gems-validator 0.5.7 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/gems-validator/audit-service.rb +16 -13
  4. data/lib/gems-validator/gems-service.rb +10 -4
  5. data/lib/gems-validator/version.rb +1 -1
  6. data/lib/gems-validator.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: aab6d65cdff118be26f2fcc29fd226e1cd9bd08f179bdeda8661c66b03e9b33c
4
- data.tar.gz: 2482a3dabd4ee8df84bf149d0776c1fdd402b3f00270ede2c8a680d26255d3ac
3
+ metadata.gz: 76fa5108c8e84d00beaf558c2053da3c2ec8bf106a058205ceaf0e1c0ef0c7b5
4
+ data.tar.gz: 37e0c7e2d96f082f2b5025b3af2507295604f3c67a0c6284178df8bc133c88f0
5
5
  SHA512:
6
- metadata.gz: '0923fd02051b35544e232bcad929d0ffcfe160c759ba7658f16a681c0e0fa6fbbb69dbc157a6b5903734e2bf402f846c1b7640c75dd746f7fb104ff1e6c27516'
7
- data.tar.gz: 57d445cc5088e7e3ad1841fc9bf0859686d94d60183a1b3b70af5dda59aa4bcfbef5ef6e98970e48b1ca7d780a1f625de198f402329bb721b7fdf5a2616ede5c
6
+ metadata.gz: 4a026c35f37e2c7e479d937dd0261f234d561b4547a08dfdc6468b34892965f6033e44e0562773d3332ea13738a3df04062be56994afa136f3ad77767216bff2
7
+ data.tar.gz: '08c0a4993b088a479938f6f8faae63dcec861ee76d1b38fe96b228dcc532e8ab8cbb08ced9d10018b6e679428c4407ca1fd1bf6a088d9a3e8727a4dc6df7e567'
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gems-validator (0.5.7)
4
+ gems-validator (0.6.0)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/lib/gems-validator/audit-service.rb CHANGED
@@ -10,9 +10,12 @@ module GemsValidator
10
10
  generate_data()
11
11
  end
12
12
 
13
- def is_a_vulnerable_gem?(gem_name)
14
- unless @audit_data[gem_name][:vulnerabilities].empty?
15
- generate_messages(gem_name)
13
+ def is_a_vulnerable_gem?(gem)
14
+ p gem
15
+ name = gem.name
16
+ version = gem.version.to_s
17
+ unless @audit_data[name].nil?
18
+ generate_messages(name, version)
16
19
  end
17
20
  end
18
21
 
@@ -22,22 +25,22 @@ module GemsValidator
22
25
  translate_default_criticalities[criticality] || 'não definido'
23
26
  end
24
27
 
25
- def generate_messages(gem_name)
26
- GemsValidator::OutputMessage.warn("A gem #{@audit_data[gem_name][:name]} na versao #{@audit_data[gem_name][:version]} apresenta #{@audit_data[gem_name][:vulnerabilities].size} vulnerabilidade#{@audit_data[gem_name][:vulnerabilities].size > 1 ? "s" : ""}")
27
- @audit_data[gem_name][:vulnerabilities].map.with_index do |vulnerability, number|
28
+ def generate_messages(name, version)
29
+ GemsValidator::OutputMessage.warn("A gem #{name} na versão #{version} apresenta #{@audit_data[name]["vulnerabilities"].size} vulnerabilidade#{@audit_data[name]["vulnerabilities"].size > 1 ? "s" : ""}")
30
+ @audit_data[name]["vulnerabilities"].map.with_index do |vulnerability, number|
28
31
  GemsValidator::OutputMessage.warn("* Título: #{vulnerability[:title]} \n Nível: #{get_translate_criticality(vulnerability[:level])} \n URL: #{vulnerability[:url]}")
29
32
  end
30
33
  end
31
34
 
32
35
  def generate_data()
33
- @audit_response["results"].map do |audit_item|
34
- if (@audit_data[audit_item["gem"]["name"]])
35
- @audit_data[audit_item["gem"]["name"]][:vulnerabilities].push({"title": audit_item["advisory"]["title"], "level": audit_item["advisory"]["criticality"], "url": audit_item["advisory"]["url"]})
36
+
37
+ @audit_response["results"]&.map do |audit_item|
38
+ gem_name = audit_item["gem"]["name"]
39
+ if (@audit_data[gem_name])
40
+ @audit_data[gem_name]["vulnerabilities"].push({"title": audit_item["advisory"]["title"], "level": audit_item["advisory"]["criticality"], "url": audit_item["advisory"]["url"]})
36
41
  else
37
- @audit_data[audit_item["gem"]["name"]] = {
38
- "name": audit_item["gem"]["name"],
39
- "version": audit_item["gem"]["version"],
40
- "vulnerabilities": [
42
+ @audit_data[gem_name] = {
43
+ "vulnerabilities" => [
41
44
  {
42
45
  "title": audit_item["advisory"]["title"],
43
46
  "level": audit_item["advisory"]["criticality"],
data/lib/gems-validator/gems-service.rb CHANGED
@@ -28,7 +28,7 @@ module GemsValidator
28
28
  # }
29
29
  # }
30
30
  def get_gems()
31
- JSON.parse(gems_formatted_request.body)["data"]
31
+ gems_formatted_request
32
32
  end
33
33
 
34
34
  private
@@ -51,12 +51,18 @@ module GemsValidator
51
51
  request = Net::HTTP::Get.new uri
52
52
  request["Authorization"] = @access_token
53
53
  response = http.request request
54
- File.write("#{@pwd}/audit-response.json", response.body["data"])
55
- response
54
+ parse_body = JSON.parse(response.body)["data"]
55
+ generate_file("#{@pwd}/.euax-homologated-libraries", parse_body.to_json)
56
+ parse_body
56
57
  end
57
58
  rescue => exception
58
- File.read("#{@pwd}/audit-response.json")
59
+ JSON.parse(File.read("#{@pwd}/.euax-homologated-libraries/gems-response.json"))
59
60
  end
60
61
  end
62
+
63
+ def generate_file(base_url, data)
64
+ Dir.mkdir(base_url) unless File.exists?(base_url)
65
+ File.write("#{base_url}/gems-response.json", data)
66
+ end
61
67
  end
62
68
  end
data/lib/gems-validator/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module GemsValidator
4
- VERSION = "0.5.7"
4
+ VERSION = "0.6.0"
5
5
  end
data/lib/gems-validator.rb CHANGED
@@ -20,7 +20,7 @@ module GemsValidator
20
20
 
21
21
  Bundler::Plugin.add_hook('before-install') do |gem|
22
22
  GemsValidator::Validate.exec(gem)
23
- auditService.is_a_vulnerable_gem?(gem.name)
23
+ auditService.is_a_vulnerable_gem?(gem)
24
24
  end
25
25
  end
26
26
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gems-validator
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.7
4
+ version: 0.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - henriquesml