gems-validator 0.4.3 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 370c6f5fa08850cc91cf25127eb0dbf1c01ac9222a9338f88b5bebaf3d4bdb01
|
|
4
|
+
data.tar.gz: 5aad4c4cb344573179a5891b580c1caa0e977c6e7bcaaba84cee717757093ebd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ef8e9e30874bae83d9a21e624e5e5720909749dd406ab899b5f3c3a71cf2daed194cb993274a0e8b8beb342684d19d6c0a3ac0a41223fc0dc1c2080445a9d057
|
|
7
|
+
data.tar.gz: c10fb16dfeaa29954f2c198fd1f79828aff45284dff1d1dabf88b2f14eb58141f8b5e75a14ec0d4e9821ce3ba372672cd4c2dee5cd2747e86389b45d3e54fb02
|
|
@@ -3,7 +3,8 @@
|
|
|
3
3
|
module GemsValidator
|
|
4
4
|
class AuditService
|
|
5
5
|
def initialize()
|
|
6
|
-
|
|
6
|
+
@pwd = Dir.pwd
|
|
7
|
+
system "bundler-audit check --format json --output #{@pwd}/bundler-audit.json"
|
|
7
8
|
@read_file = read_parsed_file
|
|
8
9
|
end
|
|
9
10
|
|
|
@@ -18,15 +19,14 @@ module GemsValidator
|
|
|
18
19
|
return Bundler.ui.confirm "[GemsValidator::Success] - A gem não apresenta nenhum vulnerabilidade!"
|
|
19
20
|
end
|
|
20
21
|
|
|
21
|
-
|
|
22
|
-
|
|
22
|
+
GemsValidator::OutputMessage.warn("A gem #{gem_vulnerabilities[0]["gem"]["name"]} na versao #{gem_vulnerabilities[0]["gem"]["version"]} apresenta #{gem_vulnerabilities.size} vulnerabilidade#{gem_vulnerabilities.size ? "s" : ""}")
|
|
23
23
|
gem_vulnerabilities.map.with_index do |vulnerability, number|
|
|
24
|
-
|
|
24
|
+
GemsValidator::OutputMessage.warn("#{number+1} -> #{vulnerability["advisory"]["title"]} \n Nivel: #{vulnerability["advisory"]["criticality"]} \n URL da issue: #{vulnerability["advisory"]["url"]}")
|
|
25
25
|
end
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
def read_parsed_file
|
|
29
|
-
file = File.read(
|
|
29
|
+
file = File.read("#{@pwd}/bundler-audit.json")
|
|
30
30
|
parsed_file = JSON.parse(file)
|
|
31
31
|
end
|
|
32
32
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module GemsValidator
|
|
4
|
+
class OutputMessage
|
|
5
|
+
def self.error(message)
|
|
6
|
+
Bundler.ui.error("[GemsValidator::Error] - #{message}")
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def self.warn(message)
|
|
10
|
+
Bundler.ui.warn("[GemsValidator::Warning] - #{message}")
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.success(message)
|
|
14
|
+
Bundler.ui.confirm("[GemsValidator::Success] - #{message}")
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -9,9 +9,9 @@ module GemsValidator
|
|
|
9
9
|
is_blocked?
|
|
10
10
|
is_pending?
|
|
11
11
|
is_allowed?
|
|
12
|
-
|
|
12
|
+
GemsValidator::OutputMessage.success("A gem #{@gem.name} está homologada e pode ser instalada!")
|
|
13
13
|
rescue => error
|
|
14
|
-
raise GemsValidator::
|
|
14
|
+
raise GemsValidator::OutputMessage.error("Não foi possível instalar a gem #{@gem.name}. Motivo: #{error.to_s}")
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
17
|
|
|
@@ -59,7 +59,7 @@ module GemsValidator
|
|
|
59
59
|
def is_deprecated?
|
|
60
60
|
if gems_from_service["allowed_gems"][@gem.name]["deprecated"]
|
|
61
61
|
message = gems_from_service["allowed_gems"][@gem.name]["deprecated_message"]
|
|
62
|
-
|
|
62
|
+
GemsValidator::OutputMessage.warn("A gem #{@gem.name} está depreciada. Motivo: #{message}")
|
|
63
63
|
end
|
|
64
64
|
end
|
|
65
65
|
|
data/lib/gems-validator.rb
CHANGED
|
@@ -5,7 +5,7 @@ require 'uri'
|
|
|
5
5
|
require 'json'
|
|
6
6
|
|
|
7
7
|
require_relative "gems-validator/audit-service"
|
|
8
|
-
require_relative "gems-validator/
|
|
8
|
+
require_relative "gems-validator/output-message"
|
|
9
9
|
require_relative "gems-validator/gems-service"
|
|
10
10
|
require_relative "gems-validator/validate"
|
|
11
11
|
require_relative "gems-validator/version"
|
|
@@ -16,11 +16,11 @@ module GemsValidator
|
|
|
16
16
|
return if defined?(@registered) && @registered
|
|
17
17
|
@registered = true
|
|
18
18
|
|
|
19
|
-
GemsValidator::AuditService.new
|
|
19
|
+
auditService = GemsValidator::AuditService.new
|
|
20
20
|
|
|
21
21
|
Bundler::Plugin.add_hook('before-install') do |gem|
|
|
22
22
|
GemsValidator::Validate.exec(gem)
|
|
23
|
-
|
|
23
|
+
auditService.is_a_vulnerable_gem?(gem.name)
|
|
24
24
|
end
|
|
25
25
|
end
|
|
26
26
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gems-validator
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- henriquesml
|
|
@@ -27,8 +27,8 @@ files:
|
|
|
27
27
|
- docker-compose.yml
|
|
28
28
|
- lib/gems-validator.rb
|
|
29
29
|
- lib/gems-validator/audit-service.rb
|
|
30
|
-
- lib/gems-validator/format-error.rb
|
|
31
30
|
- lib/gems-validator/gems-service.rb
|
|
31
|
+
- lib/gems-validator/output-message.rb
|
|
32
32
|
- lib/gems-validator/validate.rb
|
|
33
33
|
- lib/gems-validator/version.rb
|
|
34
34
|
- plugins.rb
|