pronto-bundler_audit 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/Gemfile.lock +13 -51
  4. data/lib/pronto/bundler_audit/version.rb +1 -1
  5. data/lib/pronto/bundler_audit.rb +37 -15
  6. data/pronto-bundler_audit.gemspec +12 -14
  7. metadata +34 -75
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a1e6851baf36d42500cc736579e9b4dfe12d58ad4142cea5909e5e6c2b6f8cd4
4
- data.tar.gz: 0d6a119979f0f6c2cbce6cb2d07fd92948085877c9edb0d5894c357197a1dfd8
3
+ metadata.gz: 2873f35b21834bcf629f9dc4f6d3f03dd951d53c57f7fb243bd2a3bbf07cc86d
4
+ data.tar.gz: 4fee93d0072331bae4923cef0e0ce8b25cd16eafc6c87e85bb00cfdc21f37c2d
5
5
  SHA512:
6
- metadata.gz: f9d8b82ad4ad5367c6cd26ed21692c6cb774498071fb8288a3f3d2efbeae891eee30e41b1fe88117683c31f3f3be1c47129d9cd515793a385946dee1244dfb26
7
- data.tar.gz: 468c3a01eab1325cc560cd3600b93cfde048b64657c31353f79cb1cc5b01a56755d5d8975d2ee646d6027883d4f5c8ac5dc0fb243d29a0e44acb975c9d353814
6
+ metadata.gz: 301d7d5be5569acf52a7111f810ad23eb1e44518be8cfd55ae6bce85145fba559afc78f3cfe59717a1f272db6abb29cb52fc862c9b9ebcc7227ac1d579efb75c
7
+ data.tar.gz: e250e59a4754b6b313d32d3c9a45b98b4d825af5b50b897ef902749f4cfd882094599ad12a0d0f2b494b484eed98fa87f1f9f18eec262ccda66047e0aa3302dd
data/CHANGELOG.md ADDED
@@ -0,0 +1,7 @@
1
+ ### 0.1.1 - 2019-04-29
2
+ - Add line number to Pronto::Message; fixes GitHub API usage error when attempting to add errors to PR comments
3
+ - Add gem version requirements to gemspec
4
+
5
+
6
+ ### 0.1.0 - 2019-04-28
7
+ - Initial release!
data/Gemfile.lock CHANGED
@@ -1,9 +1,9 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- pronto-bundler_audit (0.1.0)
5
- bundler-audit
6
- pronto
4
+ pronto-bundler_audit (0.1.1)
5
+ bundler-audit (~> 0)
6
+ pronto (~> 0)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
@@ -12,24 +12,12 @@ GEM
12
12
  public_suffix (>= 2.0.2, < 4.0)
13
13
  ansi (1.5.0)
14
14
  ast (2.4.0)
15
- axiom-types (0.1.1)
16
- descendants_tracker (~> 0.0.4)
17
- ice_nine (~> 0.11.0)
18
- thread_safe (~> 0.3, >= 0.3.1)
19
15
  builder (3.2.3)
20
16
  bundler-audit (0.6.1)
21
17
  bundler (>= 1.2.0, < 3)
22
18
  thor (~> 0.18)
23
19
  byebug (11.0.1)
24
- codeclimate-engine-rb (0.4.1)
25
- virtus (~> 1.0)
26
20
  coderay (1.1.2)
27
- coercible (1.0.0)
28
- descendants_tracker (~> 0.0.1)
29
- descendants_tracker (0.0.4)
30
- thread_safe (~> 0.3, >= 0.3.1)
31
- docile (1.3.1)
32
- equalizer (0.0.11)
33
21
  faraday (0.15.4)
34
22
  multipart-post (>= 1.2, < 3)
35
23
  gitlab (4.11.0)
@@ -38,10 +26,7 @@ GEM
38
26
  httparty (0.17.0)
39
27
  mime-types (~> 3.0)
40
28
  multi_xml (>= 0.5.2)
41
- ice_nine (0.11.2)
42
29
  jaro_winkler (1.5.2)
43
- json (2.2.0)
44
- kwalify (0.7.2)
45
30
  method_source (0.9.2)
46
31
  mime-types (3.2.2)
47
32
  mime-types-data (~> 3.2015)
@@ -54,11 +39,10 @@ GEM
54
39
  ruby-progressbar
55
40
  multi_xml (0.6.0)
56
41
  multipart-post (2.0.0)
57
- object_identifier (0.2.1)
58
42
  octokit (4.14.0)
59
43
  sawyer (~> 0.8.0, >= 0.5.3)
60
44
  parallel (1.17.0)
61
- parser (2.6.2.1)
45
+ parser (2.6.3.0)
62
46
  ast (~> 2.4.0)
63
47
  pronto (0.10.0)
64
48
  gitlab (~> 4.0, >= 4.0.0)
@@ -73,21 +57,13 @@ GEM
73
57
  pry-byebug (3.7.0)
74
58
  byebug (~> 11.0)
75
59
  pry (~> 0.10)
76
- psych (3.1.0)
77
60
  public_suffix (3.0.3)
78
61
  rainbow (3.0.0)
79
62
  rake (12.3.2)
80
- reek (5.4.0)
81
- codeclimate-engine-rb (~> 0.4.0)
82
- kwalify (~> 0.7.0)
83
- parser (>= 2.5.0.0, < 2.7, != 2.5.1.1)
84
- psych (~> 3.1.0)
85
- rainbow (>= 2.0, < 4.0)
86
- rubocop (0.67.2)
63
+ rubocop (0.68.0)
87
64
  jaro_winkler (~> 1.5.1)
88
65
  parallel (~> 1.10)
89
66
  parser (>= 2.5, != 2.5.1.1)
90
- psych (>= 3.1.0)
91
67
  rainbow (>= 2.2.2, < 4.0)
92
68
  ruby-progressbar (~> 1.7)
93
69
  unicode-display_width (>= 1.4.0, < 1.6)
@@ -96,38 +72,24 @@ GEM
96
72
  sawyer (0.8.1)
97
73
  addressable (>= 2.3.5, < 2.6)
98
74
  faraday (~> 0.8, < 1.0)
99
- simplecov (0.16.1)
100
- docile (~> 1.1)
101
- json (>= 1.8, < 3)
102
- simplecov-html (~> 0.10.0)
103
- simplecov-html (0.10.2)
104
75
  terminal-table (1.8.0)
105
76
  unicode-display_width (~> 1.1, >= 1.1.1)
106
77
  thor (0.20.3)
107
- thread_safe (0.3.6)
108
78
  unicode-display_width (1.5.0)
109
- virtus (1.0.5)
110
- axiom-types (~> 0.1)
111
- coercible (~> 1.0)
112
- descendants_tracker (~> 0.0, >= 0.0.3)
113
- equalizer (~> 0.0, >= 0.0.9)
114
79
 
