RubyGems - gems-validator - Versions diffs - 0.4.0 → 0.4.4 - Mend

gems-validator 0.4.0 → 0.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/Gemfile +1 -0
data/Gemfile.lock +24 -0
data/lib/gems-validator/audit-service.rb +34 -0
data/lib/gems-validator/gems-service.rb +1 -1
data/lib/gems-validator/validate.rb +15 -7
data/lib/gems-validator/version.rb +1 -1
data/lib/gems-validator.rb +8 -4
metadata +5 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd766d16712cec21ba9dbf14c12ca843d91f214b386e5708fec6d82c188d217f
-  data.tar.gz: 288989358252c40880b504fb9acb869e90e66ea8ee03f30b3674951dca90f718
+  metadata.gz: bfd35451ef8cb25ffdb401f920012fdc857b5c378c38d96a0272a3817cd10c45
+  data.tar.gz: cee5beec7c38bef5a379955591e33e209768302c3c096994f9c7288f2e463e7c
 SHA512:
-  metadata.gz: 12a59226c122804fc1d95d15d56463ffff1d1dc64356cc1956fbf80da89d15732644743f023f5b789cb48958761dd0f6c28293de187ef4eb1241fa0b44339f86
-  data.tar.gz: b2d33a09a58ea98a258964aab01dbab3db7b3b83d7d8cf18bbc6ac1390727f06b3f3d552914e757a79d1b6dbdc3424d8297f66cb76e06b69529de62d9990e361
+  metadata.gz: 2c7595d8c25136edb0d1f20228144283be27417c5b432ea65cc10d17a2a845f73944b2ce10d51b960479e3dad481f1cd00a06a07f730c5a0cbeaad3890a9783d
+  data.tar.gz: 7293be71c2c38410fcfb59e94b037f67210db6424286b83d106ef24833b4dd35e01aa1ecb97692af4ee1eb082dc0a1152350fa245f139b8a5e69fb95b96bbdaa

data/Gemfile CHANGED Viewed

@@ -6,3 +6,4 @@ source "https://rubygems.org"
 gemspec
 gem "rake", "~> 13.0"
+gem "bundler-audit"

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,24 @@
+PATH
+  remote: .
+  specs:
+    gems-validator (0.4.3)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    bundler-audit (0.9.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
+    rake (13.0.6)
+    thor (1.2.1)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler-audit
+  gems-validator!
+  rake (~> 13.0)
+BUNDLED WITH
+   1.17.3

data/lib/gems-validator/audit-service.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module GemsValidator
+  class AuditService
+    def initialize()
+      @pwd = Dir.pwd
+      system "bundler-audit check --format json --output #{@pwd}/bundler-audit.json"
+      @read_file = read_parsed_file
+    end
+    def is_a_vulnerable_gem?(gem_name)
+      gem_vulnerabilities = @read_file["results"].select { |item| item["gem"]["name"] == gem_name }
+      generate_messages(gem_vulnerabilities)
+    end
+    private
+    def generate_messages(gem_vulnerabilities)
+      if (gem_vulnerabilities.empty?)
+        return Bundler.ui.confirm "[GemsValidator::Success] - A gem não apresenta nenhum vulnerabilidade!"
+      end
+      Bundler.ui.warn "[GemsValidator::Warning] - A gem #{gem_vulnerabilities[0]["gem"]["name"]} na versao #{gem_vulnerabilities[0]["gem"]["version"]} apresenta #{gem_vulnerabilities.size} vulnerabilidade#{gem_vulnerabilities.size ? "s" : ""}"
+      gem_vulnerabilities.map.with_index do |vulnerability, number|
+        Bundler.ui.warn "#{number+1} -> #{vulnerability["advisory"]["title"]} \n Nivel: #{vulnerability["advisory"]["criticality"]} \n URL da issue: #{vulnerability["advisory"]["url"]}"
+      end
+    end
+    def read_parsed_file
+      file = File.read("#{@pwd}/bundler-audit.json")
+      parsed_file = JSON.parse(file)
+    end
+  end
+end

