RubyGems - gems-status - Versions diffs - 0.63.0 → 0.64.0 - Mend

gems-status 0.63.0 → 0.64.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

data/VERSION +1 -1
data/bin/gems-status +24 -5
data/lib/gems-status.rb +1 -36
data/lib/gems-status/checkers/not_a_security_alert_checker.rb +50 -70
data/lib/gems-status/checkers/scm_check_messages_factory.rb +25 -0
data/lib/gems-status/gem_simple.rb +9 -2
data/lib/gems-status/runner.rb +53 -0
data/lib/gems-status/sources/lockfile_gems.rb +22 -32
data/lib/gems-status/text_view.rb +35 -23
data/lib/gems-status/utils.rb +30 -0
data/test/test-gem_simple.rb +48 -0
data/test/test-has_a_license.rb +17 -0
data/test/test-is_not_gpl.rb +28 -0
data/test/test-is_rubygems.rb +34 -0
data/test/test-lockfile_gems.rb +20 -13
data/test/test-not_a_security_alert_checker.rb +158 -0
data/test/test-runner.rb +40 -0
data/test/test-scm_check_messages.rb +40 -0
data/test/test-scm_check_messages_factory.rb +15 -0
data/test/test-scm_security_messages.rb +27 -0
data/test/test-security_alert.rb +15 -0
metadata +16 -9
data/lib/gems-status/gems_command.rb +0 -39
data/lib/gems-status/gems_composite_command.rb +0 -57
data/lib/gems-status/sources/ruby_gems_gems_gem_simple.rb +0 -46
data/test/test-gems_command.rb +0 -67
data/test/test-gems_composite_command.rb +0 -14

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.63.0
1	+ 0.64.0

data/bin/gems-status CHANGED Viewed

@@ -20,6 +20,25 @@ if !File::exists?(ARGV[0]) then
   exit
 end
+def setup_runner(conf)
+  GemsStatus::Utils::known_licenses = conf["licenses"]
+  runner = GemsStatus::Runner.new
+  c = conf["source"]
+  gems = eval("GemsStatus::#{c["classname"]}").new(c)
+  runner.source = gems
+  if conf["checkers"]
+    conf["checkers"].each do |c|
+      checker = eval("GemsStatus::#{c["classname"]}").new(c)
+     runner.add_checker(checker)
+    end
+  end
+  if conf["comments"]
+    runner.add_comments(conf["comments"])
+  end
+  return runner
+end
 conf_file = ARGV[0]
 begin
   conf = YAML::load(ERB.new(File::read(conf_file)).result)
@@ -27,9 +46,9 @@ rescue
   GemsStatus::Utils::log_error("?", "There was a problem opening #{conf_file}")
   exit
 end
-gs = GemsStatus::GemStatus.new(conf)
-gs.execute
-gs.print
-checker_r = gs.results[:checker_results]
-exit 1 if checker_r && checker_r.length > 0
+runner = setup_runner(conf)
+runner.execute
+runner.print
+exit 1 if runner.checker_results && runner.checker_results.length > 0

data/lib/gems-status.rb CHANGED Viewed

@@ -7,42 +7,7 @@ require "yaml"
 require "gems-status/gem_simple"
 require "gems-status/sources.rb"
-require "gems-status/gems_composite_command"
+require "gems-status/runner"
 require "gems-status/checkers"
-module GemsStatus
-  class GemStatus
-    def initialize(conf)
-      @conf = conf
-      Utils::known_licenses = @conf["licenses"]
-      @gems_composite_command = nil
-      @gems_composite_command = GemsCompositeCommand.new
-      c = @conf["source"]
-      gems = eval(c["classname"]).new(c)
-      @gems_composite_command.command = gems
-      if @conf["checkers"]
-        @conf["checkers"].each do |c|
-          checker = eval(c["classname"]).new(c)
-         @gems_composite_command.add_checker(checker)
-        end
-      end
-      if @conf["comments"]
-        @gems_composite_command.add_comments(@conf["comments"])
-      end
-    end
-    def execute
-      @gems_composite_command.execute
-    end
-    def results
-      {:results => @gems_composite_command.results, :checker_results => @gems_composite_command.checker_results}
-    end
-    def print
-      @gems_composite_command.print
-    end
-  end
-end

