bundler-integrity 1.0.4 → 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/bundler-integrity +31 -22
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e9c3c4edd9e29589bf29f4a078a73a8708f17b842a7b8ce98bf65a5b840373f6
|
|
4
|
+
data.tar.gz: 247137efb0cf16c6718ff673236332d33e7010305b77ca732b1cef265a1e8eb1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f10059dd3b50de3f70b61dfb9712111add7b5ce1f1f6745b0d67cf711ea509e713d52e04349e76091a02e24c19cf4deec75ac7d1642b064634ff1ab4bac65357
|
|
7
|
+
data.tar.gz: 3c9034b4905e3f7465acf76d58ef9667a044f90f08e1d05f75be93f3f22e4aeaf5a719ea977f8ac437ebdbce920e05251f03bdff07a7af09fe476cce84ac6d6a
|
data/bin/bundler-integrity
CHANGED
|
@@ -10,6 +10,10 @@ require 'json'
|
|
|
10
10
|
require 'open-uri'
|
|
11
11
|
require 'digest/sha2'
|
|
12
12
|
|
|
13
|
+
# This will only print gem files full names and their expected checksums WITHOUT validating
|
|
14
|
+
# Useful to export and run search and comparison in prod, etc
|
|
15
|
+
PRINT_EXPORT = (ARGV[0] == 'export')
|
|
16
|
+
|
|
13
17
|
# Packages cache paths candidates (we will check all)
|
|
14
18
|
CACHE_DIRS = [
|
|
15
19
|
Bundler::RubygemsIntegration.new.gem_cache,
|
|
@@ -23,7 +27,6 @@ deps = ::Bundler::Definition
|
|
|
23
27
|
.build(Bundler.default_gemfile, Bundler.default_lockfile, nil)
|
|
24
28
|
.tap(&:validate_runtime!)
|
|
25
29
|
|
|
26
|
-
|
|
27
30
|
deps.specs.each do |spec|
|
|
28
31
|
# Ignore git based, etc
|
|
29
32
|
next unless spec.source.is_a?(Bundler::Source::Rubygems)
|
|
@@ -50,35 +53,41 @@ deps.specs.each do |spec|
|
|
|
50
53
|
|
|
51
54
|
version || raise("#{full_name} not found in the RubyGems API response")
|
|
52
55
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
+
if PRINT_EXPORT
|
|
57
|
+
puts "#{version.fetch('sha')} #{full_name}"
|
|
58
|
+
else
|
|
59
|
+
candidates = CACHE_DIRS
|
|
60
|
+
.map { |dir| File.join(dir, full_name) }
|
|
61
|
+
.select { |path| File.exist?(path) }
|
|
56
62
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
63
|
+
if candidates.empty?
|
|
64
|
+
puts "\033[0;33m[WARN]\033[0m #{full_name} was not found in cache locations, maybe it is a stdlib gem?"
|
|
65
|
+
next
|
|
66
|
+
end
|
|
61
67
|
|
|
62
|
-
|
|
63
|
-
|
|
68
|
+
candidates.each do |full_path|
|
|
69
|
+
sha = Digest::SHA2.new
|
|
64
70
|
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
71
|
+
File.open(full_path) do |f|
|
|
72
|
+
while chunk = f.read(256)
|
|
73
|
+
sha << chunk
|
|
74
|
+
end
|
|
68
75
|
end
|
|
69
|
-
end
|
|
70
76
|
|
|
71
77
|
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
78
|
+
if version.fetch('sha') == sha.hexdigest
|
|
79
|
+
puts "\033[0;32m[OK]\033[0m #{full_path}"
|
|
80
|
+
else
|
|
81
|
+
puts "\033[0;31m[FAILURE]\033[0m"
|
|
82
|
+
puts "Checksum verification for #{full_path} failed!"
|
|
77
83
|
|
|
78
|
-
|
|
84
|
+
exit 1
|
|
85
|
+
end
|
|
79
86
|
end
|
|
80
87
|
end
|
|
81
88
|
end
|
|
82
89
|
|
|
83
|
-
|
|
84
|
-
puts "\033[0;32m[OK]\033[0m
|
|
90
|
+
unless PRINT_EXPORT
|
|
91
|
+
puts "\033[0;32m[OK]\033[0m Congratulations, you're safe and sound!"
|
|
92
|
+
puts "\033[0;32m[OK]\033[0m Maciej Mensfeld and the WhiteSource team wishes you a good day!"
|
|
93
|
+
end
|