pronto-railroader 0.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +22 -0
  3. data/README.md +20 -0
  4. data/lib/pronto/railroader.rb +58 -0
  5. data/lib/pronto/railroader/version.rb +5 -0
  6. data/pronto-railroader.gemspec +40 -0
  7. metadata +119 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 9c0368e4b5e011c56731778036ec0e4d512d799c0cbdbb0113740e95326b28e3
4
+ data.tar.gz: b98f1aecc1cda4c921fb1f767d81257f5979615b7eb93f7489dd41d0c07e5c5a
5
+ SHA512:
6
+ metadata.gz: 898fa0ee493290b9ac085fa82e1c82156147a8f1fb0ffd702bba8bcefa97140da7f7ed76e0e6c95fbfca5158c66cd8e2fbb6439e713c47a94a49a46000d359f6
7
+ data.tar.gz: 7bf74244bf678258bec45f5623ecf348eef371c10f103c7f3f8cad559110d6d6cf470a0d2fb28affe3aa44e3c830ca7ef38983b66e1d4a1541238331ec8ef3cf
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ The MIT License
2
+
3
+ Copyright (c) 2017 Mindaugas Mozūras, David A. Wheeler, and
4
+ the Railroader contributors
5
+
6
+ Permission is hereby granted, free of charge, to any person obtaining a copy
7
+ of this software and associated documentation files (the "Software"), to deal
8
+ in the Software without restriction, including without limitation the rights
9
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10
+ copies of the Software, and to permit persons to whom the Software is
11
+ furnished to do so, subject to the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be included in
14
+ all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,20 @@
1
+ # Pronto runner for Railroader
2
+
3
+ [![Code Climate](https://codeclimate.com/github/prontolabs/pronto-railroader.png)](https://codeclimate.com/github/prontolabs/pronto-railroader)
4
+ [![Build Status](https://travis-ci.org/prontolabs/pronto-railroader.png)](https://travis-ci.org/prontolabs/pronto-railroader)
5
+ [![Gem Version](https://badge.fury.io/rb/pronto-railroader.png)](http://badge.fury.io/rb/pronto-railroader)
6
+ <!-- [![Dependency Status](https://gemnasium.com/prontolabs/pronto-railroader.png)](https://gemnasium.com/prontolabs/pronto-railroader) -->
7
+
8
+ Pronto runner for [Railroader](https://github.com/presidentbeef/railroader), security vulnerability scanner for Ruby on Rails (RoR). [What is Pronto?](https://github.com/prontolabs/pronto)
9
+
10
+ ## Severity mapping
11
+
12
+ Railroader [Confidence](https://github.com/presidentbeef/railroader#confidence-levels) is mapped to severity levels on the
13
+ messages generated by Pronto. High confidence maps to fatal, medium confidence maps to warning, and low confidence maps
14
+ to info.
15
+
16
+ ## History
17
+
18
+ Note that Railroader is open source software (OSS) and is a project fork of Brakeman. This gem, pronto-railroader, is a fork of pronto-brakeman.
19
+
20
+ If you want a pronto service for Brakeman, use pronto-brakeman instead.
data/lib/pronto/railroader.rb ADDED
@@ -0,0 +1,58 @@
1
+ require 'pronto'
2
+ require 'railroader'
3
+
4
+ module Pronto
5
+ class Railroader < Runner
6
+ def run
7
+ files = ruby_patches.map do |patch|
8
+ patch.new_file_full_path.relative_path_from(repo_path).to_s
9
+ end
10
+
11
+ return [] unless files.any?
