bundler_audit_notifier 0.0.12 → 0.4.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/bundler_audit_issues_controller.rb +1 -0
  3. data/app/views/bundler_audit_issues_mailer/error_in_running.html.erb +3 -3
  4. data/app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb +10 -10
  5. data/lib/bundler_audit_notifier.rb +29 -33
  6. metadata +15 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3e6f95356cd63ebb74e5a3d6172b773a9e391da5c8dc3cb765945714fa2cc624
4
- data.tar.gz: defa67385cf51d5999ca0fa7c16c8e7b02c610cce63746a006c5f0f5f94239f3
3
+ metadata.gz: '0449e7e92f3b0b34e3b604f97dff37acd92c2d6a7e6d4c99a902d19916fc736f'
4
+ data.tar.gz: 66d03cb80bd5f1591960b02e3c3ed4a5929bb7edc949581226d966e4ae835fa5
5
5
  SHA512:
6
- metadata.gz: 540b2dea155ddfa8b31bd5db773440500c559d1ecce979dd87411a81dcd634d820e2b51d61da7723e9a802755666c69d09236b4fd31714326199149dc8c44935
7
- data.tar.gz: 9807fe798b5faf478f25220348ac3ebe7474b2a1ef478c0eaff44bf727e979067f87d742bdd707b3e6886a5520f909c3f289ede98f0f7a09cf0eea4a1c9f00e7
6
+ metadata.gz: dd4d5e7dcd98085674a872ce13109c331344494bf06240be10d90fbef8d804994aa4949878610362858627f1ebbdcef9011fc6b826db942178042ec25809758f
7
+ data.tar.gz: f45bf1fc0f6e90c022a0c03e69b58c482a101d4bdeeb1151316dc360fcaf68a3ac0dfa714151bbd05b4eafae49562fc82614207004a33f9ff3ec55c702a0df2f
data/app/controllers/bundler_audit_issues_controller.rb CHANGED
@@ -4,6 +4,7 @@ class BundlerAuditIssuesController < ActionController::Base
4
4
  def ignore
5
5
  @bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
6
6
  @bundler_audit_issue.ignore = true
7
+ @bundler_audit_issue.token = nil
7
8
  if @bundler_audit_issue.save!
8
9
  render :ignore
9
10
  end
data/app/views/bundler_audit_issues_mailer/error_in_running.html.erb CHANGED
@@ -6,9 +6,9 @@
6
6
  <body>
7
7
  <h1>Vulnerabilities: </h1>
8
8
  <ul>
9
- <%= @errors.each do |error| %>
10
- <li> <%= line[:error].to_s.html_safe %></li>
9
+ <% @errors.each do |error| %>
10
+ <li> <%= error.to_s.html_safe %></li>
11
11
  <% end %>
12
12
  </ul>
13
13
  </body>
14
- </html>
14
+ </html>
data/app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb CHANGED
@@ -6,16 +6,16 @@
6
6
  <body>
7
7
  <h1>Vulnerabilities: </h1>
8
8
  <% @vulnerabilities.each do |line| %>
9
- <ul>
10
- <li> Name: <%= line[:name].to_s.html_safe %></li>
11
- <li> Version: <%= line[:version].to_s.html_safe %></li>
12
- <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
- <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
- <li> Url: <%= line[:url].to_s.html_safe %></li>
15
- <li> Title: <%= line[:title].to_s.html_safe %></li>
16
- <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
- </ul>
18
- <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line.token) %></p>
9
+ <ul>
10
+ <li> Name: <%= line[:name].to_s.html_safe %></li>
11
+ <li> Version: <%= line[:version].to_s.html_safe %></li>
12
+ <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
+ <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
+ <li> Url: <%= line[:url].to_s.html_safe %></li>
15
+ <li> Title: <%= line[:title].to_s.html_safe %></li>
16
+ <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
+ </ul>
18
+ <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line[:token]) %></p>
19
19
  <% end %>
20
20
  </body>
21
21
  </html>
data/lib/bundler_audit_notifier.rb CHANGED
@@ -1,9 +1,11 @@
1
1
  # dependencies
2
2
  require "active_support"
3
+ require "bundler_audit_notifier/engine"
3
4
 
4
5
  module BundlerAuditNotifier
5
6
  def self.audit_parse
6
7
  r, w = IO.pipe
8
+ errors = []
7
9
  # Spawn executes specified command and return its pid
8
10
  # This line will execute code that runs bundler-audit and then write the output into the IO pipe
9
11
  script_location = "lib/auditer_script.rb"
@@ -12,7 +14,7 @@ module BundlerAuditNotifier
12
14
  else
13
15
  gem_file_path = (`bundle show bundler_audit_notifier`).strip
14
16
  gem_location = (File.join(gem_file_path, 'lib', 'auditer_script.rb'))
15
- if File.exists(gem_location)
17
+ if File.exists?(gem_location)
16
18
  script_location = gem_location
17
19
  else
18
20
  errors << "Error parsing Script file location: Neither #{script_location} nor #{gem_location}"
@@ -22,34 +24,29 @@ module BundlerAuditNotifier
22
24
  pid = spawn(RbConfig.ruby, script_location, :out => w, :err => [:child, :out])
23
25
  Process.wait2(pid)
24
26
  w.close
25
- puts "MADE IT HERE"
26
27
  # At this point, the results of the bundler-audit check command are written in the IO pipe
27
28
  vulnerabilities = []# load quieries from database
28
- errors = []
29
- puts r.inspect
30
- puts r.eof?.inspect
31
- puts "MADE IT HERE 1"
29
+ update_line = r.gets
30
+ # Parsing bundler-audit update results
31
+ if update_line.starts_with?("Updating ruby-advisory-db ...")
32
+ while !update_line.start_with?('ruby-advisory-db:') && !r.eof?
33
+ update_line = r.gets
34
+ end
35
+ else
36
+ errors << "Error parsing DURING UPDATE: #{update_line}"
37
+ end
32
38
  while !r.eof?
33
- puts "MADE IT HERE 2"
39
+ # Parsing the bundler-audit results
34
40
  name_line = r.gets
35
- puts name_line
36
- puts "MADE IT HERE3"
37
41
 
38
42
  if name = name_line[/Name: (?<name>.+)/, :name]
39
43
  version_line = r.gets
40
- puts version_line
41
44
  advisory_line = r.gets
42
- puts advisory_line
43
45
  criticality_line = r.gets
44
- puts criticality_line
45
46
  url_line = r.gets
46
- puts url_line
47
47
  title_line = r.gets
48
- puts title_line
49
48
  solution_line = r.gets
50
- puts solution_line
51
49
  space = r.gets
52
- puts space
53
50
  if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
54
51
  version = version_line[/Version: (?<version>.+)/, :version]
55
52
  advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
@@ -60,39 +57,38 @@ module BundlerAuditNotifier
60
57
 
61
58
  # check for valid data
62
59
  # check database table for existing event
63
- if BundlerAuditIssue.exists?(advisory: advisory)
60
+ data = {name: name, version: version, advisory: advisory, criticality: criticality, url: url, title: title, solution: solution}
61
+ bai = ::BundlerAuditIssue.find_by_advisory(advisory)
62
+ if bai
64
63
  # if event found, touch event
65
- BundlerAuditIssue.where(advisory: advisory).first.touch
64
+ bai.touch
66
65
  # if found event is ignored, remove from vulnerabilites hash
67
- if !BundlerAuditIssue.where(advisory: advisory).first.ignore
68
- vulnerabilities << {:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution}
66
+ if !bai.ignore
67
+ vulnerabilities << data.merge({token: bai.token})
68
+ end
69
+ else
70
+ if bai = ::BundlerAuditIssue.create(data)
71
+ vulnerabilities << data.merge({token: bai.token})
72
+ else
73
+ errors << "Error parsing creating new BundlerAuditIssue with the following #{data}"
69
74
  end
70
- puts "VULNERABILITIES"
71
- puts vulnerabilities.inspect
72
- else
73
- BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
74
-
75
- vulnerabilities << {:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution}
76
- puts vulnerabilities.inspect
77
75
  end
78
76
  else
79
- puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
77
+ errors << "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
80
78
  end
81
79
  elsif name_line.strip == "Vulnerabilities found!"
82
- puts "End of output reached!"
80
+ # puts "End of output reached!"
83
81
  else
84
- puts "ERROR: FOUND ERROR PARSING"
85
- puts name_line.inspect
86
82
  errors << "Error parsing NAME LINE: #{name_line}"
87
83
  end
88
84
  end
89
85
  end
90
86
  # iterate through remaining vulnerabilties and send them in an email if any are remaining
91
87
  if errors.present?
92
- ApplicationMailer.error_in_running(errors).deliver_now
88
+ BundlerAuditIssuesMailer.error_in_running(errors).deliver_now
93
89
  end
94
90
  if vulnerabilities.present?
95
- ApplicationMailer.vulnerability_email(vulnerabilities).deliver_now
91
+ BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
96
92
  end
97
93
  return [vulnerabilities, errors]
98
94
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler_audit_notifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.12
4
+ version: 0.4.13
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marley Stipich
@@ -38,6 +38,20 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler-audit
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
41
55
  - !ruby/object:Gem::Dependency
42
56
  name: rails
43
57
  requirement: !ruby/object:Gem::Requirement