dependency-timeline-audit 0.0.0 → 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3b9e17ee55c32c28cf3b8217bbf7ddab45ceafbc611046361ab649b5ede37d42
|
4
|
+
data.tar.gz: 0a9e935a6e14de9350d1cf9036774da6d5a0e2a8d71967c3d57f581ab3c22bf1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fe745f2316cd6df1ec6022898fd5a6ccb45baf22bfe1f088430a330bd40f58e73b5656515b150ebec40c12423cf829b18b3a9ef8181eec0ddbc592fa9b161f3d
|
7
|
+
data.tar.gz: f2e7b8e9524a8e9caac06d708e25bdc07c3d90a625a45be93bd0c79d8d3c5446614814a53247c7da6b63628dd7fbc9296033e7753120999b50fdb866c1933839
|
@@ -0,0 +1,93 @@
|
|
1
|
+
require 'date'
|
2
|
+
require 'active_support/all'
|
3
|
+
|
4
|
+
module DependencyTimelineAudit
|
5
|
+
class Check
|
6
|
+
# TODO: activesupport is kinda hefty for just grabbing 1.year.ago, remove
|
7
|
+
def self.outdated_threshold
|
8
|
+
1.year.ago
|
9
|
+
end
|
10
|
+
|
11
|
+
def self.check(lockfile = 'Gemfile.lock')
|
12
|
+
outdated_versions = []
|
13
|
+
locked_gems.each do |gem|
|
14
|
+
lock_released_at = GemInfo.version_created_at(gem[:name], gem[:locked_version])
|
15
|
+
latest_version = GemInfo.latest_version(gem[:name])
|
16
|
+
outdated_versions.push(gem[:name]) if gem_outdated?(lock_released_at)
|
17
|
+
print_info(gem, lock_released_at, latest_version)
|
18
|
+
end
|
19
|
+
|
20
|
+
if outdated_versions.any?
|
21
|
+
set_text_color_red
|
22
|
+
puts "\nOutdated gems detected!"
|
23
|
+
puts " - #{outdated_versions.join(', ')}"
|
24
|
+
|
25
|
+
exit(1) # Failure
|
26
|
+
else
|
27
|
+
reset_text_style
|
28
|
+
puts "\nAll gems are within the accepted threshold!"
|
29
|
+
|
30
|
+
exit(0) # Success
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
def self.gem_outdated?(released_at)
|
37
|
+
released_at <= outdated_threshold
|
38
|
+
end
|
39
|
+
|
40
|
+
def self.print_info(gem, lock_released_at, latest_version)
|
41
|
+
puts "Gem: \e[1m#{gem[:name]}\e[0m"
|
42
|
+
set_text_color(lock_released_at, gem[:locked_version] == latest_version[:version])
|
43
|
+
puts " - Locked to: #{gem[:locked_version]} (Released: #{format_date(lock_released_at)})"
|
44
|
+
set_text_color(latest_version[:created_at])
|
45
|
+
puts " - Latest: #{latest_version[:version]} (Released: #{format_date(latest_version[:created_at])})"
|
46
|
+
reset_text_style
|
47
|
+
end
|
48
|
+
|
49
|
+
def self.set_text_color(released_at, using_latest = true)
|
50
|
+
if gem_outdated?(released_at)
|
51
|
+
set_text_color_red
|
52
|
+
else
|
53
|
+
if using_latest
|
54
|
+
set_text_color_green
|
55
|
+
else
|
56
|
+
set_text_color_yellow
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
def self.set_text_bold
|
62
|
+
print "\e[1m"
|
63
|
+
end
|
64
|
+
|
65
|
+
def self.set_text_color_red
|
66
|
+
print "\e[31m"
|
67
|
+
end
|
68
|
+
|
69
|
+
def self.set_text_color_green
|
70
|
+
print "\e[32m"
|
71
|
+
end
|
72
|
+
|
73
|
+
def self.set_text_color_yellow
|
74
|
+
print "\e[33m"
|
75
|
+
end
|
76
|
+
|
77
|
+
def self.reset_text_style
|
78
|
+
print "\e[0m"
|
79
|
+
end
|
80
|
+
|
81
|
+
def self.locked_gems
|
82
|
+
lockfile = Bundler::LockfileParser.new(File.read('Gemfile.lock'))
|
83
|
+
lockfile.specs.map do |gem|
|
84
|
+
{ name: gem.name, locked_version: gem.version.to_s }
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
def self.format_date(date_string)
|
89
|
+
date = Date.parse(date_string)
|
90
|
+
date.strftime("%Y-%m-%d")
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'net/http'
|
2
|
+
require 'json'
|
3
|
+
|
4
|
+
module DependencyTimelineAudit
|
5
|
+
# Define a class for interacting with the RubyGems API
|
6
|
+
class GemInfo
|
7
|
+
API_URL = 'https://rubygems.org/api/v1/versions/'
|
8
|
+
@@gem_cache = {}
|
9
|
+
|
10
|
+
# Method to fetch the gem data and cache it
|
11
|
+
def self.fetch_gem_data(gem_name)
|
12
|
+
# Check if gem info is already cached
|
13
|
+
unless @@gem_cache[gem_name]
|
14
|
+
url = URI("#{API_URL}#{gem_name}.json")
|
15
|
+
response = Net::HTTP.get(url)
|
16
|
+
@@gem_cache[gem_name] = JSON.parse(response)
|
17
|
+
end
|
18
|
+
|
19
|
+
# Return cached gem info
|
20
|
+
@@gem_cache[gem_name]
|
21
|
+
end
|
22
|
+
|
23
|
+
# Method to fetch the latest version and its created_at timestamp
|
24
|
+
def self.latest_version(gem_name)
|
25
|
+
versions = fetch_gem_data(gem_name)
|
26
|
+
latest = versions.first # The first entry is the latest version
|
27
|
+
version_number = latest['number']
|
28
|
+
created_at = latest['created_at']
|
29
|
+
{ version: version_number, created_at: created_at }
|
30
|
+
end
|
31
|
+
|
32
|
+
# Method to fetch the created_at timestamp for a specific version
|
33
|
+
def self.version_created_at(gem_name, version)
|
34
|
+
versions = fetch_gem_data(gem_name)
|
35
|
+
# Find the version that matches the requested version string
|
36
|
+
version_info = versions.find { |v| v['number'] == version }
|
37
|
+
|
38
|
+
version_info['created_at']
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
metadata
CHANGED
@@ -1,22 +1,54 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependency-timeline-audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Buker
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
date: 2024-09-24 00:00:00.000000000 Z
|
12
|
-
dependencies:
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: activesupport
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
13
41
|
description: Provides a way to audit your dependencies based on release timeline.
|
14
42
|
email: crypto@joshbuker.com
|
15
|
-
executables:
|
43
|
+
executables:
|
44
|
+
- dependency-timeline-audit
|
16
45
|
extensions: []
|
17
46
|
extra_rdoc_files: []
|
18
47
|
files:
|
48
|
+
- bin/dependency-timeline-audit
|
19
49
|
- lib/dependency-timeline-audit.rb
|
50
|
+
- lib/dependency-timeline-audit/check.rb
|
51
|
+
- lib/dependency-timeline-audit/gem_info.rb
|
20
52
|
- lib/dependency-timeline-audit/version.rb
|
21
53
|
homepage: https://github.com/CloudSecurityAlliance/Dependency-Timeline-Audit
|
22
54
|
licenses:
|
@@ -24,7 +56,7 @@ licenses:
|
|
24
56
|
metadata:
|
25
57
|
bug_tracker_uri: https://github.com/CloudSecurityAlliance/Dependency-Timeline-Audit/issues
|
26
58
|
rubygems_mfa_required: 'true'
|
27
|
-
post_install_message:
|
59
|
+
post_install_message:
|
28
60
|
rdoc_options: []
|
29
61
|
require_paths:
|
30
62
|
- lib
|
@@ -39,8 +71,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
39
71
|
- !ruby/object:Gem::Version
|
40
72
|
version: '0'
|
41
73
|
requirements: []
|
42
|
-
rubygems_version: 3.5
|
43
|
-
signing_key:
|
74
|
+
rubygems_version: 3.3.5
|
75
|
+
signing_key:
|
44
76
|
specification_version: 4
|
45
77
|
summary: Dependency Timeline Audit Ruby Interface
|
46
78
|
test_files: []
|