gems-status 0.63.0 → 0.64.0
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/bin/gems-status +24 -5
- data/lib/gems-status.rb +1 -36
- data/lib/gems-status/checkers/not_a_security_alert_checker.rb +50 -70
- data/lib/gems-status/checkers/scm_check_messages_factory.rb +25 -0
- data/lib/gems-status/gem_simple.rb +9 -2
- data/lib/gems-status/runner.rb +53 -0
- data/lib/gems-status/sources/lockfile_gems.rb +22 -32
- data/lib/gems-status/text_view.rb +35 -23
- data/lib/gems-status/utils.rb +30 -0
- data/test/test-gem_simple.rb +48 -0
- data/test/test-has_a_license.rb +17 -0
- data/test/test-is_not_gpl.rb +28 -0
- data/test/test-is_rubygems.rb +34 -0
- data/test/test-lockfile_gems.rb +20 -13
- data/test/test-not_a_security_alert_checker.rb +158 -0
- data/test/test-runner.rb +40 -0
- data/test/test-scm_check_messages.rb +40 -0
- data/test/test-scm_check_messages_factory.rb +15 -0
- data/test/test-scm_security_messages.rb +27 -0
- data/test/test-security_alert.rb +15 -0
- metadata +16 -9
- data/lib/gems-status/gems_command.rb +0 -39
- data/lib/gems-status/gems_composite_command.rb +0 -57
- data/lib/gems-status/sources/ruby_gems_gems_gem_simple.rb +0 -46
- data/test/test-gems_command.rb +0 -67
- data/test/test-gems_composite_command.rb +0 -14
@@ -11,29 +11,51 @@ module GemsStatus
|
|
11
11
|
puts "---"
|
12
12
|
end
|
13
13
|
|
14
|
-
|
14
|
+
|
15
|
+
def print_results(gem_list, checker_results, comments)
|
16
|
+
print_gem_list(gem_list)
|
17
|
+
print_gem_comments(gem_list, comments)
|
18
|
+
print_gem_checker_results(checker_results)
|
19
|
+
end
|
20
|
+
|
21
|
+
def print_head
|
22
|
+
end
|
23
|
+
|
24
|
+
def print_tail
|
25
|
+
puts "---"
|
26
|
+
date = Time.now.strftime('%a %b %d %H:%M:%S %Z %Y')
|
27
|
+
puts "run by https://github.com/jordimassaguerpla/gems-status"
|
28
|
+
puts "#{date} - version: #{GemsStatus::VERSION}"
|
29
|
+
end
|
30
|
+
|
31
|
+
private
|
32
|
+
|
33
|
+
def print_gem_list(gem_list)
|
15
34
|
puts "Gem list"
|
16
35
|
puts ""
|
17
|
-
|
18
|
-
|
19
|
-
puts "#{gem.name} #{gem.version} #{gem.license}"
|
20
|
-
end
|
36
|
+
gem_list.sort.each do |_, gem|
|
37
|
+
puts "#{gem.name} #{gem.version} #{gem.license}"
|
21
38
|
end
|
22
39
|
puts ""
|
23
40
|
puts "---"
|
41
|
+
end
|
42
|
+
|
43
|
+
def print_gem_comments(gem_list, comments)
|
24
44
|
puts "Comments"
|
25
45
|
puts ""
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
puts ""
|
32
|
-
end
|
46
|
+
gem_list.sort.each do |_, gem|
|
47
|
+
if comments[gem.name]
|
48
|
+
puts "#{gem.name}:"
|
49
|
+
puts "#{comments[gem.name]}"
|
50
|
+
puts ""
|
33
51
|
end
|
34
52
|
end
|
35
53
|
puts ""
|
36
54
|
puts "---"
|
55
|
+
end
|
56
|
+
|
57
|
+
|
58
|
+
def print_gem_checker_results(checker_results)
|
37
59
|
if checker_results.length == 0
|
38
60
|
puts "Checker results: SUCCESS"
|
39
61
|
else
|
@@ -42,22 +64,12 @@ module GemsStatus
|
|
42
64
|
puts ""
