polariscope 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1c891a85ae5f5fed5a3cba46ddb78c81657baedfac15bcf31de9002fdae9c6df
-  data.tar.gz: 3864c4ecf3833289fb1cb1af30df8316a646f62714962f034e60ab42d0ab11f9
+  metadata.gz: 0d0728ac02d87facc2bbaf9297aee04343275420e267c7daf7240c3b3686b834
+  data.tar.gz: daa80c083d6a29aa9709ce9e34a55fea9f5842cc4e85967dd9cdb947ef274f9e
 SHA512:
-  metadata.gz: c008254c44678d2a936e027e33bba206ac12f48f7350d5aa63f5105e8897713fc851664d46afa02f665f11d53ad4459094b6795e3ba4caefaf58b3918d74fd47
-  data.tar.gz: 8e123d4cc077831e1fc252d846655b0994e3f78836affdc11af73ad9df9ae87bedf3c5ead5012be77f6b010d38585172d7e31800f23f86241f68b74cae3c97d2
+  metadata.gz: 26d92d6f8a81ef010a02dba51ec28deed8ce9d1c1ef0bf92a13694c29ada0cf062a5d375819cad2f7bed5db1a292fe978f7bd24225381530976d6a394c9bebb0
+  data.tar.gz: 24f52577172981309212e6de5ac8f45ef51b26c8ecf075f3d29aec930be1cc383ee8ed7ae9608c943782eed93cb3387dec498932f6041cd86f9dc1b481ba35cd

data/.rubocop.yml

@@ -21,8 +21,5 @@ Style/FrozenStringLiteralComment:
   Exclude:
     - 'exe/polariscope'
 
-Rails/TimeZone:
-  Enabled: false
-
-Rails/Date:
+Rails:
   Enabled: false

data/CHANGELOG.md

@@ -1,5 +1,10 @@
 ## [Unreleased]
 
+## [0.4.0] - 2024-10-25
+
+- Count Ruby versions towards health score
+- Update audit database if older than one day
+
 ## [0.3.0] - 2024-10-17
 
 - Count Ruby advisories towards health score

data/lib/polariscope/scanner/advisories_health_score.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Polariscope
+  module Scanner
+    class AdvisoriesHealthScore
+      def initialize(dependency_context, calculation_context)
+        @dependency_context = dependency_context
+        @calculation_context = calculation_context
+      end
+
+      def health_score
+        (1 + advisories_penalty)**-Math.log(calculation_context.advisory_severity)
+      end
+
+      private
+
+      attr_reader :dependency_context
+      attr_reader :calculation_context
+
+      def advisories_penalty
+        dependency_context
+          .advisories
+          .map(&:criticality)
+          .sum { |criticality| calculation_context.advisory_penalty_for(criticality) }
+      end
+    end
+  end
+end

data/lib/polariscope/scanner/audit_database.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'bundler/audit/database'
+
+module Polariscope
+  module Scanner
+    module AuditDatabase
+      extend self
+
+      ONE_DAY = 24 * 60 * 60
+
+      def update_if_necessary
+        update_audit_database! if database_outdated?
+      end
+
+      private
+
+      def update_audit_database!
+        Bundler::Audit::Database.update!(quiet: true)
+      end
+
+      def database_outdated?
+        audit_db_missing? || audit_db_stale?
+      end
+
+      def audit_db_missing?
+        !Bundler::Audit::Database.exists?
+      end
+
+      def audit_db_stale?
+        ((Time.now - Bundler::Audit::Database.new.last_updated_at) / ONE_DAY) > 1.0
+      end
+    end
+  end
+end

