circlemator 0.4.2 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +3 -0
- data/Gemfile.lock +8 -3
- data/README.md +22 -0
- data/circlemator.gemspec +1 -0
- data/exe/circlemator +8 -0
- data/lib/circlemator/code_analyser.rb +5 -0
- data/lib/circlemator/version.rb +1 -1
- metadata +16 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 20e499cf49cb667491cdbcc4461f803a915c4f723c3724ce6190560151612b1e
|
4
|
+
data.tar.gz: 3d7593e004adc53e015691940feff6db04535863bc980e8f64c49a59302d54c0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 07657c548b74615461d3a50cd7472503338d519d6a737141b21383ae10d5dbfa80ef4c656d86be50b48bc484c1fcfab6a1dbd11f02782332f7166fc5d36f0116
|
7
|
+
data.tar.gz: 8490f8c638ec58e9ca01ba1d09473b543c36f2ddfbb5366266fd03fe5927a27bf358e0c35daf06e76a6858306c519022f1a4ec8db6b84db55e470bec1020db0f
|
data/.circleci/config.yml
CHANGED
@@ -39,6 +39,9 @@ jobs:
|
|
39
39
|
- run:
|
40
40
|
name: Test Code Coverage
|
41
41
|
command: bundle exec exe/circlemator test-coverage --base-branch=master
|
42
|
+
- run:
|
43
|
+
name: Test Code Security
|
44
|
+
command: bundle exec exe/circlemator test-security --base-branch=master
|
42
45
|
push_to_rubygems:
|
43
46
|
docker:
|
44
47
|
- image: circleci/ruby:2.4.2
|
data/Gemfile.lock
CHANGED
@@ -4,6 +4,7 @@ PATH
|
|
4
4
|
circlemator (0.4.2)
|
5
5
|
httparty (~> 0.13.7)
|
6
6
|
pronto (~> 0.9.5)
|
7
|
+
pronto-brakeman (~> 0.9.1)
|
7
8
|
pronto-commentator (~> 0)
|
8
9
|
pronto-rubocop (~> 0.9.0)
|
9
10
|
pronto-undercover (~> 0.1)
|
@@ -14,6 +15,7 @@ GEM
|
|
14
15
|
addressable (2.5.2)
|
15
16
|
public_suffix (>= 2.0.2, < 4.0)
|
16
17
|
ast (2.4.0)
|
18
|
+
brakeman (4.3.1)
|
17
19
|
coderay (1.1.2)
|
18
20
|
crack (0.4.3)
|
19
21
|
safe_yaml (~> 1.0.0)
|
@@ -60,7 +62,7 @@ GEM
|
|
60
62
|
notiffany (0.1.1)
|
61
63
|
nenv (~> 0.1)
|
62
64
|
shellany (~> 0.0)
|
63
|
-
octokit (4.
|
65
|
+
octokit (4.13.0)
|
64
66
|
sawyer (~> 0.8.0, >= 0.5.3)
|
65
67
|
parallel (1.12.1)
|
66
68
|
parser (2.5.1.2)
|
@@ -73,6 +75,9 @@ GEM
|
|
73
75
|
rainbow (~> 2.1)
|
74
76
|
rugged (~> 0.24, >= 0.23.0)
|
75
77
|
thor (~> 0.19.0)
|
78
|
+
pronto-brakeman (0.9.1)
|
79
|
+
brakeman (>= 3.2.0)
|
80
|
+
pronto (~> 0.9.0)
|
76
81
|
pronto-commentator (0.1.1)
|
77
82
|
pronto (~> 0.9.5)
|
78
83
|
pronto-rubocop (0.9.1)
|
@@ -118,7 +123,7 @@ GEM
|
|
118
123
|
unicode-display_width (~> 1.0, >= 1.0.1)
|
119
124
|
ruby-progressbar (1.10.0)
|
120
125
|
ruby_dep (1.5.0)
|
121
|
-
rugged (0.27.
