bundler_audit_notifier 0.0.9 → 0.2.12

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 83662d8b0c27607eef30e58e354ce77df50b8311f4223dff287d0273f584e8c9
4
- data.tar.gz: 171045640fd3c1de6de2e109900e2b85b5c919cbf8346a66312476ad6060d440
3
+ metadata.gz: 4a404d051f86e7a5ead43e8743ec28991c2d10f5446f101b09e0187503216b69
4
+ data.tar.gz: 92698866c7aadabb9db94bbf530a5761b32c9f6f82c488083eb80efc5ee7e064
5
5
  SHA512:
6
- metadata.gz: 6d78130742746beaeee50d35621a4e38e41a1441f33ae94aef8d3eacb95e16d9918d58fac6a06c249f01327f9088b38c6d475a4eaae08e4f2abf0ebcd382c975
7
- data.tar.gz: b82b1e59f390f430374e6b70e131245ae9386ea17454cc69e0b4855304cd2d043a1ec63de1c1ed71ab888d9aad7b76a7084a047c30ee9938fcf5160d98ff758a
6
+ metadata.gz: 0ed9001aa8bfb5c107d18a11dc7b1be6724a4b2c75c2ba43997500cc2a3fc05a7a2e0c3edb4b8f4e5f74b73362bf6d69ea78328d1624933b2f854ff9ca336e76
7
+ data.tar.gz: c31da589c9732d58c564352b274364e86c280fe0e5c3daabdfd02e99d808005158d80768c657ebe1432ffadcf378149933b06ee22dc6942f7df6cfbd6fa9edbe
@@ -8,4 +8,8 @@ class BundlerAuditIssuesMailer < ActionMailer::Base
8
8
  @vulnerabilities = vulnerabilities
9
9
  mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Results')
10
10
  end
11
+ def error_in_running errors, opts = {}
12
+ @errors = errors
13
+ mail(to: (opts[:custom_recipient] || DEFAULT_TO), subject: 'Vulnerability Scanner Errored')
14
+ end
11
15
  end
@@ -0,0 +1,14 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
5
+ </head>
6
+ <body>
7
+ <h1>Vulnerabilities: </h1>
8
+ <ul>
9
+ <% @errors.each do |error| %>
10
+ <li> <%= error.to_s.html_safe %></li>
11
+ <% end %>
12
+ </ul>
13
+ </body>
14
+ </html>
@@ -6,16 +6,16 @@
6
6
  <body>
7
7
  <h1>Vulnerabilities: </h1>
8
8
  <% @vulnerabilities.each do |line| %>
9
- <ul>
10
- <li> Name: <%= line[:name].to_s.html_safe %></li>
11
- <li> Version: <%= line[:version].to_s.html_safe %></li>
12
- <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
- <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
- <li> Url: <%= line[:url].to_s.html_safe %></li>
15
- <li> Title: <%= line[:title].to_s.html_safe %></li>
16
- <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
- </ul>
18
- <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line.token) %></p>
9
+ <ul>
10
+ <li> Name: <%= line[:name].to_s.html_safe %></li>
11
+ <li> Version: <%= line[:version].to_s.html_safe %></li>
12
+ <li> Advisory: <%= line[:advisory].to_s.html_safe %></li>
13
+ <li> Criticality:<%= line[:criticality].to_s.html_safe %></li>
14
+ <li> Url: <%= line[:url].to_s.html_safe %></li>
15
+ <li> Title: <%= line[:title].to_s.html_safe %></li>
16
+ <li> Solution: <%= line[:solution].to_s.html_safe %></li>
17
+ </ul>
18
+ <p> Click here to ignore this vulnerability: <%= link_to "ignore", ignore_url(line[:token]) %></p>
19
19
  <% end %>
20
20
  </body>
21
21
  </html>
@@ -1,66 +1,94 @@
1
1
  # dependencies
2
2
  require "active_support"
3
- require 'rake'
4
- require "bundler_audit_notifier/engine"
5
3
 