data/lib/gems-validator/gems-service.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module GemsValidator
     # Response:
     # {
-    #   available_gems: {
+    #   allowed_gems: {
     #     [name]: {
     #       approved_at: Date,
     #       version?: String

data/lib/gems-validator/validate.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module GemsValidator
         begin
           is_blocked?
           is_pending?
-          is_available?
+          is_allowed?
           Bundler.ui.confirm "[GemsValidator::Success] - A gem #{@gem.name} está homologada e pode ser instalada!"
         rescue => error
           raise GemsValidator::FormatError.new(gem: @gem.name, message: error.to_s)
@@ -38,23 +38,31 @@ module GemsValidator
         end
       end
-      def is_available?
-        if gems_from_service["available_gems"].keys.include?(@gem.name)
-          is_version_available?
+      def is_allowed?
+        if gems_from_service["allowed_gems"].keys.include?(@gem.name)
+          is_version_allowed?
+          is_deprecated?
         else
           raise "Essa gem não foi homologada."
         end
       end
-      def is_version_available?
-        if gems_from_service["available_gems"][@gem.name]["version"]
-          required_version = gems_from_service["available_gems"][@gem.name]["version"]
+      def is_version_allowed?
+        if gems_from_service["allowed_gems"][@gem.name]["version"]
+          required_version = gems_from_service["allowed_gems"][@gem.name]["version"]
           if @gem.version.to_s != required_version
             raise "Essa gem só pode ser instalada na versão #{@gem.version.to_s}."
           end
         end
       end
+      def is_deprecated?
+        if gems_from_service["allowed_gems"][@gem.name]["deprecated"]
+          message = gems_from_service["allowed_gems"][@gem.name]["deprecated_message"]
+          Bundler.ui.warn "[GemsValidator::Warn] - A gem #{@gem.name} está depreciada. Motivo: #{message}"
+        end
+      end
       def gems_service
         @gems_service ||= GemsValidator::GemsService.new()
       end

data/lib/gems-validator/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module GemsValidator
-  VERSION = "0.4.0"
+  VERSION = "0.4.4"
 end

data/lib/gems-validator.rb CHANGED Viewed

@@ -4,10 +4,11 @@ require 'net/http'
 require 'uri'
 require 'json'
-require_relative "gems-validator/version"
-require_relative "gems-validator/validate"
+require_relative "gems-validator/audit-service"
 require_relative "gems-validator/format-error"
 require_relative "gems-validator/gems-service"
+require_relative "gems-validator/validate"
+require_relative "gems-validator/version"
 module GemsValidator
   class << self
@@ -15,8 +16,11 @@ module GemsValidator
       return if defined?(@registered) && @registered
       @registered = true
-      Bundler::Plugin.add_hook('before-install') do |dependencie|
-        GemsValidator::Validate.exec(dependencie)
+      GemsValidator::AuditService.new
+      Bundler::Plugin.add_hook('before-install') do |gem|
+        GemsValidator::Validate.exec(gem)
+        GemsValidator::AuditService.is_a_vulnerable_gem(gem.name)
       end
     end
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gems-validator
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.4
 platform: ruby
 authors:
 - henriquesml
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-06-21 00:00:00.000000000 Z
+date: 2022-06-24 00:00:00.000000000 Z
 dependencies: []
 description: gems-validator
 email:
@@ -20,11 +20,13 @@ files:
 - ".rspec"
 - Dockerfile
 - Gemfile
+- Gemfile.lock
 - Makefile
 - README.md
 - Rakefile
 - docker-compose.yml
 - lib/gems-validator.rb
+- lib/gems-validator/audit-service.rb
 - lib/gems-validator/format-error.rb
 - lib/gems-validator/gems-service.rb
 - lib/gems-validator/validate.rb
@@ -48,7 +50,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: gems-validator