gemsurance 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/gemsurance +1 -1
- data/lib/gemsurance/runner.rb +27 -12
- data/lib/gemsurance/version.rb +1 -1
- metadata +18 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 21ea60308499e8aa4d571df3b7da44849bb6ca3a
|
|
4
|
+
data.tar.gz: 2709cf96a02232493c2f7d953df14b034ce95bea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e5c871657448ffceac6e0df83675051757b7e0398bf560293e34fced2ddee1575b3ce7e80e2f4e940b66b5c950c2e10bb4f832815bd488ead78ef750b0d24bd6
|
|
7
|
+
data.tar.gz: 7f683726ad934c169d40836879e08af1e4059290e8c6f77c2c153c2e2877fe02d39d14b4ef692cfe8682290568b72cebbd6e8fb4986f44560466390a5dfbfc79
|
data/bin/gemsurance
CHANGED
data/lib/gemsurance/runner.rb
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
module Gemsurance
|
|
2
2
|
class Runner
|
|
3
|
+
attr_reader :gem_infos
|
|
4
|
+
|
|
3
5
|
def initialize(options = {})
|
|
4
6
|
@formatter = options.delete(:formatter) || :html
|
|
5
7
|
@output_file = options.delete(:output_file) || "gemsurance_report.#{@formatter}"
|
|
@@ -7,18 +9,28 @@ module Gemsurance
|
|
|
7
9
|
end
|
|
8
10
|
|
|
9
11
|
def run
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
add_vulnerability_data(bundled_gem_infos)
|
|
12
|
+
build_gem_infos
|
|
13
|
+
self
|
|
14
|
+
end
|
|
15
15
|
|
|
16
|
-
|
|
16
|
+
def report
|
|
17
|
+
unless @gem_infos_loaded
|
|
18
|
+
puts "Error: gem infos not yet loaded."
|
|
19
|
+
exit 1
|
|
20
|
+
end
|
|
17
21
|
|
|
18
|
-
|
|
22
|
+
generate_report
|
|
23
|
+
exit 1 if @gem_infos.any? { |info| info.vulnerable? }
|
|
19
24
|
end
|
|
20
25
|
|
|
21
26
|
private
|
|
27
|
+
def build_gem_infos
|
|
28
|
+
@gem_infos = retrieve_bundled_gem_infos
|
|
29
|
+
retrieve_vulnerability_data
|
|
30
|
+
add_vulnerability_data
|
|
31
|
+
|
|
32
|
+
@gem_infos_loaded = true
|
|
33
|
+
end
|
|
22
34
|
|
|
23
35
|
def retrieve_bundled_gem_infos
|
|
24
36
|
puts "Retrieving gem version information..."
|
|
@@ -26,7 +38,7 @@ module Gemsurance
|
|
|
26
38
|
bundler = Bundler.load
|
|
27
39
|
current_specs = bundler.specs
|
|
28
40
|
dependencies = bundler.dependencies
|
|
29
|
-
definition
|
|
41
|
+
definition = Bundler.definition(true)
|
|
30
42
|
definition.resolve_remotely!
|
|
31
43
|
|
|
32
44
|
GemInfoRetriever.new(current_specs, dependencies, definition).retrieve(:pre => @options[:pre])
|
|
@@ -34,6 +46,7 @@ module Gemsurance
|
|
|
34
46
|
|
|
35
47
|
def retrieve_vulnerability_data
|
|
36
48
|
puts "Retrieving latest vulnerability data..."
|
|
49
|
+
|
|
37
50
|
if File.exists?('./tmp/vulnerabilities')
|
|
38
51
|
g = Git.open('./tmp/vulnerabilities')
|
|
39
52
|
g.pull
|
|
@@ -42,9 +55,10 @@ module Gemsurance
|
|
|
42
55
|
end
|
|
43
56
|
end
|
|
44
57
|
|
|
45
|
-
def add_vulnerability_data(
|
|
58
|
+
def add_vulnerability_data(vulnerabilities_directory = './tmp/vulnerabilities/gems')
|
|
46
59
|
puts "Reading vulnerability data..."
|
|
47
|
-
|
|
60
|
+
|
|
61
|
+
@gem_infos.each do |gem_info|
|
|
48
62
|
vulnerability_directory = File.join(vulnerabilities_directory, gem_info.name)
|
|
49
63
|
if File.exists?(vulnerability_directory)
|
|
50
64
|
Dir.foreach(vulnerability_directory) do |yaml_file|
|
|
@@ -67,9 +81,10 @@ module Gemsurance
|
|
|
67
81
|
end
|
|
68
82
|
end
|
|
69
83
|
|
|
70
|
-
def generate_report
|
|
84
|
+
def generate_report
|
|
71
85
|
puts "Generating report..."
|
|
72
|
-
|
|
86
|
+
|
|
87
|
+
output_data = Gemsurance::Formatters.const_get(:"#{@formatter.to_s.capitalize}").new(@gem_infos).format
|
|
73
88
|
|
|
74
89
|
File.open(@output_file, "w+") do |file|
|
|
75
90
|
file.puts output_data
|
data/lib/gemsurance/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gemsurance
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jon Kessler
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-03-
|
|
11
|
+
date: 2015-03-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -94,6 +94,20 @@ dependencies:
|
|
|
94
94
|
- - '='
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: 1.5.9
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: test-unit
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - '='
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: 3.0.9
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - '='
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: 3.0.9
|
|
97
111
|
description: Gem vulnerability and version checker
|
|
98
112
|
email: jon.kessler@appfolio.com
|
|
99
113
|
executables:
|
|
@@ -125,12 +139,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
125
139
|
requirements:
|
|
126
140
|
- - ">="
|
|
127
141
|
- !ruby/object:Gem::Version
|
|
128
|
-
version:
|
|
142
|
+
version: 1.9.3
|
|
129
143
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
130
144
|
requirements:
|
|
131
145
|
- - ">="
|
|
132
146
|
- !ruby/object:Gem::Version
|
|
133
|
-
version:
|
|
147
|
+
version: 1.8.11
|
|
134
148
|
requirements: []
|
|
135
149
|
rubyforge_project:
|
|
136
150
|
rubygems_version: 2.4.3
|