bundler-integrity 1.0.6 → 1.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/bundler-integrity +18 -7
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 836849df2fe80a5ccd42eba6681d4afd49dbff2eefa401638b0c024f8edb76e2
|
|
4
|
+
data.tar.gz: c77e5afe962de2edbee1d27bfe065ef9b227647fc5ca31b58dd988118ce3d475
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4e6c5c4b0e723a0077da13f61f8f34922ec4bb7350e47f7138fd2f0a76a7fac76724b2f3393cd6b6c15eecc7db5e7968abf95aaac8a7523ae20de7c2dd9ca3bc
|
|
7
|
+
data.tar.gz: 005bb51cefb32508dc56ccd9a1c94b5d51cacf5b9375ec12b4971fdd056ccb90aa454375b2773c2c27d36b5fe5404bb098b2fa851c925c5798b1670aa71031f9
|
data/bin/bundler-integrity
CHANGED
|
@@ -39,10 +39,16 @@ deps.specs.each do |spec|
|
|
|
39
39
|
"#{spec.name}-#{spec.version}-#{spec.platform}.gem"
|
|
40
40
|
end
|
|
41
41
|
|
|
42
|
-
details =
|
|
42
|
+
details = ''
|
|
43
|
+
|
|
44
|
+
begin
|
|
45
|
+
details = URI.parse("https://rubygems.org/#{intel_path}").read
|
|
46
|
+
rescue OpenURI::HTTPError => e
|
|
47
|
+
raise e unless e.message.include?('404')
|
|
48
|
+
end
|
|
43
49
|
|
|
44
50
|
if details.empty?
|
|
45
|
-
puts "\033[0;33m[WARN]\033[0m #{full_name} was not found in RubyGems. Maybe external source?"
|
|
51
|
+
puts "\033[0;33m[WARN]\033[0m #{full_name} was not found in RubyGems. Maybe external source or private gem?"
|
|
46
52
|
next
|
|
47
53
|
end
|
|
48
54
|
|
|
@@ -51,7 +57,10 @@ deps.specs.each do |spec|
|
|
|
51
57
|
version.fetch('platform') == spec.platform.to_s
|
|
52
58
|
end
|
|
53
59
|
|
|
54
|
-
version
|
|
60
|
+
unless version
|
|
61
|
+
puts "\033[0;33m[WARN]\033[0m #{full_name} version not found in the RubyGems. Maybe yanked or private with a RubyGems placeholder?"
|
|
62
|
+
next
|
|
63
|
+
end
|
|
55
64
|
|
|
56
65
|
if PRINT_EXPORT
|
|
57
66
|
puts "#{version.fetch('sha')} #{full_name}"
|
|
@@ -61,7 +70,7 @@ deps.specs.each do |spec|
|
|
|
61
70
|
.select { |path| File.exist?(path) }
|
|
62
71
|
|
|
63
72
|
if candidates.empty?
|
|
64
|
-
puts "\033[0;33m[WARN]\033[0m #{full_name} was not found in cache locations
|
|
73
|
+
puts "\033[0;33m[WARN]\033[0m #{full_name} was not found in cache locations. Maybe it is a stdlib gem?"
|
|
65
74
|
next
|
|
66
75
|
end
|
|
67
76
|
|
|
@@ -84,8 +93,10 @@ deps.specs.each do |spec|
|
|
|
84
93
|
exit 1
|
|
85
94
|
end
|
|
86
95
|
end
|
|
87
|
-
|
|
88
|
-
puts "\033[0;32m[OK]\033[0m Congratulations, you're safe and sound!"
|
|
89
|
-
puts "\033[0;32m[OK]\033[0m Maciej Mensfeld and the WhiteSource team wishes you a good day!"
|
|
90
96
|
end
|
|
91
97
|
end
|
|
98
|
+
|
|
99
|
+
unless PRINT_EXPORT
|
|
100
|
+
puts "\033[0;32m[OK]\033[0m Congratulations, you're safe and sound!"
|
|
101
|
+
puts "\033[0;32m[OK]\033[0m Maciej Mensfeld and the WhiteSource team wishes you a good day!"
|
|
102
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bundler-integrity
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Maciej Mensfeld
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-05-
|
|
11
|
+
date: 2022-05-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: "Gem to verify integrity of packages installed via Bundler.\n\n It allows
|
|
14
14
|
to detect packages that were tampered with or replaced via cache poison or replaced.\n\n
|