dependency-timeline-audit 0.0.0 → 0.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e4a44a4760b883532f6bf9640b0df6f791e8a8518e8747e3078b0d17a39f540
-  data.tar.gz: c2656213c2c3e337f3ad974a2488815a1c61040d62f84072d74b4f1cfbe427eb
+  metadata.gz: 3b9e17ee55c32c28cf3b8217bbf7ddab45ceafbc611046361ab649b5ede37d42
+  data.tar.gz: 0a9e935a6e14de9350d1cf9036774da6d5a0e2a8d71967c3d57f581ab3c22bf1
 SHA512:
-  metadata.gz: a8b74f3e417d9460bebbaa784253b8579e3074c10e5910ff3642b25e49745f068c2b557079c0f3b9b74545a9d825fdaddd58b4bafaaef838ddf2a9f5bf213ba8
-  data.tar.gz: 0e56d272cbc09eddd6cb043fa5659f265538e1f61f8ee7708ac1e237b5417f071a1ce7387e77e48517c298be10d5865e2797de7e78a6d569b1cd56e2ca8b3794
+  metadata.gz: fe745f2316cd6df1ec6022898fd5a6ccb45baf22bfe1f088430a330bd40f58e73b5656515b150ebec40c12423cf829b18b3a9ef8181eec0ddbc592fa9b161f3d
+  data.tar.gz: f2e7b8e9524a8e9caac06d708e25bdc07c3d90a625a45be93bd0c79d8d3c5446614814a53247c7da6b63628dd7fbc9296033e7753120999b50fdb866c1933839

data/bin/dependency-timeline-audit

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require 'dependency-timeline-audit'
+
+DependencyTimelineAudit::Check.check

data/lib/dependency-timeline-audit/check.rb

@@ -0,0 +1,93 @@
+require 'date'
+require 'active_support/all'
+
+module DependencyTimelineAudit
+  class Check
+    # TODO: activesupport is kinda hefty for just grabbing 1.year.ago, remove
+    def self.outdated_threshold
+      1.year.ago
+    end
+
+    def self.check(lockfile = 'Gemfile.lock')
+      outdated_versions = []
+      locked_gems.each do |gem|
+        lock_released_at = GemInfo.version_created_at(gem[:name], gem[:locked_version])
+        latest_version = GemInfo.latest_version(gem[:name])
+        outdated_versions.push(gem[:name]) if gem_outdated?(lock_released_at)
+        print_info(gem, lock_released_at, latest_version)
+      end
+
+      if outdated_versions.any?
+        set_text_color_red
+        puts "\nOutdated gems detected!"
+        puts " - #{outdated_versions.join(', ')}"
+
+        exit(1) # Failure
+      else
+        reset_text_style
+        puts "\nAll gems are within the accepted threshold!"
+
+        exit(0) # Success
+      end
+    end
+
+    private
+
+    def self.gem_outdated?(released_at)
+      released_at <= outdated_threshold
+    end
+
+    def self.print_info(gem, lock_released_at, latest_version)
+      puts "Gem: \e[1m#{gem[:name]}\e[0m"
+      set_text_color(lock_released_at, gem[:locked_version] == latest_version[:version])
+      puts "  - Locked to: #{gem[:locked_version]} (Released: #{format_date(lock_released_at)})"
+      set_text_color(latest_version[:created_at])
+      puts "  - Latest: #{latest_version[:version]} (Released: #{format_date(latest_version[:created_at])})"
+      reset_text_style
+    end
+
+    def self.set_text_color(released_at, using_latest = true)
+      if gem_outdated?(released_at)
+        set_text_color_red
+      else
+        if using_latest
+          set_text_color_green
+        else
+          set_text_color_yellow
+        end
+      end
+    end
+
+    def self.set_text_bold
+      print "\e[1m"
+    end
+
+    def self.set_text_color_red
+      print "\e[31m"
+    end
+
+    def self.set_text_color_green
+      print "\e[32m"
+    end
+
+    def self.set_text_color_yellow
+      print "\e[33m"
+    end
+
+    def self.reset_text_style
+      print "\e[0m"
+    end
+
+    def self.locked_gems
+      lockfile = Bundler::LockfileParser.new(File.read('Gemfile.lock'))
+      lockfile.specs.map do |gem|
+        { name: gem.name, locked_version: gem.version.to_s }
+      end
+    end
+
+    def self.format_date(date_string)
+      date = Date.parse(date_string)
+      date.strftime("%Y-%m-%d")
+    end
+  end
+end

