bundler_audit_notifier 0.0.8 → 0.1.12

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 459ffda5725eef00038a050640aec90b2be3c784e4768b82fa80c8b767839889
4
- data.tar.gz: aa07a50baae00da87df16f6996e54ed5d4bf13a6d4e36dbccb59122194cb184f
3
+ metadata.gz: a83e35d3a799a6b5d82900e74a6c106347a25d51d1ddd947a2f28667558a0aec
4
+ data.tar.gz: 0c502972dc8b59643992e28313bf0683189d6bd61a43e7ce9b372b337ce1ad83
5
5
  SHA512:
6
- metadata.gz: 3794240d3224bfc795d797226dce784b051265668e79c86f9c66f54436cf63500068b24dddf9e0c708a1186ad8d517b555b5a7325c92a7e47d91cf730f5155e5
7
- data.tar.gz: 698e7fc2cc5ecbbb4b689cca13df44b09e9fe21970825fa9e935886bf0a2e4227368a4cc5c7b5bc54c8ae41614b2b0c69a9d74cbf2d8a758d6b9f0f0df0c2848
6
+ metadata.gz: c591a94bbf430312f1a2ed561d83066d82f0d9005f72431645255bb57e3f29d8ed42547dd0387f3c1b151152d8a6d97a6f46764e0e6181b1b984b69ade5de9e3
7
+ data.tar.gz: 76efc070abe43f3e0ad144687df4e5ba80bf8b0f9e0eacd356798e070b06cf3b0e1890dcd51b7bb1eef934d6259e612170a956ef5bf19d27958cd0e008fe55e2
@@ -16,7 +16,7 @@ class BundlerAuditIssuesController < ActionController::Base
16
16
  if params[:token].present?
17
17
  bundler_audit_issue = BundlerAuditIssue.where(token: params[:token]).first
18
18
  if bundler_audit_issue
19
- ::Rails.logger.info("Authorized accesss to api for bundler audit issue: #{params[:token]}")
19
+ ::Rails.logger.info("Authorized accesss to api for bundler audit issue: #{params[:token]}")
20
20
  return true
21
21
  else
22
22
  ::Rails.logger.warn("Unauthorized accesss to api for bundler audit issue: #{params[:token]}")
@@ -8,4 +8,8 @@ class BundlerAuditIssuesMailer < ActionMailer::Base
8
8
  @vulnerabilities = vulnerabilities
9
9
  mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Results')
10
10
  end
11
+ def error_in_running errors, opts = {}
12
+ @errors = errors
13
+ mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Errored')
14
+ end
11
15
  end
@@ -0,0 +1,14 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
5
+ </head>
6
+ <body>
7
+ <h1>Vulnerabilities: </h1>
8
+ <ul>
9
+ <% @errors.each do |error| %>
10
+ <li> <%= error.to_s.html_safe %></li>
11
+ <% end %>
12
+ </ul>
13
+ </body>
14
+ </html>
@@ -6,16 +6,16 @@
6
6
  <body>
7
7
  <h1>Vulnerabilities: </h1>
8
8
  <% @vulnerabilities.each do |line| %>
9
- <ul>
10
- <li> Name: <%= line[:name].to_s.html_safe %></li>
11
- <li> Version: <%= line[:version].to_s.html_safe %></li>
12
- <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
- <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
- <li> Url: <%= line[:url].to_s.html_safe %></li>
15
- <li> Title: <%= line[:title].to_s.html_safe %></li>
16
- <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
- </ul>
18
- <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line.token) %></p>
9
+ <ul>
10
+ <li> Name: <%= line[:name].to_s.html_safe %></li>
11
+ <li> Version: <%= line[:version].to_s.html_safe %></li>
12
+ <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
+ <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
+ <li> Url: <%= line[:url].to_s.html_safe %></li>
15
+ <li> Title: <%= line[:title].to_s.html_safe %></li>
16
+ <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
+ </ul>
18
+ <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line[:token]) %></p>
19
19
  <% end %>
20
20
  </body>
21
21
  </html>
@@ -1,65 +1,94 @@
1
1
  # dependencies
2
2
  require "active_support"
3
- require 'rake'
4
- require "bundler_audit_notifier/engine"
5
- require "auditer_script"
6
3
 
