carthage_audit 0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/Gemfile +6 -0
- data/bin/carthage_audit +6 -0
- data/lib/carthage_audit.rb +76 -0
- data/spec/audit_spec.rb +9 -0
- metadata +65 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 681d8acf114b7d9ff780a03291932f411e4328d51130f99ebb4c74261e527987
|
4
|
+
data.tar.gz: d510f649677fa2b37b7db350561b8b64e8305ed62f6d9401adb70a064fcb1e80
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: d6b0b48438128a4a1d0a7873f1819b30783ac3aa22df35562b01dc3250c5235af5ec177a0be9a92abcbe41215fed8d012ebc97d261486c8f86222bbec06f9b27
|
7
|
+
data.tar.gz: 361e46359e5000100ccef806bda5ff3e49ba999ac128dbc2ae04622fd1c6c05e4b98fd4bed45595832f6eacefc99502776e33bbb33910273c7ef93b79a9d05e2
|
data/Gemfile
ADDED
data/bin/carthage_audit
ADDED
@@ -0,0 +1,76 @@
|
|
1
|
+
require "net/http"
|
2
|
+
require "oga"
|
3
|
+
|
4
|
+
class Auditor
|
5
|
+
Dependency = Struct.new(:name, :current_version, :new_version, :update_info_list) do
|
6
|
+
# Returns first update note that includes security keyword
|
7
|
+
def vulnerability_info
|
8
|
+
# word_pattern = /(vulnerability|vulnerabilities|security|attack|advisory|unsecure|critical|alert|emergency)/
|
9
|
+
word_pattern = /(fix|bug)/ # TODO: for testing purposes
|
10
|
+
update_info_list.detect { |i| i.downcase.match?(word_pattern) }
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def get_repo(name)
|
15
|
+
File.open("Cartfile", "r") do |f|
|
16
|
+
f.each_line do |line|
|
17
|
+
next unless matches = line.match(/^github "(.*#{Regexp.quote(name)})"/)
|
18
|
+
|
19
|
+
repo = matches[1]
|
20
|
+
return repo
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
"#{name}/#{name}" # repo assumed to `github.com/repo_name/repo_name`
|
25
|
+
end
|
26
|
+
|
27
|
+
def make_request(url)
|
28
|
+
uri = URI(url)
|
29
|
+
|
30
|
+
_ = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == "https") do |http|
|
31
|
+
req = Net::HTTP::Get.new(uri.request_uri)
|
32
|
+
http.request(req)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def get_list_items_from_html(html)
|
37
|
+
update_info = []
|
38
|
+
|
39
|
+
d = Oga.parse_html(html)
|
40
|
+
_ = d.css(".markdown-body").each do |n|
|
41
|
+
n.css("ul li").each do |l|
|
42
|
+
update_info << l.text
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
update_info
|
47
|
+
end
|
48
|
+
|
49
|
+
def run
|
50
|
+
# TODO: replace w/ actual call to carthage outdated
|
51
|
+
IO.popen("cat carthage_output.txt", "r") do |output|
|
52
|
+
output.readlines.each do |line|
|
53
|
+
next unless matches = line.match(/^(.*?) "(.*?)".*Latest: "(.*?)"/)
|
54
|
+
|
55
|
+
name = matches[1]
|
56
|
+
current_version = matches[2]
|
57
|
+
new_version = matches[3]
|
58
|
+
|
59
|
+
dep = Dependency.new(name, current_version, new_version, nil)
|
60
|
+
|
61
|
+
next if current_version == new_version
|
62
|
+
|
63
|
+
repo = get_repo(name)
|
64
|
+
url = "https://github.com/#{repo}/releases/tag/#{new_version}"
|
65
|
+
resp = make_request(url)
|
66
|
+
|
67
|
+
next unless resp.code == "200"
|
68
|
+
|
69
|
+
update_info_list = get_list_items_from_html(resp.body)
|
70
|
+
dep.update_info_list = update_info_list
|
71
|
+
|
72
|
+
yield dep
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
data/spec/audit_spec.rb
ADDED
metadata
ADDED
@@ -0,0 +1,65 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: carthage_audit
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: '0.1'
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Joshua Kaplan
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-06-20 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rspec
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '3.8'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '3.8'
|
27
|
+
description: This tool is just a simple checker to see if newer versions of Carthage
|
28
|
+
dependencies use keywords that relate to security
|
29
|
+
email:
|
30
|
+
- yhkaplan@gmail.com
|
31
|
+
executables:
|
32
|
+
- carthage_audit
|
33
|
+
extensions: []
|
34
|
+
extra_rdoc_files: []
|
35
|
+
files:
|
36
|
+
- Gemfile
|
37
|
+
- bin/carthage_audit
|
38
|
+
- lib/carthage_audit.rb
|
39
|
+
- spec/audit_spec.rb
|
40
|
+
homepage: http://github.com/yhkaplan/carthage_audit
|
41
|
+
licenses:
|
42
|
+
- MIT
|
43
|
+
metadata: {}
|
44
|
+
post_install_message:
|
45
|
+
rdoc_options: []
|
46
|
+
require_paths:
|
47
|
+
- lib
|
48
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
49
|
+
requirements:
|
50
|
+
- - ">="
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
version: '0'
|
53
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
54
|
+
requirements:
|
55
|
+
- - ">="
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
version: '0'
|
58
|
+
requirements: []
|
59
|
+
rubygems_version: 3.0.1
|
60
|
+
signing_key:
|
61
|
+
specification_version: 4
|
62
|
+
summary: A tool to check if newer versions of Carthage dependencies contain security
|
63
|
+
updates
|
64
|
+
test_files:
|
65
|
+
- spec/audit_spec.rb
|