hakiri 0.6.1 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.travis.yml +0 -1
- data/Gemfile.lock +8 -8
- data/README.md +6 -6
- data/hakiri.gemspec +1 -1
- data/lib/hakiri/http_client.rb +9 -10
- data/lib/hakiri/version.rb +1 -1
- metadata +44 -24
- checksums.yaml +0 -7
data/.travis.yml
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
hakiri (0.
|
|
4
|
+
hakiri (0.7.0)
|
|
5
5
|
activesupport
|
|
6
6
|
bundler
|
|
7
7
|
commander
|
|
8
8
|
i18n
|
|
9
|
-
|
|
9
|
+
json
|
|
10
10
|
rake
|
|
11
11
|
rest-client
|
|
12
12
|
terminal-table
|
|
@@ -14,21 +14,21 @@ PATH
|
|
|
14
14
|
GEM
|
|
15
15
|
remote: https://rubygems.org/
|
|
16
16
|
specs:
|
|
17
|
-
activesupport (3.2.
|
|
17
|
+
activesupport (3.2.16)
|
|
18
18
|
i18n (~> 0.6, >= 0.6.4)
|
|
19
19
|
multi_json (~> 1.0)
|
|
20
20
|
cane (2.6.0)
|
|
21
21
|
parallel
|
|
22
22
|
commander (4.1.5)
|
|
23
23
|
highline (~> 1.6.11)
|
|
24
|
-
highline (1.6.
|
|
25
|
-
i18n (0.6.
|
|
26
|
-
|
|
27
|
-
mime-types (1
|
|
24
|
+
highline (1.6.20)
|
|
25
|
+
i18n (0.6.9)
|
|
26
|
+
json (1.8.1)
|
|
27
|
+
mime-types (2.1)
|
|
28
28
|
minitest (5.0.6)
|
|
29
29
|
multi_json (1.7.7)
|
|
30
30
|
parallel (0.7.1)
|
|
31
|
-
rake (10.1.
|
|
31
|
+
rake (10.1.1)
|
|
32
32
|
rest-client (1.6.7)
|
|
33
33
|
mime-types (>= 1.16)
|
|
34
34
|
simplecov (0.8.0.pre)
|
data/README.md
CHANGED
|
@@ -21,7 +21,7 @@ Wanna try it on your system?
|
|
|
21
21
|
|
|
22
22
|
## Installation
|
|
23
23
|
|
|
24
|
-
Hakiri Toolbelt is a Ruby gem that can be installed
|
|
24
|
+
Hakiri Toolbelt is a Ruby gem that can be installed with
|
|
25
25
|
|
|
26
26
|
~~~
|
|
27
27
|
$ gem install hakiri
|
|
@@ -74,7 +74,7 @@ ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x befo
|
|
|
74
74
|
...
|
|
75
75
|
~~~
|
|
76
76
|
|
|
77
|
-
Simple, right? If
|
|
77
|
+
Simple, right? If your manifest file is in a different directory or has a different name you can specify it in a parameter:
|
|
78
78
|
|
|
79
79
|
~~~
|
|
80
80
|
$ hakiri system:scan -m ../my_stack.json
|
|
@@ -84,7 +84,7 @@ You can learn more about configuring the manifest in [Hakiri docs](https://hakir
|
|
|
84
84
|
|
|
85
85
|
## Test Your Gemfile
|
|
86
86
|
|
|
87
|
-
|
|
87
|
+
To scan a `Gemfile.lock` for vulnerabilities in the current directory do the following:
|
|
88
88
|
|
|
89
89
|
~~~
|
|
90
90
|
$ hakiri gemfile:scan
|
|
@@ -96,7 +96,7 @@ To scan a specific `Gemfile.lock` add the `-g` parameter at the end:
|
|
|
96
96
|
$ hakiri gemfile:scan -g ../Gemfile.lock
|
|
97
97
|
~~~
|
|
98
98
|
|
|
99
|
-
This will scan your `Gemfile.lock` and check with the server whether it has any vulnerable gems.
|
|
99
|
+
This will scan your `Gemfile.lock` and check with the server whether it has any vulnerable gems.
|
|
100
100
|
|
|
101
101
|
You can also [sync your gems](https://hakiri.io/docs/syncing-with-the-cloud) with the cloud and get notified when new vulnerabilities come out.
|
|
102
102
|
|
|
@@ -106,8 +106,8 @@ We just went through the most basic Hakiri use case. Here are links to docs desc
|
|
|
106
106
|
|
|
107
107
|
- [Learn about](https://hakiri.io/docs/manifest-file) advanced manifest file options.
|
|
108
108
|
- [Setup your](https://hakiri.io/docs/authentication-token) authentication token.
