circlemator 0.4.2 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2604e7a5b95a6a170404547e962d6d5bdaa92ac460508c19fb22de40d1075f33
-  data.tar.gz: 7b25a32f14c5c6821569df17f4a05d42d37b909cb5d1a1e0b4cfeddaf9d8e0e1
+  metadata.gz: 20e499cf49cb667491cdbcc4461f803a915c4f723c3724ce6190560151612b1e
+  data.tar.gz: 3d7593e004adc53e015691940feff6db04535863bc980e8f64c49a59302d54c0
 SHA512:
-  metadata.gz: d64e32972f10aa197579440f6683d8ee2b75cf19356bbc119c7897f7b8c69390965fd3f798a8125e0bf771725f936c95e9f4f214ae9db04175032845ce80b0dc
-  data.tar.gz: a7bd253468fd36d8258aec0869413d77cb314a2f71c3f90641d95ff580c3d0c119b70e038491ffda7401aa2e89dfa4fd877913a6249280aa9b9dfd6021eb00e8
+  metadata.gz: 07657c548b74615461d3a50cd7472503338d519d6a737141b21383ae10d5dbfa80ef4c656d86be50b48bc484c1fcfab6a1dbd11f02782332f7166fc5d36f0116
+  data.tar.gz: 8490f8c638ec58e9ca01ba1d09473b543c36f2ddfbb5366266fd03fe5927a27bf358e0c35daf06e76a6858306c519022f1a4ec8db6b84db55e470bec1020db0f

data/.circleci/config.yml

@@ -39,6 +39,9 @@ jobs:
       - run:
           name: Test Code Coverage
           command: bundle exec exe/circlemator test-coverage --base-branch=master
+      - run:
+          name: Test Code Security
+          command: bundle exec exe/circlemator test-security --base-branch=master
   push_to_rubygems:
     docker:
       - image: circleci/ruby:2.4.2

data/Gemfile.lock

@@ -4,6 +4,7 @@ PATH
     circlemator (0.4.2)
       httparty (~> 0.13.7)
       pronto (~> 0.9.5)
+      pronto-brakeman (~> 0.9.1)
       pronto-commentator (~> 0)
       pronto-rubocop (~> 0.9.0)
       pronto-undercover (~> 0.1)
@@ -14,6 +15,7 @@ GEM
     addressable (2.5.2)
       public_suffix (>= 2.0.2, < 4.0)
     ast (2.4.0)
+    brakeman (4.3.1)
     coderay (1.1.2)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
@@ -60,7 +62,7 @@ GEM
     notiffany (0.1.1)
       nenv (~> 0.1)
       shellany (~> 0.0)
-    octokit (4.12.0)
+    octokit (4.13.0)
       sawyer (~> 0.8.0, >= 0.5.3)
     parallel (1.12.1)
     parser (2.5.1.2)
@@ -73,6 +75,9 @@ GEM
       rainbow (~> 2.1)
       rugged (~> 0.24, >= 0.23.0)
       thor (~> 0.19.0)
+    pronto-brakeman (0.9.1)
+      brakeman (>= 3.2.0)
+      pronto (~> 0.9.0)
     pronto-commentator (0.1.1)
       pronto (~> 0.9.5)
     pronto-rubocop (0.9.1)
@@ -118,7 +123,7 @@ GEM
       unicode-display_width (~> 1.0, >= 1.0.1)
     ruby-progressbar (1.10.0)
     ruby_dep (1.5.0)
-    rugged (0.27.4)
+    rugged (0.27.5)
     safe_yaml (1.0.4)
     sawyer (0.8.1)
       addressable (>= 2.3.5, < 2.6)
@@ -163,4 +168,4 @@ DEPENDENCIES
   webmock (~> 1.22.6)
 
 BUNDLED WITH
-   1.16.6
+   1.17.1

data/README.md

@@ -129,6 +129,28 @@ Circlemator reads additional config from [.pronto.yml](https://github.com/grodow
 
 `test-coverage` requires the following environment variable to be set:
 
+- `GITHUB_ACCESS_TOKEN`: A Github API auth token for a user with commit
+  access to your repo. (Can also be set with the `-g` option.)
+
+### Security check
+
+The security check looks for common security errors using [Pronto](https://github.com/prontolabs/pronto) and [Brakeman](https://github.com/presidentbeef/brakeman) Static Application Security Testing and post warnings as PR comments.
+
+```yml
+test:
+  pre:
+    - bundle exec circlemator security-check --base-branch=develop
+```
+
+(Note: use local branch names, like `develop` instead of
+`origin/develop`; `origin` will be prepended for running pronto as
+necessary.)
+
+It probably makes sense to put `security-check` in either the `pre` or
+`override` steps.)
+
+`security-check` requires the following environment variable to be set:
+
 - `GITHUB_ACCESS_TOKEN`: A Github API auth token for a user with commit
   access to your repo. (Can also be set with the `-g` option.)
 

data/circlemator.gemspec

@@ -26,6 +26,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'pronto-rubocop', '~> 0.9.0'
   spec.add_dependency 'pronto-commentator', '~> 0'
   spec.add_dependency 'pronto-undercover', '~> 0.1'
+  spec.add_dependency 'pronto-brakeman', '~> 0.9.1'
 
   spec.add_development_dependency 'bundler', '>= 1.9'
   spec.add_development_dependency 'rake', '~> 10.0'

data/exe/circlemator

@@ -93,6 +93,14 @@ when 'test-coverage'
   options[:github_repo] = Circlemator::GithubRepo.new(options)
 
   Circlemator::CodeAnalyser.new(options).check_coverage
+when 'test-security'
+  options[:sha] = require_env 'CIRCLE_SHA1'
+  options[:compare_branch] ||= require_env 'CIRCLE_BRANCH'
+  require_opt options, :github_auth_token
+  require_opt options, :base_branch
+  options[:github_repo] = Circlemator::GithubRepo.new(options)
+
+  Circlemator::CodeAnalyser.new(options).check_security
 when 'comment'
   options[:sha] = require_env 'CIRCLE_SHA1'
   options[:compare_branch] ||= require_env 'CIRCLE_BRANCH'

data/lib/circlemator/code_analyser.rb

@@ -22,6 +22,11 @@ module Circlemator
       run_pronto
     end
 
+    def check_security
+      require 'pronto/brakeman'
+      run_pronto
+    end
+
     private
 
     def run_pronto

data/lib/circlemator/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Circlemator
-  VERSION = '0.4.2'
+  VERSION = '0.5.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: circlemator
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.0
 platform: ruby
 authors:
 - Emanuel Evans
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-10-23 00:00:00.000000000 Z
+date: 2018-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -80,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: pronto-brakeman
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement