gems-validator 0.4.0 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -0
  3. data/Gemfile.lock +24 -0
  4. data/lib/gems-validator/audit-service.rb +33 -0
  5. data/lib/gems-validator/gems-service.rb +1 -1
  6. data/lib/gems-validator/validate.rb +15 -7
  7. data/lib/gems-validator/version.rb +1 -1
  8. data/lib/gems-validator.rb +5 -2
  9. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fd766d16712cec21ba9dbf14c12ca843d91f214b386e5708fec6d82c188d217f
4
- data.tar.gz: 288989358252c40880b504fb9acb869e90e66ea8ee03f30b3674951dca90f718
3
+ metadata.gz: a76e6d3822ec786140734de928eaab7dca72945489b882590efcffc81047c4cd
4
+ data.tar.gz: 210e2e460dcd583a7cae39bf8ce83d9a5589ee1919351838c451ac32bb01df52
5
5
  SHA512:
6
- metadata.gz: 12a59226c122804fc1d95d15d56463ffff1d1dc64356cc1956fbf80da89d15732644743f023f5b789cb48958761dd0f6c28293de187ef4eb1241fa0b44339f86
7
- data.tar.gz: b2d33a09a58ea98a258964aab01dbab3db7b3b83d7d8cf18bbc6ac1390727f06b3f3d552914e757a79d1b6dbdc3424d8297f66cb76e06b69529de62d9990e361
6
+ metadata.gz: 875c78fe6ea29105c351cd8403fe381dbe01e0b72bf07f53192c93f060e3be94c80702e45bd798fc5ff87881e20d714b9897ed702bceaf256856bcfff2561d04
7
+ data.tar.gz: 4adcc359c08e4356d94cd1c9051e9fccbd76b5015dd1f24262438fdba829df7caa5e05dcd90685240258b1df52726bca172485903a9b67d6a542c46647ae2f90
data/Gemfile CHANGED
@@ -6,3 +6,4 @@ source "https://rubygems.org"
6
6
  gemspec
7
7
 
8
8
  gem "rake", "~> 13.0"
9
+ gem "bundler-audit"
data/Gemfile.lock ADDED
@@ -0,0 +1,24 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ gems-validator (0.4.1)
5
+
6
+ GEM
7
+ remote: https://rubygems.org/
8
+ specs:
9
+ bundler-audit (0.9.1)
10
+ bundler (>= 1.2.0, < 3)
11
+ thor (~> 1.0)
12
+ rake (13.0.6)
13
+ thor (1.2.1)
14
+
15
+ PLATFORMS
16
+ ruby
17
+
18
+ DEPENDENCIES
19
+ bundler-audit
20
+ gems-validator!
21
+ rake (~> 13.0)
22
+
23
+ BUNDLED WITH
24
+ 1.17.3
data/lib/gems-validator/audit-service.rb ADDED
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ module GemsValidator
4
+ class AuditService
5
+ def initialize()
6
+ system 'bundler-audit check --format json > bundler-audit.json'
7
+ @read_file = read_parsed_file
8
+ end
9
+
10
+ def is_a_vulnerable_gem?(gem_name)
11
+ gem_vulnerabilities = @read_file["results"].select { |item| item["gem"]["name"] == gem_name }
12
+ generate_messages(gem_vulnerabilities)
13
+ end
14
+
15
+ private
16
+ def generate_messages(gem_vulnerabilities)
17
+ if (gem_vulnerabilities.empty?)
18
+ return Bundler.ui.confirm "[GemsValidator::Success] - A gem não apresenta nenhum vulnerabilidade!"
19
+ end
20
+
21
+ Bundler.ui.warn "[GemsValidator::Error] - A gem #{gem_vulnerabilities[0]["gem"]["name"]} na versao #{gem_vulnerabilities[0]["gem"]["version"]} apresenta #{gem_vulnerabilities.size} vulnerabilidade#{gem_vulnerabilities.size ? "s" : ""}"
22
+
23
+ gem_vulnerabilities.map.with_index do |vulnerability, number|
24
+ Bundler.ui.error "#{number+1} -> #{vulnerability["advisory"]["title"]} \n Nivel: #{vulnerability["advisory"]["criticality"]} \n URL da issue: #{vulnerability["advisory"]["url"]}"
25
+ end
26
+ end
27
+
28
+ def read_parsed_file
29
+ file = File.read('bundler-audit.json')
30
+ parsed_file = JSON.parse(file)
31
+ end
32
+ end
33
+ end
data/lib/gems-validator/gems-service.rb CHANGED
@@ -8,7 +8,7 @@ module GemsValidator
8
8
 
