RubyGems - iron_dome - Versions diffs - 0.1.2 → 0.1.4 - Mend

iron_dome 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 553265fff91bc6fb67adeb16e89182b2895f7692934bb0416e57a3ad2c32b138
-  data.tar.gz: e89d7904609d52a8e51d45c053f67fa1a99c1adb1c9724068a5ebc825c082566
+  metadata.gz: 5a78ecb0117de214b26c07cfcbe0bb9656f1c5cd1c42aa9db5ca40709959f854
+  data.tar.gz: 253148e1c1be2caeddc6cfb71083bb1038859d648d25fde208933f9b1f0be0f5
 SHA512:
-  metadata.gz: d7d5067dc1b8323a6564f8b1aae41f16c35f9ea2a3afb4fd0d679a973f36dabd0013c9e98a860f15fce66041cc0e58fc188815a8c3046a2c8aa06eb374018366
-  data.tar.gz: 1363e9613e691ea42c028222f9878d0072c528c9777794cb8a19c9bd841c046266016ba207a05b1bd5620a36bd57c194218873cf81733a05ee9c42c0a5807e54
+  metadata.gz: ee17272c99ec3f66ce139214653c6685e208cb6b45a915be8577d4d7a858c0c8c505eb00fbe776118a26a7c96d5958b44807cbcc6f127d26cb644c4ee230a079
+  data.tar.gz: cfaa3937060d92c5ec20898c1d2d09334f2f67e8ab79a8fe1e22b2873a85b738a92afee2750cad8b55a7c4648e0b0b7c6cc5bc5e4dd97f8d1609070db7985b1b

data/.rubocop.yml CHANGED Viewed

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.6
+  TargetRubyVersion: 3.0
 Style/StringLiterals:
   Enabled: true

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,21 @@
-## [Unreleased]
+## [released]
 ## [0.1.0] - 2024-01-20
 - Initial release
+## [released]
+## [0.1.2] - 2024-02-20
+- Support sarif output
+- Suport output on terminal
+- General improvements
+## [released]
+## [0.1.3] - 2024-03-02
+- Improvement in code architecture
+- Improvement in specs
+- When -o or --output is given as a param, theres no output on terminal only on a sarif file

data/README.md CHANGED Viewed

@@ -14,10 +14,27 @@ this directory must have the Gemfile.lock, you can also run on a ci/cd pipeline.
     $ iron_dome
+### Theres some optional params you can use, like, -o or --output and -d or --detail
+This will generate a sarif file format.
+    $ iron_dome -o
+    $ iron_dome --output
+This will show details on the current shell session like the output example below.
+    $ iron_dome -d
+    $ iron_dome --detail
 ## Output Example
 ![alt text](image.png)
+## Supported language and lockfile format
+| Ruby      | Gemfile.lock    |
+|-----------|-----------------|
 ## Development
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/iron_dome.gemspec ADDED Viewed

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+require_relative "lib/iron_dome/version"
+Gem::Specification.new do |spec|
+  spec.name = "iron_dome"
+  spec.version = IronDome::VERSION
+  spec.authors = ["Jose Augusto"]
+  spec.email = ["joseaugusto.881@outlook.com"]
+  spec.summary = "A vulnerability scanner for ruby projects dependencies"
+  spec.homepage = "https://github.com/JAugusto42/iron_dome"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.0.0"
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/JAugusto42/iron_dome"
+  spec.metadata["changelog_uri"] = "https://github.com/JAugusto42/iron_dome/CHANGELOG.md"
+  spec.executables << "iron_dome"
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?(*%w[bin/ test/ spec/ features/ .git appveyor Gemfile])
+    end
+  end
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_dependency "colorize", "~> 1.1"
+  spec.add_dependency "concurrent-ruby", "~> 1.2"
+  spec.add_dependency "faraday", "~> 2.9"
+  spec.add_dependency "rake", "~> 13.0"
+end

