capistrano-bundle_audit 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/capistrano/bundle_audit/version.rb +1 -1
  3. data/lib/capistrano/bundle_audit.rb +0 -1
  4. data/lib/capistrano/tasks/bundle_audit.rake +15 -7
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f488e189ceed7bef5eb2bb93ced8d25bfc517b38
4
- data.tar.gz: dfb1933cd4db78ad9d39a06fb4b1ccef34d7fbe4
3
+ metadata.gz: 4f6157938e40feb73815c43c9bbbf5bdddc58492
4
+ data.tar.gz: a76db4d182893e2ff65e4aa815909ad4471443c2
5
5
  SHA512:
6
- metadata.gz: da5abe0534f095efc6ae058cbca241636177a678dcad400fea38096f5e412b486c8fdac05d93dcdea52ddb7b6a8389a0122040d6de60a8bbed22fd35e13895f9
7
- data.tar.gz: 28718f4bd9a47f03f69f155919894df35e0006882d3a062ffd1e0d28e0ba44b81633abe9645b0d0b9cc3ce096f3de29918de5d1e4e85a7268f171c9fb36a14f9
6
+ metadata.gz: d32b94727ce50a46fdc4da9c97abd02f7bcb7d63c59f1cfa9e88859dc468c78739e18a2b7c39d9cfb39dd3fe7ee28db2524d5c97e3ec866a9093a07af89587d3
7
+ data.tar.gz: fc8cf08160e752b76523b1d03c4a316b0a9fb1fc771cfd0a22ab24d1b476ad45a9842990fab196984c9c5f222c24cf9f7fb4f42915cb67483e6e37a700843902
data/lib/capistrano/bundle_audit/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module BundleAudit
3
- VERSION = "0.0.1"
3
+ VERSION = "0.0.2"
4
4
  end
5
5
  end
data/lib/capistrano/bundle_audit.rb CHANGED
@@ -2,7 +2,6 @@ require "capistrano/bundle_audit/version"
2
2
 
3
3
  module Capistrano
4
4
  module BundleAudit
5
- # Your code goes here...
6
5
  end
7
6
  end
8
7
 
data/lib/capistrano/tasks/bundle_audit.rake CHANGED
@@ -2,20 +2,28 @@ require 'tmpdir'
2
2
 
3
3
  namespace :deploy do
4
4
  namespace :check do
5
+ desc "Audit the Gemfile/Gemfile.lock for known vulnerabilities"
5
6
  task :bundle_audit do
6
- on roles(:app) do |host|
7
+ on roles(:app) do |host|
8
+
9
+ # Download the relevant files and run bundle-audit on them locally
7
10
  Dir.mktmpdir do |dir|
8
11
  Dir.chdir dir do
9
12
  download! "#{release_path}/Gemfile.lock", "Gemfile.lock"
10
13
  download! "#{release_path}/Gemfile", "Gemfile"
11
-
14
+
12
15
  run_locally do
16
+
17
+ # Get the latest vulnerability information
13
18
  execute "bundle-audit update &> /dev/null"
19
+
14
20
  bundle_audit_output = capture "bundle-audit"
15
- unless ENV['SKIP_BUNDLE_AUDIT']
16
- if bundle_audit_output =~ /Name:/
17
- raise "Bundle audit failed; update your vulnerable dependencies and redeploy"
18
- end
21
+
22
+ # bundle-audit includes failures for both gem vulnerabilities
23
+ # and insecure gem sources, and offers no way to distinguish those cases.
24
+ # unfortunately, we only want to fail when vulnerable gems are required.
25
+ if bundle_audit_output =~ /Name:/
26
+ fail "Bundle audit failed; update your vulnerable dependencies before deploying"
19
27
  end
20
28
  end
21
29
  end
@@ -24,5 +32,5 @@ namespace :deploy do
24
32
  end
25
33
  end
26
34
 
27
- before 'deploy:starting', 'deploy:check:bundle_audit'
35
+ after 'deploy:updating', 'deploy:check:bundle_audit' unless ENV['SKIP_BUNDLE_AUDIT']
28
36
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-bundle_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer