carthage_audit 0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +6 -0
  3. data/bin/carthage_audit +6 -0
  4. data/lib/carthage_audit.rb +76 -0
  5. data/spec/audit_spec.rb +9 -0
  6. metadata +65 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 681d8acf114b7d9ff780a03291932f411e4328d51130f99ebb4c74261e527987
4
+ data.tar.gz: d510f649677fa2b37b7db350561b8b64e8305ed62f6d9401adb70a064fcb1e80
5
+ SHA512:
6
+ metadata.gz: d6b0b48438128a4a1d0a7873f1819b30783ac3aa22df35562b01dc3250c5235af5ec177a0be9a92abcbe41215fed8d012ebc97d261486c8f86222bbec06f9b27
7
+ data.tar.gz: 361e46359e5000100ccef806bda5ff3e49ba999ac128dbc2ae04622fd1c6c05e4b98fd4bed45595832f6eacefc99502776e33bbb33910273c7ef93b79a9d05e2
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ source "https://rubygems.org"
2
+
3
+ gem "gem-release", group: :development
4
+ gem "oga"
5
+ gem "rspec", group: :test
6
+ gem "solargraph", group: :development
data/bin/carthage_audit ADDED
@@ -0,0 +1,6 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'carthage_audit'
4
+
5
+ audit = Auditor.new
6
+ audit.run # TODO: delete this because it's useless?
data/lib/carthage_audit.rb ADDED
@@ -0,0 +1,76 @@
1
+ require "net/http"
2
+ require "oga"
3
+
4
+ class Auditor
5
+ Dependency = Struct.new(:name, :current_version, :new_version, :update_info_list) do
6
+ # Returns first update note that includes security keyword
7
+ def vulnerability_info
8
+ # word_pattern = /(vulnerability|vulnerabilities|security|attack|advisory|unsecure|critical|alert|emergency)/
9
+ word_pattern = /(fix|bug)/ # TODO: for testing purposes
10
+ update_info_list.detect { |i| i.downcase.match?(word_pattern) }
11
+ end
12
+ end
13
+
14
+ def get_repo(name)
15
+ File.open("Cartfile", "r") do |f|
16
+ f.each_line do |line|
17
+ next unless matches = line.match(/^github "(.*#{Regexp.quote(name)})"/)
18
+
19
+ repo = matches[1]
20
+ return repo
21
+ end
22
+ end
23
+
24
+ "#{name}/#{name}" # repo assumed to `github.com/repo_name/repo_name`
25
+ end
26
+
27
+ def make_request(url)
28
+ uri = URI(url)
29
+
30
+ _ = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == "https") do |http|
31
+ req = Net::HTTP::Get.new(uri.request_uri)
32
+ http.request(req)
33
+ end
34
+ end
35
+
36
+ def get_list_items_from_html(html)
37
+ update_info = []
38
+
39
+ d = Oga.parse_html(html)
40
+ _ = d.css(".markdown-body").each do |n|
41
+ n.css("ul li").each do |l|
42
+ update_info << l.text
43
+ end
44
+ end
45
+
46
+ update_info
47
+ end
48
+
49
+ def run
50
+ # TODO: replace w/ actual call to carthage outdated
51
+ IO.popen("cat carthage_output.txt", "r") do |output|
52
+ output.readlines.each do |line|
53
+ next unless matches = line.match(/^(.*?) "(.*?)".*Latest: "(.*?)"/)
54
+
55
+ name = matches[1]
56
+ current_version = matches[2]
57
+ new_version = matches[3]
58
+
59
+ dep = Dependency.new(name, current_version, new_version, nil)
60
+
61
+ next if current_version == new_version
62
+
63
+ repo = get_repo(name)
64
+ url = "https://github.com/#{repo}/releases/tag/#{new_version}"
65
+ resp = make_request(url)
66
+
67
+ next unless resp.code == "200"
68
+
69
+ update_info_list = get_list_items_from_html(resp.body)
70
+ dep.update_info_list = update_info_list
71
+
72
+ yield dep
73
+ end
74
+ end
75
+ end
76
+ end
data/spec/audit_spec.rb ADDED
@@ -0,0 +1,9 @@
1
+ require "carthage_audit"
2
+
3
+ RSpec.describe Auditor do
4
+ describe "some_func" do
5
+ it "does stuff" do
6
+ expect(true).to be(true)
7
+ end
8
+ end
9
+ end
metadata ADDED
@@ -0,0 +1,65 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: carthage_audit
3
+ version: !ruby/object:Gem::Version
4
+ version: '0.1'
5
+ platform: ruby
6
+ authors:
7
+ - Joshua Kaplan
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-06-20 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rspec
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '3.8'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '3.8'
27
+ description: This tool is just a simple checker to see if newer versions of Carthage
28
+ dependencies use keywords that relate to security
29
+ email:
30
+ - yhkaplan@gmail.com
31
+ executables:
32
+ - carthage_audit
33
+ extensions: []
34
+ extra_rdoc_files: []
35
+ files:
36
+ - Gemfile
37
+ - bin/carthage_audit
38
+ - lib/carthage_audit.rb
39
+ - spec/audit_spec.rb
40
+ homepage: http://github.com/yhkaplan/carthage_audit
41
+ licenses:
42
+ - MIT
43
+ metadata: {}
44
+ post_install_message:
45
+ rdoc_options: []
46
+ require_paths:
47
+ - lib
48
+ required_ruby_version: !ruby/object:Gem::Requirement
49
+ requirements:
50
+ - - ">="
51
+ - !ruby/object:Gem::Version
52
+ version: '0'
53
+ required_rubygems_version: !ruby/object:Gem::Requirement
54
+ requirements:
55
+ - - ">="
56
+ - !ruby/object:Gem::Version
57
+ version: '0'
58
+ requirements: []
59
+ rubygems_version: 3.0.1
60
+ signing_key:
61
+ specification_version: 4
62
+ summary: A tool to check if newer versions of Carthage dependencies contain security
63
+ updates
64
+ test_files:
65
+ - spec/audit_spec.rb