injection_vulnerability_library 0.0.3 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b17830e0f0cf440ed188575b511dd025cb343b61
-  data.tar.gz: 9f0993cb334b34e72a596e24843887f8d7935cb1
+SHA256:
+  metadata.gz: 0017d98b59ef913219197168b7cbdecaf1fc1ce410141c604e8a58c4657f8c73
+  data.tar.gz: 2022024797e720ea71c77c197a581ababfad92d675c13a2cb174e9137af4b5d2
 SHA512:
-  metadata.gz: 42e2ac7849714e68d60da1ab385e16553db8cccf1baafb9a74d0fa88988220e4ffed7a32be2985626c6e03134510cba71118e32f019d2e2999d9edfa9b14da65
-  data.tar.gz: b0e1506ad1dd9b4ea4b99f3a51cafbae5070abe9d9fb6c989a3860b54efec84a7ef77acdf5338cb6ba84e8e42d608f1a849c107a9206f29b3a20ad2c4ead9fa9
+  metadata.gz: 2a8de47ba8946464173c7119eb9c47d9a56c231ad64e75471de4ad48e54b0262759af726546ae6a590dc67e045e0f8b6d6e4831918c07c0cc6a23fbaad7aecf3
+  data.tar.gz: 760b69c786576a03642202076af3a5c185cbdf745b902611b4c4c526f908f3ce9ace5fcf1a5e55dde96c7c1201f3e55f59b7b396c0b5574e15fde770d916dbda

data/.github/dependabot.yml

@@ -0,0 +1,15 @@
+# Set update schedule for GitHub Actions
+
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every weekday
+      interval: "daily"
+
+  - package-ecosystem: "bundler"
+    directory: '/'
+    schedule:
+      interval: 'daily'

data/.github/workflows/gem-push.yml

@@ -0,0 +1,39 @@
+name: Ruby Gem
+
+on:
+  workflow_dispatch
+
+jobs:
+  build:
+    name: Build + Publish
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.6
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.6.x
+
+    - name: Publish to RubyGems
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:rubygems: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push --KEY rubygems --host https://rubygems.org *.gem
+      env:
+        GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"
+
+    - name: Publish to GPR
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
+      env:
+        GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
+        OWNER: ${{ github.repository_owner }}

data/.github/workflows/test.yml

@@ -0,0 +1,31 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Test
+
+on: [push, pull_request]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@a195098f6b1e9074390215a49c1c14e82151a289
+      with:
+        ruby-version: 2.6
+    - name: Install dependencies
+      run: bundle install
+    - name: Rubocop
+      run: bundle exec rake rubocop
+    - name: Run tests
+      run: bundle exec rake spec

data/.rubocop.yml

@@ -0,0 +1,9 @@
+AllCops:
+  Exclude:
+    - 'injection_vulnerability_library.gemspec'
+    - 'bin/console'
+    - 'Gemfile'
+    - 'Rakefile'
+
+Style/FrozenStringLiteralComment:
+  Enabled: false

data/README.md

@@ -1,6 +1,6 @@
 # Injection::Vulnerability::Library
 [![Gem Version](https://badge.fury.io/rb/injection_vulnerability_library.svg)](https://badge.fury.io/rb/injection_vulnerability_library)
-[![Build Status](https://travis-ci.org/araneforseti/injection_vulnerability_library.svg?branch=master)](https://travis-ci.org/araneforseti/injection_vulnerability_library)
+[![Build Status](https://github.com/araneforseti/injection_vulnerability_library/workflows/Test/badge.svg)](https://github.com/araneforseti/injection_vulnerability_library/actions?query=workflow%3ATest+branch%3Amaster)
 
 Gem for integrating with automated tests to check for potential injection problems within codebases
 

data/Rakefile

@@ -1,6 +1,11 @@
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new(:rubocop) do |t|
+  t.options = ['--display-cop-names']
+end
 
 RSpec::Core::RakeTask.new(:spec)
 
-task :default => :spec
+task :default => [:rubocop, :spec]

data/injection_vulnerability_library.gemspec

@@ -14,23 +14,15 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://github.com/araneforseti/injection_vulnerability_library"
   spec.license       = "MIT"
 
-  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
-  # to allow pushing to a single host or delete this section to allow pushing to any host.
-  if spec.respond_to?(:metadata)
-    spec.metadata['allowed_push_host'] = 'https://rubygems.org/'
-  else
-    raise "RubyGems 2.0 or newer is required to protect against " \
-      "public gem pushes."
-  end
-
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
-  spec.bindir        = "exe"
+  spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency 'bundler', '~> 2.1.4'
+  spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rubocop', '~> 0.93.0'
 end

data/lib/injection_vulnerability_library.rb

@@ -1,6 +1,7 @@
-require "injection_vulnerability_library/version"
-require "injection_vulnerability_library/sql/sql"
+require 'injection_vulnerability_library/version'
+require 'injection_vulnerability_library/sql/sql'
 
+# Vulnerability library providing basic list for use with tests and other things
 module InjectionVulnerabilityLibrary
   def self.sql_vulnerabilities
     InjectionVulnerabilityLibrary::Sql.vulnerabilities

data/lib/injection_vulnerability_library/sql/sql.rb

@@ -1,6 +1,7 @@
 module InjectionVulnerabilityLibrary
+  # Module for the SQL vulnerabilities
   module Sql
-    SQL_PATH = File.expand_path('../potential_vulnerabilities.txt', __FILE__)
+    SQL_PATH = File.expand_path('potential_vulnerabilities.txt', __dir__)
 
     def self.vulnerabilities
       File.readlines(SQL_PATH).map(&:chomp)

data/lib/injection_vulnerability_library/version.rb

@@ -1,3 +1,3 @@
 module InjectionVulnerabilityLibrary
-  VERSION = "0.0.3"
+  VERSION = '0.1.2'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: injection_vulnerability_library
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.1.2
 platform: ruby
 authors:
 - arane
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-05-25 00:00:00.000000000 Z
+date: 2020-10-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.1.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.1.4
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.93.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.93.0
 description: Library for generating injection inputs for various databases and languages
 email:
 - arane9@gmail.com
@@ -59,8 +73,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/dependabot.yml"
+- ".github/workflows/gem-push.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
-- ".travis.yml"
+- ".rubocop.yml"
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE
@@ -78,8 +95,7 @@ files:
 homepage: https://github.com/araneforseti/injection_vulnerability_library
 licenses:
 - MIT
-metadata:
-  allowed_push_host: https://rubygems.org/
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -95,8 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.12
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Library for generating injection inputs

data/.travis.yml

@@ -1,6 +0,0 @@
-language: ruby
-
-rvm:
-  - 2.2.1
-
-before_install: gem install bundler -v 1.13.6