mrjoy-bundler-audit 0.2.1 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 86bf3607b18010fe5a5a8eea50c278a4972fa133
-  data.tar.gz: bc8390e22500c5f02f45d19f0cfa541d3f1a86bc
+  metadata.gz: 797e11ab94369f9ca56d1ebec7b486b739ef76a0
+  data.tar.gz: f86b4d43b7bc27285b9da49494d7f9bcb6d3da2d
 SHA512:
-  metadata.gz: abaf90aff0656335877ef86c57058dfbeef7edfc35f2a961531673d2e096f82e3072eba07de2a32bd48e8eb8c1c45d90cb80ce26824e9c787f6df54fcc85d768
-  data.tar.gz: 2a44ca737667dbbbf86435c1a84999ac36f6ad8c45d5c3cdd958d6cba889e678f3fe63aed0bf54d699eb88b8ba0686455497cf0923dc401e5da3fc186ecddb3c
+  metadata.gz: ecbadf97664bc14844269e91b523feb2bf17dfd569af3621a8a015b40c4c7e5b69bad171497bb950616df115f0c8fd752dda12e8551c5c8caea3571b8e100d08
+  data.tar.gz: 39df3b13657c0069d7739b600dc8c1feac26a51fe790438b3284d46d32a8f9a6dd2b31d9ad05e1edaed20d948d44835d0e0763b7ca0b05737eb0a7cf20ce1465

data/ChangeLog.md

@@ -1,3 +1,22 @@
+### mrjoy-0.3.1 / 2013-11-04
+
+* Integrated upstream 0.3.0 changes.
+* Refresh built-in dataset.
+* Make regression test more resilient and more bulletproof.
+* Integrate grosser's mechanism for [DRYing up tests a bit](https://github.com/grosser/bundler-audit/commit/8568f936fe86eb92c95d63ef3c0a33bffd3aeee9).
+
+### 0.3.0 / 2013-10-31
+
+* Added {Bundler::Audit::Database.update!} which uses `git` to download
+  [ruby-advisory-db] to `~/.local/share/ruby-advisory-db`.
+* {Bundler::Audit::Database.path} now returns the path to either
+  `~/.local/share/ruby-advisory-db` or the vendored copy, depending on which
+  is more recent.
+
+#### CLI
+
+* Added the `bundle-audit update` sub-command.
+
 ### mrjoy-0.2.1 / 2013-09-13
 
 * Integrate upstream changes from 0.2.0, with local changes from 0.1.4.
@@ -10,10 +29,10 @@
 * Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly
   parse approximate version requirements (`~> 1.2.3`).
 * Updated the [ruby-advisory-db].
-* Added {Bundle::Audit::Advisory#unaffected_versions}.
-* Added {Bundle::Audit::Advisory#unaffected?}.
-* Added {Bundle::Audit::Advisory#patched?}.
-* Renamed `Advisory#cve` to {Bundle::Audit::Advisory#id}.
+* Added {Bundler::Audit::Advisory#unaffected_versions}.
+* Added {Bundler::Audit::Advisory#unaffected?}.
+* Added {Bundler::Audit::Advisory#patched?}.
+* Renamed `Advisory#cve` to {Bundler::Audit::Advisory#id}.
 
 ### mrjoy-0.1.4 / 2013-08-15
 

data/README.md

@@ -82,6 +82,32 @@ Audit a projects `Gemfile.lock`:
     
     Unpatched versions found!
 
+Update the [ruby-advisory-db] that `bundle-audit` uses:
+
+    $ bundle-audit update
+    Updating ruby-advisory-db ...
+    remote: Counting objects: 44, done.
+    remote: Compressing objects: 100% (24/24), done.
+    remote: Total 39 (delta 19), reused 29 (delta 10)
+    Unpacking objects: 100% (39/39), done.
