internet_security_event 1.1.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2d93be47b6e84cb8d7e40c2f604732ee48ba6582235253710dd473e0634099c1
-  data.tar.gz: b58978d3f62628a1239a03e60438ca5f516f19ac59ff6946987c4541080b90ca
+  metadata.gz: 96f9a7ff480196b6577e3d641424234b389a047b9c96c4f3984d8eabc1def59b
+  data.tar.gz: 194a8f754e108ac4abc3caec23711da90744aedc9afd0709e138f513ae07d840
 SHA512:
-  metadata.gz: c936050537ef4665d970fea58906b3c1de303a80abe73a082a09040801ebfda12c0826d055c89345591c7844472c82bfb8ccce01bed48dd79618f3a89b78f2e5
-  data.tar.gz: e03ee5ccf138e9d4a9bc6534dcfa3987f631fca669ed1cf0f450d159536c88a43405de338abb71508abb8297f05689818b7ace1abcab97238f6122ecf2519c86
+  metadata.gz: 225eb6c94b4d3888546451f3676dd243e52b5587cce800fa1da10638f0b0c202bd2365bc6091419c63e5a6e406f55ba34d1b94e103911ce071e1bf7f301627e8
+  data.tar.gz: 669d9be990c119395fb67b76db876f94319693a3379d9e9a28442f5cb30498a93510f5b1142f83d47fca0bc7e3ae34d6df7c8a52b81394d37ac957afd315045d

data/.github/workflows/ci.yml

@@ -0,0 +1,52 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: "0 17 * * *"
+
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0
+          bundler-cache: true
+      - name: Run static code analysis
+        run: bundle exec rubocop
+  unit:
+    runs-on: ubuntu-latest
+    needs: rubocop
+    strategy:
+      matrix:
+        ruby:
+          - "2.6"
+          - "2.7"
+          - "3.0"
+          - "3.1"
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Run tests without uploading code coverage
+        if: ${{ matrix.ruby != '3.0' }}
+        run: bundle exec rake
+      - name: Run tests and upload coverage to Code Climate
+        if: ${{ matrix.ruby == '3.0' }}
+        uses: paambaati/codeclimate-action@v3.0.0
+        env:
+          CC_TEST_REPORTER_ID: ${{ secrets.CODECLIMATE_TOKEN }}
+        with:
+          coverageCommand: bundle exec rake

data/.rubocop.yml

@@ -0,0 +1,25 @@
+AllCops:
+  AllowSymlinksInCacheRootDirectory: true
+
+require:
+  - rubocop-rake
+  - rubocop-rspec
+
+Layout/HashAlignment:
+  EnforcedColonStyle: table
+  EnforcedHashRocketStyle: table
+
+Metrics/LineLength:
+  Max: 160
+
+Style/Documentation:
+  Enabled: false
+
+Style/TrailingCommaInArrayLiteral:
+  EnforcedStyleForMultiline: comma
+
+Style/TrailingCommaInHashLiteral:
+  EnforcedStyleForMultiline: comma
+
+Style/TrailingCommaInArguments:
+  EnforcedStyleForMultiline: comma

data/CHANGELOG.md

@@ -1,24 +1,48 @@
 # Changelog
-All notable changes to this project will be documented in this file.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [v2.0.0](https://github.com/smortex/internet_security_event/tree/v2.0.0) (2022-07-16)
+
+[Full Changelog](https://github.com/smortex/internet_security_event/compare/v1.2.1...v2.0.0)
+
+**Breaking changes:**
+
+- Bump activesupport to 6.x [\#2](https://github.com/smortex/internet_security_event/pull/2) ([smortex](https://github.com/smortex))
+
+**Merged pull requests:**
+
+- Integrate github\_changelog\_generator [\#1](https://github.com/smortex/internet_security_event/pull/1) ([smortex](https://github.com/smortex))
+
+## [v1.2.1] - 2022-07-15
+
+### Changed
+- Emit a `warning` state instead of a `warn` state to match Riemann wording.
+
+## [v1.2.0] - 2019-02-28
+
+### Changed
+- Rely on `OpenSSL::SSL.verify_certificate_identity` to check that a certificate
+  is valid for the provided hostname.
+
+## [v1.1.0] - 2019-02-21
 
-## [1.1.0] - 2019-02-21
 ### Added
 - Add basic suport for TLSA events.
 
