gemsurance 0.0.0 → 0.1.2

data/bin/gemsurance

@@ -0,0 +1,31 @@
+#!/usr/bin/env ruby
+
+require 'gemsurance'
+require 'optparse'
+
+options = {}
+
+opts = OptionParser.new do |opts|
+  opts.banner = "Usage: gemsurance [options]"
+
+  opts.separator ""
+  opts.separator "Options:"
+
+  opts.on("--pre", "Consider pre-release gem versions") do |lib|
+    options[:pre] = true
+  end
+
+  opts.on_tail("-h", "--help", "Show this help") do
+    puts opts
+    exit
+  end
+
+  opts.on_tail("--version", "Show version") do
+    puts "Gemsurance version #{Gemsurance::VERSION}"
+    exit
+  end
+end
+
+opts.parse!(ARGV)
+
+Gemsurance::Runner.new(options).run

data/lib/gemsurance.rb

@@ -0,0 +1,9 @@
+require 'bundler'
+require 'git'
+require 'erb'
+
+require 'gemsurance/gem_info_retriever'
+require 'gemsurance/html_formatter'
+require 'gemsurance/runner'
+require 'gemsurance/version'
+require 'gemsurance/vulnerability'

data/lib/gemsurance/gem_info_retriever.rb

@@ -0,0 +1,77 @@
+module Gemsurance
+  class GemInfoRetriever
+    class GemInfo
+      STATUS_OUTDATED   = 'outdated'
+      STATUS_CURRENT    = 'current'
+      STATUS_VULNERABLE = 'vulnerable'
+      
+      attr_reader :name, :current_version, :newest_version, :vulnerabilities
+      
+      def initialize(name, current_version, newest_version, status = STATUS_CURRENT)
+        @name = name
+        @current_version = current_version
+        @newest_version = newest_version
+        @status = status
+        @vulnerabilities = []
+      end
+      
+      def add_vulnerability!(vulnerability)
+        @status = STATUS_VULNERABLE
+        @vulnerabilities << vulnerability
+      end
+      
+      def outdated?
+        @status == STATUS_OUTDATED
+      end
+      
+      def current?
+        @status == STATUS_CURRENT
+      end
+      
+      def vulnerable?
+        @status == STATUS_VULNERABLE
+      end
+
+      def ==(other)
+        @name == other.name &&
+          @current_version == other.current_version &&
+          @newest_version == other.newest_version &&
+          @status == other.instance_variable_get(:@status) &&
+          @vulnerabilities == other.vulnerabilities
+      end
+    end
+    
+    def initialize(specs, bundle_definition)
+      @specs = specs
+      @bundle_definition = bundle_definition
+    end
+    
+    def retrieve(options = {})
+      gem_infos = []
+      
+      @specs.each do |current_spec|
+        active_spec = @bundle_definition.index[current_spec.name].sort_by { |b| b.version }
+
+        if !current_spec.version.prerelease? && !options[:pre] && active_spec.size > 1
+          active_spec = active_spec.delete_if { |b| b.respond_to?(:version) && b.version.prerelease? }
+        end
+
+        active_spec = active_spec.last
+        next if active_spec.nil?
+
+        gem_outdated = Gem::Version.new(active_spec.version) > Gem::Version.new(current_spec.version)
+        git_outdated = current_spec.git_version != active_spec.git_version
+
+        # TODO: handle git versions
+        # spec_version    = "#{active_spec.version}#{active_spec.git_version}"
+        # current_version = "#{current_spec.version}#{current_spec.git_version}"
+        if gem_outdated || git_outdated
+          gem_infos << GemInfo.new(active_spec.name, current_spec.version, active_spec.version, GemInfo::STATUS_OUTDATED)
+        else
+          gem_infos << GemInfo.new(active_spec.name, current_spec.version, current_spec.version)
+        end
+      end
+      gem_infos
+    end
+  end
+end

data/lib/gemsurance/html_formatter.rb

@@ -0,0 +1,11 @@
+module Gemsurance
+  class HtmlFormatter
+    def initialize(gem_infos)
+      @gem_infos = gem_infos
+    end
+    
+    def format
+      ERB.new(File.read(File.join(File.dirname(File.expand_path(__FILE__)), 'templates/output.html.erb'))).result(binding)
+    end
+  end
+end