|
|
109
|
-
- [Sync your technologies
|
|
110
|
-
- [Check out technologies](https://hakiri.io/docs/technologies-version-formats)
|
|
109
|
+
- [Sync your technologies](https://hakiri.io/docs/syncing-with-the-cloud) with the cloud and get notified when new vulnerabilities come out.
|
|
110
|
+
- [Check out supported technologies](https://hakiri.io/docs/technologies-version-formats) and version formats.
|
|
111
111
|
|
|
112
112
|
## Contribute
|
|
113
113
|
|
data/hakiri.gemspec
CHANGED
data/lib/hakiri/http_client.rb
CHANGED
|
@@ -8,6 +8,7 @@ class Hakiri::HttpClient
|
|
|
8
8
|
#
|
|
9
9
|
def initialize
|
|
10
10
|
@auth_token = (ENV['HAKIRI_AUTH_TOKEN'] or nil)
|
|
11
|
+
@headers = { 'X-AUTH-TOKEN' => @auth_token }
|
|
11
12
|
@api_url = (ENV['HAKIRI_API_URL'] or 'https://hakiri.io/api/v1')
|
|
12
13
|
end
|
|
13
14
|
|
|
@@ -21,9 +22,8 @@ class Hakiri::HttpClient
|
|
|
21
22
|
# Returns a hash of technologies with vulnerabilities.
|
|
22
23
|
#
|
|
23
24
|
def get_issues(params)
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
RestClient.post "#{@api_url}/issues/scan.json", params do |response, request, result, &block|
|
|
25
|
+
RestClient::Request.execute method: :post, url: "#{@api_url}/issues/scan.json",
|
|
26
|
+
headers: @headers, payload: params do |response, request, result, &block|
|
|
27
27
|
case response.code
|
|
28
28
|
when 200
|
|
29
29
|
JSON.parse(response.to_str, :symbolize_names => true)
|
|
@@ -46,9 +46,8 @@ class Hakiri::HttpClient
|
|
|
46
46
|
# Returns a hash of differences between technologies.
|
|
47
47
|
#
|
|
48
48
|
def check_versions_diff(stack_id, params)
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
RestClient.post "#{@api_url}/stacks/#{stack_id}/versions/diffs.json", params do |response, request, result, &block|
|
|
49
|
+
RestClient::Request.execute method: :post, url: "#{@api_url}/stacks/#{stack_id}/versions/diffs.json",
|
|
50
|
+
headers: @headers, payload: params do |response, request, result, &block|
|
|
52
51
|
case response.code
|
|
53
52
|
when 200
|
|
54
53
|
JSON.parse(response.to_str, :symbolize_names => true)
|
|
@@ -71,9 +70,8 @@ class Hakiri::HttpClient
|
|
|
71
70
|
# Returns a hash of updated versions.
|
|
72
71
|
#
|
|
73
72
|
def sync_stack_versions(stack_id, params)
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
RestClient.put "#{@api_url}/stacks/#{stack_id}/versions/update_all.json", params do |response, request, result, &block|
|
|
73
|
+
RestClient::Request.execute method: :put, url: "#{@api_url}/stacks/#{stack_id}/versions/update_all.json",
|
|
74
|
+
headers: @headers, payload: params do |response, request, result, &block|
|
|
77
75
|
case response.code
|
|
78
76
|
when 200
|
|
79
77
|
JSON.parse(response.to_str, :symbolize_names => true)