12
+
13
+ output = ::Railroader.run(app_path: repo_path,
14
+ output_formats: [:to_s],
15
+ only_files: files)
16
+ messages_for(ruby_patches, output).compact
17
+ rescue ::Railroader::NoApplication
18
+ []
19
+ end
20
+
21
+ def messages_for(ruby_patches, output)
22
+ output.filtered_warnings.map do |warning|
23
+ patch = patch_for_warning(ruby_patches, warning)
24
+
25
+ next unless patch
26
+ line = patch.added_lines.find do |added_line|
27
+ added_line.new_lineno == warning.line
28
+ end
29
+
30
+ new_message(line, warning) if line
31
+ end
32
+ end
33
+
34
+ def new_message(line, warning)
35
+ Message.new(line.patch.delta.new_file[:path], line,
36
+ severity_for_confidence(warning.confidence),
37
+ "Possible security vulnerability: #{warning.message}",
38
+ nil, self.class)
39
+ end
40
+
41
+ def severity_for_confidence(confidence_level)
42
+ case confidence_level
43
+ when 0 # Railroader High confidence
44
+ :fatal
45
+ when 1 # Railroader Medium confidence
46
+ :warning
47
+ else # Railroader Low confidence (and other possibilities)
48
+ :info
49
+ end
50
+ end
51
+
52
+ def patch_for_warning(ruby_patches, warning)
53
+ ruby_patches.find do |patch|
54
+ patch.new_file_full_path.to_s == warning.file
55
+ end
56
+ end
57
+ end
58
+ end
data/lib/pronto/railroader/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ module Pronto
2
+ module RailroaderVersion
3
+ VERSION = '0.10.1'.freeze
4
+ end
5
+ end
data/pronto-railroader.gemspec ADDED
@@ -0,0 +1,40 @@
1
+ # -*- encoding: utf-8 -*-
2
+ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
3
+
4
+ require 'pronto/railroader/version'
5
+ require 'English'
6
+
7
+ Gem::Specification.new do |s|
8
+ s.name = 'pronto-railroader'
9
+ s.version = Pronto::RailroaderVersion::VERSION
10
+ s.platform = Gem::Platform::RUBY
11
+ s.author = 'David A. Wheeler adn Mindaugas Mozūras'
12
+ s.email = 'dwheeler@dwheeler.com'
13
+ s.homepage = 'http://github.com/david-a-wheeler/pronto-railroader'
14
+ s.summary = 'Pronto runner for Railroader, security vulnerability scanner for RoR'
15
+
16
+ s.licenses = ['MIT']
17
+ s.required_ruby_version = '>= 2.3.0'
18
+ s.rubygems_version = '1.8.23'
19
+
20
+ s.files = `git ls-files`.split($RS).reject do |file|
21
+ file =~ %r{^(?:
22
+ spec/.*
23
+ |Gemfile
24
+ |Rakefile
25
+ |\.rspec
26
+ |\.gitignore
27
+ |\.rubocop.yml
28
+ |\.travis.yml
29
+ )$}x
30
+ end
31
+ s.test_files = []
32
+ s.extra_rdoc_files = ['LICENSE', 'README.md']
33
+ s.require_paths = ['lib']
34
+
35
+ s.add_runtime_dependency('pronto', '~> 0.10.0')
36
+ s.add_runtime_dependency('railroader', '>= 3.2.0')
37
+ s.add_development_dependency('rake', '~> 12.0')
38
+ s.add_development_dependency('rspec', '~> 3.4')
39
+ s.add_development_dependency('rspec-its', '~> 1.2')
40
+ end
metadata ADDED
@@ -0,0 +1,119 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: pronto-railroader
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.10.1
5
+ platform: ruby
6
+ authors:
7
+ - David A. Wheeler adn Mindaugas Mozūras
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-02-07 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: pronto
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 0.10.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 0.10.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: railroader
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: 3.2.0
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: 3.2.0
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '12.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '12.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3.4'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3.4'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec-its
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.2'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.2'
83
+ description:
84
+ email: dwheeler@dwheeler.com
85
+ executables: []
86
+ extensions: []
87
+ extra_rdoc_files:
88
+ - LICENSE
89
+ - README.md
90
+ files:
91
+ - LICENSE
92
+ - README.md
93
+ - lib/pronto/railroader.rb
94
+ - lib/pronto/railroader/version.rb
95
+ - pronto-railroader.gemspec
96
+ homepage: http://github.com/david-a-wheeler/pronto-railroader
97
+ licenses:
98
+ - MIT
99
+ metadata: {}
100
+ post_install_message:
101
+ rdoc_options: []
102
+ require_paths:
103
+ - lib
104
+ required_ruby_version: !ruby/object:Gem::Requirement
105
+ requirements:
106
+ - - ">="
107
+ - !ruby/object:Gem::Version
108
+ version: 2.3.0
109
+ required_rubygems_version: !ruby/object:Gem::Requirement
110
+ requirements:
111
+ - - ">="
112
+ - !ruby/object:Gem::Version
113
+ version: '0'
114
+ requirements: []
115
+ rubygems_version: 3.0.2
116
+ signing_key:
117
+ specification_version: 4
118
+ summary: Pronto runner for Railroader, security vulnerability scanner for RoR
119
+ test_files: []