+    From https://github.com/rubysec/ruby-advisory-db
+     * branch            master     -> FETCH_HEAD
+    Updating 5f8225e..328ca86
+    Fast-forward
+     CONTRIBUTORS.md                    |  1 +
+     gems/actionmailer/OSVDB-98629.yml  | 17 +++++++++++++++++
+     gems/cocaine/OSVDB-98835.yml       | 15 +++++++++++++++
+     gems/fog-dragonfly/OSVDB-96798.yml | 13 +++++++++++++
+     gems/sounder/OSVDB-96278.yml       | 13 +++++++++++++
+     gems/wicked/OSVDB-98270.yml        | 14 ++++++++++++++
+     6 files changed, 73 insertions(+)
+     create mode 100644 gems/actionmailer/OSVDB-98629.yml
+     create mode 100644 gems/cocaine/OSVDB-98835.yml
+     create mode 100644 gems/fog-dragonfly/OSVDB-96798.yml
+     create mode 100644 gems/sounder/OSVDB-96278.yml
+     create mode 100644 gems/wicked/OSVDB-98270.yml
+    ruby-advisory-db: 64 advisories
+
 ## Requirements
 
 * [bundler] ~> 1.2
@@ -97,6 +123,12 @@ Or in your Gemfile:
 gem 'mrjoy-bundler-audit', :require => nil
 ```
 
+Or in your Gemfile:
+
+```ruby
+gem 'bundler-audit', :require => nil
+```
+
 ## License
 
 Copyright (c) 2013 Hal Brodigan (postmodern.mod3 at gmail.com)

data/Rakefile

@@ -23,13 +23,16 @@ require 'rake'
 require 'rubygems/tasks'
 Gem::Tasks.new
 
-desc 'Updates data/ruby-advisory-db'
-task :update do
-  chdir 'data/ruby-advisory-db' do
-    sh 'git', 'pull', 'origin', 'master'
-  end
+namespace :db do
+  desc 'Updates data/ruby-advisory-db'
+  task :update do
+    chdir 'data/ruby-advisory-db' do
+      sh 'git', 'pull', 'origin', 'master'
+    end
 
-  sh 'git', 'commit', 'data/ruby-advisory-db', '-m', 'Updated ruby-advisory-db'
+    sh 'git', 'commit', 'data/ruby-advisory-db',
+                        '-m', 'Updated ruby-advisory-db'
+  end
 end
 
 require 'rspec/core/rake_task'
@@ -41,14 +44,12 @@ namespace :spec do
 
     %w[secure unpatched_gems insecure_sources].each do |bundle|
       chdir(File.join(root,bundle)) do
-        # rm_f "Gemfile.lock" if(File.exist?("Gemfile.lock"))
         begin
           sh 'BUNDLE_BIN_PATH="" BUNDLE_GEMFILE="" RUBYOPT="" bundle install --path ../../../vendor/bundle'
         rescue
-          if(File.exist?("Gemfile.lock"))
-            puts "Looks like Gemfile may have been updated.  Attempting to update things."
-            sh 'BUNDLE_BIN_PATH="" BUNDLE_GEMFILE="" RUBYOPT="" bundle update'
-          end
+          exit(1) if(!File.exist?('Gemfile.lock'))
+          puts "Looks like Gemfile may have been updated.  Attempting to update things."
+          sh 'BUNDLE_BIN_PATH="" BUNDLE_GEMFILE="" RUBYOPT="" bundle update'
         end
       end
     end

data/data/ruby-advisory-db/.gitignore

@@ -0,0 +1 @@
+Gemfile.lock

data/data/ruby-advisory-db/CONTRIBUTORS.md

@@ -11,3 +11,4 @@ Thanks,
 * [Oliver Legg](https://github.com/olly)
 * [Larry W. Cashdollar](http://vapid.dhs.org/)
 * [Michael Grosser](https://github.com/grosser)
+* [Sascha Korth](https://github.com/skorth)

data/data/ruby-advisory-db/README.md

@@ -14,15 +14,12 @@ The Ruby Advisory Database aims to compile all advisories that are relevant to R
 The database is a list of directories that match the names of Ruby libraries on
 [rubygems.org]. Within each directory are one or more advisory files
 for the Ruby library. These advisory files are typically named using
-the advisories [CVE] identifier number.