|
43
65
|
checker_results.sort.each do |gem_name, checker_r|
|
44
66
|
puts "#{gem_name}"
|
45
|
-
checker_r.each do |
|
67
|
+
checker_r.each do |checker|
|
46
68
|
puts "#{checker.description}"
|
47
69
|
end
|
48
70
|
puts ""
|
49
71
|
end
|
50
72
|
end
|
51
73
|
|
52
|
-
def print_head
|
53
|
-
end
|
54
|
-
|
55
|
-
def print_tail
|
56
|
-
puts "---"
|
57
|
-
date = Time.now.strftime('%a %b %d %H:%M:%S %Z %Y')
|
58
|
-
puts "run by https://github.com/jordimassaguerpla/gems-status"
|
59
|
-
puts "#{date} - version: #{GemsStatus::VERSION}"
|
60
|
-
end
|
61
|
-
|
62
74
|
end
|
63
75
|
end
|
data/lib/gems-status/utils.rb
CHANGED
@@ -1,5 +1,7 @@
|
|
1
1
|
require "openssl"
|
2
2
|
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
|
3
|
+
require "gmail"
|
4
|
+
require "rubygems/format"
|
3
5
|
|
4
6
|
module GemsStatus
|
5
7
|
class Mail
|
@@ -161,6 +163,34 @@ module GemsStatus
|
|
161
163
|
return license
|
162
164
|
end
|
163
165
|
|
166
|
+
def Utils.send_email(email_receiver, email_username, email_password, name, mssg)
|
167
|
+
Gmail.new(email_username, email_password) do |gmail|
|
168
|
+
gmail.deliver do
|
169
|
+
to email_receiver
|
170
|
+
subject "[gems-status] security alerts for #{name}"
|
171
|
+
text_part do
|
172
|
+
body mssg
|
173
|
+
end
|
174
|
+
end
|
175
|
+
end
|
176
|
+
end
|
177
|
+
|
178
|
+
def Utils.download_date(name, version)
|
179
|
+
Utils::log_debug "looking for date for #{name} - #{version}"
|
180
|
+
begin
|
181
|
+
versions = JSON.parse(open("https://rubygems.org/api/v1/versions/#{name}.json").read)
|
182
|
+
versions.each do |version|
|
183
|
+
if Gem::Version.new(version["number"]) == version
|
184
|
+
Utils::log_debug "Date for #{name} - #{version} : #{version["built_at"]}"
|
185
|
+
return Time.parse version["built_at"]
|
186
|
+
end
|
187
|
+
end
|
188
|
+
rescue
|
189
|
+
Utils::log_error(name, "There was a problem opening https://rubygems.org/api/v1/versions/#{name}.json")
|
190
|
+
end
|
191
|
+
nil
|
192
|
+
end
|
193
|
+
|
164
194
|
private
|
165
195
|
|
166
196
|
def Utils.download_gem(name, version, gems_url)
|
@@ -0,0 +1,48 @@
|
|
1
|
+
require './test/test-helper.rb'
|
2
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
|
+
require 'test/unit'
|
4
|
+
require 'gems-status'
|
5
|
+
|
6
|
+
module GemsStatus
|
7
|
+
class Utils
|
8
|
+
def self.download_md5(name, version, gems_url)
|
9
|
+
"12345"
|
10
|
+
end
|
11
|
+
def self.download_license(name, version, gems_url)
|
12
|
+
"license"
|
13
|
+
end
|
14
|
+
def self.download_date(name, version)
|
15
|
+
Time.parse "2012/03/01"
|
16
|
+
end
|
17
|
+
end
|
18
|
+
class GemSimpleTest < Test::Unit::TestCase
|
19
|
+
def test_from_git
|
20
|
+
gs = GemSimple.new("name", "version", "md5", "origin")
|
21
|
+
assert !gs.from_git?
|
22
|
+
gs = GemSimple.new("name", "version", "md5", "origin", "git://blalba")
|
23
|
+
assert gs.from_git?
