pronto-bundler_audit 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/Gemfile.lock +13 -51
- data/lib/pronto/bundler_audit/version.rb +1 -1
- data/lib/pronto/bundler_audit.rb +37 -15
- data/pronto-bundler_audit.gemspec +12 -14
- metadata +34 -75
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2873f35b21834bcf629f9dc4f6d3f03dd951d53c57f7fb243bd2a3bbf07cc86d
|
4
|
+
data.tar.gz: 4fee93d0072331bae4923cef0e0ce8b25cd16eafc6c87e85bb00cfdc21f37c2d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 301d7d5be5569acf52a7111f810ad23eb1e44518be8cfd55ae6bce85145fba559afc78f3cfe59717a1f272db6abb29cb52fc862c9b9ebcc7227ac1d579efb75c
|
7
|
+
data.tar.gz: e250e59a4754b6b313d32d3c9a45b98b4d825af5b50b897ef902749f4cfd882094599ad12a0d0f2b494b484eed98fa87f1f9f18eec262ccda66047e0aa3302dd
|
data/CHANGELOG.md
ADDED
data/Gemfile.lock
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
pronto-bundler_audit (0.1.
|
5
|
-
bundler-audit
|
6
|
-
pronto
|
4
|
+
pronto-bundler_audit (0.1.1)
|
5
|
+
bundler-audit (~> 0)
|
6
|
+
pronto (~> 0)
|
7
7
|
|
8
8
|
GEM
|
9
9
|
remote: https://rubygems.org/
|
@@ -12,24 +12,12 @@ GEM
|
|
12
12
|
public_suffix (>= 2.0.2, < 4.0)
|
13
13
|
ansi (1.5.0)
|
14
14
|
ast (2.4.0)
|
15
|
-
axiom-types (0.1.1)
|
16
|
-
descendants_tracker (~> 0.0.4)
|
17
|
-
ice_nine (~> 0.11.0)
|
18
|
-
thread_safe (~> 0.3, >= 0.3.1)
|
19
15
|
builder (3.2.3)
|
20
16
|
bundler-audit (0.6.1)
|
21
17
|
bundler (>= 1.2.0, < 3)
|
22
18
|
thor (~> 0.18)
|
23
19
|
byebug (11.0.1)
|
24
|
-
codeclimate-engine-rb (0.4.1)
|
25
|
-
virtus (~> 1.0)
|
26
20
|
coderay (1.1.2)
|
27
|
-
coercible (1.0.0)
|
28
|
-
descendants_tracker (~> 0.0.1)
|
29
|
-
descendants_tracker (0.0.4)
|
30
|
-
thread_safe (~> 0.3, >= 0.3.1)
|
31
|
-
docile (1.3.1)
|
32
|
-
equalizer (0.0.11)
|
33
21
|
faraday (0.15.4)
|
34
22
|
multipart-post (>= 1.2, < 3)
|
35
23
|
gitlab (4.11.0)
|
@@ -38,10 +26,7 @@ GEM
|
|
38
26
|
httparty (0.17.0)
|
39
27
|
mime-types (~> 3.0)
|
40
28
|
multi_xml (>= 0.5.2)
|
41
|
-
ice_nine (0.11.2)
|
42
29
|
jaro_winkler (1.5.2)
|
43
|
-
json (2.2.0)
|
44
|
-
kwalify (0.7.2)
|
45
30
|
method_source (0.9.2)
|
46
31
|
mime-types (3.2.2)
|
47
32
|
mime-types-data (~> 3.2015)
|
@@ -54,11 +39,10 @@ GEM
|
|
54
39
|
ruby-progressbar
|
55
40
|
multi_xml (0.6.0)
|
56
41
|
multipart-post (2.0.0)
|
57
|
-
object_identifier (0.2.1)
|
58
42
|
octokit (4.14.0)
|
59
43
|
sawyer (~> 0.8.0, >= 0.5.3)
|
60
44
|
parallel (1.17.0)
|
61
|
-
parser (2.6.
