pronto-railroader 0.10.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +22 -0
  3. data/README.md +20 -0
  4. data/lib/pronto/railroader.rb +58 -0
  5. data/lib/pronto/railroader/version.rb +5 -0
  6. data/pronto-railroader.gemspec +40 -0
  7. metadata +119 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 9c0368e4b5e011c56731778036ec0e4d512d799c0cbdbb0113740e95326b28e3
4
+ data.tar.gz: b98f1aecc1cda4c921fb1f767d81257f5979615b7eb93f7489dd41d0c07e5c5a
5
+ SHA512:
6
+ metadata.gz: 898fa0ee493290b9ac085fa82e1c82156147a8f1fb0ffd702bba8bcefa97140da7f7ed76e0e6c95fbfca5158c66cd8e2fbb6439e713c47a94a49a46000d359f6
7
+ data.tar.gz: 7bf74244bf678258bec45f5623ecf348eef371c10f103c7f3f8cad559110d6d6cf470a0d2fb28affe3aa44e3c830ca7ef38983b66e1d4a1541238331ec8ef3cf
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ The MIT License
2
+
3
+ Copyright (c) 2017 Mindaugas Mozūras, David A. Wheeler, and
4
+ the Railroader contributors
5
+
6
+ Permission is hereby granted, free of charge, to any person obtaining a copy
7
+ of this software and associated documentation files (the "Software"), to deal
8
+ in the Software without restriction, including without limitation the rights
9
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10
+ copies of the Software, and to permit persons to whom the Software is
11
+ furnished to do so, subject to the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be included in
14
+ all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,20 @@
1
+ # Pronto runner for Railroader
2
+
3
+ [![Code Climate](https://codeclimate.com/github/prontolabs/pronto-railroader.png)](https://codeclimate.com/github/prontolabs/pronto-railroader)
4
+ [![Build Status](https://travis-ci.org/prontolabs/pronto-railroader.png)](https://travis-ci.org/prontolabs/pronto-railroader)
5
+ [![Gem Version](https://badge.fury.io/rb/pronto-railroader.png)](http://badge.fury.io/rb/pronto-railroader)
6
+ <!-- [![Dependency Status](https://gemnasium.com/prontolabs/pronto-railroader.png)](https://gemnasium.com/prontolabs/pronto-railroader) -->
7
+
8
+ Pronto runner for [Railroader](https://github.com/presidentbeef/railroader), security vulnerability scanner for Ruby on Rails (RoR). [What is Pronto?](https://github.com/prontolabs/pronto)
9
+
10
+ ## Severity mapping
11
+
12
+ Railroader [Confidence](https://github.com/presidentbeef/railroader#confidence-levels) is mapped to severity levels on the
13
+ messages generated by Pronto. High confidence maps to fatal, medium confidence maps to warning, and low confidence maps
14
+ to info.
15
+
16
+ ## History
17
+
18
+ Note that Railroader is open source software (OSS) and is a project fork of Brakeman. This gem, pronto-railroader, is a fork of pronto-brakeman.
19
+
20
+ If you want a pronto service for Brakeman, use pronto-brakeman instead.
data/lib/pronto/railroader.rb ADDED
@@ -0,0 +1,58 @@
1
+ require 'pronto'
2
+ require 'railroader'
3
+
4
+ module Pronto
5
+ class Railroader < Runner
6
+ def run
7
+ files = ruby_patches.map do |patch|
8
+ patch.new_file_full_path.relative_path_from(repo_path).to_s
9
+ end
10
+
11
+ return [] unless files.any?
