holepicker 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/Changelog.markdown +9 -0
- data/Gemfile.lock +1 -1
- data/README.markdown +6 -5
- data/bin/holepicker +5 -0
- data/lib/holepicker/gem.rb +1 -1
- data/lib/holepicker/online_database.rb +1 -0
- data/lib/holepicker/scanner.rb +3 -2
- data/lib/holepicker/version.rb +1 -1
- metadata +2 -2
data/Changelog.markdown
CHANGED
data/Gemfile.lock
CHANGED
data/README.markdown
CHANGED
|
@@ -79,12 +79,13 @@ Use an offline copy of the data file - useful if you really need to run the tool
|
|
|
79
79
|
|
|
80
80
|
## Similar projects
|
|
81
81
|
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
The [gemcanary](https://gemcanary.com/) project might be something similar, but it hasn't been released yet (as of 16.02).
|
|
85
|
-
|
|
86
|
-
It might make sense to agree on a shared list of vulnerabilities in the future that these and other projects could share - no point having the same information in a few different places maintained by a few people in parallel.
|
|
82
|
+
There are a few other projects with a similar purpose, take a look if HolePicker isn't exactly what you need:
|
|
87
83
|
|
|
84
|
+
* [bundler-audit](https://github.com/postmodern/bundler-audit) - scans the current project when the app is loaded
|
|
85
|
+
* [bundler-organization_audit](https://github.com/grosser/bundler-organization_audit) - scans all your projects on GitHub
|
|
86
|
+
* [ruby-advisory-db](https://github.com/rubysec/ruby-advisory-db) - a shared database of vulnerabilities - I'll try to integrate holepicker with it later
|
|
87
|
+
* [gemcanary](https://gemcanary.com/) - some kind of web service, not released yet (as of 23.02)
|
|
88
|
+
* [gems-status](https://github.com/jordimassaguerpla/gems-status) - a more general tool for checking everything that might be wrong with your gems (work in progress)
|
|
88
89
|
|
|
89
90
|
## Credits & contributing
|
|
90
91
|
|
data/bin/holepicker
CHANGED
|
@@ -31,6 +31,11 @@ OptionParser.new do |opts|
|
|
|
31
31
|
options[:offline] = true
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
+
opts.on("-r", "--skip-releases",
|
|
35
|
+
"Skip gemfiles in 'releases' directory (like -c but will include non-Capistrano deploys)") do
|
|
36
|
+
options[:skip_releases] = true
|
|
37
|
+
end
|
|
38
|
+
|
|
34
39
|
opts.on("-h", "--help", "Display this help") do
|
|
35
40
|
puts opts
|
|
36
41
|
exit
|
data/lib/holepicker/gem.rb
CHANGED
data/lib/holepicker/scanner.rb
CHANGED
|
@@ -71,6 +71,7 @@ module HolePicker
|
|
|
71
71
|
end
|
|
72
72
|
|
|
73
73
|
def scan_path(path)
|
|
74
|
+
path = File.expand_path(path)
|
|
74
75
|
gemfiles = @roots ? find_gemfiles_in_configs(path) : find_gemfiles_in_path(path)
|
|
75
76
|
gemfiles.each { |f| scan_gemfile(f) }
|
|
76
77
|
end
|
|
@@ -108,8 +109,8 @@ module HolePicker
|
|
|
108
109
|
if @matched_gemfiles == 0
|
|
109
110
|
puts "No vulnerabilities found."
|
|
110
111
|
else
|
|
111
|
-
puts
|
|
112
|
-
"#{@matched_gemfiles} #{Utils.pluralize(@matched_gemfiles, 'gemfile')}!").color(:red) + "\n\n"
|
|
112
|
+
puts(("#{@matched_gems} vulnerable #{Utils.pluralize(@matched_gems, 'gem')} found in " +
|
|
113
|
+
"#{@matched_gemfiles} #{Utils.pluralize(@matched_gemfiles, 'gemfile')}!").color(:red) + "\n\n")
|
|
113
114
|
|
|
114
115
|
@found_vulnerabilities.sort_by(&:id).each do |v|
|
|
115
116
|
puts "[#{v.tag}] #{v.day}: #{v.url}"
|
data/lib/holepicker/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: holepicker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-02-
|
|
12
|
+
date: 2013-02-23 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: json
|