data/lib/polariscope/scanner/calculation_context.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module Polariscope
+  module Scanner
+    class CalculationContext
+      DEPENDENCY_PRIORITIES = { ruby: 10.0, rails: 10.0 }.freeze
+      GROUP_PRIORITIES = { default: 2.0, production: 2.0 }.freeze
+      DEFAULT_DEPENDENCY_PRIORITY = 1.0
+
+      ADVISORY_SEVERITY = 1.09
+      ADVISORY_PENALTIES = {
+        none: 0.0,
+        low: 0.5,
+        medium: 1.0,
+        high: 3.0,
+        critical: 5.0
+      }.freeze
+      FALLBACK_ADVISORY_PENALTY = 0.5
+
+      MAJOR_VERSION_PENALTY = 1
+      NEW_VERSIONS_SEVERITY = 1.07
+      SEGMENT_SEVERITIES = [1.7, 1.15, 1.01].freeze
+      FALLBACK_SEGMENT_SEVERITY = 1.0
+
+      def initialize(**opts)
+        @dependency_priorities = opts.fetch(:dependency_priorities, DEPENDENCY_PRIORITIES)
+        @group_priorities = opts.fetch(:group_priorities, GROUP_PRIORITIES)
+        @default_dependency_priority = opts.fetch(:default_dependency_priority, DEFAULT_DEPENDENCY_PRIORITY)
+
+        @advisory_severity = opts.fetch(:advisory_severity, ADVISORY_SEVERITY)
+        @advisory_penalties = opts.fetch(:advisory_penalties, ADVISORY_PENALTIES)
+        @fallback_advisory_penalty = opts.fetch(:fallback_advisory_penalty, FALLBACK_ADVISORY_PENALTY)
+
+        @major_version_penalty = opts.fetch(:major_version_penalty, MAJOR_VERSION_PENALTY)
+        @new_versions_severity = opts.fetch(:new_versions_severity, NEW_VERSIONS_SEVERITY)
+        @segment_severities = opts.fetch(:segment_severities, SEGMENT_SEVERITIES)
+        @fallback_segment_severity = opts.fetch(:fallback_segment_severity, FALLBACK_SEGMENT_SEVERITY)
+      end
+
+      def priority_for(dependency)
+        dependency_priorities[dependency.name.to_sym] ||
+          group_priorities[dependency.groups.first] ||
+          default_dependency_priority
+      end
+
+      def advisory_penalty_for(criticality)
+        advisory_penalties.fetch(criticality, fallback_advisory_penalty)
+      end
+
+      def segment_severity(segment)
+        return 1.0 unless segment
+
+        segment_severities.fetch(segment, fallback_segment_severity)
+      end
+
+      attr_reader :advisory_severity
+      attr_reader :new_versions_severity
+      attr_reader :major_version_penalty
+
+      private
+
+      attr_reader :dependency_priorities
+      attr_reader :default_dependency_priority
+      attr_reader :group_priorities
+      attr_reader :advisory_penalties
+      attr_reader :fallback_advisory_penalty
+      attr_reader :segment_severities
+      attr_reader :fallback_segment_severity
+    end
+  end
+end

