bundler-budit 0.6.1 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ChangeLog.md +5 -0
- data/gemspec.yml +1 -1
- data/lib/bundler/audit/presenter/junit.rb +21 -10
- data/lib/bundler/audit/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aa9aa0247da0f2e96f96371694e74f8e55b2efccd53fb5f823a43acdfa1a281c
|
|
4
|
+
data.tar.gz: 36fc8dd9edf8d7e154b7e18efffc55a43aaef9709022e35e34f889cf111a2406
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ee853ff6a4864510a5cbda79a77752719fcf548966dfd114b2a0fcf8b349fa6f162a6f02d9307938d365d1bb6f534f2e4781e8e1ea0fcad71e2fad0a8ce39203
|
|
7
|
+
data.tar.gz: 2ffa8cec6e24e49d1525e2ab83b5eae9d6d80ccffc6729388e88dc547a5b858c1a3b25add0fae7edd6141f5032d216bb30497c859362aae1e6c80798f2673a6e
|
data/ChangeLog.md
CHANGED
data/gemspec.yml
CHANGED
|
@@ -2,7 +2,7 @@ name: bundler-budit
|
|
|
2
2
|
summary: Patch-level verification for Bundler
|
|
3
3
|
description: bundler-budit is a fork of bundler-audit, which provides patch-level verification for Bundled apps.
|
|
4
4
|
license: GPL-3.0+
|
|
5
|
-
authors: Postmodern, Salzig
|
|
5
|
+
authors: Postmodern, Salzig, Gnomus
|
|
6
6
|
email: salzig@gmail.com
|
|
7
7
|
homepage: https://github.com/salzig/bundler-audit#readme
|
|
8
8
|
|
|
@@ -12,9 +12,9 @@ module Bundler
|
|
|
12
12
|
|
|
13
13
|
def advisory_ref(advisory)
|
|
14
14
|
if advisory.cve
|
|
15
|
-
"CVE-#{advisory.cve}"
|
|
15
|
+
xml_escape "CVE-#{advisory.cve}"
|
|
16
16
|
elsif advisory.osvdb
|
|
17
|
-
advisory.osvdb
|
|
17
|
+
xml_escape advisory.osvdb
|
|
18
18
|
end
|
|
19
19
|
end
|
|
20
20
|
|
|
@@ -29,14 +29,25 @@ module Bundler
|
|
|
29
29
|
|
|
30
30
|
def advisory_solution(advisory)
|
|
31
31
|
unless advisory.patched_versions.empty?
|
|
32
|
-
"upgrade to #{advisory.patched_versions.join(', ')}"
|
|
32
|
+
xml_escape "upgrade to #{advisory.patched_versions.join(', ')}"
|
|
33
33
|
else
|
|
34
34
|
"remove or disable this gem until a patch is available!"
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def bundle_title(bundle)
|
|
39
|
-
"#{advisory_criticality(bundle.advisory).upcase} #{bundle.gem.name}(#{bundle.gem.version}) #{bundle.advisory.title}"
|
|
39
|
+
xml_escape "#{advisory_criticality(bundle.advisory).upcase} #{bundle.gem.name}(#{bundle.gem.version}) #{bundle.advisory.title}"
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def xml_escape(string)
|
|
43
|
+
string.gsub(
|
|
44
|
+
/[<>"'&]/,
|
|
45
|
+
'<' => '<',
|
|
46
|
+
'>' => '>',
|
|
47
|
+
'"' => '"',
|
|
48
|
+
'\'' => ''',
|
|
49
|
+
'&' => '&',
|
|
50
|
+
)
|
|
40
51
|
end
|
|
41
52
|
|
|
42
53
|
def template_string
|
|
@@ -45,14 +56,14 @@ module Bundler
|
|
|
45
56
|
<testsuites id="<%= Time.now.to_i %>" name="Bundle Audit" tests="225" failures="1262">
|
|
46
57
|
<testsuite id="Gemfile" name="Ruby Gemfile" failures="<%= @advisory_bundles.size %>">
|
|
47
58
|
<%- @advisory_bundles.each do |bundle| -%>
|
|
48
|
-
<testcase id="<%= bundle.gem.name %>" name="<%= bundle_title(bundle) %>">
|
|
49
|
-
<failure message="<%= bundle.advisory.title %>" type="<%= bundle.advisory.criticality %>">
|
|
50
|
-
Name: <%= bundle.gem.name %>
|
|
51
|
-
Version: <%= bundle.gem.version %>
|
|
59
|
+
<testcase id="<%= xml_escape(bundle.gem.name) %>" name="<%= bundle_title(bundle) %>">
|
|
60
|
+
<failure message="<%= xml_escape(bundle.advisory.title) %>" type="<%= xml_escape(bundle.advisory.criticality) %>">
|
|
61
|
+
Name: <%= xml_escape(bundle.gem.name) %>
|
|
62
|
+
Version: <%= xml_escape(bundle.gem.version) %>
|
|
52
63
|
Advisory: <%= advisory_ref(bundle.advisory) %>
|
|
53
64
|
Criticality: <%= advisory_criticality(bundle.advisory) %>
|
|
54
|
-
URL: <%= bundle.advisory.url %>
|
|
55
|
-
Title: <%= bundle.advisory.title %>
|
|
65
|
+
URL: <%= xml_escape(bundle.advisory.url) %>
|
|
66
|
+
Title: <%= xml_escape(bundle.advisory.title) %>
|
|
56
67
|
Solution: <%= advisory_solution(bundle.advisory) %>
|
|
57
68
|
</failure>
|
|
58
69
|
</testcase>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bundler-budit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
- Postmodern, Salzig
|
|
7
|
+
- Postmodern, Salzig, Gnomus
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-04-
|
|
11
|
+
date: 2019-04-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -553,7 +553,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
553
553
|
- !ruby/object:Gem::Version
|
|
554
554
|
version: 1.8.0
|
|
555
555
|
requirements: []
|
|
556
|
-
rubygems_version: 3.0.
|
|
556
|
+
rubygems_version: 3.0.3
|
|
557
557
|
signing_key:
|
|
558
558
|
specification_version: 4
|
|
559
559
|
summary: Patch-level verification for Bundler
|