-## [1.0.2] - 2019-02-21
+## [v1.0.2] - 2019-02-21
 
 ### Changed
 - Fix checking of TLS hostnames with wildcard certificates.
 
-## [1.0.1] - 2019-02-18
+## [v1.0.1] - 2019-02-18
 
 ### Changed
 - Improve the way TLS certificates state is computed.
 
-[Unreleased]: https://github.com/smortex/internet_security_event/compare/v1.1.0...HEAD
-[1.1.0]: https://github.com/smortex/internet_security_event/compare/v1.0.2...v1.1.0
-[1.0.2]: https://github.com/smortex/internet_security_event/compare/v1.0.1...v1.0.2
-[1.0.1]: https://github.com/smortex/internet_security_event/compare/v1.0.0...v1.0.1
+[v1.2.1]: https://github.com/smortex/internet_security_event/compare/v1.2.0...v1.2.1
+[v1.2.0]: https://github.com/smortex/internet_security_event/compare/v1.1.0...v1.2.0
+[v1.1.0]: https://github.com/smortex/internet_security_event/compare/v1.0.2...v1.1.0
+[v1.0.2]: https://github.com/smortex/internet_security_event/compare/v1.0.1...v1.0.2
+[v1.0.1]: https://github.com/smortex/internet_security_event/compare/v1.0.0...v1.0.1
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

data/HISTORY.md

@@ -0,0 +1,31 @@
+## [v1.2.1] - 2022-07-15
+
+### Changed
+- Emit a `warning` state instead of a `warn` state to match Riemann wording.
+
+## [v1.2.0] - 2019-02-28
+
+### Changed
+- Rely on `OpenSSL::SSL.verify_certificate_identity` to check that a certificate
+  is valid for the provided hostname.
+
+## [v1.1.0] - 2019-02-21
+
+### Added
+- Add basic suport for TLSA events.
+
+## [v1.0.2] - 2019-02-21
+
+### Changed
+- Fix checking of TLS hostnames with wildcard certificates.
+
+## [v1.0.1] - 2019-02-18
+
+### Changed
+- Improve the way TLS certificates state is computed.
+
+[v1.2.1]: https://github.com/smortex/internet_security_event/compare/v1.2.0...v1.2.1
+[v1.2.0]: https://github.com/smortex/internet_security_event/compare/v1.1.0...v1.2.0
+[v1.1.0]: https://github.com/smortex/internet_security_event/compare/v1.0.2...v1.1.0
+[v1.0.2]: https://github.com/smortex/internet_security_event/compare/v1.0.1...v1.0.2
+[v1.0.1]: https://github.com/smortex/internet_security_event/compare/v1.0.0...v1.0.1

data/README.md

@@ -1,6 +1,6 @@
 # InternetSecurityEvent
 
-[![Build Status](https://travis-ci.com/smortex/internet_security_event.svg?branch=master)](https://travis-ci.com/smortex/internet_security_event)
+[![Build Status](https://github.com/smortex/internet_security_event/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/smortex/internet_security_event/actions/workflows/ci.yml)
 [![Maintainability](https://api.codeclimate.com/v1/badges/bc64fb4f1c1088c15b8c/maintainability)](https://codeclimate.com/github/smortex/internet_security_event/maintainability)
 [![Test Coverage](https://api.codeclimate.com/v1/badges/bc64fb4f1c1088c15b8c/test_coverage)](https://codeclimate.com/github/smortex/internet_security_event/test_coverage)
 
@@ -38,7 +38,7 @@ certificate = OpenSSL::X509::Certificate.new(...)
 
 event = InternetSecurityEvent::X509Status.build(certificate)
 