data/lib/gemsurance/runner.rb

@@ -0,0 +1,70 @@
+module Gemsurance
+  class Runner
+    def initialize(options = {})
+      @formatter   = options.delete(:formatter) || :html
+      @output_file = options.delete(:output_file) || 'gemsurance_report.html'
+      @options     = options
+    end
+
+    def run
+      bundled_gem_infos = retrieve_bundled_gem_infos
+
+      retrieve_vulnerability_data
+
+      add_vulnerability_data(bundled_gem_infos)
+
+      generate_report(bundled_gem_infos)
+
+      exit 1 if bundled_gem_infos.any? { |info| info.vulnerable? }
+    end
+
+  private
+
+    def retrieve_bundled_gem_infos
+      puts "Retrieving gem version information..."
+
+      current_specs = Bundler.load.specs
+      definition    = Bundler.definition(true)
+      definition.resolve_remotely!
+
+      GemInfoRetriever.new(current_specs, definition).retrieve(:pre => @options[:pre])
+    end
+
+    def retrieve_vulnerability_data
+      puts "Retrieving latest vulnerability data..."
+      if File.exists?('./tmp/vulnerabilities')
+        g = Git.open('./tmp/vulnerabilities')
+        g.pull
+      else
+        Git.clone('https://github.com/rubysec/ruby-advisory-db', './tmp/vulnerabilities')
+      end
+    end
+
+    def add_vulnerability_data(gem_infos)
+      puts "Reading vulnerability data..."
+      gem_infos.each do |gem_info|
+        vulnerability_directory = "./tmp/vulnerabilities/gems/#{gem_info.name}"
+        if File.exists?(vulnerability_directory)
+          Dir.foreach(vulnerability_directory) do |yaml_file|
+            next if yaml_file =~ /\A\./
+            vulnerability = Vulnerability.new(File.read(File.join(vulnerability_directory, yaml_file)))
+            # are we impacted? if so, add details to gem_data
+            unless vulnerability.patched_versions.any? { |version| Gem::Requirement.new(version).satisfied_by?(gem_info.current_version) }
+              gem_info.add_vulnerability!(vulnerability)
+            end
+          end
+        end
+      end
+    end
+
+    def generate_report(gem_infos)
+      puts "Generating report..."
+      output_data = Gemsurance.const_get(:"#{@formatter.to_s.capitalize}Formatter").new(gem_infos).format
+
+      File.open(@output_file, "w+") do |file|
+        file.puts output_data
+      end
+      puts "Generated report #{@output_file}."
+    end
+  end
+end

data/lib/gemsurance/templates/output.html.erb

@@ -0,0 +1,803 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf8">
+  <title>Gemsurance Report</title>
+  <style>
+    /*!
+     * Bootstrap v3.0.0
+     *
+     * Copyright 2013 Twitter, Inc
+     * Licensed under the Apache License v2.0
+     * http://www.apache.org/licenses/LICENSE-2.0
+     *
+     * Designed and built with all the love in the world @twitter by @mdo and @fat.
+     */
+
+    /*! normalize.css v2.1.0 | MIT License | git.io/normalize */
+    article,
+    aside,
+    details,
+    figcaption,
+    figure,
+    footer,
+    header,
+    hgroup,
+    main,
+    nav,
+    section,
+    summary {
+      display: block;
+    }
+    audio,
+    canvas,
+    video {
+      display: inline-block;
+    }
+    audio:not([controls]) {
+      display: none;
+      height: 0;
+    }
+    [hidden] {
+      display: none;
+    }
+    html {
+      font-family: sans-serif;
+      -webkit-text-size-adjust: 100%;
+      -ms-text-size-adjust: 100%;
+    }
+    body {
+      margin: 0;
+    }
+    a:focus {
+      outline: thin dotted;
+    }
+    a:active,
+    a:hover {
+      outline: 0;
+    }
+    h1 {
+      font-size: 2em;
+      margin: 0.67em 0;
+    }
+    abbr[title] {
+      border-bottom: 1px dotted;
+    }
+    b,
+    strong {
+      font-weight: bold;
+    }
+    dfn {
+      font-style: italic;
+    }
+    hr {
+      -moz-box-sizing: content-box;
+      box-sizing: content-box;
+      height: 0;
+    }
+    mark {
+      background: #ff0;
+      color: #000;
+    }
+    code,
+    kbd,
+    pre,
+    samp {
+      font-family: monospace, serif;
+      font-size: 1em;
+    }
+    pre {
+      white-space: pre-wrap;
+    }
+    q {
+      quotes: "\201C" "\201D" "\2018" "\2019";
+    }
+    small {
+      font-size: 80%;
+    }
+    sub,
+    sup {
+      font-size: 75%;
+      line-height: 0;
+      position: relative;
+      vertical-align: baseline;
+    }
+    sup {
+      top: -0.5em;
+    }
+    sub {
+      bottom: -0.25em;
+    }
+    img {
+      border: 0;
+    }
+    svg:not(:root) {
+      overflow: hidden;
+    }
+    figure {
+      margin: 0;
+    }
+    fieldset {
+      border: 1px solid #c0c0c0;
+      margin: 0 2px;
+      padding: 0.35em 0.625em 0.75em;
+    }
+    legend {
+      border: 0;
+      padding: 0;
+    }
+    button,
+    input,
+    select,
+    textarea {
+      font-family: inherit;
+      font-size: 100%;
+      margin: 0;
+    }
+    button,
+    input {
+      line-height: normal;
+    }
+    button,
+    select {
+      text-transform: none;
+    }
+    button,
+    html input[type="button"],
+    input[type="reset"],
+    input[type="submit"] {
+      -webkit-appearance: button;
+      cursor: pointer;
+    }
+    button[disabled],
+    html input[disabled] {
+      cursor: default;
+    }
+    input[type="checkbox"],
+    input[type="radio"] {
+      box-sizing: border-box;
+      padding: 0;
+    }
+    input[type="search"] {
+      -webkit-appearance: textfield;
+      -moz-box-sizing: content-box;
+      -webkit-box-sizing: content-box;
+      box-sizing: content-box;
+    }
+    input[type="search"]::-webkit-search-cancel-button,
+    input[type="search"]::-webkit-search-decoration {
+      -webkit-appearance: none;
+    }
+    button::-moz-focus-inner,
+    input::-moz-focus-inner {
+      border: 0;
+      padding: 0;
+    }
+    textarea {
+      overflow: auto;
+      vertical-align: top;
+    }
+    table {
+      border-collapse: collapse;
+      border-spacing: 0;
+    }
+    *,
+    *:before,
+    *:after {
+      -webkit-box-sizing: border-box;
+      -moz-box-sizing: border-box;
+      box-sizing: border-box;
+    }
+    html {
+      font-size: 62.5%;
+      -webkit-tap-highlight-color: rgba(0, 0, 0, 0);
+    }
+    body {
+      font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+      font-size: 14px;
+      line-height: 1.428571429;
+      color: #333333;
+      background-color: #ffffff;
+    }
+    input,
+    button,
+    select,
+    textarea {
+      font-family: inherit;
+      font-size: inherit;
+      line-height: inherit;
+    }
+    button,
+    input,
+    select[multiple],
+    textarea {
+      background-image: none;
+    }
+    a {
+      color: #428bca;
+      text-decoration: none;
+    }
+    a:hover,
+    a:focus {
+      color: #2a6496;
+      text-decoration: underline;
+    }
+    a:focus {
+      outline: thin dotted #333;
+      outline: 5px auto -webkit-focus-ring-color;
+      outline-offset: -2px;
+    }
+    img {
+      vertical-align: middle;
+    }
+    .img-responsive {
+      display: block;
+      max-width: 100%;
+      height: auto;
+    }
+    .img-rounded {
+      border-radius: 6px;
+    }
+    .img-thumbnail {
+      padding: 4px;
+      line-height: 1.428571429;
+      background-color: #ffffff;
+      border: 1px solid #dddddd;
+      border-radius: 4px;
+      -webkit-transition: all 0.2s ease-in-out;
+      transition: all 0.2s ease-in-out;
+      display: inline-block;
+      max-width: 100%;
+      height: auto;
+    }
+    .img-circle {
+      border-radius: 50%;
+    }
+    hr {
+      margin-top: 20px;
+      margin-bottom: 20px;
+      border: 0;
+      border-top: 1px solid #eeeeee;
+    }
+    .sr-only {
+      position: absolute;
+      width: 1px;
+      height: 1px;
+      margin: -1px;
+      padding: 0;
+      overflow: hidden;
+      clip: rect(0 0 0 0);
+      border: 0;
+    }
+    p {
+      margin: 0 0 10px;
+    }
+    .lead {
+      margin-bottom: 20px;
+      font-size: 16.099999999999998px;
+      font-weight: 200;
+      line-height: 1.4;
+    }
+    @media (min-width: 768px) {
+      .lead {
+        font-size: 21px;
+      }
+    }
+    small {
+      font-size: 85%;
+    }
+    cite {
+      font-style: normal;
+    }
+    .text-muted {
+      color: #999999;
+    }
+    .text-primary {
+      color: #428bca;
+    }
+    .text-warning {
+      color: #c09853;
+    }
+    .text-danger {
+      color: #b94a48;
+    }
+    .text-success {
+      color: #468847;
+    }
+    .text-info {
+      color: #3a87ad;
+    }
+    .text-left {
+      text-align: left;
+    }
+    .text-right {
+      text-align: right;
+    }
+    .text-center {
+      text-align: center;
+    }
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6,
+    .h1,
+    .h2,
+    .h3,
+    .h4,
+    .h5,
+    .h6 {
+      font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+      font-weight: 500;
+      line-height: 1.1;
+    }
+    h1 small,
+    h2 small,
+    h3 small,
+    h4 small,
+    h5 small,
+    h6 small,
+    .h1 small,
+    .h2 small,
+    .h3 small,
+    .h4 small,
+    .h5 small,
+    .h6 small {
+      font-weight: normal;
+      line-height: 1;
+      color: #999999;
+    }
+    h1,
+    h2,
+    h3 {
+      margin-top: 20px;
+      margin-bottom: 10px;
+    }
+    h4,
+    h5,
+    h6 {
+      margin-top: 10px;
+      margin-bottom: 10px;
+    }
+    h1,
+    .h1 {
+      font-size: 36px;
+    }
+    h2,
+    .h2 {
+      font-size: 30px;
+    }
+    h3,
+    .h3 {
+      font-size: 24px;
+    }
+    h4,
+    .h4 {
+      font-size: 18px;
+    }
+    h5,
+    .h5 {
+      font-size: 14px;
+    }
+    h6,
+    .h6 {
+      font-size: 12px;
+    }
+    h1 small,
+    .h1 small {
+      font-size: 24px;
+    }
+    h2 small,
+    .h2 small {
+      font-size: 18px;
+    }
+    h3 small,
+    .h3 small,
+    h4 small,
+    .h4 small {
+      font-size: 14px;
+    }
+    .page-header {
+      padding-bottom: 9px;
+      margin: 40px 0 20px;
+      border-bottom: 1px solid #eeeeee;
+    }
+    ul,
+    ol {
+      margin-top: 0;
+      margin-bottom: 10px;
+    }
+    ul ul,
+    ol ul,
+    ul ol,
+    ol ol {
+      margin-bottom: 0;
+    }
+    .list-unstyled {
+      padding-left: 0;
+      list-style: none;
+    }
+    .list-inline {
+      padding-left: 0;
+      list-style: none;
+    }
+    .list-inline > li {
+      display: inline-block;
+      padding-left: 5px;
+      padding-right: 5px;
+    }
+    dl {
+      margin-bottom: 20px;
+    }
+    dt,
+    dd {
+      line-height: 1.428571429;
+    }
+    dt {
+      font-weight: bold;
+    }
+    dd {
+      margin-left: 0;
+    }
+    @media (min-width: 768px) {
+      .dl-horizontal dt {
+        float: left;
+        width: 160px;
+        clear: left;
+        text-align: right;
+        overflow: hidden;
+        text-overflow: ellipsis;
+        white-space: nowrap;
+      }
+      .dl-horizontal dd {
+        margin-left: 180px;
+      }
+      .dl-horizontal dd:before,
+      .dl-horizontal dd:after {
+        content: " ";
+        /* 1 */
+
+        display: table;
+        /* 2 */
+
+      }
+      .dl-horizontal dd:after {
+        clear: both;
+      }
+    }
+    abbr[title],
+    abbr[data-original-title] {
+      cursor: help;
+      border-bottom: 1px dotted #999999;
+    }
+    abbr.initialism {
+      font-size: 90%;
+      text-transform: uppercase;
+    }
+    blockquote {
+      padding: 10px 20px;
+      margin: 0 0 20px;
+      border-left: 5px solid #eeeeee;
+    }
+    blockquote p {
+      font-size: 17.5px;
+      font-weight: 300;
+      line-height: 1.25;
+    }
+    blockquote p:last-child {
+      margin-bottom: 0;
+    }
+    blockquote small {
+      display: block;
+      line-height: 1.428571429;
+      color: #999999;
+    }
+    blockquote small:before {
+      content: '\2014 \00A0';
+    }
+    blockquote.pull-right {
+      padding-right: 15px;
+      padding-left: 0;
+      border-right: 5px solid #eeeeee;
+      border-left: 0;
+    }
+    blockquote.pull-right p,
+    blockquote.pull-right small {
+      text-align: right;
+    }
+    blockquote.pull-right small:before {
+      content: '';
