package-audit 0.7.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a14d75d3c6f64af8c327c492e0d0c1bcf98fc3119964e63d944fc33fc6ce6b8e
|
|
4
|
+
data.tar.gz: 01f5eaac43d53a65ac42a46a736793b8dbe56f4ad3531a8e649d9516b85a5027
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f2599769354017f84a5eb4f5da8cb6b67b69be12ed6f67126ed0701b1746461960c24ecd1ba7d2cf81d5719ca18234f1f9bdcb645a5bb9d8916faaca040ee96
|
|
7
|
+
data.tar.gz: 9eeeb933dd6e5535c0fdcdfca6fea339ca34fc1a611460b68ea0274da083ec08be63424eb82c7229ed939cf05fe49621bbf9f4d04af9abffc6001f7a43e507cb
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require 'json'
|
|
2
2
|
require 'net/http'
|
|
3
|
+
require 'openssl'
|
|
3
4
|
require 'socket'
|
|
4
5
|
|
|
5
6
|
module Package
|
|
@@ -50,7 +51,7 @@ module Package
|
|
|
50
51
|
handle_error(package, e, network_errors)
|
|
51
52
|
end
|
|
52
53
|
|
|
53
|
-
def make_request_with_retry(package_name, retry_count)
|
|
54
|
+
def make_request_with_retry(package_name, retry_count) # rubocop:disable Metrics/MethodLength
|
|
54
55
|
response = make_request(package_name)
|
|
55
56
|
return nil if response.is_a?(Net::HTTPNotFound) # Skip 404s - likely private packages
|
|
56
57
|
|
|
@@ -58,12 +59,15 @@ module Package
|
|
|
58
59
|
response.is_a?(Net::HTTPSuccess)
|
|
59
60
|
|
|
60
61
|
response
|
|
61
|
-
rescue Net::OpenTimeout, Net::ReadTimeout, SocketError, Errno::ECONNREFUSED, Errno::EHOSTUNREACH
|
|
62
|
+
rescue Net::OpenTimeout, Net::ReadTimeout, SocketError, Errno::ECONNREFUSED, Errno::EHOSTUNREACH => e
|
|
62
63
|
return nil if retry_count >= MAX_RETRIES
|
|
63
64
|
|
|
64
65
|
retry_after_delay(retry_count)
|
|
65
66
|
retry_count += 1
|
|
66
67
|
retry
|
|
68
|
+
rescue OpenSSL::SSL::SSLError => e
|
|
69
|
+
warn "Warning: SSL verification failed for #{package_name}: #{e.message}"
|
|
70
|
+
nil
|
|
67
71
|
end
|
|
68
72
|
|
|
69
73
|
def handle_error(package, error, network_errors)
|
|
@@ -79,6 +83,8 @@ module Package
|
|
|
79
83
|
http = Net::HTTP.new(uri.host, uri.port)
|
|
80
84
|
http.use_ssl = true
|
|
81
85
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
86
|
+
http.cert_store = OpenSSL::X509::Store.new
|
|
87
|
+
http.cert_store.set_default_paths
|
|
82
88
|
http.read_timeout = TIMEOUT
|
|
83
89
|
http.open_timeout = TIMEOUT
|
|
84
90
|
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require_relative '../models/package'
|
|
2
|
+
require 'openssl'
|
|
2
3
|
|
|
3
4
|
module Package
|
|
4
5
|
module Audit
|
|
@@ -170,15 +171,24 @@ module Package
|
|
|
170
171
|
}
|
|
171
172
|
end
|
|
172
173
|
|
|
173
|
-
def fetch_gem_version_dates(gem_name)
|
|
174
|
+
def fetch_gem_version_dates(gem_name) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
|
174
175
|
uri = build_api_uri(gem_name)
|
|
175
176
|
response = make_http_request(uri)
|
|
176
177
|
|
|
177
178
|
return nil unless success_response?(response)
|
|
178
179
|
|
|
179
180
|
parse_version_dates(response.body)
|
|
181
|
+
rescue Net::OpenTimeout, Net::ReadTimeout => e
|
|
182
|
+
log_api_error(gem_name, "Network timeout: #{e.message}") if debug_mode?
|
|
183
|
+
nil
|
|
184
|
+
rescue OpenSSL::SSL::SSLError => e
|
|
185
|
+
log_api_error(gem_name, "SSL verification failed: #{e.message}") if debug_mode?
|
|
186
|
+
nil
|
|
187
|
+
rescue SocketError, Errno::ECONNREFUSED => e
|
|
188
|
+
log_api_error(gem_name, "Network error: #{e.message}") if debug_mode?
|
|
189
|
+
nil
|
|
180
190
|
rescue StandardError => e
|
|
181
|
-
log_api_error(gem_name, e) if debug_mode?
|
|
191
|
+
log_api_error(gem_name, e.message) if debug_mode?
|
|
182
192
|
nil
|
|
183
193
|
end
|
|
184
194
|
|
|
@@ -206,6 +216,9 @@ module Package
|
|
|
206
216
|
def create_http_client(uri)
|
|
207
217
|
Net::HTTP.new(uri.host, uri.port).tap do |http|
|
|
208
218
|
http.use_ssl = true
|
|
219
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
220
|
+
http.cert_store = OpenSSL::X509::Store.new
|
|
221
|
+
http.cert_store.set_default_paths
|
|
209
222
|
http.read_timeout = HTTP_READ_TIMEOUT
|
|
210
223
|
http.open_timeout = HTTP_OPEN_TIMEOUT
|
|
211
224
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: package-audit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Vadim Kononov
|
|
@@ -111,7 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
111
111
|
- !ruby/object:Gem::Version
|
|
112
112
|
version: '0'
|
|
113
113
|
requirements: []
|
|
114
|
-
rubygems_version: 3.
|
|
114
|
+
rubygems_version: 3.6.9
|
|
115
115
|
specification_version: 4
|
|
116
116
|
summary: A helper tool to find outdated, deprecated and vulnerable dependencies.
|
|
117
117
|
test_files: []
|