bundler_audit_notifier 0.0.12 → 0.4.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/bundler_audit_issues_controller.rb +1 -0
  3. data/app/views/bundler_audit_issues_mailer/error_in_running.html.erb +3 -3
  4. data/app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb +10 -10
  5. data/lib/bundler_audit_notifier.rb +29 -33
  6. metadata +15 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3e6f95356cd63ebb74e5a3d6172b773a9e391da5c8dc3cb765945714fa2cc624
4
- data.tar.gz: defa67385cf51d5999ca0fa7c16c8e7b02c610cce63746a006c5f0f5f94239f3
3
+ metadata.gz: '0449e7e92f3b0b34e3b604f97dff37acd92c2d6a7e6d4c99a902d19916fc736f'
4
+ data.tar.gz: 66d03cb80bd5f1591960b02e3c3ed4a5929bb7edc949581226d966e4ae835fa5
5
5
  SHA512:
6
- metadata.gz: 540b2dea155ddfa8b31bd5db773440500c559d1ecce979dd87411a81dcd634d820e2b51d61da7723e9a802755666c69d09236b4fd31714326199149dc8c44935
7
- data.tar.gz: 9807fe798b5faf478f25220348ac3ebe7474b2a1ef478c0eaff44bf727e979067f87d742bdd707b3e6886a5520f909c3f289ede98f0f7a09cf0eea4a1c9f00e7
6
+ metadata.gz: dd4d5e7dcd98085674a872ce13109c331344494bf06240be10d90fbef8d804994aa4949878610362858627f1ebbdcef9011fc6b826db942178042ec25809758f
7
+ data.tar.gz: f45bf1fc0f6e90c022a0c03e69b58c482a101d4bdeeb1151316dc360fcaf68a3ac0dfa714151bbd05b4eafae49562fc82614207004a33f9ff3ec55c702a0df2f
data/app/controllers/bundler_audit_issues_controller.rb CHANGED
@@ -4,6 +4,7 @@ class BundlerAuditIssuesController < ActionController::Base
4
4
  def ignore
5
5
  @bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
6
6
  @bundler_audit_issue.ignore = true
7
+ @bundler_audit_issue.token = nil
7
8
  if @bundler_audit_issue.save!
8
9
  render :ignore
9
10
  end
data/app/views/bundler_audit_issues_mailer/error_in_running.html.erb CHANGED
@@ -6,9 +6,9 @@
6
6
  <body>
7
7
  <h1>Vulnerabilities: </h1>
8
8
  <ul>
9
- <%= @errors.each do |error| %>
10
- <li> <%= line[:error].to_s.html_safe %></li>
9
+ <% @errors.each do |error| %>
10
+ <li> <%= error.to_s.html_safe %></li>
11
11
  <% end %>
12
12
  </ul>
13
13
  </body>
14
- </html>
14
+ </html>
data/app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb CHANGED
@@ -6,16 +6,16 @@
6
6
  <body>
7
7
  <h1>Vulnerabilities: </h1>
8
8
  <% @vulnerabilities.each do |line| %>
9
- <ul>
10
- <li> Name: <%= line[:name].to_s.html_safe %></li>
11
- <li> Version: <%= line[:version].to_s.html_safe %></li>
12
- <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
- <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
- <li> Url: <%= line[:url].to_s.html_safe %></li>
15
- <li> Title: <%= line[:title].to_s.html_safe %></li>
16
- <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
- </ul>
18
- <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line.token) %></p>
9
+ <ul>
10
+ <li> Name: <%= line[:name].to_s.html_safe %></li>
11
+ <li> Version: <%= line[:version].to_s.html_safe %></li>
12
+ <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
+ <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
+ <li> Url: <%= line[:url].to_s.html_safe %></li>
15
+ <li> Title: <%= line[:title].to_s.html_safe %></li>
16
+ <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
+ </ul>
18
+ <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line[:token]) %></p>
19
19
  <% end %>
20
20
  </body>
21
21
  </html>
data/lib/bundler_audit_notifier.rb CHANGED
@@ -1,9 +1,11 @@
1
1
  # dependencies
2
2
  require "active_support"
3
+ require "bundler_audit_notifier/engine"
3
4
 
