holepicker 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. data/Changelog.markdown +9 -0
  2. data/Gemfile.lock +1 -1
  3. data/README.markdown +6 -5
  4. data/bin/holepicker +5 -0
  5. data/lib/holepicker/gem.rb +1 -1
  6. data/lib/holepicker/online_database.rb +1 -0
  7. data/lib/holepicker/scanner.rb +3 -2
  8. data/lib/holepicker/version.rb +1 -1
  9. metadata +2 -2
data/Changelog.markdown CHANGED
@@ -0,0 +1,9 @@
1
+ #### Version 0.1.2 (23.02.2013)
2
+
3
+ * fixed issue on Ruby 1.8
4
+ * fixed issue with relative paths like '.' in parameters
5
+ * fixed parsing gemfiles with platform-specific gems (e.g. mingw32)
6
+
7
+ #### Version 0.1.1 (18.82.2013)
8
+
9
+ * first public version
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- holepicker (0.1)
4
+ holepicker (0.1.2)
5
5
  json (>= 1.7.7)
6
6
  rainbow (>= 1.1.4)
7
7
 
data/README.markdown CHANGED
@@ -79,12 +79,13 @@ Use an offline copy of the data file - useful if you really need to run the tool
79
79
 
80
80
  ## Similar projects
81
81
 
82
- The [bundler-audit](https://github.com/postmodern/bundler-audit) project that was also created this week has a similar purpose, but it only uses an offline issue list and it only scans the current project.
83
-
84
- The [gemcanary](https://gemcanary.com/) project might be something similar, but it hasn't been released yet (as of 16.02).
85
-
86
- It might make sense to agree on a shared list of vulnerabilities in the future that these and other projects could share - no point having the same information in a few different places maintained by a few people in parallel.
82
+ There are a few other projects with a similar purpose, take a look if HolePicker isn't exactly what you need:
87
83
 
84
+ * [bundler-audit](https://github.com/postmodern/bundler-audit) - scans the current project when the app is loaded
85
+ * [bundler-organization_audit](https://github.com/grosser/bundler-organization_audit) - scans all your projects on GitHub
86
+ * [ruby-advisory-db](https://github.com/rubysec/ruby-advisory-db) - a shared database of vulnerabilities - I'll try to integrate holepicker with it later
87
+ * [gemcanary](https://gemcanary.com/) - some kind of web service, not released yet (as of 23.02)
88
+ * [gems-status](https://github.com/jordimassaguerpla/gems-status) - a more general tool for checking everything that might be wrong with your gems (work in progress)
88
89
 
89
90
  ## Credits & contributing
90
91
 
data/bin/holepicker CHANGED
@@ -31,6 +31,11 @@ OptionParser.new do |opts|
31
31
  options[:offline] = true
32
32
  end
33
33
 
34
+ opts.on("-r", "--skip-releases",
35
+ "Skip gemfiles in 'releases' directory (like -c but will include non-Capistrano deploys)") do
36
+ options[:skip_releases] = true
37
+ end
38
+
34
39
  opts.on("-h", "--help", "Display this help") do
35
40
  puts opts
36
41
  exit
data/lib/holepicker/gem.rb CHANGED
@@ -2,7 +2,7 @@ require 'rubygems'
2
2
 
3
3
  module HolePicker
4
4
  class Gem
5
- GEM_LINE_PATTERN = /([\w\-]+) \(([^)]+)\)/
5
+ GEM_LINE_PATTERN = /([\w\-]+) \(([\d\w]+(\.[\d\w]+)*)(\-\w+)*\)/
6
6
 
7
7
  attr_reader :name, :version
8
8
 
data/lib/holepicker/online_database.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  require 'holepicker/database'
2
2
  require 'holepicker/utils'
3
3
  require 'net/http'
4
+ require 'net/https'
4
5
 
5
6
  module HolePicker
6
7
  class OnlineDatabase < Database
data/lib/holepicker/scanner.rb CHANGED
@@ -71,6 +71,7 @@ module HolePicker
71
71
  end
72
72
 
73
73
  def scan_path(path)
74
+ path = File.expand_path(path)
74
75
  gemfiles = @roots ? find_gemfiles_in_configs(path) : find_gemfiles_in_path(path)
75
76
  gemfiles.each { |f| scan_gemfile(f) }
76
77
  end
@@ -108,8 +109,8 @@ module HolePicker
108
109
  if @matched_gemfiles == 0
109
110
  puts "No vulnerabilities found."
110
111
  else
111
- puts ("#{@matched_gems} vulnerable #{Utils.pluralize(@matched_gems, 'gem')} found in " +
112
- "#{@matched_gemfiles} #{Utils.pluralize(@matched_gemfiles, 'gemfile')}!").color(:red) + "\n\n"
112
+ puts(("#{@matched_gems} vulnerable #{Utils.pluralize(@matched_gems, 'gem')} found in " +
113
+ "#{@matched_gemfiles} #{Utils.pluralize(@matched_gemfiles, 'gemfile')}!").color(:red) + "\n\n")
113
114
 
114
115
  @found_vulnerabilities.sort_by(&:id).each do |v|
115
116
  puts "[#{v.tag}] #{v.day}: #{v.url}"
data/lib/holepicker/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  require 'rubygems'
2
2
 
3
3
  module HolePicker
4
- VERSION = "0.1.1"
4
+ VERSION = "0.1.2"
5
5
 
6
6
  def self.version
7
7
  ::Gem::Version.new(VERSION)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: holepicker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-02-18 00:00:00.000000000 Z
12
+ date: 2013-02-23 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: json