|
24
|
+
end
|
25
|
+
|
26
|
+
def test_license
|
27
|
+
gs = GemSimple.new("name", "version", "md5", "origin")
|
28
|
+
assert_equal gs.license, "license"
|
29
|
+
gs = GemSimple.new("name", "version", "md5", "origin", "git://blalba")
|
30
|
+
assert_equal gs.license, nil
|
31
|
+
end
|
32
|
+
|
33
|
+
def test_md5
|
34
|
+
gs = GemSimple.new("name", "version", "md5", "origin")
|
35
|
+
assert_equal gs.md5, "12345"
|
36
|
+
gs = GemSimple.new("name", "version", "md5", "origin", "git://blalba")
|
37
|
+
assert_equal gs.md5, nil
|
38
|
+
end
|
39
|
+
|
40
|
+
def test_date
|
41
|
+
gs = GemSimple.new("name", "version", "md5", "origin")
|
42
|
+
assert_equal gs.date, Time.parse("2012/03/01")
|
43
|
+
gs = GemSimple.new("name", "version", "md5", "origin", "git://blalba")
|
44
|
+
assert_equal gs.date, Time.parse("2012/03/01")
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
require './test/test-helper.rb'
|
2
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
|
+
require 'test/unit'
|
4
|
+
require 'gems-status'
|
5
|
+
|
6
|
+
module GemsStatus
|
7
|
+
class GemTest
|
8
|
+
attr_accessor :license
|
9
|
+
end
|
10
|
+
class HasALicenseTest < Test::Unit::TestCase
|
11
|
+
def test_check
|
12
|
+
gem = GemTest.new
|
13
|
+
gem.license = "something"
|
14
|
+
assert GemsStatus::HasALicense.new(nil).check?(gem)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
require './test/test-helper.rb'
|
2
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
|
+
require 'test/unit'
|
4
|
+
require 'gems-status'
|
5
|
+
|
6
|
+
module GemsStatus
|
7
|
+
class GemTest
|
8
|
+
attr_accessor :license
|
9
|
+
end
|
10
|
+
class IsNotGplTest < Test::Unit::TestCase
|
11
|
+
def test_check
|
12
|
+
gem = GemTest.new
|
13
|
+
gem.license = "something"
|
14
|
+
assert GemsStatus::IsNotGpl.new(nil).check?(gem)
|
15
|
+
gem.license = "GPL"
|
16
|
+
assert !GemsStatus::IsNotGpl.new(nil).check?(gem)
|
17
|
+
gem.license = "GPLv2"
|
18
|
+
assert !GemsStatus::IsNotGpl.new(nil).check?(gem)
|
19
|
+
gem.license = "GPLblabla "
|
20
|
+
assert !GemsStatus::IsNotGpl.new(nil).check?(gem)
|
21
|
+
end
|
22
|
+
|
23
|
+
def test_when_there_is_no_license
|
24
|
+
gem = GemTest.new
|
25
|
+
assert GemsStatus::IsNotGpl.new(nil).check?(gem)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
|
2
|
+
require './test/test-helper.rb'
|
3
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
4
|
+
require 'test/unit'
|
5
|
+
require 'gems-status'
|
6
|
+
|
7
|
+
module GemsStatus
|
8
|
+
class Utils
|
9
|
+
def self.download_md5(name, version, gems_url)
|
10
|
+
"12345"
|
11
|
+
end
|
12
|
+
def self.download_license(name, version, gems_url)
|
13
|
+
"license"
|
14
|
+
end
|
15
|
+
def self.download_date(name, version)
|
16
|
+
Time.parse "2012/03/01"
|
17
|
+
end
|
18
|
+
end
|
19
|
+
class IsRubygemsTest < Test::Unit::TestCase
|
20
|
+
def test_check
|
21
|
+
ch = IsRubygems.new([])
|
22
|
+
gem = GemSimple.new("name", "version", "md5", "origin")
|
23
|
+
def gem.md5
|
24
|
+
return "12345"
|
25
|
+
end
|
26
|
+
assert ch.check?(gem)
|
27
|
+
gem = GemSimple.new("name", "version", "md5", "origin")
|
28
|
+
def gem.md5
|
29
|
+
return "_"
|
30
|
+
end
|
31
|
+
assert !ch.check?(gem)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
data/test/test-lockfile_gems.rb
CHANGED
@@ -13,36 +13,43 @@ module GemsStatus
|
|
13
13
|
puts "DEBUG: dir : #{dir} #{dir.class.name}"
|
14
14
|
@filename = "#{dir}/Gemfile.lock.test"
|
15
15
|
@gems_url = ""
|
16
|
-
@result = {}
|
17
16
|
end
|
18
17
|
end
|
19
18
|
|
20
19
|
class TestLockfileGems < Test::Unit::TestCase
|
21
20
|
def test_get_rubygems_names
|
22
21
|
lockfilegems = LockfileGemsTest.new
|
23
|
-
lockfilegems.