-event[:state]       #=> 'ok', 'warn', 'critical'
+event[:state]       #=> 'ok', 'warning', 'critical'
 event[:description] #=> Human readable state
 event[:metric]      #=> an optional Float
 ```
@@ -81,4 +81,4 @@ License](https://opensource.org/licenses/MIT).
 
 Everyone interacting in the InternetSecurityEvent project’s codebases, issue
 trackers, chat rooms and mailing lists is expected to follow the [code of
-conduct](https://github.com/smortex/internet_security_event/blob/master/CODE_OF_CONDUCT.md).
+conduct](https://github.com/smortex/internet_security_event/blob/main/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -1,8 +1,17 @@
 # frozen_string_literal: true
 
 require 'bundler/gem_tasks'
+require 'github_changelog_generator/task'
 require 'rspec/core/rake_task'
 
 RSpec::Core::RakeTask.new(:spec)
 
+GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+  config.user = 'smortex'
+  config.project = 'internet_security_event'
+  config.since_tag = 'v1.2.1'
+  require 'internet_security_event/version'
+  config.future_release = "v#{InternetSecurityEvent::VERSION}"
+end
+
 task default: :spec

data/internet_security_event.gemspec

@@ -13,6 +13,7 @@ Gem::Specification.new do |spec|
   spec.summary       = 'Build events describing the status of various internet services'
   spec.homepage      = 'https://github.com/smortex/internet_security_event'
   spec.license       = 'MIT'
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.6.0')
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -23,11 +24,14 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'actionview', '~> 5.2'
-  spec.add_dependency 'activesupport', '~> 5.2'
+  spec.add_dependency 'activesupport', '~> 6.0'
 
   spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'github_changelog_generator'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'rubocop-rake'
+  spec.add_development_dependency 'rubocop-rspec'
   spec.add_development_dependency 'simplecov'
 end

data/lib/internet_security_event/tls_status.rb

@@ -33,36 +33,7 @@ module InternetSecurityEvent
     def hostname_is_valid_for_this_certificate?
       return true if hostname.nil?
 
-      hostname_match_subject? || hostname_match_subject_alternative_name?
-    end
-
-    def hostname_match_subject?
-      name_match_patern(hostname, common_name)
-    end
-
-    def hostname_match_subject_alternative_name?
-      return false unless certificate
-
-      san = certificate.extensions.select { |ext| ext.oid == 'subjectAltName' }.first
-
-      if san
-        alt_names = san.value.split(', ').map { |name| name.sub(/\ADNS:/, '') }
-        return true if alt_names.any? { |alt_name| name_match_patern(hostname, alt_name) }
-      end
-
-      false
-    end
-
-    def name_match_patern(hostname, pattern)
-      re = Regexp.new('\A' + pattern.split('*').map do |st|
-        Regexp.escape(st)
-      end.join('[^.]*') + '\z')
-
-      re.match(hostname)
-    end
-
-    def common_name
-      certificate.subject.to_a.select { |data| data[0] == 'CN' }.map { |data| data[1] }.first if certificate
+      OpenSSL::SSL.verify_certificate_identity(certificate, hostname)
     end
   end
 end

data/lib/internet_security_event/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module InternetSecurityEvent
-  VERSION = '1.1.0'
+  VERSION = '2.0.0'
 end

data/lib/internet_security_event/x509_status.rb

@@ -1,13 +1,9 @@
 # frozen_string_literal: true
 
-require 'action_view'
-require 'action_view/helpers'
 require 'active_support/core_ext/numeric/time'
 
 module InternetSecurityEvent
   class X509Status
-    include ActionView::Helpers::DateHelper
-
     attr_reader :certificate, :hostname
 
     def initialize(certificate)
@@ -19,7 +15,7 @@ module InternetSecurityEvent
       obj.to_e
     end
 
-    def to_e
+    def to_e # rubocop:disable Metrics/AbcSize
       {
         state:       state,
         description: description,
@@ -32,6 +28,10 @@ module InternetSecurityEvent
       }
     end
 
+    def renewal_duration
+      [validity_duration / 3, 90.days].min
+    end
+
     private
 
     def description
@@ -45,7 +45,7 @@ module InternetSecurityEvent
       if not_valid_yet? || expired_or_expire_soon?
         'critical'
       elsif expire_soonish?
-        'warn'
+        'warning'
       else
         'ok'
       end
@@ -71,10 +71,6 @@ module InternetSecurityEvent
       now + 2 * renewal_duration / 3 > certificate.not_after
     end
 
-    def renewal_duration
-      [validity_duration / 3, 90.days].min
-    end
-
     def validity_duration
       certificate.not_after - certificate.not_before
     end
@@ -82,5 +78,29 @@ module InternetSecurityEvent
     def now
       Now.instance.now
     end
+
+    # Stolen from ActionView, to avoid pulling a lot of dependencies
+    def distance_of_time_in_words_to_now(to_time) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+      distance_in_seconds = (to_time - now).round.abs
+      distance_in_minutes = distance_in_seconds / 60
+
+      case distance_in_minutes
+      when 0                then 'less than 1 minute'
+      when 1...45           then pluralize_string('%d minute', distance_in_minutes)
+      when 45...1440        then pluralize_string('about %d hour', (distance_in_minutes.to_f / 60.0).round)
+        # 24 hours up to 30 days
+      when 1440...43_200    then pluralize_string('%d day', (distance_in_minutes.to_f / 1440.0).round)
+        # 30 days up to 60 days
+      when 43_200...86_400  then pluralize_string('about %d month', (distance_in_minutes.to_f / 43_200.0).round)
+        # 60 days up to 365 days
+      when 86_400...525_600 then pluralize_string('%d month', (distance_in_minutes.to_f / 43_200.0).round)
+      else
+        pluralize_string('about %d year', (distance_in_minutes.to_f / 525_600.0).round)
+      end
+    end
+
+    def pluralize_string(string, number)
+      format(string, number) + (number == 1 ? '' : 's')
+    end
   end
 end

metadata

@@ -1,45 +1,45 @@
 --- !ruby/object:Gem::Specification
 name: internet_security_event
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Romain Tartière
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-02-22 00:00:00.000000000 Z
+date: 2022-07-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: actionview
+  name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.0'
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
-  type: :runtime
+        version: '0'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: github_changelog_generator
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -80,6 +80,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -94,19 +136,21 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email:
 - romain@blogreen.org
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
+- ".rubocop.yml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
+- HISTORY.md
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -124,7 +168,7 @@ homepage: https://github.com/smortex/internet_security_event
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -132,16 +176,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.8
-signing_key: 
+rubygems_version: 3.3.17
+signing_key:
 specification_version: 4
 summary: Build events describing the status of various internet services
 test_files: []

data/.travis.yml

@@ -1,12 +0,0 @@
----
-language: ruby
-rvm:
-  - 2.4
-  - 2.5
-  - 2.6
-before_script:
-  - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
-  - chmod +x ./cc-test-reporter
-  - ./cc-test-reporter before-build
-after_script:
-  - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT