gems-status 0.63.0 → 0.64.0
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/bin/gems-status +24 -5
- data/lib/gems-status.rb +1 -36
- data/lib/gems-status/checkers/not_a_security_alert_checker.rb +50 -70
- data/lib/gems-status/checkers/scm_check_messages_factory.rb +25 -0
- data/lib/gems-status/gem_simple.rb +9 -2
- data/lib/gems-status/runner.rb +53 -0
- data/lib/gems-status/sources/lockfile_gems.rb +22 -32
- data/lib/gems-status/text_view.rb +35 -23
- data/lib/gems-status/utils.rb +30 -0
- data/test/test-gem_simple.rb +48 -0
- data/test/test-has_a_license.rb +17 -0
- data/test/test-is_not_gpl.rb +28 -0
- data/test/test-is_rubygems.rb +34 -0
- data/test/test-lockfile_gems.rb +20 -13
- data/test/test-not_a_security_alert_checker.rb +158 -0
- data/test/test-runner.rb +40 -0
- data/test/test-scm_check_messages.rb +40 -0
- data/test/test-scm_check_messages_factory.rb +15 -0
- data/test/test-scm_security_messages.rb +27 -0
- data/test/test-security_alert.rb +15 -0
- metadata +16 -9
- data/lib/gems-status/gems_command.rb +0 -39
- data/lib/gems-status/gems_composite_command.rb +0 -57
- data/lib/gems-status/sources/ruby_gems_gems_gem_simple.rb +0 -46
- data/test/test-gems_command.rb +0 -67
- data/test/test-gems_composite_command.rb +0 -14
data/test/test-runner.rb
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
require './test/test-helper.rb'
|
2
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
|
+
require 'test/unit'
|
4
|
+
require 'gems-status'
|
5
|
+
|
6
|
+
module GemsStatus
|
7
|
+
|
8
|
+
class MockSource
|
9
|
+
def gem_list
|
10
|
+
{
|
11
|
+
"gem 1 name" => "gem 1 object",
|
12
|
+
"gem 2 name" => "gem 2 object"
|
13
|
+
}
|
14
|
+
end
|
15
|
+
end
|
16
|
+
class MockChecker
|
17
|
+
def check?(gem)
|
18
|
+
false
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
class RunnerTest < Test::Unit::TestCase
|
23
|
+
def test_a_run
|
24
|
+
runner = Runner.new
|
25
|
+
assert !runner.are_there_gems?
|
26
|
+
runner.source = MockSource.new
|
27
|
+
assert !runner.are_there_gems?
|
28
|
+
runner.add_checker(MockChecker.new)
|
29
|
+
runner.add_checker(MockChecker.new)
|
30
|
+
runner.execute
|
31
|
+
assert runner.are_there_gems?
|
32
|
+
expected = { "gem 1 name" => "gem 1 object", "gem 2 name" => "gem 2 object" }
|
33
|
+
assert_equal expected, runner.gem_list
|
34
|
+
assert_equal Array, runner.checker_results["gem 1 name"].class
|
35
|
+
assert_equal 2, runner.checker_results["gem 1 name"].length
|
36
|
+
assert_equal MockChecker, runner.checker_results["gem 1 name"][0].class
|
37
|
+
assert runner.checker_results["gem 1 name"][0] != runner.checker_results["gem 1 name"][1]
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
require './test/test-helper.rb'
|
2
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
|
+
require 'test/unit'
|
4
|
+
require 'gems-status'
|
5
|
+
|
6
|
+
module GemsStatus
|
7
|
+
class ScmCheckMessages
|
8
|
+
def commit_key(commit)
|
9
|
+
commit[0..3]
|
10
|
+
end
|
11
|
+
|
12
|
+
def message(commit)