|
24
|
-
assert(
|
25
|
-
result =
|
22
|
+
gem_list = lockfilegems.gem_list
|
23
|
+
assert(gem_list.length == 6)
|
24
|
+
result = gem_list["test"].name
|
26
25
|
assert_equal("test",result)
|
27
|
-
result =
|
26
|
+
result = gem_list["test"].version
|
28
27
|
assert_equal(Gem::Version.new("0.8.6"), result)
|
29
|
-
result =
|
28
|
+
result = gem_list["test2"].name
|
30
29
|
assert_equal("test2",result)
|
31
|
-
result =
|
30
|
+
result = gem_list["test2"].version
|
32
31
|
assert_equal(Gem::Version.new("1.2.3"), result)
|
33
|
-
result =
|
32
|
+
result = gem_list["test3"].name
|
34
33
|
assert_equal("test3",result)
|
35
|
-
result =
|
34
|
+
result = gem_list["test3"].version
|
36
35
|
assert_equal(Gem::Version.new("1.2.3"), result)
|
37
|
-
result =
|
36
|
+
result = gem_list["test4"].name
|
38
37
|
assert_equal("test4",result)
|
39
|
-
result =
|
38
|
+
result = gem_list["test4"].version
|
40
39
|
assert_equal(Gem::Version.new("1.2.3"), result)
|
41
|
-
result =
|
40
|
+
result = gem_list["from_git"].version
|
42
41
|
assert_equal(Gem::Version.new("1.0.3"), result)
|
43
|
-
result =
|
42
|
+
result = gem_list["dep_from_git"].version
|
44
43
|
assert_equal(Gem::Version.new("1.0.0"), result)
|
45
44
|
end
|
45
|
+
def test_filename
|
46
|
+
conf = {}
|
47
|
+
conf["filename"] = "fn"
|
48
|
+
conf["gems_url"] = "gu"
|
49
|
+
conf["classname"] = "LockfileGems"
|
50
|
+
lg = GemsStatus::LockfileGems.new(conf)
|
51
|
+
assert_equal(lg.filename, "fn")
|
52
|
+
end
|
46
53
|
|
47
54
|
end
|
48
55
|
|
@@ -0,0 +1,158 @@
|
|
1
|
+
require './test/test-helper.rb'
|
2
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
|
+
require 'test/unit'
|
4
|
+
require 'gems-status'
|
5
|
+
|
6
|
+
module GemsStatus
|
7
|
+
class NotASecurityAlertChecker
|
8
|
+
attr_reader :security_messages, :fixed
|
9
|
+
attr_accessor :emails
|
10
|
+
def initialize(conf)
|
11
|
+
@security_messages = {}
|
12
|
+
@fixed = {}
|
13
|
+
end
|
14
|
+
public :match_name, :key_for_emails, :look_in_emails, :gem_uri, :filter_security_messages_already_fixed
|
15
|
+
end
|
16
|
+
class MockGem
|
17
|
+
def name
|
18
|
+
"NAME"
|
19
|
+
end
|
20
|
+
def origin
|
21
|
+
"ORG"
|
22
|
+
end
|
23
|
+
def date
|
24
|
+
Date.new(2012, 12, 12)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
class MockEmail
|
28
|
+
def uid
|
29
|
+
"UID"
|
30
|
+
end
|
31
|
+
def subject
|
32
|
+
"subject"
|
33
|
+
end
|
34
|
+
end
|
35
|
+
class NotASecurityAlertCheckerTest <Test::Unit::TestCase
|
36
|
+
def test_match_name
|
37
|
+
ch = NotASecurityAlertChecker.new([])
|
38
|
+
assert ch.match_name("rubygem mail", "mail")
|
39
|
+
assert !ch.match_name("mail","mail")
|
40
|
+
assert ch.match_name("ruby mail", "mail")
|
41
|
+
assert ch.match_name("mail gem", "mail")
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_key_for_emails
|
45
|
+
ch = NotASecurityAlertChecker.new([])
|
46
|
+
result = ch.key_for_emails( "LN", MockGem.new, MockEmail.new)
|
47
|
+
assert_equal "email_LN_NAME_ORG_UID", result
|
48
|
+
end
|
49
|
+
|
50
|
+
def test_look_in_emails_for_rubyonrails_sec_mail
|
51
|
+
ch = NotASecurityAlertChecker.new([])
|
52
|
+
ch.emails = {
|
53
|
+
"rubyonrails-security@googlegroups.com" => [MockEmail.new]
|
54
|
+
}
|
55
|
+
gem = MockGem.new
|
56
|
+
def gem.name
|
57
|
+
"rails"
|
58
|
+
end
|
59
|
+
assert_equal Hash, ch.security_messages.class
|
60
|
+
assert_equal 0, ch.security_messages.length
|
61
|
+
ch.look_in_emails(gem)
|
62
|
+
assert_equal Hash, ch.security_messages.class
|
63
|
+
