bundler_audit_notifier 0.0.7 → 0.0.12

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b03380d456fbced6f980ed440aba6dab76c1ff64df758c9c01a027b853dba4fe
4
- data.tar.gz: d217dcd33669a7a8c4bf137d41fb7bbc9885dcf37af7f7b3b0c6c86d74d5db1f
3
+ metadata.gz: 3e6f95356cd63ebb74e5a3d6172b773a9e391da5c8dc3cb765945714fa2cc624
4
+ data.tar.gz: defa67385cf51d5999ca0fa7c16c8e7b02c610cce63746a006c5f0f5f94239f3
5
5
  SHA512:
6
- metadata.gz: 0b1f9056a5307b5e519ffa0356cabc9846362167dcff090859c788752cb2efc782b99aaa5f8a2ea6a6cf906d5ef385d2581d5bc6d9bd8642f55123999e4f9091
7
- data.tar.gz: 0e49a1985f9728f9da180045a481b91910f9ed9fb1bd78bc5f73f741e928f565e159845da5ae6d11029d7ceec5f13519064f0539f57204a7933eddce5e0adf4d
6
+ metadata.gz: 540b2dea155ddfa8b31bd5db773440500c559d1ecce979dd87411a81dcd634d820e2b51d61da7723e9a802755666c69d09236b4fd31714326199149dc8c44935
7
+ data.tar.gz: 9807fe798b5faf478f25220348ac3ebe7474b2a1ef478c0eaff44bf727e979067f87d742bdd707b3e6886a5520f909c3f289ede98f0f7a09cf0eea4a1c9f00e7
@@ -15,7 +15,7 @@ class BundlerAuditIssuesController < ActionController::Base
15
15
  if params[:token].present?
16
16
  bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
17
17
  if bundler_audit_issue
18
- ::Rails.logger.info("Authorized accesss to api for bundler audit issue: #{params[:token]}")
18
+ ::Rails.logger.info("Authorized accesss to api for bundler audit issue: #{params[:token]}")
19
19
  return true
20
20
  else
21
21
  ::Rails.logger.warn("Unauthorized accesss to api for bundler audit issue: #{params[:token]}")
@@ -8,4 +8,8 @@ class BundlerAuditIssuesMailer < ActionMailer::Base
8
8
  @vulnerabilities = vulnerabilities
9
9
  mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Results')
10
10
  end
11
+ def error_in_running errors, opts = {}
12
+ @errors = errors
13
+ mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Errored')
14
+ end
11
15
  end
@@ -0,0 +1,14 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
5
+ </head>
6
+ <body>
7
+ <h1>Vulnerabilities: </h1>
8
+ <ul>
9
+ <%= @errors.each do |error| %>
10
+ <li> <%= line[:error].to_s.html_safe %></li>
11
+ <% end %>
12
+ </ul>
13
+ </body>
14
+ </html>
@@ -1,65 +1,99 @@
1
1
  # dependencies
2
2
  require "active_support"
3
- require 'rake'
4
- require "bundler_audit_notifier/engine"
5
- require "auditer_script"
6
3
 
7
4
  module BundlerAuditNotifier
8
5
  def self.audit_parse
9
6
  r, w = IO.pipe
10
7
  # Spawn executes specified command and return its pid
11
8
  # This line will execute code that runs bundler-audit and then write the output into the IO pipe
12
- # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
13
- pid = spawn(RbConfig.ruby, "lib/auditer_script.rb", :out => w, :err => [:child, :out])
14
- Process.wait2(pid)
15
- w.close
16
- # At this point, the results of the bundler-audit check command are written in the IO pipe
17
- vulnerabilities = []# load quieries from database
18
- while !r.eof?
19
- name_line = r.gets
20
-
21
- if name = name_line[/Name: (?<name>.+)/, :name]
22
- version_line = r.gets
23
- advisory_line = r.gets
24
- criticality_line = r.gets
25
- url_line = r.gets
26
- title_line = r.gets
27
- solution_line = r.gets
28
- space = r.gets
29
- if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
30
- version = version_line[/Version: (?<version>.+)/, :version]
31
- advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
32
- criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
33
- url = url_line[/URL: (?<url>.+)/, :url]
34
- title = title_line[/Title: (?<title>.+)/, :title]
35
- solution = solution_line[/Solution: (?<solution>.+)/, :solution]
9
+ script_location = "lib/auditer_script.rb"
10
+ if File.exists?("lib/auditer_script.rb")
11
+ # use local file lib
12
+ else
13
+ gem_file_path = (`bundle show bundler_audit_notifier`).strip
14
+ gem_location = (File.join(gem_file_path, 'lib', 'auditer_script.rb'))
15
+ if File.exists(gem_location)
16
+ script_location = gem_location
17
+ else
18
+ errors << "Error parsing Script file location: Neither #{script_location} nor #{gem_location}"
19
+ end
20
+ end
21
+ if errors.none?
22
+ pid = spawn(RbConfig.ruby, script_location, :out => w, :err => [:child, :out])
23
+ Process.wait2(pid)
24
+ w.close
25
+ puts "MADE IT HERE"
26
+ # At this point, the results of the bundler-audit check command are written in the IO pipe
27
+ vulnerabilities = []# load quieries from database
28
+ errors = []
29
+ puts r.inspect
30
+ puts r.eof?.inspect
31
+ puts "MADE IT HERE 1"
32
+ while !r.eof?
33
+ puts "MADE IT HERE 2"
34
+ name_line = r.gets
35
+ puts name_line
36
+ puts "MADE IT HERE3"
37
+
38
+ if name = name_line[/Name: (?<name>.+)/, :name]
39
+ version_line = r.gets
40
+ puts version_line
41
+ advisory_line = r.gets
42
+ puts advisory_line
43
+ criticality_line = r.gets
44
+ puts criticality_line
45
+ url_line = r.gets
46
+ puts url_line
47
+ title_line = r.gets
48
+ puts title_line
49
+ solution_line = r.gets
50
+ puts solution_line
51
+ space = r.gets
52
+ puts space
53
+ if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
54
+ version = version_line[/Version: (?<version>.+)/, :version]
55
+ advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
56
+ criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
57
+ url = url_line[/URL: (?<url>.+)/, :url]
58
+ title = title_line[/Title: (?<title>.+)/, :title]
59
+ solution = solution_line[/Solution: (?<solution>.+)/, :solution]
36
60
 
37
- # check for valid data
38
- # check database table for existing event
39
- if BundlerAuditIssue.exists?(advisory: advisory)
40
- bundler_audit_issue = BundlerAuditIssue.where(advisory: advisory).first
41
- # if event found, touch event
42
- bundler_audit_issue.touch
43
- # add event to vulnerabilities array if it was not marked ignored
44
- if !bundler_audit_issue.ignore
45
- vulnerabilities << bundler_audit_issue
46
- end
47
- else
48
- bundler_audit_issue = BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
61
+ # check for valid data
62
+ # check database table for existing event
63
+ if BundlerAuditIssue.exists?(advisory: advisory)
64
+ # if event found, touch event
65
+ BundlerAuditIssue.where(advisory: advisory).first.touch
66
+ # if found event is ignored, remove from vulnerabilites hash
67
+ if !BundlerAuditIssue.where(advisory: advisory).first.ignore
68
+ vulnerabilities << {:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution}
69
+ end
70
+ puts "VULNERABILITIES"
71
+ puts vulnerabilities.inspect
72
+ else
73
+ BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
49
74
 
50
- vulnerabilities << bundler_audit_issue
75
+ vulnerabilities << {:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution}
76
+ puts vulnerabilities.inspect
77
+ end
78
+ else
79
+ puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
51
80
  end
81
+ elsif name_line.strip == "Vulnerabilities found!"
82
+ puts "End of output reached!"
52
83
  else
53
- puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
84
+ puts "ERROR: FOUND ERROR PARSING"
85
+ puts name_line.inspect
86
+ errors << "Error parsing NAME LINE: #{name_line}"
54
87
  end
55
- elsif name_line.strip == "Vulnerabilities found!"
56
- puts "End of output reached!"
57
88
  end
58
89
  end
59
90
  # iterate through remaining vulnerabilties and send them in an email if any are remaining
91
+ if errors.present?
92
+ ApplicationMailer.error_in_running(errors).deliver_now
93
+ end
60
94
  if vulnerabilities.present?
61
- BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
95
+ ApplicationMailer.vulnerability_email(vulnerabilities).deliver_now
62
96
  end
97
+ return [vulnerabilities, errors]
63
98
  end
64
- end
65
-
99
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler_audit_notifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.7
4
+ version: 0.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marley Stipich
@@ -38,20 +38,6 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
- - !ruby/object:Gem::Dependency
42
- name: sqlite3
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - ">="
46
- - !ruby/object:Gem::Version
47
- version: '0'
48
- type: :runtime
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - ">="
53
- - !ruby/object:Gem::Version
54
- version: '0'
55
41
  - !ruby/object:Gem::Dependency
56
42
  name: rails
57
43
  requirement: !ruby/object:Gem::Requirement
@@ -148,6 +134,20 @@ dependencies:
148
134
  - - ">="
149
135
  - !ruby/object:Gem::Version
150
136
  version: '0'
137
+ - !ruby/object:Gem::Dependency
138
+ name: sqlite3
139
+ requirement: !ruby/object:Gem::Requirement
140
+ requirements:
141
+ - - ">="
142
+ - !ruby/object:Gem::Version
143
+ version: '0'
144
+ type: :development
145
+ prerelease: false
146
+ version_requirements: !ruby/object:Gem::Requirement
147
+ requirements:
148
+ - - ">="
149
+ - !ruby/object:Gem::Version
150
+ version: '0'
151
151
  description:
152
152
  email:
153
153
  executables: []
@@ -158,6 +158,7 @@ files:
158
158
  - app/mailers/bundler_audit_issues_mailer.rb
159
159
  - app/models/bundler_audit_issue.rb
160
160
  - app/views/bundler_audit_issues/ignore.html.erb
161
+ - app/views/bundler_audit_issues_mailer/error_in_running.html.erb
161
162
  - app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb
162
163
  - lib/auditer_script.rb
163
164
  - lib/bundler_audit_notifier.rb