recent_ruby 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 70acf82ea562f877b9336246857d9fa430da031ecce7b2a33177b7466842644c
-  data.tar.gz: 8d7877f3335bc076ed310f466380a81fdca866f4cdad92afba1a2531d60327de
+  metadata.gz: a626dae98bcb8ac0b68c2089454706ffcee4a319eee7559f19b7ec918b3c84e1
+  data.tar.gz: 816502e54a5bfd77e5ee6386a8c50197a5edf307949f4ca6ce421c343e904154
 SHA512:
-  metadata.gz: a04056344a2af842976c31397df0b77e462421afe60b333ed7cb4d286eb8a0ec9d24ea3e57f7411971cdd1289fd8e68ab3ddd9542b50e4ba1a752de403f315c2
-  data.tar.gz: e075082df5ef0d07fec859ee3f168961fbc889c65acfe85f918f784a81da9abb89014dadedb9b5599e8e86847a28dc33f5f4c4fd7d5195b55f4c973e2cdd0362
+  metadata.gz: 4c5a2ccb5f8315f8d7185162fb78cf58e1240a6276225319427608e4a542c382133e529bb625a4a8dbb8fb4cefcbbbb057f767879193054706843b24af6696ea
+  data.tar.gz: 01c25327c51eaa090c9c314a57593060f8354871b3f391133c214e1587abd5ee51f99c5f3c440bdc5b76e3737b85d58df89eee4feee9e91ae7c0696876496baf

data/.rubocop.yml

@@ -0,0 +1,2 @@
+AllCops:
+  TargetRubyVersion: 2.3

data/README.md

@@ -1,12 +1,12 @@
 # Recent Ruby
 
-This script takes a Ruby version number, compares it to all available Ruby versions, and throws an error unless the supplied version number contains the latest security patches.
+This script takes a Ruby version number, compares it to all available Ruby versions, and throws an error unless the supplied version number contains the latest security patches. Put it in your build pipeline and you'll never deploy an app to an unpatched Ruby again.
 
 ## Why
 
-Heroku (and other platforms) use the Gemfile to determine which version of Ruby to use. This means, whenever a Ruby vulnerability is found, you need to personally update your Gemfile in order to be safe. This also means you need to pay close attention to the Ruby security notices. On smaller teams, this is often overlooked.
+Heroku (and other platforms) use the Gemfile to determine which version of Ruby to use. This means, whenever a Ruby vulnerability is found, you need to update your Gemfile in order to be safe. More importantly it means you need to pay close attention to the Ruby security notices. On smaller teams, this is often overlooked.
 
-For Ruby gems, you can use Brakeman or Hakiri or Github itself to stay up-to-date with security patches. For your Ruby version, you can now use Recent Ruby.
+For gems, you can use Brakeman or Hakiri or Github itself to stay up-to-date with security patches. For your Ruby version, you can now use Recent Ruby.
 
 ## Installation
 
@@ -24,25 +24,33 @@ gem 'recent_ruby', require: false
 
 ## Usage
 
-Just add Recent Ruby in your CI/CD build process, wherever you would put Rubocop or Brakeman. Recent Ruby can check either your Gemfile, or whatever is supplied as a command line argument, and checks if that version of Ruby is the most recent TEENY/PATCH release for that minor version. It also makes sure that your minor version is not End-of-Life yet. If your version of Ruby does happen to be out of date and potentially insecure, it exits with status code 1. This means you can simply drop it into your .circle.yml or your Semaphore build step, or wherever you usually put these things. 
+Just add Recent Ruby in your CI/CD build process, wherever you would put Rubocop or Brakeman. Recent Ruby can check either your Gemfile, or whatever is supplied as a command line argument, and checks if that version of Ruby is the most recent TEENY/PATCH release for that minor version.
+
+It also makes sure that your minor version is not End-of-Life yet. If your version of Ruby does happen to be out of date and potentially insecure, it exits with status code 1. This means you can simply drop it into your .circle.yml or your Semaphore build step, or wherever you usually put these things. 
 