|
45
|
+
parser (2.6.3.0)
|
62
46
|
ast (~> 2.4.0)
|
63
47
|
pronto (0.10.0)
|
64
48
|
gitlab (~> 4.0, >= 4.0.0)
|
@@ -73,21 +57,13 @@ GEM
|
|
73
57
|
pry-byebug (3.7.0)
|
74
58
|
byebug (~> 11.0)
|
75
59
|
pry (~> 0.10)
|
76
|
-
psych (3.1.0)
|
77
60
|
public_suffix (3.0.3)
|
78
61
|
rainbow (3.0.0)
|
79
62
|
rake (12.3.2)
|
80
|
-
|
81
|
-
codeclimate-engine-rb (~> 0.4.0)
|
82
|
-
kwalify (~> 0.7.0)
|
83
|
-
parser (>= 2.5.0.0, < 2.7, != 2.5.1.1)
|
84
|
-
psych (~> 3.1.0)
|
85
|
-
rainbow (>= 2.0, < 4.0)
|
86
|
-
rubocop (0.67.2)
|
63
|
+
rubocop (0.68.0)
|
87
64
|
jaro_winkler (~> 1.5.1)
|
88
65
|
parallel (~> 1.10)
|
89
66
|
parser (>= 2.5, != 2.5.1.1)
|
90
|
-
psych (>= 3.1.0)
|
91
67
|
rainbow (>= 2.2.2, < 4.0)
|
92
68
|
ruby-progressbar (~> 1.7)
|
93
69
|
unicode-display_width (>= 1.4.0, < 1.6)
|
@@ -96,38 +72,24 @@ GEM
|
|
96
72
|
sawyer (0.8.1)
|
97
73
|
addressable (>= 2.3.5, < 2.6)
|
98
74
|
faraday (~> 0.8, < 1.0)
|
99
|
-
simplecov (0.16.1)
|
100
|
-
docile (~> 1.1)
|
101
|
-
json (>= 1.8, < 3)
|
102
|
-
simplecov-html (~> 0.10.0)
|
103
|
-
simplecov-html (0.10.2)
|
104
75
|
terminal-table (1.8.0)
|
105
76
|
unicode-display_width (~> 1.1, >= 1.1.1)
|
106
77
|
thor (0.20.3)
|
107
|
-
thread_safe (0.3.6)
|
108
78
|
unicode-display_width (1.5.0)
|
109
|
-
virtus (1.0.5)
|
110
|
-
axiom-types (~> 0.1)
|
111
|
-
coercible (~> 1.0)
|
112
|
-
descendants_tracker (~> 0.0, >= 0.0.3)
|
113
|
-
equalizer (~> 0.0, >= 0.0.9)
|
114
79
|
|
115
80
|
PLATFORMS
|
116
81
|
ruby
|
117
82
|
|
118
83
|
DEPENDENCIES
|
119
|
-
bundler
|
120
|
-
byebug
|
121
|
-
minitest
|
122
|
-
minitest-reporters
|
123
|
-
object_identifier
|
84
|
+
bundler (~> 2)
|
85
|
+
byebug (~> 11)
|
86
|
+
minitest (~> 5)
|
87
|
+
minitest-reporters (~> 1)
|
124
88
|
pronto-bundler_audit!
