bundler_audit_notifier 0.0.7 → 0.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/bundler_audit_issues_controller.rb +1 -1
  3. data/app/mailers/bundler_audit_issues_mailer.rb +4 -0
  4. data/app/views/bundler_audit_issues_mailer/error_in_running.html.erb +14 -0
  5. data/lib/bundler_audit_notifier.rb +80 -46
  6. metadata +16 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b03380d456fbced6f980ed440aba6dab76c1ff64df758c9c01a027b853dba4fe
4
- data.tar.gz: d217dcd33669a7a8c4bf137d41fb7bbc9885dcf37af7f7b3b0c6c86d74d5db1f
3
+ metadata.gz: 3e6f95356cd63ebb74e5a3d6172b773a9e391da5c8dc3cb765945714fa2cc624
4
+ data.tar.gz: defa67385cf51d5999ca0fa7c16c8e7b02c610cce63746a006c5f0f5f94239f3
5
5
  SHA512:
6
- metadata.gz: 0b1f9056a5307b5e519ffa0356cabc9846362167dcff090859c788752cb2efc782b99aaa5f8a2ea6a6cf906d5ef385d2581d5bc6d9bd8642f55123999e4f9091
7
- data.tar.gz: 0e49a1985f9728f9da180045a481b91910f9ed9fb1bd78bc5f73f741e928f565e159845da5ae6d11029d7ceec5f13519064f0539f57204a7933eddce5e0adf4d
6
+ metadata.gz: 540b2dea155ddfa8b31bd5db773440500c559d1ecce979dd87411a81dcd634d820e2b51d61da7723e9a802755666c69d09236b4fd31714326199149dc8c44935
7
+ data.tar.gz: 9807fe798b5faf478f25220348ac3ebe7474b2a1ef478c0eaff44bf727e979067f87d742bdd707b3e6886a5520f909c3f289ede98f0f7a09cf0eea4a1c9f00e7
data/app/controllers/bundler_audit_issues_controller.rb CHANGED
@@ -15,7 +15,7 @@ class BundlerAuditIssuesController < ActionController::Base
15
15
  if params[:token].present?
16
16
  bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
17
17
  if bundler_audit_issue
18
- ::Rails.logger.info("Authorized accesss to api for bundler audit issue: #{params[:token]}")
18
+ ::Rails.logger.info("Authorized accesss to api for bundler audit issue: #{params[:token]}")
19
19
  return true
20
20
  else
21
21
  ::Rails.logger.warn("Unauthorized accesss to api for bundler audit issue: #{params[:token]}")
data/app/mailers/bundler_audit_issues_mailer.rb CHANGED
@@ -8,4 +8,8 @@ class BundlerAuditIssuesMailer < ActionMailer::Base
8
8
  @vulnerabilities = vulnerabilities
9
9
  mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Results')
10
10
  end
11
+ def error_in_running errors, opts = {}
12
+ @errors = errors
13
+ mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Errored')
14
+ end
11
15
  end
data/app/views/bundler_audit_issues_mailer/error_in_running.html.erb ADDED
@@ -0,0 +1,14 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
5
+ </head>
6
+ <body>
7
+ <h1>Vulnerabilities: </h1>
8
+ <ul>
9
+ <%= @errors.each do |error| %>
10
+ <li> <%= line[:error].to_s.html_safe %></li>
11
+ <% end %>
12
+ </ul>
13
+ </body>
14
+ </html>
data/lib/bundler_audit_notifier.rb CHANGED
@@ -1,65 +1,99 @@
1
1
  # dependencies
2
2
  require "active_support"
3
- require 'rake'
4
- require "bundler_audit_notifier/engine"
5
- require "auditer_script"
6
3
 
7
4
  module BundlerAuditNotifier
8
5
  def self.audit_parse
9
6
  r, w = IO.pipe
10
7
  # Spawn executes specified command and return its pid
11
8
  # This line will execute code that runs bundler-audit and then write the output into the IO pipe
12
- # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
13
- pid = spawn(RbConfig.ruby, "lib/auditer_script.rb", :out => w, :err => [:child, :out])
14
- Process.wait2(pid)
15
- w.close
16
- # At this point, the results of the bundler-audit check command are written in the IO pipe
17
- vulnerabilities = []# load quieries from database
18
- while !r.eof?
19
- name_line = r.gets
20
-
21
- if name = name_line[/Name: (?<name>.+)/, :name]
22
- version_line = r.gets
23
- advisory_line = r.gets
24
- criticality_line = r.gets
25
- url_line = r.gets
26
- title_line = r.gets
27
- solution_line = r.gets
28
- space = r.gets
29
- if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
30
- version = version_line[/Version: (?<version>.+)/, :version]
31
- advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
32
- criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
33
- url = url_line[/URL: (?<url>.+)/, :url]
34
- title = title_line[/Title: (?<title>.+)/, :title]
35
- solution = solution_line[/Solution: (?<solution>.+)/, :solution]
9
+ script_location = "lib/auditer_script.rb"
10
+ if File.exists?("lib/auditer_script.rb")
11
+ # use local file lib
12
+ else
13
+ gem_file_path = (`bundle show bundler_audit_notifier`).strip
14
+ gem_location = (File.join(gem_file_path, 'lib', 'auditer_script.rb'))
15
+ if File.exists(gem_location)
16
+ script_location = gem_location
17
+ else
18
+ errors << "Error parsing Script file location: Neither #{script_location} nor #{gem_location}"
19
+ end
20
+ end
21
+ if errors.none?
22
+ pid = spawn(RbConfig.ruby, script_location, :out => w, :err => [:child, :out])
23
+ Process.wait2(pid)
24
+ w.close
25
+ puts "MADE IT HERE"
26
+ # At this point, the results of the bundler-audit check command are written in the IO pipe
27
+ vulnerabilities = []# load quieries from database
28
+ errors = []
29
+ puts r.inspect
30
+ puts r.eof?.inspect
31
+ puts "MADE IT HERE 1"
32
+ while !r.eof?
33
+ puts "MADE IT HERE 2"
34
+ name_line = r.gets
35
+ puts name_line
36
+ puts "MADE IT HERE3"
37
+
38
+ if name = name_line[/Name: (?<name>.+)/, :name]
39
+ version_line = r.gets
40
+ puts version_line
41
+ advisory_line = r.gets
42
+ puts advisory_line
43
+ criticality_line = r.gets
44
+ puts criticality_line
45
+ url_line = r.gets
46
+ puts url_line
47
+ title_line = r.gets
48
+ puts title_line
49
+ solution_line = r.gets
50
+ puts solution_line
51
+ space = r.gets
52
+ puts space
53
+ if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
54
+ version = version_line[/Version: (?<version>.+)/, :version]
55
+ advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
56
+ criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
57
+ url = url_line[/URL: (?<url>.+)/, :url]
58
+ title = title_line[/Title: (?<title>.+)/, :title]
59
+ solution = solution_line[/Solution: (?<solution>.+)/, :solution]
36
60
 