data/lib/polariscope/scanner/dependency_context.rb

@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+
+require_relative 'ruby_scanner'
+
+require 'tempfile'
+require 'bundler/audit/configuration'
+
+module Polariscope
+  module Scanner
+    class DependencyContext
+      DEFAULT_SPEC_TYPE = :released
+
+      def initialize(**opts)
+        @gemfile_content = opts.fetch(:gemfile_content, nil)
+        @gemfile_lock_content = opts.fetch(:gemfile_lock_content, nil)
+        @bundler_audit_config_content = opts.fetch(:bundler_audit_config_content, '')
+        @spec_type = opts.fetch(:spec_type, DEFAULT_SPEC_TYPE)
+      end
+
+      def no_dependencies?
+        blank_value?(gemfile_content) || blank_value?(gemfile_lock_content) || dependencies.empty?
+      end
+
+      def dependencies
+        @dependencies ||= dependencies_with_ruby
+      end
+
+      def dependency_versions(dependency)
+        [current_dependency_version(dependency), gem_versions.versions_for(dependency.name)]
+      end
+
+      def advisories
+        specs
+          .flat_map { |gem| audit_database.check_gem(gem).to_a }
+          .concat(ruby_scanner.vulnerable_advisories)
+          .reject { |advisory| ignored_advisories.intersect?(advisory.identifiers.to_set) }
+      end
+
+      private
+
+      attr_reader :gemfile_content
+      attr_reader :gemfile_lock_content
+      attr_reader :bundler_audit_config_content
+      attr_reader :spec_type
+
+      def ruby_scanner
+        @ruby_scanner ||= RubyScanner.new(bundle_definition.locked_ruby_version_object)
+      end
+
+      def gem_versions
+        @gem_versions ||= GemVersions.new(dependencies.map(&:name), spec_type: spec_type)
+      end
+
+      def bundle_definition
+        @bundle_definition ||=
+          ::Tempfile.create do |gemfile|
+            ::Tempfile.create do |gemfile_lock|
+              gemfile.puts parseable_gemfile_content
+              gemfile.rewind
+
+              gemfile_lock.puts gemfile_lock_content
+              gemfile_lock.rewind
+
+              Bundler::Definition.build(gemfile.path, gemfile_lock.path, false)
+            end
+          end
+      end
+
+      def current_dependency_version(dependency)
+        return ruby_scanner.version if dependency.name == GemVersions::RUBY_NAME
+
+        specs.find { |spec| dependency.name == spec.name }.version
+      end
+
+      def dependencies_with_ruby
+        return installed_dependencies unless ruby_scanner.version
+
+        installed_dependencies + [Bundler::Dependency.new(GemVersions::RUBY_NAME, false)]
+      end
+
+      def installed_dependencies
+        spec_names = specs.to_set(&:name)
+
+        bundle_definition.dependencies.select { |dependency| spec_names.include?(dependency.name) }
+      end
+
+      def specs
+        bundle_definition.locked_gems.specs
+      end
+
+      def ignored_advisories
+        audit_configuration.ignore
+      end
+
+      def audit_configuration
+        @audit_configuration ||= Tempfile.create do |file|
+          file.puts bundler_audit_config_content
+          file.rewind
+
+          Bundler::Audit::Configuration.load(file.path)
+        rescue StandardError
+          Bundler::Audit::Configuration.new
+        end
+      end
+
+      def audit_database
+        @audit_database ||= Bundler::Audit::Database.new
+      end
+
+      def parseable_gemfile_content
+        gemfile_content.gsub("gemspec\n", '').gsub(/^ruby.*$\R/, '')
+      end
+
+      def blank_value?(value)
+        value.nil? || value.empty?
+      end
+    end
+  end
+end

data/lib/polariscope/scanner/gem_health_score.rb

@@ -3,29 +3,37 @@
 module Polariscope
   module Scanner
     class GemHealthScore
-      def initialize(all_versions:, current_version:, severities: [])
-        @all_versions = all_versions
-        @current_version = current_version
-        @severities = severities
+      def initialize(dependency_context, calculation_context, dependency)
+        @calculation_context = calculation_context
+
+        @current_version, @all_versions = dependency_context.dependency_versions(dependency)
       end
 
       def health_score
-        return 100 if up_to_date?
+        return 1.0 if up_to_date?
 
-        score = 100
-        score *= (1.0 + first_outdated_segment)**-Math.log(first_outdated_segment_severity)
-        score *= (1.0 + new_versions.count)**-Math.log(1.07)
+        score = 1.0
+        score *= (1 + first_outdated_segment)**-Math.log(first_outdated_segment_severity)
+        score *= (1 + new_versions.count)**-Math.log(calculation_context.new_versions_severity)
         score
       end
 
+      def major_version_penalty
+        major_version_outdated? ? calculation_context.major_version_penalty : 0
+      end
+
+      private
+
+      attr_reader :calculation_context
+      attr_reader :current_version
+      attr_reader :all_versions
+
       def up_to_date?
         current_version == latest_version
       end
 
       def first_outdated_segment_severity
-        return 1 if first_outdated_segment_index.nil?
-
-        severities[first_outdated_segment_index]
+        calculation_context.segment_severity(first_outdated_segment_index)
       end
 
       def first_outdated_segment_index
@@ -36,17 +44,15 @@ module Polariscope
         segments_delta.find(&:positive?) || 0
       end
 
-      def segments_delta
-        current_version.segments.grep(Integer).zip(latest_version.segments.grep(Integer))
-                       .map { |current, latest| current && latest ? latest - current : 0 }
+      def major_version_outdated?
+        segments_delta.first.positive?
       end
 
-      def major_version_penalty
-        major_outdated? ? 1 : 0
-      end
-
-      def major_outdated?
-        latest_version.segments[0] > current_version.segments[0]
+      def segments_delta
+        @segments_delta ||=
+          version_segments(latest_version)
+          .zip(version_segments(current_version))
+          .map { |latest, current| latest && current ? latest - current : 0 }
       end
 
       def latest_version
@@ -57,11 +63,9 @@ module Polariscope
         @new_versions ||= all_versions.select { |version| version > current_version }
       end
 
-      private
-
-      attr_reader :all_versions
-      attr_reader :current_version
-      attr_reader :severities
+      def version_segments(version)
+        version.segments.grep(Integer)
+      end
     end
   end
 end

data/lib/polariscope/scanner/gem_versions.rb

@@ -1,30 +1,43 @@
 # frozen_string_literal: true
 
+require_relative 'ruby_versions'
+
 require 'set'
 
 module Polariscope
   module Scanner
     class GemVersions
+      RUBY_NAME = 'ruby'
+
       def initialize(dependency_names, spec_type:)
         @dependency_names = dependency_names.to_set
         @spec_type = spec_type
-        @gem_versions = Hash.new { |h, k| h[k] = [] }
+        @gem_versions = Hash.new { |h, k| h[k] = Set.new }
 
         fetch_gems
+        fetch_ruby_versions if dependency_names.include?(RUBY_NAME)
       end
 
       def versions_for(gem_name)
-        @gem_versions[gem_name]
+        gem_versions[gem_name]
       end
 
       private
 
+      attr_reader :dependency_names
+      attr_reader :spec_type
+      attr_reader :gem_versions
+
+      def fetch_ruby_versions
+        gem_versions[RUBY_NAME] = RubyVersions.available_versions
+      end
+
       def fetch_gems
-        gem_tuples = Gem::SpecFetcher.fetcher.detect(@spec_type) do |name_tuple|
-          @dependency_names.include?(name_tuple.name)
-        end
+        gem_tuples.each { |(name_tuple, _)| gem_versions[name_tuple.name] << name_tuple.version }
+      end
 
-        gem_tuples.each { |gem_tuple| @gem_versions[gem_tuple.first.name] << gem_tuple.first.version }
+      def gem_tuples
+        Gem::SpecFetcher.fetcher.detect(spec_type) { |name_tuple| dependency_names.include?(name_tuple.name) }
       end
     end
   end

data/lib/polariscope/scanner/gemfile_health_score.rb

@@ -1,147 +1,68 @@
 # frozen_string_literal: true
 
-require 'bundler'
-require 'bundler/audit/configuration'
-require 'bundler/audit/database'
-require 'set'
-require_relative 'gem_versions'
+require_relative 'advisories_health_score'
+require_relative 'audit_database'
+require_relative 'calculation_context'
+require_relative 'dependency_context'
 require_relative 'gem_health_score'
-require_relative 'ruby_scanner'
 
 module Polariscope
   module Scanner
-    class GemfileHealthScore # rubocop:disable Metrics/ClassLength
-      GEM_PRIORITIES = { rails: 10.0 }.freeze
-      DEFAULT_PRIORITY = 1.0
-      GROUP_PRIORITIES = { default: 2.0, production: 2.0 }.freeze
-      SEVERITIES = [1.7, 1.15, 1.01, 1.005].freeze
-      FALLBACK_ADVISORY_PENALTY = 0.5
-      ADVISORY_PENALTY_MAP = {
-        none: 0.0,
-        low: 0.5,
-        medium: 1.0,
-        high: 3.0,
-        critical: 5.0
-      }.freeze
-
-      def initialize( # rubocop:disable Metrics/ParameterLists, Metrics/MethodLength
-        gemfile_path:, gemfile_lock_content:, gem_priorities: GEM_PRIORITIES, default_priority: DEFAULT_PRIORITY,
-        group_priorities: GROUP_PRIORITIES, severities: SEVERITIES, spec_type: :released,
-        advisory_penalty_map: ADVISORY_PENALTY_MAP, fallback_advisory_penalty: FALLBACK_ADVISORY_PENALTY,
-        update_audit_database: false, bundler_audit_config_path: ''
-      )
-        @lockfile_parser = Bundler::LockfileParser.new(gemfile_lock_content)
-        @ruby_scanner = RubyScanner.new(@lockfile_parser)
-        @gemfile_path = gemfile_path
-        @dependencies = installed_dependencies
-        @gem_priorities = gem_priorities
-        @default_priority = default_priority
-        @group_priorities = group_priorities
-        @severities = severities
-        @spec_type = spec_type
-        @advisory_penalty_map = advisory_penalty_map
-        @fallback_advisory_penalty = fallback_advisory_penalty
-        @bundler_audit_config_path = bundler_audit_config_path
-
-        update_audit_database! if update_audit_database
+    class GemfileHealthScore
+      def initialize(**opts)
+        @dependency_context = DependencyContext.new(**opts)
+        @calculation_context = CalculationContext.new(**opts)
+
+        AuditDatabase.update_if_necessary
       end
 
