guard-bundler-audit 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +37 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE +21 -0
  5. data/README.md +31 -0
  6. data/Rakefile +1 -0
  7. data/guard-bundler-audit.gemspec +25 -0
  8. data/lib/guard/bundler_audit.rb +69 -0
  9. metadata +107 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: ff18e917da234e3f8861184db5658653e39ada0f
4
+ data.tar.gz: 279deca89c3e9129903f2b91f9e890b45a017df0
5
+ SHA512:
6
+ metadata.gz: eb9c1b60353e002025ebc5c72c958b6975332f4d92ff6f59b7628161ec724b2e5e9822f84835bbe17c7bf1dd32478cebcfb278a966ed29a9fc38069564dce17a
7
+ data.tar.gz: 17b05e2345855947d972812f38d64a6e1fd9239cd3ab49be8e821d0ebba24a889aff3b094bc6a995abd590196593c77135589a7d8946120bee1fb36959572d14
data/.gitignore ADDED
@@ -0,0 +1,37 @@
1
+ .DS_Store
2
+ *.gem
3
+ *.rbc
4
+ *.swp
5
+
6
+ /.config
7
+ /coverage/
8
+ /InstalledFiles
9
+ /pkg/
10
+ /spec/reports/
11
+ /test/tmp/
12
+ /test/version_tmp/
13
+ /tmp/
14
+
15
+ ## Specific to RubyMotion:
16
+ .dat*
17
+ .repl_history
18
+ build/
19
+
20
+ ## Documentation cache and generated files:
21
+ /.yardoc/
22
+ /_yardoc/
23
+ /doc/
24
+ /rdoc/
25
+
26
+ ## Environment normalisation:
27
+ /.bundle/
28
+ /lib/bundler/man/
29
+
30
+ # for a library or gem, you might want to ignore these files since the code is
31
+ # intended to run in multiple environments; otherwise, check them in:
32
+ # Gemfile.lock
33
+ # .ruby-version
34
+ # .ruby-gemset
35
+
36
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
37
+ .rvmrc
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in guard-bundler-audit.gemspec
4
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2014 Christian Hellsten
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,31 @@
1
+ # Guard::Bundler::Audit
2
+
3
+ [guard](https://github.com/guard/guard) + [bundler-audit](https://github.com/rubysec/bundler-audit) = [security](http://www.rubysec.com/)
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ gem 'guard-bundler-audit'
10
+
11
+ And then execute:
12
+
13
+ $ bundle
14
+
15
+ Or install it yourself as:
16
+
17
+ $ gem install guard-bundler-audit
18
+
19
+ ## Usage
20
+
21
+ guard 'bundler_audit', run_on_start: true do
22
+ watch('Gemfile.lock')
23
+ end
24
+
25
+ ## Contributing
26
+
27
+ 1. Fork it ( http://github.com/<my-github-username>/guard-bundler-audit/fork )
28
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
29
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
30
+ 4. Push to the branch (`git push origin my-new-feature`)
31
+ 5. Create new Pull Request
data/Rakefile ADDED
@@ -0,0 +1 @@
1
+ require "bundler/gem_tasks"
data/guard-bundler-audit.gemspec ADDED
@@ -0,0 +1,25 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = "guard-bundler-audit"
7
+ spec.version = '0.1.0'
8
+ spec.authors = ["Christian Hellsten"]
9
+ spec.email = ["christian@aktagon.com"]
10
+ spec.summary = %q{guard + bundler-audit = security}
11
+ spec.description = %q{guard + bundler-audit = security}
12
+ spec.homepage = ""
13
+ spec.license = "MIT"
14
+
15
+ spec.files = `git ls-files -z`.split("\x0")
16
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
17
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
18
+ spec.require_paths = ["lib"]
19
+
20
+ spec.add_dependency 'guard', '>= 1.1.0'
21
+ spec.add_dependency 'bundler-audit', '>= 0.3.1'
22
+
23
+ spec.add_development_dependency "bundler", "~> 1.5"
24
+ spec.add_development_dependency "rake"
25
+ end
data/lib/guard/bundler_audit.rb ADDED
@@ -0,0 +1,69 @@
1
+ require 'guard'
2
+ require 'guard/guard'
3
+ require 'bundler/audit'
4
+ require 'guard/plugin'
5
+ require 'bundler/audit/scanner'
6
+
7
+ module Guard
8
+ class BundlerAudit < Plugin #Guard
9
+ #
10
+ # Guard callback
11
+ #
12
+ def start
13
+ ::Bundler::Audit::Database.update!
14
+ end
15
+
16
+ #
17
+ # Guard callback
18
+ #
19
+ def run_all
20
+ audit
21
+ end
22
+
23
+ #
24
+ # Guard callback
25
+ #
26
+ def run_on_changes paths
27
+ audit
28
+ end
29
+
30
+ private
31
+
32
+ #
33
+ # Scans for vulnerabilities and reports them.
34
+ #
35
+ def audit
36
+ res = ::Bundler::Audit::Scanner.new.scan.to_a.map do |vuln|
37
+ case vuln
38
+ when ::Bundler::Audit::Scanner::InsecureSource
39
+ insecure_source_message vuln
40
+ when ::Bundler::Audit::Scanner::UnpatchedGem
41
+ insecure_gem_message vuln
42
+ else
43
+ insecure_message vuln
44
+ end
45
+ end
46
+ if res.any?
47
+ message = "Vulnerabilities found:\n" + res.join("\n")
48
+ notify message
49
+ UI.info(UI.send(:color, message, :red))
50
+ end
51
+ end
52
+
53
+ def notify message
54
+ ::Guard::Notifier.notify(message, title: message, image: :pending)
55
+ end
56
+
57
+ def insecure_message vuln
58
+ "Vulnerability found: #{vuln.name}"
59
+ end
60
+
61
+ def insecure_source_message vuln
62
+ "Insecure source URI found: #{vuln.source}"
63
+ end
64
+
65
+ def insecure_gem_message vuln
66
+ "Insecure gem found: #{vuln.gem} #{vuln.advisory} #{vuln.advisory.url}"
67
+ end
68
+ end
69
+ end
metadata ADDED
@@ -0,0 +1,107 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: guard-bundler-audit
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Christian Hellsten
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-06-05 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: guard
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 1.1.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: 1.1.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler-audit
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: 0.3.1
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: 0.3.1
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.5'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.5'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ description: guard + bundler-audit = security
70
+ email:
71
+ - christian@aktagon.com
72
+ executables: []
73
+ extensions: []
74
+ extra_rdoc_files: []
75
+ files:
76
+ - ".gitignore"
77
+ - Gemfile
78
+ - LICENSE
79
+ - README.md
80
+ - Rakefile
81
+ - guard-bundler-audit.gemspec
82
+ - lib/guard/bundler_audit.rb
83
+ homepage: ''
84
+ licenses:
85
+ - MIT
86
+ metadata: {}
87
+ post_install_message:
88
+ rdoc_options: []
89
+ require_paths:
90
+ - lib
91
+ required_ruby_version: !ruby/object:Gem::Requirement
92
+ requirements:
93
+ - - ">="
94
+ - !ruby/object:Gem::Version
95
+ version: '0'
96
+ required_rubygems_version: !ruby/object:Gem::Requirement
97
+ requirements:
98
+ - - ">="
99
+ - !ruby/object:Gem::Version
100
+ version: '0'
101
+ requirements: []
102
+ rubyforge_project:
103
+ rubygems_version: 2.2.0
104
+ signing_key:
105
+ specification_version: 4
106
+ summary: guard + bundler-audit = security
107
+ test_files: []