pronto-bundler_audit 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/Gemfile.lock +13 -51
  4. data/lib/pronto/bundler_audit/version.rb +1 -1
  5. data/lib/pronto/bundler_audit.rb +37 -15
  6. data/pronto-bundler_audit.gemspec +12 -14
  7. metadata +34 -75
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a1e6851baf36d42500cc736579e9b4dfe12d58ad4142cea5909e5e6c2b6f8cd4
4
- data.tar.gz: 0d6a119979f0f6c2cbce6cb2d07fd92948085877c9edb0d5894c357197a1dfd8
3
+ metadata.gz: 2873f35b21834bcf629f9dc4f6d3f03dd951d53c57f7fb243bd2a3bbf07cc86d
4
+ data.tar.gz: 4fee93d0072331bae4923cef0e0ce8b25cd16eafc6c87e85bb00cfdc21f37c2d
5
5
  SHA512:
6
- metadata.gz: f9d8b82ad4ad5367c6cd26ed21692c6cb774498071fb8288a3f3d2efbeae891eee30e41b1fe88117683c31f3f3be1c47129d9cd515793a385946dee1244dfb26
7
- data.tar.gz: 468c3a01eab1325cc560cd3600b93cfde048b64657c31353f79cb1cc5b01a56755d5d8975d2ee646d6027883d4f5c8ac5dc0fb243d29a0e44acb975c9d353814
6
+ metadata.gz: 301d7d5be5569acf52a7111f810ad23eb1e44518be8cfd55ae6bce85145fba559afc78f3cfe59717a1f272db6abb29cb52fc862c9b9ebcc7227ac1d579efb75c
7
+ data.tar.gz: e250e59a4754b6b313d32d3c9a45b98b4d825af5b50b897ef902749f4cfd882094599ad12a0d0f2b494b484eed98fa87f1f9f18eec262ccda66047e0aa3302dd
data/CHANGELOG.md ADDED
@@ -0,0 +1,7 @@
1
+ ### 0.1.1 - 2019-04-29
2
+ - Add line number to Pronto::Message; fixes GitHub API usage error when attempting to add errors to PR comments
3
+ - Add gem version requirements to gemspec
4
+
5
+
6
+ ### 0.1.0 - 2019-04-28
7
+ - Initial release!
data/Gemfile.lock CHANGED
@@ -1,9 +1,9 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- pronto-bundler_audit (0.1.0)
5
- bundler-audit
6
- pronto
4
+ pronto-bundler_audit (0.1.1)
5
+ bundler-audit (~> 0)
6
+ pronto (~> 0)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
@@ -12,24 +12,12 @@ GEM
12
12
  public_suffix (>= 2.0.2, < 4.0)
13
13
  ansi (1.5.0)
14
14
  ast (2.4.0)
15
- axiom-types (0.1.1)
16
- descendants_tracker (~> 0.0.4)
17
- ice_nine (~> 0.11.0)
18
- thread_safe (~> 0.3, >= 0.3.1)
19
15
  builder (3.2.3)
20
16
  bundler-audit (0.6.1)
21
17
  bundler (>= 1.2.0, < 3)
22
18
  thor (~> 0.18)
23
19
  byebug (11.0.1)
24
- codeclimate-engine-rb (0.4.1)
25
- virtus (~> 1.0)
26
20
  coderay (1.1.2)
27
- coercible (1.0.0)
28
- descendants_tracker (~> 0.0.1)
29
- descendants_tracker (0.0.4)
30
- thread_safe (~> 0.3, >= 0.3.1)
31
- docile (1.3.1)
32
- equalizer (0.0.11)
33
21
  faraday (0.15.4)
34
22
  multipart-post (>= 1.2, < 3)
35
23
  gitlab (4.11.0)
@@ -38,10 +26,7 @@ GEM
38
26
  httparty (0.17.0)
39
27
  mime-types (~> 3.0)
40
28
  multi_xml (>= 0.5.2)
41
- ice_nine (0.11.2)
42
29
  jaro_winkler (1.5.2)
43
- json (2.2.0)
44
- kwalify (0.7.2)
45
30
  method_source (0.9.2)
46
31
  mime-types (3.2.2)
47
32
  mime-types-data (~> 3.2015)
@@ -54,11 +39,10 @@ GEM
54
39
  ruby-progressbar
55
40
  multi_xml (0.6.0)
56
41
  multipart-post (2.0.0)
57
- object_identifier (0.2.1)
58
42
  octokit (4.14.0)
59
43
  sawyer (~> 0.8.0, >= 0.5.3)
60
44
  parallel (1.17.0)
61
- parser (2.6.2.1)
45
+ parser (2.6.3.0)
62
46
  ast (~> 2.4.0)
63
47
  pronto (0.10.0)
64
48
  gitlab (~> 4.0, >= 4.0.0)
@@ -73,21 +57,13 @@ GEM
73
57
  pry-byebug (3.7.0)
74
58
  byebug (~> 11.0)
75
59
  pry (~> 0.10)
76
- psych (3.1.0)
77
60
  public_suffix (3.0.3)
78
61
  rainbow (3.0.0)
79
62
  rake (12.3.2)
80
- reek (5.4.0)
81
- codeclimate-engine-rb (~> 0.4.0)
82
- kwalify (~> 0.7.0)
83
- parser (>= 2.5.0.0, < 2.7, != 2.5.1.1)
84
- psych (~> 3.1.0)
85
- rainbow (>= 2.0, < 4.0)
86
- rubocop (0.67.2)
63
+ rubocop (0.68.0)
87
64
  jaro_winkler (~> 1.5.1)
88
65
  parallel (~> 1.10)
89
66
  parser (>= 2.5, != 2.5.1.1)
90
- psych (>= 3.1.0)
91
67
  rainbow (>= 2.2.2, < 4.0)
92
68
  ruby-progressbar (~> 1.7)
93
69
  unicode-display_width (>= 1.4.0, < 1.6)
@@ -96,38 +72,24 @@ GEM
96
72
  sawyer (0.8.1)
97
73
  addressable (>= 2.3.5, < 2.6)
98
74
  faraday (~> 0.8, < 1.0)
99
- simplecov (0.16.1)
100
- docile (~> 1.1)
101
- json (>= 1.8, < 3)
102
- simplecov-html (~> 0.10.0)
103
- simplecov-html (0.10.2)
104
75
  terminal-table (1.8.0)
105
76
  unicode-display_width (~> 1.1, >= 1.1.1)
106
77
  thor (0.20.3)
107
- thread_safe (0.3.6)
108
78
  unicode-display_width (1.5.0)
109
- virtus (1.0.5)
110
- axiom-types (~> 0.1)
111
- coercible (~> 1.0)
112
- descendants_tracker (~> 0.0, >= 0.0.3)
113
- equalizer (~> 0.0, >= 0.0.9)
114
79
 
