bundler-budit 0.6.1 → 0.6.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/ChangeLog.md +5 -0
  3. data/gemspec.yml +1 -1
  4. data/lib/bundler/audit/presenter/junit.rb +21 -10
  5. data/lib/bundler/audit/version.rb +1 -1
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: eb360629c11f8be23e8f9efab74c4ac46c6a38f540df031cb9d71fa75a0a8338
4
- data.tar.gz: 2386f5c6bee41b77dc8a19fe576c1d97aeccff1d37564aa34e6d027b7212a12a
3
+ metadata.gz: aa9aa0247da0f2e96f96371694e74f8e55b2efccd53fb5f823a43acdfa1a281c
4
+ data.tar.gz: 36fc8dd9edf8d7e154b7e18efffc55a43aaef9709022e35e34f889cf111a2406
5
5
  SHA512:
6
- metadata.gz: c7afa3fd77349448d522324ddbab01696d6f382f2a551700770eb5644dd5a21922a8db61efac450ff488f2ba01167c376bcf6bb82c67dc025b8013b081f215cb
7
- data.tar.gz: 2a1861086c014c2fda0e603ff2b3fa5940cda3e303b56f70006a0c1c69f7cd428accaaa92032070d3e38cbef142bf360de010b1599b0cd83a69e3f915627b1fb
6
+ metadata.gz: ee853ff6a4864510a5cbda79a77752719fcf548966dfd114b2a0fcf8b349fa6f162a6f02d9307938d365d1bb6f534f2e4781e8e1ea0fcad71e2fad0a8ce39203
7
+ data.tar.gz: 2ffa8cec6e24e49d1525e2ab83b5eae9d6d80ccffc6729388e88dc547a5b858c1a3b25add0fae7edd6141f5032d216bb30497c859362aae1e6c80798f2673a6e
data/ChangeLog.md CHANGED
@@ -1,3 +1,8 @@
1
+ ### 0.6.2 / 2019-04-09
2
+
3
+ * Add: `--format=default|plain|junit`
4
+ * Fix: Escape XML output for junit formatter
5
+
1
6
  ### 0.6.1 / 2019-01-17
2
7
 
3
8
  * Require bundler `>= 1.2.0, < 3` to support [bundler] 2.0.
data/gemspec.yml CHANGED
@@ -2,7 +2,7 @@ name: bundler-budit
2
2
  summary: Patch-level verification for Bundler
3
3
  description: bundler-budit is a fork of bundler-audit, which provides patch-level verification for Bundled apps.
4
4
  license: GPL-3.0+
5
- authors: Postmodern, Salzig
5
+ authors: Postmodern, Salzig, Gnomus
6
6
  email: salzig@gmail.com
7
7
  homepage: https://github.com/salzig/bundler-audit#readme
8
8
 
data/lib/bundler/audit/presenter/junit.rb CHANGED
@@ -12,9 +12,9 @@ module Bundler
12
12
 
13
13
  def advisory_ref(advisory)
14
14
  if advisory.cve
15
- "CVE-#{advisory.cve}"
15
+ xml_escape "CVE-#{advisory.cve}"
16
16
  elsif advisory.osvdb
17
- advisory.osvdb
17
+ xml_escape advisory.osvdb
18
18
  end
19
19
  end
20
20
 
@@ -29,14 +29,25 @@ module Bundler
29
29
 
30
30
  def advisory_solution(advisory)
31
31
  unless advisory.patched_versions.empty?
32
- "upgrade to #{advisory.patched_versions.join(', ')}"
32
+ xml_escape "upgrade to #{advisory.patched_versions.join(', ')}"
33
33
  else
34
34
  "remove or disable this gem until a patch is available!"
35
35
  end
36
36
  end
37
37
 
38
38
  def bundle_title(bundle)
39
- "#{advisory_criticality(bundle.advisory).upcase} #{bundle.gem.name}(#{bundle.gem.version}) #{bundle.advisory.title}"
39
+ xml_escape "#{advisory_criticality(bundle.advisory).upcase} #{bundle.gem.name}(#{bundle.gem.version}) #{bundle.advisory.title}"
40
+ end
41
+
42
+ def xml_escape(string)
43
+ string.gsub(
44
+ /[<>"'&]/,
45
+ '<' => '&lt;',
46
+ '>' => '&gt;',
47
+ '"' => '&quot;',
48
+ '\'' => '&apos;',
49
+ '&' => '&amp;',
50
+ )
40
51
  end
41
52
 
42
53
  def template_string
@@ -45,14 +56,14 @@ module Bundler
45
56
  <testsuites id="<%= Time.now.to_i %>" name="Bundle Audit" tests="225" failures="1262">
46
57
  <testsuite id="Gemfile" name="Ruby Gemfile" failures="<%= @advisory_bundles.size %>">
47
58
  <%- @advisory_bundles.each do |bundle| -%>
48
- <testcase id="<%= bundle.gem.name %>" name="<%= bundle_title(bundle) %>">
49
- <failure message="<%= bundle.advisory.title %>" type="<%= bundle.advisory.criticality %>">
50
- Name: <%= bundle.gem.name %>
51
- Version: <%= bundle.gem.version %>
59
+ <testcase id="<%= xml_escape(bundle.gem.name) %>" name="<%= bundle_title(bundle) %>">
60
+ <failure message="<%= xml_escape(bundle.advisory.title) %>" type="<%= xml_escape(bundle.advisory.criticality) %>">
61
+ Name: <%= xml_escape(bundle.gem.name) %>
62
+ Version: <%= xml_escape(bundle.gem.version) %>
52
63
  Advisory: <%= advisory_ref(bundle.advisory) %>
53
64
  Criticality: <%= advisory_criticality(bundle.advisory) %>
54
- URL: <%= bundle.advisory.url %>
55
- Title: <%= bundle.advisory.title %>
65
+ URL: <%= xml_escape(bundle.advisory.url) %>
66
+ Title: <%= xml_escape(bundle.advisory.title) %>
56
67
  Solution: <%= advisory_solution(bundle.advisory) %>
57
68
  </failure>
58
69
  </testcase>
data/lib/bundler/audit/version.rb CHANGED
@@ -18,6 +18,6 @@
18
18
  module Bundler
19
19
  module Audit
20
20
  # bundler-audit version
21
- VERSION = '0.6.1'
21
+ VERSION = '0.6.2'
22
22
  end
23
23
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler-budit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 0.6.2
5
5
  platform: ruby
6
6
  authors:
7
- - Postmodern, Salzig
7
+ - Postmodern, Salzig, Gnomus
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-03 00:00:00.000000000 Z
11
+ date: 2019-04-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -553,7 +553,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
553
553
  - !ruby/object:Gem::Version
554
554
  version: 1.8.0
555
555
  requirements: []
556
- rubygems_version: 3.0.1
556
+ rubygems_version: 3.0.3
557
557
  signing_key:
558
558
  specification_version: 4
559
559
  summary: Patch-level verification for Bundler