pronto-bundler_audit 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CHANGELOG.md +3 -0
- data/Gemfile.lock +14 -2
- data/README.md +42 -3
- data/images/github-check.png +0 -0
- data/images/github-comment.png +0 -0
- data/lib/pronto/bundler_audit/patch_handler.rb +165 -0
- data/lib/pronto/bundler_audit/version.rb +3 -2
- data/lib/pronto/bundler_audit.rb +9 -164
- data/pronto-bundler_audit.gemspec +4 -4
- metadata +41 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4f5e3d57ee3196408dfa094d7f049418ab9cde1547b8d895b4850b89e4b3eddf
|
4
|
+
data.tar.gz: 2faf2c8e0b126fa1158ace92f13c4e5db196ebccb909b8cdececf63a7ad8f427
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 547da0556ee2b901ab926f3e886f36d0098e3f142eb570cfa2e4fb50f656f49afdecfa696158e1ec9ca4df1c3a204aee5b204c7a0f012bbcf90490ee2279983b
|
7
|
+
data.tar.gz: 1d2e0812b77939c079c5f68fbbbccdf3e45522be2971705a462bc6eabe22e11c68312ea4dda66b416eb1171147ee88edf297ad5871e730ac65b7ddea80335be1
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
### 0.2.0 - 2019-04-30
|
2
|
+
- Fix conditional for running Bundle Audit scans -- was always running even if there was nothing to run on in a given Pronto::Patches set
|
3
|
+
|
1
4
|
### 0.1.1 - 2019-04-29
|
2
5
|
- Add line number to Pronto::Message; fixes GitHub API usage error when attempting to add errors to PR comments
|
3
6
|
- Add gem version requirements to gemspec
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
pronto-bundler_audit (0.
|
4
|
+
pronto-bundler_audit (0.2.0)
|
5
5
|
bundler-audit (~> 0)
|
6
6
|
pronto (~> 0)
|
7
7
|
|
@@ -18,6 +18,7 @@ GEM
|
|
18
18
|
thor (~> 0.18)
|
19
19
|
byebug (11.0.1)
|
20
20
|
coderay (1.1.2)
|
21
|
+
docile (1.3.1)
|
21
22
|
faraday (0.15.4)
|
22
23
|
multipart-post (>= 1.2, < 3)
|
23
24
|
gitlab (4.11.0)
|
@@ -27,6 +28,8 @@ GEM
|
|
27
28
|
mime-types (~> 3.0)
|
28
29
|
multi_xml (>= 0.5.2)
|
29
30
|
jaro_winkler (1.5.2)
|
31
|
+
json (2.2.0)
|
32
|
+
metaclass (0.0.4)
|
30
33
|
method_source (0.9.2)
|
31
34
|
mime-types (3.2.2)
|
32
35
|
mime-types-data (~> 3.2015)
|
@@ -37,6 +40,8 @@ GEM
|
|
37
40
|
builder
|
38
41
|
minitest (>= 5.0)
|
39
42
|
ruby-progressbar
|
43
|
+
mocha (1.8.0)
|
44
|
+
metaclass (~> 0.0.1)
|
40
45
|
multi_xml (0.6.0)
|
41
46
|
multipart-post (2.0.0)
|
42
47
|
octokit (4.14.0)
|
@@ -72,6 +77,11 @@ GEM
|
|
72
77
|
sawyer (0.8.1)
|
73
78
|
addressable (>= 2.3.5, < 2.6)
|
74
79
|
faraday (~> 0.8, < 1.0)
|
80
|
+
simplecov (0.16.1)
|
81
|
+
docile (~> 1.1)
|
82
|
+
json (>= 1.8, < 3)
|
83
|
+
simplecov-html (~> 0.10.0)
|
84
|
+
simplecov-html (0.10.2)
|
75
85
|
terminal-table (1.8.0)
|
76
86
|
unicode-display_width (~> 1.1, >= 1.1.1)
|
77
87
|
thor (0.20.3)
|
@@ -85,11 +95,13 @@ DEPENDENCIES
|
|
85
95
|
byebug (~> 11)
|
86
96
|
minitest (~> 5)
|
87
97
|
minitest-reporters (~> 1)
|
98
|
+
mocha (~> 1)
|
88
99
|
pronto-bundler_audit!
