bundler-organization_audit 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/bundler/organization_audit/repo.rb +12 -5
- data/lib/bundler/organization_audit/version.rb +1 -1
- metadata +10 -59
- data.tar.gz.sig +0 -1
- data/.gitignore +0 -1
- data/.travis.yml +0 -4
- data/Gemfile +0 -7
- data/Gemfile.lock +0 -40
- data/Rakefile +0 -6
- data/Readme.md +0 -92
- data/bundler-organization_audit.gemspec +0 -21
- data/gem-public_cert.pem +0 -20
- data/spec/bundler/organization_audit/repo_spec.rb +0 -64
- data/spec/bundler/organization_audit_spec.rb +0 -117
- data/spec/private.example.yml +0 -7
- data/spec/spec_helper.rb +0 -2
- metadata.gz.sig +0 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 1bbae92ba27efe58d7dcd0815e927cee9ee819af
|
4
|
+
data.tar.gz: 4d282857fa1e954191097cfe40643052c6353747
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 704c1cf251aa4dc836d8b1983a11c2ef11594d265fd396c661a8907511ec6af31ce732c542b2b8f8f06f9300875314743305a6791406f9a71761dccdc120f012
|
7
|
+
data.tar.gz: acd41b3091c673fae50ef1afb120021da6b33d20a3c2bab3df207df88a9e34e31346b74fe824256de175afc48f7a6d6d5b0afc9c0320c51f3d0b1910ba04594f
|
@@ -13,7 +13,11 @@ module Bundler
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def gem?
|
16
|
-
!!
|
16
|
+
!!gemspec_content
|
17
|
+
end
|
18
|
+
|
19
|
+
def gemspec_content
|
20
|
+
content("#{project}.gemspec")
|
17
21
|
end
|
18
22
|
|
19
23
|
def url
|
@@ -43,10 +47,13 @@ module Bundler
|
|
43
47
|
end
|
44
48
|
|
45
49
|
def content(file)
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
+
@content ||= {}
|
51
|
+
@content[file] ||= begin
|
52
|
+
if private?
|
53
|
+
download_content_via_api(file)
|
54
|
+
else
|
55
|
+
download_content_via_raw(file)
|
56
|
+
end
|
50
57
|
end
|
51
58
|
rescue OpenURI::HTTPError => e
|
52
59
|
raise "Error downloading #{file} from #{url} (#{e})" unless e.message.start_with?("404")
|
metadata
CHANGED
@@ -1,57 +1,27 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler-organization_audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
5
|
-
prerelease:
|
4
|
+
version: 0.1.3
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Michael Grosser
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
|
-
cert_chain:
|
12
|
-
-
|
13
|
-
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNakNDQWhxZ0F3SUJB
|
14
|
-
Z0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREEvTVJBd0RnWURWUVFEREFkdGFX
|
15
|
-
Tm8KWVdWc01SY3dGUVlLQ1pJbWlaUHlMR1FCR1JZSFozSnZjM05sY2pFU01C
|
16
|
-
QUdDZ21TSm9tVDhpeGtBUmtXQW1sMApNQjRYRFRFek1ESXdNekU0TVRNeE1W
|
17
|
-
b1hEVEUwTURJd016RTRNVE14TVZvd1B6RVFNQTRHQTFVRUF3d0hiV2xqCmFH
|
18
|
-
RmxiREVYTUJVR0NnbVNKb21UOGl4a0FSa1dCMmR5YjNOelpYSXhFakFRQmdv
|
19
|
-
SmtpYUprL0lzWkFFWkZnSnAKZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFB
|
20
|
-
RGdnRVBBRENDQVFvQ2dnRUJBTW9yWG8vaGdiVXE5NytrSUk5SApNc1FjTGRD
|
21
|
-
