bundler_audit_notifier 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +7 -0
  2. data/app/controllers/bundler_audit_issues_controller.rb +14 -0
  3. data/app/mailers/bundler_audit_issues_mailer.rb +11 -0
  4. data/app/models/bundler_audit_issue.rb +5 -0
  5. data/app/views/bundler_audit_issues/ignore.html.erb +2 -0
  6. data/app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb +21 -0
  7. data/lib/auditer_script.rb +11 -0
  8. data/lib/bundler_audit_notifier.rb +64 -0
  9. data/lib/bundler_audit_notifier/engine.rb +9 -0
  10. data/lib/generators/bundler_audit_notifier/bundler_audit_notifier_generator.rb +19 -0
  11. data/lib/generators/bundler_audit_notifier/templates/migration.rb +21 -0
  12. metadata +176 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: dbc93a1fe9fc38b2767bf26bb2bde6d3df4cc566082dc4f1b59a3fe7aded9527
4
+ data.tar.gz: f4e6548454be89d172b8ed1f6e5ef8e28382b1c094b848549c8009cbe845e197
5
+ SHA512:
6
+ metadata.gz: 2a8ea166f0c1f1deb8bcbe359bf9da667bcb48a60f3871211275c68811d1858c94af06494d44a1888644e20bfe54709ba7b4033da30a97ea94104aff2dfc2e4e
7
+ data.tar.gz: 9250419d9dc2d46e70c1da6f7cb2b1d22e5a4eb6895ae2c12950fce213ca1361d9c54f9021589f1e1e0bd1da433262d9f2931efa156c9b9d6f4b559e5499769e
data/app/controllers/bundler_audit_issues_controller.rb ADDED
@@ -0,0 +1,14 @@
1
+ class BundlerAuditIssuesController < ActionController::Base
2
+ def ignore
3
+ @bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
4
+ @bundler_audit_issue.ignore = true
5
+ if @bundler_audit_issue.save!
6
+ render :ignore
7
+ end
8
+ end
9
+ private
10
+
11
+ def bundler_audit_issue_params
12
+ params.require(:bundler_audit_issue).permit(:name, :version, :advisory, :token, :criticality, :url, :title, :solution, :ignore)
13
+ end
14
+ end
data/app/mailers/bundler_audit_issues_mailer.rb ADDED
@@ -0,0 +1,11 @@
1
+ # app/mailers/application_mailer.rb
2
+ include Rails.application.routes.url_helpers
3
+
4
+ class BundlerAuditIssuesMailer < ActionMailer::Base
5
+ default from: Rails.configuration.vulnerability_email_sender
6
+ DEFAULT_TO = Rails.configuration.vulnerability_email_recipient
7
+ def vulnerability_email vulnerabilities, opts = {}
8
+ @vulnerabilities = vulnerabilities
9
+ mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Results')
10
+ end
11
+ end
data/app/models/bundler_audit_issue.rb ADDED
@@ -0,0 +1,5 @@
1
+ class BundlerAuditIssue < ActiveRecord::Base
2
+ validates_uniqueness_of :advisory
3
+ has_secure_token :token
4
+ include Rails.application.routes.url_helpers
5
+ end
data/app/views/bundler_audit_issues/ignore.html.erb ADDED
@@ -0,0 +1,2 @@
1
+ <h4>Success</h4>
2
+ <p>Vulnerability was ignored successfully.</p>
data/app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb ADDED
@@ -0,0 +1,21 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
5
+ </head>
6
+ <body>
7
+ <h1>Vulnerabilities: </h1>
8
+ <%= @vulnerabilities.each do |line| %>
9
+ <ul>
10
+ <li> Name: <%= line[:name].to_s.html_safe %></li>
11
+ <li> Version: <%= line[:version].to_s.html_safe %></li>
12
+ <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
+ <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
+ <li> Url: <%= line[:url].to_s.html_safe %></li>
15
+ <li> Title: <%= line[:title].to_s.html_safe %></li>
16
+ <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
+ </ul>
18
+ <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line.token) %></p>
19
+ <% end %>
20
+ </body>
21
+ </html>
data/lib/auditer_script.rb ADDED
@@ -0,0 +1,11 @@
1
+ require 'bundler/audit/cli'
2
+
3
+ module AuditUpdateCheck
4
+ def self.audit
5
+ %w(update check).each do |command|
6
+ Bundler::Audit::CLI.start [command]
7
+ end
8
+ end
9
+ end
10
+
11
+ AuditUpdateCheck.audit if __FILE__ == $0
data/lib/bundler_audit_notifier.rb ADDED
@@ -0,0 +1,64 @@
1
+ # dependencies
2
+ require "active_support"
3
+ require 'rake'
4
+ require "bundler_audit_notifier/engine"
5
+
6
+ module BundlerAuditNotifier
7
+ def self.audit_parse
8
+ r, w = IO.pipe
9
+ # Spawn executes specified command and return its pid
10
+ # This line will execute code that runs bundler-audit and then write the output into the IO pipe
11
+ # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
12
+ pid = spawn(RbConfig.ruby, "lib/auditer_script.rb", :out => w, :err => [:child, :out])
13
+ Process.wait2(pid)
14
+ w.close
15
+ # At this point, the results of the bundler-audit check command are written in the IO pipe
16
+ vulnerabilities = []# load quieries from database
17
+ while !r.eof?
