gems-status 0.38.0 → 0.39.0
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/gems-status +1 -1
- data/lib/gems-status.rb +26 -23
- data/lib/gems-status/checkers/exists_in_upstream.rb +17 -14
- data/lib/gems-status/checkers/gem_checker.rb +8 -6
- data/lib/gems-status/checkers/git_check_messages.rb +25 -22
- data/lib/gems-status/checkers/hg_check_messages.rb +25 -22
- data/lib/gems-status/checkers/not_a_security_alert_checker.rb +161 -158
- data/lib/gems-status/checkers/not_native_gem_checker.rb +33 -30
- data/lib/gems-status/checkers/not_rails_checker.rb +16 -13
- data/lib/gems-status/checkers/print_gem_versions.rb +27 -23
- data/lib/gems-status/checkers/scm_check_messages.rb +44 -41
- data/lib/gems-status/checkers/scm_security_messages.rb +5 -3
- data/lib/gems-status/checkers/security_alert.rb +7 -5
- data/lib/gems-status/checkers/svn_check_messages.rb +29 -26
- data/lib/gems-status/gem_simple.rb +42 -40
- data/lib/gems-status/gems_command.rb +30 -28
- data/lib/gems-status/gems_composite_command.rb +85 -82
- data/lib/gems-status/gems_status_metadata.rb +2 -2
- data/lib/gems-status/html_view.rb +240 -237
- data/lib/gems-status/sources/lockfile_gems.rb +64 -61
- data/lib/gems-status/sources/obs_gems.rb +86 -83
- data/lib/gems-status/sources/ruby_gems_gems.rb +32 -30
- data/lib/gems-status/sources/ruby_gems_gems_gem_simple.rb +29 -26
- data/lib/gems-status/utils.rb +77 -74
- data/test/test-gems_command.rb +52 -49
- data/test/test-gems_composite_command.rb +43 -40
- data/test/test-helper.rb +2 -0
- data/test/test-lockfile_gems.rb +64 -61
- data/test/test-not_rails_checker.rb +45 -42
- data/test/test-obs_gems.rb +31 -29
- data/test/test-ruby_gems_gems.rb +22 -20
- data/test/test-utils.rb +42 -39
- metadata +181 -176
@@ -8,81 +8,84 @@ require "gems-status/sources/ruby_gems_gems_gem_simple"
|
|
8
8
|
require "gems-status/gems_command"
|
9
9
|
require "gems-status/utils"
|
10
10
|
|
11
|
-
|
12
|
-
def initialize(conf)
|
13
|
-
Utils::check_parameters('LockfileGems', conf, ["id", "filenames", "gems_url", "upstream_url"])
|
14
|
-
@filenames = conf['filenames']
|
15
|
-
@gems_url = conf['gems_url']
|
16
|
-
@result = {}
|
17
|
-
@ident = conf['id']
|
18
|
-
@upstream_url = conf['upstream_url']
|
19
|
-
end
|
11
|
+
module GemsStatus
|
20
12
|
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
13
|
+
class LockfileGems < GemsCommand
|
14
|
+
def initialize(conf)
|
15
|
+
Utils::check_parameters('LockfileGems', conf, ["id", "filenames", "gems_url", "upstream_url"])
|
16
|
+
@filenames = conf['filenames']
|
17
|
+
@gems_url = conf['gems_url']
|
18
|
+
@result = {}
|
19
|
+
@ident = conf['id']
|
20
|
+
@upstream_url = conf['upstream_url']
|
29
21
|
end
|
30
|
-
return data
|
31
|
-
end
|
32
22
|
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
23
|
+
def get_data(dirname, filename)
|
24
|
+
data = ""
|
25
|
+
Dir.chdir(dirname) do
|
26
|
+
begin
|
27
|
+
data = File.open(filename).read
|
28
|
+
rescue
|
29
|
+
Utils::log_error("?", "There was a problem opening file #{filename} ")
|
40
30
|
end
|
41
31
|
end
|
32
|
+
return data
|
42
33
|
end
|
43
|
-
return changes
|
44
|
-
end
|
45
34
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
35
|
+
def update_gem_dependencies(gem)
|
36
|
+
Utils::log_debug("updating dependencies for #{gem.name}")
|
37
|
+
changes = false
|
38
|
+
@result.each do |k, gems|
|
39
|
+
gems.each do |gem2|
|
40
|
+
if gem.depends?(gem2)
|
41
|
+
changes = gem.merge_deps(gem2) || changes
|
42
|
+
end
|
43
|
+
end
|
51
44
|
end
|
45
|
+
return changes
|
52
46
|
end
|
53
|
-
update_dependencies if changes
|
54
|
-
end
|
55
47
|
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
if file_data.empty?