|
13
|
+
commit
|
14
|
+
end
|
15
|
+
|
16
|
+
def messages(name, source_repo)
|
17
|
+
["#{name} - #{source_repo} - message"]
|
18
|
+
end
|
19
|
+
|
20
|
+
def date(commit)
|
21
|
+
"2012-03-12"
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
class MessageChecker
|
26
|
+
def check_message?(commit)
|
27
|
+
commit.include?("security")
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
class ScmCheckMessagesTest < Test::Unit::TestCase
|
32
|
+
def test_check_messages
|
33
|
+
scm = ScmCheckMessages.new
|
34
|
+
cm = scm.check_messages("name security", "source_repo", MessageChecker.new, "origin")
|
35
|
+
assert_equal 1, cm.length
|
36
|
+
cm = scm.check_messages("name", "source_repo", MessageChecker.new, "origin")
|
37
|
+
assert_equal 0, cm.length
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require './test/test-helper.rb'
|
2
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
|
+
require 'test/unit'
|
4
|
+
require 'gems-status'
|
5
|
+
|
6
|
+
module GemsStatus
|
7
|
+
class ScmCheckMessagesFactoryTest < Test::Unit::TestCase
|
8
|
+
def test_instance
|
9
|
+
assert_equal ScmCheckMessagesFactory.get_instance("bla"), nil
|
10
|
+
assert_equal ScmCheckMessagesFactory.get_instance("git bla").class, GemsStatus::GitCheckMessages
|
11
|
+
assert_equal ScmCheckMessagesFactory.get_instance("svn bla").class, GemsStatus::SvnCheckMessages
|
12
|
+
assert_equal ScmCheckMessagesFactory.get_instance("bitbucket bla").class, GemsStatus::HgCheckMessages
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require './test/test-helper.rb'
|
2
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
|
+
require 'test/unit'
|
4
|
+
require 'gems-status'
|
5
|
+
|
6
|
+
module GemsStatus
|
7
|
+
class TestScmSecurityMessages < Test::Unit::TestCase
|
8
|
+
def test_check_message
|
9
|
+
ssm = ScmSecurityMessages.new
|
10
|
+
assert !ssm.check_message?("bla bla")
|
11
|
+
assert ssm.check_message?("bla XSS bla")
|
12
|
+
assert ssm.check_message?("bla CSRF bla")
|
13
|
+
assert ssm.check_message?("bla cross-site bla")
|
14
|
+
assert ssm.check_message?("bla crosssite bla")
|
15
|
+
assert ssm.check_message?("bla injection bla")
|
16
|
+
assert ssm.check_message?("bla forgery bla")
|
17
|
+
assert ssm.check_message?("bla traversal bla")
|
18
|
+
assert ssm.check_message?("bla CVE bla")
|
19
|
+
assert ssm.check_message?("bla unsafe bla")
|
20
|
+
assert ssm.check_message?("bla vulnerab bla")
|
21
|
+
assert ssm.check_message?("bla risk bla")
|
22
|
+
assert ssm.check_message?("bla security bla")
|
23
|
+
assert ssm.check_message?("bla Malicious bla")
|
24
|
+
assert ssm.check_message?("bla DoS bla")
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require './test/test-helper.rb'
|
2
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
|
+
require 'test/unit'
|
4
|
+
require 'gems-status'
|
5
|
+
|
6
|
+
module GemsStatus
|
7
|
+
class SecurityAlertTest < Test::Unit::TestCase
|
8
|
+
def test_new
|
9
|
+
sa = GemsStatus::SecurityAlert.new("desc", "date")
