bundler_audit_notifier 0.0.10 → 0.3.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/bundler_audit_issues_controller.rb +1 -0
- data/app/mailers/bundler_audit_issues_mailer.rb +4 -0
- data/app/views/bundler_audit_issues_mailer/error_in_running.html.erb +14 -0
- data/app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb +10 -10
- data/lib/bundler_audit_notifier.rb +74 -45
- metadata +16 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a75aaacf80f008270955ed0253b0680fce4634c70659313d1318943fe1d55c31
|
|
4
|
+
data.tar.gz: af882555b7ea25cb50c598b13d9c51378dc381c62deacac902fabf1aee2a42b3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 16ec90b875d4147cb4deffe00e88d95732aa4e552832aca16b0f7c85884ac0a5c6836f6e92ece5b5b28b624f99aeaa4838877f540fe1db888cfd4612de383962
|
|
7
|
+
data.tar.gz: a3b743f89fe2721b37608c7a105ccd6209b8882196227d83880290793e8e8b9d56e9c5ac8c396f1cc3973581603d8ad70a3b9e8eedc281c9dcad50e21d43f847
|
|
@@ -4,6 +4,7 @@ class BundlerAuditIssuesController < ActionController::Base
|
|
|
4
4
|
def ignore
|
|
5
5
|
@bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
|
|
6
6
|
@bundler_audit_issue.ignore = true
|
|
7
|
+
@bundler_audit_issue.token = nil
|
|
7
8
|
if @bundler_audit_issue.save!
|
|
8
9
|
render :ignore
|
|
9
10
|
end
|
|
@@ -8,4 +8,8 @@ class BundlerAuditIssuesMailer < ActionMailer::Base
|
|
|
8
8
|
@vulnerabilities = vulnerabilities
|
|
9
9
|
mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Results')
|
|
10
10
|
end
|
|
11
|
+
def error_in_running errors, opts = {}
|
|
12
|
+
@errors = errors
|
|
13
|
+
mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Errored')
|
|
14
|
+
end
|
|
11
15
|
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html>
|
|
3
|
+
<head>
|
|
4
|
+
<meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
|
|
5
|
+
</head>
|
|
6
|
+
<body>
|
|
7
|
+
<h1>Vulnerabilities: </h1>
|
|
8
|
+
<ul>
|
|
9
|
+
<% @errors.each do |error| %>
|
|
10
|
+
<li> <%= error.to_s.html_safe %></li>
|
|
11
|
+
<% end %>
|
|
12
|
+
</ul>
|
|
13
|
+
</body>
|
|
14
|
+
</html>
|
|
@@ -6,16 +6,16 @@
|
|
|
6
6
|
<body>
|
|
7
7
|
<h1>Vulnerabilities: </h1>
|
|
8
8
|
<% @vulnerabilities.each do |line| %>
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
9
|
+
<ul>
|
|
10
|
+
<li> Name: <%= line[:name].to_s.html_safe %></li>
|
|
11
|
+
<li> Version: <%= line[:version].to_s.html_safe %></li>
|
|
12
|
+
<li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
|
|
13
|
+
<li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
|
|
14
|
+
<li> Url: <%= line[:url].to_s.html_safe %></li>
|
|
15
|
+
<li> Title: <%= line[:title].to_s.html_safe %></li>
|
|
16
|
+
<li> Solution: <%= line[:solution].to_s.html_safe %></li>
|
|
17
|
+
</ul>
|
|
18
|
+
<p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line[:token]) %></p>
|
|
19
19
|
<% end %>
|
|
20
20
|
</body>
|
|
21
21
|
</html>
|
|
@@ -1,66 +1,95 @@
|
|
|
1
1
|
# dependencies
|
|
2
2
|
require "active_support"
|
|
3
|
-
require 'rake'
|
|
4
3
|
require "bundler_audit_notifier/engine"
|
|
5
4
|
|
|
6
5
|
module BundlerAuditNotifier
|
|
7
6
|
def self.audit_parse
|
|
8
7
|
r, w = IO.pipe
|
|
9
|
-
|
|
8
|
+
errors = []
|
|
10
9
|
# Spawn executes specified command and return its pid
|
|
11
10
|
# This line will execute code that runs bundler-audit and then write the output into the IO pipe
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
11
|
+
script_location = "lib/auditer_script.rb"
|
|
12
|
+
if File.exists?("lib/auditer_script.rb")
|
|
13
|
+
# use local file lib
|
|
14
|
+
else
|
|
15
|
+
gem_file_path = (`bundle show bundler_audit_notifier`).strip
|
|
16
|
+
gem_location = (File.join(gem_file_path, 'lib', 'auditer_script.rb'))
|
|
17
|
+
if File.exists?(gem_location)
|
|
18
|
+
script_location = gem_location
|
|
19
|
+
else
|
|
20
|
+
errors << "Error parsing Script file location: Neither #{script_location} nor #{gem_location}"
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
if errors.none?
|
|
24
|
+
pid = spawn(RbConfig.ruby, script_location, :out => w, :err => [:child, :out])
|
|
25
|
+
Process.wait2(pid)
|
|
26
|
+
w.close
|
|
27
|
+
# At this point, the results of the bundler-audit check command are written in the IO pipe
|
|
28
|
+
vulnerabilities = []# load quieries from database
|
|
29
|
+
update_line = r.gets
|
|
30
|
+
# Parsing bundler-audit update results
|
|
31
|
+
if update_line.starts_with?("Updating ruby-advisory-db ...")
