bundler_audit_notifier 0.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +7 -0
  2. data/app/controllers/bundler_audit_issues_controller.rb +14 -0
  3. data/app/mailers/bundler_audit_issues_mailer.rb +11 -0
  4. data/app/models/bundler_audit_issue.rb +5 -0
  5. data/app/views/bundler_audit_issues/ignore.html.erb +2 -0
  6. data/app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb +21 -0
  7. data/lib/auditer_script.rb +11 -0
  8. data/lib/bundler_audit_notifier.rb +64 -0
  9. data/lib/bundler_audit_notifier/engine.rb +9 -0
  10. data/lib/generators/bundler_audit_notifier/bundler_audit_notifier_generator.rb +19 -0
  11. data/lib/generators/bundler_audit_notifier/templates/migration.rb +21 -0
  12. metadata +176 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: dbc93a1fe9fc38b2767bf26bb2bde6d3df4cc566082dc4f1b59a3fe7aded9527
4
+ data.tar.gz: f4e6548454be89d172b8ed1f6e5ef8e28382b1c094b848549c8009cbe845e197
5
+ SHA512:
6
+ metadata.gz: 2a8ea166f0c1f1deb8bcbe359bf9da667bcb48a60f3871211275c68811d1858c94af06494d44a1888644e20bfe54709ba7b4033da30a97ea94104aff2dfc2e4e
7
+ data.tar.gz: 9250419d9dc2d46e70c1da6f7cb2b1d22e5a4eb6895ae2c12950fce213ca1361d9c54f9021589f1e1e0bd1da433262d9f2931efa156c9b9d6f4b559e5499769e
data/app/controllers/bundler_audit_issues_controller.rb ADDED
@@ -0,0 +1,14 @@
1
+ class BundlerAuditIssuesController < ActionController::Base
2
+ def ignore
3
+ @bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
4
+ @bundler_audit_issue.ignore = true
5
+ if @bundler_audit_issue.save!
6
+ render :ignore
7
+ end
8
+ end
9
+ private
10
+
11
+ def bundler_audit_issue_params
12
+ params.require(:bundler_audit_issue).permit(:name, :version, :advisory, :token, :criticality, :url, :title, :solution, :ignore)
13
+ end
14
+ end
data/app/mailers/bundler_audit_issues_mailer.rb ADDED
@@ -0,0 +1,11 @@
1
+ # app/mailers/application_mailer.rb
2
+ include Rails.application.routes.url_helpers
3
+
4
+ class BundlerAuditIssuesMailer < ActionMailer::Base
5
+ default from: Rails.configuration.vulnerability_email_sender
6
+ DEFAULT_TO = Rails.configuration.vulnerability_email_recipient
7
+ def vulnerability_email vulnerabilities, opts = {}
8
+ @vulnerabilities = vulnerabilities
9
+ mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Results')
10
+ end
11
+ end
data/app/models/bundler_audit_issue.rb ADDED
@@ -0,0 +1,5 @@
1
+ class BundlerAuditIssue < ActiveRecord::Base
2
+ validates_uniqueness_of :advisory
3
+ has_secure_token :token
4
+ include Rails.application.routes.url_helpers
5
+ end
data/app/views/bundler_audit_issues/ignore.html.erb ADDED
@@ -0,0 +1,2 @@
1
+ <h4>Success</h4>
2
+ <p>Vulnerability was ignored successfully.</p>
data/app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb ADDED
@@ -0,0 +1,21 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
5
+ </head>
6
+ <body>
7
+ <h1>Vulnerabilities: </h1>
8
+ <%= @vulnerabilities.each do |line| %>
9
+ <ul>
10
+ <li> Name: <%= line[:name].to_s.html_safe %></li>
11
+ <li> Version: <%= line[:version].to_s.html_safe %></li>
12
+ <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
+ <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
+ <li> Url: <%= line[:url].to_s.html_safe %></li>
15
+ <li> Title: <%= line[:title].to_s.html_safe %></li>
16
+ <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
+ </ul>
18
+ <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line.token) %></p>
19
+ <% end %>
20
+ </body>
21
+ </html>
data/lib/auditer_script.rb ADDED
@@ -0,0 +1,11 @@
1
+ require 'bundler/audit/cli'
2
+
3
+ module AuditUpdateCheck
4
+ def self.audit
5
+ %w(update check).each do |command|
6
+ Bundler::Audit::CLI.start [command]
7
+ end
8
+ end
9
+ end
10
+
11
+ AuditUpdateCheck.audit if __FILE__ == $0
data/lib/bundler_audit_notifier.rb ADDED
@@ -0,0 +1,64 @@
1
+ # dependencies
2
+ require "active_support"
3
+ require 'rake'
4
+ require "bundler_audit_notifier/engine"
5
+
6
+ module BundlerAuditNotifier
7
+ def self.audit_parse
8
+ r, w = IO.pipe
9
+ # Spawn executes specified command and return its pid
10
+ # This line will execute code that runs bundler-audit and then write the output into the IO pipe
11
+ # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
12
+ pid = spawn(RbConfig.ruby, "lib/auditer_script.rb", :out => w, :err => [:child, :out])
13
+ Process.wait2(pid)
14
+ w.close
15
+ # At this point, the results of the bundler-audit check command are written in the IO pipe
16
+ vulnerabilities = []# load quieries from database
17
+ while !r.eof?
18
+ name_line = r.gets
19
+
20
+ if name = name_line[/Name: (?<name>.+)/, :name]
21
+ version_line = r.gets
22
+ advisory_line = r.gets
23
+ criticality_line = r.gets
24
+ url_line = r.gets
25
+ title_line = r.gets
26
+ solution_line = r.gets
27
+ space = r.gets
28
+ if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
29
+ version = version_line[/Version: (?<version>.+)/, :version]
30
+ advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
31
+ criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
32
+ url = url_line[/URL: (?<url>.+)/, :url]
33
+ title = title_line[/Title: (?<title>.+)/, :title]
34
+ solution = solution_line[/Solution: (?<solution>.+)/, :solution]
35
+
36
+ # check for valid data
37
+ # check database table for existing event
38
+ if BundlerAuditIssue.exists?(advisory: advisory)
39
+ bundler_audit_issue = BundlerAuditIssue.where(advisory: advisory).first
40
+ # if event found, touch event
41
+ bundler_audit_issue.touch
42
+ # add event to vulnerabilities array if it was not marked ignored
43
+ if !bundler_audit_issue.ignore
44
+ vulnerabilities << bundler_audit_issue
45
+ end
46
+ else
47
+ bundler_audit_issue = BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
48
+
49
+ vulnerabilities << bundler_audit_issue
50
+ end
51
+ else
52
+ puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
53
+ end
54
+ elsif name_line.strip == "Vulnerabilities found!"
55
+ puts "End of output reached!"
56
+ end
57
+ end
58
+ # iterate through remaining vulnerabilties and send them in an email if any are remaining
59
+ if vulnerabilities.present?
60
+ BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
61
+ end
62
+ end
63
+ end
64
+
data/lib/bundler_audit_notifier/engine.rb ADDED
@@ -0,0 +1,9 @@
1
+ module BundlerAuditNotifier
2
+ class Engine < ::Rails::Engine
3
+ isolate_namespace BundlerAuditNotifier
4
+
5
+ config.generators do |g|
6
+ g.test_framework :rspec
7
+ end
8
+ end
9
+ end
data/lib/generators/bundler_audit_notifier/bundler_audit_notifier_generator.rb ADDED
@@ -0,0 +1,19 @@
1
+ # Run this command to generate migration: rails generate bundler_audit_notifier
2
+ require "rails/generators/active_record"
3
+ require "rails/generators"
4
+ module BundlerAuditNotifier
5
+ module Generators
6
+ class BundlerAuditNotifierGenerator < Rails::Generators::Base
7
+ include ActiveRecord::Generators::Migration
8
+ source_root File.join(__dir__, "templates")
9
+
10
+ def copy_migration
11
+ migration_template "migration.rb", "db/migrate/create_bundler_audit_issues.rb", migration_version: migration_version
12
+ end
13
+
14
+ def migration_version
15
+ "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
16
+ end
17
+ end
18
+ end
19
+ end
data/lib/generators/bundler_audit_notifier/templates/migration.rb ADDED
@@ -0,0 +1,21 @@
1
+ class CreateBundlerAuditIssues < ActiveRecord::Migration[4.2]
2
+ # create the table
3
+ def self.up
4
+ create_table :bundler_audit_issues do |t|
5
+ t.string :name
6
+ t.string :version
7
+ t.string :advisory
8
+ t.string :criticality
9
+ t.string :url
10
+ t.string :title
11
+ t.string :solution
12
+ t.string :token
13
+ t.boolean :ignore, :default => false
14
+ t.timestamps
15
+ end
16
+ end
17
+
18
+ def self.down
19
+ drop_table :bundler_audit_issues
20
+ end
21
+ end
metadata ADDED
@@ -0,0 +1,176 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: bundler_audit_notifier
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Marley Stipich