|
62
|
-
Utils::log_error("?", "file empty #{filename}")
|
63
|
-
next
|
48
|
+
def update_dependencies
|
49
|
+
changes = false
|
50
|
+
@result.each do |k, gems|
|
51
|
+
gems.each do |gem|
|
52
|
+
changes = update_gem_dependencies(gem) || changes
|
64
53
|
end
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
54
|
+
end
|
55
|
+
update_dependencies if changes
|
56
|
+
end
|
57
|
+
|
58
|
+
def execute
|
59
|
+
@filenames.each do |filename|
|
60
|
+
Utils::log_debug "reading #{filename}"
|
61
|
+
Dir.chdir(File.dirname(filename)) do
|
62
|
+
file_data = get_data(File::dirname(filename), File::basename(filename))
|
63
|
+
if file_data.empty?
|
64
|
+
Utils::log_error("?", "file empty #{filename}")
|
65
|
+
next
|
66
|
+
end
|
67
|
+
lockfile = Bundler::LockfileParser.new(file_data)
|
68
|
+
lockfile.specs.each do |spec|
|
69
|
+
name = spec.name
|
70
|
+
version = Gem::Version.create(spec.version)
|
71
|
+
dependencies = spec.dependencies
|
72
|
+
Utils::log_debug "dependencies for #{name} #{dependencies}"
|
73
|
+
if spec.source.class.name == "Bundler::Source::Git"
|
74
|
+
Utils::log_debug "this comes from git #{name} #{version}"
|
75
|
+
gems_url = spec.source.uri
|
76
|
+
else
|
77
|
+
gems_url = @gems_url
|
78
|
+
end
|
79
|
+
@result[name] = [] if !@result[name]
|
80
|
+
@result[name] << RubyGemsGems_GemSimple.new(name, version , '', filename,
|
81
|
+
gems_url, dependencies)
|
82
|
+
@result[name] << RubyGemsGems_GemSimple.new(name, version , '', @upstream_url,
|
83
|
+
@upstream_url, dependencies)
|
76
84
|
end
|
77
|
-
@result[name] = [] if !@result[name]
|
78
|
-
@result[name] << RubyGemsGems_GemSimple.new(name, version , '', filename,
|
79
|
-
gems_url, dependencies)
|
80
|
-
@result[name] << RubyGemsGems_GemSimple.new(name, version , '', @upstream_url,
|
81
|
-
@upstream_url, dependencies)
|
82
85
|
end
|
86
|
+
update_dependencies
|
83
87
|
end
|
84
|
-
update_dependencies
|
85
88
|
end
|
86
|
-
end
|
87
89
|
|
90
|
+
end
|
88
91
|
end
|
@@ -6,104 +6,107 @@ require "gems-status/gem_simple"
|
|
6
6
|
require "gems-status/gems_command"
|
7
7
|
require "gems-status/utils"
|
8
8
|
|
9
|
-
|
10
|
-
FILES_TO_IGNORE = /(\w(\.gem|\.spec|\.changes|\.rpmlintrc|-rpm-lintrc|-rpmlintrc))|README.SuSE/
|
11
|
-
def initialize(conf)
|
12
|
-
Utils::check_parameters('OBSGems', conf, ["id", "username", "password", "url", "obs_repo"])
|
13
|
-
@result = {}
|
14
|
-
@username = conf['username']
|
15
|
-
@password = conf['password']
|
16
|
-
@obs_url = conf['url']
|
17
|
-
@repo = conf['obs_repo']
|
18
|
-
