gemsurance 0.1.2 → 0.1.4

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c97771cd0f9df54057305e210335c95a7a1d5af7
+  data.tar.gz: e7c390d1362b343c514b82c26c21ebdc1beaee9b
+SHA512:
+  metadata.gz: 751373c800d73337666dab5731f3f01cba1b36e70699a76794e1c41a587a91cce2acf11569258a7bf11ed66ec79a99a1d66882a2996892f3bdca65e460cf1a44
+  data.tar.gz: 43ebafd468d17761670d9e5d20c2ea3d172c75ac8b5e94bf7efb9a12c1db05a05121528d0ed006439621e419b33abad3b4e4dca7716cc7416d2c22a80168efb2

data/lib/gemsurance/runner.rb

@@ -40,16 +40,24 @@ module Gemsurance
       end
     end
 
-    def add_vulnerability_data(gem_infos)
+    def add_vulnerability_data(gem_infos, vulnerabilities_directory = './tmp/vulnerabilities/gems')
       puts "Reading vulnerability data..."
       gem_infos.each do |gem_info|
-        vulnerability_directory = "./tmp/vulnerabilities/gems/#{gem_info.name}"
+        vulnerability_directory = File.join(vulnerabilities_directory, gem_info.name)
         if File.exists?(vulnerability_directory)
           Dir.foreach(vulnerability_directory) do |yaml_file|
             next if yaml_file =~ /\A\./
             vulnerability = Vulnerability.new(File.read(File.join(vulnerability_directory, yaml_file)))
+
             # are we impacted? if so, add details to gem_data
-            unless vulnerability.patched_versions.any? { |version| Gem::Requirement.new(version).satisfied_by?(gem_info.current_version) }
+            current_version_satisfies_requirement = lambda do |version|
+              Gem::Requirement.new(version.split(',')).satisfied_by?(gem_info.current_version)
+            end
+
+            current_version_is_affected = (vulnerability.unaffected_versions || []).none?(&current_version_satisfies_requirement)
+            current_version_isnt_patched = (vulnerability.patched_versions || []).none?(&current_version_satisfies_requirement)
+
+            if current_version_is_affected && current_version_isnt_patched
               gem_info.add_vulnerability!(vulnerability)
             end
           end

data/lib/gemsurance/templates/output.html.erb

@@ -788,7 +788,7 @@
                       <dt>URL</dt>
                       <dd><a href="<%= vulnerability.url %>">More Info</a></dd>
                       <dt>Patched Versions</dt>
-                      <dd><%= vulnerability.patched_versions.join(', ') %></dd>
+                      <dd><%= (vulnerability.patched_versions || []).join(', ') %></dd>
                     </dl>
                   <% end %>
                 <% end %>

data/lib/gemsurance/version.rb

@@ -1,3 +1,3 @@
 module Gemsurance
-  VERSION = '0.1.2'
+  VERSION = '0.1.4'
 end

data/lib/gemsurance/vulnerability.rb

@@ -8,7 +8,7 @@ module Gemsurance
 
     attr_reader :attributes
 
-    ATTRIBUTES = [:gem, :framework, :cve, :osvdb, :url, :title, :description, :date, :cvss_v2, :patched_versions].freeze
+    ATTRIBUTES = [:gem, :framework, :cve, :osvdb, :url, :title, :description, :date, :cvss_v2, :patched_versions, :unaffected_versions].freeze
 
     ATTRIBUTES.each do |attr|
       define_method(attr) do

metadata

@@ -1,110 +1,92 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: gemsurance
-version: !ruby/object:Gem::Version 
-  hash: 31
-  prerelease: 
-  segments: 
-  - 0
-  - 1
-  - 2
-  version: 0.1.2
+version: !ruby/object:Gem::Version
+  version: 0.1.4
 platform: ruby
-authors: 
+authors:
 - Jon Kessler
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2013-03-14 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2014-01-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: bundler
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 2
-        version: "1.2"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: git
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: git
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 2
-        version: "1.2"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: mocha
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 39
-        segments: 
-        - 0
-        - 14
-        - 0
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
         version: 0.14.0
   type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: rake
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 0
-        - 9
-        - 2
-        - 2
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
         version: 0.9.2.2
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: nokogiri
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 17
-        segments: 
-        - 1
-        - 5
-        - 9
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.2.2
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
         version: 1.5.9
   type: :development
-  version_requirements: *id005
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.5.9
 description: Gem vulnerability and version checker
 email: jon.kessler@appfolio.com
-executables: 
+executables:
 - gemsurance
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - bin/gemsurance
 - lib/gemsurance.rb
 - lib/gemsurance/gem_info_retriever.rb
@@ -114,37 +96,27 @@ files:
 - lib/gemsurance/version.rb
 - lib/gemsurance/vulnerability.rb
 homepage: http://github.com/appfolio/gemsurance
-licenses: 
+licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.8.25
+rubygems_version: 2.1.11
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Your Gem Insurance Policy
 test_files: []
-