|
10
|
+
assert sa.desc = "desc"
|
11
|
+
assert sa.date = "date"
|
12
|
+
end
|
13
|
+
|
14
|
+
end
|
15
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gems-status
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.64.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-07-
|
12
|
+
date: 2013-07-18 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: xml-simple
|
@@ -182,12 +182,11 @@ extra_rdoc_files: []
|
|
182
182
|
files:
|
183
183
|
- LICENSE
|
184
184
|
- lib/gems-status.rb
|
185
|
+
- lib/gems-status/runner.rb
|
185
186
|
- lib/gems-status/sources.rb
|
186
187
|
- lib/gems-status/checkers.rb
|
187
188
|
- lib/gems-status/gem_simple.rb
|
188
189
|
- lib/gems-status/sources/lockfile_gems.rb
|
189
|
-
- lib/gems-status/sources/ruby_gems_gems_gem_simple.rb
|
190
|
-
- lib/gems-status/gems_command.rb
|
191
190
|
- lib/gems-status/text_view.rb
|
192
191
|
- lib/gems-status/gems_status_metadata.rb
|
193
192
|
- lib/gems-status/utils.rb
|
@@ -198,20 +197,28 @@ files:
|
|
198
197
|
- lib/gems-status/checkers/scm_check_messages.rb
|
199
198
|
- lib/gems-status/checkers/svn_check_messages.rb
|
200
199
|
- lib/gems-status/checkers/not_a_security_alert_checker.rb
|
200
|
+
- lib/gems-status/checkers/scm_check_messages_factory.rb
|
201
201
|
- lib/gems-status/checkers/gem_checker.rb
|
202
202
|
- lib/gems-status/checkers/hg_check_messages.rb
|
203
203
|
- lib/gems-status/checkers/git_check_messages.rb
|
204
204
|
- lib/gems-status/checkers/is_rubygems.rb
|
205
|
-
- lib/gems-status/gems_composite_command.rb
|
206
205
|
- bin/gems-status
|
206
|
+
- test/test-scm_security_messages.rb
|
207
207
|
- test/Gemfile
|
208
|
-
- test/test-
|
208
|
+
- test/test-scm_check_messages_factory.rb
|
209
|
+
- test/test-not_a_security_alert_checker.rb
|
209
210
|
- test/Gemfile.lock
|
210
|
-
- test/test-
|
211
|
+
- test/test-scm_check_messages.rb
|
212
|
+
- test/test-is_not_gpl.rb
|
211
213
|
- test/Gemfile.lock.test
|
212
214
|
- test/test-utils.rb
|
213
215
|
- test/test-helper.rb
|
216
|
+
- test/test-has_a_license.rb
|
217
|
+
- test/test-gem_simple.rb
|
218
|
+
- test/test-security_alert.rb
|
219
|
+
- test/test-runner.rb
|
214
220
|
- test/test-lockfile_gems.rb
|
221
|
+
- test/test-is_rubygems.rb
|
215
222
|
- VERSION
|
216
223
|
homepage: http://github.com/jordimassaguerpla/gems-status
|
217
224
|
licenses:
|
@@ -228,7 +235,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
228
235
|
version: '0'
|
229
236
|
segments:
|
230
237
|
- 0
|
231
|
-
hash:
|
238
|
+
hash: -837205862980188547
|
232
239
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
233
240
|
none: false
|
234
241
|
requirements:
|
@@ -237,7 +244,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
237
244
|
version: '0'
|
238
245
|
segments:
|
239
246
|
- 0
|
240
|
-
hash:
|
247
|
+
hash: -837205862980188547
|
241
248
|
requirements: []
|
242
249
|
rubyforge_project:
|
243
250
|
rubygems_version: 1.8.25
|
@@ -1,39 +0,0 @@
|
|
1
|
-
|
2
|
-
require "gems-status/gem_simple"
|
3
|
-
|
4
|
-
module GemsStatus
|
5
|
-
|
6
|
-
class GemsCommand
|
7
|
-
attr_reader :result
|
8
|
-
attr_reader :ident
|
9
|
-
def gem_name(gem)
|
10
|
-
pos = gem.rindex(".gem")
|
11
|
-
if ! pos then
|
12
|
-
return gem
|
13
|
-
end
|
14
|
-
name = gem[0...pos]
|
15
|
-
pos = name.rindex("-")
|
16
|
-
if ! pos then
|
17
|
-
return name
|
18
|
-
end
|
19
|
-
return name[0...pos]
|
20
|
-
end
|
21
|
-
|
22
|
-
def gem_version(gem)
|
23
|
-
pos = gem.rindex(".gem")
|
24
|
-
if ! pos then
|
25
|
-
return '-1'
|
26
|
-
end
|
27
|
-
name = gem[0...pos]
|
28
|
-
pos = name.rindex("-")
|
29
|
-
if ! pos then
|
30
|
-
return '-1'
|
31
|
-
end
|
32
|
-
pos = pos + 1
|
33
|
-
return name[pos..-1]
|
34
|
-
end
|
35
|
-
|
36
|
-
def execute
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
@@ -1,57 +0,0 @@
|
|
1
|
-
require "gems-status/gem_simple"
|
2
|
-
require "gems-status/gems_command"
|
3
|
-
require "gems-status/text_view"
|
4
|
-
|
5
|
-
module GemsStatus
|
6
|
-
|
7
|
-
class GemsCompositeCommand < GemsCommand
|
8
|
-
attr_accessor :results, :checker_results, :command
|
9
|
-
|
10
|
-
def initialize
|
11
|
-
@command = []
|
12
|
-
@checkers = []
|
13
|
-
@checker_results = {}
|
14
|
-
@comments = {}
|
15
|
-
@results = []
|
16
|
-
end
|
17
|
-
|
18
|
-
def add_checker(check_object)
|
19
|
-
@checkers << check_object
|
20
|
-
end
|
21
|
-
|
22
|
-
def execute
|
23
|
-
return unless @command
|
24
|
-
@command.execute
|
25
|
-
@results << @command.result
|
26
|
-
@checkers.each do |check_object|
|
27
|
-
Utils::log_debug "checking #{check_object.class.name}"
|
28
|
-
@results.each do |gems|
|
29
|
-
gems.each do |name, gem|
|
30
|
-
if !check_object.check?(gem)
|
31
|
-
@checker_results[name] = {} unless @checker_results[name]
|
32
|
-
@checker_results[gem.name][check_object.class.name] = check_object.clone
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
def add_comments(comments)
|
40
|
-
@comments = comments
|
41
|
-
end
|
42
|
-
|
43
|
-
def are_there_results?
|
44
|
-
return @results && !@results.empty?
|
45
|
-
end
|
46
|
-
|
47
|
-
def print
|
48
|
-
return if !are_there_results?
|
49
|
-
view = TextView.new
|
50
|
-
view.print_head
|
51
|
-
ids = @command.filename
|
52
|
-
view.print_description(ids)
|
53
|
-
view.print_results(@results, @checker_results, @comments)
|
54
|
-
view.print_tail
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
@@ -1,46 +0,0 @@
|
|
1
|
-
require "rubygems/format"
|
2
|
-
require "gems-status/gem_simple"
|
3
|
-
require "time"
|
4
|
-
|
5
|
-
module GemsStatus
|
6
|
-
|
7
|
-
class RubyGemsGems_GemSimple < GemSimple
|
8
|
-
|
9
|
-
def initialize(name, version, md5, origin, gems_url, dependencies=nil)
|
10
|
-
super(name, version, nil, origin, gems_url, dependencies)
|
11
|
-
end
|
12
|
-
|
13
|
-
def license
|
14
|
-
if from_git?
|
15
|
-
return nil
|
16
|
-
end
|
17
|
-
Utils::download_license(@name, @version, @gems_url)
|
18
|
-
end
|
19
|
-
|
20
|
-
|
21
|
-
def md5
|
22
|
-
if from_git?
