neetob 0.5.33 → 0.5.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 315137a3063a9384543accfc6d0c867ab9ef7cbb65f2276c8779cd35452e186f
4
- data.tar.gz: 5a42415390bd8082a0bb8ae5311bb424ded01b63535c4c7d4e1c03361ea10be0
3
+ metadata.gz: 7d1e81ad19b7fc0000a78ee52943577368c4eb26ee7fa8765cefdd7c48184be0
4
+ data.tar.gz: 64bdf65d26eeefa1c8f7282ad6f5b33be88df114cc4b24e2ac661a3fb7975a9e
5
5
  SHA512:
6
- metadata.gz: 9e2a555d3c6b85713699ae105cfa334d8e8c7669715ad904315b87e19d2f3fe2db2195ac68f3a675c1a08387620e7a7cfe03887e20d80a83dc215aeb11964e51
7
- data.tar.gz: 3c30f7697de99a9b77f52f5884f8630dc3d8d252f2094ffd138396f3eae94e88b22afdc4f4c00723160f8243531649f1556e63800dbf2ac070cb318b0e49eb41
6
+ metadata.gz: ba217948009c17afa6ed22ff558d7edf585b2a9f8beb5bb8786c967cc52ff9f8f11ccd9d26467c0b7cd8350afc102341e4a2513fdd29e25c752edb2a78b3dc1e
7
+ data.tar.gz: 5cb907b16d2508c4fbac786eeb9567fe54f35e1a750c8366d1f3590bbb9d1705c997c6a992775761bc152b5282634faf479c533a6f306ab3c6abc34400f22c64
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- neetob (0.5.33)
4
+ neetob (0.5.34)
5
5
  brakeman (~> 5.0)
6
6
  chronic
7
7
  dotenv (~> 2.8.1)
@@ -0,0 +1,59 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "./make_pr/base"
4
+
5
+ module Neetob
6
+ class CLI
7
+ module Github
8
+ class ActiveRecordDoctor < MakePr::Base
9
+ DESCRIPTION = "Fix vulnerabilities reported by active_record_doctor"
10
+ attr_accessor :repos, :sandbox
11
+
12
+ def initialize(repos, sandbox = false)
13
+ super()
14
+ @repos = repos
15
+ @sandbox = sandbox
16
+ end
17
+
18
+ def run
19
+ matching_repos = find_all_matching_apps_or_repos(repos, :github, sandbox)
20
+ report = nil
21
+ matching_repos.each do |repo|
22
+ begin
23
+ ui.info("\nWorking on repo #{repo}", print_to_audit_log: false)
24
+ clone_repo_in_tmp_dir(repo)
25
+ bundle_install!(repo)
26
+ setup_db!(repo)
27
+ report = run_active_record_doctor(repo)
28
+ ui.success("Successfully executed active_record_doctor for #{repo}", print_to_audit_log: false)
29
+
30
+ report = report.lines.reject { |line| line.start_with?("**") }.join("\n")
31
+ if !report.blank? && !Thread.current[:audit_mode]
32
+ issue = client.create_issue(repo, DESCRIPTION, parse_description(warnings))
33
+ ui.success("Issue created at #{issue.html_url}")
34
+ end
35
+ rescue StandardError => e
36
+ ExceptionHandler.new(e).process
37
+ end
38
+ end
39
+ `rm -rf /tmp/neetob` unless Thread.current[:audit_mode]
40
+ if Thread.current[:audit_mode]
41
+ report
42
+ end
43
+ end
44
+
45
+ private
46
+
47
+ def run_active_record_doctor(repo)
48
+ `#{cd_to_repo(repo)} && bundle exec rake active_record_doctor`
49
+ end
50
+
51
+ def setup_db!(repo)
52
+ `#{cd_to_repo(repo)} && cp config/database.yml.postgresql config/database.yml`
53
+ `#{cd_to_repo(repo)} && sed -i '' 's/_development/_development_audit/g' config/database.yml`
54
+ `#{cd_to_repo(repo)} && bundle exec rake setup`
55
+ end
56
+ end
57
+ end
58
+ end
59
+ end
