bundler_audit_notifier 0.0.12 → 0.1.12
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a83e35d3a799a6b5d82900e74a6c106347a25d51d1ddd947a2f28667558a0aec
|
|
4
|
+
data.tar.gz: 0c502972dc8b59643992e28313bf0683189d6bd61a43e7ce9b372b337ce1ad83
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c591a94bbf430312f1a2ed561d83066d82f0d9005f72431645255bb57e3f29d8ed42547dd0387f3c1b151152d8a6d97a6f46764e0e6181b1b984b69ade5de9e3
|
|
7
|
+
data.tar.gz: 76efc070abe43f3e0ad144687df4e5ba80bf8b0f9e0eacd356798e070b06cf3b0e1890dcd51b7bb1eef934d6259e612170a956ef5bf19d27958cd0e008fe55e2
|
|
@@ -4,6 +4,7 @@ class BundlerAuditIssuesController < ActionController::Base
|
|
|
4
4
|
def ignore
|
|
5
5
|
@bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
|
|
6
6
|
@bundler_audit_issue.ignore = true
|
|
7
|
+
@bundler_audit_issue.token = nil
|
|
7
8
|
if @bundler_audit_issue.save!
|
|
8
9
|
render :ignore
|
|
9
10
|
end
|
|
@@ -6,16 +6,16 @@
|
|
|
6
6
|
<body>
|
|
7
7
|
<h1>Vulnerabilities: </h1>
|
|
8
8
|
<% @vulnerabilities.each do |line| %>
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
9
|
+
<ul>
|
|
10
|
+
<li> Name: <%= line[:name].to_s.html_safe %></li>
|
|
11
|
+
<li> Version: <%= line[:version].to_s.html_safe %></li>
|
|
12
|
+
<li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
|
|
13
|
+
<li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
|
|
14
|
+
<li> Url: <%= line[:url].to_s.html_safe %></li>
|
|
15
|
+
<li> Title: <%= line[:title].to_s.html_safe %></li>
|
|
16
|
+
<li> Solution: <%= line[:solution].to_s.html_safe %></li>
|
|
17
|
+
</ul>
|
|
18
|
+
<p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line[:token]) %></p>
|
|
19
19
|
<% end %>
|
|
20
20
|
</body>
|
|
21
21
|
</html>
|
|
@@ -4,6 +4,7 @@ require "active_support"
|
|
|
4
4
|
module BundlerAuditNotifier
|
|
5
5
|
def self.audit_parse
|
|
6
6
|
r, w = IO.pipe
|
|
7
|
+
errors = []
|
|
7
8
|
# Spawn executes specified command and return its pid
|
|
8
9
|
# This line will execute code that runs bundler-audit and then write the output into the IO pipe
|
|
9
10
|
script_location = "lib/auditer_script.rb"
|
|
@@ -12,7 +13,7 @@ module BundlerAuditNotifier
|
|
|
12
13
|
else
|
|
13
14
|
gem_file_path = (`bundle show bundler_audit_notifier`).strip
|
|
14
15
|
gem_location = (File.join(gem_file_path, 'lib', 'auditer_script.rb'))
|
|
15
|
-
if File.exists(gem_location)
|
|
16
|
+
if File.exists?(gem_location)
|
|
16
17
|
script_location = gem_location
|
|
17
18
|
else
|
|
18
19
|
errors << "Error parsing Script file location: Neither #{script_location} nor #{gem_location}"
|
|
@@ -22,34 +23,29 @@ module BundlerAuditNotifier
|
|
|
22
23
|
pid = spawn(RbConfig.ruby, script_location, :out => w, :err => [:child, :out])
|
|
23
24
|
Process.wait2(pid)
|
|
24
25
|
w.close
|
|
25
|
-
puts "MADE IT HERE"
|
|
26
26
|
# At this point, the results of the bundler-audit check command are written in the IO pipe
|
|
27
27
|
vulnerabilities = []# load quieries from database
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
28
|
+
update_line = r.gets
|
|
29
|
+
# Parsing bundler-audit update results
|
|
30
|
+
if update_line.starts_with?("Updating ruby-advisory-db ...")
|
|
31
|
+
while !update_line.start_with?('ruby-advisory-db:') && !r.eof?