7
4
  module BundlerAuditNotifier
8
5
  def self.audit_parse
9
6
  r, w = IO.pipe
7
+ errors = []
10
8
  # Spawn executes specified command and return its pid
11
9
  # This line will execute code that runs bundler-audit and then write the output into the IO pipe
12
- # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
13
- pid = spawn(RbConfig.ruby, "lib/auditer_script.rb", :out => w, :err => [:child, :out])
14
- Process.wait2(pid)
15
- w.close
16
- # At this point, the results of the bundler-audit check command are written in the IO pipe
17
- vulnerabilities = []# load quieries from database
18
- while !r.eof?
19
- name_line = r.gets
20
-
21
- if name = name_line[/Name: (?<name>.+)/, :name]
22
- version_line = r.gets
23
- advisory_line = r.gets
24
- criticality_line = r.gets
25
- url_line = r.gets
26
- title_line = r.gets
27
- solution_line = r.gets
28
- space = r.gets
29
- if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
30
- version = version_line[/Version: (?<version>.+)/, :version]
31
- advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
32
- criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
33
- url = url_line[/URL: (?<url>.+)/, :url]
34
- title = title_line[/Title: (?<title>.+)/, :title]
35
- solution = solution_line[/Solution: (?<solution>.+)/, :solution]
10
+ script_location = "lib/auditer_script.rb"
11
+ if File.exists?("lib/auditer_script.rb")
12
+ # use local file lib
13
+ else
14
+ gem_file_path = (`bundle show bundler_audit_notifier`).strip
15
+ gem_location = (File.join(gem_file_path, 'lib', 'auditer_script.rb'))
16
+ if File.exists?(gem_location)
17
+ script_location = gem_location
18
+ else
19
+ errors << "Error parsing Script file location: Neither #{script_location} nor #{gem_location}"
20
+ end
21
+ end
22
+ if errors.none?
23
+ pid = spawn(RbConfig.ruby, script_location, :out => w, :err => [:child, :out])
24
+ Process.wait2(pid)
25
+ w.close
26
+ # At this point, the results of the bundler-audit check command are written in the IO pipe
27
+ vulnerabilities = []# load quieries from database
28
+ update_line = r.gets
29
+ # Parsing bundler-audit update results
30
+ if update_line.starts_with?("Updating ruby-advisory-db ...")
31
+ while !update_line.start_with?('ruby-advisory-db:') && !r.eof?
32
+ update_line = r.gets
33
+ end
34
+ else
35
+ errors << "Error parsing DURING UPDATE: #{update_line}"
36
+ end
37
+ while !r.eof?
38
+ # Parsing the bundler-audit results
39
+ name_line = r.gets
40
+
41
+ if name = name_line[/Name: (?<name>.+)/, :name]
42
+ version_line = r.gets
43
+ advisory_line = r.gets
44
+ criticality_line = r.gets
45
+ url_line = r.gets
46
+ title_line = r.gets
47
+ solution_line = r.gets
48
+ space = r.gets
49
+ if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
50
+ version = version_line[/Version: (?<version>.+)/, :version]
51
+ advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
52
+ criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
53
+ url = url_line[/URL: (?<url>.+)/, :url]
54
+ title = title_line[/Title: (?<title>.+)/, :title]
55
+ solution = solution_line[/Solution: (?<solution>.+)/, :solution]
36
56
 
37
- # check for valid data
38
- # check database table for existing event
39
- if BundlerAuditIssue.exists?(advisory: advisory)
40
- bundler_audit_issue = BundlerAuditIssue.where(advisory: advisory).first
41
- # if event found, touch event
42
- bundler_audit_issue.touch
43
- # add event to vulnerabilities array if it was not marked ignored
44
- if !bundler_audit_issue.ignore
45
- vulnerabilities << bundler_audit_issue
57
+ # check for valid data
58
+ # check database table for existing event
59
+ data = {name: name, version: version, advisory: advisory, criticality: criticality, url: url, title: title, solution: solution}
60
+ bai = BundlerAuditIssue.find_by_advisory(advisory)
61
+ if bai
62
+ # if event found, touch event
63
+ bai.touch
64
+ # if found event is ignored, remove from vulnerabilites hash
65
+ if !bai.ignore
66
+ vulnerabilities << data.merge({token: bai.token})
67
+ end
68
+ else
69
+ if bai = BundlerAuditIssue.create(data)
70
+ vulnerabilities << data.merge({token: bai.token})
71
+ else
72
+ errors << "Error parsing creating new BundlerAuditIssue with the following #{data}"
73
+ end
46
74
  end
47
- else
48
- bundler_audit_issue = BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
49
-
50
- vulnerabilities << bundler_audit_issue
75
+ else
76
+ errors << "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
51
77
  end
78
+ elsif name_line.strip == "Vulnerabilities found!"
79
+ # puts "End of output reached!"
52
80
  else
53
- puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
81
+ errors << "Error parsing NAME LINE: #{name_line}"
54
82
  end
55
- elsif name_line.strip == "Vulnerabilities found!"
56
- puts "End of output reached!"
57
83
  end
58
84
  end
59
85
  # iterate through remaining vulnerabilties and send them in an email if any are remaining
86
+ if errors.present?
87
+ BundlerAuditIssuesMailer.error_in_running(errors).deliver_now
88
+ end
60
89
  if vulnerabilities.present?
61
90
  BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
62
91
  end
92
+ return [vulnerabilities, errors]
63
93
  end
64
- end
65
-
94
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler_audit_notifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.1.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marley Stipich
@@ -38,20 +38,6 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
- - !ruby/object:Gem::Dependency
42
- name: sqlite3
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - ">="
46
- - !ruby/object:Gem::Version
47
- version: '0'
48
- type: :runtime
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - ">="
53
- - !ruby/object:Gem::Version
54
- version: '0'
55
41
  - !ruby/object:Gem::Dependency
56
42
  name: rails
57
43
  requirement: !ruby/object:Gem::Requirement
@@ -148,6 +134,20 @@ dependencies:
148
134
  - - ">="
149
135
  - !ruby/object:Gem::Version
150
136
  version: '0'
137
+ - !ruby/object:Gem::Dependency
138
+ name: sqlite3
139
+ requirement: !ruby/object:Gem::Requirement
140
+ requirements:
141
+ - - ">="
142
+ - !ruby/object:Gem::Version
143
+ version: '0'
144
+ type: :development
145
+ prerelease: false
146
+ version_requirements: !ruby/object:Gem::Requirement
147
+ requirements:
148
+ - - ">="
149
+ - !ruby/object:Gem::Version
150
+ version: '0'
151
151
  description:
152
152
  email:
153
153
  executables: []
@@ -158,6 +158,7 @@ files:
158
158
  - app/mailers/bundler_audit_issues_mailer.rb
159
159
  - app/models/bundler_audit_issue.rb
160
160
  - app/views/bundler_audit_issues/ignore.html.erb
161
+ - app/views/bundler_audit_issues_mailer/error_in_running.html.erb
161
162
  - app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb
162
163
  - lib/auditer_script.rb
163
164
  - lib/bundler_audit_notifier.rb