9
9
  # Response:
10
10
  # {
11
- # available_gems: {
11
+ # allowed_gems: {
12
12
  # [name]: {
13
13
  # approved_at: Date,
14
14
  # version?: String
data/lib/gems-validator/validate.rb CHANGED
@@ -8,7 +8,7 @@ module GemsValidator
8
8
  begin
9
9
  is_blocked?
10
10
  is_pending?
11
- is_available?
11
+ is_allowed?
12
12
  Bundler.ui.confirm "[GemsValidator::Success] - A gem #{@gem.name} está homologada e pode ser instalada!"
13
13
  rescue => error
14
14
  raise GemsValidator::FormatError.new(gem: @gem.name, message: error.to_s)
@@ -38,23 +38,31 @@ module GemsValidator
38
38
  end
39
39
  end
40
40
 
41
- def is_available?
42
- if gems_from_service["available_gems"].keys.include?(@gem.name)
43
- is_version_available?
41
+ def is_allowed?
42
+ if gems_from_service["allowed_gems"].keys.include?(@gem.name)
43
+ is_version_allowed?
44
+ is_deprecated?
44
45
  else
45
46
  raise "Essa gem não foi homologada."
46
47
  end
47
48
  end
48
49
 
49
- def is_version_available?
50
- if gems_from_service["available_gems"][@gem.name]["version"]
51
- required_version = gems_from_service["available_gems"][@gem.name]["version"]
50
+ def is_version_allowed?
51
+ if gems_from_service["allowed_gems"][@gem.name]["version"]
52
+ required_version = gems_from_service["allowed_gems"][@gem.name]["version"]
52
53
  if @gem.version.to_s != required_version
53
54
  raise "Essa gem só pode ser instalada na versão #{@gem.version.to_s}."
54
55
  end
55
56
  end
56
57
  end
57
58
 
59
+ def is_deprecated?
60
+ if gems_from_service["allowed_gems"][@gem.name]["deprecated"]
61
+ message = gems_from_service["allowed_gems"][@gem.name]["deprecated_message"]
62
+ Bundler.ui.warn "[GemsValidator::Warn] - A gem #{@gem.name} está depreciada. Motivo: #{message}"
63
+ end
64
+ end
65
+
58
66
  def gems_service
59
67
  @gems_service ||= GemsValidator::GemsService.new()
60
68
  end
data/lib/gems-validator/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module GemsValidator
4
- VERSION = "0.4.0"
4
+ VERSION = "0.4.2"
5
5
  end
data/lib/gems-validator.rb CHANGED
@@ -15,8 +15,11 @@ module GemsValidator
15
15
  return if defined?(@registered) && @registered
16
16
  @registered = true
17
17
 
18
- Bundler::Plugin.add_hook('before-install') do |dependencie|
19
- GemsValidator::Validate.exec(dependencie)
18
+ GemsValidator::AuditService.new
19
+
20
+ Bundler::Plugin.add_hook('before-install') do |gem|
21
+ GemsValidator::Validate.exec(gem)
22
+ GemsValidator::AuditService.is_a_vulnerable_gem(gem.name)
20
23
  end
21
24
  end
22
25
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gems-validator
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - henriquesml
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-06-21 00:00:00.000000000 Z
11
+ date: 2022-06-24 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: gems-validator
14
14
  email:
@@ -20,11 +20,13 @@ files:
20
20
  - ".rspec"
21
21
  - Dockerfile
22
22
  - Gemfile
23
+ - Gemfile.lock
23
24
  - Makefile
24
25
  - README.md
25
26
  - Rakefile
26
27
  - docker-compose.yml
27
28
  - lib/gems-validator.rb
29
+ - lib/gems-validator/audit-service.rb
28
30
  - lib/gems-validator/format-error.rb
29
31
  - lib/gems-validator/gems-service.rb
30
32
  - lib/gems-validator/validate.rb