bundler-audit 0.3.1 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +3 -1
- data/.travis.yml +13 -4
- data/ChangeLog.md +53 -0
- data/Gemfile +4 -3
- data/README.md +44 -18
- data/Rakefile +13 -21
- data/bin/bundler-audit +3 -0
- data/data/ruby-advisory-db.ts +1 -1
- data/gemspec.yml +4 -3
- data/lib/bundler/audit.rb +1 -1
- data/lib/bundler/audit/advisory.rb +71 -7
- data/lib/bundler/audit/cli.rb +41 -11
- data/lib/bundler/audit/database.rb +29 -7
- data/lib/bundler/audit/scanner.rb +126 -10
- data/lib/bundler/audit/task.rb +31 -0
- data/lib/bundler/audit/version.rb +2 -2
- data/spec/advisory_spec.rb +211 -35
- data/spec/audit_spec.rb +1 -1
- data/spec/bundle/insecure_sources/Gemfile +2 -37
- data/spec/bundle/secure/Gemfile +2 -36
- data/spec/bundle/unpatched_gems/Gemfile +1 -36
- data/spec/cli_spec.rb +126 -0
- data/spec/database_spec.rb +51 -25
- data/spec/integration_spec.rb +35 -13
- data/spec/scanner_spec.rb +11 -10
- data/spec/spec_helper.rb +9 -17
- metadata +38 -121
- data/data/ruby-advisory-db/.gitignore +0 -1
- data/data/ruby-advisory-db/.rspec +0 -1
- data/data/ruby-advisory-db/CONTRIBUTING.md +0 -6
- data/data/ruby-advisory-db/CONTRIBUTORS.md +0 -23
- data/data/ruby-advisory-db/Gemfile +0 -3
- data/data/ruby-advisory-db/LICENSE.txt +0 -5
- data/data/ruby-advisory-db/README.md +0 -82
- data/data/ruby-advisory-db/Rakefile +0 -27
- data/data/ruby-advisory-db/gems/actionmailer/OSVDB-98629.yml +0 -17
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml +0 -20
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-100525.yml +0 -21
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-100526.yml +0 -27
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-100527.yml +0 -24
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-100528.yml +0 -22
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-103439.yml +0 -24
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-103440.yml +0 -22
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-79727.yml +0 -26
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-84243.yml +0 -28
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-84513.yml +0 -23
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-84515.yml +0 -26
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml +0 -24
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-91452.yml +0 -20
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml +0 -23
- data/data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml +0 -23
- data/data/ruby-advisory-db/gems/activerecord/OSVDB-82403.yml +0 -25
- data/data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml +0 -24
- data/data/ruby-advisory-db/gems/activerecord/OSVDB-89025.yml +0 -24
- data/data/ruby-advisory-db/gems/activerecord/OSVDB-90072.yml +0 -21
- data/data/ruby-advisory-db/gems/activerecord/OSVDB-90073.yml +0 -23
- data/data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml +0 -26
- data/data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml +0 -26
- data/data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml +0 -23
- data/data/ruby-advisory-db/gems/activesupport/OSVDB-89594.yml +0 -25
- data/data/ruby-advisory-db/gems/activesupport/OSVDB-91451.yml +0 -28
- data/data/ruby-advisory-db/gems/arabic-prawn/OSVDB-104365.yml +0 -15
- data/data/ruby-advisory-db/gems/cocaine/OSVDB-98835.yml +0 -15
- data/data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml +0 -10
- data/data/ruby-advisory-db/gems/crack/OSVDB-90742.yml +0 -17
- data/data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml +0 -11
- data/data/ruby-advisory-db/gems/curl/OSVDB-91230.yml +0 -12
- data/data/ruby-advisory-db/gems/devise/OSVDB-89642.yml +0 -20
- data/data/ruby-advisory-db/gems/dragonfly/OSVDB-90647.yml +0 -19
- data/data/ruby-advisory-db/gems/echor/OSVDB-102129.yml +0 -11
- data/data/ruby-advisory-db/gems/echor/OSVDB-102130.yml +0 -10
- data/data/ruby-advisory-db/gems/enum_column3/OSVDB-94679.yml +0 -9
- data/data/ruby-advisory-db/gems/extlib/OSVDB-90740.yml +0 -18
- data/data/ruby-advisory-db/gems/fastreader/OSVDB-91232.yml +0 -12
- data/data/ruby-advisory-db/gems/fileutils/OSVDB-90715.yml +0 -10
- data/data/ruby-advisory-db/gems/fileutils/OSVDB-90716.yml +0 -10
- data/data/ruby-advisory-db/gems/fileutils/OSVDB-90717.yml +0 -10
- data/data/ruby-advisory-db/gems/flash_tool/OSVDB-90829.yml +0 -9
- data/data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-96798.yml +0 -13
- data/data/ruby-advisory-db/gems/ftpd/OSVDB-90784.yml +0 -18
- data/data/ruby-advisory-db/gems/gitlab-grit/OSVDB-99370.yml +0 -14
- data/data/ruby-advisory-db/gems/gtk2/OSVDB-40774.yml +0 -20
- data/data/ruby-advisory-db/gems/httparty/OSVDB-90741.yml +0 -14
- data/data/ruby-advisory-db/gems/i18n/OSVDB-100528.yml +0 -17
- data/data/ruby-advisory-db/gems/json/OSVDB-90074.yml +0 -23
- data/data/ruby-advisory-db/gems/karteek-docsplit/OSVDB-92117.yml +0 -10
- data/data/ruby-advisory-db/gems/kelredd-pruview/OSVDB-92228.yml +0 -10
- data/data/ruby-advisory-db/gems/ldoce/OSVDB-91870.yml +0 -10
- data/data/ruby-advisory-db/gems/loofah/OSVDB-90945.yml +0 -21
- data/data/ruby-advisory-db/gems/mail/OSVDB-70667.yml +0 -21
- data/data/ruby-advisory-db/gems/mail/OSVDB-81631.yml +0 -14
- data/data/ruby-advisory-db/gems/mail/OSVDB-81632.yml +0 -16
- data/data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml +0 -10
- data/data/ruby-advisory-db/gems/mini_magick/OSVDB-91231.yml +0 -15
- data/data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml +0 -16
- data/data/ruby-advisory-db/gems/newrelic_rpm/OSVDB-90189.yml +0 -17
- data/data/ruby-advisory-db/gems/nokogiri/OSVDB-101179.yml +0 -12
- data/data/ruby-advisory-db/gems/nokogiri/OSVDB-101458.yml +0 -15
- data/data/ruby-advisory-db/gems/nori/OSVDB-90196.yml +0 -19
- data/data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99693.yml +0 -22
- data/data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99888.yml +0 -17
- data/data/ruby-advisory-db/gems/omniauth-oauth2/OSVDB-90264.yml +0 -16
- data/data/ruby-advisory-db/gems/paperclip/OSVDB-103151.yml +0 -13
- data/data/ruby-advisory-db/gems/paratrooper-newrelic/OSVDB-101839.yml +0 -12
- data/data/ruby-advisory-db/gems/paratrooper-pingdom/OSVDB-101847.yml +0 -13
- data/data/ruby-advisory-db/gems/pdfkit/OSVDB-90867.yml +0 -11
- data/data/ruby-advisory-db/gems/rack-cache/OSVDB-83077.yml +0 -18
- data/data/ruby-advisory-db/gems/rack/OSVDB-89939.yml +0 -23
- data/data/ruby-advisory-db/gems/rbovirt/OSVDB-104080.yml +0 -20
- data/data/ruby-advisory-db/gems/rdoc/OSVDB-90004.yml +0 -27
- data/data/ruby-advisory-db/gems/redis-namespace/OSVDB-96425.yml +0 -16
- data/data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml +0 -14
- data/data/ruby-advisory-db/gems/ruby_parser/OSVDB-90561.yml +0 -11
- data/data/ruby-advisory-db/gems/sfpagent/OSVDB-105971.yml +0 -13
- data/data/ruby-advisory-db/gems/sounder/OSVDB-96278.yml +0 -13
- data/data/ruby-advisory-db/gems/spree/OSVDB-91216.yml +0 -11
- data/data/ruby-advisory-db/gems/spree/OSVDB-91217.yml +0 -11
- data/data/ruby-advisory-db/gems/spree/OSVDB-91218.yml +0 -11
- data/data/ruby-advisory-db/gems/spree/OSVDB-91219.yml +0 -11
- data/data/ruby-advisory-db/gems/sprout/OSVDB-100598.yml +0 -14
- data/data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml +0 -10
- data/data/ruby-advisory-db/gems/webbynode/OSVDB-100920.yml +0 -11
- data/data/ruby-advisory-db/gems/wicked/OSVDB-98270.yml +0 -14
- data/data/ruby-advisory-db/gems/will_paginate/OSVDB-101138.yml +0 -15
- data/data/ruby-advisory-db/lib/scrape.rb +0 -87
- data/data/ruby-advisory-db/spec/advisory_example.rb +0 -165
- data/data/ruby-advisory-db/spec/gems_spec.rb +0 -7
- data/data/ruby-advisory-db/spec/spec_helper.rb +0 -1
data/spec/scanner_spec.rb
CHANGED
@@ -13,12 +13,12 @@ describe Scanner do
|
|
13
13
|
|
14
14
|
subject.scan { |result| results << result }
|
15
15
|
|
16
|
-
results.
|
16
|
+
expect(results).not_to be_empty
|
17
17
|
end
|
18
18
|
|
19
19
|
context "when not called with a block" do
|
20
20
|
it "should return an Enumerator" do
|
21
|
-
subject.scan.
|
21
|
+
expect(subject.scan).to be_kind_of(Enumerable)
|
22
22
|
end
|
23
23
|
end
|
24
24
|
end
|
@@ -31,18 +31,19 @@ describe Scanner do
|
|
31
31
|
subject { scanner.scan.to_a }
|
32
32
|
|
33
33
|
it "should match unpatched gems to their advisories" do
|
34
|
-
subject.
|
34
|
+
ids = subject.map { |result| result.advisory.id }
|
35
|
+
expect(ids).to include('CVE-2013-0155')
|
36
|
+
expect(subject.all? { |result|
|
35
37
|
result.advisory.vulnerable?(result.gem.version)
|
36
|
-
}.
|
38
|
+
}).to be_truthy
|
37
39
|
end
|
38
40
|
|
39
41
|
context "when the :ignore option is given" do
|
40
|
-
subject { scanner.scan(:ignore => ['
|
42
|
+
subject { scanner.scan(:ignore => ['CVE-2013-0155']) }
|
41
43
|
|
42
44
|
it "should ignore the specified advisories" do
|
43
45
|
ids = subject.map { |result| result.advisory.id }
|
44
|
-
|
45
|
-
ids.should_not include('OSVDB-89026')
|
46
|
+
expect(ids).not_to include('CVE-2013-0155')
|
46
47
|
end
|
47
48
|
end
|
48
49
|
end
|
@@ -55,8 +56,8 @@ describe Scanner do
|
|
55
56
|
subject { scanner.scan.to_a }
|
56
57
|
|
57
58
|
it "should match unpatched gems to their advisories" do
|
58
|
-
subject[0].source.
|
59
|
-
subject[1].source.
|
59
|
+
expect(subject[0].source).to eq('git://github.com/rails/jquery-rails.git')
|
60
|
+
expect(subject[1].source).to eq('http://rubygems.org/')
|
60
61
|
end
|
61
62
|
end
|
62
63
|
|
@@ -68,7 +69,7 @@ describe Scanner do
|
|
68
69
|
subject { scanner.scan.to_a }
|
69
70
|
|
70
71
|
it "should print nothing when everything is fine" do
|
71
|
-
subject.
|
72
|
+
expect(subject).to be_empty
|
72
73
|
end
|
73
74
|
end
|
74
75
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,5 +1,9 @@
|
|
1
|
+
require 'simplecov'
|
2
|
+
SimpleCov.start
|
3
|
+
|
1
4
|
require 'rspec'
|
2
5
|
require 'bundler/audit/version'
|
6
|
+
require 'bundler/audit/database'
|
3
7
|
|
4
8
|
module Helpers
|
5
9
|
def sh(command, options={})
|
@@ -19,30 +23,18 @@ module Helpers
|
|
19
23
|
end
|
20
24
|
|
21
25
|
def expect_update_to_clone_repo!
|
22
|
-
Bundler::Audit::Database.
|
23
|
-
|
26
|
+
expect(Bundler::Audit::Database).
|
27
|
+
to receive(:system).
|
24
28
|
with('git', 'clone', Bundler::Audit::Database::VENDORED_PATH, mocked_user_path).
|
25
29
|
and_call_original
|
26
30
|
end
|
27
31
|
|
28
32
|
def expect_update_to_update_repo!
|
29
|
-
Bundler::Audit::Database.
|
30
|
-
|
31
|
-
with('git', 'pull', 'origin', 'master').
|
33
|
+
expect(Bundler::Audit::Database).
|
34
|
+
to receive(:system).
|
35
|
+
with('git', 'pull', '--no-rebase', 'origin', 'master').
|
32
36
|
and_call_original
|
33
37
|
end
|
34
|
-
|
35
|
-
def fake_a_commit_in_the_user_repo
|
36
|
-
Dir.chdir(mocked_user_path) do
|
37
|
-
system 'git', 'commit', '--allow-empty', '-m', 'Dummy commit.'
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
|
-
def roll_user_repo_back(num_commits)
|
42
|
-
Dir.chdir(mocked_user_path) do
|
43
|
-
system 'git', 'reset', '--hard', "HEAD~#{num_commits}"
|
44
|
-
end
|
45
|
-
end
|
46
38
|
end
|
47
39
|
|
48
40
|
include Bundler::Audit
|
metadata
CHANGED
@@ -1,65 +1,79 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler-audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Postmodern
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-06-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- -
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '0.18'
|
20
|
+
- - "<"
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: '2'
|
20
23
|
type: :runtime
|
21
24
|
prerelease: false
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
23
26
|
requirements:
|
24
|
-
- -
|
27
|
+
- - ">="
|
25
28
|
- !ruby/object:Gem::Version
|
26
29
|
version: '0.18'
|
30
|
+
- - "<"
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '2'
|
27
33
|
- !ruby/object:Gem::Dependency
|
28
34
|
name: bundler
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
30
36
|
requirements:
|
31
|
-
- -
|
37
|
+
- - ">="
|
32
38
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
39
|
+
version: 1.2.0
|
40
|
+
- - "<"
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
version: '3'
|
34
43
|
type: :runtime
|
35
44
|
prerelease: false
|
36
45
|
version_requirements: !ruby/object:Gem::Requirement
|
37
46
|
requirements:
|
38
|
-
- -
|
47
|
+
- - ">="
|
48
|
+
- !ruby/object:Gem::Version
|
49
|
+
version: 1.2.0
|
50
|
+
- - "<"
|
39
51
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
52
|
+
version: '3'
|
41
53
|
description: bundler-audit provides patch-level verification for Bundled apps.
|
42
54
|
email: postmodern.mod3@gmail.com
|
43
55
|
executables:
|
44
56
|
- bundle-audit
|
57
|
+
- bundler-audit
|
45
58
|
extensions: []
|
46
59
|
extra_rdoc_files:
|
47
60
|
- COPYING.txt
|
48
61
|
- ChangeLog.md
|
49
62
|
- README.md
|
50
63
|
files:
|
51
|
-
- .document
|
52
|
-
- .gitignore
|
53
|
-
- .gitmodules
|
54
|
-
- .rspec
|
55
|
-
- .travis.yml
|
56
|
-
- .yardopts
|
64
|
+
- ".document"
|
65
|
+
- ".gitignore"
|
66
|
+
- ".gitmodules"
|
67
|
+
- ".rspec"
|
68
|
+
- ".travis.yml"
|
69
|
+
- ".yardopts"
|
57
70
|
- COPYING.txt
|
58
71
|
- ChangeLog.md
|
59
72
|
- Gemfile
|
60
73
|
- README.md
|
61
74
|
- Rakefile
|
62
75
|
- bin/bundle-audit
|
76
|
+
- bin/bundler-audit
|
63
77
|
- bundler-audit.gemspec
|
64
78
|
- data/ruby-advisory-db.ts
|
65
79
|
- gemspec.yml
|
@@ -68,121 +82,25 @@ files:
|
|
68
82
|
- lib/bundler/audit/cli.rb
|
69
83
|
- lib/bundler/audit/database.rb
|
70
84
|
- lib/bundler/audit/scanner.rb
|
85
|
+
- lib/bundler/audit/task.rb
|
71
86
|
- lib/bundler/audit/version.rb
|
72
87
|
- spec/advisory_spec.rb
|
73
88
|
- spec/audit_spec.rb
|
74
89
|
- spec/bundle/insecure_sources/Gemfile
|
90
|
+
- spec/bundle/insecure_sources/Gemfile.lock
|
75
91
|
- spec/bundle/secure/Gemfile
|
92
|
+
- spec/bundle/secure/Gemfile.lock
|
76
93
|
- spec/bundle/unpatched_gems/Gemfile
|
94
|
+
- spec/bundle/unpatched_gems/Gemfile.lock
|
95
|
+
- spec/cli_spec.rb
|
77
96
|
- spec/database_spec.rb
|
78
97
|
- spec/fixtures/not_a_hash.yml
|
79
98
|
- spec/integration_spec.rb
|
80
99
|
- spec/scanner_spec.rb
|
81
100
|
- spec/spec_helper.rb
|
82
|
-
- data/ruby-advisory-db/.gitignore
|
83
|
-
- data/ruby-advisory-db/.rspec
|
84
|
-
- data/ruby-advisory-db/CONTRIBUTING.md
|
85
|
-
- data/ruby-advisory-db/CONTRIBUTORS.md
|
86
|
-
- data/ruby-advisory-db/Gemfile
|
87
|
-
- data/ruby-advisory-db/LICENSE.txt
|
88
|
-
- data/ruby-advisory-db/README.md
|
89
|
-
- data/ruby-advisory-db/Rakefile
|
90
|
-
- data/ruby-advisory-db/gems/actionmailer/OSVDB-98629.yml
|
91
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml
|
92
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-100525.yml
|
93
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-100526.yml
|
94
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-100527.yml
|
95
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-100528.yml
|
96
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-103439.yml
|
97
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-103440.yml
|
98
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-79727.yml
|
99
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-84243.yml
|
100
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-84513.yml
|
101
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-84515.yml
|
102
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-89026.yml
|
103
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-91452.yml
|
104
|
-
- data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
|
105
|
-
- data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml
|
106
|
-
- data/ruby-advisory-db/gems/activerecord/OSVDB-82403.yml
|
107
|
-
- data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
|
108
|
-
- data/ruby-advisory-db/gems/activerecord/OSVDB-89025.yml
|
109
|
-
- data/ruby-advisory-db/gems/activerecord/OSVDB-90072.yml
|
110
|
-
- data/ruby-advisory-db/gems/activerecord/OSVDB-90073.yml
|
111
|
-
- data/ruby-advisory-db/gems/activerecord/OSVDB-91453.yml
|
112
|
-
- data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
|
113
|
-
- data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
|
114
|
-
- data/ruby-advisory-db/gems/activesupport/OSVDB-89594.yml
|
115
|
-
- data/ruby-advisory-db/gems/activesupport/OSVDB-91451.yml
|
116
|
-
- data/ruby-advisory-db/gems/arabic-prawn/OSVDB-104365.yml
|
117
|
-
- data/ruby-advisory-db/gems/cocaine/OSVDB-98835.yml
|
118
|
-
- data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml
|
119
|
-
- data/ruby-advisory-db/gems/crack/OSVDB-90742.yml
|
120
|
-
- data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
|
121
|
-
- data/ruby-advisory-db/gems/curl/OSVDB-91230.yml
|
122
|
-
- data/ruby-advisory-db/gems/devise/OSVDB-89642.yml
|
123
|
-
- data/ruby-advisory-db/gems/dragonfly/OSVDB-90647.yml
|
124
|
-
- data/ruby-advisory-db/gems/echor/OSVDB-102129.yml
|
125
|
-
- data/ruby-advisory-db/gems/echor/OSVDB-102130.yml
|
126
|
-
- data/ruby-advisory-db/gems/enum_column3/OSVDB-94679.yml
|
127
|
-
- data/ruby-advisory-db/gems/extlib/OSVDB-90740.yml
|
128
|
-
- data/ruby-advisory-db/gems/fastreader/OSVDB-91232.yml
|
129
|
-
- data/ruby-advisory-db/gems/fileutils/OSVDB-90715.yml
|
130
|
-
- data/ruby-advisory-db/gems/fileutils/OSVDB-90716.yml
|
131
|
-
- data/ruby-advisory-db/gems/fileutils/OSVDB-90717.yml
|
132
|
-
- data/ruby-advisory-db/gems/flash_tool/OSVDB-90829.yml
|
133
|
-
- data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-96798.yml
|
134
|
-
- data/ruby-advisory-db/gems/ftpd/OSVDB-90784.yml
|
135
|
-
- data/ruby-advisory-db/gems/gitlab-grit/OSVDB-99370.yml
|
136
|
-
- data/ruby-advisory-db/gems/gtk2/OSVDB-40774.yml
|
137
|
-
- data/ruby-advisory-db/gems/httparty/OSVDB-90741.yml
|
138
|
-
- data/ruby-advisory-db/gems/i18n/OSVDB-100528.yml
|
139
|
-
- data/ruby-advisory-db/gems/json/OSVDB-90074.yml
|
140
|
-
- data/ruby-advisory-db/gems/karteek-docsplit/OSVDB-92117.yml
|
141
|
-
- data/ruby-advisory-db/gems/kelredd-pruview/OSVDB-92228.yml
|
142
|
-
- data/ruby-advisory-db/gems/ldoce/OSVDB-91870.yml
|
143
|
-
- data/ruby-advisory-db/gems/loofah/OSVDB-90945.yml
|
144
|
-
- data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
|
145
|
-
- data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
|
146
|
-
- data/ruby-advisory-db/gems/mail/OSVDB-81632.yml
|
147
|
-
- data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml
|
148
|
-
- data/ruby-advisory-db/gems/mini_magick/OSVDB-91231.yml
|
149
|
-
- data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
|
150
|
-
- data/ruby-advisory-db/gems/newrelic_rpm/OSVDB-90189.yml
|
151
|
-
- data/ruby-advisory-db/gems/nokogiri/OSVDB-101179.yml
|
152
|
-
- data/ruby-advisory-db/gems/nokogiri/OSVDB-101458.yml
|
153
|
-
- data/ruby-advisory-db/gems/nori/OSVDB-90196.yml
|
154
|
-
- data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99693.yml
|
155
|
-
- data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99888.yml
|
156
|
-
- data/ruby-advisory-db/gems/omniauth-oauth2/OSVDB-90264.yml
|
157
|
-
- data/ruby-advisory-db/gems/paperclip/OSVDB-103151.yml
|
158
|
-
- data/ruby-advisory-db/gems/paratrooper-newrelic/OSVDB-101839.yml
|
159
|
-
- data/ruby-advisory-db/gems/paratrooper-pingdom/OSVDB-101847.yml
|
160
|
-
- data/ruby-advisory-db/gems/pdfkit/OSVDB-90867.yml
|
161
|
-
- data/ruby-advisory-db/gems/rack-cache/OSVDB-83077.yml
|
162
|
-
- data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
|
163
|
-
- data/ruby-advisory-db/gems/rbovirt/OSVDB-104080.yml
|
164
|
-
- data/ruby-advisory-db/gems/rdoc/OSVDB-90004.yml
|
165
|
-
- data/ruby-advisory-db/gems/redis-namespace/OSVDB-96425.yml
|
166
|
-
- data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml
|
167
|
-
- data/ruby-advisory-db/gems/ruby_parser/OSVDB-90561.yml
|
168
|
-
- data/ruby-advisory-db/gems/sfpagent/OSVDB-105971.yml
|
169
|
-
- data/ruby-advisory-db/gems/sounder/OSVDB-96278.yml
|
170
|
-
- data/ruby-advisory-db/gems/spree/OSVDB-91216.yml
|
171
|
-
- data/ruby-advisory-db/gems/spree/OSVDB-91217.yml
|
172
|
-
- data/ruby-advisory-db/gems/spree/OSVDB-91218.yml
|
173
|
-
- data/ruby-advisory-db/gems/spree/OSVDB-91219.yml
|
174
|
-
- data/ruby-advisory-db/gems/sprout/OSVDB-100598.yml
|
175
|
-
- data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml
|
176
|
-
- data/ruby-advisory-db/gems/webbynode/OSVDB-100920.yml
|
177
|
-
- data/ruby-advisory-db/gems/wicked/OSVDB-98270.yml
|
178
|
-
- data/ruby-advisory-db/gems/will_paginate/OSVDB-101138.yml
|
179
|
-
- data/ruby-advisory-db/lib/scrape.rb
|
180
|
-
- data/ruby-advisory-db/spec/advisory_example.rb
|
181
|
-
- data/ruby-advisory-db/spec/gems_spec.rb
|
182
|
-
- data/ruby-advisory-db/spec/spec_helper.rb
|
183
101
|
homepage: https://github.com/rubysec/bundler-audit#readme
|
184
102
|
licenses:
|
185
|
-
-
|
103
|
+
- GPL-3.0+
|
186
104
|
metadata: {}
|
187
105
|
post_install_message:
|
188
106
|
rdoc_options: []
|
@@ -190,17 +108,16 @@ require_paths:
|
|
190
108
|
- lib
|
191
109
|
required_ruby_version: !ruby/object:Gem::Requirement
|
192
110
|
requirements:
|
193
|
-
- -
|
111
|
+
- - ">="
|
194
112
|
- !ruby/object:Gem::Version
|
195
|
-
version:
|
113
|
+
version: 1.9.3
|
196
114
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
197
115
|
requirements:
|
198
|
-
- -
|
116
|
+
- - ">="
|
199
117
|
- !ruby/object:Gem::Version
|
200
118
|
version: 1.8.0
|
201
119
|
requirements: []
|
202
|
-
|
203
|
-
rubygems_version: 2.0.14
|
120
|
+
rubygems_version: 3.1.2
|
204
121
|
signing_key:
|
205
122
|
specification_version: 4
|
206
123
|
summary: Patch-level verification for Bundler
|
@@ -1 +0,0 @@
|
|
1
|
-
Gemfile.lock
|
@@ -1 +0,0 @@
|
|
1
|
-
--colour
|
@@ -1,23 +0,0 @@
|
|
1
|
-
### Acknowledgements
|
2
|
-
|
3
|
-
This database would not be possible without volunteers willing to submit pull requests.
|
4
|
-
|
5
|
-
Thanks,
|
6
|
-
* [Postmodern](https://github.com/postmodern/)
|
7
|
-
* [Max Veytsman](https://twitter.com/mveytsman)
|
8
|
-
* [Pietro Monteiro](https://github.com/pietro)
|
9
|
-
* [Eric Hodel](https://github.com/drbrain)
|
10
|
-
* [Brendon Murphy](https://github.com/bemurphy)
|
11
|
-
* [Oliver Legg](https://github.com/olly)
|
12
|
-
* [Larry W. Cashdollar](http://vapid.dhs.org/)
|
13
|
-
* [Michael Grosser](https://github.com/grosser)
|
14
|
-
* [Sascha Korth](https://github.com/skorth)
|
15
|
-
* [David Radcliffe](https://github.com/dwradcliffe)
|
16
|
-
* [Jörg Schiller](https://github.com/joergschiller)
|
17
|
-
* [Derek Prior](https://github.com/derekprior)
|
18
|
-
* [Joel Chippindale](https://github.com/mocoso)
|
19
|
-
* [Josef Šimánek](https://github.com/simi)
|
20
|
-
* [Amiel Martin](https://github.com/amiel)
|
21
|
-
* [Jeremy Olliver](https://github.com/jeremyolliver)
|
22
|
-
* [Vasily Vasinov](https://github.com/vasinov)
|
23
|
-
* [Phill MV](https://twitter.com/phillmv)
|
@@ -1,5 +0,0 @@
|
|
1
|
-
If you submit code or data to the ruby-advisory-db that is copyrighted by yourself, upon submission you hereby agree to release it into the public domain.
|
2
|
-
|
3
|
-
However, not all of the ruby-advisory-db can be considered public domain. The ruby-advisory-db may contain some information copyrighted by the Open Source Vulnerability Database (http://osvdb.org). If you use ruby-advisory-db data to build a product or a service, it is your responsibility to familiarize yourself with the terms of their license: http://www.osvdb.org/osvdb_license
|
4
|
-
|
5
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
@@ -1,82 +0,0 @@
|
|
1
|
-
# Ruby Advisory Database
|
2
|
-
|
3
|
-
The Ruby Advisory Database aims to compile all advisories that are relevant to Ruby libraries.
|
4
|
-
|
5
|
-
## Goals
|
6
|
-
|
7
|
-
1. Provide advisory **metadata** in a **simple** yet **structured** [YAML]
|
8
|
-
schema for automated tools to consume.
|
9
|
-
2. Avoid reinventing [CVE]s.
|
10
|
-
3. Avoid duplicating the efforts of the [OSVDB].
|
11
|
-
|
12
|
-
## Directory Structure
|
13
|
-
|
14
|
-
The database is a list of directories that match the names of Ruby libraries on
|
15
|
-
[rubygems.org]. Within each directory are one or more advisory files
|
16
|
-
for the Ruby library. These advisory files are typically named using
|
17
|
-
the advisories [OSVDB] identifier number.
|
18
|
-
|
19
|
-
gems/:
|
20
|
-
actionpack/:
|
21
|
-
OSVDB-79727.yml OSVDB-84513.yml OSVDB-89026.yml OSVDB-91454.yml
|
22
|
-
OSVDB-84243.yml OSVDB-84515.yml OSVDB-91452.yml
|
23
|
-
|
24
|
-
## Format
|
25
|
-
|
26
|
-
Each advisory file contains the advisory information in [YAML] format:
|
27
|
-
|
28
|
-
---
|
29
|
-
gem: actionpack
|
30
|
-
framework: rails
|
31
|
-
cve: 2013-0156
|
32
|
-
osvdb: 89026
|
33
|
-
url: http://osvdb.org/show/osvdb/89026
|
34
|
-
title: |
|
35
|
-
Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing
|
36
|
-
Remote Code Execution
|
37
|
-
|
38
|
-
description: |
|
39
|
-
Ruby on Rails contains a flaw in params_parser.rb of the Action Pack.
|
40
|
-
The issue is triggered when a type casting error occurs during the parsing
|
41
|
-
of parameters. This may allow a remote attacker to potentially execute
|
42
|
-
arbitrary code.
|
43
|
-
|
44
|
-
cvss_v2: 10.0
|
45
|
-
|
46
|
-
patched_versions:
|
47
|
-
- ~> 2.3.15
|
48
|
-
- ~> 3.0.19
|
49
|
-
- ~> 3.1.10
|
50
|
-
- ">= 3.2.11"
|
51
|
-
|
52
|
-
### Schema
|
53
|
-
|
54
|
-
* `gem` \[String\]: Name of the affected gem.
|
55
|
-
* `framework` \[String\] (optional): Name of framework gem belongs to.
|
56
|
-
* `platform` \[String\] (optional): If this vulnerability is platform-specific, name of platform this vulnerability affects (e.g. JRuby)
|
57
|
-
* `cve` \[String\]: CVE id.
|
58
|
-
* `osvdb` \[Fixnum\]: OSVDB id.
|
59
|
-
* `url` \[String\]: The URL to the full advisory.
|
60
|
-
* `title` \[String\]: The title of the advisory.
|
61
|
-
* `date` \[Date\]: Disclosure date of the advisory.
|
62
|
-
* `description` \[String\]: Multi-paragraph description of the vulnerability.
|
63
|
-
* `cvss_v2` \[Float\]: The [CVSSv2] score for the vulnerability.
|
64
|
-
* `unaffected_versions` \[Array\<String\>\] (optional): The version requirements for the
|
65
|
-
unaffected versions of the Ruby library.
|
66
|
-
* `patched_versions` \[Array\<String\>\]: The version requirements for the
|
67
|
-
patched versions of the Ruby library.
|
68
|
-
|
69
|
-
## Credits
|
70
|
-
|
71
|
-
Please see [CONTRIBUTORS.md].
|
72
|
-
|
73
|
-
This database also includes data from the [Open Source Vulnerability Database][OSVDB]
|
74
|
-
developed by the Open Security Foundation (OSF) and its contributors.
|
75
|
-
|
76
|
-
[rubygems.org]: https://rubygems.org/
|
77
|
-
[CVE]: http://cve.mitre.org/
|
78
|
-
[OSVDB]: http://www.osvdb.org/
|
79
|
-
[CVSSv2]: http://www.first.org/cvss/cvss-guide.html
|
80
|
-
[OSVDB]: http://www.osvdb.org/
|
81
|
-
[YAML]: http://www.yaml.org/
|
82
|
-
[CONTRIBUTORS.md]: https://github.com/rubysec/ruby-advisory-db/blob/master/CONTRIBUTORS.md
|