gems-status 0.28.0 → 0.29.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/gems-status/checkers/git_check_messages.rb +4 -0
- data/lib/gems-status/checkers/hg_check_messages.rb +4 -0
- data/lib/gems-status/checkers/not_a_security_alert_checker.rb +9 -6
- data/lib/gems-status/checkers/scm_check_messages.rb +5 -1
- data/lib/gems-status/checkers/security_alert.rb +7 -0
- data/lib/gems-status/checkers/svn_check_messages.rb +5 -0
- data/lib/gems-status/gem_simple.rb +5 -0
- data/lib/gems-status/gems_status_metadata.rb +1 -1
- data/lib/gems-status/sources/ruby_gems_gems_gem_simple.rb +14 -0
- metadata +6 -5
@@ -3,6 +3,7 @@ require "json"
|
|
3
3
|
require "open-uri"
|
4
4
|
|
5
5
|
require "gems-status/checkers/gem_checker"
|
6
|
+
require "gems-status/checkers/security_alert"
|
6
7
|
require "gems-status/checkers/git_check_messages"
|
7
8
|
require "gems-status/checkers/hg_check_messages"
|
8
9
|
require "gems-status/checkers/svn_check_messages"
|
@@ -93,12 +94,12 @@ class NotASecurityAlertChecker < GemChecker
|
|
93
94
|
@emails.each do |listname, emails|
|
94
95
|
emails.each do |email|
|
95
96
|
if match_name(listname, gem.name)
|
96
|
-
@security_messages[key_for_emails(listname, gem, email)] = email.subject
|
97
|
+
@security_messages[key_for_emails(listname, gem, email)] = SecurityAlert.new(email.subject)
|
97
98
|
Utils::log_debug "looking for security emails: listname matches gem #{gem.name}: #{listname}"
|
98
99
|
next
|
99
100
|
end
|
100
101
|
if match_name(email.subject, gem.name)
|
101
|
-
@security_messages[key_for_emails(listname, gem, email)] = email.subject
|
102
|
+
@security_messages[key_for_emails(listname, gem, email)] = SecurityAlert.new(email.subject)
|
102
103
|
Utils::log_debug "looking for security emails: subject matches gem #{gem.name}: #{email.subject}"
|
103
104
|
next
|
104
105
|
end
|
@@ -113,7 +114,7 @@ class NotASecurityAlertChecker < GemChecker
|
|
113
114
|
@security_messages = {}
|
114
115
|
look_in_scm(gem)
|
115
116
|
look_in_emails(gem)
|
116
|
-
filter_security_messages_already_fixed(gem.version)
|
117
|
+
filter_security_messages_already_fixed(gem.version, gem.date)
|
117
118
|
send_emails(gem)
|
118
119
|
return @security_messages.length == 0
|
119
120
|
end
|
@@ -121,7 +122,7 @@ class NotASecurityAlertChecker < GemChecker
|
|
121
122
|
def description
|
122
123
|
result = ""
|
123
124
|
@security_messages.keys.sort.each do |k|
|
124
|
-
result = result + "[#{k}] - #{@security_messages[k]}"
|
125
|
+
result = result + "[#{k}] - #{@security_messages[k].desc}"
|
125
126
|
result = result + "Fixed in #{@fixed[k]}" if @fixed[k]
|
126
127
|
result = result + "<br/>"
|
127
128
|
end
|
@@ -131,12 +132,14 @@ class NotASecurityAlertChecker < GemChecker
|
|
131
132
|
|
132
133
|
private
|
133
134
|
|
134
|
-
def filter_security_messages_already_fixed(version)
|
135
|
+
def filter_security_messages_already_fixed(version, date)
|
135
136
|
#TODO: let's use a database instead of having the info in yaml file
|
136
|
-
#TODO: can we know which commits are in a particular version? by date?
|
137
137
|
@security_messages.delete_if do |k,v|
|
138
138
|
@fixed[k] && Gem::Version.new(@fixed[k]) <= version
|
139
139
|
end
|
140
|
+
@security_messages.delete_if do |k,v|
|
141
|
+
v.date && date && v.date < date
|
142
|
+
end
|
140
143
|
end
|
141
144
|
|
142
145
|
def source_repo(gem)
|
@@ -29,7 +29,7 @@ private
|
|
29
29
|
next
|
30
30
|
end
|
31
31
|
Utils::log_debug "security key: #{key}"
|
32
|
-
results[key] = message(commit)
|
32
|
+
results[key] = SecurityAlert.new(message(commit), date(commit))
|
33
33
|
end
|
34
34
|
end
|
35
35
|
return results
|
@@ -46,4 +46,8 @@ private
|
|
46
46
|
def messages(name, source_repo)
|
47
47
|
raise NotImplementedError
|
48
48
|
end
|
49
|
+
|
50
|
+
def date(commit)
|
51
|
+
raise NotImplementedError
|
52
|
+
end
|
49
53
|
end
|
@@ -1,4 +1,5 @@
|
|
1
1
|
require "gems-status/gem_simple"
|
2
|
+
require "time"
|
2
3
|
|
3
4
|
class RubyGemsGems_GemSimple < GemSimple
|
4
5
|
|
@@ -25,5 +26,18 @@ class RubyGemsGems_GemSimple < GemSimple
|
|
25
26
|
end
|
26
27
|
return @md5
|
27
28
|
end
|
29
|
+
|
30
|
+
def date
|
31
|
+
Utils::log_debug "looking for date for #{@name} - #{@version}"
|
32
|
+
versions = JSON.parse(open("https://rubygems.org/api/v1/versions/#{@name}.json").read)
|
33
|
+
versions.each do |version|
|
34
|
+
if Gem::Version.new(version["number"]) == @version
|
35
|
+
Utils::log_debug "Date for #{@name} - #{@version} : #{version["built_at"]}"
|
36
|
+
return Time.parse version["built_at"]
|
37
|
+
end
|
38
|
+
end
|
39
|
+
nil
|
40
|
+
end
|
41
|
+
|
28
42
|
end
|
29
43
|
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gems-status
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 107
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
-
-
|
8
|
+
- 29
|
9
9
|
- 0
|
10
|
-
version: 0.
|
10
|
+
version: 0.29.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Jordi Massaguer Pla
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2012-12-
|
18
|
+
date: 2012-12-21 00:00:00 Z
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
21
|
name: xml-simple
|
@@ -127,6 +127,7 @@ files:
|
|
127
127
|
- lib/gems-status/checkers/hg_check_messages.rb
|
128
128
|
- lib/gems-status/checkers/gem_checker.rb
|
129
129
|
- lib/gems-status/checkers/exists_in_upstream.rb
|
130
|
+
- lib/gems-status/checkers/security_alert.rb
|
130
131
|
- lib/gems-status/checkers/not_rails_checker.rb
|
131
132
|
- lib/gems-status/checkers/not_a_security_alert_checker.rb
|
132
133
|
- lib/gems-status/gems_composite_command.rb
|
@@ -175,7 +176,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
175
176
|
requirements: []
|
176
177
|
|
177
178
|
rubyforge_project:
|
178
|
-
rubygems_version: 1.8.
|
179
|
+
rubygems_version: 1.8.15
|
179
180
|
signing_key:
|
180
181
|
specification_version: 3
|
181
182
|
summary: compares rubygems from different sources
|