capistrano-bundle_audit 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/capistrano/bundle_audit/version.rb +1 -1
  3. data/lib/capistrano/bundle_audit.rb +0 -1
  4. data/lib/capistrano/tasks/bundle_audit.rake +15 -7
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f488e189ceed7bef5eb2bb93ced8d25bfc517b38
4
- data.tar.gz: dfb1933cd4db78ad9d39a06fb4b1ccef34d7fbe4
3
+ metadata.gz: 4f6157938e40feb73815c43c9bbbf5bdddc58492
4
+ data.tar.gz: a76db4d182893e2ff65e4aa815909ad4471443c2
5
5
  SHA512:
6
- metadata.gz: da5abe0534f095efc6ae058cbca241636177a678dcad400fea38096f5e412b486c8fdac05d93dcdea52ddb7b6a8389a0122040d6de60a8bbed22fd35e13895f9
7
- data.tar.gz: 28718f4bd9a47f03f69f155919894df35e0006882d3a062ffd1e0d28e0ba44b81633abe9645b0d0b9cc3ce096f3de29918de5d1e4e85a7268f171c9fb36a14f9
6
+ metadata.gz: d32b94727ce50a46fdc4da9c97abd02f7bcb7d63c59f1cfa9e88859dc468c78739e18a2b7c39d9cfb39dd3fe7ee28db2524d5c97e3ec866a9093a07af89587d3
7
+ data.tar.gz: fc8cf08160e752b76523b1d03c4a316b0a9fb1fc771cfd0a22ab24d1b476ad45a9842990fab196984c9c5f222c24cf9f7fb4f42915cb67483e6e37a700843902
data/lib/capistrano/bundle_audit/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module BundleAudit
3
- VERSION = "0.0.1"
3
+ VERSION = "0.0.2"
4
4
  end
5
5
  end
data/lib/capistrano/bundle_audit.rb CHANGED
@@ -2,7 +2,6 @@ require "capistrano/bundle_audit/version"
2
2
 
3
3
  module Capistrano
4
4
  module BundleAudit
5
- # Your code goes here...
6
5
  end
7
6
  end
8
7
 
data/lib/capistrano/tasks/bundle_audit.rake CHANGED
@@ -2,20 +2,28 @@ require 'tmpdir'
2
2
 
3
3
  namespace :deploy do
4
4
  namespace :check do
5
+ desc "Audit the Gemfile/Gemfile.lock for known vulnerabilities"
5
6
  task :bundle_audit do
6
- on roles(:app) do |host|
7
+ on roles(:app) do |host|
8
+
9
+ # Download the relevant files and run bundle-audit on them locally
7
10
  Dir.mktmpdir do |dir|
8
11
  Dir.chdir dir do
9
12
  download! "#{release_path}/Gemfile.lock", "Gemfile.lock"
10
13
  download! "#{release_path}/Gemfile", "Gemfile"
11
-
14
+
12
15
  run_locally do
16
+
17
+ # Get the latest vulnerability information
13
18
  execute "bundle-audit update &> /dev/null"
19
+
14
20
  bundle_audit_output = capture "bundle-audit"
15
- unless ENV['SKIP_BUNDLE_AUDIT']
16
- if bundle_audit_output =~ /Name:/
17
- raise "Bundle audit failed; update your vulnerable dependencies and redeploy"
18
- end
21
+
22
+ # bundle-audit includes failures for both gem vulnerabilities
23
+ # and insecure gem sources, and offers no way to distinguish those cases.
24
+ # unfortunately, we only want to fail when vulnerable gems are required.
25
+ if bundle_audit_output =~ /Name:/
26
+ fail "Bundle audit failed; update your vulnerable dependencies before deploying"
19
27
  end
20
28
  end
21
29
  end
@@ -24,5 +32,5 @@ namespace :deploy do
24
32
  end
25
33
  end
26
34
 
27
- before 'deploy:starting', 'deploy:check:bundle_audit'
35
+ after 'deploy:updating', 'deploy:check:bundle_audit' unless ENV['SKIP_BUNDLE_AUDIT']
28
36
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-bundle_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer