bundler_audit_notifier 0.0.11 → 0.4.12

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8824f8dc78d31f52f2067355a468651f905312d8dde249c503408b3e7314e2d4
4
- data.tar.gz: d4ac54af68ffbab771b7203d814c323f0697b58d8d092acc653f9625a3538055
3
+ metadata.gz: 4e1dcc3fc0364a99337a98f705eb0e93d22de9c0bbd43178e78ae740a4dd4572
4
+ data.tar.gz: 551fe8ad8701232ecb1e498b6a021fe0d93ec25f507fbd7464061323d13a62b3
5
5
  SHA512:
6
- metadata.gz: 0d7a275d972a7ee96aebe564f4432d1e8aed27d7a5a70c9e3508b632f0179c7456bbed0de694b275c62473e5b0e1e04dac124af6faacdb71840c2f19cdcbbd41
7
- data.tar.gz: e05db70c969a51a956ce39453e6686cf1ca291dc3da729ba1feec5fb5c57ceef7663545122806e2014d88ef6997e8ef4961695a5b863d85166b824d72ca93b7b
6
+ metadata.gz: 4fba360c42dd967d2565ac37f313d9dc1fb0d5bdd2758a5bde881770bd51a890f39c4ac44cf7ea805a364c83b19618fcce3d5f46482b524f04694162bc665a09
7
+ data.tar.gz: 77b073bc258cc21a9cfcdfb4ef43a11a2786ae3901fcc652f6b9468606b467856ddfda5643baf7d5b9c9282ccf32c882c3712e9ce52a48e9396e875c87c5267b
@@ -4,6 +4,7 @@ class BundlerAuditIssuesController < ActionController::Base
4
4
  def ignore
5
5
  @bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
6
6
  @bundler_audit_issue.ignore = true
7
+ @bundler_audit_issue.token = nil
7
8
  if @bundler_audit_issue.save!
8
9
  render :ignore
9
10
  end
@@ -8,4 +8,8 @@ class BundlerAuditIssuesMailer < ActionMailer::Base
8
8
  @vulnerabilities = vulnerabilities
9
9
  mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Results')
10
10
  end
11
+ def error_in_running errors, opts = {}
12
+ @errors = errors
13
+ mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Errored')
14
+ end
11
15
  end
@@ -0,0 +1,14 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
5
+ </head>
6
+ <body>
7
+ <h1>Vulnerabilities: </h1>
8
+ <ul>
9
+ <% @errors.each do |error| %>
10
+ <li> <%= error.to_s.html_safe %></li>
11
+ <% end %>
12
+ </ul>
13
+ </body>
14
+ </html>
@@ -6,16 +6,16 @@
6
6
  <body>
7
7
  <h1>Vulnerabilities: </h1>
8
8
  <% @vulnerabilities.each do |line| %>
9
- <ul>
10
- <li> Name: <%= line[:name].to_s.html_safe %></li>
11
- <li> Version: <%= line[:version].to_s.html_safe %></li>
12
- <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
- <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
- <li> Url: <%= line[:url].to_s.html_safe %></li>
15
- <li> Title: <%= line[:title].to_s.html_safe %></li>
16
- <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
- </ul>
18
- <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line.token) %></p>
9
+ <ul>
10
+ <li> Name: <%= line[:name].to_s.html_safe %></li>
11
+ <li> Version: <%= line[:version].to_s.html_safe %></li>
12
+ <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
+ <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
+ <li> Url: <%= line[:url].to_s.html_safe %></li>
15
+ <li> Title: <%= line[:title].to_s.html_safe %></li>
16
+ <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
+ </ul>
18
+ <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line[:token]) %></p>
19
19
  <% end %>
20
20
  </body>
21
21
  </html>
@@ -1,66 +1,95 @@
1
1
  # dependencies
2
2
  require "active_support"
3
- require 'rake'
4
3
  require "bundler_audit_notifier/engine"
5
4
 
6
5
  module BundlerAuditNotifier
7
6
  def self.audit_parse
8
7
  r, w = IO.pipe
9
- audit_script_file = File.join(File.dirname(__FILE__), 'auditer_script.rb')
8
+ errors = []
10
9
  # Spawn executes specified command and return its pid
11
10
  # This line will execute code that runs bundler-audit and then write the output into the IO pipe
12
- # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
13
- pid = spawn(RbConfig.ruby, audit_script_file, :out => w, :err => [:child, :out])
14
-
15
- Process.wait2(pid)
16
- w.close
17
- # At this point, the results of the bundler-audit check command are written in the IO pipe
18
- vulnerabilities = []# load quieries from database
19
- while !r.eof?
20
- name_line = r.gets
21
-
22
- if name = name_line[/Name: (?<name>.+)/, :name]
23
- version_line = r.gets
24
- advisory_line = r.gets
25
- criticality_line = r.gets
26
- url_line = r.gets
27
- title_line = r.gets
28
- solution_line = r.gets
29
- space = r.gets
30
- if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
31
- version = version_line[/Version: (?<version>.+)/, :version]
32
- advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
33
- criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
34
- url = url_line[/URL: (?<url>.+)/, :url]
35
- title = title_line[/Title: (?<title>.+)/, :title]
36
- solution = solution_line[/Solution: (?<solution>.+)/, :solution]
11
+ script_location = "lib/auditer_script.rb"
12
+ if File.exists?("lib/auditer_script.rb")
13
+ # use local file lib
14
+ else
15
+ gem_file_path = (`bundle show bundler_audit_notifier`).strip
16
+ gem_location = (File.join(gem_file_path, 'lib', 'auditer_script.rb'))
17
+ if File.exists?(gem_location)
18
+ script_location = gem_location
19
+ else
20
+ errors << "Error parsing Script file location: Neither #{script_location} nor #{gem_location}"
21
+ end
22
+ end
23
+ if errors.none?
24
+ pid = spawn(RbConfig.ruby, script_location, :out => w, :err => [:child, :out])
25
+ Process.wait2(pid)
26
+ w.close
27
+ # At this point, the results of the bundler-audit check command are written in the IO pipe
28
+ vulnerabilities = []# load quieries from database
29
+ update_line = r.gets
30
+ # Parsing bundler-audit update results
31
+ if update_line.starts_with?("Updating ruby-advisory-db ...")
32
+ while !update_line.start_with?('ruby-advisory-db:') && !r.eof?
33
+ update_line = r.gets
34
+ end
35
+ else
36
+ errors << "Error parsing DURING UPDATE: #{update_line}"
37
+ end
38
+ while !r.eof?
39
+ # Parsing the bundler-audit results
40
+ name_line = r.gets
41
+
42
+ if name = name_line[/Name: (?<name>.+)/, :name]
43
+ version_line = r.gets
44
+ advisory_line = r.gets
45
+ criticality_line = r.gets
46
+ url_line = r.gets
47
+ title_line = r.gets
48
+ solution_line = r.gets
49
+ space = r.gets
50
+ if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
51
+ version = version_line[/Version: (?<version>.+)/, :version]
52
+ advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
53
+ criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
54
+ url = url_line[/URL: (?<url>.+)/, :url]
55
+ title = title_line[/Title: (?<title>.+)/, :title]
56
+ solution = solution_line[/Solution: (?<solution>.+)/, :solution]
37
57
 
38
- # check for valid data
39
- # check database table for existing event
40
- if BundlerAuditIssue.exists?(advisory: advisory)
41
- bundler_audit_issue = BundlerAuditIssue.where(advisory: advisory).first
42
- # if event found, touch event
43
- bundler_audit_issue.touch
44
- # add event to vulnerabilities array if it was not marked ignored
45
- if !bundler_audit_issue.ignore
46
- vulnerabilities << bundler_audit_issue
58
+ # check for valid data
59
+ # check database table for existing event
60
+ data = {name: name, version: version, advisory: advisory, criticality: criticality, url: url, title: title, solution: solution}
61
+ bai = ::BundlerAuditIssue.find_by_advisory(advisory)
62
+ if bai
63
+ # if event found, touch event
64
+ bai.touch
65
+ # if found event is ignored, remove from vulnerabilites hash
66
+ if !bai.ignore
67
+ vulnerabilities << data.merge({token: bai.token})
68
+ end
69
+ else
70
+ if bai = ::BundlerAuditIssue.create(data)
71
+ vulnerabilities << data.merge({token: bai.token})
72
+ else
73
+ errors << "Error parsing creating new BundlerAuditIssue with the following #{data}"
74
+ end
47
75
  end
48
- else
49
- bundler_audit_issue = BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
50
-
51
- vulnerabilities << bundler_audit_issue
76
+ else
77
+ errors << "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
52
78
  end
79
+ elsif name_line.strip == "Vulnerabilities found!"
80
+ # puts "End of output reached!"
53
81
  else
54
- puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
82
+ errors << "Error parsing NAME LINE: #{name_line}"
55
83
  end
56
- elsif name_line.strip == "Vulnerabilities found!"
57
- puts "End of output reached!"
58
84
  end
59
85
  end
60
86
  # iterate through remaining vulnerabilties and send them in an email if any are remaining
87
+ if errors.present?
88
+ BundlerAuditIssuesMailer.error_in_running(errors).deliver_now
89
+ end
61
90
  if vulnerabilities.present?
62
91
  BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
63
92
  end
93
+ return [vulnerabilities, errors]
64
94
  end
65
- end
66
-
95
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler_audit_notifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.11
4
+ version: 0.4.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marley Stipich
@@ -38,6 +38,20 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler-audit
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
41
55
  - !ruby/object:Gem::Dependency
42
56
  name: rails
43
57
  requirement: !ruby/object:Gem::Requirement
@@ -158,6 +172,7 @@ files:
158
172
  - app/mailers/bundler_audit_issues_mailer.rb
159
173
  - app/models/bundler_audit_issue.rb
160
174
  - app/views/bundler_audit_issues/ignore.html.erb
175
+ - app/views/bundler_audit_issues_mailer/error_in_running.html.erb
161
176
  - app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb
162
177
  - lib/auditer_script.rb
163
178
  - lib/bundler_audit_notifier.rb