RubyGems - bundler-audit - Versions diffs - 0.6.1 → 0.9.0.1 - Mend

bundler-audit 0.6.1 → 0.9.0.1

Files changed (436) hide show

data/data/ruby-advisory-db/rubies/ruby/OSVDB-93414.yml DELETED Viewed

@@ -1,19 +0,0 @@
----
-engine: ruby
-cve: 2013-2065
-osvdb: 93414
-url: http://www.osvdb.org/show/osvdb/93414
-title: |
-  Ruby Multiple Module Object $SAFE Level Verification System Call Tainted
-  String Injection
-date: 2013-05-14
-description: |
-  Ruby contains a flaw that is triggered when the Fiddle and DL modules fail to
-  properly verify the $SAFE level when handling certain objects. This may allow
-  a remote attacker to inject tainted strings into a system call.
-cvss_v2: 6.4
-unaffected_versions:
-  - ~> 1.8.0
-patched_versions:
-  - ~> 1.9.3.426
-  - ">= 2.0.0.195"

data/data/ruby-advisory-db/rubies/ruby/OSVDB-94628.yml DELETED Viewed

@@ -1,21 +0,0 @@
----
-engine: ruby
-cve: 2013-4073
-osvdb: 94628
-url: http://www.osvdb.org/show/osvdb/94628
-title: Ruby SSL Client OpenSSL::SSL.verify_certificate_identity X.509 Certificate
-  subjectAltName Field NULL Byte Handling MitM Spoofing Weakness
-date: 2013-06-27
-description: |
-  Ruby SSL Client contains a flaw related to certificate validation in
-  OpenSSL::SSL.verify_certificate_identity. The issue is due to the program not properly
-  handling the subjectAltName field of the X.509 certificate when it contains NULL
-  bytes. This may allow an attacker with access to network traffic (e.g. MiTM, DNS
-  cache poisoning) to spoof the SSL server via an arbitrary certificate that appears
-  valid. Such an attack would allow for the interception of sensitive traffic, and
-  potentially allow for the injection of content into the SSL stream.
-cvss_v2: 6.8
-patched_versions:
-  - ~> 1.8.7.373
-  - ~> 1.9.3.447
-  - ">= 2.0.0.246"

data/data/ruby-advisory-db/scripts/post-advisories.sh DELETED Viewed

@@ -1,18 +0,0 @@
-#!/bin/bash
-set -o errexit -o nounset
-REPO="https://${GH_TOKEN}@github.com/rubysec/rubysec.github.io.git"
-DIR="_site"
-git clone $REPO $DIR
-cd $DIR
-git config user.name "RubySec CI"
-git config user.email "ci@rubysec.com"
-bundle install --jobs=3 --retry=3
-bundle exec rake advisories
-git push -q

data/data/ruby-advisory-db/spec/advisory_example.rb DELETED Viewed

@@ -1,202 +0,0 @@
-load File.join(File.dirname(__FILE__), 'spec_helper.rb')
-require 'yaml'
-shared_examples_for 'Advisory' do |path|
-  advisory = YAML.load_file(path)
-  describe path do
-    let(:filename) { File.basename(path).chomp('.yml') }
-    let(:filename_cve) do
-      if filename.start_with?('CVE-')
-        filename.gsub('CVE-','')
-      end
-    end
-    let(:filename_osvdb) do
-      if filename.start_with?('OSVDB-')
-        filename.gsub('OSVDB-','')
-      end
-    end
-    it "should be correctly named CVE-XXX or OSVDB-XXX" do
-      expect(filename).to match(/^(CVE-\d{4}-(0\d{3}|[1-9]\d{3,})|OSVDB-\d+)$/)
-    end
-    it "should have CVE or OSVDB" do
-      expect(advisory['cve'] || advisory['osvdb']).not_to be_nil
-    end
-    describe "framework" do
-      subject { advisory['framework'] }
-      it "may be nil or a String" do
-        expect(subject).to be_kind_of(String).or(be_nil)
-      end
-    end
-    describe "platform" do
-      subject { advisory['platform'] }
-      it "may be nil or a String" do
-        expect(subject).to be_kind_of(String).or(be_nil)
-      end
-    end
-    describe "cve" do
-      subject { advisory['cve'] }
-      it "may be nil or a String" do
-        expect(subject).to be_kind_of(String).or(be_nil)
-      end
-      it "should be id in filename if filename is CVE-XXX" do
-        if filename_cve
-          is_expected.to eq(filename_cve)
-        end
-      end
-    end
-    describe "osvdb" do
-      subject { advisory['osvdb'] }
-      it "may be nil or a Integer" do
-        expect(subject).to be_kind_of(Integer).or(be_nil)
-      end
-       it "should be id in filename if filename is OSVDB-XXX" do
-        if filename_osvdb
-          is_expected.to eq(filename_osvdb.to_i)
-        end
-      end
-    end
-    describe "url" do
-      subject { advisory['url'] }
-      it { is_expected.to be_kind_of(String) }
-      it { is_expected.not_to be_empty }
-    end
-    describe "title" do
-      subject { advisory['title'] }
-      it { is_expected.to be_kind_of(String) }
-      it { is_expected.not_to be_empty }
-    end
-    describe "date" do
-      subject { advisory['date'] }
-      it { is_expected.to be_kind_of(Date) }
-    end
-    describe "description" do
-      subject { advisory['description'] }
-      it { is_expected.to be_kind_of(String) }
-      it { is_expected.not_to be_empty }
-    end
-    describe "cvss_v2" do
-      subject { advisory['cvss_v2'] }
-      it "may be nil or a Float" do
-        expect(subject).to be_kind_of(Float).or(be_nil)
-      end
-      case advisory['cvss_v2']
-      when Float
-        context "when a Float" do
-          it { expect((0.0)..(10.0)).to include(subject) }
-        end
-      end
-    end
-    describe "cvss_v3" do
-      subject { advisory['cvss_v3'] }
-      it "may be nil or a Float" do
-        expect(subject).to be_kind_of(Float).or(be_nil)
-      end
-      case advisory['cvss_v3']
-      when Float
-        context "when a Float" do
-          it { expect((0.0)..(10.0)).to include(subject) }
-        end
-      end
-    end
-    describe "patched_versions" do
-      subject { advisory['patched_versions'] }
-      it "may be nil or an Array" do
-        expect(subject).to be_kind_of(Array).or(be_nil)
-      end
-      describe "each patched version" do
-        if advisory['patched_versions']
-          advisory['patched_versions'].each do |version|
-            describe version do
-              subject { version.split(', ') }
-              it "should contain valid RubyGem version requirements" do
-                expect {
-                Gem::Requirement.new(*subject)
-                }.not_to raise_error
-              end
-            end
-          end
-        end
-      end
-    end
-    describe "unaffected_versions" do
-      subject { advisory['unaffected_versions'] }
-      it "may be nil or an Array" do
-        expect(subject).to be_kind_of(Array).or(be_nil)
-      end
-      case advisory['unaffected_versions']
-      when Array
-        advisory['unaffected_versions'].each do |version|
-          describe version do
-            subject { version.split(', ') }
-            it "should contain valid RubyGem version requirements" do
-              expect {
-                Gem::Requirement.new(*subject)
-              }.not_to raise_error
-            end
-          end
-        end
-      end
-    end
-    describe "related" do
-      subject { advisory['related'] }
-      it "may be nil or a Hash" do
-        expect(subject).to be_kind_of(Hash).or(be_nil)
-      end
-      case advisory["related"]
-      when Hash
-        advisory["related"].each_pair do |name, values|
-          describe name do
-            it "should be either a cve, an osvdb or a url" do
-              expect(["cve", "osvdb", "url"]).to include(name)
-            end
-            it "should always contain an array" do
-              expect(values).to be_kind_of(Array)
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/data/ruby-advisory-db/spec/gem_example.rb DELETED Viewed

@@ -1,22 +0,0 @@
-load File.join(File.dirname(__FILE__), 'spec_helper.rb')
-require 'advisory_example'
-shared_examples_for "Gem Advisory" do |path|
-  include_examples 'Advisory', path
-  advisory = YAML.load_file(path)
-  describe path do
-    let(:gem) { File.basename(File.dirname(path)) }
-    describe "gem" do
-      subject { advisory['gem'] }
-      it { is_expected.to be_kind_of(String) }
-      it "should be equal to filename (case-insensitive)" do
-        expect(subject.downcase).to eq(gem.downcase)
-      end
-    end
-  end
-end

data/data/ruby-advisory-db/spec/gems_spec.rb DELETED Viewed

@@ -1,23 +0,0 @@
-load File.join(File.dirname(__FILE__), 'spec_helper.rb')
-require 'gem_example'
-require 'library_example'
-require 'ruby_example'
-describe "gems" do
-  Dir.glob(File.join(File.dirname(__FILE__), '../gems/*/*.yml')) do |path|
-    include_examples 'Gem Advisory', path
-  end
-end
-describe "libraries" do
-  Dir.glob(File.join(File.dirname(__FILE__), '../libraries/*/*.yml')) do |path|
-    include_examples 'Libraries Advisory', path
-  end
-end
-describe "rubies" do
-  Dir.glob(File.join(File.dirname(__FILE__), '../rubies/*/*.yml')) do |path|
-    include_examples 'Rubies Advisory', path
-  end
-end

data/data/ruby-advisory-db/spec/library_example.rb DELETED Viewed

@@ -1,21 +0,0 @@
-load File.join(File.dirname(__FILE__), 'spec_helper.rb')
-require 'advisory_example'
-shared_examples_for "Libraries Advisory" do |path|
-  include_examples 'Advisory', path
-  advisory = YAML.load_file(path)
-  describe path do
-    let(:library) { File.basename(File.dirname(path)) }
-    describe "library" do
-      subject { advisory['library'] }
-      it { is_expected.to be_kind_of(String) }
-      it "should be equal to filename (case-insensitive)" do
-        expect(subject.downcase).to eq(library.downcase)
-      end
-    end
-  end
-end

data/data/ruby-advisory-db/spec/ruby_example.rb DELETED Viewed

@@ -1,23 +0,0 @@
-load File.join(File.dirname(__FILE__), 'spec_helper.rb')
-require 'advisory_example'
-shared_examples_for "Rubies Advisory" do |path|
-  include_examples 'Advisory', path
-  advisory = YAML.load_file(path)
-  describe path do
-    let(:engine) { File.basename(File.dirname(path)) }
-    describe "engine" do
-      subject { advisory['engine'] }
-      it { is_expected.to be_kind_of(String) }
-      it "should be equal to filename (case-insensitive)" do
-        expect(subject.downcase).to eq(engine.downcase)
-      end
-    end
-  end
-end

data/data/ruby-advisory-db/spec/spec_helper.rb DELETED Viewed

	@@ -1 +0,0 @@
1	- require 'rspec'

data/data/ruby-advisory-db.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- 2017-06-13 16:51:56 UTC