holepicker 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. data/Changelog.markdown +4 -0
  2. data/Gemfile +1 -0
  3. data/Gemfile.lock +18 -1
  4. data/README.markdown +4 -0
  5. data/lib/holepicker/data/data.json +25 -0
  6. data/lib/holepicker/scanner.rb +8 -0
  7. data/lib/holepicker/version.rb +1 -1
  8. data/lib/holepicker/vulnerability.rb +2 -1
  9. metadata +61 -45
  10. checksums.yaml +0 -15
data/Changelog.markdown CHANGED
@@ -1,3 +1,7 @@
1
+ #### Version 0.2.1 (21.03.2013)
2
+
3
+ * added possibility to display additional notes about specific vulnerabilities (see data.json)
4
+
1
5
  #### Version 0.2.0 (7.03.2013)
2
6
 
3
7
  * Capistrano recipe (@manuelvanrijn)
data/Gemfile CHANGED
@@ -1,6 +1,7 @@
1
1
  source "http://rubygems.org"
2
2
  gemspec
3
3
 
4
+ gem 'coveralls'
4
5
  gem 'fakefs'
5
6
  gem 'mocha'
6
7
  gem 'rspec'
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- holepicker (0.2.0)
4
+ holepicker (0.2.1)
5
5
  json (>= 1.7.7)
6
6
  rainbow (>= 1.1.4)
7
7
 
@@ -9,14 +9,25 @@ GEM
9
9
  remote: http://rubygems.org/
10
10
  specs:
11
11
  addressable (2.2.8)
12
+ colorize (0.5.8)
13
+ coveralls (0.6.2)
14
+ colorize
15
+ multi_json (~> 1.3)
16
+ rest-client
17
+ simplecov (>= 0.7)
18
+ thor
12
19
  crack (0.3.2)
13
20
  diff-lcs (1.1.3)
14
21
  fakefs (0.4.2)
15
22
  json (1.7.7)
16
23
  metaclass (0.0.1)
24
+ mime-types (1.21)
17
25
  mocha (0.13.2)
18
26
  metaclass (~> 0.0.1)
27
+ multi_json (1.6.1)
19
28
  rainbow (1.1.4)
29
+ rest-client (1.6.7)
30
+ mime-types (>= 1.16)
20
31
  rspec (2.12.0)
21
32
  rspec-core (~> 2.12.0)
22
33
  rspec-expectations (~> 2.12.0)
@@ -25,6 +36,11 @@ GEM
25
36
  rspec-expectations (2.12.1)
26
37
  diff-lcs (~> 1.1.3)
27
38
  rspec-mocks (2.12.2)
39
+ simplecov (0.7.1)
40
+ multi_json (~> 1.0)
41
+ simplecov-html (~> 0.7.1)
42
+ simplecov-html (0.7.1)
43
+ thor (0.17.0)
28
44
  webmock (1.8.7)
29
45
  addressable (>= 2.2.7)
30
46
  crack (>= 0.1.7)
@@ -33,6 +49,7 @@ PLATFORMS
33
49
  ruby
34
50
 
35
51
  DEPENDENCIES
52
+ coveralls
36
53
  fakefs
37
54
  holepicker!
38
55
  mocha
data/README.markdown CHANGED
@@ -2,7 +2,11 @@
2
2
 
3
3
  HolePicker is a Ruby gem for quickly checking all your `Gemfile.lock` files for gem versions with known vulnerabilities.
4
4
 
5
+ [![Gem Version](https://badge.fury.io/rb/holepicker.png)](http://badge.fury.io/rb/holepicker)
6
+  
5
7
  [![Build Status](https://travis-ci.org/jsuder/holepicker.png?branch=master)](https://travis-ci.org/jsuder/holepicker)
8
+  
9
+ [![Code Climate](https://codeclimate.com/github/jsuder/rails-retweeter-bot.png)](https://codeclimate.com/github/jsuder/rails-retweeter-bot)
6
10
 
