Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 809f814

Browse files
Daniel O'Briendobs
Daniel O'Brien
authored andcommittedMar 14, 2019
Allow for ignoring insecure sources.
Ignoring internal sources is already supported with a fixed IP whitelist, but this doesn't support cases where an internal source doesn't fall within those IPs blocks. This change allows specific hostnames to be ignored.
1 parent c3fe695 commit 809f814

File tree

2 files changed

+14
-3
lines changed

2 files changed

+14
-3
lines changed
 

‎lib/bundler/audit/scanner.rb

+5-2
Original file line numberDiff line numberDiff line change
@@ -99,18 +99,21 @@ def scan(options={},&block)
9999
def scan_sources(options={})
100100
return enum_for(__method__,options) unless block_given?
101101

102+
ignore = Set[]
103+
ignore += options[:ignore] if options[:ignore]
104+
102105
@lockfile.sources.map do |source|
103106
case source
104107
when Source::Git
105108
case source.uri
106109
when /^git:/, /^http:/
107-
unless internal_source?(source.uri)
110+
unless internal_source?(source.uri) || ignore.include?(source.uri)
108111
yield InsecureSource.new(source.uri)
109112
end
110113
end
111114
when Source::Rubygems
112115
source.remotes.each do |uri|
113-
if (uri.scheme == 'http' && !internal_source?(uri))
116+
if (uri.scheme == 'http' && !internal_source?(uri)) && !ignore.include?(uri.to_s)
114117
yield InsecureSource.new(uri.to_s)
115118
end
116119
end

‎spec/scanner_spec.rb

+9-1
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@
4141

4242
it "should ignore the specified advisories" do
4343
ids = subject.map { |result| result.advisory.id }
44-
44+
4545
expect(ids).not_to include('OSVDB-89026')
4646
end
4747
end
@@ -58,6 +58,14 @@
5858
expect(subject[0].source).to eq('git://github.com/rails/jquery-rails.git')
5959
expect(subject[1].source).to eq('http://rubygems.org/')
6060
end
61+
62+
context "when ignoring insecure sources" do
63+
subject { scanner.scan(:ignore => ['http://rubygems.org/', 'git://github.com/rails/jquery-rails.git']).to_a }
64+
65+
it "should print nothing when otherwise fine" do
66+
expect(subject).to be_empty
67+
end
68+
end
6169
end
6270

6371
context "when auditing a secure bundle" do

0 commit comments

Comments
 (0)
Please sign in to comment.