code_quality 0.3.0 → 0.5.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: eace4c0b5c37da862ea1badeb54ef4f0163236d4f3b73134cbe7dfea9830de86
4
- data.tar.gz: 2927bcc4f3ddff5ff6c142bfdb5835f2fafba593148c547d6e8ca6142d111df4
3
+ metadata.gz: 82b05acfe1e3b4d101666ee1c859db0d370be07a6c9a8e4412dd8f7217d8de79
4
+ data.tar.gz: 742bd0c94490f950f108a62d7c5a90a723e5f00267c67946715dbaca4d5dbbd4
5
5
  SHA512:
6
- metadata.gz: ce5e2c0afa00141987f63bbfaedfbffd7595fe1b888f9dfa90816e1de0a3b8ffd83097ddec857656ce79452417174a37b06e723e0e0891f82dccc3beba52a927
7
- data.tar.gz: 8d318b6278cf2111400c19c0dc296c572fe6a2a3855bc22850b40bc352d2ff060330e7b8086d1562f9122c201ca1a4057d484eaff321bee1b413100f2c19d622
6
+ metadata.gz: 8c7a79c758e3adfab26a81847aeb5bd0d749c03b48e45cb9e7a5429c01441af3aa1852a70903d466b18c91353c64b72eb3c7ec4bba315015cc34e0dd20296728
7
+ data.tar.gz: 31f70202ff9a4edd1f9240a64bfcfa1a96bb8b5515a6ed2b91b250a4a70d0444a41022ed77bf085b8dbdb99d62a0b29afaa39f4240b321345bfe7056c9f53f9f
@@ -1,14 +1,47 @@
1
- sudo: false
1
+ ################
2
+ # CI Workflow:
3
+ # feature development, trigger by `git push`:
4
+ # test -> code_audit(code_security_audit and code_quality_audit)
5
+ #
6
+ # feature deploy, trigger by `git push --tags`
7
+ # test -> deploy
8
+ #
9
+ # Stages:
10
+ # - test: run `rake test`
11
+ # - code_audit: run `code_quality security_audit` and `code_quality quality_audit`
12
+ # - deploy: auto build and upload a gem package to rubygems.org after `git push --tags`
13
+ #
14
+ # Principle:
15
+ # - fail fast
16
+ # - done is better than perfect
17
+ ################
18
+
19
+ stages:
20
+ - test
21
+ - code_audit
22
+ - deploy
23
+
2
24
  language: ruby
3
25
  rvm:
4
- - 2.4.3
5
- before_install: gem install bundler -v 1.16.0
26
+ - 2.5.3
27
+ - 2.6.0
28
+ before_install: gem install bundler
6
29
 
7
30
  # config GitHub OAuth Token
8
31
  env:
9
32
  global:
10
33
  secure: HLfW6QDOiyxaM7wBRDzdF9ud0Ey1EVL/rdnvt8TvM7VUbtUt4wLlCbUcIIASbxrv0AV/MtpkS4n9O/WIk3rcdndoUzoPtYBNIKI9McJuunoSxzY2pwlF7scZz0aE64OJCCshCEeaNRR5p8yw7Lw4gptsdFmceIVXyPfGEG924arSwFcAhMUnWxaIBFamH9/j2KXrq0RkagX2b4+HUqH1at4cfc/otFUbvQxaGL5eaxI+ReZU3MwO3uxAvdoWoiWpAS3NDTxJKN9GMT6a67wzbxGPERj2G75sGubwVJfvRhdh+BgjAOJjgSMaUMYn2HA9phN5Mkb0z9yaZu2RuBzEscHv8Cq8pSVHb75IvjBdk2Ovsq3R25D/jFdTPnLnJxsrWYVLDDSyJvpyc1aOcws/Ry7MEX8v+Lt0gWJraleTcfn51ulZY/cWlD8utVqvTjfjGjKEZrmYXn5nu0xTJ3vYHMttqKavh6nQxcc7cDRLbVDE5GI9PUjENNP+ZxY0ldiSQiYm+S/1OuHZP9/z6DXMhIDUFZBNSIy3dkKW5bUFQNeb40mi0muS8elqoKQ/fkumU7YmKEVrdkP6wyL6LEa4HYqFAy/glktcb1r9PTSPpE/Z40rx0wemUaPSyY/2SYp1CMoSJpIHvt2IHzrlPaSuK9UTObmtH02CRqB9R8/cURU=
11
34
 