data/lib/dependency-timeline-audit/gem_info.rb

@@ -0,0 +1,41 @@
+require 'net/http'
+require 'json'
+
+module DependencyTimelineAudit
+  # Define a class for interacting with the RubyGems API
+  class GemInfo
+    API_URL = 'https://rubygems.org/api/v1/versions/'
+    @@gem_cache = {}
+
+    # Method to fetch the gem data and cache it
+    def self.fetch_gem_data(gem_name)
+      # Check if gem info is already cached
+      unless @@gem_cache[gem_name]
+        url = URI("#{API_URL}#{gem_name}.json")
+        response = Net::HTTP.get(url)
+        @@gem_cache[gem_name] = JSON.parse(response)
+      end
+
+      # Return cached gem info
+      @@gem_cache[gem_name]
+    end
+
+    # Method to fetch the latest version and its created_at timestamp
+    def self.latest_version(gem_name)
+      versions = fetch_gem_data(gem_name)
+      latest = versions.first # The first entry is the latest version
+      version_number = latest['number']
+      created_at = latest['created_at']
+      { version: version_number, created_at: created_at }
+    end
+
+    # Method to fetch the created_at timestamp for a specific version
+    def self.version_created_at(gem_name, version)
+      versions = fetch_gem_data(gem_name)
+      # Find the version that matches the requested version string
+      version_info = versions.find { |v| v['number'] == version }
+
+      version_info['created_at']
+    end
+  end
+end

data/lib/dependency-timeline-audit/version.rb

@@ -2,7 +2,7 @@ module DependencyTimelineAudit
   module VERSION
     MAJOR = 0
     MINOR = 0
-    PATCH = 0
+    PATCH = 1
 
     STRING = [MAJOR, MINOR, PATCH].join('.')
   end

data/lib/dependency-timeline-audit.rb

@@ -1,4 +1,6 @@
 module DependencyTimelineAudit
+  autoload :Check, 'dependency-timeline-audit/check'
+  autoload :GemInfo, 'dependency-timeline-audit/gem_info'
   autoload :VERSION, 'dependency-timeline-audit/version'
 
   def self.gem_version

metadata

@@ -1,22 +1,54 @@
 --- !ruby/object:Gem::Specification
 name: dependency-timeline-audit
 version: !ruby/object:Gem::Version
-  version: 0.0.0
+  version: 0.0.1
 platform: ruby
 authors:
 - Josh Buker
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
 date: 2024-09-24 00:00:00.000000000 Z
-dependencies: []
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Provides a way to audit your dependencies based on release timeline.
 email: crypto@joshbuker.com
-executables: []
+executables:
+- dependency-timeline-audit
 extensions: []
 extra_rdoc_files: []
 files:
+- bin/dependency-timeline-audit
 - lib/dependency-timeline-audit.rb
+- lib/dependency-timeline-audit/check.rb
+- lib/dependency-timeline-audit/gem_info.rb
 - lib/dependency-timeline-audit/version.rb
 homepage: https://github.com/CloudSecurityAlliance/Dependency-Timeline-Audit
 licenses:
@@ -24,7 +56,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/CloudSecurityAlliance/Dependency-Timeline-Audit/issues
   rubygems_mfa_required: 'true'
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -39,8 +71,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
-signing_key:
+rubygems_version: 3.3.5
+signing_key: 
 specification_version: 4
 summary: Dependency Timeline Audit Ruby Interface
 test_files: []