gems-validator 0.5.3 → 0.5.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/gems-validator/audit-service.rb +37 -13
- data/lib/gems-validator/gems-service.rb +11 -4
- data/lib/gems-validator/output-message.rb +1 -1
- data/lib/gems-validator/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e54d261632eec7a415e36a35489300056c66a8f8786ce1e3d6dad1f30378d53a
|
|
4
|
+
data.tar.gz: f60b702e16d53411618570cf52281ef9783289575ad33645063c56d93f0e034f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '083fe44173a798d6826447e343edad71bfad2cc88a1826306a53c36e7e455c077f657abceafed2ba69f84e50228ab4b36cae7e697b94d457a13170c60062c595'
|
|
7
|
+
data.tar.gz: 1db8c121adfd239b6b321cfb994d1a7b1c863447628f55ed3880475bd972669417a63261f83ef975e8e937781665bc8a8467a2e3d27cc5b8881c5a8e9eb0e974
|
data/Gemfile.lock
CHANGED
|
@@ -3,15 +3,16 @@
|
|
|
3
3
|
module GemsValidator
|
|
4
4
|
class AuditService
|
|
5
5
|
def initialize()
|
|
6
|
-
@
|
|
7
|
-
|
|
8
|
-
|
|
6
|
+
@audit_response = %x[bundler-audit check --format json]
|
|
7
|
+
parse_response()
|
|
8
|
+
|
|
9
|
+
@audit_data = {}
|
|
10
|
+
generate_data()
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
def is_a_vulnerable_gem?(gem_name)
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
generate_messages(gem_vulnerabilities)
|
|
14
|
+
unless @audit_data[gem_name][:vulnerabilities].empty?
|
|
15
|
+
generate_messages(gem_name)
|
|
15
16
|
end
|
|
16
17
|
end
|
|
17
18
|
|
|
@@ -21,16 +22,39 @@ module GemsValidator
|
|
|
21
22
|
translate_default_criticalities[criticality] || 'não definido'
|
|
22
23
|
end
|
|
23
24
|
|
|
24
|
-
def generate_messages(
|
|
25
|
-
GemsValidator::OutputMessage.warn("A gem #{
|
|
26
|
-
|
|
27
|
-
GemsValidator::OutputMessage.warn("* Título: #{vulnerability[
|
|
25
|
+
def generate_messages(gem_name)
|
|
26
|
+
GemsValidator::OutputMessage.warn("A gem #{@audit_data[gem_name][:name]} na versao #{@audit_data[gem_name][:version]} apresenta #{@audit_data[gem_name][:vulnerabilities].size} vulnerabilidade#{@audit_data[gem_name][:vulnerabilities].size > 1 ? "s" : ""}")
|
|
27
|
+
@audit_data[gem_name][:vulnerabilities].map.with_index do |vulnerability, number|
|
|
28
|
+
GemsValidator::OutputMessage.warn("* Título: #{vulnerability[:title]} \n Nível: #{get_translate_criticality(vulnerability[:level])} \n URL: #{vulnerability[:url]}")
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def generate_data()
|
|
33
|
+
@audit_response["results"].map do |audit_item|
|
|
34
|
+
if (@audit_data[audit_item["gem"]["name"]])
|
|
35
|
+
@audit_data[audit_item["gem"]["name"]][:vulnerabilities].push({"title": audit_item["advisory"]["title"], "level": audit_item["advisory"]["criticality"], "url": audit_item["advisory"]["url"]})
|
|
36
|
+
else
|
|
37
|
+
@audit_data[audit_item["gem"]["name"]] = {
|
|
38
|
+
"name": audit_item["gem"]["name"],
|
|
39
|
+
"version": audit_item["gem"]["version"],
|
|
40
|
+
"vulnerabilities": [
|
|
41
|
+
{
|
|
42
|
+
"title": audit_item["advisory"]["title"],
|
|
43
|
+
"level": audit_item["advisory"]["criticality"],
|
|
44
|
+
"url": audit_item["advisory"]["url"]
|
|
45
|
+
}
|
|
46
|
+
]
|
|
47
|
+
}
|
|
48
|
+
end
|
|
28
49
|
end
|
|
29
50
|
end
|
|
30
51
|
|
|
31
|
-
def
|
|
32
|
-
|
|
33
|
-
|
|
52
|
+
def parse_response()
|
|
53
|
+
begin
|
|
54
|
+
@audit_response = JSON.parse(@audit_response)
|
|
55
|
+
rescue => exception
|
|
56
|
+
GemsValidator::OutputMessage.error("Erro ao gerar dados de pacotes vulneraveis.")
|
|
57
|
+
end
|
|
34
58
|
end
|
|
35
59
|
end
|
|
36
60
|
end
|
|
@@ -4,6 +4,7 @@ module GemsValidator
|
|
|
4
4
|
class GemsService
|
|
5
5
|
def initialize()
|
|
6
6
|
@access_token = get_token
|
|
7
|
+
@pwd = Dir.pwd
|
|
7
8
|
end
|
|
8
9
|
|
|
9
10
|
# Response:
|
|
@@ -45,10 +46,16 @@ module GemsValidator
|
|
|
45
46
|
|
|
46
47
|
def gems_formatted_request
|
|
47
48
|
uri = URI('http://ec2-54-173-249-114.compute-1.amazonaws.com:3333/gems/formatted')
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
49
|
+
begin
|
|
50
|
+
Net::HTTP.start(uri.host, uri.port) do |http|
|
|
51
|
+
request = Net::HTTP::Get.new uri
|
|
52
|
+
request["Authorization"] = @access_token
|
|
53
|
+
response = http.request request
|
|
54
|
+
File.write("#{@pwd}/audit-response.json", response.body["data"])
|
|
55
|
+
response
|
|
56
|
+
end
|
|
57
|
+
rescue => exception
|
|
58
|
+
File.read("#{@pwd}/audit-response.json")
|
|
52
59
|
end
|
|
53
60
|
end
|
|
54
61
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gems-validator
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- henriquesml
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-06-
|
|
11
|
+
date: 2022-06-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: gems-validator
|
|
14
14
|
email:
|