18
+ name_line = r.gets
19
+
20
+ if name = name_line[/Name: (?<name>.+)/, :name]
21
+ version_line = r.gets
22
+ advisory_line = r.gets
23
+ criticality_line = r.gets
24
+ url_line = r.gets
25
+ title_line = r.gets
26
+ solution_line = r.gets
27
+ space = r.gets
28
+ if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
29
+ version = version_line[/Version: (?<version>.+)/, :version]
30
+ advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
31
+ criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
32
+ url = url_line[/URL: (?<url>.+)/, :url]
33
+ title = title_line[/Title: (?<title>.+)/, :title]
34
+ solution = solution_line[/Solution: (?<solution>.+)/, :solution]
35
+
36
+ # check for valid data
37
+ # check database table for existing event
38
+ if BundlerAuditIssue.exists?(advisory: advisory)
39
+ bundler_audit_issue = BundlerAuditIssue.where(advisory: advisory).first
40
+ # if event found, touch event
41
+ bundler_audit_issue.touch
42
+ # add event to vulnerabilities array if it was not marked ignored
43
+ if !bundler_audit_issue.ignore
44
+ vulnerabilities << bundler_audit_issue
45
+ end
46
+ else
47
+ bundler_audit_issue = BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
48
+
49
+ vulnerabilities << bundler_audit_issue
50
+ end
51
+ else
52
+ puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
53
+ end
54
+ elsif name_line.strip == "Vulnerabilities found!"
55
+ puts "End of output reached!"
56
+ end
57
+ end
58
+ # iterate through remaining vulnerabilties and send them in an email if any are remaining
59
+ if vulnerabilities.present?
60
+ BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
61
+ end
62
+ end
63
+ end
64
+
data/lib/bundler_audit_notifier/engine.rb ADDED
@@ -0,0 +1,9 @@
1
+ module BundlerAuditNotifier
2
+ class Engine < ::Rails::Engine
3
+ isolate_namespace BundlerAuditNotifier
4
+
5
+ config.generators do |g|
6
+ g.test_framework :rspec
7
+ end
8
+ end
9
+ end
data/lib/generators/bundler_audit_notifier/bundler_audit_notifier_generator.rb ADDED
@@ -0,0 +1,19 @@
1
+ # Run this command to generate migration: rails generate bundler_audit_notifier
2
+ require "rails/generators/active_record"
3
+ require "rails/generators"
4
+ module BundlerAuditNotifier
5
+ module Generators
6
+ class BundlerAuditNotifierGenerator < Rails::Generators::Base
7
+ include ActiveRecord::Generators::Migration
8
+ source_root File.join(__dir__, "templates")
9
+
10
+ def copy_migration
11
+ migration_template "migration.rb", "db/migrate/create_bundler_audit_issues.rb", migration_version: migration_version
12
+ end
13
+
14
+ def migration_version
15
+ "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
16
+ end
17
+ end
18
+ end
19
+ end
data/lib/generators/bundler_audit_notifier/templates/migration.rb ADDED
@@ -0,0 +1,21 @@
1
+ class CreateBundlerAuditIssues < ActiveRecord::Migration[4.2]
2
+ # create the table
3
+ def self.up
4
+ create_table :bundler_audit_issues do |t|
5
+ t.string :name
6
+ t.string :version
7
+ t.string :advisory
8
+ t.string :criticality
9
+ t.string :url
10
+ t.string :title
11
+ t.string :solution
12
+ t.string :token
13
+ t.boolean :ignore, :default => false
14
+ t.timestamps
15
+ end
16
+ end
17
+
18
+ def self.down
19
+ drop_table :bundler_audit_issues
20
+ end
21
+ end
metadata ADDED
@@ -0,0 +1,176 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: bundler_audit_notifier
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Marley Stipich