|
89
100
|
pry (~> 0)
|
90
101
|
pry-byebug (~> 3)
|
91
102
|
rake (~> 12)
|
92
|
-
rubocop (
|
103
|
+
rubocop (>= 0.67.2, < 1)
|
104
|
+
simplecov (~> 0.16)
|
93
105
|
|
94
106
|
BUNDLED WITH
|
95
107
|
2.0.1
|
data/README.md
CHANGED
@@ -1,13 +1,18 @@
|
|
1
|
+
[![Gem Version](https://badge.fury.io/rb/pronto-bundler_audit.svg)](https://badge.fury.io/rb/pronto-bundler_audit)
|
2
|
+
[![Build Status](https://travis-ci.org/pdobb/pronto-bundler_audit.svg?branch=master)](https://travis-ci.org/pdobb/pronto-bundler_audit)
|
3
|
+
[![Maintainability](https://api.codeclimate.com/v1/badges/7ac01a6a6eace46487d9/maintainability)](https://codeclimate.com/github/pdobb/pronto-bundler_audit/maintainability)
|
4
|
+
[![Test Coverage](https://api.codeclimate.com/v1/badges/7ac01a6a6eace46487d9/test_coverage)](https://codeclimate.com/github/pdobb/pronto-bundler_audit/test_coverage)
|
5
|
+
|
1
6
|
# Pronto::BundlerAudit
|
2
7
|
|
3
8
|
Pronto runner for [bundler-audit](https://github.com/rubysec/bundler-audit), patch-level verification for bundler. [What is Pronto?](https://github.com/prontolabs/pronto)
|
4
9
|
|
5
10
|
## Installation
|
6
11
|
|
7
|
-
Add this line to your application's Gemfile:
|
12
|
+
Add this line to the `development` group of your application's Gemfile:
|
8
13
|
|
9
14
|
```ruby
|
10
|
-
gem 'pronto-bundler_audit'
|
15
|
+
gem 'pronto-bundler_audit', require: false
|
11
16
|
```
|
12
17
|
|
13
18
|
And then execute:
|
@@ -18,9 +23,38 @@ Or install it yourself as:
|
|
18
23
|
|
19
24
|
$ gem install pronto-bundler_audit
|
20
25
|
|
26
|
+
## Compatibility
|
27
|
+
|
28
|
+
Tested MRI Ruby Versions:
|
29
|
+
* 2.3
|
30
|
+
* 2.4
|
31
|
+
* 2.5
|
32
|
+
* 2.6
|
33
|
+
* edge
|
34
|
+
|
21
35
|
## Usage
|
22
36
|
|
23
|
-
|
37
|
+
Once installed as a gem, this runner activate automatically when [running Pronto](https://github.com/prontolabs/pronto#usage) -- no configuration is required.
|
38
|
+
|
39
|
+
### Examples
|
40
|
+
|
41
|
+
#### Local Pronto Run
|
42
|
+
|
43
|
+
```bash
|
44
|
+
$ time pronto run -c=development --runner bundler_audit
|
45
|
+
Running Pronto::BundlerAudit
|
46
|
+
Gemfile.lock: E: Gem: bootstrap-sass v3.4.0 | Medium Advisory: XSS vulnerability in bootstrap-sass -- CVE-2019-8331 (https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/) | Solution: Upgrade to >= 3.4.1.
|
47
|
+
|
48
|
+
real 0m1.417s
|
49
|
+
user 0m0.773s
|
50
|
+
sys 0m0.252s
|
51
|
+
```
|
52
|
+
|
53
|
+
#### Github Pull Request - Checks
|
54
|
+
![Github Check](images/github-check.png)
|
55
|
+
|
56
|
+
#### Github Pull Request - Comments
|
57
|
+
![Github Comment](images/github-comment.png)
|
24
58
|
|
25
59
|
## Development
|
26
60
|
|
@@ -28,6 +62,11 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
|
28
62
|
|
29
63
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
30
64
|
|
65
|
+
## TODO
|
66
|
+
|
67
|
+
* Add more tests
|
68
|
+
* Add configuration for compact vs expanded advisories reporting
|
69
|
+
|
31
70
|
## Contributing
|
32
71
|
|
33
72
|
Bug reports and pull requests are welcome on GitHub at https://github.com/pdobb/pronto-bundler_audit.
|
Binary file
|
Binary file
|
@@ -0,0 +1,165 @@
|
|
1
|
+
module Pronto
|
2
|
+
class BundlerAudit < Runner
|
3
|
+
# Pronto::BundlerAudit::PatchHandler runs Bundle Audit on the given patch
|
4
|
+
# and returns an Array of Pronto::Message objects if any advisories are
|
5
|
+
# found.
|
6
|
+
class PatchHandler
|
7
|
+
def initialize(patch, runner:)
|
8
|
+
@patch = patch
|
9
|
+
@runner = runner
|
10
|
+
end
|
11
|
+
|
12
|
+
# @return (see: #run_scan)
|
13
|
+
def call
|
14
|
+
update_ruby_advisory_db
|
15
|
+
run_scan
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def update_ruby_advisory_db
|
21
|
+
Bundler::Audit::Database.update!(quiet: true)
|
22
|
+
end
|
23
|
+
|
24
|
+
# @return [Array>] if no advisories were found
|
25
|
+
# @return [Array<Pronto::Message>] if advisories were found
|
26
|
+
def run_scan
|
27
|
+
scanner = Bundler::Audit::Scanner.new
|
28
|
+
|
29
|
+
scanner.scan.inject([]) do |acc, scan_result|
|
30
|
+
acc << process_scan_result(scan_result)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
def process_scan_result(scan_result)
|
35
|
+
case scan_result
|
36
|
+
when Bundler::Audit::Scanner::InsecureSource
|
37
|
+
report_insecure_source_scan_result
|
38
|
+
when Bundler::Audit::Scanner::UnpatchedGem
|
39
|
+
report_unpatched_gem_scan_result(scan_result)
|
40
|
+
else
|
41
|
+
raise ArgumentError, "unexpected type: #{scan_result.class}"
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def report_insecure_source_scan_result(scan_result)
|
46
|
+
build_warning_message(
|
47
|
+
"Insecure Source URI found: #{scan_result.source}")
|
48
|
+
end
|
49
|
+
|
50
|
+
def report_unpatched_gem_scan_result(scan_result)
|
51
|
+
advisory =
|
52
|
+
AdvisoryFormatter.new(
|
53
|
+
gem: scan_result.gem, advisory: scan_result.advisory)
|
54
|
+
message = advisory.to_compact_s
|
55
|
+
line = find_relevant_line(advisory)
|
56
|
+
|
57
|
+
build_error_message(message, line: line)
|
58
|
+
end
|
59
|
+
|
60
|
+
# @return [Pronto::Git::Line]
|
61
|
+
def find_relevant_line(advisory)
|
62
|
+
first_added_line_for_affected_gem_name(advisory.gem_name)
|
63
|
+
end
|
64
|
+
|
65
|
+
# @return [Pronto::Git::Line]
|
66
|
+
def first_added_line_for_affected_gem_name(gem_name)
|
67
|
+
@patch.added_lines.detect { |line| line.content.include?(gem_name) }
|
68
|
+
end
|
69
|
+
|
70
|
+
def build_warning_message(message)
|
71
|
+
build_message(message, level: :warning)
|
72
|
+
end
|
73
|
+
|
74
|
+
def build_error_message(message, line:)
|
75
|
+
build_message(message, level: :error, line: line)
|
76
|
+
end
|
77
|
+
|
78
|
+
def build_message(message, level:, line:)
|
79
|
+
Message.new(
|
80
|
+
GEMFILE_LOCK_FILENAME, line, level, message, nil, @runner.class)
