holepicker 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
data/Changelog.markdown CHANGED
@@ -0,0 +1,9 @@
1
+ #### Version 0.1.2 (23.02.2013)
2
+
3
+ * fixed issue on Ruby 1.8
4
+ * fixed issue with relative paths like '.' in parameters
5
+ * fixed parsing gemfiles with platform-specific gems (e.g. mingw32)
6
+
7
+ #### Version 0.1.1 (18.82.2013)
8
+
9
+ * first public version
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- holepicker (0.1)
4
+ holepicker (0.1.2)
5
5
  json (>= 1.7.7)
6
6
  rainbow (>= 1.1.4)
7
7
 
data/README.markdown CHANGED
@@ -79,12 +79,13 @@ Use an offline copy of the data file - useful if you really need to run the tool
79
79
 
80
80
  ## Similar projects
81
81
 
82
- The [bundler-audit](https://github.com/postmodern/bundler-audit) project that was also created this week has a similar purpose, but it only uses an offline issue list and it only scans the current project.
83
-
84
- The [gemcanary](https://gemcanary.com/) project might be something similar, but it hasn't been released yet (as of 16.02).
85
-
86
- It might make sense to agree on a shared list of vulnerabilities in the future that these and other projects could share - no point having the same information in a few different places maintained by a few people in parallel.
82
+ There are a few other projects with a similar purpose, take a look if HolePicker isn't exactly what you need:
87
83
 
84
+ * [bundler-audit](https://github.com/postmodern/bundler-audit) - scans the current project when the app is loaded
85
+ * [bundler-organization_audit](https://github.com/grosser/bundler-organization_audit) - scans all your projects on GitHub
86
+ * [ruby-advisory-db](https://github.com/rubysec/ruby-advisory-db) - a shared database of vulnerabilities - I'll try to integrate holepicker with it later
87
+ * [gemcanary](https://gemcanary.com/) - some kind of web service, not released yet (as of 23.02)
88
+ * [gems-status](https://github.com/jordimassaguerpla/gems-status) - a more general tool for checking everything that might be wrong with your gems (work in progress)
88
89
 
89
90
  ## Credits & contributing
90
91
 
data/bin/holepicker CHANGED
@@ -31,6 +31,11 @@ OptionParser.new do |opts|
31
31
  options[:offline] = true
32
32
  end
33
33
 
34
+ opts.on("-r", "--skip-releases",
35
+ "Skip gemfiles in 'releases' directory (like -c but will include non-Capistrano deploys)") do
36
+ options[:skip_releases] = true
37
+ end
38
+
34
39
  opts.on("-h", "--help", "Display this help") do
35
40
  puts opts
36
41
  exit
@@ -2,7 +2,7 @@ require 'rubygems'
2
2
 
3
3
  module HolePicker
4
4
  class Gem
5
- GEM_LINE_PATTERN = /([\w\-]+) \(([^)]+)\)/
5
+ GEM_LINE_PATTERN = /([\w\-]+) \(([\d\w]+(\.[\d\w]+)*)(\-\w+)*\)/
6
6
 
7
7
  attr_reader :name, :version
8
8
 
@@ -1,6 +1,7 @@
1
1
  require 'holepicker/database'
2
2
  require 'holepicker/utils'
3
3
  require 'net/http'
4
+ require 'net/https'
4
5
 
5
6
  module HolePicker
6
7
  class OnlineDatabase < Database
@@ -71,6 +71,7 @@ module HolePicker
71
71
  end
72
72
 
73
73
  def scan_path(path)
74
+ path = File.expand_path(path)
74
75
  gemfiles = @roots ? find_gemfiles_in_configs(path) : find_gemfiles_in_path(path)
75
76
  gemfiles.each { |f| scan_gemfile(f) }
76
77
  end
@@ -108,8 +109,8 @@ module HolePicker
108
109
  if @matched_gemfiles == 0
109
110
  puts "No vulnerabilities found."
110
111
  else
111
- puts ("#{@matched_gems} vulnerable #{Utils.pluralize(@matched_gems, 'gem')} found in " +
112
- "#{@matched_gemfiles} #{Utils.pluralize(@matched_gemfiles, 'gemfile')}!").color(:red) + "\n\n"
112
+ puts(("#{@matched_gems} vulnerable #{Utils.pluralize(@matched_gems, 'gem')} found in " +
113
+ "#{@matched_gemfiles} #{Utils.pluralize(@matched_gemfiles, 'gemfile')}!").color(:red) + "\n\n")
113
114
 
114
115
  @found_vulnerabilities.sort_by(&:id).each do |v|
115
116
  puts "[#{v.tag}] #{v.day}: #{v.url}"
@@ -1,7 +1,7 @@
1
1
  require 'rubygems'
2
2
 
3
3
  module HolePicker
4
- VERSION = "0.1.1"
4
+ VERSION = "0.1.2"
5
5
 
6
6
  def self.version
7
7
  ::Gem::Version.new(VERSION)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: holepicker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-02-18 00:00:00.000000000 Z
12
+ date: 2013-02-23 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: json