 ## Examples
 
-Version number supplied on command line (2.3.7 was the latest 2.3 release at the time of this writing):
+Outdated version number supplied on command line (2.3.7 was the latest 2.3 release at the time of this writing):
 
 ```
 $ recent_ruby --version-string 2.3.1
 Downloading latest list of Rubies from Github...
 Comparing version numbers...
 Current version is 2.3.1, but the latest patch release for 2.3 is 2.3.7!
+```
 
+Latest release for 2.3:
+```
 $ recent_ruby --version-string 2.3.7
 Downloading latest list of Rubies from Github...
 Comparing version numbers...
 Downloading details for 2.3.7...
 Checking EOL status...
 Ruby version check completed successfully.
+```
 
+Latest release for 2.0, which is End-of-Life (no longer getting security patches):
+```
 $ recent_ruby --version-string 2.0.0-p648
 Downloading latest list of Rubies from Github...
 Comparing version numbers...
@@ -67,6 +75,16 @@ Comparing version numbers...
 Current version is 2.3.3, but the latest patch release for 2.3 is 2.3.7!
 ```
 
+Build steps I use on in the project settings on SemaphoreCI:
+
+```
+# Setup:
+gem install recent_ruby --no-rdoc --no-ri
+
+# Build:
+recent_ruby --gemfile Gemfile
+```
+
 ## How
 
 If `--gemfile` was supplied, we use the parser gem to extract the Ruby version from the Gemfile.
@@ -77,4 +95,13 @@ Since the ruby-build repository is well maintained and used in production by man
 
 ## Contributing
 
-Feel free to create issues for any problems you may have. Patches are welcome, especially if they come with a Cucumber scenario.
+Feel free to create issues for any problems you may have. Patches are welcome, especially if they come with a Cucumber scenario.
+
+## Contributors
+
+- Lucas Luitjes
+- Cedric Hartskeerl
+
+## License
+
+This project is MIT licensed.

data/lib/recent_ruby.rb

@@ -1,7 +1,14 @@
+# frozen_string_literal: true
+
 require 'recent_ruby/version'
 require 'recent_ruby/xml_ast'
 
 module RecentRuby
+  RUBY_NODE_XPATH = "//send[symbol-val[@value='ruby']]"
+  VERSION_XPATH = "#{RUBY_NODE_XPATH}/str/string-val/@value"
+  PATCHLEVEL_XPATH = "#{RUBY_NODE_XPATH}/hash/pair[sym[symbol-val[@value='patchlevel']]]"
+  PATCHLEVEL_VALUE_XPATH = "#{PATCHLEVEL_XPATH}/int/integer-val/@value"
+
   def http_get(url)
     uri = URI(url)
     Net::HTTP.start(uri.host, uri.port,
@@ -29,19 +36,21 @@ module RecentRuby
   def parse_gemfile(gemfile)
     ast = Parser::CurrentRuby.parse(File.read(gemfile))
     xml = RecentRuby::XMLAST.new(ast)
-    version = xml.xpath("//send[symbol-val[@value='ruby']]/str/string-val/@value") || [nil]
-    version = version.first ? version.first.value : nil
+    version = xml.xpath(VERSION_XPATH)&.first&.value
     unless version
       puts 'Unable to find ruby version in gemfile.'
       exit(1)
     end
+
+    patchlevel = xml.xpath(PATCHLEVEL_VALUE_XPATH)&.first&.value
+    version += "-p#{patchlevel}" if patchlevel
     version
   end
 
   def validate_mri_version(version)
     return if version =~ /^(\d+\.\d+\.\d+(-p\d+)?)$/
-	  puts 'Only stable release MRI version strings are currently supported. (e.g. 2.3.1 or 2.3.1-p12)'
-	  exit(1)
+    puts 'Only stable release MRI version strings are currently supported. (e.g. 2.3.1 or 2.3.1-p12)'
+    exit(1)
   end
 