Lzd3UTFaUDJPc2hWSFBrZVAwcUg4TUJIR2c2ZVlpc09YMnViTmFnRjlZVENa
|
22
|
-
V25ocmRLcndwTE9PCmNQTGFaYmpVamxqSjNjUVIzQjhZbjF2ZVY1SWhHODZR
|
23
|
-
c2VUQmp5bXpKV3NMcHFKMVVaR3BmQjl0WGNzRnR1eE8KNnZIdmNJSGR6dmMv
|
24
|
-
T1VrSUN0dExiSCsxcWI2cnNIVWNlcWgrSnJINEdyc0o1SDRoQWZJZHlTMlhN
|
25
|
-
SzdZUktiaApoK0lCdTZkRldKSkJ5ekZzWW1WMVBEWGxuM1VCbWdBdDY1Y21D
|
26
|
-
dTRxUGZUaGlvQ0dEemJTSnJHREdMbXcvcEZYCkZQcFZDbTF6Z1lTYjF2NlFu
|
27
|
-
ZjNjZ1hhMmYyd1lHbTE3K3pBVnlJRHB3cnlGcnU5eUYvakp4RTM4ei9EUnNk
|
28
|
-
OVIKLzg4Q0F3RUFBYU01TURjd0NRWURWUjBUQkFJd0FEQWRCZ05WSFE0RUZn
|
29
|
-
UVVzaU5uWEh0S2VNWVljcjR5SlZtUQpXT05MK0l3d0N3WURWUjBQQkFRREFn
|
30
|
-
U3dNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0SUJBUUFseU43a0tvL05RQ1EwCkFP
|
31
|
-
elpMWjNXQWVQdlN0a0NGSUo1M3RzdjVLeW80cE1BbGx2K0JnUHp6QnQ3cWk2
|
32
|
-
MDVtRlNMNnpCZDl1TG91K1cKQ28zczQ4cDFkeTdDampBZlZRZG1WTkhGM013
|
33
|
-
WHRmQzJPRXl2U1FQaTR4S1I4aWJhOHdhM3hwOUxWbzFQdUxwdwovNkRzckNo
|
34
|
-
V3c3NEhmc0pONnFKT0s2ODRoSmVUOGxCWUFVZmlDM3dEMG93b1BTZytYdHlB
|
35
|
-
QWRkaXNSK0tWNVkxCk5tVkh1THRRY05UWnkrZ1JodDNhaEpSTXVDNlF5TG1r
|
36
|
-
VHNmKzZNYWVud0FNa0FnSGRzd0dzSnp0T25ObkJhM0YKeTBrQ1NXbUs2RCt4
|
37
|
-
L1NiZlM2cjdLZTA3TVJxemlKZEI5R3VFMSswY0lSdUZoOEVRK0xONkhYQ0tN
|
38
|
-
NXBvbi9HVQp5Y3dNWGZsMAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
39
|
-
date: 2013-03-22 00:00:00.000000000 Z
|
10
|
+
cert_chain: []
|
11
|
+
date: 2013-08-10 00:00:00.000000000 Z
|
40
12
|
dependencies:
|
41
13
|
- !ruby/object:Gem::Dependency
|
42
14
|
name: json
|
43
15
|
requirement: !ruby/object:Gem::Requirement
|
44
|
-
none: false
|
45
16
|
requirements:
|
46
|
-
- -
|
17
|
+
- - '>='
|
47
18
|
- !ruby/object:Gem::Version
|
48
19
|
version: '0'
|
49
20
|
type: :runtime
|
50
21
|
prerelease: false
|
51
22
|
version_requirements: !ruby/object:Gem::Requirement
|
52
|
-
none: false
|
53
23
|
requirements:
|
54
|
-
- -
|
24
|
+
- - '>='
|
55
25
|
- !ruby/object:Gem::Version
|
56
26
|
version: '0'
|
57
27
|
description: Audit all Gemfiles of a user/organization on github for unpatched versions
|
@@ -61,51 +31,32 @@ executables:
|
|
61
31
|
extensions: []
|
62
32
|
extra_rdoc_files: []
|
63
33
|
files:
|
64
|
-
- .gitignore
|
65
|
-
- .travis.yml
|
66
|
-
- Gemfile
|
67
|
-
- Gemfile.lock
|
68
|
-
- Rakefile
|
69
|
-
- Readme.md
|
70
34
|
- bin/bundle-organization-audit
|
71
|
-
- bundler-organization_audit.gemspec
|
72
|
-
- gem-public_cert.pem
|
73
35
|
- lib/bundler/organization_audit.rb
|
74
36
|
- lib/bundler/organization_audit/repo.rb
|
75
37
|
- lib/bundler/organization_audit/version.rb
|
76
|
-
- spec/bundler/organization_audit/repo_spec.rb
|
77
|
-
- spec/bundler/organization_audit_spec.rb
|
78
|
-
- spec/private.example.yml
|
79
|
-
- spec/spec_helper.rb
|
80
38
|
homepage: http://github.com/grosser/bundler-organization_audit
|
81
39
|
licenses:
|
82
40
|
- MIT
|
41
|
+
metadata: {}
|
83
42
|
post_install_message:
|
84
43
|
rdoc_options: []
|
85
44
|
require_paths:
|
86
45
|
- lib
|
87
46
|
required_ruby_version: !ruby/object:Gem::Requirement
|
88
|
-
none: false
|
89
47
|
requirements:
|
90
|
-
- -
|
48
|
+
- - '>='
|
91
49
|
- !ruby/object:Gem::Version
|
92
50
|
version: '0'
|
93
|
-
segments:
|
94
|
-
- 0
|
95
|
-
hash: -3883081273091798118
|
96
51
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
97
|
-
none: false
|
98
52
|
requirements:
|
99
|
-
- -
|
53
|
+
- - '>='
|
100
54
|
- !ruby/object:Gem::Version
|
101
55
|
version: '0'
|
102
|
-
segments:
|
103
|
-
- 0
|
104
|
-
hash: -3883081273091798118
|
105
56
|
requirements: []
|
106
57
|
rubyforge_project:
|
107
|
-
rubygems_version:
|
58
|
+
rubygems_version: 2.0.6
|
108
59
|
signing_key:
|
109
|
-
specification_version:
|
60
|
+
specification_version: 4
|
110
61
|
summary: Audit all Gemfiles of a user/organization on github for unpatched versions
|
111
62
|
test_files: []
|
data.tar.gz.sig
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
����Q����Kc֚�� �a}�⳪40������RD���dr]�8��W�(���@tByap����'�W?����1�Dm[2������n^=����+���I����+���.r'����N�d}�j�f�L�OզA^������$��:���<�W��FHc7l[������c��Su��{F�Hq,J7I)��_�%�(�LNy���`�T���F�����l3x��t��ϓ.@�8�oov��]4�"�aWI$��
|
data/.gitignore
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
spec/private.yml
|
data/.travis.yml
DELETED
data/Gemfile
DELETED
data/Gemfile.lock
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
GIT
|
2
|
-
remote: git://github.com/grosser/bundler-audit.git
|
3
|
-
revision: a2d65124650460f525f62c7302629fee4d697413
|
4
|
-
branch: ignore-version
|
5
|
-
submodules: true
|
6
|
-
specs:
|
7
|
-
bundler-audit (0.1.3)
|
8
|
-
bundler (~> 1.2)
|
9
|
-
|
10
|
-
PATH
|
11
|
-
remote: .
|
12
|
-
specs:
|
13
|
-
bundler-organization_audit (0.1.2)
|
14
|
-
json
|
15
|
-
|
16
|
-
GEM
|
17
|
-
remote: https://rubygems.org/
|
18
|
-
specs:
|
19
|
-
bump (0.3.9)
|
20
|
-
diff-lcs (1.1.3)
|
21
|
-
json (1.7.7)
|
22
|
-
rake (10.0.3)
|
23
|
-
rspec (2.12.0)
|
24
|
-
rspec-core (~> 2.12.0)
|
25
|
-
rspec-expectations (~> 2.12.0)
|
26
|
-
rspec-mocks (~> 2.12.0)
|
27
|
-
rspec-core (2.12.2)
|
28
|
-
rspec-expectations (2.12.1)
|
29
|
-
diff-lcs (~> 1.1.3)
|
30
|
-
rspec-mocks (2.12.2)
|
31
|
-
|
32
|
-
PLATFORMS
|
33
|
-
ruby
|
34
|
-
|
35
|
-
DEPENDENCIES
|
36
|
-
bump
|
37
|
-
bundler-audit!
|
38
|
-
bundler-organization_audit!
|
39
|
-
rake
|
40
|
-
rspec (~> 2)
|
data/Rakefile
DELETED
data/Readme.md
DELETED
@@ -1,92 +0,0 @@
|
|
1
|
-
Audit all Gemfiles of a user/organization on Github for unpatched versions
|
2
|
-
|
3
|
-
# simple
|
4
|
-
gem install bundler-organization_audit
|
5
|
-
|
6
|
-
# if you want --ignore-cve
|
7
|
-
git clone git://github.com/grosser/bundler-organization_audit.git
|
8
|
-
cd bundler-organization_audit
|
9
|
-
bundle update bundler-audit # get new advisories
|
10
|
-
bundle exec ./bin/bundle-organization-audit ... options ...
