RubyGems - bundler_audit_notifier - Versions diffs - 0.0.6 → 0.0.11 - Mend

bundler_audit_notifier 0.0.6 → 0.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/app/controllers/bundler_audit_issues_controller.rb +17 -0
data/lib/bundler_audit_notifier.rb +3 -2
data/lib/generators/bundler_audit_notifier/bundler_audit_notifier_generator.rb +1 -1
metadata +15 -15

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 02e1b895bd9b372142235bb973c3df0e0551f1857ef5cd7991b93431a929d533
-  data.tar.gz: 1f9fa7a4d41567e5eaa1d93210acc58aaf3bbf0f2dbd961de7bf1a72b3d4ba94
+  metadata.gz: 8824f8dc78d31f52f2067355a468651f905312d8dde249c503408b3e7314e2d4
+  data.tar.gz: d4ac54af68ffbab771b7203d814c323f0697b58d8d092acc653f9625a3538055
 SHA512:
-  metadata.gz: 87efd7b317c0dfd7971b455a8eaaa42170cb7716d9028559c2653ed52e02c2ffaf3a5c9faafe5c46c30250404e9d7f39d98ac490970176527a86b61471bafac3
-  data.tar.gz: e02e9546b44ed147dc8017618e5dcec962dcdd144792068e9ec6d372b6eef166b94544fd4534b666a5f64483555a8850e6221db52f7752bf07e3f47a6c18c3c1
+  metadata.gz: 0d7a275d972a7ee96aebe564f4432d1e8aed27d7a5a70c9e3508b632f0179c7456bbed0de694b275c62473e5b0e1e04dac124af6faacdb71840c2f19cdcbbd41
+  data.tar.gz: e05db70c969a51a956ce39453e6686cf1ca291dc3da729ba1feec5fb5c57ceef7663545122806e2014d88ef6997e8ef4961695a5b863d85166b824d72ca93b7b

data/app/controllers/bundler_audit_issues_controller.rb CHANGED

@@ -1,4 +1,6 @@
 class BundlerAuditIssuesController < ActionController::Base
+  before_action :authenticate, only: [:ignore]
   def ignore
     @bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
     @bundler_audit_issue.ignore = true
@@ -6,8 +8,23 @@ class BundlerAuditIssuesController < ActionController::Base
       render :ignore
     end
   end
   private
+  def authenticate
+    if params[:token].present?
+      bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
+      if bundler_audit_issue
+        ::Rails.logger.info("Authorized accesss to api for bundler audit issue: #{params[:token]}")
+        return true
+      else
+        ::Rails.logger.warn("Unauthorized accesss to api for bundler audit issue: #{params[:token]}")
+        head :unauthorized
+        return false
+      end
+    end
+  end
   def bundler_audit_issue_params
     params.require(:bundler_audit_issue).permit(:name, :version, :advisory, :token, :criticality, :url, :title, :solution, :ignore)
   end

data/lib/bundler_audit_notifier.rb CHANGED

@@ -2,15 +2,16 @@
 require "active_support"
 require 'rake'
 require "bundler_audit_notifier/engine"
-require "auditer_script"
 module BundlerAuditNotifier
   def self.audit_parse
     r, w = IO.pipe
+    audit_script_file = File.join(File.dirname(__FILE__), 'auditer_script.rb')
     # Spawn executes specified command and return its pid
     # This line will execute code that runs bundler-audit and then write the output into the IO pipe
     # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
-    pid = spawn(RbConfig.ruby, "lib/auditer_script.rb", :out => w, :err => [:child, :out])
+    pid = spawn(RbConfig.ruby, audit_script_file, :out => w, :err => [:child, :out])
     Process.wait2(pid)
     w.close
     # At this point, the results of the bundler-audit check command are written in the IO pipe

data/lib/generators/bundler_audit_notifier/bundler_audit_notifier_generator.rb CHANGED

@@ -1,4 +1,4 @@
-# Run this command to generate migration: rails generate bundler_audit_notifier
+# Run this command to generate migration: rails generate bundler_audit_notifier:bundler_audit_notifier
 require "rails/generators/active_record"
 require "rails/generators"
 module BundlerAuditNotifier

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler_audit_notifier
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.11
 platform: ruby
 authors:
 - Marley Stipich
@@ -38,20 +38,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -148,6 +134,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description:
 email:
 executables: []