|
23
|
-
return nil
|
24
|
-
end
|
25
|
-
Utils::download_md5(@name, @version, @gems_url)
|
26
|
-
end
|
27
|
-
|
28
|
-
def date
|
29
|
-
Utils::log_debug "looking for date for #{@name} - #{@version}"
|
30
|
-
begin
|
31
|
-
versions = JSON.parse(open("https://rubygems.org/api/v1/versions/#{@name}.json").read)
|
32
|
-
versions.each do |version|
|
33
|
-
if Gem::Version.new(version["number"]) == @version
|
34
|
-
Utils::log_debug "Date for #{@name} - #{@version} : #{version["built_at"]}"
|
35
|
-
return Time.parse version["built_at"]
|
36
|
-
end
|
37
|
-
end
|
38
|
-
rescue
|
39
|
-
Utils::log_error(@name, "There was a problem opening https://rubygems.org/api/v1/versions/#{@name}.json")
|
40
|
-
end
|
41
|
-
nil
|
42
|
-
end
|
43
|
-
|
44
|
-
end
|
45
|
-
|
46
|
-
end
|
data/test/test-gems_command.rb
DELETED
@@ -1,67 +0,0 @@
|
|
1
|
-
require './test/test-helper.rb'
|
2
|
-
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
|
-
require 'test/unit'
|
4
|
-
require 'gems-status'
|
5
|
-
|
6
|
-
module GemsStatus
|
7
|
-
|
8
|
-
class TestGemsCommand < Test::Unit::TestCase
|
9
|
-
def test_gem_name_wrong_name
|
10
|
-
gem_name = 'wrong_name'
|
11
|
-
result = GemsCommand.new.gem_name(gem_name)
|
12
|
-
expected = gem_name
|
13
|
-
assert_equal(result, expected)
|
14
|
-
end
|
15
|
-
|
16
|
-
def test_gem_name_without_version
|
17
|
-
gem_name = 'name.gem'
|
18
|
-
result = GemsCommand.new.gem_name(gem_name)
|
19
|
-
expected = 'name'
|
20
|
-
assert_equal(result, expected)
|
21
|
-
end
|
22
|
-
|
23
|
-
def test_gem_name_simple
|
24
|
-
gem_name = 'name-1.0.0.gem'
|
25
|
-
result = GemsCommand.new.gem_name(gem_name)
|
26
|
-
expected = 'name'
|
27
|
-
assert_equal(result, expected)
|
28
|
-
end
|
29
|
-
|
30
|
-
def test_gem_name_with_dashes
|
31
|
-
gem_name = 'name-1-1.0.0.gem'
|
32
|
-
result = GemsCommand.new.gem_name(gem_name)
|
33
|
-
expected = 'name-1'
|
34
|
-
assert_equal(result, expected)
|
35
|
-
end
|
36
|
-
|
37
|
-
def test_gem_version_no_version
|
38
|
-
gem_name = 'name.gem'
|
39
|
-
result = GemsCommand.new.gem_version(gem_name)
|
40
|
-
expected = '-1'
|
41
|
-
assert_equal(result, expected)
|
42
|
-
end
|
43
|
-
|
44
|
-
def test_gem_version_wrong_name
|
45
|
-
gem_name = 'name-1.0'
|
46
|
-
result = GemsCommand.new.gem_version(gem_name)
|
47
|
-
expected = '-1'
|
48
|
-
assert_equal(result, expected)
|
49
|
-
end
|
50
|
-
|
51
|
-
def test_gem_version_simple_version
|
52
|
-
gem_name = 'name-1.0.0.gem'
|
53
|
-
result = GemsCommand.new.gem_version(gem_name)
|
54
|
-
expected = '1.0.0'
|
55
|
-
assert_equal(result, expected)
|
56
|
-
end
|
57
|
-
|
58
|
-
def test_gem_version_with_dashes
|
59
|
-
gem_name = 'name-a-1.0.0.gem'
|
60
|
-
result = GemsCommand.new.gem_version(gem_name)
|
61
|
-
expected = '1.0.0'
|
62
|
-
assert_equal(result, expected)
|
63
|
-
end
|
64
|
-
|
65
|
-
end
|
66
|
-
|
67
|
-
end
|
@@ -1,14 +0,0 @@
|
|
1
|
-
require './test/test-helper.rb'
|
2
|
-
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
3
|
-
require 'test/unit'
|
4
|
-
require 'gems-status'
|
5
|
-
|
6
|
-
module GemsStatus
|
7
|
-
|
8
|
-
class GemsCompositeCommandTest < GemsCompositeCommand
|
9
|
-
attr_accessor :results
|
10
|
-
end
|
11
|
-
|
12
|
-
class TestGemsCompositeCommand < Test::Unit::TestCase
|
13
|
-
end
|
14
|
-
end
|