RubyGems - brew-vulns - Versions diffs - 0.2.0 → 0.2.2 - Mend

brew-vulns 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +8 -0
data/Formula/brew-vulns.rb +2 -2
data/Rakefile +28 -0
data/lib/brew/vulns/osv_client.rb +36 -21
data/lib/brew/vulns/version.rb +1 -1
data/lib/brew/vulns/vulnerability.rb +3 -0
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 72efd9c1dafe1b2b35c1f0ade267d45827870a12ad5d3d39104edbf18737d458
-  data.tar.gz: 893b6844b30213daa63a16e0aa89b2c9fab619615b4fc467c8172f8303b91533
+  metadata.gz: def22990a8238cc399cb69619db068f1f21d556629fe25a3981d0982d61b01ef
+  data.tar.gz: 3d312ead98bf8ead3107c96bb3ab5281a19c84149ceb36cc94b28ed7bb55959e
 SHA512:
-  metadata.gz: 673a4f8eb760b9e12eccab25ae324f514a480580497e5629c57483351f3a8e5fb93a9fe6573ce55e19e03430e9daebdf836335e2485c6f7f059cb5579e817c53
-  data.tar.gz: eda56de2b35ab3406f6d1c74de3e4df9ad075e227cd76d08e534e5fa2326373f3bc3e520044bf3f1b98103dde0b5ac5e65ba0d087b8f112c9ab798b7b4709548
+  metadata.gz: b08361df563690652cfdf979a25b745330dd3eb3b4f907f3a801f3aaca4ddf59650cf715796bd1fb9327e88a1d06b18743ce694c1008c373e7dad5ce7108f818
+  data.tar.gz: a44bb1deeeed685c2453a2a12eec32585c09d1351fedff501dd5b35e638e7416b71bdeea4a6b88ebb903309b4bc332ed403579032c2488e607b703cfe7eb6cb4

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,13 @@
 ## [Unreleased]
+## [0.2.2] - 2026-01-25
+- Add retry logic to OSV API requests (up to 3 attempts on timeout or connection errors)
+## [0.2.1] - 2026-01-08
+- Fix severity extraction for OSS-Fuzz vulnerabilities by reading `ecosystem_specific.severity` from OSV data
 ## [0.2.0] - 2026-01-08
 - Add CycloneDX SBOM output with vulnerabilities (`--cyclonedx`)

data/Formula/brew-vulns.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 class BrewVulns < Formula
   desc "Check Homebrew packages for known vulnerabilities via osv.dev"
   homepage "https://github.com/andrew/brew-vulns"
-  url "https://github.com/andrew/brew-vulns/archive/refs/tags/v0.1.0.tar.gz"
-  sha256 "UPDATE_WITH_SHA256_AFTER_RELEASE"
+  url "https://github.com/andrew/brew-vulns/archive/refs/tags/v0.2.2.tar.gz"
+  sha256 "64abf7791eb7d04312c1fda9dc49a73f3702f5716ce18506324ed9f401fe2514"
   license "MIT"
   depends_on "ruby"

data/Rakefile CHANGED Viewed

@@ -2,7 +2,35 @@
 require "bundler/gem_tasks"
 require "minitest/test_task"
+require "digest"
+require "open-uri"
 Minitest::TestTask.create
 task default: :test
+desc "Update Formula sha256 hash for current version"
+task :update_formula do
+  require_relative "lib/brew/vulns/version"
+  version = Brew::Vulns::VERSION
+  url = "https://github.com/andrew/brew-vulns/archive/refs/tags/v#{version}.tar.gz"
+  formula_path = File.expand_path("Formula/brew-vulns.rb", __dir__)
+  puts "Downloading #{url}..."
+  tarball = URI.open(url).read
+  sha256 = Digest::SHA256.hexdigest(tarball)
+  puts "SHA256: #{sha256}"
+  formula = File.read(formula_path)
+  formula.gsub!(%r{url "https://github.com/andrew/brew-vulns/archive/refs/tags/v[^"]+\.tar\.gz"},
+                "url \"#{url}\"")
+  formula.gsub!(/sha256 "[^"]+"/, "sha256 \"#{sha256}\"")
+  File.write(formula_path, formula)
+  puts "Updated Formula/brew-vulns.rb"
+end
+Rake::Task["release"].enhance do
+  Rake::Task["update_formula"].invoke
+end

data/lib/brew/vulns/osv_client.rb CHANGED Viewed

@@ -11,6 +11,8 @@ module Brew
       BATCH_SIZE = 1000
       OPEN_TIMEOUT = 10
       READ_TIMEOUT = 30
+      MAX_RETRIES = 3
+      RETRY_DELAY = 1
       class Error < StandardError; end
       class ApiError < Error; end
@@ -78,28 +80,41 @@ module Brew
       end
       def execute_request(uri, request)
-        http = Net::HTTP.new(uri.host, uri.port)
-        http.use_ssl = uri.scheme == "https"
-        http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-        http.open_timeout = OPEN_TIMEOUT
-        http.read_timeout = READ_TIMEOUT
-        response = http.request(request)
-        case response
-        when Net::HTTPSuccess
-          JSON.parse(response.body)
-        else
-          raise ApiError, "OSV API error: #{response.code} #{response.message}"
+        attempts = 0
+        begin
+          attempts += 1
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = uri.scheme == "https"
+          http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+          http.open_timeout = OPEN_TIMEOUT
+          http.read_timeout = READ_TIMEOUT
+          response = http.request(request)
+          case response
+          when Net::HTTPSuccess
+            JSON.parse(response.body)
+          else
+            raise ApiError, "OSV API error: #{response.code} #{response.message}"
+          end
+        rescue JSON::ParserError => e
+          raise ApiError, "Invalid JSON response from OSV API: #{e.message}"
+        rescue Net::OpenTimeout, Net::ReadTimeout => e
+          if attempts < MAX_RETRIES
+            sleep RETRY_DELAY
+            retry
+          end
+          raise ApiError, "OSV API timeout after #{attempts} attempts: #{e.message}"
+        rescue SocketError, Errno::ECONNREFUSED => e
+          if attempts < MAX_RETRIES
+            sleep RETRY_DELAY
+            retry
+          end
+          raise ApiError, "OSV API connection error after #{attempts} attempts: #{e.message}"
+        rescue OpenSSL::SSL::SSLError => e
+          raise ApiError, "OSV API SSL error: #{e.message}"
         end
-      rescue JSON::ParserError => e
-        raise ApiError, "Invalid JSON response from OSV API: #{e.message}"
-      rescue Net::OpenTimeout, Net::ReadTimeout => e
-        raise ApiError, "OSV API timeout: #{e.message}"
-      rescue SocketError, Errno::ECONNREFUSED => e
-        raise ApiError, "OSV API connection error: #{e.message}"
-      rescue OpenSSL::SSL::SSLError => e
-        raise ApiError, "OSV API SSL error: #{e.message}"
       end
       def fetch_all_pages(response, original_payload)

data/lib/brew/vulns/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Brew
   module Vulns
-    VERSION = "0.2.0"
+    VERSION = "0.2.2"
   end
 end

data/lib/brew/vulns/vulnerability.rb CHANGED Viewed

@@ -87,6 +87,9 @@ module Brew
         end
         data["affected"]&.each do |aff|
+          eco_sev = aff.dig("ecosystem_specific", "severity")
+          return normalize_severity(eco_sev) if eco_sev
           db_sev = aff.dig("database_specific", "severity")
           return normalize_severity(db_sev) if db_sev
         end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: brew-vulns
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.2
 platform: ruby
 authors:
 - Andrew Nesbitt