+the advisories [OSVDB] identifier number.
 
     gems/:
       actionpack/:
-        CVE-2012-1099.yml  CVE-2012-3463.yml  CVE-2013-0156.yml
-        CVE-2013-1857.yml  CVE-2012-3424.yml  CVE-2012-3465.yml
-        CVE-2013-1855.yml
-
-If an advisory does not yet have a [CVE], [requesting a CVE][1] is easy.
+        OSVDB-79727.yml  OSVDB-84513.yml  OSVDB-89026.yml  OSVDB-91454.yml
+        OSVDB-84243.yml  OSVDB-84515.yml  OSVDB-91452.yml
 
 ## Format
 
@@ -78,9 +75,8 @@ developed by the Open Security Foundation (OSF) and its contributors.
 
 [rubygems.org]: https://rubygems.org/
 [CVE]: http://cve.mitre.org/
+[OSVDB]: http://www.osvdb.org/
 [CVSSv2]: http://www.first.org/cvss/cvss-guide.html
 [OSVDB]: http://www.osvdb.org/
 [YAML]: http://www.yaml.org/
 [CONTRIBUTORS.md]: https://github.com/rubysec/ruby-advisory-db/blob/master/CONTRIBUTORS.md
-
-[1]: http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

data/data/ruby-advisory-db/gems/actionmailer/OSVDB-98629.yml

@@ -0,0 +1,17 @@
+---
+gem: actionmailer
+cve: 2013-4389
+osvdb: 98629
+url: http://www.osvdb.org/show/osvdb/98629
+title: Action Mailer Gem for Ruby contains a possible DoS Vulnerability
+date: 2013-10-16
+description: Action Mailer Gem for Ruby contains a format string flaw in
+  the Log Subscriber component. The issue is triggered as format string
+  specifiers (e.g. %s and %x) are not properly sanitized in user-supplied
+  input when handling email addresses. This may allow a remote attacker
+  to cause a denial of service
+cvss_v2: 4.3
+unaffected_versions:
+  - ~> 2.3.2
+patched_versions: 
+  - '>= 3.2.15'

data/data/ruby-advisory-db/gems/cocaine/OSVDB-98835.yml

@@ -0,0 +1,15 @@
+---
+gem: cocaine
+cve: 2013-4457
+osvdb: 98835
+url: http://www.osvdb.org/show/osvdb/98835
+title: Cocaine Gem for Ruby contains a flaw
+date: 2013-10-22
+description: Cocaine Gem for Ruby contains a flaw that is due to the method
+  of variable interpolation used by the program. With a specially crafted
+  object, a context-dependent attacker can execute arbitrary commands.
+cvss_v2:
+unaffected_versions:
+  - ~> 0.3.0
+patched_versions: 
+  - '>= 0.5.3'

data/data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-96798.yml

@@ -0,0 +1,13 @@
+---
+gem: fog-dragonfly
+cve: 2013-5671
+osvdb: 96798
+url: http://www.osvdb.org/show/osvdb/96798
+title: fog-dragonfly Gem for Ruby imagemagickutils.rb Remote Command Execution
+date: 2013-09-03
+description: fog-dragonfly Gem for Ruby contains a flaw that is due to the program
+  failing to properly sanitize input passed via the imagemagickutils.rb script. This
+  may allow a remote attacker to execute arbitrary commands.
+cvss_v2:
+patched_versions:
+- ">= 0.8.4"

data/data/ruby-advisory-db/gems/redis-namespace/OSVDB-96425.yml

@@ -0,0 +1,16 @@
+--- 
+gem: redis-namespace
+osvdb: 96425
+url: http://www.osvdb.org/show/osvdb/96425
+title: redis-namespace Gem for Ruby contains a flaw in the method_missing implementation
+date: 2013-08-03
+description: |
+  redis-namespace Gem for Ruby contains a flaw in the method_missing implementation.
+  The issue is triggered when handling exec commands called via send(). This may allow a
+  remote attacker to execute arbitrary commands.
+cvss_v2:
+patched_versions: 
+  - ">= 1.3.1"
+  - ">= 1.2.2"
+  - ">= 1.1.1"
+  - ">= 1.0.4"

data/data/ruby-advisory-db/gems/sounder/OSVDB-96278.yml

@@ -0,0 +1,13 @@
+---
+gem: sounder
+cve: 2013-5647
+osvdb: 96278
+url: http://www.osvdb.org/show/osvdb/96278
+title: Sounder Gem for Ruby File Name Handling Arbitrary Command Execution
+date: 2013-08-14
+description: Sounder Gem for Ruby contains a flaw that is triggered during the handling
+  of file names. This may allow a context-dependent attacker to execute arbitrary
+  commands.
+cvss_v2: 7.5
+patched_versions: 
+- '>= 1.0.2'

data/data/ruby-advisory-db/gems/wicked/OSVDB-98270.yml

@@ -0,0 +1,14 @@
+---
+gem: wicked
+cve: 2013-4413
+osvdb: 98270
+url: http://www.osvdb.org/show/osvdb/98270
+title: Wicked Gem for Ruby contains a flaw
+date: 2013-10-08
+description: Wicked Gem for Ruby contains a flaw that is due to the program
+  failing to properly sanitize input passed via the 'the_step' parameter
+  upon submission to the render_redirect.rb script.
+  This may allow a remote attacker to gain access to arbitrary files.
+cvss_v2:
+patched_versions: 
+  - '>= 1.0.1'

data/lib/bundler/audit/advisory.rb

@@ -84,7 +84,7 @@ module Bundler
       # Checks whether the version is not affected by the advisory.
       #
       # @param [Gem::Version] version
-      #   The version to compare against {#unaffected_version}.
+      #   The version to compare against {#unaffected_versions}.
       #
       # @return [Boolean]
       #   Specifies whether the version is not affected by the advisory.
@@ -101,7 +101,7 @@ module Bundler
       # Checks whether the version is patched against the advisory.
       #
       # @param [Gem::Version] version
-      #   The version to compare against {#patched_version}.
+      #   The version to compare against {#patched_versions}.
       #
       # @return [Boolean]
       #   Specifies whether the version is patched against the advisory.

data/lib/bundler/audit/cli.rb

@@ -57,6 +57,14 @@ module Bundler
         end
       end
 
+      desc 'update', 'Updates the ruby-advisory-db'
+      def update
+        say "Updating ruby-advisory-db ..."
+
+        Database.update!
+        puts "ruby-advisory-db: #{Database.new.size} advisories"
+      end
+
       desc 'version', 'Prints the bundler-audit version'
       def version
         database = Database.new

data/lib/bundler/audit/database.rb

@@ -19,6 +19,7 @@
 
 require 'bundler/audit/advisory'
 
+require 'time'
 require 'yaml'
 
 module Bundler
@@ -29,8 +30,14 @@ module Bundler
     #
     class Database
 
-      # directory containing advisories
-      PATH =  File.expand_path(File.join(File.dirname(__FILE__),'..','..','..','data','ruby-advisory-db','gems'))
+      # Git URL of the ruby-advisory-db
+      URL = 'https://github.com/rubysec/ruby-advisory-db.git'
+
+      # Default path to the ruby-advisory-db
+      VENDORED_PATH =  File.expand_path(File.join(File.dirname(__FILE__),'..','..','..','data','ruby-advisory-db'))
+
+      # Path to the user's copy of the ruby-advisory-db
+      USER_PATH = File.join(Gem.user_home,'.local','share','ruby-advisory-db')
 
       # The path to the advisory database
       attr_reader :path
@@ -44,7 +51,7 @@ module Bundler
       # @raise [ArgumentError]
       #   The path was not a directory.
       #
-      def initialize(path=PATH)
+      def initialize(path=self.class.path)
         unless File.directory?(path)
           raise(ArgumentError,"#{path.dump} is not a directory")
         end
@@ -52,6 +59,46 @@ module Bundler
         @path = path
       end
 
+      #
+      # The default path for the database.
+      #
+      # @return [String]
+      #   The path to the database directory.
+      #
+      def self.path
+        if File.directory?(USER_PATH)
+          t1 = Dir.chdir(USER_PATH) { Time.parse(`git log --pretty="%cd" -1`) }
+          t2 = File.ctime(VENDORED_PATH)
+
+          if t1 >= t2 then USER_PATH
+          else             VENDORED_PATH
+          end
+        else
+          VENDORED_PATH
+        end
+      end
+
+      #
+      # Updates the ruby-advisory-db.
+      #
+      # @return [Boolean]
+      #   Specifies whether the update was successful.
+      #
+      # @note
+      #   Requires network access.
+      #
+      # @since 0.3.0
+      #
+      def self.update!
+        if File.directory?(USER_PATH)
+          Dir.chdir(USER_PATH) do
+            system 'git', 'pull', 'origin', 'master'
+          end
+        else
+          system 'git', 'clone', URL, USER_PATH
+        end
+      end
+
       #
       # Enumerates over every advisory in the database.
       #
@@ -163,7 +210,7 @@ module Bundler
       #   A path to an advisory `.yml` file.
       #
       def each_advisory_path(&block)
-        Dir.glob(File.join(@path,'*','*.yml'),&block)
+        Dir.glob(File.join(@path,'gems','*','*.yml'),&block)
       end
 
       #
@@ -179,7 +226,7 @@ module Bundler
       #   A path to an advisory `.yml` file.
       #
       def each_advisory_path_for(name,&block)
-        Dir.glob(File.join(@path,name,'*.yml'),&block)
+        Dir.glob(File.join(@path,'gems',name,'*.yml'),&block)
       end
 
     end

data/lib/bundler/audit/version.rb

@@ -20,6 +20,6 @@
 module Bundler
   module Audit
     # bundler-audit version
-    VERSION = '0.2.1'
+    VERSION = '0.3.1'
   end
 end

data/spec/advisory_spec.rb

@@ -3,10 +3,10 @@ require 'bundler/audit/database'
 require 'bundler/audit/advisory'
 
 describe Bundler::Audit::Advisory do
-  let(:root) { Bundler::Audit::Database::PATH }
+  let(:root) { Bundler::Audit::Database::VENDORED_PATH }
   let(:gem)  { 'actionpack' }
   let(:id)   { 'OSVDB-84243' }
-  let(:path) { File.join(root,gem,"#{id}.yml") }
+  let(:path) { File.join(root,'gems',gem,"#{id}.yml") }
   let(:an_unaffected_version) do
     YAML.
       load(File.read(path))['unaffected_versions'].

data/spec/bundle/secure/Gemfile

@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-gem 'rails', '3.2.14'
+gem 'rails', '3.2.15'
 
 # Bundle edge Rails instead:
 # gem 'rails', :git => 'git://github.com/rails/rails.git'

data/spec/database_spec.rb

@@ -3,8 +3,8 @@ require 'bundler/audit/database'
 require 'tmpdir'
 
 describe Bundler::Audit::Database do
-  describe "PATH" do
-    subject { described_class::PATH }
+  describe "path" do
+    subject { described_class.path }
 
     it "it should be a directory" do
       File.directory?(subject).should be_true
@@ -15,8 +15,8 @@ describe Bundler::Audit::Database do
     context "when given no arguments" do
       subject { described_class.new }
 
-      it "should default path to PATH" do
-        subject.path.should == described_class::PATH
+      it "should default path to path" do
+        subject.path.should == described_class.path
       end
     end
 

data/spec/integration_spec.rb

@@ -3,79 +3,65 @@ require 'spec_helper'
 describe "CLI" do
   include Helpers
 
-  let(:command) do
-    File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundle-audit'))
-  end
+  let(:directory) { File.join('spec','bundle',bundle) }
 
-  context "when auditing a bundle with unpatched gems" do
+  context "when auditing a vulnerable bundle" do
     let(:bundle)    { 'unpatched_gems' }
-    let(:directory) { File.join('spec','bundle',bundle) }
-
-    subject do
-      Dir.chdir(directory) { sh(command, :fail => true) }
-    end
-
-    it "should print a warning" do
-      subject.should include("Unpatched versions found!")
-    end
 
     it "should print advisory information for the vulnerable gems" do
+      output = audit_in_directory "", directory, :fail => true
+      # Doing this so we can get an exact count on the number of
+      # vulnerabilities we should match with the regex below.
+      vuln_count = output.split(/Name:/).length - 1 # Less one for the
+                                                    # zero-width prefix before
+                                                    # the first match.
+
+      # Note the "{8,}" below indicates the minimum number of advisories that
+      # we should see matches for -- as a particular version of code will never
       advisory_pattern = /(Name: [^\n]+
-Version: \d+.\d+.\d+
+Version: \d+\.\d+\.\d+
 Advisory: OSVDB-\d+
 Criticality: (High|Medium)
-URL: http:\/\/(direct|www\.)?osvdb.org\/show\/osvdb\/\d+
-Title: [^\n]*?
-Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
-
-      expect(subject).to match(advisory_pattern)
-      expect(subject).to include("Unpatched versions found!")
+URL: http:\/\/(direct\.|www\.)?osvdb\.org\/show\/osvdb\/\d+
+Title: [^\n]+
+Solution: upgrade to ((~>|=>|>=) \d+\.\d+\.\d+, )*((~>|=>|>=) \d+\.\d+\.\d+)[\s\n]*?){#{vuln_count}}/
+      expect(vuln_count).to be >= 8 # As of 2013-11-04, this bundle turns up 8
+                                    # vulns.  That could increase over time of
+                                    # course.
+      expect(output).to match(advisory_pattern)
+      expect(output).to include("Unpatched versions found!")
     end
   end
 
   context "when auditing a bundle with ignored gems" do
     let(:bundle)    { 'unpatched_gems' }
-    let(:directory) { File.join('spec','bundle',bundle) }
-
-    let(:command) do
-      File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundle-audit -i OSVDB-89026'))
-    end
-
-    subject do
-      Dir.chdir(directory) { sh(command, :fail => true) }
-    end
 
     it "should not print advisory information for ignored gem" do
-      subject.should_not include("OSVDB-89026")
+      output = audit_in_directory "-i OSVDB-89026", directory, :fail => true
+
+      expect(output).to_not include("OSVDB-89026")
     end
   end
 
   context "when auditing a bundle with insecure sources" do
     let(:bundle)    { 'insecure_sources' }
-    let(:directory) { File.join('spec','bundle',bundle) }
-
-    subject do
-      Dir.chdir(directory) { sh(command, :fail => true) }
-    end
 
     it "should print warnings about insecure sources" do
-      subject.should include(%{
+      output = audit_in_directory "", directory, :fail => true
+      expect(output).to include(%{
 Insecure Source URI found: git://github.com/rails/jquery-rails.git
 Insecure Source URI found: http://rubygems.org/
       }.strip)
     end
   end
 
+
   context "when auditing a secure bundle" do
     let(:bundle)    { 'secure' }
-    let(:directory) { File.join('spec','bundle',bundle) }
-
-    subject do
-      Dir.chdir(directory) { sh(command) }
-    end
 
     it "should print nothing when everything is fine" do
-      subject.strip.should == "No unpatched versions found"
+      output = audit_in_directory "", directory
+      expect(output.strip).to eq "No unpatched versions found"
     end
   end
 end

data/spec/spec_helper.rb

@@ -1,6 +1,3 @@
-require 'rubygems'
-require 'bundler'
-Bundler.require
