bundler_audit_notifier 0.0.4 → 0.0.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 240cfa8bf57c40976051d008d9c532559a58941e4537ede66d535e30f3e1ffb8
4
- data.tar.gz: d496ccc3ec1770981037ac6f2896f467462f2ad179be698dcc02f65cff174bb0
3
+ metadata.gz: 83662d8b0c27607eef30e58e354ce77df50b8311f4223dff287d0273f584e8c9
4
+ data.tar.gz: 171045640fd3c1de6de2e109900e2b85b5c919cbf8346a66312476ad6060d440
5
5
  SHA512:
6
- metadata.gz: c5ac4fe3ed0f28102304d05548d3b2a90e1e28cfa6534529620985c02b46e13328203fcbbaa8434ed45dde3919a0f545ba3405ad3a02458653407ddcd4f7a238
7
- data.tar.gz: bcf4ea64a9258c00d2dc5defa6091d295f916717436cb2f51caa3b91e5fbac992201e98c5ae829e7b6e805782d0d69bfc7029a4ac4f1dbc523f0b5df67c3e938
6
+ metadata.gz: 6d78130742746beaeee50d35621a4e38e41a1441f33ae94aef8d3eacb95e16d9918d58fac6a06c249f01327f9088b38c6d475a4eaae08e4f2abf0ebcd382c975
7
+ data.tar.gz: b82b1e59f390f430374e6b70e131245ae9386ea17454cc69e0b4855304cd2d043a1ec63de1c1ed71ab888d9aad7b76a7084a047c30ee9938fcf5160d98ff758a
@@ -1,13 +1,31 @@
1
1
  class BundlerAuditIssuesController < ActionController::Base
2
+ before_action :authenticate, only: [:ignore]
3
+
2
4
  def ignore
3
5
  @bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
4
6
  @bundler_audit_issue.ignore = true
7
+ @bundler_audit_issue.token = nil
5
8
  if @bundler_audit_issue.save!
6
9
  render :ignore
7
10
  end
8
11
  end
12
+
9
13
  private
10
14
 
15
+ def authenticate
16
+ if params[:token].present?
17
+ bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
18
+ if bundler_audit_issue
19
+ ::Rails.logger.info("Authorized accesss to api for bundler audit issue: #{params[:token]}")
20
+ return true
21
+ else
22
+ ::Rails.logger.warn("Unauthorized accesss to api for bundler audit issue: #{params[:token]}")
23
+ head :unauthorized
24
+ return false
25
+ end
26
+ end
27
+ end
28
+
11
29
  def bundler_audit_issue_params
12
30
  params.require(:bundler_audit_issue).permit(:name, :version, :advisory, :token, :criticality, :url, :title, :solution, :ignore)
13
31
  end
@@ -5,7 +5,7 @@
5
5
  </head>
6
6
  <body>
7
7
  <h1>Vulnerabilities: </h1>
8
- <%= @vulnerabilities.each do |line| %>
8
+ <% @vulnerabilities.each do |line| %>
9
9
  <ul>
10
10
  <li> Name: <%= line[:name].to_s.html_safe %></li>
11
11
  <li> Version: <%= line[:version].to_s.html_safe %></li>
@@ -2,15 +2,16 @@
2
2
  require "active_support"
3
3
  require 'rake'
4
4
  require "bundler_audit_notifier/engine"
5
- require_relative "auditer_script"
6
5
 
7
6
  module BundlerAuditNotifier
8
7
  def self.audit_parse
9
8
  r, w = IO.pipe
9
+ audit_script_file = File.join(File.dirname(__FILE__), 'auditer_script.rb')
10
10
  # Spawn executes specified command and return its pid
11
11
  # This line will execute code that runs bundler-audit and then write the output into the IO pipe
12
12
  # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
13
- pid = spawn(RbConfig.ruby, "lib/auditer_script.rb", :out => w, :err => [:child, :out])
13
+ pid = spawn(RbConfig.ruby, audit_script_file, :out => w, :err => [:child, :out])
14
+
14
15
  Process.wait2(pid)
15
16
  w.close
16
17
  # At this point, the results of the bundler-audit check command are written in the IO pipe
@@ -1,4 +1,4 @@
1
- # Run this command to generate migration: rails generate bundler_audit_notifier
1
+ # Run this command to generate migration: rails generate bundler_audit_notifier:bundler_audit_notifier
2
2
  require "rails/generators/active_record"
3
3
  require "rails/generators"
4
4
  module BundlerAuditNotifier
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler_audit_notifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.4
4
+ version: 0.0.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marley Stipich