4
5
  module BundlerAuditNotifier
5
6
  def self.audit_parse
6
7
  r, w = IO.pipe
8
+ errors = []
7
9
  # Spawn executes specified command and return its pid
8
10
  # This line will execute code that runs bundler-audit and then write the output into the IO pipe
9
11
  script_location = "lib/auditer_script.rb"
@@ -12,7 +14,7 @@ module BundlerAuditNotifier
12
14
  else
13
15
  gem_file_path = (`bundle show bundler_audit_notifier`).strip
14
16
  gem_location = (File.join(gem_file_path, 'lib', 'auditer_script.rb'))
15
- if File.exists(gem_location)
17
+ if File.exists?(gem_location)
16
18
  script_location = gem_location
17
19
  else
18
20
  errors << "Error parsing Script file location: Neither #{script_location} nor #{gem_location}"
@@ -22,34 +24,29 @@ module BundlerAuditNotifier
22
24
  pid = spawn(RbConfig.ruby, script_location, :out => w, :err => [:child, :out])
23
25
  Process.wait2(pid)
24
26
  w.close
25
- puts "MADE IT HERE"
26
27
  # At this point, the results of the bundler-audit check command are written in the IO pipe
27
28
  vulnerabilities = []# load quieries from database
28
- errors = []
29
- puts r.inspect
30
- puts r.eof?.inspect
31
- puts "MADE IT HERE 1"
29
+ update_line = r.gets
30
+ # Parsing bundler-audit update results
31
+ if update_line.starts_with?("Updating ruby-advisory-db ...")
32
+ while !update_line.start_with?('ruby-advisory-db:') && !r.eof?
33
+ update_line = r.gets
34
+ end
35
+ else
36
+ errors << "Error parsing DURING UPDATE: #{update_line}"
37
+ end
32
38
  while !r.eof?
33
- puts "MADE IT HERE 2"
39
+ # Parsing the bundler-audit results
34
40
  name_line = r.gets
35
- puts name_line
36
- puts "MADE IT HERE3"
37
41
 
38
42
  if name = name_line[/Name: (?<name>.+)/, :name]
39
43
  version_line = r.gets
40
- puts version_line
41
44
  advisory_line = r.gets
42
- puts advisory_line
43
45
  criticality_line = r.gets
44
- puts criticality_line
45
46
  url_line = r.gets
46
- puts url_line
47
47
  title_line = r.gets
48
- puts title_line
49
48
  solution_line = r.gets
50
- puts solution_line
51
49
  space = r.gets
52
- puts space
53
50
  if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
54
51
  version = version_line[/Version: (?<version>.+)/, :version]
55
52
  advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
@@ -60,39 +57,38 @@ module BundlerAuditNotifier
60
57
 
61
58
  # check for valid data
62
59
  # check database table for existing event
63
- if BundlerAuditIssue.exists?(advisory: advisory)
60
+ data = {name: name, version: version, advisory: advisory, criticality: criticality, url: url, title: title, solution: solution}
61
+ bai = ::BundlerAuditIssue.find_by_advisory(advisory)
62
+ if bai
64
63
  # if event found, touch event
65
- BundlerAuditIssue.where(advisory: advisory).first.touch
64
+ bai.touch
66
65
  # if found event is ignored, remove from vulnerabilites hash
67
- if !BundlerAuditIssue.where(advisory: advisory).first.ignore
68
- vulnerabilities << {:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution}
66
+ if !bai.ignore
67
+ vulnerabilities << data.merge({token: bai.token})
68
+ end
69
+ else
70
+ if bai = ::BundlerAuditIssue.create(data)
71
+ vulnerabilities << data.merge({token: bai.token})
72
+ else
73
+ errors << "Error parsing creating new BundlerAuditIssue with the following #{data}"
69
74
  end
70
- puts "VULNERABILITIES"
71
- puts vulnerabilities.inspect
72
- else
73
- BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
74
-
75
- vulnerabilities << {:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution}
76
- puts vulnerabilities.inspect
77
75
  end
78
76
  else
79
- puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
77
+ errors << "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
80
78
  end
81
79
  elsif name_line.strip == "Vulnerabilities found!"
82
- puts "End of output reached!"
80
+ # puts "End of output reached!"
83
81
  else
84
- puts "ERROR: FOUND ERROR PARSING"
85
- puts name_line.inspect
86
82
  errors << "Error parsing NAME LINE: #{name_line}"
87
83
  end
88
84
  end
89
85
  end
90
86
  # iterate through remaining vulnerabilties and send them in an email if any are remaining
91
87
  if errors.present?
92
- ApplicationMailer.error_in_running(errors).deliver_now
88
+ BundlerAuditIssuesMailer.error_in_running(errors).deliver_now
93
89
  end
94
90
  if vulnerabilities.present?
95
- ApplicationMailer.vulnerability_email(vulnerabilities).deliver_now
91
+ BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
96
92
  end
97
93
  return [vulnerabilities, errors]
98
94
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler_audit_notifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.12
4
+ version: 0.4.13
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marley Stipich
@@ -38,6 +38,20 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler-audit
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
41
55
  - !ruby/object:Gem::Dependency
42
56
  name: rails
43
57
  requirement: !ruby/object:Gem::Requirement