6
4
  module BundlerAuditNotifier
7
5
  def self.audit_parse
8
6
  r, w = IO.pipe
9
- audit_script_file = File.join(File.dirname(__FILE__), 'auditer_script.rb')
7
+ errors = []
10
8
  # Spawn executes specified command and return its pid
11
9
  # This line will execute code that runs bundler-audit and then write the output into the IO pipe
12
- # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
13
- pid = spawn(RbConfig.ruby, audit_script_file, :out => w, :err => [:child, :out])
14
-
15
- Process.wait2(pid)
16
- w.close
17
- # At this point, the results of the bundler-audit check command are written in the IO pipe
18
- vulnerabilities = []# load quieries from database
19
- while !r.eof?
20
- name_line = r.gets
21
-
22
- if name = name_line[/Name: (?<name>.+)/, :name]
23
- version_line = r.gets
24
- advisory_line = r.gets
25
- criticality_line = r.gets
26
- url_line = r.gets
27
- title_line = r.gets
28
- solution_line = r.gets
29
- space = r.gets
30
- if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
31
- version = version_line[/Version: (?<version>.+)/, :version]
32
- advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
33
- criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
34
- url = url_line[/URL: (?<url>.+)/, :url]
35
- title = title_line[/Title: (?<title>.+)/, :title]
36
- solution = solution_line[/Solution: (?<solution>.+)/, :solution]
10
+ script_location = "lib/auditer_script.rb"
11
+ if File.exists?("lib/auditer_script.rb")
12
+ # use local file lib
13
+ else
14
+ gem_file_path = (`bundle show bundler_audit_notifier`).strip
15
+ gem_location = (File.join(gem_file_path, 'lib', 'auditer_script.rb'))
16
+ if File.exists?(gem_location)
17
+ script_location = gem_location
18
+ else
19
+ errors << "Error parsing Script file location: Neither #{script_location} nor #{gem_location}"
20
+ end
21
+ end
22
+ if errors.none?
23
+ pid = spawn(RbConfig.ruby, script_location, :out => w, :err => [:child, :out])
24
+ Process.wait2(pid)
25
+ w.close
26
+ # At this point, the results of the bundler-audit check command are written in the IO pipe
27
+ vulnerabilities = []# load quieries from database
28
+ update_line = r.gets
29
+ # Parsing bundler-audit update results
30
+ if update_line.starts_with?("Updating ruby-advisory-db ...")
31
+ while !update_line.start_with?('ruby-advisory-db:') && !r.eof?
32
+ update_line = r.gets
33
+ end
34
+ else
35
+ errors << "Error parsing DURING UPDATE: #{update_line}"
36
+ end
37
+ while !r.eof?
38
+ # Parsing the bundler-audit results
39
+ name_line = r.gets
40
+
41
+ if name = name_line[/Name: (?<name>.+)/, :name]
42
+ version_line = r.gets
43
+ advisory_line = r.gets
44
+ criticality_line = r.gets
45
+ url_line = r.gets
46
+ title_line = r.gets
47
+ solution_line = r.gets
48
+ space = r.gets
49
+ if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
50
+ version = version_line[/Version: (?<version>.+)/, :version]
51
+ advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
52
+ criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
53
+ url = url_line[/URL: (?<url>.+)/, :url]
54
+ title = title_line[/Title: (?<title>.+)/, :title]
55
+ solution = solution_line[/Solution: (?<solution>.+)/, :solution]
37
56
 
38
- # check for valid data
39
- # check database table for existing event
40
- if BundlerAuditIssue.exists?(advisory: advisory)
41
- bundler_audit_issue = BundlerAuditIssue.where(advisory: advisory).first
42
- # if event found, touch event
43
- bundler_audit_issue.touch
44
- # add event to vulnerabilities array if it was not marked ignored
45
- if !bundler_audit_issue.ignore
46
- vulnerabilities << bundler_audit_issue
57
+ # check for valid data
58
+ # check database table for existing event
59
+ data = {name: name, version: version, advisory: advisory, criticality: criticality, url: url, title: title, solution: solution}
60
+ bai = ::BundlerAuditIssue.find_by_advisory(advisory)
61
+ if bai
62
+ # if event found, touch event
63
+ bai.touch
64
+ # if found event is ignored, remove from vulnerabilites hash
65
+ if !bai.ignore
66
+ vulnerabilities << data.merge({token: bai.token})
67
+ end
68
+ else
69
+ if bai = ::BundlerAuditIssue.create(data)
70
+ vulnerabilities << data.merge({token: bai.token})
71
+ else
72
+ errors << "Error parsing creating new BundlerAuditIssue with the following #{data}"
73
+ end
47
74
  end
48
- else
49
- bundler_audit_issue = BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)
50
-
51
- vulnerabilities << bundler_audit_issue
75
+ else
76
+ errors << "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
52
77
  end
78
+ elsif name_line.strip == "Vulnerabilities found!"
79
+ # puts "End of output reached!"
53
80
  else
54
- puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
81
+ errors << "Error parsing NAME LINE: #{name_line}"
55
82
  end
56
- elsif name_line.strip == "Vulnerabilities found!"
57
- puts "End of output reached!"
58
83
  end
59
84
  end
60
85
  # iterate through remaining vulnerabilties and send them in an email if any are remaining
86
+ if errors.present?
87
+ BundlerAuditIssuesMailer.error_in_running(errors).deliver_now
88
+ end
61
89
  if vulnerabilities.present?
62
90
  BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
63
91
  end
92
+ return [vulnerabilities, errors]
64
93
  end
65
- end
66
-
94
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler_audit_notifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.9
4
+ version: 0.2.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marley Stipich
@@ -38,20 +38,6 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
- - !ruby/object:Gem::Dependency
42
- name: sqlite3
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - ">="
46
- - !ruby/object:Gem::Version
47
- version: '0'
48
- type: :runtime
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - ">="
53
- - !ruby/object:Gem::Version
54
- version: '0'
55
41
  - !ruby/object:Gem::Dependency
56
42
  name: rails
57
43
  requirement: !ruby/object:Gem::Requirement
@@ -148,6 +134,20 @@ dependencies:
148
134
  - - ">="
149
135
  - !ruby/object:Gem::Version
150
136
  version: '0'
137
+ - !ruby/object:Gem::Dependency
138
+ name: sqlite3
139
+ requirement: !ruby/object:Gem::Requirement
140
+ requirements:
141
+ - - ">="
142
+ - !ruby/object:Gem::Version
143
+ version: '0'
144
+ type: :development
145
+ prerelease: false
146
+ version_requirements: !ruby/object:Gem::Requirement
147
+ requirements:
148
+ - - ">="
149
+ - !ruby/object:Gem::Version
150
+ version: '0'
151
151
  description:
152
152
  email:
153
153
  executables: []
@@ -158,6 +158,7 @@ files:
158
158
  - app/mailers/bundler_audit_issues_mailer.rb
159
159
  - app/models/bundler_audit_issue.rb
160
160
  - app/views/bundler_audit_issues/ignore.html.erb
161
+ - app/views/bundler_audit_issues_mailer/error_in_running.html.erb
161
162
  - app/views/bundler_audit_issues_mailer/vulnerability_email.html.erb
162
163
  - lib/auditer_script.rb
163
164
  - lib/bundler_audit_notifier.rb