|
125
|
-
pry
|
126
|
-
pry-byebug
|
127
|
-
rake
|
128
|
-
|
129
|
-
rubocop
|
130
|
-
simplecov
|
89
|
+
pry (~> 0)
|
90
|
+
pry-byebug (~> 3)
|
91
|
+
rake (~> 12)
|
92
|
+
rubocop (~> 0)
|
131
93
|
|
132
94
|
BUNDLED WITH
|
133
95
|
2.0.1
|
data/lib/pronto/bundler_audit.rb
CHANGED
@@ -10,6 +10,8 @@ module Pronto
|
|
10
10
|
# 3. Runs bundle-audit to scan the Gemfile.lock
|
11
11
|
# 4. Returns an Array of Pronto::Message objects if any issues are found
|
12
12
|
class BundlerAudit < Runner
|
13
|
+
GEMFILE_LOCK_FILENAME = "Gemfile.lock".freeze
|
14
|
+
|
13
15
|
def run
|
14
16
|
patch = find_relevant_patch
|
15
17
|
|
@@ -27,7 +29,7 @@ module Pronto
|
|
27
29
|
|
28
30
|
def relevant_patch_path?(patch)
|
29
31
|
patch_path = patch.new_file_full_path.to_s
|
30
|
-
patch_path.end_with?(
|
32
|
+
patch_path.end_with?(GEMFILE_LOCK_FILENAME)
|
31
33
|
end
|
32
34
|
|
33
35
|
# Pronto::BundlerAudit::PatchHandler run Bundle Audit on the given patch
|
@@ -63,28 +65,48 @@ module Pronto
|
|
63
65
|
def process_scan_result(scan_result)
|
64
66
|
case scan_result
|
65
67
|
when Bundler::Audit::Scanner::InsecureSource
|
66
|
-
|
67
|
-
"Insecure Source URI found: #{scan_result.source}")
|
68
|
+
report_insecure_source_scan_result
|
68
69
|
when Bundler::Audit::Scanner::UnpatchedGem
|
69
|
-
|
70
|
-
AdvisoryFormatter.new(
|
71
|
-
gem: scan_result.gem, advisory: scan_result.advisory)
|
72
|
-
message = advisory.to_compact_s
|
73
|
-
|
74
|
-
build_error_message(message)
|
70
|
+
report_unpatched_gem_scan_result(scan_result)
|
75
71
|
end
|
76
72
|
end
|
77
73
|
|
74
|
+
def report_insecure_source_scan_result(scan_result)
|
75
|
+
build_warning_message(
|
76
|
+
"Insecure Source URI found: #{scan_result.source}")
|
77
|
+
end
|
78
|
+
|
79
|
+
def report_unpatched_gem_scan_result(scan_result)
|
80
|
+
advisory =
|
81
|
+
AdvisoryFormatter.new(
|
82
|
+
gem: scan_result.gem, advisory: scan_result.advisory)
|
83
|
+
message = advisory.to_compact_s
|
84
|
+
line = find_relevant_line(advisory)
|
85
|
+
|
86
|
+
build_error_message(message, line: line)
|
87
|
+
end
|
88
|
+
|
89
|
+
# @return [Pronto::Git::Line]
|
90
|
+
def find_relevant_line(advisory)
|
91
|
+
first_added_line_for_affected_gem_name(advisory.gem_name)
|
92
|
+
end
|
93
|
+
|
94
|
+
# @return [Pronto::Git::Line]
|
95
|
+
def first_added_line_for_affected_gem_name(gem_name)
|
96
|
+
@patch.added_lines.detect { |line| line.content.include?(gem_name) }
|
97
|
+
end
|
98
|
+
|
78
99
|
def build_warning_message(message)
|
79
100
|
build_message(message, level: :warning)
|
80
101
|
end
|
81
102
|
|
82
|
-
def build_error_message(message)
|
83
|
-
build_message(message, level: :error)
|
103
|
+
def build_error_message(message, line:)
|
104
|
+
build_message(message, level: :error, line: line)
|
84
105
|
end
|
85
106
|
|
86
|
-
def build_message(message, level:)
|
87
|
-
Message.new(
|
107
|
+
def build_message(message, level:, line:)
|
108
|
+
Message.new(
|
109
|
+
GEMFILE_LOCK_FILENAME, line, level, message, nil, @runner.class)
|
88
110
|
end
|
89
111
|
|
90
112
|
# Pronto::BundlerAudit::PatchHandler::AdvisoryFormatter is a message
|
@@ -119,12 +141,12 @@ module Pronto
|
|
119
141
|
].join(" | ")
|
120
142
|
end
|
121
143
|
|
122
|
-
private
|
123
|
-
|
124
144
|
def gem_name
|
125
145
|
@gem.name
|
126
146
|
end
|
127
147
|
|
148
|
+
private
|
149
|
+
|
128
150
|
def gem_version
|
129
151
|
@gem.version
|
130
152
|
end
|
@@ -35,18 +35,16 @@ Gem::Specification.new do |spec|