115
80
  PLATFORMS
116
81
  ruby
117
82
 
118
83
  DEPENDENCIES
119
- bundler
120
- byebug
121
- minitest
122
- minitest-reporters
123
- object_identifier
84
+ bundler (~> 2)
85
+ byebug (~> 11)
86
+ minitest (~> 5)
87
+ minitest-reporters (~> 1)
124
88
  pronto-bundler_audit!
125
- pry
126
- pry-byebug
127
- rake
128
- reek
129
- rubocop
130
- simplecov
89
+ pry (~> 0)
90
+ pry-byebug (~> 3)
91
+ rake (~> 12)
92
+ rubocop (~> 0)
131
93
 
132
94
  BUNDLED WITH
133
95
  2.0.1
data/lib/pronto/bundler_audit/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Pronto
2
2
  module BundlerAudit
3
- VERSION = "0.1.0"
3
+ VERSION = "0.1.1"
4
4
  end
5
5
  end
data/lib/pronto/bundler_audit.rb CHANGED
@@ -10,6 +10,8 @@ module Pronto
10
10
  # 3. Runs bundle-audit to scan the Gemfile.lock
11
11
  # 4. Returns an Array of Pronto::Message objects if any issues are found
12
12
  class BundlerAudit < Runner
13
+ GEMFILE_LOCK_FILENAME = "Gemfile.lock".freeze
14
+
13
15
  def run
14
16
  patch = find_relevant_patch
15
17
 
@@ -27,7 +29,7 @@ module Pronto
27
29
 
28
30
  def relevant_patch_path?(patch)
29
31
  patch_path = patch.new_file_full_path.to_s
30
- patch_path.end_with?("Gemfile.lock")
32
+ patch_path.end_with?(GEMFILE_LOCK_FILENAME)
31
33
  end
32
34
 
33
35
  # Pronto::BundlerAudit::PatchHandler run Bundle Audit on the given patch
@@ -63,28 +65,48 @@ module Pronto
63
65
  def process_scan_result(scan_result)
64
66
  case scan_result
65
67
  when Bundler::Audit::Scanner::InsecureSource
66
- build_warning_message(
67
- "Insecure Source URI found: #{scan_result.source}")
68
+ report_insecure_source_scan_result
68
69
  when Bundler::Audit::Scanner::UnpatchedGem
69
- advisory =
70
- AdvisoryFormatter.new(
71
- gem: scan_result.gem, advisory: scan_result.advisory)
72
- message = advisory.to_compact_s
73
-
74
- build_error_message(message)
70
+ report_unpatched_gem_scan_result(scan_result)
75
71
  end
76
72
  end
77
73
 
74
+ def report_insecure_source_scan_result(scan_result)
75
+ build_warning_message(
76
+ "Insecure Source URI found: #{scan_result.source}")
77
+ end
78
+
79
+ def report_unpatched_gem_scan_result(scan_result)
80
+ advisory =
81
+ AdvisoryFormatter.new(
82
+ gem: scan_result.gem, advisory: scan_result.advisory)
83
+ message = advisory.to_compact_s
84
+ line = find_relevant_line(advisory)
85
+
86
+ build_error_message(message, line: line)
87
+ end
88
+
89
+ # @return [Pronto::Git::Line]
90
+ def find_relevant_line(advisory)
91
+ first_added_line_for_affected_gem_name(advisory.gem_name)
92
+ end
93
+
94
+ # @return [Pronto::Git::Line]
95
+ def first_added_line_for_affected_gem_name(gem_name)
96
+ @patch.added_lines.detect { |line| line.content.include?(gem_name) }
97
+ end
98
+
78
99
  def build_warning_message(message)
79
100
  build_message(message, level: :warning)
80
101
  end
81
102
 
82
- def build_error_message(message)
83
- build_message(message, level: :error)
103
+ def build_error_message(message, line:)
104
+ build_message(message, level: :error, line: line)
84
105
  end
85
106
 
86
- def build_message(message, level:)
87
- Message.new("Gemfile.lock", nil, level, message, nil, @runner.class)
107
+ def build_message(message, level:, line:)
108
+ Message.new(
109
+ GEMFILE_LOCK_FILENAME, line, level, message, nil, @runner.class)
88
110
  end
89
111
 
90
112
  # Pronto::BundlerAudit::PatchHandler::AdvisoryFormatter is a message
@@ -119,12 +141,12 @@ module Pronto
119
141
  ].join(" | ")
120
142
  end
121
143
 
122
- private
123
-
124
144
  def gem_name
125
145
  @gem.name
126
146
  end
127
147
 
148
+ private
149
+
128
150
  def gem_version
129
151
  @gem.version
130
152
  end
data/pronto-bundler_audit.gemspec CHANGED
@@ -35,18 +35,16 @@ Gem::Specification.new do |spec|
35
35
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
36
36
  spec.require_paths = ["lib"]
37
37
 
38
- spec.add_runtime_dependency "pronto"
39
- spec.add_runtime_dependency "bundler-audit"
40
-
41
- spec.add_development_dependency "bundler"
42
- spec.add_development_dependency "byebug"
43
- spec.add_development_dependency "minitest"
44
- spec.add_development_dependency "minitest-reporters"
45
- spec.add_development_dependency "object_identifier"
46
- spec.add_development_dependency "pry"
47
- spec.add_development_dependency "pry-byebug"
48
- spec.add_development_dependency "rake"
49
- spec.add_development_dependency "reek"
50
- spec.add_development_dependency "rubocop"
51
- spec.add_development_dependency "simplecov"
38
+ spec.add_runtime_dependency "pronto", "~> 0"
39
+ spec.add_runtime_dependency "bundler-audit", "~> 0"
40
+
41
+ spec.add_development_dependency "bundler", "~> 2"
42
+ spec.add_development_dependency "byebug", "~> 11"
43
+ spec.add_development_dependency "minitest", "~> 5"
44
+ spec.add_development_dependency "minitest-reporters", "~> 1"
45
+ spec.add_development_dependency "pry", "~> 0"
46
+ spec.add_development_dependency "pry-byebug", "~> 3"
47
+ spec.add_development_dependency "rake", "~> 12"
48
+ spec.add_development_dependency "rubocop", "~> 0"
49
+ # spec.add_development_dependency "simplecov", "~> 0.16"
52
50
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pronto-bundler_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paul Dobbins
@@ -14,182 +14,140 @@ dependencies:
14
14
  name: pronto
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ">="
17
+ - - "~>"
18
18
  - !ruby/object:Gem::Version
19
19
  version: '0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ">="
24
+ - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: '0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler-audit
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ">="
31
+ - - "~>"
32
32
  - !ruby/object:Gem::Version
33
33
  version: '0'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ">="
38
+ - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ">="
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '0'
47
+ version: '2'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ">="
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '0'
54
+ version: '2'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: byebug
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - ">="
59
+ - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '0'
61
+ version: '11'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - ">="
66
+ - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '0'
68
+ version: '11'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: minitest
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - ">="
73
+ - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: '0'
75
+ version: '5'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - ">="
80
+ - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: '0'
82
+ version: '5'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: minitest-reporters
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - ">="
87
+ - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '0'
89
+ version: '1'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - ">="
94
+ - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '0'
97
- - !ruby/object:Gem::Dependency
98
- name: object_identifier
99
- requirement: !ruby/object:Gem::Requirement
100
- requirements:
101
- - - ">="
102
- - !ruby/object:Gem::Version
103
- version: '0'
104
- type: :development
105
- prerelease: false
106
- version_requirements: !ruby/object:Gem::Requirement
107
- requirements:
108
- - - ">="
109
- - !ruby/object:Gem::Version
110
- version: '0'
96
+ version: '1'
111
97
  - !ruby/object:Gem::Dependency
112
98
  name: pry
113
99
  requirement: !ruby/object:Gem::Requirement
114
100
  requirements:
115
- - - ">="
101
+ - - "~>"
116
102
  - !ruby/object:Gem::Version
117
103
  version: '0'
118
104
  type: :development
119
105
  prerelease: false
120
106
  version_requirements: !ruby/object:Gem::Requirement
121
107
  requirements:
122
- - - ">="
108
+ - - "~>"
123
109
  - !ruby/object:Gem::Version
124
110
  version: '0'
125
111
  - !ruby/object:Gem::Dependency
126
112
  name: pry-byebug
127
113
  requirement: !ruby/object:Gem::Requirement
128
114
  requirements:
129
- - - ">="
115
+ - - "~>"
130
116
  - !ruby/object:Gem::Version
131
- version: '0'
117
+ version: '3'
132
118
  type: :development
133
119
  prerelease: false
134
120
  version_requirements: !ruby/object:Gem::Requirement
135
121
  requirements:
136
- - - ">="
122
+ - - "~>"
137
123
  - !ruby/object:Gem::Version
138
- version: '0'
124
+ version: '3'
139
125
  - !ruby/object:Gem::Dependency
140
126
  name: rake
141
127
  requirement: !ruby/object:Gem::Requirement
142
128
  requirements:
143
- - - ">="
129
+ - - "~>"
144
130
  - !ruby/object:Gem::Version
145
- version: '0'
131
+ version: '12'
146
132
  type: :development
147
133
  prerelease: false
148
134
  version_requirements: !ruby/object:Gem::Requirement
149
135
  requirements:
150
- - - ">="
136
+ - - "~>"
151
137
  - !ruby/object:Gem::Version
152
- version: '0'
153
- - !ruby/object:Gem::Dependency
154
- name: reek
155
- requirement: !ruby/object:Gem::Requirement
156
- requirements:
157
- - - ">="
158
- - !ruby/object:Gem::Version
159
- version: '0'
160
- type: :development
161
- prerelease: false
162
- version_requirements: !ruby/object:Gem::Requirement
163
- requirements:
164
- - - ">="
165
- - !ruby/object:Gem::Version
166
- version: '0'
138
+ version: '12'
167
139
  - !ruby/object:Gem::Dependency
168
140
  name: rubocop
169
141
  requirement: !ruby/object:Gem::Requirement
170
142
  requirements:
171
- - - ">="
172
- - !ruby/object:Gem::Version
173
- version: '0'
174
- type: :development
175
- prerelease: false
176
- version_requirements: !ruby/object:Gem::Requirement
177
- requirements:
178
- - - ">="
179
- - !ruby/object:Gem::Version
180
- version: '0'
181
- - !ruby/object:Gem::Dependency
182
- name: simplecov
183
- requirement: !ruby/object:Gem::Requirement
184
- requirements:
185
- - - ">="
143
+ - - "~>"
186
144
  - !ruby/object:Gem::Version
187
145
  version: '0'
188
146
  type: :development
189
147
  prerelease: false
190
148
  version_requirements: !ruby/object:Gem::Requirement
191
149
  requirements:
192
- - - ">="
150
+ - - "~>"
193
151
  - !ruby/object:Gem::Version
194
152
  version: '0'
195
153
  description:
@@ -201,6 +159,7 @@ extra_rdoc_files: []
201
159
  files:
202
160
  - ".gitignore"
203
161
  - ".travis.yml"
162
+ - CHANGELOG.md
204
163
  - Gemfile
205
164
  - Gemfile.lock
206
165
  - LICENSE.txt