gems-status 0.63.0 → 0.64.0

data/lib/gems-status/text_view.rb

@@ -11,29 +11,51 @@ module GemsStatus
       puts "---"
     end
 
-    def print_results(results, checker_results, comments)
+
+    def print_results(gem_list, checker_results, comments)
+      print_gem_list(gem_list)
+      print_gem_comments(gem_list, comments)
+      print_gem_checker_results(checker_results)
+    end
+
+    def print_head
+    end
+
+    def print_tail
+      puts "---"
+      date = Time.now.strftime('%a %b %d %H:%M:%S %Z %Y')
+      puts "run by https://github.com/jordimassaguerpla/gems-status"
+      puts "#{date} - version: #{GemsStatus::VERSION}"
+    end
+
+    private
+
+    def print_gem_list(gem_list)
       puts "Gem list"
       puts ""
-      results.each do |result|
-        result.sort.each do |_, gem|
-          puts "#{gem.name} #{gem.version} #{gem.license}"
-        end
+      gem_list.sort.each do |_, gem|
+        puts "#{gem.name} #{gem.version} #{gem.license}"
       end
       puts ""
       puts "---"
+    end
+
+    def print_gem_comments(gem_list, comments)
       puts "Comments"
       puts ""
-      results.each do |result|
-        result.sort.each do |_, gem|
-          if comments[gem.name]
-            puts "#{gem.name}:"
-            puts "#{comments[gem.name]}" 
-            puts ""
-          end
+      gem_list.sort.each do |_, gem|
+        if comments[gem.name]
+          puts "#{gem.name}:"
+          puts "#{comments[gem.name]}" 
+          puts ""
         end
       end
       puts ""
       puts "---"
+    end
+
+
+    def print_gem_checker_results(checker_results)
       if checker_results.length == 0
         puts "Checker results: SUCCESS"
       else
@@ -42,22 +64,12 @@ module GemsStatus
       puts ""
       checker_results.sort.each do |gem_name, checker_r|
         puts "#{gem_name}"
-        checker_r.each do |_, checker|
+        checker_r.each do |checker|
           puts "#{checker.description}"
         end
         puts ""
       end
     end
 
-    def print_head
-    end
-
-    def print_tail
-      puts "---"
-      date = Time.now.strftime('%a %b %d %H:%M:%S %Z %Y')
-      puts "run by https://github.com/jordimassaguerpla/gems-status"
-      puts "#{date} - version: #{GemsStatus::VERSION}"
-    end
-
   end
 end

data/lib/gems-status/utils.rb

@@ -1,5 +1,7 @@
 require "openssl"
 OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
+require "gmail"
+require "rubygems/format"
 
 module GemsStatus
   class Mail
@@ -161,6 +163,34 @@ module GemsStatus
       return license
     end
 
+    def Utils.send_email(email_receiver, email_username, email_password, name, mssg)
+        Gmail.new(email_username, email_password) do |gmail|
+          gmail.deliver do
+            to email_receiver
+            subject "[gems-status] security alerts for #{name}"
+            text_part do
+               body mssg
+             end
+          end
+        end
+    end
+
+    def Utils.download_date(name, version)
+      Utils::log_debug "looking for date for #{name} - #{version}"
+      begin
+        versions = JSON.parse(open("https://rubygems.org/api/v1/versions/#{name}.json").read)
+        versions.each do |version|
+          if Gem::Version.new(version["number"]) == version
+            Utils::log_debug  "Date for #{name} - #{version} : #{version["built_at"]}"
+            return Time.parse version["built_at"]
+          end
+        end
+      rescue
+        Utils::log_error(name, "There was a problem opening https://rubygems.org/api/v1/versions/#{name}.json")
+      end
+      nil
+    end
+
     private
 
     def Utils.download_gem(name, version, gems_url)

data/test/test-gem_simple.rb

@@ -0,0 +1,48 @@
+require './test/test-helper.rb'
+$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
+require 'test/unit'
+require 'gems-status'
+
+module GemsStatus
+  class Utils
+    def self.download_md5(name, version, gems_url)
+      "12345"
+    end
+    def self.download_license(name, version, gems_url)
+      "license"
+    end
+    def self.download_date(name, version)
+      Time.parse "2012/03/01"
+    end
+  end
+  class GemSimpleTest < Test::Unit::TestCase
+    def test_from_git
+      gs = GemSimple.new("name", "version", "md5", "origin")
+      assert !gs.from_git?
+      gs = GemSimple.new("name", "version", "md5", "origin", "git://blalba")
+      assert gs.from_git?
+    end
+
+    def test_license
+      gs = GemSimple.new("name", "version", "md5", "origin")
+      assert_equal gs.license, "license"
+      gs = GemSimple.new("name", "version", "md5", "origin", "git://blalba")
+      assert_equal gs.license, nil
+    end
+
+    def test_md5
+      gs = GemSimple.new("name", "version", "md5", "origin")
+      assert_equal gs.md5, "12345"
+      gs = GemSimple.new("name", "version", "md5", "origin", "git://blalba")
+      assert_equal gs.md5, nil
+    end
+
+    def test_date
+      gs = GemSimple.new("name", "version", "md5", "origin")
+      assert_equal gs.date, Time.parse("2012/03/01")
+      gs = GemSimple.new("name", "version", "md5", "origin", "git://blalba")
+      assert_equal gs.date, Time.parse("2012/03/01")
+    end
+
+  end
+end

data/test/test-has_a_license.rb

@@ -0,0 +1,17 @@
+require './test/test-helper.rb'
+$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
+require 'test/unit'
+require 'gems-status'
+
+module GemsStatus
+  class GemTest
+    attr_accessor :license
+  end
+  class HasALicenseTest < Test::Unit::TestCase
+    def test_check
+      gem = GemTest.new
+      gem.license = "something"
+      assert GemsStatus::HasALicense.new(nil).check?(gem)
+    end
+  end
+end

data/test/test-is_not_gpl.rb

@@ -0,0 +1,28 @@
+require './test/test-helper.rb'
+$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
+require 'test/unit'
+require 'gems-status'
+
+module GemsStatus
+  class GemTest
+    attr_accessor :license
+  end
+  class IsNotGplTest < Test::Unit::TestCase
+    def test_check
+      gem = GemTest.new
+      gem.license = "something"
+      assert GemsStatus::IsNotGpl.new(nil).check?(gem)
+      gem.license = "GPL"
+      assert !GemsStatus::IsNotGpl.new(nil).check?(gem)
+      gem.license = "GPLv2"
+      assert !GemsStatus::IsNotGpl.new(nil).check?(gem)
+      gem.license = "GPLblabla "
+      assert !GemsStatus::IsNotGpl.new(nil).check?(gem)
+    end
+
+    def test_when_there_is_no_license
+      gem = GemTest.new
+      assert GemsStatus::IsNotGpl.new(nil).check?(gem)
+    end
+  end
+end

data/test/test-is_rubygems.rb

@@ -0,0 +1,34 @@
+
+require './test/test-helper.rb'
+$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
+require 'test/unit'
+require 'gems-status'
+
+module GemsStatus
+  class Utils
+    def self.download_md5(name, version, gems_url)
+      "12345"
+    end
+    def self.download_license(name, version, gems_url)
+      "license"
+    end
+    def self.download_date(name, version)
+      Time.parse "2012/03/01"
+    end
+  end
+  class IsRubygemsTest < Test::Unit::TestCase
+    def test_check
+      ch = IsRubygems.new([])
+      gem = GemSimple.new("name", "version", "md5", "origin")
+      def gem.md5
+       return "12345"
+      end
+      assert ch.check?(gem)
+      gem = GemSimple.new("name", "version", "md5", "origin")
+      def gem.md5
+       return "_"
+      end
+      assert !ch.check?(gem)
+    end
+  end
+end

data/test/test-lockfile_gems.rb

@@ -13,36 +13,43 @@ module GemsStatus
       puts "DEBUG: dir : #{dir} #{dir.class.name}"
       @filename = "#{dir}/Gemfile.lock.test"
       @gems_url = ""
-      @result = {}
     end
   end
 
   class TestLockfileGems < Test::Unit::TestCase
    def test_get_rubygems_names
      lockfilegems = LockfileGemsTest.new
-     lockfilegems.execute
-     assert(lockfilegems.result.length == 6)
-     result = lockfilegems.result["test"].name
+     gem_list = lockfilegems.gem_list
+     assert(gem_list.length == 6)
+     result = gem_list["test"].name
      assert_equal("test",result)
-     result = lockfilegems.result["test"].version
+     result = gem_list["test"].version
      assert_equal(Gem::Version.new("0.8.6"), result)
-     result = lockfilegems.result["test2"].name
+     result = gem_list["test2"].name
      assert_equal("test2",result)
-     result = lockfilegems.result["test2"].version
+     result = gem_list["test2"].version
      assert_equal(Gem::Version.new("1.2.3"), result)
-     result = lockfilegems.result["test3"].name
+     result = gem_list["test3"].name
      assert_equal("test3",result)
-     result = lockfilegems.result["test3"].version
+     result = gem_list["test3"].version
      assert_equal(Gem::Version.new("1.2.3"), result)
-     result = lockfilegems.result["test4"].name
+     result = gem_list["test4"].name
      assert_equal("test4",result)
-     result = lockfilegems.result["test4"].version
+     result = gem_list["test4"].version
      assert_equal(Gem::Version.new("1.2.3"), result)
-     result = lockfilegems.result["from_git"].version
+     result = gem_list["from_git"].version
      assert_equal(Gem::Version.new("1.0.3"), result)
-     result = lockfilegems.result["dep_from_git"].version
+     result = gem_list["dep_from_git"].version
      assert_equal(Gem::Version.new("1.0.0"), result)
    end
+   def test_filename
+     conf = {}
+     conf["filename"] = "fn"
+     conf["gems_url"] = "gu"
+     conf["classname"] = "LockfileGems"
+     lg = GemsStatus::LockfileGems.new(conf)
+     assert_equal(lg.filename, "fn")
+   end
 