7
11
  ## The story
8
12
 
data/lib/holepicker/data/data.json CHANGED
@@ -1,6 +1,14 @@
1
1
  {
2
2
  "min_version": "0.1",
3
3
  "vulnerabilities": [
4
+ {
5
+ "gems": {
6
+ "rails": ["3.2.13", "3.1.12", "2.3.18"]
7
+ },
8
+ "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/",
9
+ "date": "2013-03-18T17:21Z",
10
+ "note": "Warning: there are several issues with Rails 3.2.13, affecting view performance and other things; see http://blog.bugsnag.com/2013/03/20/rails-3-2-13-performance-regressions-major-bugs/ for more info."
11
+ },
4
12
  {
5
13
  "gems": {
6
14
  "rails": ["3.2.12", "3.1.11", "2.3.17"]
@@ -37,6 +45,23 @@
37
45
  "url": "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/",
38
46
  "date": "2013-01-28T15:03Z"
39
47
  },
48
+ {
49
+ "gems": {
50
+ "httparty": ["0.10.0"],
51
+ "extlib": ["0.9.16"],
52
+ "crack": ["0.3.2"],
53
+ "nori": ["2.0.2", "1.1.4", "1.0.3"]
54
+ },
55
+ "url": "https://support.cloud.engineyard.com/entries/22915701-January-14-2013-Security-vulnerabilities-httparty-extlib-crack-nori-Update-these-gems-immediately",
56
+ "date": "2013-01-15T13:10Z"
57
+ },
58
+ {
59
+ "gems": {
60
+ "multi_xml": ["0.5.2"]
61
+ },
62
+ "url": "https://twitter.com/sferik/status/289640482420695040",
63
+ "date": "2013-01-11T07:50Z"
64
+ },
40
65
  {
41
66
  "gems": {
42
67
  "rails": ["3.2.11", "3.1.10", "3.0.19", "2.3.15"]
data/lib/holepicker/scanner.rb CHANGED
@@ -106,6 +106,14 @@ module HolePicker
106
106
  @found_vulnerabilities.sort_by(&:id).each do |v|
107
107
  puts "[#{v.tag}] #{v.day}: #{v.url}"
108
108
  end
109
+
110
+ if @found_vulnerabilities.any?(&:note)
111
+ puts
112
+
113
+ @found_vulnerabilities.select(&:note).each do |v|
114
+ puts "[#{v.tag}] #{v.note}"
115
+ end
116
+ end
109
117
  end
110
118
  end
111
119
  end
data/lib/holepicker/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  require 'rubygems'
2
2
 
3
3
  module HolePicker
4
- VERSION = "0.2.0"
4
+ VERSION = "0.2.1"
5
5
 
6
6
  def self.version
7
7
  ::Gem::Version.new(VERSION)
data/lib/holepicker/vulnerability.rb CHANGED
@@ -6,7 +6,7 @@ module HolePicker
6
6
  NEW_VULNERABILITY_DAYS = 7
7
7
  NEW_VULNERABILITY_TIME = NEW_VULNERABILITY_DAYS * 86400
8
8
 
9
- attr_reader :id, :date, :url, :gems
9
+ attr_reader :id, :date, :url, :note, :gems
10
10
 
11
11
  def self.next_id
12
12
  @@count ||= 0
@@ -22,6 +22,7 @@ module HolePicker
22
22
 
23
23
  @id = self.class.next_id
24
24
  @url = json['url']
25
+ @note = json['note']
25
26
  @date = Time.parse(json['date'])
26
27
  end
27
28
 
metadata CHANGED
@@ -1,50 +1,59 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: holepicker
3
- version: !ruby/object:Gem::Version
4
- version: 0.2.0
3
+ version: !ruby/object:Gem::Version
4
+ prerelease: false
5
+ segments:
6
+ - 0
7
+ - 2
8
+ - 1
9
+ version: 0.2.1
5
10
  platform: ruby
6
- authors:
11
+ authors:
7
12
  - Jakub Suder
8
13
  autorequire:
9
14
  bindir: bin
10
15
  cert_chain: []
11
- date: 2013-03-07 00:00:00.000000000 Z
12
- dependencies:
13
- - !ruby/object:Gem::Dependency
16
+
17
+ date: 2013-03-21 00:00:00 +01:00
18
+ default_executable:
19
+ dependencies:
20
+ - !ruby/object:Gem::Dependency
14
21
  name: json
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - ! '>='
18
- - !ruby/object:Gem::Version
19
- version: 1.7.7
20
- type: :runtime
21
22
  prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - ! '>='
25
- - !ruby/object:Gem::Version
23
+ requirement: &id001 !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - ">="
26
+ - !ruby/object:Gem::Version
27
+ segments:
28
+ - 1
29
+ - 7
30
+ - 7
26
31
  version: 1.7.7
27
- - !ruby/object:Gem::Dependency
28
- name: rainbow
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - ! '>='
32
- - !ruby/object:Gem::Version
33
- version: 1.1.4
34
32
  type: :runtime
33
+ version_requirements: *id001
34
+ - !ruby/object:Gem::Dependency
35
+ name: rainbow
35
36
  prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - ! '>='
39
- - !ruby/object:Gem::Version
37
+ requirement: &id002 !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ">="
40
+ - !ruby/object:Gem::Version
41
+ segments:
42
+ - 1
43
+ - 1
44
+ - 4
40
45
  version: 1.1.4
46
+ type: :runtime
47
+ version_requirements: *id002
41
48
  description:
42
49
  email: jakub.suder@gmail.com
43
- executables:
50
+ executables:
44
51
  - holepicker
45
52
  extensions: []
53
+
46
54
  extra_rdoc_files: []
47
- files:
55
+
56
+ files:
48
57
  - MIT-LICENSE.txt
49
58
  - README.markdown
50
59
  - Changelog.markdown
@@ -65,28 +74,35 @@ files:
65
74
  - lib/holepicker/version.rb
66
75
  - lib/holepicker/vulnerability.rb
67
76
  - lib/holepicker.rb
68
- - bin/holepicker
77
+ has_rdoc: true
69
78
  homepage: http://github.com/jsuder/holepicker
70
79
  licenses: []
71
- metadata: {}
80
+
72
81
  post_install_message:
73
82
  rdoc_options: []
74
- require_paths:
83
+
84
+ require_paths:
75
85
  - lib
76
- required_ruby_version: !ruby/object:Gem::Requirement
77
- requirements:
78
- - - ! '>='
79
- - !ruby/object:Gem::Version
80
- version: '0'
81
- required_rubygems_version: !ruby/object:Gem::Requirement
82
- requirements:
83
- - - ! '>='
84
- - !ruby/object:Gem::Version
85
- version: '0'
86
+ required_ruby_version: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - ">="
89
+ - !ruby/object:Gem::Version
90
+ segments:
91
+ - 0
92
+ version: "0"
93
+ required_rubygems_version: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - ">="
96
+ - !ruby/object:Gem::Version
97
+ segments:
98
+ - 0
99
+ version: "0"
86
100
  requirements: []
101
+
87
102
  rubyforge_project:
88
- rubygems_version: 2.0.0
103
+ rubygems_version: 1.3.6
89
104
  signing_key:
90
- specification_version: 4
105
+ specification_version: 3
91
106
  summary: A tool for checking gem versions in Gemfile.lock files for known vulnerabilities
92
107
  test_files: []
108
+
checksums.yaml DELETED
@@ -1,15 +0,0 @@
1
- ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- OTdjY2M3YzA1YTE1MTc4MmZiYzE5YzNkNGVlMWIwYmNlYjE0YmZmMQ==
5
- data.tar.gz: !binary |-
6
- NmNhZTIyZTQ5YzNjNDBjOWMzMGM2OGU0ZTZjMWFlNjhkOGYxODBjNA==
7
- !binary "U0hBNTEy":
8
- metadata.gz: !binary |-
9
- NjNhMzhiNGM1YmFhNTYzNzc3YzgzMjRkNWQ4N2I3OWU2ZDFiMmNhNTc1YTEw
10
- MzJmZDI4NWQ5MWE0OGUyODkzYWVmMTVlOTI0ZGQ5NTFhOWZkMTljYTMzOGVh
11
- Yjg3MzRhMGE5YWY2MWUyMzQ2ZTJmZGQxMGMwMzg3N2NiMjI5YWE=
12
- data.tar.gz: !binary |-
13
- NzQzMmNiOTJiZTdiZTYyODA1N2U3MzgyNjViNGRiY2RhYWMxMWE5NmI2OGNk
14
- MmZkYWU2Y2MyM2ZlMjMyNzZhNTY2YjgzOTNkZTVmNDE1YTk3ODc3NDU4MDVl
15
- MzIyNzBmNmQ1ODEzOTI0ZmNhNWFhNDExNzQwMzhiYTMzZDhmZWI=