|
81
|
+
end
|
82
|
+
|
83
|
+
# Pronto::BundlerAudit::PatchHandler::AdvisoryFormatter is a message
|
84
|
+
# formatter for the given gem object and Bundler::Audit::Advisory#advisory
|
85
|
+
# object.
|
86
|
+
class AdvisoryFormatter
|
87
|
+
# param gem [Bundler::LazySpecification]
|
88
|
+
# param advisory [Bundler::Audit::Advisory]
|
89
|
+
def initialize(gem:, advisory:)
|
90
|
+
@gem = gem
|
91
|
+
@advisory = advisory
|
92
|
+
end
|
93
|
+
|
94
|
+
def to_s
|
95
|
+
[
|
96
|
+
"Name: #{gem_name}",
|
97
|
+
"Version: #{gem_version}",
|
98
|
+
"Advisory: #{advisory_description}",
|
99
|
+
"Criticality: #{advisory_criticality}",
|
100
|
+
"URL: #{advisory_url}",
|
101
|
+
"Title: #{advisory_title}",
|
102
|
+
"Solution: #{advisory_solution}"
|
103
|
+
].join("\n")
|
104
|
+
end
|
105
|
+
|
106
|
+
def to_compact_s
|
107
|
+
[
|
108
|
+
"Gem: #{gem_name} v#{gem_version}",
|
109
|
+
"#{advisory_criticality} Advisory: #{advisory_title} -- "\
|
110
|
+
"#{advisory_description} (#{advisory_url})",
|
111
|
+
"Solution: #{advisory_solution}"
|
112
|
+
].join(" | ")
|
113
|
+
end
|
114
|
+
|
115
|
+
def gem_name
|
116
|
+
@gem.name
|
117
|
+
end
|
118
|
+
|
119
|
+
private
|
120
|
+
|
121
|
+
def gem_version
|
122
|
+
@gem.version
|
123
|
+
end
|
124
|
+
|
125
|
+
def advisory_description
|
126
|
+
if @advisory.cve
|
127
|
+
"CVE-#{@advisory.cve}"
|
128
|
+
elsif @advisory.osvdb
|
129
|
+
@advisory.osvdb
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
def advisory_criticality
|
134
|
+
str = @advisory.criticality.to_s.capitalize
|
135
|
+
str = "Unknown" if str.empty?
|
136
|
+
str
|
137
|
+
end
|
138
|
+
|
139
|
+
def advisory_url
|
140
|
+
@advisory.url
|
141
|
+
end
|
142
|
+
|
143
|
+
def advisory_title
|
144
|
+
@advisory.title
|
145
|
+
end
|
146
|
+
|
147
|
+
def advisory_solution
|
148
|
+
if any_patched_versions?
|
149
|
+
"Upgrade to #{patched_versions}."
|
150
|
+
else
|
151
|
+
"Remove or disable this gem until a patch is available!"
|
152
|
+
end
|
153
|
+
end
|
154
|
+
|
155
|
+
def patched_versions
|
156
|
+
@advisory.patched_versions.join(', ')
|
157
|
+
end
|
158
|
+
|
159
|
+
def any_patched_versions?
|
160
|
+
!@advisory.patched_versions.empty?
|
161
|
+
end
|
162
|
+
end
|
163
|
+
end
|
164
|
+
end
|
165
|
+
end
|
data/lib/pronto/bundler_audit.rb
CHANGED
@@ -1,6 +1,8 @@
|
|
1
1
|
require "pronto"
|
2
2
|
require "bundler/audit/database"
|
3
3
|
require "bundler/audit/scanner"
|
4
|
+
require "pronto/bundler_audit/version"
|
5
|
+
require "pronto/bundler_audit/patch_handler"
|
4
6
|
|
5
7
|
module Pronto
|
6
8
|
# Pronto::BundlerAudit is a Pronto::Runner that:
|
@@ -8,22 +10,24 @@ module Pronto
|
|
8
10
|
# Gemfile.lock)
|
9
11
|
# 2. Updates the Ruby Advisory Database
|
10
12
|
# 3. Runs bundle-audit to scan the Gemfile.lock
|
11
|
-
# 4. Returns an Array of Pronto::Message objects if any
|
13
|
+
# 4. Returns an Array of Pronto::Message objects if any advisories are found
|
12
14
|
class BundlerAudit < Runner
|
13
15
|
GEMFILE_LOCK_FILENAME = "Gemfile.lock".freeze
|
14
16
|
|
15
17
|
def run
|
16
18
|
patch = find_relevant_patch
|
17
19
|
|
18
|
-
|
19
|
-
|
20
|
+
if patch
|
21
|
+
patch_handler = PatchHandler.new(patch, runner: self)
|
22
|
+
patch_handler.call
|
23
|
+
end
|
20
24
|
end
|
21
25
|
|
22
26
|
private
|
23
27
|
|
24
28
|
def find_relevant_patch
|
25
|
-
@patches.
|
26
|
-
|
29
|
+
@patches.reverse.detect { |patch|
|
30
|
+
patch.additions > 0 && relevant_patch_path?(patch)
|
27
31
|
}
|
28
32
|
end
|
29
33
|
|
@@ -31,164 +35,5 @@ module Pronto
|
|
31
35
|
patch_path = patch.new_file_full_path.to_s
|
32
36
|
patch_path.end_with?(GEMFILE_LOCK_FILENAME)
|
33
37
|
end
|
34
|
-
|
35
|
-
# Pronto::BundlerAudit::PatchHandler run Bundle Audit on the given patch
|
36
|
-
# and returns an Array of Pronto::Message objects, if any issues are found.
|
37
|
-
class PatchHandler
|
38
|
-
def initialize(patch, runner:)
|
39
|
-
@patch = patch
|
40
|
-
@runner = runner
|
41
|
-
end
|
42
|
-
|
43
|
-
# @return (see: #run_scan)
|
44
|
-
def call
|
45
|
-
update_ruby_advisory_db
|
46
|
-
run_scan
|
47
|
-
end
|
48
|
-
|
49
|
-
private
|
50
|
-
|
51
|
-
def update_ruby_advisory_db
|
52
|
-
Bundler::Audit::Database.update!(quiet: true)
|
53
|
-
end
|
54
|
-
|
55
|
-
# @return [Array>] if no issues were found
|
56
|
-
# @return [Array<Pronto::Message>] if issues were found
|
57
|
-
def run_scan
|
58
|
-
scanner = Bundler::Audit::Scanner.new
|
59
|
-
|
60
|
-
scanner.scan.inject([]) do |acc, scan_result|
|
61
|
-
acc << process_scan_result(scan_result)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
def process_scan_result(scan_result)
|
66
|
-
case scan_result
|
67
|
-
when Bundler::Audit::Scanner::InsecureSource
|
68
|
-
report_insecure_source_scan_result
|
69
|
-
when Bundler::Audit::Scanner::UnpatchedGem
|
70
|
-
report_unpatched_gem_scan_result(scan_result)
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
def report_insecure_source_scan_result(scan_result)
|
75
|
-
build_warning_message(
|
76
|
-
"Insecure Source URI found: #{scan_result.source}")
|
77
|
-
end
|
78
|
-
|
79
|
-
def report_unpatched_gem_scan_result(scan_result)
|
80
|
-
advisory =
|
81
|
-
AdvisoryFormatter.new(
|
82
|
-
gem: scan_result.gem, advisory: scan_result.advisory)
|
83
|
-
message = advisory.to_compact_s
|
84
|
-
line = find_relevant_line(advisory)
|
85
|
-
|
86
|
-
build_error_message(message, line: line)
|
87
|
-
end
|
88
|
-
|
89
|
-
# @return [Pronto::Git::Line]
|
90
|
-
def find_relevant_line(advisory)
|
91
|
-
first_added_line_for_affected_gem_name(advisory.gem_name)
|
92
|
-
end
|
93
|
-
|
94
|
-
# @return [Pronto::Git::Line]
|
95
|
-
def first_added_line_for_affected_gem_name(gem_name)
|
96
|
-
@patch.added_lines.detect { |line| line.content.include?(gem_name) }
|
97
|
-
end
|
98
|
-
|
99
|
-
def build_warning_message(message)
|
100
|
-
build_message(message, level: :warning)
|
101
|
-
end
|
102
|
-
|
103
|
-
def build_error_message(message, line:)
|
104
|
-
build_message(message, level: :error, line: line)
|
105
|
-
end
|
106
|
-
|
107
|
-
def build_message(message, level:, line:)
|
108
|
-
Message.new(
|
109
|
-
GEMFILE_LOCK_FILENAME, line, level, message, nil, @runner.class)
|
110
|
-
end
|
111
|
-
|
112
|
-
# Pronto::BundlerAudit::PatchHandler::AdvisoryFormatter is a message
|
113
|
-
# formatter for the given gem object and Bundler::Audit::Advisory#advisory
|
114
|
-
# object.
|
115
|
-
class AdvisoryFormatter
|
116
|
-
# param gem [Bundler::LazySpecification]
|
117
|
-
# param advisory [Bundler::Audit::Advisory]
|
118
|
-
def initialize(gem:, advisory:)
|
119
|
-
@gem = gem
|
120
|
-
@advisory = advisory
|
121
|
-
end
|
122
|
-
|
123
|
-
def to_s
|
124
|
-
[
|
125
|
-
"Name: #{gem_name}",
|
126
|
-
"Version: #{gem_version}",
|
127
|
-
"Advisory: #{advisory_description}",
|
128
|
-
"Criticality: #{advisory_criticality}",
|
129
|
-
"URL: #{advisory_url}",
|
130
|
-
"Title: #{advisory_title}",
|
131
|
-
"Solution: #{advisory_solution}"
|
132
|
-
].join("\n")
|
133
|
-
end
|
134
|
-
|
135
|
-
def to_compact_s
|
136
|
-
[
|
137
|
-
"Gem: #{gem_name} v#{gem_version}",
|
138
|
-
"#{advisory_criticality} Advisory: #{advisory_title} -- "\
|
139
|
-
"#{advisory_description} (#{advisory_url})",
|
140
|
-
"Solution: #{advisory_solution}"
|
141
|
-
].join(" | ")
|
142
|
-
end
|
143
|
-
|
144
|
-
def gem_name
|
145
|
-
@gem.name
|
146
|
-
end
|
147
|
-
|
148
|
-
private
|
149
|
-
|
150
|
-
def gem_version
|
151
|
-
@gem.version
|
152
|
-
end
|
153
|
-
|
154
|
-
def advisory_description
|
155
|
-
if @advisory.cve
|
156
|
-
"CVE-#{@advisory.cve}"
|
157
|
-
elsif @advisory.osvdb
|
158
|
-
@advisory.osvdb
|
159
|
-
end
|
160
|
-
end
|
161
|
-
|
162
|
-
def advisory_criticality
|
163
|
-
str = @advisory.criticality.to_s.capitalize
|
164
|
-
str = "Unknown" if str.empty?
|
165
|
-
str
|
166
|
-
end
|
167
|
-
|
168
|
-
def advisory_url
|
169
|
-
@advisory.url
|
170
|
-
end
|
171
|
-
|
172
|
-
def advisory_title
|
173
|
-
@advisory.title
|
174
|
-
end
|
175
|
-
|
176
|
-
def advisory_solution
|
177
|
-
if any_patched_versions?
|
178
|
-
"Upgrade to #{patched_versions}."
|
179
|
-
else
|
180
|
-
"Remove or disable this gem until a patch is available!"
|
181
|
-
end
|
182
|
-
end
|
183
|
-
|
184
|
-
def patched_versions
|
185
|
-
@advisory.patched_versions.join(', ')
|
186
|
-
end
|
187
|
-
|
188
|
-
def any_patched_versions?
|
189
|
-
!@advisory.patched_versions.empty?
