gems-status 0.6.0 → 0.7.0

data/lib/gems-status.rb

@@ -31,7 +31,8 @@ class GemStatus
     end
     if @conf["checkers"]
       @conf["checkers"].each do |c|
-       gems_composite_command.add_checker(eval(c["classname"]))
+        checker = eval(c["classname"]).new(c)
+       gems_composite_command.add_checker(checker)
       end
     end
     if @conf["comments"]

data/lib/gems-status/exists_in_upstream.rb

@@ -4,7 +4,7 @@ require 'gems-status/gem_checker'
 require 'gems-status/utils'
 
 class ExistsInUpstream < GemChecker
-  def ExistsInUpstream.check?(gem)
+  def check?(gem)
     Utils::log_debug("Looking for #{gem.name}")
     result = nil
     gem_uri = "#{gem.gems_url}/#{gem.name}-#{gem.version}.gem" 
@@ -15,7 +15,7 @@ class ExistsInUpstream < GemChecker
       return false
     end
   end
-  def ExistsInUpstream.description
+  def description
     "This gem does not exist in upstream: "
   end
 end

data/lib/gems-status/gem_checker.rb

@@ -1,6 +1,8 @@
 class GemChecker
-  def GemChecker.check?(gem)
+  def initialize(configuration)
   end
-  def GemChecker.description
+  def check?(gem)
+  end
+  def description
   end
 end

data/lib/gems-status/gems_composite_command.rb

@@ -4,6 +4,7 @@ require "gems-status/not_native_gem_checker"
 require "gems-status/not_rails_checker"
 require "gems-status/exists_in_upstream"
 require "gems-status/view_results"
+require "gems-status/not_a_security_alert_checker"
 
 class GemsCompositeCommand < GemsCommand
   def initialize(target)
@@ -19,8 +20,8 @@ class GemsCompositeCommand < GemsCommand
     @commands << command
   end
 
-  def add_checker(check_class)
-    @checkers << check_class
+  def add_checker(check_object)
+    @checkers << check_object
   end
 
   def execute
@@ -35,14 +36,15 @@ class GemsCompositeCommand < GemsCommand
     @commands.each do |command|
       @results[command.ident] = command.result
     end
-    @checkers.each do |check_class|
-      Utils::log_debug "checking #{check_class::description}"
+    @checkers.each do |check_object|
+      Utils::log_debug "checking #{check_object.class.name}"
       @results[@target].sort.each do |k, gems|
-        @checker_results[k] = "" 
+        @checker_results[k] = "" unless @checker_results[k] 
         gems.each do |gem|
-          if !check_class::check?(gem)  
-           @checker_results[gem.name] << " #{check_class::description} 
-           #{gem.name} #{gem.version} #{gem.origin} " 
+          if !check_object.check?(gem)  
+           @checker_results[gem.name] << "
+           <br/>#{gem.name} #{gem.version} #{gem.origin}: <br/>
+           #{check_object.description} " 
           end
         end
       end

data/lib/gems-status/gems_status_metadata.rb

@@ -1,3 +1,3 @@
 module GemsStatusMetadata
-  VERSION = "0.6.0"
+  VERSION = "0.7.0"
 end

data/lib/gems-status/git_check_messages.rb

@@ -0,0 +1,23 @@
+require "git"
+
+require "gems-status/scm_check_messages"
+
+class GitCheckMessages < ScmCheckMessages
+
+private
+
+  def message(commit)
+    return commit.message
+  end
+
+  def messages(name, source_repo)
+    begin
+      g = Git.open(name)
+    rescue
+      g = Git.clone(source_repo, name)
+    end
+    g.pull
+    return g.log
+  end
+
+end

data/lib/gems-status/hg_check_messages.rb

@@ -0,0 +1,27 @@
+require "mercurial-ruby"
+
+require "gems-status/scm_check_messages"
+
+class HgCheckMessages < ScmCheckMessages
+  def initialize
+    Mercurial.configure do |conf|
+      conf.hg_binary_path = "/usr/bin/hg"
+    end
+  end
+
+private
+
+  def message(commit)
+    return commit.message
+  end
+
+  def messages(name, source_repo)
+    if ! File.exists?(name)
+      Mercurial::Repository.clone(source_repo, name, {})
+    end
+    repo = Mercurial::Repository.open(name)
+    repo.pull
+    return repo.commits
+  end
+end
+