|
|
@@ -93,7 +91,8 @@ class Hakiri::HttpClient
|
|
|
93
91
|
# Returns a hash with build fields, repository fields and an array of warnings.
|
|
94
92
|
#
|
|
95
93
|
def code_report(stack_id)
|
|
96
|
-
RestClient.get "#{@api_url}/stacks/#{stack_id}/builds/last.json
|
|
94
|
+
RestClient::Request.execute method: :get, url: "#{@api_url}/stacks/#{stack_id}/builds/last.json",
|
|
95
|
+
headers: @headers do |response, request, result, &block|
|
|
97
96
|
case response.code
|
|
98
97
|
when 200
|
|
99
98
|
JSON.parse(response.to_str, :symbolize_names => true)
|
data/lib/hakiri/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,130 +1,148 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hakiri
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
|
+
prerelease:
|
|
5
6
|
platform: ruby
|
|
6
7
|
authors:
|
|
7
8
|
- Vasily Vasinov
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: bin
|
|
10
11
|
cert_chain: []
|
|
11
|
-
date:
|
|
12
|
+
date: 2014-02-04 00:00:00.000000000 Z
|
|
12
13
|
dependencies:
|
|
13
14
|
- !ruby/object:Gem::Dependency
|
|
14
15
|
name: bundler
|
|
15
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
16
18
|
requirements:
|
|
17
|
-
- - '>='
|
|
19
|
+
- - ! '>='
|
|
18
20
|
- !ruby/object:Gem::Version
|
|
19
21
|
version: '0'
|
|
20
22
|
type: :runtime
|
|
21
23
|
prerelease: false
|
|
22
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
23
26
|
requirements:
|
|
24
|
-
- - '>='
|
|
27
|
+
- - ! '>='
|
|
25
28
|
- !ruby/object:Gem::Version
|
|
26
29
|
version: '0'
|
|
27
30
|
- !ruby/object:Gem::Dependency
|
|
28
31
|
name: rake
|
|
29
32
|
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
none: false
|
|
30
34
|
requirements:
|
|
31
|
-
- - '>='
|
|
35
|
+
- - ! '>='
|
|
32
36
|
- !ruby/object:Gem::Version
|
|
33
37
|
version: '0'
|
|
34
38
|
type: :runtime
|
|
35
39
|
prerelease: false
|
|
36
40
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
none: false
|
|
37
42
|
requirements:
|
|
38
|
-
- - '>='
|
|
43
|
+
- - ! '>='
|
|
39
44
|
- !ruby/object:Gem::Version
|
|
40
45
|
version: '0'
|
|
41
46
|
- !ruby/object:Gem::Dependency
|
|
42
47
|
name: commander
|
|
43
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
|
+
none: false
|
|
44
50
|
requirements:
|
|
45
|
-
- - '>='
|
|
51
|
+
- - ! '>='
|
|
46
52
|
- !ruby/object:Gem::Version
|
|
47
53
|
version: '0'
|
|
48
54
|
type: :runtime
|
|
49
55
|
prerelease: false
|
|
50
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
+
none: false
|
|
51
58
|
requirements:
|
|
52
|
-
- - '>='
|
|
59
|
+
- - ! '>='
|
|
53
60
|
- !ruby/object:Gem::Version
|
|
54
61
|
version: '0'
|
|
55
62
|
- !ruby/object:Gem::Dependency
|
|
56
63
|
name: terminal-table
|
|
57
64
|
requirement: !ruby/object:Gem::Requirement
|
|
65
|
+
none: false
|
|
58
66
|
requirements:
|
|
59
|
-
- - '>='
|
|
67
|
+
- - ! '>='
|
|
60
68
|
- !ruby/object:Gem::Version
|
|
61
69
|
version: '0'
|
|
62
70
|
type: :runtime
|
|
63
71
|
prerelease: false
|
|
64
72
|
version_requirements: !ruby/object:Gem::Requirement
|
|
73
|
+
none: false
|
|
65
74
|
requirements:
|
|
66
|
-
- - '>='
|
|
75
|
+
- - ! '>='
|
|
67
76
|
- !ruby/object:Gem::Version
|
|
68
77
|
version: '0'
|
|
69
78
|
- !ruby/object:Gem::Dependency
|
|
70
79
|
name: activesupport
|
|
71
80
|
requirement: !ruby/object:Gem::Requirement
|
|
81
|
+
none: false
|
|
72
82
|
requirements:
|
|
73
|
-
- - '>='
|
|
83
|
+
- - ! '>='
|
|
74
84
|
- !ruby/object:Gem::Version
|
|
75
85
|
version: '0'
|
|
76
86
|
type: :runtime
|
|
77
87
|
prerelease: false
|
|
78
88
|
version_requirements: !ruby/object:Gem::Requirement
|
|
89
|
+
none: false
|
|
79
90
|
requirements:
|
|
80
|
-
- - '>='
|
|
91
|
+
- - ! '>='
|
|
81
92
|
- !ruby/object:Gem::Version
|
|
82
93
|
version: '0'
|
|
83
94
|
- !ruby/object:Gem::Dependency
