RubyGems - hrw - Versions diffs - 0.1.0 → 0.2.0 - Mend

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 670978eb8167255d8fbe62416a0a4b2bc8915074b34e4c4cc75091d2cc6cd3d3
-  data.tar.gz: 26d18f588f3145076d70d7ba2bac78badcb35169a16e2c8af917ac8299bb0238
+  metadata.gz: 8fe6651b90c24ea35a9d817ec3b8d7ec647a948b152ce4680bdc05ae5c064278
+  data.tar.gz: 73c5dee0d9cb315cb836047b11d6ea08071c26201589bd308e8eada78f6bf68a
 SHA512:
-  metadata.gz: d0b77d983c3036917919aac670ed757c7660de56bd151f3141b83227a5afa5e391e765dbbef7676b5ddbe60602f78707db86e2ca6aed0f29e53c51478a311ddd
-  data.tar.gz: 28ad93ca22a29c4239f76b609a6a077878a563e93bf84a3b390a3178d2bbd045ab2659b1880794269435ef0999aba2c8037f8c13c36602b85319a190c26217e2
+  metadata.gz: 1e216592af1cd152ecca7f5c4a69c8d23abb7bf29be8f599f01068583e8c18664885fe15df21a9024a0e80b8a7458a94aedab98eb6afa6d921b0c0c5e78e8b88
+  data.tar.gz: 14406bff727ff378ef77d2f231bd4f11165be7266e3c526cc46e42498d91aff82e9a174e790ee783bdb9e290721142086ad56d9b668e9b57ce74705b4b0b3ef7

data/.gitignore CHANGED Viewed

@@ -11,3 +11,4 @@
 .rspec_status
 .idea
+*.gem

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,65 @@
+PATH
+  remote: .
+  specs:
+    hrw (0.1.0)
+      http (~> 4.1, >= 4.1.1)
+      pry-byebug (~> 3.7)
+      rainbow (~> 3.0)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.6.0)
+      public_suffix (>= 2.0.2, < 4.0)
+    byebug (11.0.1)
+    coderay (1.1.2)
+    diff-lcs (1.3)
+    domain_name (0.5.20180417)
+      unf (>= 0.0.5, < 1.0.0)
+    http (4.1.1)
+      addressable (~> 2.3)
+      http-cookie (~> 1.0)
+      http-form_data (~> 2.0)
+      http_parser.rb (~> 0.6.0)
+    http-cookie (1.0.3)
+      domain_name (~> 0.5)
+    http-form_data (2.1.1)
+    http_parser.rb (0.6.0)
+    method_source (0.9.2)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    pry-byebug (3.7.0)
+      byebug (~> 11.0)
+      pry (~> 0.10)
+    public_suffix (3.0.3)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.5)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (~> 2.0)
+  hrw!
+  rake (~> 10.0)
+  rspec (~> 3.0)
+BUNDLED WITH
+   2.0.1

data/exe/hrw CHANGED Viewed

@@ -23,23 +23,17 @@ if options.url.nil?
   end
 end
-begin
-  scanner = Hrw::Detector.detect
-  specs = scanner.scan
+scanner = Hrw::Detector.detect
+specs = scanner.scan
-  api = Hrw::API.new(options.url)
-  hash = api.submit(specs)
-  result = api.retrieve(hash)
+api = Hrw::API.new(options.url)
+hash = api.submit(specs)
+result = api.retrieve(hash)
-  formatter = Hrw::Formatter.new
-  vulnerable_deps = formatter.format(result)
+formatter = Hrw::Formatter.new
+vulnerable_deps = formatter.format(result)
-  unless vulnerable_deps.empty?
-    formatter.print_vulnerable_deps(vulnerable_deps)
-    exit(1)
-  end
-rescue StandardError => ex
-  require 'pry-byebug'
-  binding.pry
-  puts ex.message
-end
+unless vulnerable_deps.empty?
+  formatter.print_vulnerable_deps(vulnerable_deps)
+  exit(1)
+ end

data/hrw.gemspec CHANGED Viewed

@@ -29,5 +29,4 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'http', '~> 4.1', '>= 4.1.1'
   spec.add_runtime_dependency 'rainbow', '~> 3.0'
-  spec.add_runtime_dependency 'pry-byebug', '~> 3.7'
 end

data/lib/hrw/detector.rb CHANGED Viewed

@@ -14,7 +14,8 @@ module Hrw
     # Constants
     #
     DETECTABLE_FILES = {
-      'Gemfile.lock': Scanner::Gemfile
+      'Gemfile.lock': Scanner::Gemfile,
+      'Pipfile.lock': Scanner::Pipfile
     }.freeze
     # Detect package manager in root dir

data/lib/hrw/formatter.rb CHANGED Viewed

@@ -7,6 +7,7 @@ require 'json'
 # Third-party libraries
 #
 require 'rainbow'
+require 'rainbow/ext/string'
 module Hrw
   #
@@ -41,7 +42,7 @@ module Hrw
           puts "Advisory: #{vuln['name']}"
           puts "Severity: #{vuln['severity']}"
           puts "Link: #{vuln['link']}"
-          puts "Patched version: #{patched_version['spec'].join(', ')}"
+          puts "Patched: #{patched_version['spec'].join(', ')}"
           puts
         end
       end

data/lib/hrw/scanner/pipfile.rb ADDED Viewed

@@ -0,0 +1,37 @@
+require 'json'
+module Hrw
+  module Scanner
+    #
+    # Used to scan gem lock file
+    #
+    class Pipfile
+      # Class constructor
+      #
+      # @param [String] root The path to the project root
+      # @param [String] lockfile
+      #   The name for the lock file, default is `Pipfile.lock`
+      def initialize(root = Dir.pwd, lockfile = 'Pipfile.lock')
+        @root = root
+        @lockfile = lockfile
+      end
+      # Scan the lock file
+      # @return [Hash] Dependencies
+      def scan
+        deps = []
+        lock = JSON.parse(File.read(File.join(@root, @lockfile)))
+        lock['default'].each_pair do |name, info|
+          deps << {
+            name: name,
+            version: info['version']
+          }
+        end
+        deps
+      end
+    end
+  end
+end

data/lib/hrw/scanner.rb CHANGED Viewed

@@ -4,5 +4,6 @@ module Hrw
   #
   module Scanner
     require 'hrw/scanner/gemfile'
+    require 'hrw/scanner/pipfile'
   end
 end

data/lib/hrw/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Hrw
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hrw
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - hi_ztz
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-03-28 00:00:00.000000000 Z
+date: 2019-04-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -86,20 +86,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: pry-byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.7'
 description: Hrw helps you to secure your ruby apps.
 email:
 - hi_ztz@protonmail.com
@@ -112,6 +98,7 @@ files:
 - ".rspec"
 - ".travis.yml"
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -125,6 +112,7 @@ files:
 - lib/hrw/formatter.rb
 - lib/hrw/scanner.rb
 - lib/hrw/scanner/gemfile.rb
+- lib/hrw/scanner/pipfile.rb
 - lib/hrw/version.rb
 homepage: https://github.com/zt2/hrw
 licenses:

hrw 0.1.0 → 0.2.0