|
126
|
+
rugged (0.27.5)
|
122
127
|
safe_yaml (1.0.4)
|
123
128
|
sawyer (0.8.1)
|
124
129
|
addressable (>= 2.3.5, < 2.6)
|
@@ -163,4 +168,4 @@ DEPENDENCIES
|
|
163
168
|
webmock (~> 1.22.6)
|
164
169
|
|
165
170
|
BUNDLED WITH
|
166
|
-
1.
|
171
|
+
1.17.1
|
data/README.md
CHANGED
@@ -129,6 +129,28 @@ Circlemator reads additional config from [.pronto.yml](https://github.com/grodow
|
|
129
129
|
|
130
130
|
`test-coverage` requires the following environment variable to be set:
|
131
131
|
|
132
|
+
- `GITHUB_ACCESS_TOKEN`: A Github API auth token for a user with commit
|
133
|
+
access to your repo. (Can also be set with the `-g` option.)
|
134
|
+
|
135
|
+
### Security check
|
136
|
+
|
137
|
+
The security check looks for common security errors using [Pronto](https://github.com/prontolabs/pronto) and [Brakeman](https://github.com/presidentbeef/brakeman) Static Application Security Testing and post warnings as PR comments.
|
138
|
+
|
139
|
+
```yml
|
140
|
+
test:
|
141
|
+
pre:
|
142
|
+
- bundle exec circlemator security-check --base-branch=develop
|
143
|
+
```
|
144
|
+
|
145
|
+
(Note: use local branch names, like `develop` instead of
|
146
|
+
`origin/develop`; `origin` will be prepended for running pronto as
|
147
|
+
necessary.)
|
148
|
+
|
149
|
+
It probably makes sense to put `security-check` in either the `pre` or
|
150
|
+
`override` steps.)
|
151
|
+
|
152
|
+
`security-check` requires the following environment variable to be set:
|
153
|
+
|
132
154
|
- `GITHUB_ACCESS_TOKEN`: A Github API auth token for a user with commit
|
133
155
|
access to your repo. (Can also be set with the `-g` option.)
|
134
156
|
|
data/circlemator.gemspec
CHANGED
@@ -26,6 +26,7 @@ Gem::Specification.new do |spec|
|
|
26
26
|
spec.add_dependency 'pronto-rubocop', '~> 0.9.0'
|
27
27
|
spec.add_dependency 'pronto-commentator', '~> 0'
|
28
28
|
spec.add_dependency 'pronto-undercover', '~> 0.1'
|
29
|
+
spec.add_dependency 'pronto-brakeman', '~> 0.9.1'
|
29
30
|
|
30
31
|
spec.add_development_dependency 'bundler', '>= 1.9'
|
31
32
|
spec.add_development_dependency 'rake', '~> 10.0'
|
data/exe/circlemator
CHANGED
@@ -93,6 +93,14 @@ when 'test-coverage'
|
|
93
93
|
options[:github_repo] = Circlemator::GithubRepo.new(options)
|
94
94
|
|
95
95
|
Circlemator::CodeAnalyser.new(options).check_coverage
|
96
|
+
when 'test-security'
|
97
|
+
options[:sha] = require_env 'CIRCLE_SHA1'
|
98
|
+
options[:compare_branch] ||= require_env 'CIRCLE_BRANCH'
|
99
|
+
require_opt options, :github_auth_token
|
100
|
+
require_opt options, :base_branch
|
101
|
+
options[:github_repo] = Circlemator::GithubRepo.new(options)
|
102
|
+
|
103
|
+
Circlemator::CodeAnalyser.new(options).check_security
|
96
104
|
when 'comment'
|
97
105
|
options[:sha] = require_env 'CIRCLE_SHA1'
|
98
106
|
options[:compare_branch] ||= require_env 'CIRCLE_BRANCH'
|
data/lib/circlemator/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: circlemator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Emanuel Evans
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-11-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: httparty
|
@@ -80,6 +80,20 @@ dependencies:
|
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '0.1'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: pronto-brakeman
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: 0.9.1
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 0.9.1
|
83
97
|
- !ruby/object:Gem::Dependency
|
84
98
|
name: bundler
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|