+    }
+    blockquote.pull-right small:after {
+      content: '\00A0 \2014';
+    }
+    q:before,
+    q:after,
+    blockquote:before,
+    blockquote:after {
+      content: "";
+    }
+    address {
+      display: block;
+      margin-bottom: 20px;
+      font-style: normal;
+      line-height: 1.428571429;
+    }
+    table {
+      max-width: 100%;
+      background-color: transparent;
+    }
+    th {
+      text-align: left;
+    }
+    .table {
+      width: 100%;
+      margin-bottom: 20px;
+    }
+    .table thead > tr > th,
+    .table tbody > tr > th,
+    .table tfoot > tr > th,
+    .table thead > tr > td,
+    .table tbody > tr > td,
+    .table tfoot > tr > td {
+      padding: 8px;
+      line-height: 1.428571429;
+      vertical-align: top;
+      border-top: 1px solid #dddddd;
+    }
+    .table thead > tr > th {
+      vertical-align: bottom;
+      border-bottom: 2px solid #dddddd;
+    }
+    .table caption + thead tr:first-child th,
+    .table colgroup + thead tr:first-child th,
+    .table thead:first-child tr:first-child th,
+    .table caption + thead tr:first-child td,
+    .table colgroup + thead tr:first-child td,
+    .table thead:first-child tr:first-child td {
+      border-top: 0;
+    }
+    .table tbody + tbody {
+      border-top: 2px solid #dddddd;
+    }
+    .table .table {
+      background-color: #ffffff;
+    }
+    .table-condensed thead > tr > th,
+    .table-condensed tbody > tr > th,
+    .table-condensed tfoot > tr > th,
+    .table-condensed thead > tr > td,
+    .table-condensed tbody > tr > td,
+    .table-condensed tfoot > tr > td {
+      padding: 5px;
+    }
+    .table-bordered {
+      border: 1px solid #dddddd;
+    }
+    .table-bordered > thead > tr > th,
+    .table-bordered > tbody > tr > th,
+    .table-bordered > tfoot > tr > th,
+    .table-bordered > thead > tr > td,
+    .table-bordered > tbody > tr > td,
+    .table-bordered > tfoot > tr > td {
+      border: 1px solid #dddddd;
+    }
+    .table-bordered > thead > tr > th,
+    .table-bordered > thead > tr > td {
+      border-bottom-width: 2px;
+    }
+    .table-striped > tbody > tr:nth-child(odd) > td,
+    .table-striped > tbody > tr:nth-child(odd) > th {
+      background-color: #f9f9f9;
+    }
+    .table-hover > tbody > tr:hover > td,
+    .table-hover > tbody > tr:hover > th {
+      background-color: #f5f5f5;
+    }
+    table col[class*="col-"] {
+      float: none;
+      display: table-column;
+    }
+    table td[class*="col-"],
+    table th[class*="col-"] {
+      float: none;
+      display: table-cell;
+    }
+    .table > thead > tr > td.active,
+    .table > tbody > tr > td.active,
+    .table > tfoot > tr > td.active,
+    .table > thead > tr > th.active,
+    .table > tbody > tr > th.active,
+    .table > tfoot > tr > th.active,
+    .table > thead > tr.active > td,
+    .table > tbody > tr.active > td,
+    .table > tfoot > tr.active > td,
+    .table > thead > tr.active > th,
+    .table > tbody > tr.active > th,
+    .table > tfoot > tr.active > th {
+      background-color: #f5f5f5;
+    }
+    .table > thead > tr > td.success,
+    .table > tbody > tr > td.success,
+    .table > tfoot > tr > td.success,
+    .table > thead > tr > th.success,
+    .table > tbody > tr > th.success,
+    .table > tfoot > tr > th.success,
+    .table > thead > tr.success > td,
+    .table > tbody > tr.success > td,
+    .table > tfoot > tr.success > td,
+    .table > thead > tr.success > th,
+    .table > tbody > tr.success > th,
+    .table > tfoot > tr.success > th {
+      background-color: #dff0d8;
+      border-color: #d6e9c6;
+    }
+    .table-hover > tbody > tr > td.success:hover,
+    .table-hover > tbody > tr > th.success:hover,
+    .table-hover > tbody > tr.success:hover > td {
+      background-color: #d0e9c6;
+      border-color: #c9e2b3;
+    }
+    .table > thead > tr > td.danger,
+    .table > tbody > tr > td.danger,
+    .table > tfoot > tr > td.danger,
+    .table > thead > tr > th.danger,
+    .table > tbody > tr > th.danger,
+    .table > tfoot > tr > th.danger,
+    .table > thead > tr.danger > td,
+    .table > tbody > tr.danger > td,
+    .table > tfoot > tr.danger > td,
+    .table > thead > tr.danger > th,
+    .table > tbody > tr.danger > th,
+    .table > tfoot > tr.danger > th {
+      background-color: #f2dede;
+      border-color: #eed3d7;
+    }
+    .table-hover > tbody > tr > td.danger:hover,
+    .table-hover > tbody > tr > th.danger:hover,
+    .table-hover > tbody > tr.danger:hover > td {
+      background-color: #ebcccc;
+      border-color: #e6c1c7;
+    }
+    .table > thead > tr > td.warning,
+    .table > tbody > tr > td.warning,
+    .table > tfoot > tr > td.warning,
+    .table > thead > tr > th.warning,
+    .table > tbody > tr > th.warning,
+    .table > tfoot > tr > th.warning,
+    .table > thead > tr.warning > td,