       def health_score
-        return nil if dependencies.empty?
+        return nil if dependency_context.no_dependencies?
 
-        ((1.0 - major_version_penalty_score) * weighted_gem_health_score * advisories_score).round(2)
+        (100.0 * weighted_major_version_score * weighted_dependency_health_score * advisories_score).round(2)
       end
 
       private
 
-      attr_reader :dependencies
-      attr_reader :lockfile_parser
-      attr_reader :ruby_scanner
-      attr_reader :advisory_penalty_map
-      attr_reader :fallback_advisory_penalty
-      attr_reader :bundler_audit_config_path
-
-      def major_version_penalties
-        dependencies.map do |dependency|
-          current_version, all_versions = dependency_versions(dependency)
+      attr_reader :dependency_context
+      attr_reader :calculation_context
 
-          GemHealthScore.new(all_versions: all_versions, current_version: current_version).major_version_penalty
-        end
+      def weighted_major_version_score
+        1.0 - weighted_major_version_penalty
       end
 
-      def major_version_penalty_score
-        dependency_priorities.zip(major_version_penalties).sum { |a| a.inject(:*) } / dependency_priorities.sum
-      end
-
-      def weighted_gem_health_score
-        dependency_priorities.zip(dependency_health_scores).sum { |a| a.inject(:*) } / dependency_priorities.sum
-      end
-
-      def dependency_health_scores
-        dependencies.map do |dependency|
-          current_version, all_versions = dependency_versions(dependency)
-
-          GemHealthScore.new(
-            all_versions: all_versions,
-            current_version: current_version,
-            severities: @severities
-          ).health_score
-        end
-      end
-
-      def dependency_priorities
-        @dependency_priorities ||= dependencies.map { |dependency| dependency_priority(dependency) }
+      def weighted_major_version_penalty
+        dependency_priorities.zip(major_version_penalties).sum { |a, b| a * b } / dependency_priorities.sum
       end
 
-      def dependency_priority(dependency)
-        @gem_priorities[dependency.name.to_sym] || @group_priorities[dependency.groups.first] || @default_priority
+      def weighted_dependency_health_score
+        dependency_priorities.zip(dependency_health_scores).sum { |a, b| a * b } / dependency_priorities.sum
       end
 
-      def dependency_versions(dependency)
-        [current_dependency_version(dependency), gem_versions.versions_for(dependency.name)]
+      def major_version_penalties
+        gem_health_scores.map(&:major_version_penalty)
       end
 
-      def current_dependency_version(dependency)
-        lockfile_parser.specs.find { |spec| dependency.name == spec.name }.version
+      def dependency_health_scores
+        gem_health_scores.map(&:health_score)
       end
 
-      def installed_dependencies
-        spec_names = @lockfile_parser.specs.to_set(&:name)
-        dependencies = Bundler::Definition.build(@gemfile_path, nil, nil).dependencies
-
-        dependencies.select { |dependency| spec_names.include?(dependency.name) }
+      def gem_health_scores
+        @gem_health_scores ||= dependencies.map do |dependency|
+          GemHealthScore.new(dependency_context, calculation_context, dependency)
+        end
       end
 