   end
 

data/test/test-not_a_security_alert_checker.rb

@@ -0,0 +1,158 @@
+require './test/test-helper.rb'
+$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
+require 'test/unit'
+require 'gems-status'
+
+module GemsStatus
+  class NotASecurityAlertChecker
+    attr_reader :security_messages, :fixed
+    attr_accessor :emails
+    def initialize(conf)
+      @security_messages = {}
+      @fixed = {}
+    end
+    public :match_name, :key_for_emails, :look_in_emails, :gem_uri, :filter_security_messages_already_fixed
+  end
+  class MockGem
+    def name
+      "NAME"
+    end
+    def origin
+      "ORG"
+    end
+    def date
+      Date.new(2012, 12, 12)
+    end
+  end
+  class MockEmail
+    def uid
+      "UID"
+    end
+    def subject
+      "subject"
+    end
+  end
+  class NotASecurityAlertCheckerTest <Test::Unit::TestCase 
+    def test_match_name
+      ch = NotASecurityAlertChecker.new([])
+      assert ch.match_name("rubygem mail", "mail")
+      assert !ch.match_name("mail","mail")
+      assert ch.match_name("ruby mail", "mail")
+      assert ch.match_name("mail gem", "mail")
+    end
+
+    def test_key_for_emails
+     ch = NotASecurityAlertChecker.new([])
+     result = ch.key_for_emails( "LN", MockGem.new, MockEmail.new)
+      assert_equal "email_LN_NAME_ORG_UID", result
+    end
+
+    def test_look_in_emails_for_rubyonrails_sec_mail
+      ch  = NotASecurityAlertChecker.new([])
+      ch.emails = {
+        "rubyonrails-security@googlegroups.com" => [MockEmail.new]
+      }
+      gem = MockGem.new
+      def gem.name
+        "rails"
+      end
+      assert_equal Hash, ch.security_messages.class
+      assert_equal 0, ch.security_messages.length
+      ch.look_in_emails(gem)
+      assert_equal Hash, ch.security_messages.class
+      assert_equal 1, ch.security_messages.length
+    end
+
+    def test_look_in_emails_for_other_mail
+      mail = MockEmail.new
+      def mail.subject
+        "gem rails"
+      end
+      ch  = NotASecurityAlertChecker.new([])
+      ch.emails = {
+        "other" => [mail]
+      }
+      gem = MockGem.new
+      def gem.name
+        "rails"
+      end
+      assert_equal Hash, ch.security_messages.class
+      assert_equal 0, ch.security_messages.length
+      ch.look_in_emails(gem)
+      assert_equal Hash, ch.security_messages.class
+      assert_equal 1, ch.security_messages.length
+    end
+
+    def test_gem_uri_with_project_uri
+      ch = NotASecurityAlertChecker.new([])
+
+      result = ch.gem_uri({"project_uri" => "github.com/a"})
+      assert_equal "github.com/a", result
+      result = ch.gem_uri({"project_uri" => "a"})
+      assert_equal nil, result
+    end
+
+    def test_gem_uri_with_homepage_url
+      ch = NotASecurityAlertChecker.new([])
+
+      result = ch.gem_uri({"homepage_uri" => "github.com/a"})
+      assert_equal "github.com/a", result
+      result = ch.gem_uri({"homepage_uri" => "a"})
+      assert_equal nil, result
+    end
+
+    def test_gem_uri_with_source_code_uri
+      ch = NotASecurityAlertChecker.new([])
+
+      result = ch.gem_uri({"source_code_uri" => "github.com/a"})
+      assert_equal "github.com/a", result
+      result = ch.gem_uri({"source_code_uri" => "a"})
+      assert_equal nil, result
+    end
+
+    def test_filter_security_messages_already_fixed_with_equal_version
+      ch = NotASecurityAlertChecker.new([])
+      gem = MockGem.new
+      ch.security_messages["key"] = gem
+      ch.fixed["key"] = "1.1.1"
+      version = Gem::Version.new("1.1.1")
+      date = Date.new(2011, 12, 12)
+      ch.filter_security_messages_already_fixed(version, date)
+      assert_equal 0, ch.security_messages.length
+    end
+
+    def test_filter_security_messages_already_fixed_with_newer_version
+      ch = NotASecurityAlertChecker.new([])
+      gem = MockGem.new
+      ch.security_messages["key"] = gem
+      ch.fixed["key"] = "1.1.0"
+      version = Gem::Version.new("1.1.1")
+      date = Date.new(2011, 12, 12)
+      ch.filter_security_messages_already_fixed(version, date)
+      assert_equal 0, ch.security_messages.length
+    end
+
+    def test_filter_security_messages_already_fixed_with_older_version
+      ch = NotASecurityAlertChecker.new([])
+      gem = MockGem.new
+      ch.security_messages["key"] = gem
+      ch.fixed["key"] = "1.1.2"
+      version = Gem::Version.new("1.1.1")
+      date = Date.new(2011, 12, 12)
+      ch.filter_security_messages_already_fixed(version, date)
+      assert_equal 1, ch.security_messages.length
+    end
+
+    def test_filter_security_messages_already_fixed_with_newer_date
+      ch = NotASecurityAlertChecker.new([])
+      gem = MockGem.new
+      ch.security_messages["key"] = gem
+      ch.fixed["key"] = "1.1.2"
+      version = Gem::Version.new("1.1.1")
+      date = Date.new(2013, 12, 12)
+      ch.filter_security_messages_already_fixed(version, date)
+      assert_equal 0, ch.security_messages.length
+    end
+
+  end
+end