35
+ jobs:
36
+ include:
37
+ - stage: code_audit
38
+ if: branch != master
39
+ install: gem install code_quality --no-ri --no-rdoc
40
+ script:
41
+ - bundle install # to generate Gemfile.lock
42
+ - code_quality security_audit
43
+ - code_quality quality_audit fail_fast=false generate_index=true lowest_score=90 rubocop_max_offenses=120
44
+
12
45
  deploy:
13
46
  # automatically release Ruby gem to RubyGems after a successful build with `git push --tags`
14
47
  - provider: rubygems
@@ -21,9 +54,9 @@ deploy:
21
54
 
22
55
  # publish generated files to GitHub pages
23
56
  - provider: script
24
- skip_cleanup: true
57
+ # skip_cleanup: true
25
58
  script: bin/travis-update-gh-pages.sh
26
59
  on:
27
60
  branch: master
28
61
  tags: true
29
- condition: $TRAVIS_PULL_REQUEST = "false"
62
+ # condition: $TRAVIS_PULL_REQUEST = "false"
data/README.md CHANGED
@@ -3,7 +3,7 @@
3
3
  Run code quality and security audit report with one command `code_quality`.
4
4
 
5
5
  [![Gem Version](https://badge.fury.io/rb/code_quality.svg)](https://badge.fury.io/rb/code_quality)
6
- [![Build Status](https://travis-ci.org/rainchen/code_quality.svg)](https://travis-ci.org/rainchen/code_quality)
6
+ [![Build Status](https://travis-ci.com/rainchen/code_quality.svg)](https://travis-ci.com/rainchen/code_quality)
7
7
  [![HitCount](http://hits.dwyl.io/rainchen/code_quality.svg)](http://hits.dwyl.io/rainchen/code_quality)
8
8
 
9
9
  ## Principle
@@ -90,6 +90,13 @@ output example:
90
90
 
91
91
  ![](doc/imgs/code_quality_security_audit_failed_example.png)
92
92
 
93
+ #### options for security_audit:
94
+
95
+ ```
96
+ # e.g.: code_quality security_audit bundler_audit_options="--ignore CVE-2015-9284"
97
+ # options:
98
+ # bundler_audit_options: pass extract options, e.g.: bundler_audit_options="--ignore CVE-2015-9284 --verbose"
99
+ ```
93
100
 
94
101
  #### work with CI
95
102
 
@@ -119,11 +126,17 @@ Then Gitlab sends notification with the failure info, for example:
119
126
  ```
120
127
  # bundler audit - checks for vulnerable versions of gems in Gemfile.lock
121
128
  code_quality security_audit:bundler_audit
129
+
130
+ # with bundler_audit cli options
131
+ code_quality security_audit:bundler_audit bundler_audit_options="--ignore CVE-2020-5267 CVE-2020-10663"
122
132
  ```
123
133
 
124
134
  ```
125
135
  # brakeman audit - checks Ruby on Rails applications for security vulnerabilities
126
136
  code_quality security_audit:brakeman
137
+
138
+ # with brakeman cli options
139
+ code_quality security_audit:brakeman brakeman_options="--skip-files app/views/"
127
140
  ```
128
141
 
129
142
  ```
@@ -3,7 +3,7 @@
3
3
  Run code quality and security audit report with one rake task as `rake code_quality`.
4
4
 
5
5
  [![Gem Version](https://badge.fury.io/rb/code_quality.svg)](https://badge.fury.io/rb/code_quality)
6
- [![Build Status](https://travis-ci.org/rainchen/code_quality.svg)](https://travis-ci.org/rainchen/code_quality)
6
+ [![Build Status](https://travis-ci.com/rainchen/code_quality.svg)](https://travis-ci.com/rainchen/code_quality)
7
7
  [![HitCount](http://hits.dwyl.io/rainchen/code_quality.svg)](http://hits.dwyl.io/rainchen/code_quality)
8
8
 
9
9
  ## Principle
data/Rakefile CHANGED
@@ -1,7 +1,8 @@
1
1
  require "bundler/gem_tasks"
2
2
  require "rspec/core/rake_task"
3
3
 
4
- RSpec::Core::RakeTask.new(:spec)
4
+ RSpec::Core::RakeTask.new(:spec) # introduce `rake spec` to Run RSpec code examples
5
5
 
6
6
  task :default => :spec
7
+ task :test => :spec # alias `rake test`
7
8
  Rake::Task.send :load, 'tasks/code_quality.rake'
@@ -8,7 +8,7 @@
8
8
 
9
9
  <ul>
10
10
  <% @audit_tasks.each do |task_name, report| %>
11
- <li>[<%= report[:failure].empty? ? "" : "" %>] <a href="<%= report[:report_path] %>"><%= task_name %></a> <%= report[:failure] %></li>
11
+ <li>[<%= report[:failure].empty? ? "&#x2713;" : "&#x2717;" %>] <a href="<%= report[:report_path] %>"><%= task_name %></a> <%= report[:failure] %></li>
12
12
  <% end %>
13
13
  </ul>
14
14
 
@@ -18,11 +18,11 @@ if [ ${TRAVIS} = "true" ]; then
18
18
  cp -Rf $HOME/tmp/code_quality/* .
19
19
 
20
20
  #setup git user
21
- git config user.email "travis@travis-ci.org"
21
+ git config user.email "travis@travis-ci.com"
22
22
  git config user.name "Travis CI"
23
23
 
24
24
  #add, commit and push files
25
- travis_build_url="https://travis-ci.org/${TRAVIS_REPO_SLUG}/builds/${TRAVIS_BUILD_ID}"
25
+ travis_build_url="https://travis-ci.com/${TRAVIS_REPO_SLUG}/builds/${TRAVIS_BUILD_ID}"
26
26
  git add -f .
27
27
  git commit -m "Travis CI build $travis_build_url pushed to gh-pages"
28
28
  git push -fq origin gh-pages > /dev/null
@@ -23,12 +23,13 @@ Gem::Specification.new do |spec|
23
23
 
24
24
  spec.add_dependency "bundler-audit"
25
25
  spec.add_dependency "brakeman"
26
- spec.add_dependency "rubycritic", "~> 3.3.0"
27
- spec.add_dependency "rubocop", "~> 0.52.0"
28
- spec.add_dependency "rubocop-github", "~> 0.8.1"
29
- spec.add_dependency "code_metric_fu", "~> 4.14.4"
26
+ spec.add_dependency "rubycritic", "~> 4.1.0"
27
+ spec.add_dependency "rubocop", "~> 0.70.0"
28
+ spec.add_dependency "rubocop-github", "~> 0.13.0"
29
+ # spec.add_dependency "code_metric_fu", "~> 4.14.4"
30
+ spec.add_dependency "metric_fu", "~> 4.13.0"
30
31
 
31
- spec.add_development_dependency "bundler", "~> 1.16"
32
- spec.add_development_dependency "rake", "~> 10.0"
32
+ spec.add_development_dependency "bundler", ">= 2.0.2"
33
+ spec.add_development_dependency "rake", ">= 12.3.3"
33
34
  spec.add_development_dependency "rspec", "~> 3.0"
34
35
  end
@@ -1,3 +1,3 @@
1
1
  # https://github.com/rails/rails/blob/master/.rubocop.yml
2
2
  inherit_from:
3
- - https://rawgit.com/rails/rails/master/.rubocop.yml
3
+ - https://cdn.jsdelivr.net/gh/rails/rails/.rubocop.yml
@@ -39,14 +39,20 @@ module CodeQuality
39
39
 
40
40
  OptionParser.new do |opts|
41
41
  opts.separator "Run code_quality for a ruby/rails project, e.g.:"
42
- opts.separator " code_quality lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10"
42
+ opts.separator " code_quality lowest_score=90 rubocop_max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10"
43
43
  opts.separator ""
44
44
  opts.separator "Show available tasks:"
45
45
  opts.separator " code_quality -T"
46
46
  opts.separator ""
47
- opts.separator "Invoke a audit task:"
47
+ opts.separator "Invoke an audit task:"
48
48
  opts.separator " code_quality AUDIT_TASK"
49
49
  opts.separator ""
50
+ opts.separator "Invoke all security audit tasks:"
51
+ opts.separator " code_quality security_audit"
52
+ opts.separator ""
53
+ opts.separator "Invoke all quality audit tasks:"
54
+ opts.separator " code_quality quality_audit"
55
+ opts.separator ""
50
56
  opts.separator "Advanced options:"
51
57
 
52
58
  opts.on_tail("-h", "--help", "-H", "Display this help message.") do
@@ -1,3 +1,3 @@
1
1
  module CodeQuality
2
- VERSION = "0.3.0"
2
+ VERSION = "0.5.2"
3
3
  end
@@ -35,10 +35,13 @@ namespace :code_quality do
35
35
  end
36
36
 
37
37
  desc "bundler audit"
38
+ # Update the ruby-advisory-db and check Gemfile.lock
39
+ # options:
40
+ # bundler_audit_options: pass extract CLI options, e.g.: bundler_audit_options="--ignore CVE-2020-5267 CVE-2020-10663"
