bundler-integrity 1.0.3 → 1.0.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/bin/bundler-integrity +30 -23
  3. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '019090072dfac7899d403567ec089ba8ec504dd3ec0fac5ef01ffdfbeb5e6eb7'
4
- data.tar.gz: bead107d26fd0fc5727441749da93f4621e46a5c1276dd9b44c40a423ca9cf2c
3
+ metadata.gz: 4fd843d6b07239f0bae53bd215e4ab4e746d7431a6e91a7b980f60a11a98a973
4
+ data.tar.gz: 3526ff1ff2f66ca1706c5fe1cff1e36f2d8dc8c625f329b173946681d00b986d
5
5
  SHA512:
6
- metadata.gz: aeceda2a6eeec85cd72258face6fd9e7a0de6b02adda21307d9520b5e487a9d9e236536f64ca4b26699906c061241c75a00031d5bd28f62eea32c2592cce6c92
7
- data.tar.gz: cdabb6f3a146577ce0968d311e465ec87191a2f08b18b0a5e9878cca980a2a650c3a2cb849c043f9d9432b04729e9e60d06f124b0f22a8c1f0b3bac3381fcdb7
6
+ metadata.gz: d5c31e164a25119cd9cab0221b24289854b5b4ade69cbe52872745b2dc0e30c6f3806ac205102ed2ffdb35b6701f2326649d1c4f91f2e327b4253687234b9c69
7
+ data.tar.gz: '09672e79a915eb5c6008dd69d26000954ba4fe8c62c70a8289cc3a7bdc6ed9ce4ff1916c6749a6c25a53a143b5257d98062742dfb387751f5abab20a8c0ede11'
data/bin/bundler-integrity CHANGED
@@ -10,6 +10,10 @@ require 'json'
10
10
  require 'open-uri'
11
11
  require 'digest/sha2'
12
12
 
13
+ # This will only print gem files full names and their expected checksums WITHOUT validating
14
+ # Useful to export and run search and comparison in prod, etc
15
+ PRINT_EXPORT = (ARGV[0] == 'export')
16
+
13
17
  # Packages cache paths candidates (we will check all)
14
18
  CACHE_DIRS = [
15
19
  Bundler::RubygemsIntegration.new.gem_cache,
@@ -23,7 +27,6 @@ deps = ::Bundler::Definition
23
27
  .build(Bundler.default_gemfile, Bundler.default_lockfile, nil)
24
28
  .tap(&:validate_runtime!)
25
29
 
26
-
27
30
  deps.specs.each do |spec|
28
31
  # Ignore git based, etc
29
32
  next unless spec.source.is_a?(Bundler::Source::Rubygems)
@@ -50,35 +53,39 @@ deps.specs.each do |spec|
50
53
 
51
54
  version || raise("#{full_name} not found in the RubyGems API response")
52
55
 
53
- candidates = CACHE_DIRS
54
- .map { |dir| File.join(dir, full_name) }
55
- .select { |path| File.exist?(path) }
56
+ if PRINT_EXPORT
57
+ puts "#{version.fetch('sha')} #{full_name}"
58
+ else
59
+ candidates = CACHE_DIRS
60
+ .map { |dir| File.join(dir, full_name) }
61
+ .select { |path| File.exist?(path) }
56
62
 
57
- if candidates.empty?
58
- puts "\033[0;33m[WARN]\033[0m #{full_name} was not found in cache locations, maybe it is a stdlib gem?"
59
- next
60
- end
63
+ if candidates.empty?
64
+ puts "\033[0;33m[WARN]\033[0m #{full_name} was not found in cache locations, maybe it is a stdlib gem?"
65
+ next
66
+ end
61
67
 
62
- candidates.each do |full_path|
63
- sha = Digest::SHA2.new
68
+ candidates.each do |full_path|
69
+ sha = Digest::SHA2.new
64
70
 
65
- File.open(full_path) do |f|
66
- while chunk = f.read(256)
67
- sha << chunk
71
+ File.open(full_path) do |f|
72
+ while chunk = f.read(256)
73
+ sha << chunk
74
+ end
68
75
  end
69
- end
70
76
 
71
77
 
72
- if version.fetch('sha') == sha.hexdigest
73
- puts "\033[0;32m[OK]\033[0m #{full_path}"
74
- else
75
- puts "\033[0;31m[FAILURE]\033[0m"
76
- puts "Checksum verification for #{full_path} failed!"
78
+ if version.fetch('sha') == sha.hexdigest
79
+ puts "\033[0;32m[OK]\033[0m #{full_path}"
80
+ else
81
+ puts "\033[0;31m[FAILURE]\033[0m"
82
+ puts "Checksum verification for #{full_path} failed!"
77
83
 
78
- exit 1
84
+ exit 1
85
+ end
79
86
  end
87
+
88
+ puts "\033[0;32m[OK]\033[0m Congratulations, you're safe and sound!"
89
+ puts "\033[0;32m[OK]\033[0m Maciej Mensfeld and the WhiteSource team wishes you a good day!"
80
90
  end
81
91
  end
82
-
83
- puts "\033[0;32m[OK]\033[0m Congratulations, you're safe and sound!"
84
- puts "\033[0;32m[OK]\033[0m Maciej Mensfeld and the WhiteSource team wishes you a good day!"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler-integrity
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ version: 1.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Maciej Mensfeld
@@ -10,8 +10,9 @@ bindir: bin
10
10
  cert_chain: []
11
11
  date: 2022-05-11 00:00:00.000000000 Z
12
12
  dependencies: []
13
- description: Gem to verify integrity of packages installed via Bundler. Add it to
14
- your Gemfile and run bundle exec bundler-integrity
13
+ description: "Gem to verify integrity of packages installed via Bundler.\n\n It allows
14
+ to detect packages that were tampered with or replaced via cache poison or replaced.\n\n
15
+ \ Add it to your Gemfile and run bundle exec bundler-integrity.\n\n "
15
16
  email:
16
17
  - maciej@mensfeld.pl
17
18
  executables:
@@ -24,7 +25,7 @@ homepage: https://whitesourcesoftware.com
24
25
  licenses:
25
26
  - MIT
26
27
  metadata:
27
- source_code_uri: https://github.com/diffend/bundler-integrity
28
+ source_code_uri: https://github.com/diffend-io/bundler-integrity
28
29
  rubygems_mfa_required: 'true'
29
30
  post_install_message:
30
31
  rdoc_options: []