assert_equal 1, ch.security_messages.length
|
64
|
+
end
|
65
|
+
|
66
|
+
def test_look_in_emails_for_other_mail
|
67
|
+
mail = MockEmail.new
|
68
|
+
def mail.subject
|
69
|
+
"gem rails"
|
70
|
+
end
|
71
|
+
ch = NotASecurityAlertChecker.new([])
|
72
|
+
ch.emails = {
|
73
|
+
"other" => [mail]
|
74
|
+
}
|
75
|
+
gem = MockGem.new
|
76
|
+
def gem.name
|
77
|
+
"rails"
|
78
|
+
end
|
79
|
+
assert_equal Hash, ch.security_messages.class
|
80
|
+
assert_equal 0, ch.security_messages.length
|
81
|
+
ch.look_in_emails(gem)
|
82
|
+
assert_equal Hash, ch.security_messages.class
|
83
|
+
assert_equal 1, ch.security_messages.length
|
84
|
+
end
|
85
|
+
|
86
|
+
def test_gem_uri_with_project_uri
|
87
|
+
ch = NotASecurityAlertChecker.new([])
|
88
|
+
|
89
|
+
result = ch.gem_uri({"project_uri" => "github.com/a"})
|
90
|
+
assert_equal "github.com/a", result
|
91
|
+
result = ch.gem_uri({"project_uri" => "a"})
|
92
|
+
assert_equal nil, result
|
93
|
+
end
|
94
|
+
|
95
|
+
def test_gem_uri_with_homepage_url
|
96
|
+
ch = NotASecurityAlertChecker.new([])
|
97
|
+
|
98
|
+
result = ch.gem_uri({"homepage_uri" => "github.com/a"})
|
99
|
+
assert_equal "github.com/a", result
|
100
|
+
result = ch.gem_uri({"homepage_uri" => "a"})
|
101
|
+
assert_equal nil, result
|
102
|
+
end
|
103
|
+
|
104
|
+
def test_gem_uri_with_source_code_uri
|
105
|
+
ch = NotASecurityAlertChecker.new([])
|
106
|
+
|
107
|
+
result = ch.gem_uri({"source_code_uri" => "github.com/a"})
|
108
|
+
assert_equal "github.com/a", result
|
109
|
+
result = ch.gem_uri({"source_code_uri" => "a"})
|
110
|
+
assert_equal nil, result
|
111
|
+
end
|
112
|
+
|
113
|
+
def test_filter_security_messages_already_fixed_with_equal_version
|
114
|
+
ch = NotASecurityAlertChecker.new([])
|
115
|
+
gem = MockGem.new
|
116
|
+
ch.security_messages["key"] = gem
|
117
|
+
ch.fixed["key"] = "1.1.1"
|
118
|
+
version = Gem::Version.new("1.1.1")
|
119
|
+
date = Date.new(2011, 12, 12)
|
120
|
+
ch.filter_security_messages_already_fixed(version, date)
|
121
|
+
assert_equal 0, ch.security_messages.length
|
122
|
+
end
|
123
|
+
|
124
|
+
def test_filter_security_messages_already_fixed_with_newer_version
|
125
|
+
ch = NotASecurityAlertChecker.new([])
|
126
|
+
gem = MockGem.new
|
127
|
+
ch.security_messages["key"] = gem
|
128
|
+
ch.fixed["key"] = "1.1.0"
|
129
|
+
version = Gem::Version.new("1.1.1")
|
130
|
+
date = Date.new(2011, 12, 12)
|
131
|
+
ch.filter_security_messages_already_fixed(version, date)
|
132
|
+
assert_equal 0, ch.security_messages.length
|
133
|
+
end
|
134
|
+
|
135
|
+
def test_filter_security_messages_already_fixed_with_older_version
|
136
|
+
ch = NotASecurityAlertChecker.new([])
|
137
|
+
gem = MockGem.new
|
138
|
+
ch.security_messages["key"] = gem
|
139
|
+
ch.fixed["key"] = "1.1.2"
|
140
|
+
version = Gem::Version.new("1.1.1")
|
141
|
+
date = Date.new(2011, 12, 12)
|
142
|
+
ch.filter_security_messages_already_fixed(version, date)
|
143
|
+
assert_equal 1, ch.security_messages.length
|
144
|
+
end
|
145
|
+
|
146
|
+
def test_filter_security_messages_already_fixed_with_newer_date
|
147
|
+
ch = NotASecurityAlertChecker.new([])
|
148
|
+
gem = MockGem.new
|
149
|
+
ch.security_messages["key"] = gem
|
150
|
+
ch.fixed["key"] = "1.1.2"
|
151
|
+
version = Gem::Version.new("1.1.1")
|
152
|
+
date = Date.new(2013, 12, 12)
|
153
|
+
ch.filter_security_messages_already_fixed(version, date)
|
154
|
+
assert_equal 0, ch.security_messages.length
|
155
|
+
end
|
156
|
+
|
157
|
+
end
|
158
|
+
end
|