hrw 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/Gemfile.lock +65 -0
- data/exe/hrw +11 -17
- data/hrw.gemspec +0 -1
- data/lib/hrw/detector.rb +2 -1
- data/lib/hrw/formatter.rb +2 -1
- data/lib/hrw/scanner/pipfile.rb +37 -0
- data/lib/hrw/scanner.rb +1 -0
- data/lib/hrw/version.rb +1 -1
- metadata +4 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8fe6651b90c24ea35a9d817ec3b8d7ec647a948b152ce4680bdc05ae5c064278
|
4
|
+
data.tar.gz: 73c5dee0d9cb315cb836047b11d6ea08071c26201589bd308e8eada78f6bf68a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1e216592af1cd152ecca7f5c4a69c8d23abb7bf29be8f599f01068583e8c18664885fe15df21a9024a0e80b8a7458a94aedab98eb6afa6d921b0c0c5e78e8b88
|
7
|
+
data.tar.gz: 14406bff727ff378ef77d2f231bd4f11165be7266e3c526cc46e42498d91aff82e9a174e790ee783bdb9e290721142086ad56d9b668e9b57ce74705b4b0b3ef7
|
data/.gitignore
CHANGED
data/Gemfile.lock
ADDED
@@ -0,0 +1,65 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
hrw (0.1.0)
|
5
|
+
http (~> 4.1, >= 4.1.1)
|
6
|
+
pry-byebug (~> 3.7)
|
7
|
+
rainbow (~> 3.0)
|
8
|
+
|
9
|
+
GEM
|
10
|
+
remote: https://rubygems.org/
|
11
|
+
specs:
|
12
|
+
addressable (2.6.0)
|
13
|
+
public_suffix (>= 2.0.2, < 4.0)
|
14
|
+
byebug (11.0.1)
|
15
|
+
coderay (1.1.2)
|
16
|
+
diff-lcs (1.3)
|
17
|
+
domain_name (0.5.20180417)
|
18
|
+
unf (>= 0.0.5, < 1.0.0)
|
19
|
+
http (4.1.1)
|
20
|
+
addressable (~> 2.3)
|
21
|
+
http-cookie (~> 1.0)
|
22
|
+
http-form_data (~> 2.0)
|
23
|
+
http_parser.rb (~> 0.6.0)
|
24
|
+
http-cookie (1.0.3)
|
25
|
+
domain_name (~> 0.5)
|
26
|
+
http-form_data (2.1.1)
|
27
|
+
http_parser.rb (0.6.0)
|
28
|
+
method_source (0.9.2)
|
29
|
+
pry (0.12.2)
|
30
|
+
coderay (~> 1.1.0)
|
31
|
+
method_source (~> 0.9.0)
|
32
|
+
pry-byebug (3.7.0)
|
33
|
+
byebug (~> 11.0)
|
34
|
+
pry (~> 0.10)
|
35
|
+
public_suffix (3.0.3)
|
36
|
+
rainbow (3.0.0)
|
37
|
+
rake (10.5.0)
|
38
|
+
rspec (3.8.0)
|
39
|
+
rspec-core (~> 3.8.0)
|
40
|
+
rspec-expectations (~> 3.8.0)
|
41
|
+
rspec-mocks (~> 3.8.0)
|
42
|
+
rspec-core (3.8.0)
|
43
|
+
rspec-support (~> 3.8.0)
|
44
|
+
rspec-expectations (3.8.2)
|
45
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
46
|
+
rspec-support (~> 3.8.0)
|
47
|
+
rspec-mocks (3.8.0)
|
48
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
49
|
+
rspec-support (~> 3.8.0)
|
50
|
+
rspec-support (3.8.0)
|
51
|
+
unf (0.1.4)
|
52
|
+
unf_ext
|
53
|
+
unf_ext (0.0.7.5)
|
54
|
+
|
55
|
+
PLATFORMS
|
56
|
+
ruby
|
57
|
+
|
58
|
+
DEPENDENCIES
|
59
|
+
bundler (~> 2.0)
|
60
|
+
hrw!
|
61
|
+
rake (~> 10.0)
|
62
|
+
rspec (~> 3.0)
|
63
|
+
|
64
|
+
BUNDLED WITH
|
65
|
+
2.0.1
|
data/exe/hrw
CHANGED
@@ -23,23 +23,17 @@ if options.url.nil?