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2020-03-23 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: activerecord
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '5'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '5'
27
+ - !ruby/object:Gem::Dependency
28
+ name: actionmailer
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: sqlite3
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec-rails
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3.5'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3.5'
69
+ - !ruby/object:Gem::Dependency
70
+ name: database_cleaner
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: shoulda-matchers
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '4.4'
90
+ - - ">="
91
+ - !ruby/object:Gem::Version
92
+ version: 4.4.1
93
+ type: :development
94
+ prerelease: false
95
+ version_requirements: !ruby/object:Gem::Requirement
96
+ requirements:
97
+ - - "~>"
98
+ - !ruby/object:Gem::Version
99
+ version: '4.4'
100
+ - - ">="
101
+ - !ruby/object:Gem::Version
102
+ version: 4.4.1
103
+ - !ruby/object:Gem::Dependency
104
+ name: shoulda-callback-matchers
105
+ requirement: !ruby/object:Gem::Requirement
106
+ requirements:
107
+ - - "~>"
108
+ - !ruby/object:Gem::Version
109
+ version: '1.1'
110
+ - - ">="
111
+ - !ruby/object:Gem::Version
112
+ version: 1.1.4
113
+ type: :development
114
+ prerelease: false
115
+ version_requirements: !ruby/object:Gem::Requirement
116
+ requirements:
117
+ - - "~>"
118
+ - !ruby/object:Gem::Version
119
+ version: '1.1'
120
+ - - ">="
121
+ - !ruby/object:Gem::Version
122
+ version: 1.1.4
123
+ - !ruby/object:Gem::Dependency
124
+ name: rails-controller-testing
125
+ requirement: !ruby/object:Gem::Requirement
126
+ requirements:
127
+ - - ">="
128
+ - !ruby/object:Gem::Version
129
+ version: '0'
130
+ type: :development
131
+ prerelease: false
132
+ version_requirements: !ruby/object:Gem::Requirement
133
+ requirements:
134
+ - - ">="
135
+ - !ruby/object:Gem::Version
136
+ version: '0'
137
+ description:
138
+ email:
139
+ executables: []
140
+ extensions: []
141
+ extra_rdoc_files: []
142
+ files:
143
+ - app/controllers/bundler_audit_issues_controller.rb
144
+ - app/mailers/bundler_audit_issues_mailer.rb
145
+ - app/models/bundler_audit_issue.rb
146
+ - app/views/bundler_audit_issues/ignore.html.erb
147
+ - app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb
148
+ - lib/auditer_script.rb
149
+ - lib/bundler_audit_notifier.rb
150
+ - lib/bundler_audit_notifier/engine.rb
151
+ - lib/generators/bundler_audit_notifier/bundler_audit_notifier_generator.rb
152
+ - lib/generators/bundler_audit_notifier/templates/migration.rb
153
+ homepage:
154
+ licenses: []
155
+ metadata: {}
156
+ post_install_message:
157
+ rdoc_options: []
158
+ require_paths:
159
+ - "{lib, app}"
160
+ required_ruby_version: !ruby/object:Gem::Requirement
161
+ requirements:
162
+ - - ">="
163
+ - !ruby/object:Gem::Version
164
+ version: '0'
165
+ required_rubygems_version: !ruby/object:Gem::Requirement
166
+ requirements:
167
+ - - ">="
168
+ - !ruby/object:Gem::Version
169
+ version: '0'
170
+ requirements: []
171
+ rubygems_version: 3.0.6
172
+ signing_key:
173
+ specification_version: 4
174
+ summary: bundler_audit_notifier is a ruby gem that will automatically scan source
175
+ code for ruby gem vulnerabilities and then email you a list of the vulnerabilities
176
+ test_files: []