|
|
32
|
+
update_line = r.gets
|
|
33
|
+
end
|
|
34
|
+
else
|
|
35
|
+
errors << "Error parsing DURING UPDATE: #{update_line}"
|
|
36
|
+
end
|
|
32
37
|
while !r.eof?
|
|
33
|
-
|
|
38
|
+
# Parsing the bundler-audit results
|
|
34
39
|
name_line = r.gets
|
|
35
|
-
puts name_line
|
|
36
|
-
puts "MADE IT HERE3"
|
|
37
40
|
|
|
38
41
|
if name = name_line[/Name: (?<name>.+)/, :name]
|
|
39
42
|
version_line = r.gets
|
|
40
|
-
puts version_line
|
|
41
43
|
advisory_line = r.gets
|
|
42
|
-
puts advisory_line
|
|
43
44
|
criticality_line = r.gets
|
|
44
|
-
puts criticality_line
|
|
45
45
|
url_line = r.gets
|
|
46
|
-
puts url_line
|
|
47
46
|
title_line = r.gets
|
|
48
|
-
puts title_line
|
|
49
47
|
solution_line = r.gets
|
|
50
|
-
puts solution_line
|
|
51
48
|
space = r.gets
|
|
52
|
-
puts space
|
|
53
49
|
if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
|
|
54
50
|
version = version_line[/Version: (?<version>.+)/, :version]
|
|
55
51
|
advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
|
|
@@ -60,39 +56,38 @@ module BundlerAuditNotifier
|
|
|
60
56
|
|
|
61
57
|
# check for valid data
|
|
62
58
|
# check database table for existing event
|
|
63
|
-
|
|
59
|
+
data = {name: name, version: version, advisory: advisory, criticality: criticality, url: url, title: title, solution: solution}
|
|
60
|
+
bai = BundlerAuditIssue.find_by_advisory(advisory)
|
|
61
|
+
if bai
|
|
64
62
|
# if event found, touch event
|
|
65
|
-
|
|
63
|
+
bai.touch
|
|
66
64
|
# if found event is ignored, remove from vulnerabilites hash
|
|
67
|
-
if !
|
|
68
|
-
vulnerabilities << {:
|
|
65
|
+
if !bai.ignore
|
|
66
|
+
vulnerabilities << data.merge({token: bai.token})
|
|
67
|
+
end
|
|
68
|
+
else
|
|
69
|
+
if bai = BundlerAuditIssue.create(data)
|
|
70
|
+
vulnerabilities << data.merge({token: bai.token})
|
|
71
|
+
else
|
|
72
|
+
errors << "Error parsing creating new BundlerAuditIssue with the following #{data}"
|
|
69
73
|
end
|
|
70
|
-
puts "VULNERABILITIES"
|
|
71
|
-
puts vulnerabilities.inspect
|
|
72
|
-
else
|
|
73
|
-
BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
|
|
74
|
-
|
|
75
|
-
vulnerabilities << {:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution}
|
|
76
|
-
puts vulnerabilities.inspect
|
|
77
74
|
end
|
|
78
75
|
else
|
|
79
|
-
|
|
76
|
+
errors << "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
|
|
80
77
|
end
|
|
81
78
|
elsif name_line.strip == "Vulnerabilities found!"
|
|
82
|
-
puts "End of output reached!"
|
|
79
|
+
# puts "End of output reached!"
|
|
83
80
|
else
|
|
84
|
-
puts "ERROR: FOUND ERROR PARSING"
|
|
85
|
-
puts name_line.inspect
|
|
86
81
|
errors << "Error parsing NAME LINE: #{name_line}"
|
|
87
82
|
end
|
|
88
83
|
end
|
|
89
84
|
end
|
|
90
85
|
# iterate through remaining vulnerabilties and send them in an email if any are remaining
|
|
91
86
|
if errors.present?
|
|
92
|
-
|
|
87
|
+
BundlerAuditIssuesMailer.error_in_running(errors).deliver_now
|
|
93
88
|
end
|
|
94
89
|
if vulnerabilities.present?
|
|
95
|
-
|
|
90
|
+
BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
|
|
96
91
|
end
|
|
97
92
|
return [vulnerabilities, errors]
|
|
98
93
|
end
|