12
+
13
+ output = ::Railroader.run(app_path: repo_path,
14
+ output_formats: [:to_s],
15
+ only_files: files)
16
+ messages_for(ruby_patches, output).compact
17
+ rescue ::Railroader::NoApplication
18
+ []
19
+ end
20
+
21
+ def messages_for(ruby_patches, output)
22
+ output.filtered_warnings.map do |warning|
23
+ patch = patch_for_warning(ruby_patches, warning)
24
+
25
+ next unless patch
26
+ line = patch.added_lines.find do |added_line|
27
+ added_line.new_lineno == warning.line
28
+ end
29
+
30
+ new_message(line, warning) if line
31
+ end
32
+ end
33
+
34
+ def new_message(line, warning)
35
+ Message.new(line.patch.delta.new_file[:path], line,
36
+ severity_for_confidence(warning.confidence),
37
+ "Possible security vulnerability: #{warning.message}",
38
+ nil, self.class)
39
+ end
40
+
41
+ def severity_for_confidence(confidence_level)
42
+ case confidence_level
43
+ when 0 # Railroader High confidence
44
+ :fatal
45
+ when 1 # Railroader Medium confidence
46
+ :warning
47
+ else # Railroader Low confidence (and other possibilities)
48
+ :info
49
+ end
50
+ end
51
+
52
+ def patch_for_warning(ruby_patches, warning)
53
+ ruby_patches.find do |patch|
54
+ patch.new_file_full_path.to_s == warning.file
55
+ end
56
+ end
57
+ end
58
+ end
data/lib/pronto/railroader/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ module Pronto
2
+ module RailroaderVersion
3
+ VERSION = '0.10.1'.freeze
4
+ end
5
+ end
data/pronto-railroader.gemspec ADDED
@@ -0,0 +1,40 @@
1
+ # -*- encoding: utf-8 -*-
2
+ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
3
+
4
+ require 'pronto/railroader/version'
5
+ require 'English'
6
+
7
+ Gem::Specification.new do |s|
8
+ s.name = 'pronto-railroader'
9
+ s.version = Pronto::RailroaderVersion::VERSION
10
+ s.platform = Gem::Platform::RUBY
11
+ s.author = 'David A. Wheeler adn Mindaugas Mozūras'
12
+ s.email = 'dwheeler@dwheeler.com'
13
+ s.homepage = 'http://github.com/david-a-wheeler/pronto-railroader'
14
+ s.summary = 'Pronto runner for Railroader, security vulnerability scanner for RoR'
15
+
16
+ s.licenses = ['MIT']
17
+ s.required_ruby_version = '>= 2.3.0'
18
+ s.rubygems_version = '1.8.23'
19
+
20
+ s.files = `git ls-files`.split($RS).reject do |file|
21
+ file =~ %r{^(?:
22
+ spec/.*
23
+ |Gemfile
24
+ |Rakefile
25
+ |\.rspec
26
+ |\.gitignore
27
+ |\.rubocop.yml
28
+ |\.travis.yml
29
+ )$}x
30
+ end
31
+ s.test_files = []
32
+ s.extra_rdoc_files = ['LICENSE', 'README.md']
33
+ s.require_paths = ['lib']
34
+
35
+ s.add_runtime_dependency('pronto', '~> 0.10.0')
36
+ s.add_runtime_dependency('railroader', '>= 3.2.0')
37
+ s.add_development_dependency('rake', '~> 12.0')
38
+ s.add_development_dependency('rspec', '~> 3.4')
39
+ s.add_development_dependency('rspec-its', '~> 1.2')
40
+ end
metadata ADDED
@@ -0,0 +1,119 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: pronto-railroader
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.10.1
5
+ platform: ruby
6
+ authors:
7
+ - David A. Wheeler adn Mindaugas Mozūras
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-02-07 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: pronto
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 0.10.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 0.10.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: railroader
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: 3.2.0
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: 3.2.0
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '12.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '12.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3.4'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3.4'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec-its
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.2'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.2'
83
+ description:
84
+ email: dwheeler@dwheeler.com
85
+ executables: []
86
+ extensions: []
87
+ extra_rdoc_files:
88
+ - LICENSE
89
+ - README.md
90
+ files:
91
+ - LICENSE
92
+ - README.md
93
+ - lib/pronto/railroader.rb
94
+ - lib/pronto/railroader/version.rb
95
+ - pronto-railroader.gemspec
96
+ homepage: http://github.com/david-a-wheeler/pronto-railroader
97
+ licenses:
98
+ - MIT
99
+ metadata: {}
100
+ post_install_message:
101
+ rdoc_options: []
102
+ require_paths:
103
+ - lib
104
+ required_ruby_version: !ruby/object:Gem::Requirement
105
+ requirements:
106
+ - - ">="
107
+ - !ruby/object:Gem::Version
108
+ version: 2.3.0
109
+ required_rubygems_version: !ruby/object:Gem::Requirement
110
+ requirements:
111
+ - - ">="
112
+ - !ruby/object:Gem::Version
113
+ version: '0'
114
+ requirements: []
115
+ rubygems_version: 3.0.2
116
+ signing_key:
117
+ specification_version: 4
118
+ summary: Pronto runner for Railroader, security vulnerability scanner for RoR
119
+ test_files: []