legendary 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE.txt +21 -0
- data/README.md +5 -5
- data/lib/legendary/info.rb +2 -2
- data/lib/legendary/repository.rb +2 -2
- data/lib/legendary/rspec.rb +14 -4
- data/lib/legendary/runner.rb +1 -1
- data/lib/legendary/version.rb +1 -1
- data/lib/legendary/vulnerabilities.rb +9 -11
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5ac4b3cc8c9d05fbbff30808ba7771c78bc1f841
|
|
4
|
+
data.tar.gz: 14440bea8e2dcd757aab109d4d522c77483f61c2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5fe704860adfdabafb77c69a0ce1643f7058010432438f705638f1076221afa629350910fcf690ed2ff11e3678de13632ac60c80192c0002a20ab6b3bd193a7d
|
|
7
|
+
data.tar.gz: 1f4f4c7706692d6ca059e043165eb02606a5c8a60b8e75cfd89416269e2aad710eb5e8e21244ec9c52ed45cd3746cfd7d5ef1484f23a61cb8bf88f19398545a8
|
data/LICENSE.txt
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
The MIT License (MIT)
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2015 John D'Agostino
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
|
13
|
+
all copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
21
|
+
THE SOFTWARE.
|
data/README.md
CHANGED
|
@@ -30,11 +30,11 @@ RSpec integration (in your spec/spec_helper.rb)
|
|
|
30
30
|
|
|
31
31
|
in a spec file
|
|
32
32
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
33
|
+
```ruby
|
|
34
|
+
describe Project::Application do
|
|
35
|
+
specify { is_expected.to be_secure }
|
|
36
|
+
end
|
|
37
|
+
```
|
|
38
38
|
|
|
39
39
|
## Development
|
|
40
40
|
|
data/lib/legendary/info.rb
CHANGED
|
@@ -31,8 +31,8 @@ module Legendary
|
|
|
31
31
|
def vulnerable?
|
|
32
32
|
# FIXME: speeds things up, but in theory a
|
|
33
33
|
# a gem might not have a release, but have vulnerable
|
|
34
|
-
return false unless (outdated? || git_outdated?)
|
|
35
|
-
return vulnerabilities.
|
|
34
|
+
# return false unless (outdated? || git_outdated?)
|
|
35
|
+
return vulnerabilities.to_a.size > 0
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def vulnerabilities
|
data/lib/legendary/repository.rb
CHANGED
data/lib/legendary/rspec.rb
CHANGED
|
@@ -1,13 +1,23 @@
|
|
|
1
1
|
require 'rspec/matchers'
|
|
2
2
|
|
|
3
|
+
$GEMS = Legendary::Gems.new
|
|
3
4
|
|
|
4
5
|
RSpec::Matchers.define :be_secure do
|
|
5
|
-
match do
|
|
6
|
-
|
|
7
|
-
vulnerable_gems = gems.collect do |gem|
|
|
6
|
+
match do |thing|
|
|
7
|
+
vulnerable_gems = $GEMS.collect do |gem|
|
|
8
8
|
gem.vulnerable?
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
expect(vulnerable_gems.
|
|
11
|
+
expect(vulnerable_gems.empty?).to be_truthy
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
RSpec::Matchers.define :be_updated do
|
|
16
|
+
match do |thing|
|
|
17
|
+
outdated = $GEMS.collect do |gem|
|
|
18
|
+
gem.outdated?
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
expect(outdated.empty?).to be_truthy
|
|
12
22
|
end
|
|
13
23
|
end
|
data/lib/legendary/runner.rb
CHANGED
data/lib/legendary/version.rb
CHANGED
|
@@ -8,7 +8,7 @@ module Legendary
|
|
|
8
8
|
|
|
9
9
|
def path
|
|
10
10
|
@path ||= File.join(Legendary.repository.path,
|
|
11
|
-
@info.name)
|
|
11
|
+
"/gems/#{@info.name}")
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def exists?
|
|
@@ -21,24 +21,22 @@ module Legendary
|
|
|
21
21
|
Legendary.logger.info("#{@info.name} : #{path}")
|
|
22
22
|
|
|
23
23
|
Dir.foreach(path) do |yaml_file|
|
|
24
|
-
|
|
24
|
+
next if yaml_file =~ /\A\./
|
|
25
25
|
|
|
26
|
-
|
|
26
|
+
info = YAML.load(File.read(File.join(path, yaml_file)))
|
|
27
27
|
|
|
28
|
-
|
|
29
|
-
|
|
28
|
+
satisfied_version = lambda do |version|
|
|
29
|
+
Gem::Requirement.new(version.split(',')).satisfied_by?(@info.version)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
affected = (info["patched_versions"] || []).none?(&satisfied_version)
|
|
33
|
+
patched = (info["unaffected_versions"] || []).none?(&satisfied_version)
|
|
30
34
|
|
|
31
35
|
if affected || patched
|
|
32
36
|
yield info
|
|
33
37
|
end
|
|
34
38
|
end
|
|
35
39
|
end
|
|
36
|
-
|
|
37
|
-
private
|
|
38
|
-
|
|
39
|
-
def satisfied_version(version)
|
|
40
|
-
Gem::Requirement.new(version.split(',')).satisfied_by?(@info.version)
|
|
41
|
-
end
|
|
42
40
|
end
|
|
43
41
|
end
|
|
44
42
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: legendary
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- John D'Agostino
|
|
@@ -107,6 +107,7 @@ files:
|
|
|
107
107
|
- ".rspec"
|
|
108
108
|
- ".travis.yml"
|
|
109
109
|
- Gemfile
|
|
110
|
+
- LICENSE.txt
|
|
110
111
|
- README.md
|
|
111
112
|
- Rakefile
|
|
112
113
|
- bin/console
|