Skip to content

Bundler audit is not thread safe #156

Open
#397
Open
Bundler audit is not thread safe#156
#397
Labels
enhancement
@mensfeld

Description

@mensfeld
mensfeld
opened on Jul 15, 2016

Because of the Dir.chdir in lib/bundler/audit/database.rb, the gem itself is not threadsafe

I believe that this should do the trick:

module Bundler
  module Audit
    # Represents the directory of advisories, grouped by gem name
    # and CVE number.
    class Database
      def path
        return VENDORED_PATH unless File.directory?(USER_PATH)

        t1 = Time.parse(`git -C #{USER_PATH} log --date=iso8601 --pretty="%cd" -1`)
        t2 = VENDORED_TIMESTAMP

        t1 >= t2 ? USER_PATH : VENDORED_PATH
      end

      # Updates the ruby-advisory-db.
      # @return [Boolean, nil]
      #   Specifies whether the update was successful.
      #   A `nil` indicates no update was performed.
      def update!
        if File.directory?(USER_PATH)
          cmd = "git -C #{USER_PATH} pull origin master"
        else
          cmd = "git clone #{URL} #{USER_PATH}"
        end

        system cmd
      end
    end
  end
end

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancement

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions