holepicker 0.1 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
data/Gemfile CHANGED
@@ -1,2 +1,5 @@
1
1
  source "http://rubygems.org"
2
2
  gemspec
3
+
4
+ gem 'mocha'
5
+ gem 'rspec'
data/Gemfile.lock CHANGED
@@ -8,11 +8,25 @@ PATH
8
8
  GEM
9
9
  remote: http://rubygems.org/
10
10
  specs:
11
+ diff-lcs (1.1.3)
11
12
  json (1.7.7)
13
+ metaclass (0.0.1)
14
+ mocha (0.13.2)
15
+ metaclass (~> 0.0.1)
12
16
  rainbow (1.1.4)
17
+ rspec (2.12.0)
18
+ rspec-core (~> 2.12.0)
19
+ rspec-expectations (~> 2.12.0)
20
+ rspec-mocks (~> 2.12.0)
21
+ rspec-core (2.12.2)
22
+ rspec-expectations (2.12.1)
23
+ diff-lcs (~> 1.1.3)
24
+ rspec-mocks (2.12.2)
13
25
 
14
26
  PLATFORMS
15
27
  ruby
16
28
 
17
29
  DEPENDENCIES
18
30
  holepicker!
31
+ mocha
32
+ rspec
data/README.markdown CHANGED
@@ -2,6 +2,7 @@
2
2
 
3
3
  HolePicker is a Ruby gem for quickly checking all your `Gemfile.lock` files for gem versions with known vulnerabilities.
4
4
 
5
+ [![Build Status](https://travis-ci.org/jsuder/holepicker.png?branch=master)](https://travis-ci.org/jsuder/holepicker)
5
6
 
6
7
  ## The story
7
8
 
@@ -10,13 +11,13 @@ The beginning of 2013 was a [really bad time](http://www.kalzumeus.com/2013/01/3
10
11
 
11
12
  ## Details
12
13
 
13
- The idea is that there is a [JSON file](https://github.com/psionides/holepicker/blob/master/lib/holepicker/data/data.json)\* stored in this repository that lists all the recent security-related updates to popular gems: date of the release, URL of the announcement, and a list of affected gems and updated versions. HolePicker provides a command line tool that **downloads the latest data file from GitHub every time**, scans your `Gemfile.lock` files and checks if they contain vulnerable gem versions.
14
+ The idea is that there is a [JSON file](https://github.com/jsuder/holepicker/blob/master/lib/holepicker/data/data.json)\* stored in this repository that lists all the recent security-related updates to popular gems: date of the release, URL of the announcement, and a list of affected gems and updated versions. HolePicker provides a command line tool that **downloads the latest data file from GitHub every time**, scans your `Gemfile.lock` files and checks if they contain vulnerable gem versions.
14
15
 
15
16
  The reason I've done it this way is to make it easier to run the checks against the very latest version of the vulnerability list. It's kind of important to be sure that you haven't missed any last minute updates, and it would be annoying to have to check for new gem versions every time you want to run the tool (and you might not even remember to do that).
16
17
 
17
18
  If for some reason you don't want to download the JSON file every time, you can use the [`-o` option](#full-option-list). Also, the JSON file specifies the minimum compatible gem version that it can work with, so if new kind of information is added to the file that requires the gem to be updated in order to parse it, the gem will let you know.
18
19
 
19
- Of course the whole system still relies on me manually adding entries to the JSON file and pushing it to GitHub. I'll try to do that quickly, my trusty [@rails_bot](https://github.com/psionides/rails-retweeter-bot) notifies me pretty quickly when something really bad is happening. If for some reason I don't update the list in time, by all means please send me a pull request.
20
+ Of course the whole system still relies on me manually adding entries to the JSON file and pushing it to GitHub. I'll try to do that quickly, my trusty [@rails_bot](https://github.com/jsuder/rails-retweeter-bot) notifies me pretty quickly when something really bad is happening. If for some reason I don't update the list in time, by all means please send me a pull request.
20
21
 
21
22
  (\*) YAML obviously wouldn't be appropriate, if you know what I mean.
22
23
 
@@ -4,8 +4,7 @@ require 'net/http'
4
4
 
5
5
  module HolePicker
6
6
  class OnlineDatabase < Database
7
- # TODO temporary link
8
- URL='http://pastie.org/pastes/6183429/download?key=qryhowarb9i7hoqqyvy0q'
7
+ URL='https://raw.github.com/jsuder/holepicker/master/lib/holepicker/data/data.json'
9
8
 
10
9
  def self.load
11
10
  puts "Fetching list of vulnerabilities..."
@@ -1,7 +1,7 @@
1
1
  require 'rubygems'
2
2
 
3
3
  module HolePicker
4
- VERSION = "0.1"
4
+ VERSION = "0.1.1"
5
5
 
6
6
  def self.version
7
7
  ::Gem::Version.new(VERSION)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: holepicker
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.1'
4
+ version: 0.1.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-02-16 00:00:00.000000000 Z
12
+ date: 2013-02-18 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: json
@@ -67,7 +67,7 @@ files:
67
67
  - lib/holepicker/vulnerability.rb
68
68
  - lib/holepicker.rb
69
69
  - bin/holepicker
70
- homepage: http://github.com/psionides/holepicker
70
+ homepage: http://github.com/jsuder/holepicker
71
71
  licenses: []
72
72
  post_install_message:
73
73
  rdoc_options: []