|
|
32
|
+
while !update_line.start_with?('ruby-advisory-db:') && !r.eof?
|
|
33
|
+
update_line = r.gets
|
|
34
|
+
end
|
|
35
|
+
else
|
|
36
|
+
errors << "Error parsing DURING UPDATE: #{update_line}"
|
|
37
|
+
end
|
|
38
|
+
while !r.eof?
|
|
39
|
+
# Parsing the bundler-audit results
|
|
40
|
+
name_line = r.gets
|
|
41
|
+
|
|
42
|
+
if name = name_line[/Name: (?<name>.+)/, :name]
|
|
43
|
+
version_line = r.gets
|
|
44
|
+
advisory_line = r.gets
|
|
45
|
+
criticality_line = r.gets
|
|
46
|
+
url_line = r.gets
|
|
47
|
+
title_line = r.gets
|
|
48
|
+
solution_line = r.gets
|
|
49
|
+
space = r.gets
|
|
50
|
+
if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
|
|
51
|
+
version = version_line[/Version: (?<version>.+)/, :version]
|
|
52
|
+
advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
|
|
53
|
+
criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
|
|
54
|
+
url = url_line[/URL: (?<url>.+)/, :url]
|
|
55
|
+
title = title_line[/Title: (?<title>.+)/, :title]
|
|
56
|
+
solution = solution_line[/Solution: (?<solution>.+)/, :solution]
|
|
37
57
|
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
58
|
+
# check for valid data
|
|
59
|
+
# check database table for existing event
|
|
60
|
+
data = {name: name, version: version, advisory: advisory, criticality: criticality, url: url, title: title, solution: solution}
|
|
61
|
+
bai = ::BundlerAuditIssue.find_by_advisory(advisory)
|
|
62
|
+
if bai
|
|
63
|
+
# if event found, touch event
|
|
64
|
+
bai.touch
|
|
65
|
+
# if found event is ignored, remove from vulnerabilites hash
|
|
66
|
+
if !bai.ignore
|
|
67
|
+
vulnerabilities << data.merge({token: bai.token})
|
|
68
|
+
end
|
|
69
|
+
else
|
|
70
|
+
if bai = ::BundlerAuditIssue.create(data)
|
|
71
|
+
vulnerabilities << data.merge({token: bai.token})
|
|
72
|
+
else
|
|
73
|
+
errors << "Error parsing creating new BundlerAuditIssue with the following #{data}"
|
|
74
|
+
end
|
|
47
75
|
end
|
|
48
|
-
else
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
vulnerabilities << bundler_audit_issue
|
|
76
|
+
else
|
|
77
|
+
errors << "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
|
|
52
78
|
end
|
|
79
|
+
elsif name_line.strip == "Vulnerabilities found!"
|
|
80
|
+
# puts "End of output reached!"
|
|
53
81
|
else
|
|
54
|
-
|
|
82
|
+
errors << "Error parsing NAME LINE: #{name_line}"
|
|
55
83
|
end
|
|
56
|
-
elsif name_line.strip == "Vulnerabilities found!"
|
|
57
|
-
puts "End of output reached!"
|
|
58
84
|
end
|
|
59
85
|
end
|
|
60
86
|
# iterate through remaining vulnerabilties and send them in an email if any are remaining
|
|
87
|
+
if errors.present?
|
|
88
|
+
BundlerAuditIssuesMailer.error_in_running(errors).deliver_now
|
|
89
|
+
end
|
|
61
90
|
if vulnerabilities.present?
|
|
62
91
|
BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
|
|
63
92
|
end
|
|
93
|
+
return [vulnerabilities, errors]
|
|
64
94
|
end
|
|
65
|
-
end
|
|
66
|
-
|
|
95
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bundler_audit_notifier
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.12
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marley Stipich
|
|
@@ -38,20 +38,6 @@ dependencies:
|
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: sqlite3
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - ">="
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: '0'
|
|
48
|
-
type: :runtime
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - ">="
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '0'
|
|
55
41
|
- !ruby/object:Gem::Dependency
|
|
56
42
|
name: rails
|
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -148,6 +134,20 @@ dependencies:
|
|
|
148
134
|
- - ">="
|
|
149
135
|
- !ruby/object:Gem::Version
|
|
150
136
|
version: '0'
|
|
137
|
+
- !ruby/object:Gem::Dependency
|
|
138
|
+
name: sqlite3
|
|
139
|
+
requirement: !ruby/object:Gem::Requirement
|
|
140
|
+
requirements:
|
|
141
|
+
- - ">="
|
|
142
|
+
- !ruby/object:Gem::Version
|
|
143
|
+
version: '0'
|
|
144
|
+
type: :development
|
|
145
|
+
prerelease: false
|
|
146
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
147
|
+
requirements:
|
|
148
|
+
- - ">="
|
|
149
|
+
- !ruby/object:Gem::Version
|
|
150
|
+
version: '0'
|
|
151
151
|
description:
|
|
152
152
|
email:
|
|
153
153
|
executables: []
|
|
@@ -158,6 +158,7 @@ files:
|
|
|
158
158
|
- app/mailers/bundler_audit_issues_mailer.rb
|
|
159
159
|
- app/models/bundler_audit_issue.rb
|
|
160
160
|
- app/views/bundler_audit_issues/ignore.html.erb
|
|
161
|
+
- app/views/bundler_audit_issues_mailer/error_in_running.html.erb
|
|
161
162
|
- app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb
|
|
162
163
|
- lib/auditer_script.rb
|
|
163
164
|
- lib/bundler_audit_notifier.rb
|