bundler-integrity 1.0.2 → 1.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/bin/bundler-integrity +27 -20
  3. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 713f00a37d2a4a1412b2a078dc65d9cd7479da389006cd5fd386d7873fa278d2
4
- data.tar.gz: 5aba7a5ab8952a6f78242c79d66bf9146f541033a0366e62e65980be57670bbd
3
+ metadata.gz: 16d8e0af58189d54879cf2ba4ca00639ac922db9025988d5af42b287205be553
4
+ data.tar.gz: 2ec92dfd6fb119f30313358a615548165d2402056fbc811b758de972f5a71f06
5
5
  SHA512:
6
- metadata.gz: 6633eeb32a8a06647f6c72133463c657e66d9077d7ca4ecc204cf5531d9b47b03c27d4f353f65ee643c72a1352cd92b732cd8769fe4cdb736ef76b07d7646395
7
- data.tar.gz: e8a4525871f677f93257dafad4db1bf70291bf0b049660d77f757947a66595876daeffaa414a20db8acb53654fdd830d031b1d1fa16c0a901b44b35369ee5490
6
+ metadata.gz: dd97d3e8ed5998f6d69f679ab81b7ff0796fe380ba3fae7e09b55a545a6e940d2a5002b77e46f01117e905a28f9645cf769d52335891386de3c4dae87b2873a2
7
+ data.tar.gz: 0af0bdd19235f8f7a5aea46f15b582f06000bbe4c8f467de15570fd28e69e37237810f755516a2be4150bd70d747a5b5741c01a1df7806b908a9f3b68fa5dcd2
@@ -10,6 +10,10 @@ require 'json'
10
10
  require 'open-uri'
11
11
  require 'digest/sha2'
12
12
 
13
+ # This will only print gem files full names and their expected checksums WITHOUT validating
14
+ # Useful to export and run search and comparison in prod, etc
15
+ PRINT_EXPORT = (ARGV[0] == 'export')
16
+
13
17
  # Packages cache paths candidates (we will check all)
14
18
  CACHE_DIRS = [
15
19
  Bundler::RubygemsIntegration.new.gem_cache,
@@ -23,7 +27,6 @@ deps = ::Bundler::Definition
23
27
  .build(Bundler.default_gemfile, Bundler.default_lockfile, nil)
24
28
  .tap(&:validate_runtime!)
25
29
 
26
-
27
30
  deps.specs.each do |spec|
28
31
  # Ignore git based, etc
29
32
  next unless spec.source.is_a?(Bundler::Source::Rubygems)
@@ -50,32 +53,36 @@ deps.specs.each do |spec|
50
53
 
51
54
  version || raise("#{full_name} not found in the RubyGems API response")
52
55
 
53
- candidates = CACHE_DIRS
54
- .map { |dir| File.join(dir, full_name) }
55
- .select { |path| File.exist?(path) }
56
+ if PRINT_EXPORT
57
+ puts "#{version.fetch('sha')} #{full_name}"
58
+ else
59
+ candidates = CACHE_DIRS
60
+ .map { |dir| File.join(dir, full_name) }
61
+ .select { |path| File.exist?(path) }
56
62
 
57
- if candidates.empty?
58
- puts "\033[0;33m[WARN]\033[0m #{full_name} was not found in cache locations, maybe it is a stdlib gem?"
59
- next
60
- end
63
+ if candidates.empty?
64
+ puts "\033[0;33m[WARN]\033[0m #{full_name} was not found in cache locations, maybe it is a stdlib gem?"
65
+ next
66
+ end
61
67
 
62
- candidates.each do |full_path|
63
- sha = Digest::SHA2.new
68
+ candidates.each do |full_path|
69
+ sha = Digest::SHA2.new
64
70
 
65
- File.open(full_path) do |f|
66
- while chunk = f.read(256)
67
- sha << chunk
71
+ File.open(full_path) do |f|
72
+ while chunk = f.read(256)
73
+ sha << chunk
74
+ end
68
75
  end
69
- end
70
76
 
71
77
 
72
- if version.fetch('sha') == sha.hexdigest
73
- puts "\033[0;32m[OK]\033[0m #{full_path}"
74
- else
75
- puts "\033[0;31m[FAILURE]\033[0m"
76
- puts "Checksum verification for #{full_path} failed!"
78
+ if version.fetch('sha') == sha.hexdigest
79
+ puts "\033[0;32m[OK]\033[0m #{full_path}"
80
+ else
81
+ puts "\033[0;31m[FAILURE]\033[0m"
82
+ puts "Checksum verification for #{full_path} failed!"
77
83
 
78
- exit 1
84
+ exit 1
85
+ end
79
86
  end
80
87
  end
81
88
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler-integrity
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.2
4
+ version: 1.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Maciej Mensfeld
@@ -10,7 +10,9 @@ bindir: bin
10
10
  cert_chain: []
11
11
  date: 2022-05-11 00:00:00.000000000 Z
12
12
  dependencies: []
13
- description: Gem to verify integrity of packages installed via Bundler
13
+ description: "Gem to verify integrity of packages installed via Bundler.\n\n It allows
14
+ to detect packages that were tampered with or replaced via cache poison or replaced.\n\n
15
+ \ Add it to your Gemfile and run bundle exec bundler-integrity.\n\n "
14
16
  email:
15
17
  - maciej@mensfeld.pl
16
18
  executables:
@@ -23,7 +25,7 @@ homepage: https://whitesourcesoftware.com
23
25
  licenses:
24
26
  - MIT
25
27
  metadata:
26
- source_code_uri: https://github.com/diffend/bundler-integrity
28
+ source_code_uri: https://github.com/diffend-io/bundler-integrity
27
29
  rubygems_mfa_required: 'true'
28
30
  post_install_message:
29
31
  rdoc_options: []