   def get_rubies(versions_url)

data/lib/recent_ruby/version.rb

@@ -1,3 +1,3 @@
 module RecentRuby
-  VERSION = '0.1.0'.freeze
+  VERSION = '0.1.1'.freeze
 end

data/lib/recent_ruby/xml_ast.rb

@@ -1,55 +1,60 @@
+# frozen_string_literal: true
+
 require 'parser/current'
 require 'rexml/document'
 
 module RecentRuby
-
-# Class comes from: https://medium.com/rubyinside/using-xpath-to-rewrite-ruby-code-with-ease-8f635af65b5b
-# TODO: turn into a separate gem
-
-	class XMLAST
-		include REXML
-		attr_reader :doc
-
-		def initialize sexp
-		  @doc = Document.new "<root></root>"
-		  @sexp = sexp
-		  root = @doc.root
-		  populate_tree(root, sexp)
-		end
-
-		def populate_tree xml, sexp
-		  if sexp.is_a?(String) ||
-		      sexp.is_a?(Symbol) ||
-		      sexp.is_a?(Numeric) ||
-		      sexp.is_a?(NilClass)
-		    el = Element.new(sexp.class.to_s.downcase + "-val")
-		    el.add_attribute 'value', sexp.to_s
-		    xml.add_element el
-		  else
-		    el = Element.new(sexp.type.to_s)
-		    el.add_attribute('id', sexp.object_id)
-
-		    sexp.children.each{ |n| populate_tree(el, n) }
-		    xml.add_element el
-		  end
-		end
-
-		def treewalk sexp=@sexp
-		  return sexp unless sexp&.respond_to?(:children)
-		  [sexp, sexp.children.map {|n| treewalk(n) }].flatten
-		end
-
-		def xpath path
-		  results = XPath.match(doc, path)
-		  results.map do |n|
-		    if n.respond_to?(:attributes) && n.attributes['id']
-		      treewalk.find do |m| 
-		        m.object_id.to_s == n.attributes['id']
-		      end
-		    else
-		      n
-		    end
-		  end
-		end
-	end
+  # Class comes from: https://medium.com/rubyinside/using-xpath-to-rewrite-ruby-code-with-ease-8f635af65b5b
+  # TODO: turn into a separate gem
+
+  class XMLAST
+    include REXML
+    attr_reader :doc
+
+    def initialize(sexp)
+      @doc = Document.new '<root></root>'
+      @sexp = sexp
+      root = @doc.root
+      populate_tree(root, sexp)
+    end
+
+    def populate_tree(xml, sexp)
+      if sexp.is_a?(String) ||
+         sexp.is_a?(Symbol) ||
+         sexp.is_a?(Numeric) ||
+         sexp.is_a?(NilClass)
+        el = Element.new(sexp.class.to_s.downcase + '-val')
+        el.add_attribute 'value', sexp.to_s
+        xml.add_element el
+      else
+        el = Element.new(sexp.type.to_s)
+        el.add_attribute('id', sexp.object_id)
+
+        sexp.children.each { |n| populate_tree(el, n) }
+        xml.add_element el
+      end
+    end
+
+    def treewalk(sexp = @sexp)
+      return sexp unless sexp&.respond_to?(:children)
+      [sexp, sexp.children.map { |n| treewalk(n) }].flatten
+    end
+
+    def xpath(path)
+      results = XPath.match(doc, path)
+      results.map do |n|
+        if n.respond_to?(:attributes) && n.attributes['id']
+          treewalk.find do |m|
+            m.object_id.to_s == n.attributes['id']
+          end
+        else
+          n
+        end
+      end
+    end
+
+    def pp
+      doc.write(STDOUT, 2)
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recent_ruby
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Lucas Luitjes
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-21 00:00:00.000000000 Z
+date: 2018-06-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -131,6 +131,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rubocop.yml"
 - Gemfile
 - Gemfile.lock
 - LICENSE