|
|
35
35
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
36
36
|
spec.require_paths = ["lib"]
|
37
37
|
|
38
|
-
spec.add_runtime_dependency "pronto"
|
39
|
-
spec.add_runtime_dependency "bundler-audit"
|
40
|
-
|
41
|
-
spec.add_development_dependency "bundler"
|
42
|
-
spec.add_development_dependency "byebug"
|
43
|
-
spec.add_development_dependency "minitest"
|
44
|
-
spec.add_development_dependency "minitest-reporters"
|
45
|
-
spec.add_development_dependency "
|
46
|
-
spec.add_development_dependency "pry"
|
47
|
-
spec.add_development_dependency "
|
48
|
-
spec.add_development_dependency "
|
49
|
-
spec.add_development_dependency "
|
50
|
-
spec.add_development_dependency "rubocop"
|
51
|
-
spec.add_development_dependency "simplecov"
|
38
|
+
spec.add_runtime_dependency "pronto", "~> 0"
|
39
|
+
spec.add_runtime_dependency "bundler-audit", "~> 0"
|
40
|
+
|
41
|
+
spec.add_development_dependency "bundler", "~> 2"
|
42
|
+
spec.add_development_dependency "byebug", "~> 11"
|
43
|
+
spec.add_development_dependency "minitest", "~> 5"
|
44
|
+
spec.add_development_dependency "minitest-reporters", "~> 1"
|
45
|
+
spec.add_development_dependency "pry", "~> 0"
|
46
|
+
spec.add_development_dependency "pry-byebug", "~> 3"
|
47
|
+
spec.add_development_dependency "rake", "~> 12"
|
48
|
+
spec.add_development_dependency "rubocop", "~> 0"
|
49
|
+
# spec.add_development_dependency "simplecov", "~> 0.16"
|
52
50
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pronto-bundler_audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paul Dobbins
|
@@ -14,182 +14,140 @@ dependencies:
|
|
14
14
|
name: pronto
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler-audit
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '0'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - "
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: bundler
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - "
|
45
|
+
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
47
|
+
version: '2'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - "
|
52
|
+
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
54
|
+
version: '2'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: byebug
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- - "
|
59
|
+
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: '
|
61
|
+
version: '11'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
|
-
- - "
|
66
|
+
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: '
|
68
|
+
version: '11'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: minitest
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
|
-
- - "
|
73
|
+
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: '
|
75
|
+
version: '5'
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
|
-
- - "
|
80
|
+
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: '
|
82
|
+
version: '5'
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: minitest-reporters
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
|
-
- - "
|
87
|
+
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: '
|
89
|
+
version: '1'
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
|
-
- - "
|
94
|
+
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: '
|
97
|
-
- !ruby/object:Gem::Dependency
|
98
|
-
name: object_identifier
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
100
|
-
requirements:
|
101
|
-
- - ">="
|
102
|
-
- !ruby/object:Gem::Version
|
