holepicker 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Changelog.markdown +4 -0
- data/Gemfile +1 -0
- data/Gemfile.lock +18 -1
- data/README.markdown +4 -0
- data/lib/holepicker/data/data.json +25 -0
- data/lib/holepicker/scanner.rb +8 -0
- data/lib/holepicker/version.rb +1 -1
- data/lib/holepicker/vulnerability.rb +2 -1
- metadata +61 -45
- checksums.yaml +0 -15
data/Changelog.markdown
CHANGED
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
holepicker (0.2.
|
|
4
|
+
holepicker (0.2.1)
|
|
5
5
|
json (>= 1.7.7)
|
|
6
6
|
rainbow (>= 1.1.4)
|
|
7
7
|
|
|
@@ -9,14 +9,25 @@ GEM
|
|
|
9
9
|
remote: http://rubygems.org/
|
|
10
10
|
specs:
|
|
11
11
|
addressable (2.2.8)
|
|
12
|
+
colorize (0.5.8)
|
|
13
|
+
coveralls (0.6.2)
|
|
14
|
+
colorize
|
|
15
|
+
multi_json (~> 1.3)
|
|
16
|
+
rest-client
|
|
17
|
+
simplecov (>= 0.7)
|
|
18
|
+
thor
|
|
12
19
|
crack (0.3.2)
|
|
13
20
|
diff-lcs (1.1.3)
|
|
14
21
|
fakefs (0.4.2)
|
|
15
22
|
json (1.7.7)
|
|
16
23
|
metaclass (0.0.1)
|
|
24
|
+
mime-types (1.21)
|
|
17
25
|
mocha (0.13.2)
|
|
18
26
|
metaclass (~> 0.0.1)
|
|
27
|
+
multi_json (1.6.1)
|
|
19
28
|
rainbow (1.1.4)
|
|
29
|
+
rest-client (1.6.7)
|
|
30
|
+
mime-types (>= 1.16)
|
|
20
31
|
rspec (2.12.0)
|
|
21
32
|
rspec-core (~> 2.12.0)
|
|
22
33
|
rspec-expectations (~> 2.12.0)
|
|
@@ -25,6 +36,11 @@ GEM
|
|
|
25
36
|
rspec-expectations (2.12.1)
|
|
26
37
|
diff-lcs (~> 1.1.3)
|
|
27
38
|
rspec-mocks (2.12.2)
|
|
39
|
+
simplecov (0.7.1)
|
|
40
|
+
multi_json (~> 1.0)
|
|
41
|
+
simplecov-html (~> 0.7.1)
|
|
42
|
+
simplecov-html (0.7.1)
|
|
43
|
+
thor (0.17.0)
|
|
28
44
|
webmock (1.8.7)
|
|
29
45
|
addressable (>= 2.2.7)
|
|
30
46
|
crack (>= 0.1.7)
|
|
@@ -33,6 +49,7 @@ PLATFORMS
|
|
|
33
49
|
ruby
|
|
34
50
|
|
|
35
51
|
DEPENDENCIES
|
|
52
|
+
coveralls
|
|
36
53
|
fakefs
|
|
37
54
|
holepicker!
|
|
38
55
|
mocha
|
data/README.markdown
CHANGED
|
@@ -2,7 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
HolePicker is a Ruby gem for quickly checking all your `Gemfile.lock` files for gem versions with known vulnerabilities.
|
|
4
4
|
|
|
5
|
+
[](http://badge.fury.io/rb/holepicker)
|
|
6
|
+
|
|
5
7
|
[](https://travis-ci.org/jsuder/holepicker)
|
|
8
|
+
|
|
9
|
+
[](https://codeclimate.com/github/jsuder/rails-retweeter-bot)
|
|
6
10
|
|
|
7
11
|
## The story
|
|
8
12
|
|
|
@@ -1,6 +1,14 @@
|
|
|
1
1
|
{
|
|
2
2
|
"min_version": "0.1",
|
|
3
3
|
"vulnerabilities": [
|
|
4
|
+
{
|
|
5
|
+
"gems": {
|
|
6
|
+
"rails": ["3.2.13", "3.1.12", "2.3.18"]
|
|
7
|
+
},
|
|
8
|
+
"url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/",
|
|
9
|
+
"date": "2013-03-18T17:21Z",
|
|
10
|
+
"note": "Warning: there are several issues with Rails 3.2.13, affecting view performance and other things; see http://blog.bugsnag.com/2013/03/20/rails-3-2-13-performance-regressions-major-bugs/ for more info."
|
|
11
|
+
},
|
|
4
12
|
{
|
|
5
13
|
"gems": {
|
|
6
14
|
"rails": ["3.2.12", "3.1.11", "2.3.17"]
|
|
@@ -37,6 +45,23 @@
|
|
|
37
45
|
"url": "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/",
|
|
38
46
|
"date": "2013-01-28T15:03Z"
|
|
39
47
|
},
|
|
48
|
+
{
|
|
49
|
+
"gems": {
|
|
50
|
+
"httparty": ["0.10.0"],
|
|
51
|
+
"extlib": ["0.9.16"],
|
|
52
|
+
"crack": ["0.3.2"],
|
|
53
|
+
"nori": ["2.0.2", "1.1.4", "1.0.3"]
|
|
54
|
+
},
|
|
55
|
+
"url": "https://support.cloud.engineyard.com/entries/22915701-January-14-2013-Security-vulnerabilities-httparty-extlib-crack-nori-Update-these-gems-immediately",
|
|
56
|
+
"date": "2013-01-15T13:10Z"
|
|
57
|
+
},
|
|
58
|
+
{
|
|
59
|
+
"gems": {
|
|
60
|
+
"multi_xml": ["0.5.2"]
|
|
61
|
+
},
|
|
62
|
+
"url": "https://twitter.com/sferik/status/289640482420695040",
|
|
63
|
+
"date": "2013-01-11T07:50Z"
|
|
64
|
+
},
|
|
40
65
|
{
|
|
41
66
|
"gems": {
|
|
42
67
|
"rails": ["3.2.11", "3.1.10", "3.0.19", "2.3.15"]
|
data/lib/holepicker/scanner.rb
CHANGED
|
@@ -106,6 +106,14 @@ module HolePicker
|
|
|
106
106
|
@found_vulnerabilities.sort_by(&:id).each do |v|
|
|
107
107
|
puts "[#{v.tag}] #{v.day}: #{v.url}"
|
|
108
108
|
end
|
|
109
|
+
|
|
110
|
+
if @found_vulnerabilities.any?(&:note)
|
|
111
|
+
puts
|
|
112
|
+
|
|
113
|
+
@found_vulnerabilities.select(&:note).each do |v|
|
|
114
|
+
puts "[#{v.tag}] #{v.note}"
|
|
115
|
+
end
|
|
116
|
+
end
|
|
109
117
|
end
|
|
110
118
|
end
|
|
111
119
|
end
|
data/lib/holepicker/version.rb
CHANGED
|
@@ -6,7 +6,7 @@ module HolePicker
|
|
|
6
6
|
NEW_VULNERABILITY_DAYS = 7
|
|
7
7
|
NEW_VULNERABILITY_TIME = NEW_VULNERABILITY_DAYS * 86400
|
|
8
8
|
|
|
9
|
-
attr_reader :id, :date, :url, :gems
|
|
9
|
+
attr_reader :id, :date, :url, :note, :gems
|
|
10
10
|
|
|
11
11
|
def self.next_id
|
|
12
12
|
@@count ||= 0
|
|
@@ -22,6 +22,7 @@ module HolePicker
|
|
|
22
22
|
|
|
23
23
|
@id = self.class.next_id
|
|
24
24
|
@url = json['url']
|
|
25
|
+
@note = json['note']
|
|
25
26
|
@date = Time.parse(json['date'])
|
|
26
27
|
end
|
|
27
28
|
|
metadata
CHANGED
|
@@ -1,50 +1,59 @@
|
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: holepicker
|
|
3
|
-
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
prerelease: false
|
|
5
|
+
segments:
|
|
6
|
+
- 0
|
|
7
|
+
- 2
|
|
8
|
+
- 1
|
|
9
|
+
version: 0.2.1
|
|
5
10
|
platform: ruby
|
|
6
|
-
authors:
|
|
11
|
+
authors:
|
|
7
12
|
- Jakub Suder
|
|
8
13
|
autorequire:
|
|
9
14
|
bindir: bin
|
|
10
15
|
cert_chain: []
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
16
|
+
|
|
17
|
+
date: 2013-03-21 00:00:00 +01:00
|
|
18
|
+
default_executable:
|
|
19
|
+
dependencies:
|
|
20
|
+
- !ruby/object:Gem::Dependency
|
|
14
21
|
name: json
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - ! '>='
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: 1.7.7
|
|
20
|
-
type: :runtime
|
|
21
22
|
prerelease: false
|
|
22
|
-
|
|
23
|
-
requirements:
|
|
24
|
-
- -
|
|
25
|
-
- !ruby/object:Gem::Version
|
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
|
24
|
+
requirements:
|
|
25
|
+
- - ">="
|
|
26
|
+
- !ruby/object:Gem::Version
|
|
27
|
+
segments:
|
|
28
|
+
- 1
|
|
29
|
+
- 7
|
|
30
|
+
- 7
|
|
26
31
|
version: 1.7.7
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: rainbow
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - ! '>='
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: 1.1.4
|
|
34
32
|
type: :runtime
|
|
33
|
+
version_requirements: *id001
|
|
34
|
+
- !ruby/object:Gem::Dependency
|
|
35
|
+
name: rainbow
|
|
35
36
|
prerelease: false
|
|
36
|
-
|
|
37
|
-
requirements:
|
|
38
|
-
- -
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
37
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
|
38
|
+
requirements:
|
|
39
|
+
- - ">="
|
|
40
|
+
- !ruby/object:Gem::Version
|
|
41
|
+
segments:
|
|
42
|
+
- 1
|
|
43
|
+
- 1
|
|
44
|
+
- 4
|
|
40
45
|
version: 1.1.4
|
|
46
|
+
type: :runtime
|
|
47
|
+
version_requirements: *id002
|
|
41
48
|
description:
|
|
42
49
|
email: jakub.suder@gmail.com
|
|
43
|
-
executables:
|
|
50
|
+
executables:
|
|
44
51
|
- holepicker
|
|
45
52
|
extensions: []
|
|
53
|
+
|
|
46
54
|
extra_rdoc_files: []
|
|
47
|
-
|
|
55
|
+
|
|
56
|
+
files:
|
|
48
57
|
- MIT-LICENSE.txt
|
|
49
58
|
- README.markdown
|
|
50
59
|
- Changelog.markdown
|
|
@@ -65,28 +74,35 @@ files:
|
|
|
65
74
|
- lib/holepicker/version.rb
|
|
66
75
|
- lib/holepicker/vulnerability.rb
|
|
67
76
|
- lib/holepicker.rb
|
|
68
|
-
|
|
77
|
+
has_rdoc: true
|
|
69
78
|
homepage: http://github.com/jsuder/holepicker
|
|
70
79
|
licenses: []
|
|
71
|
-
|
|
80
|
+
|
|
72
81
|
post_install_message:
|
|
73
82
|
rdoc_options: []
|
|
74
|
-
|
|
83
|
+
|
|
84
|
+
require_paths:
|
|
75
85
|
- lib
|
|
76
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
|
77
|
-
requirements:
|
|
78
|
-
- -
|
|
79
|
-
- !ruby/object:Gem::Version
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
87
|
+
requirements:
|
|
88
|
+
- - ">="
|
|
89
|
+
- !ruby/object:Gem::Version
|
|
90
|
+
segments:
|
|
91
|
+
- 0
|
|
92
|
+
version: "0"
|
|
93
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
94
|
+
requirements:
|
|
95
|
+
- - ">="
|
|
96
|
+
- !ruby/object:Gem::Version
|
|
97
|
+
segments:
|
|
98
|
+
- 0
|
|
99
|
+
version: "0"
|
|
86
100
|
requirements: []
|
|
101
|
+
|
|
87
102
|
rubyforge_project:
|
|
88
|
-
rubygems_version:
|
|
103
|
+
rubygems_version: 1.3.6
|
|
89
104
|
signing_key:
|
|
90
|
-
specification_version:
|
|
105
|
+
specification_version: 3
|
|
91
106
|
summary: A tool for checking gem versions in Gemfile.lock files for known vulnerabilities
|
|
92
107
|
test_files: []
|
|
108
|
+
|
checksums.yaml
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
!binary "U0hBMQ==":
|
|
3
|
-
metadata.gz: !binary |-
|
|
4
|
-
OTdjY2M3YzA1YTE1MTc4MmZiYzE5YzNkNGVlMWIwYmNlYjE0YmZmMQ==
|
|
5
|
-
data.tar.gz: !binary |-
|
|
6
|
-
NmNhZTIyZTQ5YzNjNDBjOWMzMGM2OGU0ZTZjMWFlNjhkOGYxODBjNA==
|
|
7
|
-
!binary "U0hBNTEy":
|
|
8
|
-
metadata.gz: !binary |-
|
|
9
|
-
NjNhMzhiNGM1YmFhNTYzNzc3YzgzMjRkNWQ4N2I3OWU2ZDFiMmNhNTc1YTEw
|
|
10
|
-
MzJmZDI4NWQ5MWE0OGUyODkzYWVmMTVlOTI0ZGQ5NTFhOWZkMTljYTMzOGVh
|
|
11
|
-
Yjg3MzRhMGE5YWY2MWUyMzQ2ZTJmZGQxMGMwMzg3N2NiMjI5YWE=
|
|
12
|
-
data.tar.gz: !binary |-
|
|
13
|
-
NzQzMmNiOTJiZTdiZTYyODA1N2U3MzgyNjViNGRiY2RhYWMxMWE5NmI2OGNk
|
|
14
|
-
MmZkYWU2Y2MyM2ZlMjMyNzZhNTY2YjgzOTNkZTVmNDE1YTk3ODc3NDU4MDVl
|
|
15
|
-
MzIyNzBmNmQ1ODEzOTI0ZmNhNWFhNDExNzQwMzhiYTMzZDhmZWI=
|