+    .table > tbody > tr.warning > td,
+    .table > tfoot > tr.warning > td,
+    .table > thead > tr.warning > th,
+    .table > tbody > tr.warning > th,
+    .table > tfoot > tr.warning > th {
+      background-color: #fcf8e3;
+      border-color: #fbeed5;
+    }
+    .table-hover > tbody > tr > td.warning:hover,
+    .table-hover > tbody > tr > th.warning:hover,
+    .table-hover > tbody > tr.warning:hover > td {
+      background-color: #faf2cc;
+      border-color: #f8e5be;
+    }
+    @media (max-width: 768px) {
+      .table-responsive {
+        width: 100%;
+        margin-bottom: 15px;
+        overflow-y: hidden;
+        overflow-x: scroll;
+        border: 1px solid #dddddd;
+      }
+      .table-responsive > .table {
+        margin-bottom: 0;
+        background-color: #fff;
+      }
+      .table-responsive > .table > thead > tr > th,
+      .table-responsive > .table > tbody > tr > th,
+      .table-responsive > .table > tfoot > tr > th,
+      .table-responsive > .table > thead > tr > td,
+      .table-responsive > .table > tbody > tr > td,
+      .table-responsive > .table > tfoot > tr > td {
+        white-space: nowrap;
+      }
+      .table-responsive > .table-bordered {
+        border: 0;
+      }
+      .table-responsive > .table-bordered > thead > tr > th:first-child,
+      .table-responsive > .table-bordered > tbody > tr > th:first-child,
+      .table-responsive > .table-bordered > tfoot > tr > th:first-child,
+      .table-responsive > .table-bordered > thead > tr > td:first-child,
+      .table-responsive > .table-bordered > tbody > tr > td:first-child,
+      .table-responsive > .table-bordered > tfoot > tr > td:first-child {
+        border-left: 0;
+      }
+      .table-responsive > .table-bordered > thead > tr > th:last-child,
+      .table-responsive > .table-bordered > tbody > tr > th:last-child,
+      .table-responsive > .table-bordered > tfoot > tr > th:last-child,
+      .table-responsive > .table-bordered > thead > tr > td:last-child,
+      .table-responsive > .table-bordered > tbody > tr > td:last-child,
+      .table-responsive > .table-bordered > tfoot > tr > td:last-child {
+        border-right: 0;
+      }
+      .table-responsive > .table-bordered > thead > tr:last-child > th,
+      .table-responsive > .table-bordered > tbody > tr:last-child > th,
+      .table-responsive > .table-bordered > tfoot > tr:last-child > th,
+      .table-responsive > .table-bordered > thead > tr:last-child > td,
+      .table-responsive > .table-bordered > tbody > tr:last-child > td,
+      .table-responsive > .table-bordered > tfoot > tr:last-child > td {
+        border-bottom: 0;
+      }
+    }
+
+    .wrapper {
+      margin: 0 auto;
+      width: 980px;
+    }
+  </style>
+</head>
+<body>
+  <div class="wrapper">
+    <h1>Gemsurance Report</h1>
+    <table class="table">
+      <thead>
+        <tr>
+          <th>Gem Name</th>
+          <th>Bundle Version</th>
+          <th>Newest Version</th>
+          <th>Status</th>
+          <th>Detailed Status</th>
+        </tr>
+      </thead>
+      <tbody>
+        <% @gem_infos.sort { |a, b| a.name.downcase <=> b.name.downcase }.each do |gem_info| %>
+          <%
+             row_class = if gem_info.current?
+               'success'
+             elsif gem_info.outdated?
+               'warning'
+             elsif gem_info.vulnerable?
+               'danger'
+             else
+               nil
+             end
+          %>
+          <tr class="<%= row_class %>">
+            <td><%= gem_info.name %></td>
+            <td><%= gem_info.current_version %></td>
+            <td><%= gem_info.newest_version %></td>
+            <td>
+              <% if gem_info.vulnerable? %>
+                <strong>Vulnerable</strong>
+              <% elsif gem_info.outdated? %>
+                <strong>Out of Date</strong>
+              <% elsif gem_info.current? %>
+                Up-to-Date
+              <% else %>
+                Unknown Status
+              <% end %>
+            </td>
+            <td>
+              <div style="width:200px">
+                <% if gem_info.vulnerable? %>
+                  <% gem_info.vulnerabilities.each do |vulnerability| %>
+                    <strong><%= vulnerability.title %></strong>
+                    <dl>
+                      <dt>CVE</dt>
+                      <dd><%= vulnerability.cve %></dd>
+                      <dt>URL</dt>
+                      <dd><a href="<%= vulnerability.url %>">More Info</a></dd>
+                      <dt>Patched Versions</dt>
+                      <dd><%= vulnerability.patched_versions.join(', ') %></dd>
+                    </dl>
+                  <% end %>
+                <% end %>
+              </div>
+            </td>
+          </tr>
+        <% end %>
+      </tbody>
+    </table>
+  </div>
+</body>
+</html>