@ident = conf['id']
|
9
|
+
module GemsStatus
|
19
10
|
|
20
|
-
|
11
|
+
class OBSGems < GemsCommand
|
12
|
+
FILES_TO_IGNORE = /(\w(\.gem|\.spec|\.changes|\.rpmlintrc|-rpm-lintrc|-rpmlintrc))|README.SuSE/
|
13
|
+
def initialize(conf)
|
14
|
+
Utils::check_parameters('OBSGems', conf, ["id", "username", "password", "url", "obs_repo"])
|
15
|
+
@result = {}
|
16
|
+
@username = conf['username']
|
17
|
+
@password = conf['password']
|
18
|
+
@obs_url = conf['url']
|
19
|
+
@repo = conf['obs_repo']
|
20
|
+
@ident = conf['id']
|
21
21
|
|
22
|
-
def parse_link(linkinfo)
|
23
|
-
if linkinfo.length > 1 then
|
24
|
-
Utils::log_error("?", "There is more than one linkinfo element")
|
25
|
-
return
|
26
|
-
end
|
27
|
-
if !linkinfo[0]["project"] then
|
28
|
-
Utils::log_error("?", "Project element does not exists in linkinfo")
|
29
|
-
return
|
30
|
-
end
|
31
|
-
if !linkinfo[0]["package"] then
|
32
|
-
Utils::log_error("?", "Package element does not exists in linkinfo")
|
33
|
-
return
|
34
22
|
end
|
35
|
-
repo = linkinfo[0]["project"]
|
36
|
-
package = linkinfo[0]["package"]
|
37
|
-
if linkinfo[0]["rev"] then
|
38
|
-
rev = linkinfo[0]["rev"]
|
39
|
-
Utils::log_debug "Revision in link: #{rev}."
|
40
|
-
package = package + "?rev=" + rev
|
41
|
-
end
|
42
|
-
Utils::log_debug "follow link to project: #{repo} package: #{package}"
|
43
|
-
parse_rpm_data(repo, package)
|
44
|
-
end
|
45
23
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
24
|
+
def parse_link(linkinfo)
|
25
|
+
if linkinfo.length > 1 then
|
26
|
+
Utils::log_error("?", "There is more than one linkinfo element")
|
27
|
+
return
|
28
|
+
end
|
29
|
+
if !linkinfo[0]["project"] then
|
30
|
+
Utils::log_error("?", "Project element does not exists in linkinfo")
|
31
|
+
return
|
32
|
+
end
|
33
|
+
if !linkinfo[0]["package"] then
|
34
|
+
Utils::log_error("?", "Package element does not exists in linkinfo")
|
35
|
+
return
|
36
|
+
end
|
37
|
+
repo = linkinfo[0]["project"]
|
38
|
+
package = linkinfo[0]["package"]
|
39
|
+
if linkinfo[0]["rev"] then
|
40
|
+
rev = linkinfo[0]["rev"]
|
41
|
+
Utils::log_debug "Revision in link: #{rev}."
|
42
|
+
package = package + "?rev=" + rev
|
43
|
+
end
|
44
|
+
Utils::log_debug "follow link to project: #{repo} package: #{package}"
|
45
|
+
parse_rpm_data(repo, package)
|
52
46
|
end
|
53
|
-
return data
|
54
|
-
end
|
55
47
|
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
end
|
63
|
-
data = XmlSimple.xml_in(response)
|
64
|
-
if data["linkinfo"] then
|
65
|
-
Utils::log_debug "#{data["name"]} is a link."
|
66
|
-
if data["entry"].length != 1
|
67
|
-
msg = " "
|
68
|
-
data["entry"].each {|e| msg << " " << e["name"]}
|
69
|
-
Utils::log_error(package.sub("rubygem-",""), "when parsing the link for #{project} : #{package}. There are more entries than expected. That may be a patched link and the result may not be correct:" + msg)
|
48
|
+
def get_data(package, url)
|
49
|
+
data = ""
|
50
|
+
begin
|
51
|
+
data = open(url, :http_basic_authentication => [@username, @password]).read
|
52
|
+
rescue
|
53
|
+
Utils::log_error(package.sub("rubygem-",""), "There was a problem opening #{url} ")
|
70
54
|
end
|
71
|
-
|
72
|
-
return
|
55
|
+
return data
|
73
56
|
end
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
if
|
80
|
-
|
57
|
+
|
58
|
+
def parse_rpm_data(project, package)
|
59
|
+
url = @obs_url + "/" + project
|
60
|
+
rpm_url = url + "/" + package
|
61
|
+
response = get_data(package, rpm_url)
|
62
|
+
if response.empty? then
|
63
|
+
return
|
64
|
+
end
|
65
|
+
data = XmlSimple.xml_in(response)
|
66
|
+
if data["linkinfo"] then
|
67
|
+
Utils::log_debug "#{data["name"]} is a link."
|
68
|
+
if data["entry"].length != 1
|
69
|
+
msg = " "
|
70
|
+
data["entry"].each {|e| msg << " " << e["name"]}
|
71
|
+
Utils::log_error(package.sub("rubygem-",""), "when parsing the link for #{project} : #{package}. There are more entries than expected. That may be a patched link and the result may not be correct:" + msg)
|
72
|
+
end
|
73
|
+
parse_link(data["linkinfo"])
|
74
|
+
return
|
75
|
+
end
|
76
|
+
if !data["entry"] then
|
77
|
+
Utils::log_error(package.sub("rubygem-",""), "something went wrong retrieving info from #{project} : #{package}")
|
78
|
+
return
|
81
79
|
end
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
if
|
87
|
-
|
80
|
+
data["entry"].each do |entry|
|
81
|
+
if !(entry["name"] =~ OBSGems::FILES_TO_IGNORE)
|
82
|
+
Utils::log_error(package.sub("rubygem-",""), "when parsing data for #{project} : #{package}. Entry not expected. That may be a patched rpm and the result may not be correct. #{entry["name"]} ")
|
83
|
+
end
|
84
|
+
if entry["name"].end_with?(".gem") then
|
85
|
+
name = gem_name(entry['name'])
|
86
|
+
version = Gem::Version.new(gem_version(entry['name']))
|
87
|
+
md5 = entry['md5']
|
88
|
+
if !@result[name] || @result[name][0].version < version
|
89
|
+
@result[name] = [GemSimple.new(name, version, md5, url)]
|
90
|
+
end
|
88
91
|
end
|
89
92
|
end
|
90
93
|
end
|
91
|
-
end
|
92
94
|
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
95
|
+
def execute
|
96
|
+
url = @obs_url + "/" + @repo
|
97
|
+
response = get_data("?", url)
|
98
|
+
if response.empty? then
|
99
|
+
return
|
100
|
+
end
|
101
|
+
data = XmlSimple.xml_in(response)
|
102
|
+
data["entry"].each do |entry|
|
103
|
+
entry.each do |k,v|
|
104
|
+
if k == "name" and v.start_with?("rubygem-") then
|
105
|
+
parse_rpm_data(@repo, v)
|
106
|
+
end
|
104
107
|
end
|
105
108
|
end
|
106
109
|
end
|
107
|
-
end
|
108
110
|
|
111
|
+
end
|
109
112
|
end
|
@@ -7,43 +7,45 @@ require "gems-status/sources/ruby_gems_gems_gem_simple"
|
|
7
7
|
require "gems-status/gems_command"
|
8
8
|
require "gems-status/utils"
|
9
9
|
|
10
|
+
module GemsStatus
|
10
11
|
|
11
|
-
class RubyGemsGems < GemsCommand
|
12
|
+
class RubyGemsGems < GemsCommand
|
12
13
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
14
|
+
def initialize(conf)
|
15
|
+
Utils::check_parameters('RubyGemsGems', conf, ["id", "url", "specs"])
|
16
|
+
@url = conf['url']
|
17
|
+
@specs = conf['specs']
|
18
|
+
@result = {}
|
19
|
+
@ident = conf['id']
|
19
20
|
|
20
|
-
|
21
|
+
end
|
21
22
|
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
23
|
+
def get_data
|
24
|
+
specs_url = @url + "/" + @specs
|
25
|
+
begin
|
26
|
+
source = open(specs_url)
|
27
|
+
gz = Zlib::GzipReader.new(source)
|
28
|
+
return gz.read
|
29
|
+
rescue
|
30
|
+
Utils::log_error "?", "There was a problem opening #{specs_url} "
|
31
|
+
end
|
32
|
+
return ""
|
30
33
|
end
|
31
|
-
return ""
|
32
|
-
end
|
33
34
|
|
34
35
|
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
36
|
+
def execute
|
37
|
+
response = get_data
|
38
|
+
if response.empty? then
|
39
|
+
return
|
40
|
+
end
|
41
|
+
data = Marshal.load(response)
|
42
|
+
data.each do |line|
|
43
|
+
name = line[0]
|
44
|
+
version = Gem::Version.new(line[1])
|
45
|
+
gems_url = "#{@url}/gems"
|
46
|
+
@result[name] = [RubyGemsGems_GemSimple.new(name, version,'' , @url, gems_url)]
|
47
|
+
end
|
39
48
|
end
|
40
|
-
data = Marshal.load(response)
|
41
|
-
data.each do |line|
|
42
|
-
name = line[0]
|
43
|
-
version = Gem::Version.new(line[1])
|
44
|
-
gems_url = "#{@url}/gems"
|
45
|
-
@result[name] = [RubyGemsGems_GemSimple.new(name, version,'' , @url, gems_url)]
|
46
|
-
end
|
47
|
-
end
|
48
49
|
|
50
|
+
end
|
49
51
|
end
|
@@ -2,42 +2,45 @@ require "rubygems/format"
|
|
2
2
|
require "gems-status/gem_simple"
|
3
3
|
require "time"
|
4
4
|
|
5
|
-
|
5
|
+
module GemsStatus
|
6
6
|
|
7
|
-
|
8
|
-
super(name, version, nil, origin, gems_url, dependencies)
|
9
|
-
end
|
7
|
+
class RubyGemsGems_GemSimple < GemSimple
|
10
8
|
|
11
|
-
|
12
|
-
|
13
|
-
|
9
|
+
def initialize(name, version, md5, origin, gems_url, dependencies=nil)
|
10
|
+
super(name, version, nil, origin, gems_url, dependencies)
|
11
|
+
end
|
12
|
+
|
13
|
+
def license
|
14
|
+
if from_git?
|
15
|
+
return nil
|
16
|
+
end
|
17
|
+
Utils::download_license(@name, @version, @gems_url)
|
14
18
|
end
|
15
|
-
Utils::download_license(@name, @version, @gems_url)
|
16
|
-
end
|
17
19
|
|
18
20
|
|
19
|
-
|
20
|
-
|
21
|
-
|
21
|
+
def md5
|
22
|
+
if from_git?
|
23
|
+
return nil
|
24
|
+
end
|
25
|
+
Utils::download_md5(@name, @version, @gems_url)
|
22
26
|
end
|
23
|
-
Utils::download_md5(@name, @version, @gems_url)
|
24
|
-
end
|
25
27
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
28
|
+
def date
|
29
|
+
Utils::log_debug "looking for date for #{@name} - #{@version}"
|
30
|
+
begin
|
31
|
+
versions = JSON.parse(open("https://rubygems.org/api/v1/versions/#{@name}.json").read)
|
32
|
+
versions.each do |version|
|
33
|
+
if Gem::Version.new(version["number"]) == @version
|
34
|
+
Utils::log_debug "Date for #{@name} - #{@version} : #{version["built_at"]}"
|
35
|
+
return Time.parse version["built_at"]
|
36
|
+
end
|
34
37
|
end
|
38
|
+
rescue
|
39
|
+
Utils::log_error(@name, "There was a problem opening https://rubygems.org/api/v1/versions/#{@name}.json")
|
35
40
|
end
|
36
|
-
|
37
|
-
Utils::log_error(@name, "There was a problem opening https://rubygems.org/api/v1/versions/#{@name}.json")
|
41
|
+
nil
|
38
42
|
end
|
39
|
-
|
43
|
+
|
40
44
|
end
|
41
45
|
|
42
46
|
end
|
43
|
-
|