 require 'rspec'
 require 'bundler/audit/version'
 
@@ -16,6 +13,14 @@ module Helpers
   def decolorize(string)
     string.gsub(/\e\[\d+m/, "")
   end
+
+  def executable
+    File.expand_path(File.join('..','..','bin','bundle-audit'), __FILE__)
+  end
+
+  def audit_in_directory(additions, directory, options={})
+    Dir.chdir(directory) { decolorize(sh([executable, additions].compact.join(' '), options)) }
+  end
 end
 
 include Bundler::Audit

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mrjoy-bundler-audit
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.1
 platform: ruby
 authors:
 - Postmodern
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-09-13 00:00:00.000000000 Z
+date: 2013-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -66,6 +66,7 @@ files:
 - spec/integration_spec.rb
 - spec/scanner_spec.rb
 - spec/spec_helper.rb
+- data/ruby-advisory-db/.gitignore
 - data/ruby-advisory-db/.rspec
 - data/ruby-advisory-db/CONTRIBUTING.md
 - data/ruby-advisory-db/CONTRIBUTORS.md
@@ -73,6 +74,7 @@ files:
 - data/ruby-advisory-db/LICENSE.txt
 - data/ruby-advisory-db/README.md
 - data/ruby-advisory-db/Rakefile
+- data/ruby-advisory-db/gems/actionmailer/OSVDB-98629.yml
 - data/ruby-advisory-db/gems/actionpack/OSVDB-79727.yml
 - data/ruby-advisory-db/gems/actionpack/OSVDB-84243.yml
 - data/ruby-advisory-db/gems/actionpack/OSVDB-84513.yml
@@ -90,6 +92,7 @@ files:
 - data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
 - data/ruby-advisory-db/gems/activesupport/OSVDB-89594.yml
 - data/ruby-advisory-db/gems/activesupport/OSVDB-91451.yml
+- data/ruby-advisory-db/gems/cocaine/OSVDB-98835.yml
 - data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml
 - data/ruby-advisory-db/gems/crack/OSVDB-90742.yml
 - data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
@@ -103,6 +106,7 @@ files:
 - data/ruby-advisory-db/gems/fileutils/OSVDB-90716.yml
 - data/ruby-advisory-db/gems/fileutils/OSVDB-90717.yml
 - data/ruby-advisory-db/gems/flash_tool/OSVDB-90829.yml
+- data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-96798.yml
 - data/ruby-advisory-db/gems/ftpd/OSVDB-90784.yml
 - data/ruby-advisory-db/gems/gtk2/OSVDB-40774.yml
 - data/ruby-advisory-db/gems/httparty/OSVDB-90741.yml
@@ -124,13 +128,16 @@ files:
 - data/ruby-advisory-db/gems/rack-cache/OSVDB-83077.yml
 - data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
 - data/ruby-advisory-db/gems/rdoc/OSVDB-90004.yml
+- data/ruby-advisory-db/gems/redis-namespace/OSVDB-96425.yml
 - data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml
 - data/ruby-advisory-db/gems/ruby_parser/OSVDB-90561.yml
+- data/ruby-advisory-db/gems/sounder/OSVDB-96278.yml
 - data/ruby-advisory-db/gems/spree/OSVDB-91216.yml
 - data/ruby-advisory-db/gems/spree/OSVDB-91217.yml
 - data/ruby-advisory-db/gems/spree/OSVDB-91218.yml
 - data/ruby-advisory-db/gems/spree/OSVDB-91219.yml
 - data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml
+- data/ruby-advisory-db/gems/wicked/OSVDB-98270.yml
 - data/ruby-advisory-db/lib/scrape.rb
 - data/ruby-advisory-db/spec/advisory_example.rb
 - data/ruby-advisory-db/spec/gems_spec.rb
@@ -155,7 +162,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.8.0
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.5
+rubygems_version: 2.0.6
 signing_key: 
 specification_version: 4
 summary: Patch-level verification for Bundler