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2020-03-23 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: activerecord
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '5'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '5'
27
+ - !ruby/object:Gem::Dependency
28
+ name: actionmailer
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: sqlite3
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec-rails
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3.5'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3.5'
69
+ - !ruby/object:Gem::Dependency
70
+ name: database_cleaner
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: shoulda-matchers
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '4.4'
90
+ - - ">="
91
+ - !ruby/object:Gem::Version
92
+ version: 4.4.1
93
+ type: :development
94
+ prerelease: false
95
+ version_requirements: !ruby/object:Gem::Requirement
96
+ requirements:
97
+ - - "~>"
98
+ - !ruby/object:Gem::Version
99
+ version: '4.4'
100
+ - - ">="
101
+ - !ruby/object:Gem::Version
102
+ version: 4.4.1
103
+ - !ruby/object:Gem::Dependency
104
+ name: shoulda-callback-matchers
105
+ requirement: !ruby/object:Gem::Requirement
106
+ requirements:
107
+ - - "~>"
108
+ - !ruby/object:Gem::Version
109
+ version: '1.1'
110
+ - - ">="
111
+ - !ruby/object:Gem::Version
112
+ version: 1.1.4
113
+ type: :development
114
+ prerelease: false
115
+ version_requirements: !ruby/object:Gem::Requirement
116
+ requirements:
117
+ - - "~>"
118
+ - !ruby/object:Gem::Version
119
+ version: '1.1'
120
+ - - ">="
121
+ - !ruby/object:Gem::Version
122
+ version: 1.1.4
123
+ - !ruby/object:Gem::Dependency
124
+ name: rails-controller-testing
125
+ requirement: !ruby/object:Gem::Requirement
126
+ requirements:
127
+ - - ">="
128
+ - !ruby/object:Gem::Version
129
+ version: '0'
130
+ type: :development
131
+ prerelease: false
132
+ version_requirements: !ruby/object:Gem::Requirement
133
+ requirements:
134
+ - - ">="
135
+ - !ruby/object:Gem::Version
136
+ version: '0'
137
+ description:
138
+ email:
139
+ executables: []
140
+ extensions: []
141
+ extra_rdoc_files: []
142
+ files:
143
+ - app/controllers/bundler_audit_issues_controller.rb
144
+ - app/mailers/bundler_audit_issues_mailer.rb
145
+ - app/models/bundler_audit_issue.rb
146
+ - app/views/bundler_audit_issues/ignore.html.erb
147
+ - app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb
148
+ - lib/auditer_script.rb
149
+ - lib/bundler_audit_notifier.rb
150
+ - lib/bundler_audit_notifier/engine.rb
151
+ - lib/generators/bundler_audit_notifier/bundler_audit_notifier_generator.rb
152
+ - lib/generators/bundler_audit_notifier/templates/migration.rb
153
+ homepage:
154
+ licenses: []
155
+ metadata: {}
156
+ post_install_message:
157
+ rdoc_options: []
158
+ require_paths:
159
+ - "{lib, app}"
160
+ required_ruby_version: !ruby/object:Gem::Requirement
161
+ requirements:
162
+ - - ">="
163
+ - !ruby/object:Gem::Version
164
+ version: '0'
165
+ required_rubygems_version: !ruby/object:Gem::Requirement
166
+ requirements:
167
+ - - ">="
168
+ - !ruby/object:Gem::Version
169
+ version: '0'
170
+ requirements: []
171
+ rubygems_version: 3.0.6
172
+ signing_key:
173
+ specification_version: 4
174
+ summary: bundler_audit_notifier is a ruby gem that will automatically scan source
175
+ code for ruby gem vulnerabilities and then email you a list of the vulnerabilities
176
+ test_files: []