103
|
-
version: '0'
|
104
|
-
type: :development
|
105
|
-
prerelease: false
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
107
|
-
requirements:
|
108
|
-
- - ">="
|
109
|
-
- !ruby/object:Gem::Version
|
110
|
-
version: '0'
|
96
|
+
version: '1'
|
111
97
|
- !ruby/object:Gem::Dependency
|
112
98
|
name: pry
|
113
99
|
requirement: !ruby/object:Gem::Requirement
|
114
100
|
requirements:
|
115
|
-
- - "
|
101
|
+
- - "~>"
|
116
102
|
- !ruby/object:Gem::Version
|
117
103
|
version: '0'
|
118
104
|
type: :development
|
119
105
|
prerelease: false
|
120
106
|
version_requirements: !ruby/object:Gem::Requirement
|
121
107
|
requirements:
|
122
|
-
- - "
|
108
|
+
- - "~>"
|
123
109
|
- !ruby/object:Gem::Version
|
124
110
|
version: '0'
|
125
111
|
- !ruby/object:Gem::Dependency
|
126
112
|
name: pry-byebug
|
127
113
|
requirement: !ruby/object:Gem::Requirement
|
128
114
|
requirements:
|
129
|
-
- - "
|
115
|
+
- - "~>"
|
130
116
|
- !ruby/object:Gem::Version
|
131
|
-
version: '
|
117
|
+
version: '3'
|
132
118
|
type: :development
|
133
119
|
prerelease: false
|
134
120
|
version_requirements: !ruby/object:Gem::Requirement
|
135
121
|
requirements:
|
136
|
-
- - "
|
122
|
+
- - "~>"
|
137
123
|
- !ruby/object:Gem::Version
|
138
|
-
version: '
|
124
|
+
version: '3'
|
139
125
|
- !ruby/object:Gem::Dependency
|
140
126
|
name: rake
|
141
127
|
requirement: !ruby/object:Gem::Requirement
|
142
128
|
requirements:
|
143
|
-
- - "
|
129
|
+
- - "~>"
|
144
130
|
- !ruby/object:Gem::Version
|
145
|
-
version: '
|
131
|
+
version: '12'
|
146
132
|
type: :development
|
147
133
|
prerelease: false
|
148
134
|
version_requirements: !ruby/object:Gem::Requirement
|
149
135
|
requirements:
|
150
|
-
- - "
|
136
|
+
- - "~>"
|
151
137
|
- !ruby/object:Gem::Version
|
152
|
-
version: '
|
153
|
-
- !ruby/object:Gem::Dependency
|
154
|
-
name: reek
|
155
|
-
requirement: !ruby/object:Gem::Requirement
|
156
|
-
requirements:
|
157
|
-
- - ">="
|
158
|
-
- !ruby/object:Gem::Version
|
159
|
-
version: '0'
|
160
|
-
type: :development
|
161
|
-
prerelease: false
|
162
|
-
version_requirements: !ruby/object:Gem::Requirement
|
163
|
-
requirements:
|
164
|
-
- - ">="
|
165
|
-
- !ruby/object:Gem::Version
|
166
|
-
version: '0'
|
138
|
+
version: '12'
|
167
139
|
- !ruby/object:Gem::Dependency
|
168
140
|
name: rubocop
|
169
141
|
requirement: !ruby/object:Gem::Requirement
|
170
142
|
requirements:
|
171
|
-
- - "
|
172
|
-
- !ruby/object:Gem::Version
|
173
|
-
version: '0'
|
174
|
-
type: :development
|
175
|
-
prerelease: false
|
176
|
-
version_requirements: !ruby/object:Gem::Requirement
|
177
|
-
requirements:
|
178
|
-
- - ">="
|
179
|
-
- !ruby/object:Gem::Version
|
180
|
-
version: '0'
|
181
|
-
- !ruby/object:Gem::Dependency
|
182
|
-
name: simplecov
|
183
|
-
requirement: !ruby/object:Gem::Requirement
|
184
|
-
requirements:
|
185
|
-
- - ">="
|
143
|
+
- - "~>"
|
186
144
|
- !ruby/object:Gem::Version
|
187
145
|
version: '0'
|
188
146
|
type: :development
|
189
147
|
prerelease: false
|
190
148
|
version_requirements: !ruby/object:Gem::Requirement
|
191
149
|
requirements:
|
192
|
-
- - "
|
150
|
+
- - "~>"
|
193
151
|
- !ruby/object:Gem::Version
|
194
152
|
version: '0'
|
195
153
|
description:
|
@@ -201,6 +159,7 @@ extra_rdoc_files: []
|
|
201
159
|
files:
|
202
160
|
- ".gitignore"
|
203
161
|
- ".travis.yml"
|
162
|
+
- CHANGELOG.md
|
204
163
|
- Gemfile
|
205
164
|
- Gemfile.lock
|
206
165
|
- LICENSE.txt
|