|
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
|
-
|
27
|
-
|
28
|
-
specs = scanner.scan
|
26
|
+
scanner = Hrw::Detector.detect
|
27
|
+
specs = scanner.scan
|
29
28
|
|
30
|
-
|
31
|
-
|
32
|
-
|
29
|
+
api = Hrw::API.new(options.url)
|
30
|
+
hash = api.submit(specs)
|
31
|
+
result = api.retrieve(hash)
|
33
32
|
|
34
|
-
|
35
|
-
|
33
|
+
formatter = Hrw::Formatter.new
|
34
|
+
vulnerable_deps = formatter.format(result)
|
36
35
|
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
rescue StandardError => ex
|
42
|
-
require 'pry-byebug'
|
43
|
-
binding.pry
|
44
|
-
puts ex.message
|
45
|
-
end
|
36
|
+
unless vulnerable_deps.empty?
|
37
|
+
formatter.print_vulnerable_deps(vulnerable_deps)
|
38
|
+
exit(1)
|
39
|
+
end
|
data/hrw.gemspec
CHANGED
data/lib/hrw/detector.rb
CHANGED
data/lib/hrw/formatter.rb
CHANGED
@@ -7,6 +7,7 @@ require 'json'
|
|
7
7
|
# Third-party libraries
|
8
8
|
#
|
9
9
|
require 'rainbow'
|
10
|
+
require 'rainbow/ext/string'
|
10
11
|
|
11
12
|
module Hrw
|
12
13
|
#
|
@@ -41,7 +42,7 @@ module Hrw
|
|
41
42
|
puts "Advisory: #{vuln['name']}"
|
42
43
|
puts "Severity: #{vuln['severity']}"
|
43
44
|
puts "Link: #{vuln['link']}"
|
44
|
-
puts "Patched
|
45
|
+
puts "Patched: #{patched_version['spec'].join(', ')}"
|
45
46
|
puts
|
46
47
|
end
|
47
48
|
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'json'
|
2
|
+
|
3
|
+
module Hrw
|
4
|
+
module Scanner
|
5
|
+
#
|
6
|
+
# Used to scan gem lock file
|
7
|
+
#
|
8
|
+
class Pipfile
|
9
|
+
# Class constructor
|
10
|
+
#
|
11
|
+
# @param [String] root The path to the project root
|
12
|
+
# @param [String] lockfile
|
13
|
+
# The name for the lock file, default is `Pipfile.lock`
|
14
|
+
def initialize(root = Dir.pwd, lockfile = 'Pipfile.lock')
|
15
|
+
@root = root
|
16
|
+
@lockfile = lockfile
|
17
|
+
end
|
18
|
+
|
19
|
+
# Scan the lock file
|
20
|
+
# @return [Hash] Dependencies
|
21
|
+
def scan
|
22
|
+
deps = []
|
23
|
+
|
24
|
+
lock = JSON.parse(File.read(File.join(@root, @lockfile)))
|
25
|
+
lock['default'].each_pair do |name, info|
|
26
|
+
deps << {
|
27
|
+
name: name,
|
28
|
+
version: info['version']
|
29
|
+
}
|
30
|
+
end
|
31
|
+
|
32
|
+
deps
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
data/lib/hrw/scanner.rb
CHANGED
data/lib/hrw/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hrw
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- hi_ztz
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-04-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -86,20 +86,6 @@ dependencies:
|
|
86
86
|
- - "~>"
|
87
87
|
- !ruby/object:Gem::Version
|
88
88
|
version: '3.0'
|
89
|
-
- !ruby/object:Gem::Dependency
|
90
|
-
name: pry-byebug
|
91
|
-
requirement: !ruby/object:Gem::Requirement
|
92
|
-
requirements:
|
93
|
-
- - "~>"
|
94
|
-
- !ruby/object:Gem::Version
|
95
|
-
version: '3.7'
|
96
|
-
type: :runtime
|
97
|
-
prerelease: false
|
98
|
-
version_requirements: !ruby/object:Gem::Requirement
|
99
|
-
requirements:
|
100
|
-
- - "~>"
|
101
|
-
- !ruby/object:Gem::Version
|
102
|
-
version: '3.7'
|
103
89
|
description: Hrw helps you to secure your ruby apps.
|
104
90
|
email:
|
105
91
|
- hi_ztz@protonmail.com
|
@@ -112,6 +98,7 @@ files:
|
|
112
98
|
- ".rspec"
|
113
99
|
- ".travis.yml"
|
114
100
|
- Gemfile
|
101
|
+
- Gemfile.lock
|
115
102
|
- LICENSE.txt
|
116
103
|
- README.md
|
117
104
|
- Rakefile
|
@@ -125,6 +112,7 @@ files:
|
|
125
112
|
- lib/hrw/formatter.rb
|
126
113
|
- lib/hrw/scanner.rb
|
127
114
|
- lib/hrw/scanner/gemfile.rb
|
115
|
+
- lib/hrw/scanner/pipfile.rb
|
128
116
|
- lib/hrw/version.rb
|
129
117
|
homepage: https://github.com/zt2/hrw
|
130
118
|
licenses:
|