bundler-budit 0.6.1 → 0.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ChangeLog.md +5 -0
- data/gemspec.yml +1 -1
- data/lib/bundler/audit/presenter/junit.rb +21 -10
- data/lib/bundler/audit/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: aa9aa0247da0f2e96f96371694e74f8e55b2efccd53fb5f823a43acdfa1a281c
|
4
|
+
data.tar.gz: 36fc8dd9edf8d7e154b7e18efffc55a43aaef9709022e35e34f889cf111a2406
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ee853ff6a4864510a5cbda79a77752719fcf548966dfd114b2a0fcf8b349fa6f162a6f02d9307938d365d1bb6f534f2e4781e8e1ea0fcad71e2fad0a8ce39203
|
7
|
+
data.tar.gz: 2ffa8cec6e24e49d1525e2ab83b5eae9d6d80ccffc6729388e88dc547a5b858c1a3b25add0fae7edd6141f5032d216bb30497c859362aae1e6c80798f2673a6e
|
data/ChangeLog.md
CHANGED
data/gemspec.yml
CHANGED
@@ -2,7 +2,7 @@ name: bundler-budit
|
|
2
2
|
summary: Patch-level verification for Bundler
|
3
3
|
description: bundler-budit is a fork of bundler-audit, which provides patch-level verification for Bundled apps.
|
4
4
|
license: GPL-3.0+
|
5
|
-
authors: Postmodern, Salzig
|
5
|
+
authors: Postmodern, Salzig, Gnomus
|
6
6
|
email: salzig@gmail.com
|
7
7
|
homepage: https://github.com/salzig/bundler-audit#readme
|
8
8
|
|
@@ -12,9 +12,9 @@ module Bundler
|
|
12
12
|
|
13
13
|
def advisory_ref(advisory)
|
14
14
|
if advisory.cve
|
15
|
-
"CVE-#{advisory.cve}"
|
15
|
+
xml_escape "CVE-#{advisory.cve}"
|
16
16
|
elsif advisory.osvdb
|
17
|
-
advisory.osvdb
|
17
|
+
xml_escape advisory.osvdb
|
18
18
|
end
|
19
19
|
end
|
20
20
|
|
@@ -29,14 +29,25 @@ module Bundler
|
|
29
29
|
|
30
30
|
def advisory_solution(advisory)
|
31
31
|
unless advisory.patched_versions.empty?
|
32
|
-
"upgrade to #{advisory.patched_versions.join(', ')}"
|
32
|
+
xml_escape "upgrade to #{advisory.patched_versions.join(', ')}"
|
33
33
|
else
|
34
34
|
"remove or disable this gem until a patch is available!"
|
35
35
|
end
|
36
36
|
end
|
37
37
|
|
38
38
|
def bundle_title(bundle)
|
39
|
-
"#{advisory_criticality(bundle.advisory).upcase} #{bundle.gem.name}(#{bundle.gem.version}) #{bundle.advisory.title}"
|
39
|
+
xml_escape "#{advisory_criticality(bundle.advisory).upcase} #{bundle.gem.name}(#{bundle.gem.version}) #{bundle.advisory.title}"
|
40
|
+
end
|
41
|
+
|
42
|
+
def xml_escape(string)
|
43
|
+
string.gsub(
|
44
|
+
/[<>"'&]/,
|
45
|
+
'<' => '<',
|
46
|
+
'>' => '>',
|
47
|
+
'"' => '"',
|
48
|
+
'\'' => ''',
|
49
|
+
'&' => '&',
|
50
|
+
)
|
40
51
|
end
|
41
52
|
|
42
53
|
def template_string
|
@@ -45,14 +56,14 @@ module Bundler
|
|
45
56
|
<testsuites id="<%= Time.now.to_i %>" name="Bundle Audit" tests="225" failures="1262">
|
46
57
|
<testsuite id="Gemfile" name="Ruby Gemfile" failures="<%= @advisory_bundles.size %>">
|
47
58
|
<%- @advisory_bundles.each do |bundle| -%>
|
48
|
-
<testcase id="<%= bundle.gem.name %>" name="<%= bundle_title(bundle) %>">
|
49
|
-
<failure message="<%= bundle.advisory.title %>" type="<%= bundle.advisory.criticality %>">
|
50
|
-
Name: <%= bundle.gem.name %>
|
51
|
-
Version: <%= bundle.gem.version %>
|
59
|
+
<testcase id="<%= xml_escape(bundle.gem.name) %>" name="<%= bundle_title(bundle) %>">
|
60
|
+
<failure message="<%= xml_escape(bundle.advisory.title) %>" type="<%= xml_escape(bundle.advisory.criticality) %>">
|
61
|
+
Name: <%= xml_escape(bundle.gem.name) %>
|
62
|
+
Version: <%= xml_escape(bundle.gem.version) %>
|
52
63
|
Advisory: <%= advisory_ref(bundle.advisory) %>
|
53
64
|
Criticality: <%= advisory_criticality(bundle.advisory) %>
|
54
|
-
URL: <%= bundle.advisory.url %>
|
55
|
-
Title: <%= bundle.advisory.title %>
|
65
|
+
URL: <%= xml_escape(bundle.advisory.url) %>
|
66
|
+
Title: <%= xml_escape(bundle.advisory.title) %>
|
56
67
|
Solution: <%= advisory_solution(bundle.advisory) %>
|
57
68
|
</failure>
|
58
69
|
</testcase>
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler-budit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
- Postmodern, Salzig
|
7
|
+
- Postmodern, Salzig, Gnomus
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-04-
|
11
|
+
date: 2019-04-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -553,7 +553,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
553
553
|
- !ruby/object:Gem::Version
|
554
554
|
version: 1.8.0
|
555
555
|
requirements: []
|
556
|
-
rubygems_version: 3.0.
|
556
|
+
rubygems_version: 3.0.3
|
557
557
|
signing_key:
|
558
558
|
specification_version: 4
|
559
559
|
summary: Patch-level verification for Bundler
|