RubyGems - bundler_audit_notifier - Versions diffs - 0.0.4 → 0.0.9 - Mend

bundler_audit_notifier 0.0.4 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/app/controllers/bundler_audit_issues_controller.rb +18 -0
data/app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb +1 -1
data/lib/bundler_audit_notifier.rb +3 -2
data/lib/generators/bundler_audit_notifier/bundler_audit_notifier_generator.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 240cfa8bf57c40976051d008d9c532559a58941e4537ede66d535e30f3e1ffb8
-  data.tar.gz: d496ccc3ec1770981037ac6f2896f467462f2ad179be698dcc02f65cff174bb0
+  metadata.gz: 83662d8b0c27607eef30e58e354ce77df50b8311f4223dff287d0273f584e8c9
+  data.tar.gz: 171045640fd3c1de6de2e109900e2b85b5c919cbf8346a66312476ad6060d440
 SHA512:
-  metadata.gz: c5ac4fe3ed0f28102304d05548d3b2a90e1e28cfa6534529620985c02b46e13328203fcbbaa8434ed45dde3919a0f545ba3405ad3a02458653407ddcd4f7a238
-  data.tar.gz: bcf4ea64a9258c00d2dc5defa6091d295f916717436cb2f51caa3b91e5fbac992201e98c5ae829e7b6e805782d0d69bfc7029a4ac4f1dbc523f0b5df67c3e938
+  metadata.gz: 6d78130742746beaeee50d35621a4e38e41a1441f33ae94aef8d3eacb95e16d9918d58fac6a06c249f01327f9088b38c6d475a4eaae08e4f2abf0ebcd382c975
+  data.tar.gz: b82b1e59f390f430374e6b70e131245ae9386ea17454cc69e0b4855304cd2d043a1ec63de1c1ed71ab888d9aad7b76a7084a047c30ee9938fcf5160d98ff758a

data/app/controllers/bundler_audit_issues_controller.rb CHANGED

@@ -1,13 +1,31 @@
 class BundlerAuditIssuesController < ActionController::Base
+  before_action :authenticate, only: [:ignore]
   def ignore
     @bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
     @bundler_audit_issue.ignore = true
+    @bundler_audit_issue.token = nil
     if @bundler_audit_issue.save!
       render :ignore
     end
   end
   private
+  def authenticate
+    if params[:token].present?
+      bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
+      if bundler_audit_issue
+        ::Rails.logger.info("Authorized accesss to api for bundler audit issue: #{params[:token]}")
+        return true
+      else
+        ::Rails.logger.warn("Unauthorized accesss to api for bundler audit issue: #{params[:token]}")
+        head :unauthorized
+        return false
+      end
+    end
+  end
   def bundler_audit_issue_params
     params.require(:bundler_audit_issue).permit(:name, :version, :advisory, :token, :criticality, :url, :title, :solution, :ignore)
   end

data/app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb CHANGED

@@ -5,7 +5,7 @@
   </head>
   <body>
     <h1>Vulnerabilities: </h1>
-    <%= @vulnerabilities.each do |line|  %>
+    <% @vulnerabilities.each do |line|  %>
     <ul>
     <li> Name: <%= line[:name].to_s.html_safe %></li>
     <li> Version: <%= line[:version].to_s.html_safe %></li>

data/lib/bundler_audit_notifier.rb CHANGED

@@ -2,15 +2,16 @@
 require "active_support"
 require 'rake'
 require "bundler_audit_notifier/engine"
-require_relative "auditer_script"
 module BundlerAuditNotifier
   def self.audit_parse
     r, w = IO.pipe
+    audit_script_file = File.join(File.dirname(__FILE__), 'auditer_script.rb')
     # Spawn executes specified command and return its pid
     # This line will execute code that runs bundler-audit and then write the output into the IO pipe
     # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
-    pid = spawn(RbConfig.ruby, "lib/auditer_script.rb", :out => w, :err => [:child, :out])
+    pid = spawn(RbConfig.ruby, audit_script_file, :out => w, :err => [:child, :out])
     Process.wait2(pid)
     w.close
     # At this point, the results of the bundler-audit check command are written in the IO pipe

data/lib/generators/bundler_audit_notifier/bundler_audit_notifier_generator.rb CHANGED

@@ -1,4 +1,4 @@
-# Run this command to generate migration: rails generate bundler_audit_notifier
+# Run this command to generate migration: rails generate bundler_audit_notifier:bundler_audit_notifier
 require "rails/generators/active_record"
 require "rails/generators"
 module BundlerAuditNotifier

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler_audit_notifier
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.9
 platform: ruby
 authors:
 - Marley Stipich