|
|
84
95
|
name: i18n
|
|
85
96
|
requirement: !ruby/object:Gem::Requirement
|
|
97
|
+
none: false
|
|
86
98
|
requirements:
|
|
87
|
-
- - '>='
|
|
99
|
+
- - ! '>='
|
|
88
100
|
- !ruby/object:Gem::Version
|
|
89
101
|
version: '0'
|
|
90
102
|
type: :runtime
|
|
91
103
|
prerelease: false
|
|
92
104
|
version_requirements: !ruby/object:Gem::Requirement
|
|
105
|
+
none: false
|
|
93
106
|
requirements:
|
|
94
|
-
- - '>='
|
|
107
|
+
- - ! '>='
|
|
95
108
|
- !ruby/object:Gem::Version
|
|
96
109
|
version: '0'
|
|
97
110
|
- !ruby/object:Gem::Dependency
|
|
98
111
|
name: rest-client
|
|
99
112
|
requirement: !ruby/object:Gem::Requirement
|
|
113
|
+
none: false
|
|
100
114
|
requirements:
|
|
101
|
-
- - '>='
|
|
115
|
+
- - ! '>='
|
|
102
116
|
- !ruby/object:Gem::Version
|
|
103
117
|
version: '0'
|
|
104
118
|
type: :runtime
|
|
105
119
|
prerelease: false
|
|
106
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
none: false
|
|
107
122
|
requirements:
|
|
108
|
-
- - '>='
|
|
123
|
+
- - ! '>='
|
|
109
124
|
- !ruby/object:Gem::Version
|
|
110
125
|
version: '0'
|
|
111
126
|
- !ruby/object:Gem::Dependency
|
|
112
|
-
name:
|
|
127
|
+
name: json
|
|
113
128
|
requirement: !ruby/object:Gem::Requirement
|
|
129
|
+
none: false
|
|
114
130
|
requirements:
|
|
115
|
-
- - '>='
|
|
131
|
+
- - ! '>='
|
|
116
132
|
- !ruby/object:Gem::Version
|
|
117
133
|
version: '0'
|
|
118
134
|
type: :runtime
|
|
119
135
|
prerelease: false
|
|
120
136
|
version_requirements: !ruby/object:Gem::Requirement
|
|
137
|
+
none: false
|
|
121
138
|
requirements:
|
|
122
|
-
- - '>='
|
|
139
|
+
- - ! '>='
|
|
123
140
|
- !ruby/object:Gem::Version
|
|
124
141
|
version: '0'
|
|
125
142
|
- !ruby/object:Gem::Dependency
|
|
126
143
|
name: minitest
|
|
127
144
|
requirement: !ruby/object:Gem::Requirement
|
|
145
|
+
none: false
|
|
128
146
|
requirements:
|
|
129
147
|
- - ~>
|
|
130
148
|
- !ruby/object:Gem::Version
|
|
@@ -132,6 +150,7 @@ dependencies:
|
|
|
132
150
|
type: :development
|
|
133
151
|
prerelease: false
|
|
134
152
|
version_requirements: !ruby/object:Gem::Requirement
|
|
153
|
+
none: false
|
|
135
154
|
requirements:
|
|
136
155
|
- - ~>
|
|
137
156
|
- !ruby/object:Gem::Version
|
|
@@ -194,25 +213,26 @@ files:
|
|
|
194
213
|
homepage: https://hakiri.io
|
|
195
214
|
licenses:
|
|
196
215
|
- MIT
|
|
197
|
-
metadata: {}
|
|
198
216
|
post_install_message:
|
|
199
217
|
rdoc_options: []
|
|
200
218
|
require_paths:
|
|
201
219
|
- lib
|
|
202
220
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
221
|
+
none: false
|
|
203
222
|
requirements:
|
|
204
|
-
- - '>='
|
|
223
|
+
- - ! '>='
|
|
205
224
|
- !ruby/object:Gem::Version
|
|
206
225
|
version: '0'
|
|
207
226
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
227
|
+
none: false
|
|
208
228
|
requirements:
|
|
209
|
-
- - '>='
|
|
229
|
+
- - ! '>='
|
|
210
230
|
- !ruby/object:Gem::Version
|
|
211
231
|
version: '0'
|
|
212
232
|
requirements: []
|
|
213
233
|
rubyforge_project:
|
|
214
|
-
rubygems_version:
|
|
234
|
+
rubygems_version: 1.8.23
|
|
215
235
|
signing_key:
|
|
216
|
-
specification_version:
|
|
236
|
+
specification_version: 3
|
|
217
237
|
summary: Secure Rails with Hakiri
|
|
218
238
|
test_files: []
|
checksums.yaml
DELETED
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
SHA1:
|
|
3
|
-
metadata.gz: 5e49876e019d919c98751026b52b78beb90dce38
|
|
4
|
-
data.tar.gz: ba257f0be25ca4101adebd7c5dc14631b7dda318
|
|
5
|
-
SHA512:
|
|
6
|
-
metadata.gz: ba4cc5a98b0868c5eacf543e472b26238b1f8020812f8fb8dd47fcdeb1395119ca0b6ebca7ddbbb02cdecca05172692ed9c3132c936c0ade6050738dd846e714
|
|
7
|
-
data.tar.gz: 7176ff6cf3b7f7e037e69a87ad41e709dbab0689b11ee25a072ea69bad0337f301016e09abb82a8ee26bb3680463abd11fabb4e69572a9745d21a8af20fd4392
|