data/lib/gems-status/checkers/not_a_security_alert_checker.rb CHANGED Viewed

@@ -1,13 +1,10 @@
-require "gmail"
 require "json"
 require "open-uri"
 require "gems-status/checkers/gem_checker"
 require "gems-status/checkers/security_alert"
-require "gems-status/checkers/git_check_messages"
-require "gems-status/checkers/hg_check_messages"
-require "gems-status/checkers/svn_check_messages"
 require "gems-status/checkers/scm_security_messages"
+require "gems-status/checkers/scm_check_messages_factory"
 module GemsStatus
@@ -27,6 +24,32 @@ module GemsStatus
       @emails = Utils.download_emails(@email_username, @email_password, @mailing_lists)
     end
+    def check?(gem)
+      @gem = gem
+      #ignore upstream checks
+      return true if gem.origin == gem.gems_url
+      @security_messages = {}
+      look_in_scm(gem)
+      look_in_emails(gem)
+      filter_security_messages_already_fixed(gem.version, gem.date)
+      send_emails(gem)
+      return @security_messages.length == 0
+    end
+   def description
+     if !@gem
+       Utils::log_debug("No gem. That means that check method has not been called in NotASecurityAlertChecker")
+       return
+     end
+     message(@gem)
+   end
+   private
+    def match_name(str, name)
+      str =~ /[gem|ruby].*\b#{name}\b/ || str =~ /#{name}\b.*[gem|ruby].*\b/
+    end
     def message(gem)
       return unless gem
@@ -44,18 +67,12 @@ module GemsStatus
       return if @security_messages.length == 0
       #gems.origin == gems.gems_url if we are looking to an upstream gem,
       #for example in rubygems.org. We only care about our application gems.
+      #where the origin will be a gemfile.lock file
       return if gem.origin == gem.gems_url
       mssg = message(gem)
       @email_to.each do |email_receiver|
-        Gmail.new(@email_username, @email_password) do |gmail|
-          gmail.deliver do
-            to email_receiver
-            subject "[gems-status] security alerts for #{gem.name}"
-            text_part do
-               body mssg
-             end
-          end
-        end
+        GemsStatus::Utils.send_email(email_receiver, @email_username,
+                                     @email_password, gem.name, mssg)
       end
       Utils::log_debug "Email sent to #{@email_to} "
       Utils::log_debug "with body #{mssg} "
@@ -76,52 +93,21 @@ module GemsStatus
       "email_#{listname}_#{gem.name}_#{gem.origin}_#{email.uid}"
     end
-    def match_name(str, name)
-      str =~ /[gem|ruby].*\b#{name}\b/
-    end
     def look_in_emails(gem)
       @emails.each do |listname, emails|
         emails.each do |email|
-          if match_name(listname, gem.name)
+          if listname.strip == "rubyonrails-security@googlegroups.com" && gem.name == "rails"
             @security_messages[key_for_emails(listname, gem, email)] = SecurityAlert.new(email.subject)
             Utils::log_debug "looking for security emails: listname matches gem #{gem.name}: #{listname}"
-            next
-          end
-          if match_name(email.subject, gem.name)
+          elsif match_name(email.subject, gem.name)
             @security_messages[key_for_emails(listname, gem, email)] = SecurityAlert.new(email.subject)
             Utils::log_debug "looking for security emails: subject matches gem #{gem.name}: #{email.subject}"