|
190
|
-
end
|
191
|
-
end
|
192
|
-
end
|
193
38
|
end
|
194
39
|
end
|
@@ -1,11 +1,10 @@
|
|
1
|
-
|
2
1
|
lib = File.expand_path("../lib", __FILE__)
|
3
2
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
3
|
require "pronto/bundler_audit/version"
|
5
4
|
|
6
5
|
Gem::Specification.new do |spec|
|
7
6
|
spec.name = "pronto-bundler_audit"
|
8
|
-
spec.version = Pronto::
|
7
|
+
spec.version = Pronto::BundlerAuditVersion::VERSION
|
9
8
|
spec.authors = ["Paul Dobbins"]
|
10
9
|
spec.email = ["paul.dobbins@icloud.com"]
|
11
10
|
|
@@ -42,9 +41,10 @@ Gem::Specification.new do |spec|
|
|
42
41
|
spec.add_development_dependency "byebug", "~> 11"
|
43
42
|
spec.add_development_dependency "minitest", "~> 5"
|
44
43
|
spec.add_development_dependency "minitest-reporters", "~> 1"
|
44
|
+
spec.add_development_dependency "mocha", "~> 1"
|
45
45
|
spec.add_development_dependency "pry", "~> 0"
|
46
46
|
spec.add_development_dependency "pry-byebug", "~> 3"
|
47
47
|
spec.add_development_dependency "rake", "~> 12"
|
48
|
-
spec.add_development_dependency "rubocop", "
|
49
|
-
|
48
|
+
spec.add_development_dependency "rubocop", ">= 0.67.2", "< 1"
|
49
|
+
spec.add_development_dependency "simplecov", "~> 0.16"
|
50
50
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pronto-bundler_audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paul Dobbins
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-04-
|
11
|
+
date: 2019-04-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: pronto
|
@@ -94,6 +94,20 @@ dependencies:
|
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
96
|
version: '1'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: mocha
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '1'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '1'
|
97
111
|
- !ruby/object:Gem::Dependency
|
98
112
|
name: pry
|
99
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -138,18 +152,38 @@ dependencies:
|
|
138
152
|
version: '12'
|
139
153
|
- !ruby/object:Gem::Dependency
|
140
154
|
name: rubocop
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - ">="
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: 0.67.2
|
160
|
+
- - "<"
|
161
|
+
- !ruby/object:Gem::Version
|
162
|
+
version: '1'
|
163
|
+
type: :development
|
164
|
+
prerelease: false
|
165
|
+
version_requirements: !ruby/object:Gem::Requirement
|
166
|
+
requirements:
|
167
|
+
- - ">="
|
168
|
+
- !ruby/object:Gem::Version
|
169
|
+
version: 0.67.2
|
170
|
+
- - "<"
|
171
|
+
- !ruby/object:Gem::Version
|
172
|
+
version: '1'
|
173
|
+
- !ruby/object:Gem::Dependency
|
174
|
+
name: simplecov
|
141
175
|
requirement: !ruby/object:Gem::Requirement
|
142
176
|
requirements:
|
143
177
|
- - "~>"
|
144
178
|
- !ruby/object:Gem::Version
|
145
|
-
version: '0'
|
179
|
+
version: '0.16'
|
146
180
|
type: :development
|
147
181
|
prerelease: false
|
148
182
|
version_requirements: !ruby/object:Gem::Requirement
|
149
183
|
requirements:
|
150
184
|
- - "~>"
|
151
185
|
- !ruby/object:Gem::Version
|
152
|
-
version: '0'
|
186
|
+
version: '0.16'
|
153
187
|
description:
|
154
188
|
email:
|
155
189
|
- paul.dobbins@icloud.com
|
@@ -167,7 +201,10 @@ files:
|
|
167
201
|
- Rakefile
|
168
202
|
- bin/console
|
169
203
|
- bin/setup
|
204
|
+
- images/github-check.png
|
205
|
+
- images/github-comment.png
|
170
206
|
- lib/pronto/bundler_audit.rb
|
207
|
+
- lib/pronto/bundler_audit/patch_handler.rb
|
171
208
|
- lib/pronto/bundler_audit/version.rb
|
172
209
|
- pronto-bundler_audit.gemspec
|
173
210
|
homepage: http://github.com/pdobb/pronto-bundler_audit
|