data/lib/gems-status/not_a_security_alert_checker.rb

@@ -0,0 +1,105 @@
+require "json"
+require "open-uri"
+
+require "gems-status/gem_checker"
+require "gems-status/git_check_messages"
+require "gems-status/hg_check_messages"
+require "gems-status/svn_check_messages"
+require "gems-status/scm_security_messages"
+
+class NotASecurityAlertChecker < GemChecker
+  def initialize(conf)
+    Utils::check_parameters('NotASecurityAlertChecker', conf, ["fixed", "source_repos"])
+    @fixed = conf["fixed"]
+    @source_repos = conf["source_repos"]
+    @security_messages = {}
+  end
+
+  def check?(gem)
+    @security_messages = {}
+    version = gem.version
+    source_repo = source_repo(gem)
+    if ! source_repo
+      Utils::log_error gem.name, "Not source URL for #{gem.name}"
+      @security_messages = {gem.name => "Not source URL for #{gem.name}"} 
+      return false
+    end
+    Utils::log_debug "Source URL for #{gem.name} #{source_repo}"
+    look_for_security_messages(gem.name, source_repo)
+    filter_security_messages_already_fixed(gem.version)
+    return @security_messages.length == 0
+  end
+
+ def description
+   result = ""
+   @security_messages.keys.sort.each do |k|
+     result = result + "[#{k}] - #{@security_messages[k]}<br/>"
+   end
+   result = "Security alerts:" + result if result!=""
+   return result
+ end
+
+ private
+
+ def filter_security_messages_already_fixed(version)
+   @security_messages.delete_if do |k,v|
+     @fixed[k] && Gem::Version.new(@fixed[k]) <= version 
+   end
+ end
+
+ def source_repo(gem)
+   if @source_repos[gem.name]
+     return @source_repos[gem.name]
+   end
+   begin
+     gem_version_information = JSON.parse(open("http://rubygems.org/api/v1/gems/#{gem.name}.json").read)
+   rescue => e
+     Utils::log_error gem.name, "There was a problem downloading info for #{gem.name} #{e.to_s}"
+     return nil
+   end
+   uri = nil
+   if gem_version_information["project_uri"] && 
+      gem_version_information["project_uri"].include?("github")
+     uri = gem_version_information["project_uri"]
+   end
+   if gem_version_information["homepage_uri"] && 
+      gem_version_information["homepage_uri"].include?("github")
+     uri = gem_version_information["homepage_uri"]
+   end
+   if gem_version_information["source_code_uri"] && 
+      gem_version_information["source_code_uri"].include?("github")
+     uri = gem_version_information["source_code_uri"]
+   end
+   return uri
+ end
+
+ def look_for_security_messages(name, source_repo, counter = 0)
+    Utils::log_debug "looking for security messages on #{source_repo}"
+    if ! File.exists?("build_security_messages_check")
+      Dir.mkdir("build_security_messages_check")
+    end
+    Dir.chdir("build_security_messages_check") do
+      if ! File.exists?(name)
+        Dir.mkdir(name)
+      end
+      Dir.chdir(name) do
+        if source_repo.include?("git")
+          scmCheckMessages = GitCheckMessages.new 
+          Utils::log_debug "git repo"
+        elsif source_repo.include?("svn")
+          scmCheckMessages = SvnCheckMessages.new
+          Utils::log_debug "svn repo"
+        elsif source_repo.include?("bitbucket")
+          scmCheckMessages = HgCheckMessages.new
+          Utils::log_debug "mercurial repo"
+        else
+          Utils::log_error name, "Not a valid source repo #{source_repo}"
+          return {}
+        end
+        @security_messages = scmCheckMessages.check_messages(name, source_repo, 
+                                        ScmSecurityMessages.new)
+      end
+    end
+ end
+
+end

data/lib/gems-status/not_native_gem_checker.rb

@@ -4,7 +4,7 @@ require 'open-uri'
 require 'gems-status/gem_checker'
 
 class NotNativeGemChecker < GemChecker
-  def NotNativeGemChecker.check?(gem)
+  def check?(gem)
     result = nil
     gem_uri = URI.parse("#{gem.gems_url}/#{gem.name}-#{gem.version}.gem" )
     uri_debug = gem_uri.clone
@@ -33,7 +33,8 @@ class NotNativeGemChecker < GemChecker
     return false unless result 
     return result.spec.extensions.empty?
   end
-  def NotNativeGemChecker.description
+
+  def description
     "This gem is a native gem or could not get specs: "
   end
 end

data/lib/gems-status/not_rails_checker.rb

@@ -5,7 +5,7 @@ require 'gems-status/gem_checker'
 
 class NotRailsChecker < GemChecker
   RAILS_GEMS = ["rails", "railties","activesupport"]
-  def NotRailsChecker.check?(gem)
+  def check?(gem)
     return false if !gem.dependencies 
     gem.dependencies.each do |dep|
       if RAILS_GEMS.include?(dep.name)
@@ -15,7 +15,7 @@ class NotRailsChecker < GemChecker
     return true
     end
 