-            next
           end
         end
       end
     end
-    def check?(gem)
-      @gem = gem
-      #ignore upstream checks
-      return true if gem.origin == gem.gems_url
-      @security_messages = {}
-      look_in_scm(gem)
-      look_in_emails(gem)
-      filter_security_messages_already_fixed(gem.version, gem.date)
-      send_emails(gem)
-      return @security_messages.length == 0
-    end
-   def description
-     if !@gem
-       Utils::log_debug("No gem. That means that check method has not been called in NotASecurityAlertChecker")
-       return
-     end
-     message(@gem)
-   end
-   private
    def filter_security_messages_already_fixed(version, date)
-     #TODO: let's use a database instead of having the info in yaml file
      @security_messages.delete_if do |k,v|
        @fixed[k] && Gem::Version.new(@fixed[k]) <= version
      end
@@ -140,20 +126,7 @@ module GemsStatus
        Utils::log_error gem.name, "There was a problem downloading info for #{gem.name} #{e.to_s}"
        return nil
      end
-     uri = nil
-     if gem_version_information["project_uri"] &&
-        gem_version_information["project_uri"].include?("github")
-       uri = gem_version_information["project_uri"]
-     end
-     if gem_version_information["homepage_uri"] &&
-        gem_version_information["homepage_uri"].include?("github")
-       uri = gem_version_information["homepage_uri"]
-     end
-     if gem_version_information["source_code_uri"] &&
-        gem_version_information["source_code_uri"].include?("github")
-       uri = gem_version_information["source_code_uri"]
-     end
-     return uri
+     gem_uri(gem_version_information)
    end
    def look_for_security_messages(name, source_repo, origin, counter = 0)
@@ -166,16 +139,8 @@ module GemsStatus
           Dir.mkdir(name)
         end
         Dir.chdir(name) do
-          if source_repo.include?("git")
-            scmCheckMessages = GitCheckMessages.new
-            Utils::log_debug "git repo"
-          elsif source_repo.include?("svn")
-            scmCheckMessages = SvnCheckMessages.new
-            Utils::log_debug "svn repo"
-          elsif source_repo.include?("bitbucket")
-            scmCheckMessages = HgCheckMessages.new
-            Utils::log_debug "mercurial repo"
-          else
+          scmCheckMessages = ScmCheckMessagesFactory.get_instance(source_repo)
+          if scmCheckMessages == nil
             Utils::log_error name, "Not a valid source repo #{source_repo}"
             return {}
           end
@@ -185,5 +150,20 @@ module GemsStatus
       end
    end
+   def gem_uri(gem_version_information)
+     if gem_version_information["project_uri"] &&
+        gem_version_information["project_uri"].include?("github")
+       return gem_version_information["project_uri"]
+     elsif gem_version_information["homepage_uri"] &&
+        gem_version_information["homepage_uri"].include?("github")
+       return gem_version_information["homepage_uri"]
+     elsif gem_version_information["source_code_uri"] &&
+        gem_version_information["source_code_uri"].include?("github")
+       return gem_version_information["source_code_uri"]
+     else
+       return nil
+     end
+   end
   end
 end

