gems-validator 0.4.5 → 0.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d16209b9efca50467e07927b84ae0c5520d2122e4c771b20d80849a9ac0b6345
|
|
4
|
+
data.tar.gz: 66c0f725778e57418a6c0fec52e41c98b7175446f92ea4fa9588f030a99a84ed
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ffe339575720c91f7f715961cd46d72ebaaeb9cd1160dde91554c4725399ac1c88df7e46ff1fcb2673b634a400a1fa3cc3cac48f41cdfcc91855c955955dae7e
|
|
7
|
+
data.tar.gz: 8ca4a1132a3daf930e66dfe56cc09bcd6e161cec5e777c44f60708383e160ad7263f8e69f8a96f859657029a07e895731761d6db540fa956f670c45820ae8dfb
|
|
@@ -2,6 +2,13 @@
|
|
|
2
2
|
|
|
3
3
|
module GemsValidator
|
|
4
4
|
class AuditService
|
|
5
|
+
TRANSLATE_DEFAULT_CRITICALITIES = {
|
|
6
|
+
'critical' => 'crítica',
|
|
7
|
+
'high' => 'alta',
|
|
8
|
+
'medium' => 'média',
|
|
9
|
+
'low' => 'baixa'
|
|
10
|
+
}
|
|
11
|
+
|
|
5
12
|
def initialize()
|
|
6
13
|
@pwd = Dir.pwd
|
|
7
14
|
system "bundler-audit check --format json --output #{@pwd}/bundler-audit.json"
|
|
@@ -14,15 +21,14 @@ module GemsValidator
|
|
|
14
21
|
end
|
|
15
22
|
|
|
16
23
|
private
|
|
17
|
-
def
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
Bundler.ui.warn "[GemsValidator::Warning] - A gem #{gem_vulnerabilities[0]["gem"]["name"]} na versao #{gem_vulnerabilities[0]["gem"]["version"]} apresenta #{gem_vulnerabilities.size} vulnerabilidade#{gem_vulnerabilities.size ? "s" : ""}"
|
|
24
|
+
def get_translate_criticality(criticality)
|
|
25
|
+
TRANSLATE_DEFAULT_CRITICALITIES[criticality] || 'não definido'
|
|
26
|
+
end
|
|
23
27
|
|
|
28
|
+
def generate_messages(gem_vulnerabilities)
|
|
29
|
+
GemsValidator::OutputMessage.warn("A gem #{gem_vulnerabilities[0]["gem"]["name"]} na versao #{gem_vulnerabilities[0]["gem"]["version"]} apresenta #{gem_vulnerabilities.size} vulnerabilidade#{gem_vulnerabilities.size > 1 ? "s" : ""}")
|
|
24
30
|
gem_vulnerabilities.map.with_index do |vulnerability, number|
|
|
25
|
-
|
|
31
|
+
GemsValidator::OutputMessage.warn("* Título: #{vulnerability["advisory"]["title"]} \n Nível: #{get_translate_criticality(vulnerability["advisory"]["criticality"])} \n URL: #{vulnerability["advisory"]["url"]}")
|
|
26
32
|
end
|
|
27
33
|
end
|
|
28
34
|
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module GemsValidator
|
|
4
|
+
class OutputMessage
|
|
5
|
+
def self.error(message)
|
|
6
|
+
Bundler.ui.error("[GemsValidator::Error] - #{message}")
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def self.warn(message)
|
|
10
|
+
Bundler.ui.warn("[GemsValidator::Warning] - #{message}")
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.success(message)
|
|
14
|
+
Bundler.ui.confirm("[GemsValidator::Success] - #{message}")
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -9,9 +9,9 @@ module GemsValidator
|
|
|
9
9
|
is_blocked?
|
|
10
10
|
is_pending?
|
|
11
11
|
is_allowed?
|
|
12
|
-
|
|
12
|
+
GemsValidator::OutputMessage.success("A gem #{@gem.name} está homologada e pode ser instalada!")
|
|
13
13
|
rescue => error
|
|
14
|
-
raise GemsValidator::
|
|
14
|
+
raise GemsValidator::OutputMessage.error("Não foi possível instalar a gem #{@gem.name}. Motivo: #{error.to_s}")
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
17
|
|
|
@@ -59,7 +59,7 @@ module GemsValidator
|
|
|
59
59
|
def is_deprecated?
|
|
60
60
|
if gems_from_service["allowed_gems"][@gem.name]["deprecated"]
|
|
61
61
|
message = gems_from_service["allowed_gems"][@gem.name]["deprecated_message"]
|
|
62
|
-
|
|
62
|
+
GemsValidator::OutputMessage.warn("A gem #{@gem.name} está depreciada. Motivo: #{message}")
|
|
63
63
|
end
|
|
64
64
|
end
|
|
65
65
|
|
data/lib/gems-validator.rb
CHANGED
|
@@ -5,7 +5,7 @@ require 'uri'
|
|
|
5
5
|
require 'json'
|
|
6
6
|
|
|
7
7
|
require_relative "gems-validator/audit-service"
|
|
8
|
-
require_relative "gems-validator/
|
|
8
|
+
require_relative "gems-validator/output-message"
|
|
9
9
|
require_relative "gems-validator/gems-service"
|
|
10
10
|
require_relative "gems-validator/validate"
|
|
11
11
|
require_relative "gems-validator/version"
|
|
@@ -20,7 +20,7 @@ module GemsValidator
|
|
|
20
20
|
|
|
21
21
|
Bundler::Plugin.add_hook('before-install') do |gem|
|
|
22
22
|
GemsValidator::Validate.exec(gem)
|
|
23
|
-
auditService.is_a_vulnerable_gem(gem.name)
|
|
23
|
+
auditService.is_a_vulnerable_gem?(gem.name)
|
|
24
24
|
end
|
|
25
25
|
end
|
|
26
26
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gems-validator
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- henriquesml
|
|
@@ -27,8 +27,8 @@ files:
|
|
|
27
27
|
- docker-compose.yml
|
|
28
28
|
- lib/gems-validator.rb
|
|
29
29
|
- lib/gems-validator/audit-service.rb
|
|
30
|
-
- lib/gems-validator/format-error.rb
|
|
31
30
|
- lib/gems-validator/gems-service.rb
|
|
31
|
+
- lib/gems-validator/output-message.rb
|
|
32
32
|
- lib/gems-validator/validate.rb
|
|
33
33
|
- lib/gems-validator/version.rb
|
|
34
34
|
- plugins.rb
|