37
- # check for valid data
38
- # check database table for existing event
39
- if BundlerAuditIssue.exists?(advisory: advisory)
40
- bundler_audit_issue = BundlerAuditIssue.where(advisory: advisory).first
41
- # if event found, touch event
42
- bundler_audit_issue.touch
43
- # add event to vulnerabilities array if it was not marked ignored
44
- if !bundler_audit_issue.ignore
45
- vulnerabilities << bundler_audit_issue
46
- end
47
- else
48
- bundler_audit_issue = BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
61
+ # check for valid data
62
+ # check database table for existing event
63
+ if BundlerAuditIssue.exists?(advisory: advisory)
64
+ # if event found, touch event
65
+ BundlerAuditIssue.where(advisory: advisory).first.touch
66
+ # if found event is ignored, remove from vulnerabilites hash
67
+ if !BundlerAuditIssue.where(advisory: advisory).first.ignore
68
+ vulnerabilities << {:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution}
69
+ end
70
+ puts "VULNERABILITIES"
71
+ puts vulnerabilities.inspect
72
+ else
73
+ BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
49
74
 
50
- vulnerabilities << bundler_audit_issue
75
+ vulnerabilities << {:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution}
76
+ puts vulnerabilities.inspect
77
+ end
78
+ else
79
+ puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
51
80
  end
81
+ elsif name_line.strip == "Vulnerabilities found!"
82
+ puts "End of output reached!"
52
83
  else
53
- puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
84
+ puts "ERROR: FOUND ERROR PARSING"
85
+ puts name_line.inspect
86
+ errors << "Error parsing NAME LINE: #{name_line}"
54
87
  end
55
- elsif name_line.strip == "Vulnerabilities found!"
56
- puts "End of output reached!"
57
88
  end
58
89
  end
59
90
  # iterate through remaining vulnerabilties and send them in an email if any are remaining
91
+ if errors.present?
92
+ ApplicationMailer.error_in_running(errors).deliver_now
93
+ end
60
94
  if vulnerabilities.present?
61
- BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
95
+ ApplicationMailer.vulnerability_email(vulnerabilities).deliver_now
62
96
  end
97
+ return [vulnerabilities, errors]
63
98
  end
64
- end
65
-
99
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler_audit_notifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.7
4
+ version: 0.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marley Stipich
@@ -38,20 +38,6 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
- - !ruby/object:Gem::Dependency
42
- name: sqlite3
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - ">="
46
- - !ruby/object:Gem::Version
47
- version: '0'
48
- type: :runtime
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - ">="
53
- - !ruby/object:Gem::Version
54
- version: '0'
55
41
  - !ruby/object:Gem::Dependency
56
42
  name: rails
57
43
  requirement: !ruby/object:Gem::Requirement
@@ -148,6 +134,20 @@ dependencies:
148
134
  - - ">="
149
135
  - !ruby/object:Gem::Version
150
136
  version: '0'
137
+ - !ruby/object:Gem::Dependency
138
+ name: sqlite3
139
+ requirement: !ruby/object:Gem::Requirement
140
+ requirements:
141
+ - - ">="
142
+ - !ruby/object:Gem::Version
143
+ version: '0'
144
+ type: :development
145
+ prerelease: false
146
+ version_requirements: !ruby/object:Gem::Requirement
147
+ requirements:
148
+ - - ">="
149
+ - !ruby/object:Gem::Version
150
+ version: '0'
151
151
  description:
152
152
  email:
153
153
  executables: []
@@ -158,6 +158,7 @@ files:
158
158
  - app/mailers/bundler_audit_issues_mailer.rb
159
159
  - app/models/bundler_audit_issue.rb
160
160
  - app/views/bundler_audit_issues/ignore.html.erb
161
+ - app/views/bundler_audit_issues_mailer/error_in_running.html.erb
161
162
  - app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb
162
163
  - lib/auditer_script.rb
163
164
  - lib/bundler_audit_notifier.rb