data/lib/gems-status/checkers/scm_check_messages_factory.rb ADDED Viewed

@@ -0,0 +1,25 @@
+require "gems-status/checkers/git_check_messages"
+require "gems-status/checkers/hg_check_messages"
+require "gems-status/checkers/svn_check_messages"
+require "gems-status/utils"
+module GemsStatus
+  class ScmCheckMessagesFactory
+     def self.get_instance(source_repo)
+       if source_repo.include?("git")
+         Utils::log_debug "git repo"
+         GitCheckMessages.new
+       elsif source_repo.include?("svn")
+         Utils::log_debug "svn repo"
+         SvnCheckMessages.new
+       elsif source_repo.include?("bitbucket")
+         Utils::log_debug "mercurial repo"
+         HgCheckMessages.new
+       else
+         nil
+       end
+     end
+  end
+end

data/lib/gems-status/gem_simple.rb CHANGED Viewed

@@ -23,9 +23,16 @@ module GemsStatus
     end
     def date
-      Utils::log_error(@name, "I do not know when #{@name} was released")
-      nil
+      Utils::download_date(@name, @version)
     end
+    def md5
+      if from_git?
+        return nil
+      end
+      Utils::download_md5(@name, @version, @gems_url)
+    end
   end
 end

data/lib/gems-status/runner.rb ADDED Viewed

@@ -0,0 +1,53 @@
+require "gems-status/gem_simple"
+require "gems-status/text_view"
+module GemsStatus
+  class Runner
+    attr_accessor :gem_list, :checker_results, :source
+    def initialize
+      @source = nil
+      @checkers = []
+      @checker_results = {}
+      @comments = {}
+      @gem_list = nil
+    end
+    def add_checker(check_object)
+      @checkers << check_object
+    end
+    def execute
+      return unless @source
+      @gem_list = @source.gem_list
+      @checkers.each do |check_object|
+        Utils::log_debug "checking #{check_object.class.name}"
+        @gem_list.each do |name, gem|
+          if !check_object.check?(gem)
+            @checker_results[name] = [] unless @checker_results[name]
+            @checker_results[name] << check_object.clone
+          end
+        end
+      end
+    end
+    def add_comments(comments)
+      @comments = comments
+    end
+    def are_there_gems?
+      return @gem_list && !@gem_list.empty?
+    end
+    def print
+      return if !are_there_gems?
+      view = TextView.new
+      view.print_head
+      ids = @source.filename
+      view.print_description(ids)
+      view.print_results(@gem_list, @checker_results, @comments)
+      view.print_tail
+    end
+  end
+end

data/lib/gems-status/sources/lockfile_gems.rb CHANGED Viewed

@@ -4,20 +4,17 @@ require "open-uri"
 require "zlib"
 require "bundler"
-require "gems-status/sources/ruby_gems_gems_gem_simple"
-require "gems-status/gems_command"
+require "gems-status/gem_simple"
 require "gems-status/utils"
 module GemsStatus
-  class LockfileGems < GemsCommand
+  class LockfileGems
     attr_reader :filename
     def initialize(conf)
-      Utils::check_parameters('LockfileGems', conf, ["id", "filename", "gems_url"])
+      Utils::check_parameters('LockfileGems', conf, ["filename", "gems_url"])
       @filename = conf['filename']
       @gems_url = conf['gems_url']
-      @result = {}
-      @ident = conf['id']
     end
     def get_data(dirname, filename)
@@ -32,43 +29,36 @@ module GemsStatus
       return data
     end
-    def update_gem_dependencies(gem)
-      Utils::log_debug("updating dependencies for #{gem.name}")
-      changes = false
-      @result.each do |k, gems|
-        gems.each do |gem2|
-          if gem.depends?(gem2)
-            changes = gem.merge_deps(gem2) || changes
-          end
-        end
-      end
-      return changes
-    end
-    def execute
+    def gem_list
+      gems = {}
       Utils::log_debug "reading #{@filename}"
       Dir.chdir(File.dirname(@filename)) do
         file_data = get_data(File::dirname(@filename), File::basename(@filename))
         if file_data.empty?
           Utils::log_error("?", "file empty #{@filename}")
-          next
+          return
         end
         lockfile = Bundler::LockfileParser.new(file_data)
         lockfile.specs.each do |spec|
-          name = spec.name
           version = Gem::Version.create(spec.version)
-          dependencies = spec.dependencies
-          Utils::log_debug "dependencies for #{name} #{dependencies}"
-          if spec.source.class.name == "Bundler::Source::Git"
-            Utils::log_debug "this comes from git #{name} #{version}"
-            gems_url = spec.source.uri
-          else
-            gems_url = @gems_url
-          end
-          @result[name] = RubyGemsGems_GemSimple.new(name, version , '', @filename,
-                                                     gems_url, dependencies)
+          Utils::log_debug "dependencies for #{spec.name} #{spec.dependencies}"
+          gems[spec.name] = GemSimple.new(spec.name, version , nil,
+                                             @filename, gems_url(spec),
+                                             spec.dependencies)
         end
       end
+      gems
+    end
+    private
+    def gems_url(spec)
+      if spec.source.class.name == "Bundler::Source::Git"
+        Utils::log_debug "this comes from git #{spec.name} #{spec.version}"
+        spec.source.uri
+      else
+        @gems_url
+      end
     end
   end
 end