-      def gem_versions
-        @gem_versions ||= GemVersions.new(dependencies.map(&:name), spec_type: @spec_type)
+      def dependency_priorities
+        @dependency_priorities ||= dependencies.map { |dependency| calculation_context.priority_for(dependency) }
       end
 
       def advisories_score
-        (1 + advisories_penalty)**-Math.log(1.09)
-      end
-
-      def advisories_penalty
-        advisories.map(&:criticality)
-                  .sum { |criticality| advisory_penalty_map.fetch(criticality, fallback_advisory_penalty) }
-      end
-
-      def advisories
-        database = Bundler::Audit::Database.new
-
-        lockfile_parser.specs
-                       .flat_map { |gem| database.check_gem(gem).to_a }
-                       .concat(ruby_scanner.vulnerable_advisories)
-                       .reject { |advisory| ignored_advisories.intersect?(advisory.identifiers.to_set) }
-      end
-
-      def ignored_advisories
-        @ignored_advisories ||= Bundler::Audit::Configuration.load(bundler_audit_config_path).ignore.to_set
-      rescue Bundler::Audit::Configuration::FileNotFound, Bundler::Audit::Configuration::InvalidConfigurationError
-        @ignored_advisories = Set.new
+        AdvisoriesHealthScore.new(dependency_context, calculation_context).health_score
       end
 
-      def update_audit_database!
-        Bundler::Audit::Database.update!(quiet: true)
+      def dependencies
+        dependency_context.dependencies
       end
     end
   end

data/lib/polariscope/scanner/ruby_scanner.rb

@@ -1,17 +1,16 @@
 # frozen_string_literal: true
 
-require 'bundler'
 require 'bundler/audit/database'
 
 module Polariscope
   module Scanner
     class RubyScanner
-      def initialize(lockfile_parser)
-        @lockfile_parser = lockfile_parser
+      def initialize(bundler_ruby_version)
+        @bundler_ruby_version = bundler_ruby_version
       end
 
       def version
-        lockfile_ruby_version&.gem_version
+        bundler_ruby_version&.gem_version
       end
 
       def vulnerable_advisories
@@ -20,8 +19,7 @@ module Polariscope
 
       private
 
-      attr_reader :lockfile_parser
-      attr_reader :bundler_audit_database
+      attr_reader :bundler_ruby_version
 
       def advisories
         cve_paths.map { |path| Bundler::Audit::Advisory.load(path) }
@@ -34,11 +32,7 @@ module Polariscope
       end
 
       def engine
-        lockfile_ruby_version.engine
-      end
-
-      def lockfile_ruby_version
-        @lockfile_ruby_version ||= Bundler::RubyVersion.from_string(@lockfile_parser.ruby_version)
+        bundler_ruby_version.engine
       end
     end
   end

data/lib/polariscope/scanner/ruby_versions.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'open-uri'
+
+module Polariscope
+  module Scanner
+    module RubyVersions
+      VERSIONS_INDEX_FILE_URL = 'https://cache.ruby-lang.org/pub/ruby/index.txt'
+      MINIMUM_RUBY_VERSION = Gem::Version.new('1.0.0')
+      OPEN_TIMEOUT = 5
+      READ_TIMEOUT = 5
+
+      module_function
+
+      def available_versions # rubocop:disable Metrics/AbcSize
+        URI
+          .parse(VERSIONS_INDEX_FILE_URL)
+          .open(open_timeout: OPEN_TIMEOUT, read_timeout: READ_TIMEOUT, &:readlines)
+          .drop(1) # header row
+          .map { |line| line.split("\t").first.sub('ruby-', 'ruby ') } # ruby-2.3.4 -> ruby 2.3.4
+          .filter_map { |ruby_version| Bundler::RubyVersion.from_string(ruby_version)&.gem_version }
+          .select { |gem_version| gem_version >= MINIMUM_RUBY_VERSION && gem_version.segments.size == 3 }
+          .to_set
+      rescue Timeout::Error
+        Set.new
+      end
+    end
+  end
+end

data/lib/polariscope/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Polariscope
-  VERSION = '0.3.0'
+  VERSION = '0.4.0'
 end

data/lib/polariscope.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'polariscope/version'
-require_relative 'polariscope/scanner/codebase_health_score'
+require_relative 'polariscope/scanner/gemfile_health_score'
 require_relative 'polariscope/scanner/gem_versions'
 require_relative 'polariscope/file_content'
 