data/lib/gemsurance/version.rb

@@ -0,0 +1,3 @@
+module Gemsurance
+  VERSION = '0.1.2'
+end

data/lib/gemsurance/vulnerability.rb

@@ -0,0 +1,23 @@
+require 'yaml'
+
+module Gemsurance
+  class Vulnerability
+    def initialize(yaml)
+      @attributes = YAML.load(yaml)
+    end
+
+    attr_reader :attributes
+
+    ATTRIBUTES = [:gem, :framework, :cve, :osvdb, :url, :title, :description, :date, :cvss_v2, :patched_versions].freeze
+
+    ATTRIBUTES.each do |attr|
+      define_method(attr) do
+        @attributes[attr.to_s]
+      end
+    end
+
+    def ==(other)
+      @attributes == other.attributes
+    end
+  end
+end

metadata

@@ -5,9 +5,9 @@ version: !ruby/object:Gem::Version
   prerelease: 
   segments: 
   - 0
-  - 0
-  - 0
-  version: 0.0.0
+  - 1
+  - 2
+  version: 0.1.2
 platform: ruby
 authors: 
 - Jon Kessler
@@ -80,16 +80,39 @@ dependencies:
         version: 0.9.2.2
   type: :development
   version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: nokogiri
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 17
+        segments: 
+        - 1
+        - 5
+        - 9
+        version: 1.5.9
+  type: :development
+  version_requirements: *id005
 description: Gem vulnerability and version checker
 email: jon.kessler@appfolio.com
-executables: []
-
+executables: 
+- gemsurance
 extensions: []
 
 extra_rdoc_files: []
 
-files: []
-
+files: 
+- bin/gemsurance
+- lib/gemsurance.rb
+- lib/gemsurance/gem_info_retriever.rb
+- lib/gemsurance/html_formatter.rb
+- lib/gemsurance/runner.rb
+- lib/gemsurance/templates/output.html.erb
+- lib/gemsurance/version.rb
+- lib/gemsurance/vulnerability.rb
 homepage: http://github.com/appfolio/gemsurance
 licenses: 
 - MIT
@@ -125,4 +148,3 @@ specification_version: 3
 summary: Your Gem Insurance Policy
 test_files: []
 
-has_rdoc: