bundler_audit_notifier 0.0.11 → 0.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8824f8dc78d31f52f2067355a468651f905312d8dde249c503408b3e7314e2d4
4
- data.tar.gz: d4ac54af68ffbab771b7203d814c323f0697b58d8d092acc653f9625a3538055
3
+ metadata.gz: 3e6f95356cd63ebb74e5a3d6172b773a9e391da5c8dc3cb765945714fa2cc624
4
+ data.tar.gz: defa67385cf51d5999ca0fa7c16c8e7b02c610cce63746a006c5f0f5f94239f3
5
5
  SHA512:
6
- metadata.gz: 0d7a275d972a7ee96aebe564f4432d1e8aed27d7a5a70c9e3508b632f0179c7456bbed0de694b275c62473e5b0e1e04dac124af6faacdb71840c2f19cdcbbd41
7
- data.tar.gz: e05db70c969a51a956ce39453e6686cf1ca291dc3da729ba1feec5fb5c57ceef7663545122806e2014d88ef6997e8ef4961695a5b863d85166b824d72ca93b7b
6
+ metadata.gz: 540b2dea155ddfa8b31bd5db773440500c559d1ecce979dd87411a81dcd634d820e2b51d61da7723e9a802755666c69d09236b4fd31714326199149dc8c44935
7
+ data.tar.gz: 9807fe798b5faf478f25220348ac3ebe7474b2a1ef478c0eaff44bf727e979067f87d742bdd707b3e6886a5520f909c3f289ede98f0f7a09cf0eea4a1c9f00e7
@@ -8,4 +8,8 @@ class BundlerAuditIssuesMailer < ActionMailer::Base
8
8
  @vulnerabilities = vulnerabilities
9
9
  mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Results')
10
10
  end
11
+ def error_in_running errors, opts = {}
12
+ @errors = errors
13
+ mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Errored')
14
+ end
11
15
  end
@@ -0,0 +1,14 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
5
+ </head>
6
+ <body>
7
+ <h1>Vulnerabilities: </h1>
8
+ <ul>
9
+ <%= @errors.each do |error| %>
10
+ <li> <%= line[:error].to_s.html_safe %></li>
11
+ <% end %>
12
+ </ul>
13
+ </body>
14
+ </html>
@@ -1,66 +1,99 @@
1
1
  # dependencies
2
2
  require "active_support"
3
- require 'rake'
4
- require "bundler_audit_notifier/engine"
5
3
 
6
4
  module BundlerAuditNotifier
7
5
  def self.audit_parse
8
6
  r, w = IO.pipe
9
- audit_script_file = File.join(File.dirname(__FILE__), 'auditer_script.rb')
10
7
  # Spawn executes specified command and return its pid
11
8
  # This line will execute code that runs bundler-audit and then write the output into the IO pipe
12
- # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
13
- pid = spawn(RbConfig.ruby, audit_script_file, :out => w, :err => [:child, :out])
9
+ script_location = "lib/auditer_script.rb"
10
+ if File.exists?("lib/auditer_script.rb")
11
+ # use local file lib
12
+ else
13
+ gem_file_path = (`bundle show bundler_audit_notifier`).strip
14
+ gem_location = (File.join(gem_file_path, 'lib', 'auditer_script.rb'))
15
+ if File.exists(gem_location)
16
+ script_location = gem_location
17
+ else
18
+ errors << "Error parsing Script file location: Neither #{script_location} nor #{gem_location}"
19
+ end
20
+ end
21
+ if errors.none?
22
+ pid = spawn(RbConfig.ruby, script_location, :out => w, :err => [:child, :out])
23
+ Process.wait2(pid)
24
+ w.close
25
+ puts "MADE IT HERE"
26
+ # At this point, the results of the bundler-audit check command are written in the IO pipe
27
+ vulnerabilities = []# load quieries from database
28
+ errors = []
29
+ puts r.inspect
30
+ puts r.eof?.inspect
31
+ puts "MADE IT HERE 1"
32
+ while !r.eof?
33
+ puts "MADE IT HERE 2"
34
+ name_line = r.gets
35
+ puts name_line
36
+ puts "MADE IT HERE3"
37
+
38
+ if name = name_line[/Name: (?<name>.+)/, :name]
39
+ version_line = r.gets
40
+ puts version_line
41
+ advisory_line = r.gets
42
+ puts advisory_line
43
+ criticality_line = r.gets
44
+ puts criticality_line
45
+ url_line = r.gets
46
+ puts url_line
47
+ title_line = r.gets
48
+ puts title_line
49
+ solution_line = r.gets
50
+ puts solution_line
51
+ space = r.gets
52
+ puts space
53
+ if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
54
+ version = version_line[/Version: (?<version>.+)/, :version]
55
+ advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
56
+ criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
57
+ url = url_line[/URL: (?<url>.+)/, :url]
58
+ title = title_line[/Title: (?<title>.+)/, :title]
59
+ solution = solution_line[/Solution: (?<solution>.+)/, :solution]
14
60
 
