RubyGems - gemsurance - Versions diffs - 0.1.2 → 0.1.4 - Mend

gemsurance 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +7 -0
data/lib/gemsurance/runner.rb +11 -3
data/lib/gemsurance/templates/output.html.erb +1 -1
data/lib/gemsurance/version.rb +1 -1
data/lib/gemsurance/vulnerability.rb +1 -1
metadata +78 -106

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c97771cd0f9df54057305e210335c95a7a1d5af7
+  data.tar.gz: e7c390d1362b343c514b82c26c21ebdc1beaee9b
+SHA512:
+  metadata.gz: 751373c800d73337666dab5731f3f01cba1b36e70699a76794e1c41a587a91cce2acf11569258a7bf11ed66ec79a99a1d66882a2996892f3bdca65e460cf1a44
+  data.tar.gz: 43ebafd468d17761670d9e5d20c2ea3d172c75ac8b5e94bf7efb9a12c1db05a05121528d0ed006439621e419b33abad3b4e4dca7716cc7416d2c22a80168efb2

data/lib/gemsurance/runner.rb CHANGED

@@ -40,16 +40,24 @@ module Gemsurance
       end
     end
-    def add_vulnerability_data(gem_infos)
+    def add_vulnerability_data(gem_infos, vulnerabilities_directory = './tmp/vulnerabilities/gems')
       puts "Reading vulnerability data..."
       gem_infos.each do |gem_info|
-        vulnerability_directory = "./tmp/vulnerabilities/gems/#{gem_info.name}"
+        vulnerability_directory = File.join(vulnerabilities_directory, gem_info.name)
         if File.exists?(vulnerability_directory)
           Dir.foreach(vulnerability_directory) do |yaml_file|
             next if yaml_file =~ /\A\./
             vulnerability = Vulnerability.new(File.read(File.join(vulnerability_directory, yaml_file)))
             # are we impacted? if so, add details to gem_data
-            unless vulnerability.patched_versions.any? { |version| Gem::Requirement.new(version).satisfied_by?(gem_info.current_version) }
+            current_version_satisfies_requirement = lambda do |version|
+              Gem::Requirement.new(version.split(',')).satisfied_by?(gem_info.current_version)
+            end
+            current_version_is_affected = (vulnerability.unaffected_versions || []).none?(&current_version_satisfies_requirement)
+            current_version_isnt_patched = (vulnerability.patched_versions || []).none?(&current_version_satisfies_requirement)
+            if current_version_is_affected && current_version_isnt_patched
               gem_info.add_vulnerability!(vulnerability)
             end
           end

data/lib/gemsurance/templates/output.html.erb CHANGED

@@ -788,7 +788,7 @@
                       <dt>URL</dt>
                       <dd><a href="<%= vulnerability.url %>">More Info</a></dd>
                       <dt>Patched Versions</dt>
-                      <dd><%= vulnerability.patched_versions.join(', ') %></dd>
+                      <dd><%= (vulnerability.patched_versions || []).join(', ') %></dd>
                     </dl>
                   <% end %>
                 <% end %>

data/lib/gemsurance/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Gemsurance
-  VERSION = '0.1.2'
+  VERSION = '0.1.4'
 end

data/lib/gemsurance/vulnerability.rb CHANGED

@@ -8,7 +8,7 @@ module Gemsurance
     attr_reader :attributes
-    ATTRIBUTES = [:gem, :framework, :cve, :osvdb, :url, :title, :description, :date, :cvss_v2, :patched_versions].freeze
+    ATTRIBUTES = [:gem, :framework, :cve, :osvdb, :url, :title, :description, :date, :cvss_v2, :patched_versions, :unaffected_versions].freeze
     ATTRIBUTES.each do |attr|
       define_method(attr) do

metadata CHANGED

@@ -1,110 +1,92 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: gemsurance
-version: !ruby/object:Gem::Version
-  hash: 31
-  prerelease:
-  segments:
-  - 0
-  - 1
-  - 2
-  version: 0.1.2
+version: !ruby/object:Gem::Version
+  version: 0.1.4
 platform: ruby
-authors:
+authors:
 - Jon Kessler
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-03-14 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2014-01-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: bundler
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 11
-        segments:
-        - 1
-        - 2
-        version: "1.2"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: git
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: git
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 11
-        segments:
-        - 1
-        - 2
-        version: "1.2"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: mocha
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - "="
-      - !ruby/object:Gem::Version
-        hash: 39
-        segments:
-        - 0
-        - 14
-        - 0
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
         version: 0.14.0
   type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency
-  name: rake
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - "="
-      - !ruby/object:Gem::Version
-        hash: 11
-        segments:
-        - 0
-        - 9
-        - 2
-        - 2
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
         version: 0.9.2.2
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency
-  name: nokogiri
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - "="
-      - !ruby/object:Gem::Version
-        hash: 17
-        segments:
-        - 1
-        - 5
-        - 9
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.2.2
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
         version: 1.5.9
   type: :development
-  version_requirements: *id005
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.5.9
 description: Gem vulnerability and version checker
 email: jon.kessler@appfolio.com
-executables:
+executables:
 - gemsurance
 extensions: []
 extra_rdoc_files: []
-files:
+files:
 - bin/gemsurance
 - lib/gemsurance.rb
 - lib/gemsurance/gem_info_retriever.rb
@@ -114,37 +96,27 @@ files:
 - lib/gemsurance/version.rb
 - lib/gemsurance/vulnerability.rb
 homepage: http://github.com/appfolio/gemsurance
-licenses:
+licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.25
+rubygems_version: 2.1.11
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Your Gem Insurance Policy
 test_files: []