-  def NotRailsChecker.description
+  def description
     "This gem depends on rails or could not get spec: "
   end
 end

data/lib/gems-status/scm_check_messages.rb

@@ -0,0 +1,49 @@
+class ScmCheckMessages
+  MAX_RETRIES = 3
+  @@keys = {}
+
+  def check_messages(name, source_repo, message_checker, counter = 0)
+    begin
+      messages = messages(name, source_repo)
+      return security_alerts(name, messages, message_checker)
+    rescue => e
+      if counter == MAX_RETRIES
+        Utils::log_error name, "There was a problem checking out #{source_repo} #{e}"
+        return {}
+      else
+        Utils::log_debug "There was a problem checking out  #{source_repo} #{e}: Trying it again..."
+        return check_messages(name, source_repo, message_checker, counter + 1)
+      end
+    end
+  end
+
+private
+
+  def security_alerts(name, commits, message_checker)
+    results = {}
+    commits.each do |commit|
+      if message_checker.check_message?(message(commit))
+        Utils::log_debug "#{message(commit)}"
+        key = next_key(name)
+        Utils::log_debug "security key: #{key}"
+        results[key] = message(commit)
+      end
+    end
+    return results
+  end
+
+  def next_key(name)
+    @@keys[name] = 0 unless @@keys[name]
+    key = name + @@keys[name].to_s
+    @@keys[name] = @@keys[name] + 1
+    return key
+  end
+
+  def message(commit)
+    raise NotImplementedError 
+  end
+
+  def messages(name, source_repo)
+    raise NotImplementedError 
+  end
+end

data/lib/gems-status/scm_security_messages.rb

@@ -0,0 +1,5 @@
+class ScmSecurityMessages
+  def check_message?(msg)
+    return msg.include?("security")
+  end
+end

data/lib/gems-status/svn_check_messages.rb

@@ -0,0 +1,26 @@
+require "gems-status/scm_check_messages"
+
+class SvnCheckMessages < ScmCheckMessages
+
+private
+
+  def message(commit)
+    return commit
+  end
+
+  def messages(name, source_repo)
+    if ! File.exists?(svn_dir(source_repo))
+      `svn checkout #{source_repo}`
+    end
+    Dir.chdir(svn_dir(source_repo)) do
+      `svn update`
+      log_messages = `svn log`
+      return log_messages.split("\n")
+    end
+  end
+
+  def svn_dir(source_repo)
+    source_repo_splitted = URI.parse(source_repo).path.split("/")
+    return source_repo_splitted[-1]
+  end
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: gems-status
 version: !ruby/object:Gem::Version 
-  hash: 7
+  hash: 3
   prerelease: 
   segments: 
   - 0
-  - 6
+  - 7
   - 0
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors: 
 - Jordi Massaguer Pla
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-04-25 00:00:00 Z
+date: 2012-05-14 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: xml-simple
@@ -61,14 +61,20 @@ files:
 - lib/gems-status/lockfile_gems.rb
 - lib/gems-status/ruby_gems_gems_gem_simple.rb
 - lib/gems-status/not_native_gem_checker.rb
+- lib/gems-status/svn_check_messages.rb
 - lib/gems-status/gems_composite_command.rb
+- lib/gems-status/scm_security_messages.rb
+- lib/gems-status/scm_check_messages.rb
+- lib/gems-status/git_check_messages.rb
 - lib/gems-status/gems_status_metadata.rb
+- lib/gems-status/hg_check_messages.rb
 - lib/gems-status/gem_checker.rb
 - lib/gems-status/exists_in_upstream.rb
 - lib/gems-status/not_rails_checker.rb
 - lib/gems-status/view_results.rb
 - lib/gems-status/obs_gems.rb
 - lib/gems-status/gems_command.rb
+- lib/gems-status/not_a_security_alert_checker.rb
 - lib/gems-status/utils.rb
 - bin/gems-status
 - test/Gemfile.lock.test
@@ -81,6 +87,7 @@ files:
 - test/test-obs_gems.rb
 - test/Gemfile.lock
 - test/Gemfile
+- test/gem_graph.png
 homepage: http://github.com/jordimassaguerpla/gems-status
 licenses: []
 
@@ -110,7 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.8.15
+rubygems_version: 1.8.11
 signing_key: 
 specification_version: 3
 summary: compares rubygems from different sources