15
- Process.wait2(pid)
16
- w.close
17
- # At this point, the results of the bundler-audit check command are written in the IO pipe
18
- vulnerabilities = []# load quieries from database
19
- while !r.eof?
20
- name_line = r.gets
21
-
22
- if name = name_line[/Name: (?<name>.+)/, :name]
23
- version_line = r.gets
24
- advisory_line = r.gets
25
- criticality_line = r.gets
26
- url_line = r.gets
27
- title_line = r.gets
28
- solution_line = r.gets
29
- space = r.gets
30
- if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
31
- version = version_line[/Version: (?<version>.+)/, :version]
32
- advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
33
- criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
34
- url = url_line[/URL: (?<url>.+)/, :url]
35
- title = title_line[/Title: (?<title>.+)/, :title]
36
- solution = solution_line[/Solution: (?<solution>.+)/, :solution]
61
+ # check for valid data
62
+ # check database table for existing event
63
+ if BundlerAuditIssue.exists?(advisory: advisory)
64
+ # if event found, touch event
65
+ BundlerAuditIssue.where(advisory: advisory).first.touch
66
+ # if found event is ignored, remove from vulnerabilites hash
67
+ if !BundlerAuditIssue.where(advisory: advisory).first.ignore
68
+ vulnerabilities << {:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution}
69
+ end
70
+ puts "VULNERABILITIES"
71
+ puts vulnerabilities.inspect
72
+ else
73
+ BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
37
74
 
38
- # check for valid data
39
- # check database table for existing event
40
- if BundlerAuditIssue.exists?(advisory: advisory)
41
- bundler_audit_issue = BundlerAuditIssue.where(advisory: advisory).first
42
- # if event found, touch event
43
- bundler_audit_issue.touch
44
- # add event to vulnerabilities array if it was not marked ignored
45
- if !bundler_audit_issue.ignore
46
- vulnerabilities << bundler_audit_issue
75
+ vulnerabilities << {:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution}
76
+ puts vulnerabilities.inspect
47
77
  end
48
- else
49
- bundler_audit_issue = BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
50
-
51
- vulnerabilities << bundler_audit_issue
78
+ else
79
+ puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
52
80
  end
81
+ elsif name_line.strip == "Vulnerabilities found!"
82
+ puts "End of output reached!"
53
83
  else
54
- puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
84
+ puts "ERROR: FOUND ERROR PARSING"
85
+ puts name_line.inspect
86
+ errors << "Error parsing NAME LINE: #{name_line}"
55
87
  end
56
- elsif name_line.strip == "Vulnerabilities found!"
57
- puts "End of output reached!"
58
88
  end
59
89
  end
60
90
  # iterate through remaining vulnerabilties and send them in an email if any are remaining
91
+ if errors.present?
92
+ ApplicationMailer.error_in_running(errors).deliver_now
93
+ end
61
94
  if vulnerabilities.present?
62
- BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
95
+ ApplicationMailer.vulnerability_email(vulnerabilities).deliver_now
63
96
  end
97
+ return [vulnerabilities, errors]
64
98
  end
65
- end
66
-
99
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler_audit_notifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.11
4
+ version: 0.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marley Stipich
@@ -158,6 +158,7 @@ files:
158
158
  - app/mailers/bundler_audit_issues_mailer.rb
159
159
  - app/models/bundler_audit_issue.rb
160
160
  - app/views/bundler_audit_issues/ignore.html.erb
161
+ - app/views/bundler_audit_issues_mailer/error_in_running.html.erb
161
162
  - app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb
162
163
  - lib/auditer_script.rb
163
164
  - lib/bundler_audit_notifier.rb