audit_db_missing? || audit_db_stale?
-      end
-      def audit_db_missing?
-        !Bundler::Audit::Database.exists?
-      end
-      def audit_db_stale?
-        ((Time.now - Bundler::Audit::Database.new.last_updated_at) / 86_400) > 7
-      end
-    end
-  end
-end