@@ -9,15 +9,15 @@ module Polariscope
   Error = Class.new(StandardError)
 
   class << self
-    def scan(gemfile_content: nil, gemfile_lock_content: nil, bundler_audit_config_content: nil)
-      Scanner::CodebaseHealthScore.new(
-        gemfile_content: gemfile_content || FileContent.for('Gemfile'),
-        gemfile_lock_content: gemfile_lock_content || FileContent.for('Gemfile.lock'),
-        bundler_audit_config_content: bundler_audit_config_content || FileContent.for('.bundler-audit.yml')
-      ).health_score
+    def scan(**opts)
+      Scanner::GemfileHealthScore.new(**opts.merge(
+        gemfile_content: opts.fetch(:gemfile_content, FileContent.for('Gemfile')),
+        gemfile_lock_content: opts.fetch(:gemfile_lock_content, FileContent.for('Gemfile.lock')),
+        bundler_audit_config_content: opts.fetch(:bundler_audit_config_content, FileContent.for('.bundler-audit.yml'))
+      )).health_score
     end
 
-    def gem_versions(dependency_names, spec_type: :released)
+    def gem_versions(dependency_names, spec_type: Scanner::DependencyContext::DEFAULT_SPEC_TYPE)
       Scanner::GemVersions.new(dependency_names, spec_type: spec_type)
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: polariscope
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Rails team
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-10-17 00:00:00.000000000 Z
+date: 2024-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -56,11 +56,15 @@ files:
 - exe/polariscope
 - lib/polariscope.rb
 - lib/polariscope/file_content.rb
-- lib/polariscope/scanner/codebase_health_score.rb
+- lib/polariscope/scanner/advisories_health_score.rb
+- lib/polariscope/scanner/audit_database.rb
+- lib/polariscope/scanner/calculation_context.rb
+- lib/polariscope/scanner/dependency_context.rb
 - lib/polariscope/scanner/gem_health_score.rb
 - lib/polariscope/scanner/gem_versions.rb
 - lib/polariscope/scanner/gemfile_health_score.rb
 - lib/polariscope/scanner/ruby_scanner.rb
+- lib/polariscope/scanner/ruby_versions.rb
 - lib/polariscope/version.rb
 - polariscope.gemspec
 homepage: https://github.com/infinum/polariscope

data/lib/polariscope/scanner/codebase_health_score.rb

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-
-require 'tempfile'
-require_relative 'gemfile_health_score'
-
-module Polariscope
-  module Scanner
-    class CodebaseHealthScore
-      def initialize(gemfile_content:, gemfile_lock_content:, bundler_audit_config_content:)
-        @gemfile_content = gemfile_content
-        @gemfile_lock_content = gemfile_lock_content
-        @bundler_audit_config_content = bundler_audit_config_content
-      end
-
-      def health_score
-        return nil if blank?(gemfile_content) || blank?(gemfile_lock_content)
-
-        begin
-          GemfileHealthScore.new(gemfile_path: gemfile_file.path, gemfile_lock_content: gemfile_lock_content,
-                                 bundler_audit_config_path: bundler_audit_config_file.path,
-                                 update_audit_database: update_audit_database?).health_score
-        ensure
-          gemfile_file.unlink
-          bundler_audit_config_file.unlink
-        end
-      end
-
-      private
-
-      attr_reader :gemfile_content
-      attr_reader :gemfile_lock_content
-      attr_reader :bundler_audit_config_content
-
-      def gemfile_file
-        @gemfile_file ||= begin
-          file = Tempfile.new('Gemfile')
-          file.write(gemfile_content.gsub("gemspec\n", '').gsub(/^ruby.*$\R/, ''))
-          file.close
-          file
-        end
-      end
-
-      def bundler_audit_config_file
-        @bundler_audit_config_file ||= begin
-          file = Tempfile.new('.bundler-audit.yml')
-          file.write(bundler_audit_config_content)
-          file.close
-          file
-        end
-      end
-
-      def blank?(value)
-        value.nil? || value == ''
-      end
-
-      def update_audit_database?
-        audit_db_missing? || audit_db_stale?
-      end
-
-      def audit_db_missing?
-        !Bundler::Audit::Database.exists?
-      end
-
-      def audit_db_stale?
-        ((Time.now - Bundler::Audit::Database.new.last_updated_at) / 86_400) > 7
-      end
-    end
-  end
-end