|
11
|
-
|
12
|
-
Usage
|
13
|
-
=====
|
14
|
-
|
15
|
-
### Public repos
|
16
|
-
For yourself (git config github.user)
|
17
|
-
```Bash
|
18
|
-
bundle-organization-audit
|
19
|
-
parallel
|
20
|
-
No Gemfile.lock found
|
21
|
-
|
22
|
-
parllel_tests
|
23
|
-
bundle-audit
|
24
|
-
No unpatched versions found
|
25
|
-
|
26
|
-
rails_example_app
|
27
|
-
bundle-audit
|
28
|
-
Name: rack
|
29
|
-
Version: 1.4.4
|
30
|
-
CVE: 2013-0263
|
31
|
-
Criticality: High
|
32
|
-
URL: http://osvdb.org/show/osvdb/89939
|
33
|
-
Title: Rack Rack::Session::Cookie Function Timing Attack Remote Code Execution
|
34
|
-
Patched Versions: ~> 1.1.6, ~> 1.2.8, ~> 1.3.10, ~> 1.4.5, >= 1.5.2
|
35
|
-
|
36
|
-
Vulnerable:
|
37
|
-
https://github.com/grosser/rails_example_app -- Peter Last Committer <peter@last-commit-email.com>
|
38
|
-
```
|
39
|
-
|
40
|
-
For someone else
|
41
|
-
```Bash
|
42
|
-
bundle-organization-audit --user grosser
|
43
|
-
```
|
44
|
-
|
45
|
-
Ignore gems (ignores repos that have a %{repo}.gemspec)
|
46
|
-
```Bash
|
47
|
-
bundle-organization-audit --ignore-gems
|
48
|
-
```
|
49
|
-
|
50
|
-
Silent: only show vulnerable repos
|
51
|
-
```
|
52
|
-
bundle-organization-audit 2>/dev/null
|
53
|
-
```
|
54
|
-
|
55
|
-
CI: ignore old/unmaintained proejcts, unfixable/unimportant cves and gems
|
56
|
-
```
|
57
|
-
bundle-organization-audit \
|
58
|
-
--ignore https://github.com/xxx/a \
|
59
|
-
--ignore https://github.com/xxx/b \
|
60
|
-
--ignore-cve 2013-0269@1.5.3 \
|
61
|
-
--ignore-cve '2013-0123@~>3.2.10' \
|
62
|
-
--ignore-cve 2013-0234 \
|
63
|
-
--ignore-gems \
|
64
|
-
--organization xxx \
|
65
|
-
--token yyy
|
66
|
-
```
|
67
|
-
|
68
|
-
### Private repos
|
69
|
-
|
70
|
-
```Bash
|
71
|
-
# create a token that has access to your repositories
|
72
|
-
curl -v -u your-user-name -X POST https://api.github.com/authorizations --data '{"scopes":["repo"]}'
|
73
|
-
enter your password -> TOKEN
|
74
|
-
|
75
|
-
bundle-organization-audit --user your-user --token TOKEN --organization your-organization
|
76
|
-
```
|
77
|
-
|
78
|
-
Related
|
79
|
-
=======
|
80
|
-
- [holepicker](https://github.com/jsuder/holepicker) does the same check for local projects and running servers
|
81
|
-
- [bundler-audit](https://github.com/postmodern/bundler-audit) check a single local project for vulerabilities
|
82
|
-
|
83
|
-
Development
|
84
|
-
===========
|
85
|
-
- test private repo fetching via `cp spec/private{.example,}.yml` and filling it out
|
86
|
-
|
87
|
-
Author
|
88
|
-
======
|
89
|
-
[Michael Grosser](http://grosser.it)<br/>
|
90
|
-
michael@grosser.it<br/>
|
91
|
-
License: MIT<br/>
|
92
|
-
[![Build Status](https://travis-ci.org/grosser/bundler-organization_audit.png)](https://travis-ci.org/grosser/bundler-organization_audit)
|
@@ -1,21 +0,0 @@
|
|
1
|
-
$LOAD_PATH.unshift File.expand_path("../lib", __FILE__)
|
2
|
-
name = "bundler-organization_audit"
|
3
|
-
require "#{name.gsub("-","/")}/version"
|
4
|
-
|
5
|
-