data/lib/iron_dome/reader.rb CHANGED Viewed

@@ -10,15 +10,19 @@ module IronDome
     end
     def call
-      read_file
+      read_lock_file
     end
     private
-    def read_file
-      # read the lockfile, Gemfile.lock for now
-      lock_files = Dir.glob("Gemfile.lock")
-      lock_files.map { |file| process_lock_file(file) }
+    def read_lock_file
+      lock_file = Dir.glob("Gemfile.lock")
+      if lock_file.empty?
+        puts "Not able to find Gemfile.lock ..."
+        return
+      end
+      lock_file.map { |file| process_lock_file(file) }
     end
     def process_lock_file(file)
@@ -27,7 +31,7 @@ module IronDome
       puts "Verifying vulnerabilities on osv database ..."
       results = Requester.osv_request(packages_and_versions)
       results.compact!
-      system_output(results)
+      system_output(results) unless options[:sarif_output] == true
       output_sarif_file_format(results) if options[:sarif_output] == true
     end
@@ -35,7 +39,7 @@ module IronDome
       # method to call the module to generate the sarif report
       puts "Generating the sarif output ..."
       IronDome::Sarif::Output.new.output_report(results)
-      puts "Sarif file outputed"
+      puts "Sarif file outputted"
     end
     def system_output(results)
@@ -50,35 +54,35 @@ module IronDome
     def build_output(results)
       # Build the terminal output but maybe we will need to improve this methods.
-      total_vulns = 0
+      total_vulnerabilities = 0
-      puts ":: Vulnerabilities found:"
+      puts ":: Vulnerabilities found:".colorize(:red)
       results.each do |result|
-        result["vulns"].each do |vuln|
-          print_vulnerability_info(vuln)
-          total_vulns += 1
+        result["vulns"].each do |vulnerability|
+          print_vulnerability_info(vulnerability)
+          total_vulnerabilities += 1
         end
       end
-      puts "#{total_vulns} vulnerabilities founded.".colorize(:red)
+      puts "#{total_vulnerabilities} vulnerabilities founded.".colorize(:light_red)
     end
-    def print_vulnerability_info(vuln)
-      package_name = extract_package_name(vuln)
-      version_fixed = extract_version_fixed(vuln)
-      summary = vuln["summary"]
-      details = vuln["details"]
+    def print_vulnerability_info(vulnerabilities)
+      package_name = extract_package_name(vulnerabilities)
+      version_fixed = extract_version_fixed(vulnerabilities)
+      summary = vulnerabilities["summary"]
+      details = vulnerabilities["details"]
       print_info(package_name, version_fixed, summary, details)
     end
-    def extract_package_name(vuln)
-      affected_package = vuln["affected"].first
+    def extract_package_name(vulnerability)
+      affected_package = vulnerability["affected"].first
       affected_package["package"]["name"]
     end
-    def extract_version_fixed(vuln)
-      affected_package = vuln["affected"].first
+    def extract_version_fixed(vulnerability)
+      affected_package = vulnerability["affected"].first
       version_ranges = affected_package["ranges"].first
       version_ranges["events"].last["fixed"]
     end

data/lib/iron_dome/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module IronDome
-  VERSION = "0.1.2"
+  VERSION = "0.1.4"
 end

data/lib/iron_dome.rb CHANGED Viewed

@@ -14,9 +14,12 @@ require_relative "iron_dome/reader"
 module IronDome
   class Error < StandardError; end
-  # class entry, this is the entrypoint of the gem.
+  # class entry, this is the main class of the gem.
   class Entry
+    # rubocop:disable Metrics/MethodLength
     def main
+      puts display_ascii_art
       options = {}
       OptionParser.new do |opts|
         opts.on("-o", "--output", "Generate a sarif format file report.") do |output|
@@ -30,5 +33,19 @@ module IronDome
       Reader.new(options).call
     end
+    # rubocop:enable Metrics/MethodLength
+    def display_ascii_art
+      <<-ART
+  ██╗██████╗  ██████╗ ███╗   ██╗██████╗  ██████╗ ███╗   ███╗███████╗
+  ██║██╔══██╗██╔═══██╗████╗  ██║██╔══██╗██╔═══██╗████╗ ████║██╔════╝
+  ██║██████╔╝██║   ██║██╔██╗ ██║██║  ██║██║   ██║██╔████╔██║█████╗
+  ██║██╔══██╗██║   ██║██║╚██╗██║██║  ██║██║   ██║██║╚██╔╝██║██╔══╝
+  ██║██║  ██║╚██████╔╝██║ ╚████║██████╔╝╚██████╔╝██║ ╚═╝ ██║███████╗
+  ╚═╝╚═╝  ╚═╝ ╚═════╝ ╚═╝  ╚═══╝╚═════╝  ╚═════╝ ╚═╝     ╚═╝╚══════╝ v#{IronDome::VERSION}
+      ART
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: iron_dome
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.4
 platform: ruby
 authors:
 - Jose Augusto
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-02-21 00:00:00.000000000 Z
+date: 2024-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -83,13 +83,13 @@ files:
 - Rakefile
 - exe/iron_dome
 - image.png
+- iron_dome.gemspec
 - lib/iron_dome.rb
 - lib/iron_dome/output.rb
 - lib/iron_dome/reader.rb
 - lib/iron_dome/requester.rb
 - lib/iron_dome/sarif/output.rb
 - lib/iron_dome/version.rb
-- sig/iron_dome.rbs
 homepage: https://github.com/JAugusto42/iron_dome
 licenses:
 - MIT
@@ -105,14 +105,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.6
+rubygems_version: 3.5.14
 signing_key:
 specification_version: 4
 summary: A vulnerability scanner for ruby projects dependencies

data/sig/iron_dome.rbs DELETED Viewed

@@ -1,4 +0,0 @@
-module IronDome
-  VERSION: String
-  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
-end