RubyGems - neetob - Versions diffs - 0.5.33 → 0.5.34 - Mend

neetob 0.5.33 → 0.5.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/lib/neetob/cli/github/active_record_doctor.rb +59 -0
data/lib/neetob/cli/monthly_audit/security/code/active_record_doctor.rb +40 -0
data/lib/neetob/cli/monthly_audit/security/code/main.rb +3 -0
data/lib/neetob/version.rb +1 -1
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 315137a3063a9384543accfc6d0c867ab9ef7cbb65f2276c8779cd35452e186f
-  data.tar.gz: 5a42415390bd8082a0bb8ae5311bb424ded01b63535c4c7d4e1c03361ea10be0
+  metadata.gz: 7d1e81ad19b7fc0000a78ee52943577368c4eb26ee7fa8765cefdd7c48184be0
+  data.tar.gz: 64bdf65d26eeefa1c8f7282ad6f5b33be88df114cc4b24e2ac661a3fb7975a9e
 SHA512:
-  metadata.gz: 9e2a555d3c6b85713699ae105cfa334d8e8c7669715ad904315b87e19d2f3fe2db2195ac68f3a675c1a08387620e7a7cfe03887e20d80a83dc215aeb11964e51
-  data.tar.gz: 3c30f7697de99a9b77f52f5884f8630dc3d8d252f2094ffd138396f3eae94e88b22afdc4f4c00723160f8243531649f1556e63800dbf2ac070cb318b0e49eb41
+  metadata.gz: ba217948009c17afa6ed22ff558d7edf585b2a9f8beb5bb8786c967cc52ff9f8f11ccd9d26467c0b7cd8350afc102341e4a2513fdd29e25c752edb2a78b3dc1e
+  data.tar.gz: 5cb907b16d2508c4fbac786eeb9567fe54f35e1a750c8366d1f3590bbb9d1705c997c6a992775761bc152b5282634faf479c533a6f306ab3c6abc34400f22c64

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    neetob (0.5.33)
+    neetob (0.5.34)
       brakeman (~> 5.0)
       chronic
       dotenv (~> 2.8.1)

data/lib/neetob/cli/github/active_record_doctor.rb ADDED Viewed

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+require_relative "./make_pr/base"
+module Neetob
+  class CLI
+    module Github
+      class ActiveRecordDoctor < MakePr::Base
+        DESCRIPTION = "Fix vulnerabilities reported by active_record_doctor"
+        attr_accessor :repos, :sandbox
+        def initialize(repos, sandbox = false)
+          super()
+          @repos = repos
+          @sandbox = sandbox
+        end
+        def run
+          matching_repos = find_all_matching_apps_or_repos(repos, :github, sandbox)
+          report = nil
+          matching_repos.each do |repo|
+            begin
+              ui.info("\nWorking on repo #{repo}", print_to_audit_log: false)
+              clone_repo_in_tmp_dir(repo)
+              bundle_install!(repo)
+              setup_db!(repo)
+              report = run_active_record_doctor(repo)
+              ui.success("Successfully executed active_record_doctor for #{repo}", print_to_audit_log: false)
+              report = report.lines.reject { |line| line.start_with?("**") }.join("\n")
+              if !report.blank? && !Thread.current[:audit_mode]
+                issue = client.create_issue(repo, DESCRIPTION, parse_description(warnings))
+                ui.success("Issue created at #{issue.html_url}")
+              end
+            rescue StandardError => e
+              ExceptionHandler.new(e).process
+            end
+          end
+          `rm -rf /tmp/neetob` unless Thread.current[:audit_mode]
+          if Thread.current[:audit_mode]
+            report
+          end
+        end
+        private
+          def run_active_record_doctor(repo)
+            `#{cd_to_repo(repo)} && bundle exec rake active_record_doctor`
+          end
+          def setup_db!(repo)
+            `#{cd_to_repo(repo)} && cp config/database.yml.postgresql config/database.yml`
+            `#{cd_to_repo(repo)} && sed -i '' 's/_development/_development_audit/g' config/database.yml`
+            `#{cd_to_repo(repo)} && bundle exec rake setup`
+          end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/code/active_record_doctor.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+require_relative "../../../github/active_record_doctor"
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Security
+        module Code
+          class ActiveRecordDoctor < CLI::Base
+            def initialize
+              super()
+            end
+            def run
+              ui.success("### 1.1.4. Checking whether running `rake active_record_doctor` throws any vulnerabilities")
+              repo_data = [["Repository", "Issues Found", "Comments", "Audit Passed"]]
+              ui.info "\n"
+              NeetoCompliance::NeetoRepos.products.keys.take(5).each do |repo|
+                ui.info("Checking ActiveRecordDoctor run results for #{repo}", print_to_audit_log: false)
+                active_record_doctor_run_result = Neetob::CLI::Github::ActiveRecordDoctor.new([repo]).run
+                if active_record_doctor_run_result.blank?
+                  issues_found = "No"
+                  comments = nil
+                else
+                  issues_found = "Yes"
+                  comments = "#{active_record_doctor_run_result.lines.first.strip} ..."
+                end
+                audit_passed = issues_found == "No" ? "Yes" : "No"
+                repo_data << [repo, issues_found, comments, audit_passed]
+              end
+              ui.print_table(repo_data)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/code/main.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 require_relative "bundle_audit"
 require_relative "yarn_audit"
 require_relative "brakeman"
+require_relative "active_record_doctor"
 module Neetob
   class CLI
@@ -20,6 +21,8 @@ module Neetob
               YarnAudit.new.run
               ui.info "\n"
               Brakeman.new.run
+              ui.info "\n"
+              ActiveRecordDoctor.new.run
             end
           end
         end

data/lib/neetob/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Neetob
-  VERSION = "0.5.33"
+  VERSION = "0.5.34"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: neetob
 version: !ruby/object:Gem::Version
-  version: 0.5.33
+  version: 0.5.34
 platform: ruby
 authors:
 - Udai Gupta
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-01-28 00:00:00.000000000 Z
+date: 2025-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -185,6 +185,7 @@ files:
 - lib/neetob/cli/cronitor/base.rb
 - lib/neetob/cli/cronitor/get_all_monitors.rb
 - lib/neetob/cli/fetchorupdate_repos/execute.rb
+- lib/neetob/cli/github/active_record_doctor.rb
 - lib/neetob/cli/github/auth.rb
 - lib/neetob/cli/github/base.rb
 - lib/neetob/cli/github/brakeman.rb
@@ -260,6 +261,7 @@ files:
 - lib/neetob/cli/monthly_audit/misc/sparkpost_sub_account_used_for_all_apps.rb
 - lib/neetob/cli/monthly_audit/misc/ssl_certs_setup_for_auto_renewal.rb
 - lib/neetob/cli/monthly_audit/perform.rb
+- lib/neetob/cli/monthly_audit/security/code/active_record_doctor.rb
 - lib/neetob/cli/monthly_audit/security/code/brakeman.rb
 - lib/neetob/cli/monthly_audit/security/code/bundle_audit.rb
 - lib/neetob/cli/monthly_audit/security/code/main.rb