Gem::Specification.new name, Bundler::OrganizationAudit::VERSION do |s|
|
6
|
-
s.summary = s.description = "Audit all Gemfiles of a user/organization on github for unpatched versions"
|
7
|
-
s.authors = ["Michael Grosser"]
|
8
|
-
s.email = "michael@grosser.it"
|
9
|
-
s.homepage = "http://github.com/grosser/#{name}"
|
10
|
-
s.files = `git ls-files`.split("\n")
|
11
|
-
s.license = "MIT"
|
12
|
-
key = File.expand_path("~/.ssh/gem-private_key.pem")
|
13
|
-
if File.exist?(key)
|
14
|
-
s.signing_key = key
|
15
|
-
s.cert_chain = ["gem-public_cert.pem"]
|
16
|
-
else
|
17
|
-
puts "No signature"
|
18
|
-
end
|
19
|
-
s.executables = ["bundle-organization-audit"]
|
20
|
-
s.add_runtime_dependency "json"
|
21
|
-
end
|
data/gem-public_cert.pem
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
-----BEGIN CERTIFICATE-----
|
2
|
-
MIIDMjCCAhqgAwIBAgIBADANBgkqhkiG9w0BAQUFADA/MRAwDgYDVQQDDAdtaWNo
|
3
|
-
YWVsMRcwFQYKCZImiZPyLGQBGRYHZ3Jvc3NlcjESMBAGCgmSJomT8ixkARkWAml0
|
4
|
-
MB4XDTEzMDIwMzE4MTMxMVoXDTE0MDIwMzE4MTMxMVowPzEQMA4GA1UEAwwHbWlj
|
5
|
-
aGFlbDEXMBUGCgmSJomT8ixkARkWB2dyb3NzZXIxEjAQBgoJkiaJk/IsZAEZFgJp
|
6
|
-
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMorXo/hgbUq97+kII9H
|
7
|
-
MsQcLdC/7wQ1ZP2OshVHPkeP0qH8MBHGg6eYisOX2ubNagF9YTCZWnhrdKrwpLOO
|
8
|
-
cPLaZbjUjljJ3cQR3B8Yn1veV5IhG86QseTBjymzJWsLpqJ1UZGpfB9tXcsFtuxO
|
9
|
-
6vHvcIHdzvc/OUkICttLbH+1qb6rsHUceqh+JrH4GrsJ5H4hAfIdyS2XMK7YRKbh
|
10
|
-
h+IBu6dFWJJByzFsYmV1PDXln3UBmgAt65cmCu4qPfThioCGDzbSJrGDGLmw/pFX
|
11
|
-
FPpVCm1zgYSb1v6Qnf3cgXa2f2wYGm17+zAVyIDpwryFru9yF/jJxE38z/DRsd9R
|
12
|
-
/88CAwEAAaM5MDcwCQYDVR0TBAIwADAdBgNVHQ4EFgQUsiNnXHtKeMYYcr4yJVmQ
|
13
|
-
WONL+IwwCwYDVR0PBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQAlyN7kKo/NQCQ0
|
14
|
-
AOzZLZ3WAePvStkCFIJ53tsv5Kyo4pMAllv+BgPzzBt7qi605mFSL6zBd9uLou+W
|
15
|
-
Co3s48p1dy7CjjAfVQdmVNHF3MwXtfC2OEyvSQPi4xKR8iba8wa3xp9LVo1PuLpw
|
16
|
-
/6DsrChWw74HfsJN6qJOK684hJeT8lBYAUfiC3wD0owoPSg+XtyAAddisR+KV5Y1
|
17
|
-
NmVHuLtQcNTZy+gRht3ahJRMuC6QyLmkTsf+6MaenwAMkAgHdswGsJztOnNnBa3F
|
18
|
-
y0kCSWmK6D+x/SbfS6r7Ke07MRqziJdB9GuE1+0cIRuFh8EQ+LN6HXCKM5pon/GU
|
19
|
-
ycwMXfl0
|
20
|
-
-----END CERTIFICATE-----
|
@@ -1,64 +0,0 @@
|
|
1
|
-
require "spec_helper"
|
2
|
-
|
3
|
-
describe Bundler::OrganizationAudit::Repo do
|
4
|
-
let(:config){ YAML.load_file("spec/private.yml") }
|
5
|
-
let(:repo) do
|
6
|
-
Bundler::OrganizationAudit::Repo.new(
|
7
|
-
"url" => "https://api.github.com/repos/grosser/parallel"
|
8
|
-
)
|
9
|
-
end
|
10
|
-
|
11
|
-
describe ".all" do
|
12
|
-
it "returns the list of public repositories" do
|
13
|
-
# use a big account -> make sure pagination works
|
14
|
-
list = Bundler::OrganizationAudit::Repo.all(:user => "grosser")
|
15
|
-
list.map(&:url).should include("https://github.com/grosser/parallel")
|
16
|
-
end
|
17
|
-
|
18
|
-
if File.exist?("spec/private.yml")
|
19
|
-
it "returns the list of private repositories from a user" do
|
20
|
-
list = Bundler::OrganizationAudit::Repo.all(:token => config["token"])
|
21
|
-