115
80
  PLATFORMS
116
81
  ruby
117
82
 
118
83
  DEPENDENCIES
119
- bundler
120
- byebug
121
- minitest
122
- minitest-reporters
123
- object_identifier
84
+ bundler (~> 2)
85
+ byebug (~> 11)
86
+ minitest (~> 5)
87
+ minitest-reporters (~> 1)
124
88
  pronto-bundler_audit!
125
- pry
126
- pry-byebug
127
- rake
128
- reek
129
- rubocop
130
- simplecov
89
+ pry (~> 0)
90
+ pry-byebug (~> 3)
91
+ rake (~> 12)
92
+ rubocop (~> 0)
131
93
 
132
94
  BUNDLED WITH
133
95
  2.0.1
data/lib/pronto/bundler_audit/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Pronto
2
2
  module BundlerAudit
3
- VERSION = "0.1.0"
3
+ VERSION = "0.1.1"
4
4
  end
5
5
  end
data/lib/pronto/bundler_audit.rb CHANGED
@@ -10,6 +10,8 @@ module Pronto
10
10
  # 3. Runs bundle-audit to scan the Gemfile.lock
11
11
  # 4. Returns an Array of Pronto::Message objects if any issues are found
12
12
  class BundlerAudit < Runner
13
+ GEMFILE_LOCK_FILENAME = "Gemfile.lock".freeze
14
+
13
15
  def run
14
16
  patch = find_relevant_patch
15
17
 
@@ -27,7 +29,7 @@ module Pronto
27
29
 
28
30
  def relevant_patch_path?(patch)
29
31
  patch_path = patch.new_file_full_path.to_s
30
- patch_path.end_with?("Gemfile.lock")
32
+ patch_path.end_with?(GEMFILE_LOCK_FILENAME)
31
33
  end
32
34
 
33
35
  # Pronto::BundlerAudit::PatchHandler run Bundle Audit on the given patch
@@ -63,28 +65,48 @@ module Pronto
63
65
  def process_scan_result(scan_result)
64
66
  case scan_result
65
67
  when Bundler::Audit::Scanner::InsecureSource
66
- build_warning_message(
67
- "Insecure Source URI found: #{scan_result.source}")
68
+ report_insecure_source_scan_result
68
69
  when Bundler::Audit::Scanner::UnpatchedGem
69
- advisory =
70
- AdvisoryFormatter.new(
71
- gem: scan_result.gem, advisory: scan_result.advisory)
72
- message = advisory.to_compact_s
73
-
74
- build_error_message(message)
70
+ report_unpatched_gem_scan_result(scan_result)
75
71
  end
76
72
  end
77
73
 
