RubyGems - dependency-timeline-audit - Versions diffs - 0.0.0 → 0.0.2 - Mend

dependency-timeline-audit 0.0.0 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/bin/dependency-timeline-audit +34 -0
data/lib/dependency-timeline-audit/check.rb +95 -0
data/lib/dependency-timeline-audit/gem_info.rb +41 -0
data/lib/dependency-timeline-audit/version.rb +1 -1
data/lib/dependency-timeline-audit.rb +2 -0
metadata +40 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e4a44a4760b883532f6bf9640b0df6f791e8a8518e8747e3078b0d17a39f540
-  data.tar.gz: c2656213c2c3e337f3ad974a2488815a1c61040d62f84072d74b4f1cfbe427eb
+  metadata.gz: d4fb437a64c2b990372ff5137b6deb79d5405f5522e81b02830108cc43596155
+  data.tar.gz: 9edf8bfe737bb3991802e93c01d272aa786b4bd1dd8a6733c6de17099175b013
 SHA512:
-  metadata.gz: a8b74f3e417d9460bebbaa784253b8579e3074c10e5910ff3642b25e49745f068c2b557079c0f3b9b74545a9d825fdaddd58b4bafaaef838ddf2a9f5bf213ba8
-  data.tar.gz: 0e56d272cbc09eddd6cb043fa5659f265538e1f61f8ee7708ac1e237b5417f071a1ce7387e77e48517c298be10d5865e2797de7e78a6d569b1cd56e2ca8b3794
+  metadata.gz: 9e19239773413b37e23d54c21dd22cbbc65f65102f778d5437676da683fb76a202bf197f7b01e6ce874f8ce6761e53ccd7d9e2d9985a4096d46e9a86ae63e769
+  data.tar.gz: e52bc4921722fc2be009aed94f7009917d4034ccc48c4f130c4fac5651af46e482d58765fd0171c87ecdd2abb2431d479926de3be4b6dc9d8c08684cabf37374

data/bin/dependency-timeline-audit ADDED Viewed

@@ -0,0 +1,34 @@
+#!/usr/bin/env ruby
+require 'dependency-timeline-audit'
+require 'optparse'
+# See: https://docs.ruby-lang.org/en/master/OptionParser.html
+begin
+  options = {}
+  OptionParser.new do |opts|
+    opts.banner = "Usage: dependency-timeline-audit [options]\n"
+    opts.on('-i', '--interactive-ignore', 'Allows interactively generating an ignore file')
+    opts.on('-v', '--verbose', 'Provides more verbose output')
+    opts.on('--lockfile=LOCKFILE', 'Allows overwriting where the lockfile is located (default: "Gemfile.lock")')
+    opts.on('--outdated-threshold=YEARS', Integer, 'Allows overwriting the number of years before a gem is considered outdated (default: 1)')
+    opts.on_tail('-h', '--help', 'Prints this help') do
+      puts opts
+      exit
+    end
+    opts.on('-V', '--version', 'Prints the version of dependency-timeline-audit') do
+      puts "Dependency Timeline Audit (Ruby) - version: #{DependencyTimelineAudit.gem_version}"
+      exit
+    end
+  end.parse!(into: options)
+rescue OptionParser::InvalidOption, OptionParser::MissingArgument => e
+  puts e.message
+  exit(1)
+end
+DependencyTimelineAudit::Check.check(
+  lockfile: options[:lockfile],
+  verbose: options[:verbose]
+)

data/lib/dependency-timeline-audit/check.rb ADDED Viewed

@@ -0,0 +1,95 @@
+require 'date'
+require 'active_support/all'
+module DependencyTimelineAudit
+  class Check
+    # TODO: activesupport is kinda hefty for just grabbing 1.year.ago, remove
+    def self.outdated_threshold
+      1.year.ago
+    end
+    def self.check(lockfile: 'Gemfile.lock', verbose: true)
+      outdated_versions = []
+      locked_gems.each do |gem|
+        lock_released_at = GemInfo.version_created_at(gem[:name], gem[:locked_version])
+        latest_version = GemInfo.latest_version(gem[:name])
+        outdated_versions.push(gem[:name]) if gem_outdated?(lock_released_at)
+        print_info(gem, lock_released_at, latest_version) if verbose
+      end
+      print "\n" if verbose
+      if outdated_versions.any?
+        set_text_color_red
+        puts "Outdated gems detected!"
+        puts " - #{outdated_versions.join(', ')}"
+        exit(1) # Failure
+      else
+        reset_text_style
+        puts "All gems are within the accepted threshold!"
+        exit(0) # Success
+      end
+    end
+    private
+    def self.gem_outdated?(released_at)
+      released_at <= outdated_threshold
+    end
+    def self.print_info(gem, lock_released_at, latest_version)
+      puts "Gem: \e[1m#{gem[:name]}\e[0m"
+      set_text_color(lock_released_at, gem[:locked_version] == latest_version[:version])
+      puts "  - Locked to: #{gem[:locked_version]} (Released: #{format_date(lock_released_at)})"
+      set_text_color(latest_version[:created_at])
+      puts "  - Latest: #{latest_version[:version]} (Released: #{format_date(latest_version[:created_at])})"
+      reset_text_style
+    end
+    def self.set_text_color(released_at, using_latest = true)
+      if gem_outdated?(released_at)
+        set_text_color_red
+      else
+        if using_latest
+          set_text_color_green
+        else
+          set_text_color_yellow
+        end
+      end
+    end
+    def self.set_text_bold
+      print "\e[1m"
+    end
+    def self.set_text_color_red
+      print "\e[31m"
+    end
+    def self.set_text_color_green
+      print "\e[32m"
+    end
+    def self.set_text_color_yellow
+      print "\e[33m"
+    end
+    def self.reset_text_style
+      print "\e[0m"
+    end
+    def self.locked_gems
+      lockfile = Bundler::LockfileParser.new(File.read('Gemfile.lock'))
+      lockfile.specs.map do |gem|
+        { name: gem.name, locked_version: gem.version.to_s }
+      end
+    end
+    def self.format_date(date_string)
+      date = Date.parse(date_string)
+      date.strftime("%Y-%m-%d")
+    end
+  end
+end

data/lib/dependency-timeline-audit/gem_info.rb ADDED Viewed

@@ -0,0 +1,41 @@
+require 'net/http'
+require 'json'
+module DependencyTimelineAudit
+  # Define a class for interacting with the RubyGems API
+  class GemInfo
+    API_URL = 'https://rubygems.org/api/v1/versions/'
+    @@gem_cache = {}
+    # Method to fetch the gem data and cache it
+    def self.fetch_gem_data(gem_name)
+      # Check if gem info is already cached
+      unless @@gem_cache[gem_name]
+        url = URI("#{API_URL}#{gem_name}.json")
+        response = Net::HTTP.get(url)
+        @@gem_cache[gem_name] = JSON.parse(response)
+      end
+      # Return cached gem info
+      @@gem_cache[gem_name]
+    end
+    # Method to fetch the latest version and its created_at timestamp
+    def self.latest_version(gem_name)
+      versions = fetch_gem_data(gem_name)
+      latest = versions.first # The first entry is the latest version
+      version_number = latest['number']
+      created_at = latest['created_at']
+      { version: version_number, created_at: created_at }
+    end
+    # Method to fetch the created_at timestamp for a specific version
+    def self.version_created_at(gem_name, version)
+      versions = fetch_gem_data(gem_name)
+      # Find the version that matches the requested version string
+      version_info = versions.find { |v| v['number'] == version }
+      version_info.present? ? version_info['created_at'] : nil
+    end
+  end
+end

data/lib/dependency-timeline-audit/version.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module DependencyTimelineAudit
   module VERSION
     MAJOR = 0
     MINOR = 0
-    PATCH = 0
+    PATCH = 2
     STRING = [MAJOR, MINOR, PATCH].join('.')
   end

data/lib/dependency-timeline-audit.rb CHANGED Viewed

@@ -1,4 +1,6 @@
 module DependencyTimelineAudit
+  autoload :Check, 'dependency-timeline-audit/check'
+  autoload :GemInfo, 'dependency-timeline-audit/gem_info'
   autoload :VERSION, 'dependency-timeline-audit/version'
   def self.gem_version

metadata CHANGED Viewed

@@ -1,22 +1,54 @@
 --- !ruby/object:Gem::Specification
 name: dependency-timeline-audit
 version: !ruby/object:Gem::Version
-  version: 0.0.0
+  version: 0.0.2
 platform: ruby
 authors:
 - Josh Buker
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-24 00:00:00.000000000 Z
-dependencies: []
+date: 2024-09-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Provides a way to audit your dependencies based on release timeline.
 email: crypto@joshbuker.com
-executables: []
+executables:
+- dependency-timeline-audit
 extensions: []
 extra_rdoc_files: []
 files:
+- bin/dependency-timeline-audit
 - lib/dependency-timeline-audit.rb
+- lib/dependency-timeline-audit/check.rb
+- lib/dependency-timeline-audit/gem_info.rb
 - lib/dependency-timeline-audit/version.rb
 homepage: https://github.com/CloudSecurityAlliance/Dependency-Timeline-Audit
 licenses:
@@ -24,7 +56,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/CloudSecurityAlliance/Dependency-Timeline-Audit/issues
   rubygems_mfa_required: 'true'
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -39,8 +71,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
-signing_key:
+rubygems_version: 3.3.5
+signing_key:
 specification_version: 4
 summary: Dependency Timeline Audit Ruby Interface
 test_files: []