list.map(&:url).should include("https://github.com/#{config["user"]}/#{config["expected_user"]}")
|
22
|
-
end
|
23
|
-
|
24
|
-
it "returns the list of private repositories from a organization" do
|
25
|
-
list = Bundler::OrganizationAudit::Repo.all(:token => config["token"], :organization => config["organization"])
|
26
|
-
list.map(&:url).should include("https://github.com/#{config["organization"]}/#{config["expected_organization"]}")
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
describe "#last_commiter" do
|
32
|
-
it "returns nice info" do
|
33
|
-
repo.last_commiter.should == "grosser <grosser.michael@gmail.com>"
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
describe "#content" do
|
38
|
-
it "can download a public file" do
|
39
|
-
repo.content("Gemfile.lock").should include('rspec (2')
|
40
|
-
end
|
41
|
-
|
42
|
-
if File.exist?("spec/private.yml")
|
43
|
-
it "can download a private file" do
|
44
|
-
url = "https://api.github.com/repos/#{config["organization"]}/#{config["expected_organization"]}"
|
45
|
-
repo = Bundler::OrganizationAudit::Repo.new(
|
46
|
-
{"url" => url, "private" => true}, config["token"]
|
47
|
-
)
|
48
|
-
content = repo.content("Gemfile.lock")
|
49
|
-
content.should include('i18n (0.')
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
describe "#gem?" do
|
55
|
-
it "is a gem if it has a gemspec" do
|
56
|
-
repo.should be_gem
|
57
|
-
end
|
58
|
-
|
59
|
-
it "is not a gem if it has no gemspec" do
|
60
|
-
Bundler::OrganizationAudit::Repo.new("url" => "https://api.github.com/repos/grosser/dotfiles").should_not be_gem
|
61
|
-
end
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
@@ -1,117 +0,0 @@
|
|
1
|
-
require "spec_helper"
|
2
|
-
|
3
|
-
describe Bundler::OrganizationAudit do
|
4
|
-
it "has a VERSION" do
|
5
|
-
Bundler::OrganizationAudit::VERSION.should =~ /^[\.\da-z]+$/
|
6
|
-
end
|
7
|
-
|
8
|
-
describe Bundler::OrganizationAudit do
|
9
|
-
let(:repo) do
|
10
|
-
Bundler::OrganizationAudit::Repo.new(
|
11
|
-
"url" => "https://api.github.com/repos/grosser/parallel"
|
12
|
-
)
|
13
|
-
end
|
14
|
-
|
15
|
-
describe ".audit_repo" do
|
16
|
-
it "audits public repos" do
|
17
|
-
out = record_out do
|
18
|
-
Bundler::OrganizationAudit.send(:audit_repo, repo, {})
|
19
|
-
end
|
20
|
-
out.strip.should == "parallel\nbundle-audit\nNo unpatched versions found"
|
21
|
-
end
|
22
|
-
|
23
|
-
it "does not audit ignored repos" do
|
24
|
-
out = record_out do
|
25
|
-
Bundler::OrganizationAudit.send(:audit_repo, repo, :ignore_gems => true)
|
26
|
-
end
|
27
|
-
out.strip.should == "parallel\nIgnored because it's a gem"
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
describe ".run" do
|
32
|
-
before do
|
33
|
-
Bundler::OrganizationAudit.stub(:puts)
|
34
|
-
end
|
35
|
-
|
36
|
-
it "is successful when failed are empty" do
|
37
|
-
Bundler::OrganizationAudit.should_receive(:find_vulnerable).and_return([])
|
38
|
-
record_out do
|
39
|
-
Bundler::OrganizationAudit.run({}).should == 0
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
it "fails with failed" do
|
44
|
-
Bundler::OrganizationAudit.should_receive(:find_vulnerable).and_return([repo])
|
45
|
-
record_out do
|
46
|
-
Bundler::OrganizationAudit.run({}).should == 1
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
context "CLI" do
|
53
|
-
it "can audit a user" do
|
54
|
-
result = audit("--user anamartinez")
|
55
|
-
result.should include "I18N-tools\nNo Gemfile.lock found" # did not use audit when not necessary
|
56
|
-
result.should include "js-cldr-timezones\nbundle-audit\nNo unpatched versions found" # used audit where necessary
|
57
|
-
end
|
58
|
-
|
59
|
-
it "can audit a unpatched user" do
|
60
|
-
result = audit("--user user-with-unpatched-apps", :fail => true)
|
61
|
-
result.should include "unpatched\nbundle-audit\nName: json\nVersion: 1.5.3" # Individual vulnerabilities
|
62
|
-
result.should include "Vulnerable:\nhttps://github.com/user-with-unpatched-apps/unpatched" # Summary
|
63
|
-
end
|
64
|
-
|
65
|
-
it "only shows failed projects on stdout" do
|
66
|
-
result = audit("--user user-with-unpatched-apps 2>/dev/null", :fail => true, :keep_output => true)
|
67
|
-
result.should == "https://github.com/user-with-unpatched-apps/unpatched -- grosser <grosser.michael@gmail.com>\n"
|
68
|
-
end
|
69
|
-
|
70
|
-
it "ignores projects in --ignore" do
|
71
|
-
result = audit("--user user-with-unpatched-apps --ignore https://github.com/user-with-unpatched-apps/unpatched 2>/dev/null", :keep_output => true)
|
72
|
-
result.should == ""
|
73
|
-
end
|
74
|
-
|
75
|
-
it "ignores CVEs via --ignore-cve" do
|
76
|
-
result = audit("--user user-with-unpatched-apps --ignore-cve 2013-0269 2>/dev/null", :keep_output => true)
|
77
|
-
result.should == ""
|
78
|
-
end
|
79
|
-
|
80
|
-
it "shows --version" do
|
81
|
-
audit("--version").should include(Bundler::OrganizationAudit::VERSION)
|
82
|
-
end
|
83
|
-
|
84
|
-
it "shows --help" do
|
85
|
-
audit("--help").should include("Audit all Gemfiles")
|
86
|
-
end
|
87
|
-
|
88
|
-
def audit(command, options={})
|
89
|
-
sh("bin/bundle-organization-audit #{command}", options)
|
90
|
-
end
|
91
|
-
|
92
|
-
def sh(command, options={})
|
93
|
-
result = `#{command} #{"2>&1" unless options[:keep_output]}`
|
94
|
-
raise "FAILED #{command}\n#{result}" if $?.success? == !!options[:fail]
|
95
|
-
decolorize(result)
|
96
|
-
end
|
97
|
-
end
|
98
|
-
|
99
|
-
def decolorize(string)
|
100
|
-
string.gsub(/\e\[\d+m/, "")
|
101
|
-
end
|
102
|
-
|
103
|
-
def record_out
|
104
|
-
recorder = StringIO.new
|
105
|
-
$stdout, out = recorder, $stdout
|
106
|
-
$stderr, err = recorder, $stderr
|
107
|
-
yield
|
108
|
-
decolorize(recorder.string)
|
109
|
-
ensure
|
110
|
-
$stdout = out
|
111
|
-
$stderr = err
|
112
|
-
end
|
113
|
-
|
114
|
-
def in_temp_dir(&block)
|
115
|
-
Dir.mktmpdir { |dir| Dir.chdir(dir, &block) }
|
116
|
-
end
|
117
|
-
end
|
data/spec/private.example.yml
DELETED
data/spec/spec_helper.rb
DELETED
metadata.gz.sig
DELETED
Binary file
|