38
41
  task :bundler_audit => :prepare do |task|
42
+ options = options_from_env(:bundler_audit_options)
39
43
  run_audit task, "bundler audit - checks for vulnerable versions of gems in Gemfile.lock" do
40
- # Update the ruby-advisory-db and check Gemfile.lock
41
- report = `bundle audit check --update`
44
+ report = `bundle audit check --update #{options[:bundler_audit_options]}`
42
45
  @report_path = "#{report_dir}/bundler-audit-report.txt"
43
46
  File.open(@report_path, 'w') {|f| f.write report }
44
47
  puts report
@@ -47,11 +50,14 @@ namespace :code_quality do
47
50
  end
48
51
 
49
52
  desc "brakeman"
53
+ # options:
54
+ # brakeman_options: pass extract CLI options, e.g.: brakeman_options="--skip-files lib/templates/"
50
55
  task :brakeman => :prepare do |task|
56
+ options = options_from_env(:brakeman_options)
51
57
  require 'json'
52
58
  run_audit task, "Brakeman audit - checks Ruby on Rails applications for security vulnerabilities" do
53
59
  @report_path = "#{report_dir}/brakeman-report.txt"
54
- `brakeman -o #{@report_path} -o #{report_dir}/brakeman-report.json`
60
+ `brakeman -o #{@report_path} -o #{report_dir}/brakeman-report.json #{options[:brakeman_options]} .`
55
61
  puts `cat #{@report_path}`
56
62
  report = JSON.parse(File.read("#{report_dir}/brakeman-report.json"))
57
63
  audit_faild "There are #{report["errors"].size} errors, must fix them ASAP." if report["errors"].any?
@@ -84,7 +90,7 @@ namespace :code_quality do
84
90
  # default tasks
85
91
  task :default => [:run_all, :resources] do; end
86
92
 
87
- desc "run all audit tasks"
93
+ # desc "run all audit tasks"
88
94
  task :run_all => :helpers do
89
95
  options = options_from_env(:fail_fast, :generate_index)
90
96
  fail_fast = options.fetch(:fail_fast, "false")
@@ -174,6 +180,7 @@ namespace :code_quality do
174
180
  # generate report
175
181
  report = `rubocop -c #{config_file} -S -R -P #{options[:cli_options]} --format offenses --format html -o #{report_path}`
176
182
  puts report
183
+ puts "Generated by RuboCop #{`rubocop --version`}"
177
184
  puts "Report generated to #{report_path}"
178
185
  show_in_browser File.realpath(report_path)
179
186
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: code_quality
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - RainChen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-02-28 00:00:00.000000000 Z
11
+ date: 2020-06-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-audit
@@ -44,84 +44,84 @@ dependencies:
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 3.3.0
47
+ version: 4.1.0
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 3.3.0
54
+ version: 4.1.0
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rubocop
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: 0.52.0
61
+ version: 0.70.0
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: 0.52.0
68
+ version: 0.70.0
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rubocop-github
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 0.8.1
75
+ version: 0.13.0
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 0.8.1
82
+ version: 0.13.0
83
83
  - !ruby/object:Gem::Dependency
84
- name: code_metric_fu
84
+ name: metric_fu
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: 4.14.4
89
+ version: 4.13.0
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: 4.14.4
96
+ version: 4.13.0
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: bundler
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - "~>"
101
+ - - ">="
102
102
  - !ruby/object:Gem::Version
103
- version: '1.16'
103
+ version: 2.0.2
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - "~>"
108
+ - - ">="
109
109
  - !ruby/object:Gem::Version
110
- version: '1.16'
110
+ version: 2.0.2
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rake
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
- - - "~>"
115
+ - - ">="
116
116
  - !ruby/object:Gem::Version
117
- version: '10.0'
117
+ version: 12.3.3
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
- - - "~>"
122
+ - - ">="
123
123
  - !ruby/object:Gem::Version
124
- version: '10.0'
124
+ version: 12.3.3
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rspec
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
187
187
  version: '0'
188
188
  requirements: []
189
189
  rubyforge_project:
190
- rubygems_version: 2.7.6
190
+ rubygems_version: 2.7.7
191
191
  signing_key:
192
192
  specification_version: 4
193
193
  summary: run code quality and security audit report with one command