carthage_audit 0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +6 -0
  3. data/bin/carthage_audit +6 -0
  4. data/lib/carthage_audit.rb +76 -0
  5. data/spec/audit_spec.rb +9 -0
  6. metadata +65 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 681d8acf114b7d9ff780a03291932f411e4328d51130f99ebb4c74261e527987
4
+ data.tar.gz: d510f649677fa2b37b7db350561b8b64e8305ed62f6d9401adb70a064fcb1e80
5
+ SHA512:
6
+ metadata.gz: d6b0b48438128a4a1d0a7873f1819b30783ac3aa22df35562b01dc3250c5235af5ec177a0be9a92abcbe41215fed8d012ebc97d261486c8f86222bbec06f9b27
7
+ data.tar.gz: 361e46359e5000100ccef806bda5ff3e49ba999ac128dbc2ae04622fd1c6c05e4b98fd4bed45595832f6eacefc99502776e33bbb33910273c7ef93b79a9d05e2
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ source "https://rubygems.org"
2
+
3
+ gem "gem-release", group: :development
4
+ gem "oga"
5
+ gem "rspec", group: :test
6
+ gem "solargraph", group: :development
data/bin/carthage_audit ADDED
@@ -0,0 +1,6 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'carthage_audit'
4
+
5
+ audit = Auditor.new
6
+ audit.run # TODO: delete this because it's useless?
data/lib/carthage_audit.rb ADDED
@@ -0,0 +1,76 @@
1
+ require "net/http"
2
+ require "oga"
3
+
4
+ class Auditor
5
+ Dependency = Struct.new(:name, :current_version, :new_version, :update_info_list) do
6
+ # Returns first update note that includes security keyword
7
+ def vulnerability_info
8
+ # word_pattern = /(vulnerability|vulnerabilities|security|attack|advisory|unsecure|critical|alert|emergency)/
9
+ word_pattern = /(fix|bug)/ # TODO: for testing purposes
10
+ update_info_list.detect { |i| i.downcase.match?(word_pattern) }
11
+ end
12
+ end
13
+
14
+ def get_repo(name)
15
+ File.open("Cartfile", "r") do |f|
16
+ f.each_line do |line|
17
+ next unless matches = line.match(/^github "(.*#{Regexp.quote(name)})"/)
18
+
19
+ repo = matches[1]
20
+ return repo
21
+ end
22
+ end
23
+
24
+ "#{name}/#{name}" # repo assumed to `github.com/repo_name/repo_name`
25
+ end
26
+
27
+ def make_request(url)
28
+ uri = URI(url)
29
+
30
+ _ = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == "https") do |http|
31
+ req = Net::HTTP::Get.new(uri.request_uri)
32
+ http.request(req)
33
+ end
34
+ end
35
+
36
+ def get_list_items_from_html(html)
37
+ update_info = []
38
+
39
+ d = Oga.parse_html(html)
40
+ _ = d.css(".markdown-body").each do |n|
41
+ n.css("ul li").each do |l|
42
+ update_info << l.text
43
+ end
44
+ end
45
+
46
+ update_info
47
+ end
48
+
49
+ def run
50
+ # TODO: replace w/ actual call to carthage outdated
51
+ IO.popen("cat carthage_output.txt", "r") do |output|
52
+ output.readlines.each do |line|
53
+ next unless matches = line.match(/^(.*?) "(.*?)".*Latest: "(.*?)"/)
54
+
55
+ name = matches[1]
56
+ current_version = matches[2]
57
+ new_version = matches[3]
58
+
59
+ dep = Dependency.new(name, current_version, new_version, nil)
60
+
61
+ next if current_version == new_version
62
+
63
+ repo = get_repo(name)
64
+ url = "https://github.com/#{repo}/releases/tag/#{new_version}"
65
+ resp = make_request(url)
66
+
67
+ next unless resp.code == "200"
68
+
69
+ update_info_list = get_list_items_from_html(resp.body)
70
+ dep.update_info_list = update_info_list
71
+
72
+ yield dep
73
+ end
74
+ end
75
+ end
76
+ end
data/spec/audit_spec.rb ADDED
@@ -0,0 +1,9 @@
1
+ require "carthage_audit"
2
+
3
+ RSpec.describe Auditor do
4
+ describe "some_func" do
5
+ it "does stuff" do
6
+ expect(true).to be(true)
7
+ end
8
+ end
9
+ end
metadata ADDED
@@ -0,0 +1,65 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: carthage_audit
3
+ version: !ruby/object:Gem::Version
4
+ version: '0.1'
5
+ platform: ruby
6
+ authors:
7
+ - Joshua Kaplan
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-06-20 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rspec
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '3.8'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '3.8'
27
+ description: This tool is just a simple checker to see if newer versions of Carthage
28
+ dependencies use keywords that relate to security
29
+ email:
30
+ - yhkaplan@gmail.com
31
+ executables:
32
+ - carthage_audit
33
+ extensions: []
34
+ extra_rdoc_files: []
35
+ files:
36
+ - Gemfile
37
+ - bin/carthage_audit
38
+ - lib/carthage_audit.rb
39
+ - spec/audit_spec.rb
40
+ homepage: http://github.com/yhkaplan/carthage_audit
41
+ licenses:
42
+ - MIT
43
+ metadata: {}
44
+ post_install_message:
45
+ rdoc_options: []
46
+ require_paths:
47
+ - lib
48
+ required_ruby_version: !ruby/object:Gem::Requirement
49
+ requirements:
50
+ - - ">="
51
+ - !ruby/object:Gem::Version
52
+ version: '0'
53
+ required_rubygems_version: !ruby/object:Gem::Requirement
54
+ requirements:
55
+ - - ">="
56
+ - !ruby/object:Gem::Version
57
+ version: '0'
58
+ requirements: []
59
+ rubygems_version: 3.0.1
60
+ signing_key:
61
+ specification_version: 4
62
+ summary: A tool to check if newer versions of Carthage dependencies contain security
63
+ updates
64
+ test_files:
65
+ - spec/audit_spec.rb