74
+ def report_insecure_source_scan_result(scan_result)
75
+ build_warning_message(
76
+ "Insecure Source URI found: #{scan_result.source}")
77
+ end
78
+
79
+ def report_unpatched_gem_scan_result(scan_result)
80
+ advisory =
81
+ AdvisoryFormatter.new(
82
+ gem: scan_result.gem, advisory: scan_result.advisory)
83
+ message = advisory.to_compact_s
84
+ line = find_relevant_line(advisory)
85
+
86
+ build_error_message(message, line: line)
87
+ end
88
+
89
+ # @return [Pronto::Git::Line]
90
+ def find_relevant_line(advisory)
91
+ first_added_line_for_affected_gem_name(advisory.gem_name)
92
+ end
93
+
94
+ # @return [Pronto::Git::Line]
95
+ def first_added_line_for_affected_gem_name(gem_name)
96
+ @patch.added_lines.detect { |line| line.content.include?(gem_name) }
97
+ end
98
+
78
99
  def build_warning_message(message)
79
100
  build_message(message, level: :warning)
80
101
  end
81
102
 
82
- def build_error_message(message)
83
- build_message(message, level: :error)
103
+ def build_error_message(message, line:)
104
+ build_message(message, level: :error, line: line)
84
105
  end
85
106
 
86
- def build_message(message, level:)
87
- Message.new("Gemfile.lock", nil, level, message, nil, @runner.class)
107
+ def build_message(message, level:, line:)
108
+ Message.new(
109
+ GEMFILE_LOCK_FILENAME, line, level, message, nil, @runner.class)
88
110
  end
89
111
 
90
112
  # Pronto::BundlerAudit::PatchHandler::AdvisoryFormatter is a message
@@ -119,12 +141,12 @@ module Pronto
119
141
  ].join(" | ")
120
142
  end
121
143
 
122
- private
123
-
124
144
  def gem_name
125
145
  @gem.name
126
146
  end
127
147
 
148
+ private
149
+
128
150
  def gem_version
129
151
  @gem.version
130
152
  end
data/pronto-bundler_audit.gemspec CHANGED
@@ -35,18 +35,16 @@ Gem::Specification.new do |spec|
35
35
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
36
36
  spec.require_paths = ["lib"]
37
37
 
38
- spec.add_runtime_dependency "pronto"
39
- spec.add_runtime_dependency "bundler-audit"
40
-
41
- spec.add_development_dependency "bundler"
42
- spec.add_development_dependency "byebug"
43
- spec.add_development_dependency "minitest"
44
- spec.add_development_dependency "minitest-reporters"
45
- spec.add_development_dependency "object_identifier"
46
- spec.add_development_dependency "pry"
47
- spec.add_development_dependency "pry-byebug"
48
- spec.add_development_dependency "rake"
49
- spec.add_development_dependency "reek"
50
- spec.add_development_dependency "rubocop"
51
- spec.add_development_dependency "simplecov"
38
+ spec.add_runtime_dependency "pronto", "~> 0"
39
+ spec.add_runtime_dependency "bundler-audit", "~> 0"
40
+
41
+ spec.add_development_dependency "bundler", "~> 2"
42
+ spec.add_development_dependency "byebug", "~> 11"
43
+ spec.add_development_dependency "minitest", "~> 5"
44
+ spec.add_development_dependency "minitest-reporters", "~> 1"
45
+ spec.add_development_dependency "pry", "~> 0"
46
+ spec.add_development_dependency "pry-byebug", "~> 3"
47
+ spec.add_development_dependency "rake", "~> 12"
48
+ spec.add_development_dependency "rubocop", "~> 0"
49
+ # spec.add_development_dependency "simplecov", "~> 0.16"
52
50
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pronto-bundler_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paul Dobbins
@@ -14,182 +14,140 @@ dependencies:
14
14
  name: pronto
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ">="
17
+ - - "~>"
18
18
  - !ruby/object:Gem::Version
19
19
  version: '0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ">="
24
+ - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: '0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler-audit
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ">="
31
+ - - "~>"
32
32
  - !ruby/object:Gem::Version
33
33
  version: '0'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ">="
38
+ - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ">="
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '0'
47
+ version: '2'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ">="
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '0'
54
+ version: '2'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: byebug
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - ">="
59
+ - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '0'
61
+ version: '11'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - ">="
66
+ - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '0'
68
+ version: '11'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: minitest
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - ">="
73
+ - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: '0'
75
+ version: '5'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - ">="
80
+ - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: '0'
82
+ version: '5'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: minitest-reporters
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - ">="
87
+ - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '0'
89
+ version: '1'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - ">="
94
+ - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '0'
97
- - !ruby/object:Gem::Dependency
98
- name: object_identifier
99
- requirement: !ruby/object:Gem::Requirement
100
- requirements:
101
- - - ">="
102
- - !ruby/object:Gem::Version
103
- version: '0'
104
- type: :development
105
- prerelease: false
106
- version_requirements: !ruby/object:Gem::Requirement
107
- requirements:
108
- - - ">="
109
- - !ruby/object:Gem::Version
110
- version: '0'
96
+ version: '1'
111
97
  - !ruby/object:Gem::Dependency
112
98
  name: pry
113
99
  requirement: !ruby/object:Gem::Requirement
114
100
  requirements:
115
- - - ">="
101
+ - - "~>"
116
102
  - !ruby/object:Gem::Version
117
103
  version: '0'
118
104
  type: :development
119
105
  prerelease: false
120
106
  version_requirements: !ruby/object:Gem::Requirement
121
107
  requirements:
122
- - - ">="
108
+ - - "~>"
123
109
  - !ruby/object:Gem::Version
124
110
  version: '0'
125
111
  - !ruby/object:Gem::Dependency
126
112
  name: pry-byebug
127
113
  requirement: !ruby/object:Gem::Requirement
128
114
  requirements:
129
- - - ">="
115
+ - - "~>"
130
116
  - !ruby/object:Gem::Version
131
- version: '0'
117
+ version: '3'
132
118
  type: :development
133
119
  prerelease: false
134
120
  version_requirements: !ruby/object:Gem::Requirement
135
121
  requirements:
136
- - - ">="
122
+ - - "~>"
137
123
  - !ruby/object:Gem::Version
138
- version: '0'
124
+ version: '3'
139
125
  - !ruby/object:Gem::Dependency
140
126
  name: rake
141
127
  requirement: !ruby/object:Gem::Requirement
142
128
  requirements:
143
- - - ">="
129
+ - - "~>"
144
130
  - !ruby/object:Gem::Version
145
- version: '0'
131
+ version: '12'
146
132
  type: :development
147
133
  prerelease: false
148
134
  version_requirements: !ruby/object:Gem::Requirement
149
135
  requirements:
150
- - - ">="
136
+ - - "~>"
151
137
  - !ruby/object:Gem::Version
152
- version: '0'
153
- - !ruby/object:Gem::Dependency
154
- name: reek
155
- requirement: !ruby/object:Gem::Requirement
156
- requirements:
157
- - - ">="
158
- - !ruby/object:Gem::Version
159
- version: '0'
160
- type: :development
161
- prerelease: false
162
- version_requirements: !ruby/object:Gem::Requirement
163
- requirements:
164
- - - ">="
165
- - !ruby/object:Gem::Version
166
- version: '0'
138
+ version: '12'
167
139
  - !ruby/object:Gem::Dependency
168
140
  name: rubocop
169
141
  requirement: !ruby/object:Gem::Requirement
170
142
  requirements:
171
- - - ">="
172
- - !ruby/object:Gem::Version
173
- version: '0'
174
- type: :development
175
- prerelease: false
176
- version_requirements: !ruby/object:Gem::Requirement
177
- requirements:
178
- - - ">="
179
- - !ruby/object:Gem::Version
180
- version: '0'
181
- - !ruby/object:Gem::Dependency
182
- name: simplecov
183
- requirement: !ruby/object:Gem::Requirement
184
- requirements:
185
- - - ">="
143
+ - - "~>"
186
144
  - !ruby/object:Gem::Version
187
145
  version: '0'
188
146
  type: :development
189
147
  prerelease: false
190
148
  version_requirements: !ruby/object:Gem::Requirement
191
149
  requirements:
192
- - - ">="
150
+ - - "~>"
193
151
  - !ruby/object:Gem::Version
194
152
  version: '0'
195
153
  description:
@@ -201,6 +159,7 @@ extra_rdoc_files: []
201
159
  files:
202
160
  - ".gitignore"
203
161
  - ".travis.yml"
162
+ - CHANGELOG.md
204
163
  - Gemfile
205
164
  - Gemfile.lock
206
165
  - LICENSE.txt