@@ -0,0 +1,40 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../../../github/active_record_doctor"
4
+
5
+ module Neetob
6
+ class CLI
7
+ module MonthlyAudit
8
+ module Security
9
+ module Code
10
+ class ActiveRecordDoctor < CLI::Base
11
+ def initialize
12
+ super()
13
+ end
14
+
15
+ def run
16
+ ui.success("### 1.1.4. Checking whether running `rake active_record_doctor` throws any vulnerabilities")
17
+ repo_data = [["Repository", "Issues Found", "Comments", "Audit Passed"]]
18
+ ui.info "\n"
19
+ NeetoCompliance::NeetoRepos.products.keys.take(5).each do |repo|
20
+ ui.info("Checking ActiveRecordDoctor run results for #{repo}", print_to_audit_log: false)
21
+ active_record_doctor_run_result = Neetob::CLI::Github::ActiveRecordDoctor.new([repo]).run
22
+
23
+ if active_record_doctor_run_result.blank?
24
+ issues_found = "No"
25
+ comments = nil
26
+ else
27
+ issues_found = "Yes"
28
+ comments = "#{active_record_doctor_run_result.lines.first.strip} ..."
29
+ end
30
+ audit_passed = issues_found == "No" ? "Yes" : "No"
31
+ repo_data << [repo, issues_found, comments, audit_passed]
32
+ end
33
+ ui.print_table(repo_data)
34
+ end
35
+ end
36
+ end
37
+ end
38
+ end
39
+ end
40
+ end
@@ -3,6 +3,7 @@
3
3
  require_relative "bundle_audit"
4
4
  require_relative "yarn_audit"
5
5
  require_relative "brakeman"
6
+ require_relative "active_record_doctor"
6
7
 
7
8
  module Neetob
8
9
  class CLI
@@ -20,6 +21,8 @@ module Neetob
20
21
  YarnAudit.new.run
21
22
  ui.info "\n"
22
23
  Brakeman.new.run
24
+ ui.info "\n"
25
+ ActiveRecordDoctor.new.run
23
26
  end
24
27
  end
25
28
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Neetob
4
- VERSION = "0.5.33"
4
+ VERSION = "0.5.34"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: neetob
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.33
4
+ version: 0.5.34
5
5
  platform: ruby
6
6
  authors:
7
7
  - Udai Gupta
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2025-01-28 00:00:00.000000000 Z
11
+ date: 2025-01-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -185,6 +185,7 @@ files:
185
185
  - lib/neetob/cli/cronitor/base.rb
186
186
  - lib/neetob/cli/cronitor/get_all_monitors.rb
187
187
  - lib/neetob/cli/fetchorupdate_repos/execute.rb
188
+ - lib/neetob/cli/github/active_record_doctor.rb
188
189
  - lib/neetob/cli/github/auth.rb
189
190
  - lib/neetob/cli/github/base.rb
190
191
  - lib/neetob/cli/github/brakeman.rb
@@ -260,6 +261,7 @@ files:
260
261
  - lib/neetob/cli/monthly_audit/misc/sparkpost_sub_account_used_for_all_apps.rb
261
262
  - lib/neetob/cli/monthly_audit/misc/ssl_certs_setup_for_auto_renewal.rb
262
263
  - lib/neetob/cli/monthly_audit/perform.rb
264
+ - lib/neetob/cli/monthly_audit/security/code/active_record_doctor.rb
263
265
  - lib/neetob/cli/monthly_audit/security/code/brakeman.rb
264
266
  - lib/neetob/cli/monthly_audit/security/code/bundle_audit.rb
265
267
  - lib/neetob/cli/monthly_audit/security/code/main.rb