redmine_audit 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/README.md +18 -2
  4. data/app/models/mailer.rb +2 -1
  5. data/app/views/mailer/unfixed_advisories_found.html.erb +2 -0
  6. data/app/views/mailer/unfixed_advisories_found.text.erb +2 -0
  7. data/lib/redmine_audit.rb +23 -0
  8. data/lib/redmine_audit/database.rb +3 -1
  9. data/lib/redmine_audit/version.rb +1 -1
  10. data/lib/tasks/redmine_audit.rake +14 -10
  11. data/redmine_audit.gemspec +3 -3
  12. metadata +4 -5
  13. data/Gemfile +0 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 182a256634fc3c05360c058215fa5c0bdef09bc1
4
- data.tar.gz: 2619e900354882da15f5e6775552ee95e2d68168
3
+ metadata.gz: 1bb3b023e6550d3fc79de999b8e0244ce5d4b2d4
4
+ data.tar.gz: b11e7bd9c26bfb3302ee96da910b6a4d4df913f6
5
5
  SHA512:
6
- metadata.gz: 50b2639203a7c5540b3cee8d85e71ae67914dbb4137f02c803e9303c0374b3b982d2554bbff43b24632d5ca9c6ef53b597553eb8cc0da909ad6222e83eaa2a09
7
- data.tar.gz: 4b273431a5b814f7b9d63a7d256f60a8b05026dad18fe35a7d916ad9f7c1c84fe63750089e1bd339d5720eb10aa51773c750fb081ea03ca30f8911447a3d06e6
6
+ metadata.gz: 71852521e605ddfcb0825f76417d7a4c2494cd12a1adcdfc23917fd6f16e79b2c10cc36cf3d5054493424b65b3e5c200e0aa81c9ebc76df23f3c165937de41a4
7
+ data.tar.gz: 57ad5479a04476b5629b9887c3d6a5087224ca6b59022a2c5ab5d685c19a064edaaad4fc5c8017e5275f75a99a7d95424da53990fb9abd44a3fde5989e404505
data/.gitignore CHANGED
@@ -1 +1,2 @@
1
+ /pkg
1
2
  Gemfile.lock
data/README.md CHANGED
@@ -14,6 +14,22 @@ And then execute:
14
14
 
15
15
  $ bundle
16
16
 
17
+ Or git clone under Redmine's plugins directory.
18
+
19
+ ```
20
+ $ cd /path/to/redmine/plugins && git clone https://github.com/sho-h/redmine_audit.git
21
+ ```
22
+
23
+ ## Uninstallation
24
+
25
+ Remove above line from your Redmine's Gemfile.local.
26
+
27
+ And remove file(s) this gem installed(or you cloned).
28
+
29
+ ```
30
+ $ cd /path/to/redmine/plugins && rm -rf ./redmine_audit
31
+ ```
32
+
17
33
  ## Usage
18
34
 
19
35
  Excecute redmine:audit rake task with users environment variable.
@@ -25,10 +41,10 @@ $ rake redmine:audit users=1,2 RAILS_ENV=production
25
41
  Or, add same commant to crontab.
26
42
 
27
43
  ```
28
- 30 6 * * * www-data cd /path/to/redmine ; rake redmine:audit users=1,2 RAILS_ENV=production
44
+ 30 6 * * * www-data perl -e 'sleep int(rand(3600))' && cd /path/to/redmine ; rake redmine:audit users=1,2 RAILS_ENV=production
29
45
  ```
30
46
 
31
- users environment variable can set only system administrator.
47
+ Send email if vulnerabilities found. users environment variable can set only system administrator.
32
48
 
33
49
  ## Contributing
34
50
 
data/app/models/mailer.rb CHANGED
@@ -6,7 +6,7 @@ class Mailer < ActionMailer::Base
6
6
  # The version to compare against {#unaffected_versions}.
7
7
  # @param [Array] user_ids
8
8
  # Array of user ids who should be notified
9
- def unfixed_advisories_found(advisories, user_ids)
9
+ def unfixed_advisories_found(redmine_version, advisories, user_ids)
10
10
  if advisories.nil? || advisories.empty?
11
11
  raise "Couldn't find user specified: #{advisories.inspect}"
12
12
  end
@@ -16,6 +16,7 @@ class Mailer < ActionMailer::Base
16
16
  raise ActiveRecord::RecordNotFound.new("Couldn't find user specified: #{user_ids.inspect}")
17
17
  end
18
18
 
19
+ @redmine_version = redmine_version
19
20
  @advisories = advisories
20
21
  # TODO: Internationalize suject and body.
21
22
  mail(to: users, subject: "[Redmine] Security notification")
data/app/views/mailer/unfixed_advisories_found.html.erb CHANGED
@@ -12,6 +12,8 @@
12
12
 
13
13
  <div>
14
14
  <ul style="list-style:none;">
15
+ <li>Name: Redmine</li>
16
+ <li>Version: <%= @redmine_version %></li>
15
17
  <li>Severity: <%= advisory.severity %></li>
16
18
  <li>URL: <%= ext_refs %></li>
17
19
  <li>Detail: <%= advisory.details %></li>
data/app/views/mailer/unfixed_advisories_found.text.erb CHANGED
@@ -10,6 +10,8 @@
10
10
  solution = advisory.fixed_versions.join(', ')
11
11
  -%>
12
12
 
13
+ Name: Redmine
14
+ Version: <%= @redmine_version %>
13
15
  Severity: <%= advisory.severity %>
14
16
  URL: <%= ext_refs %>
15
17
  Detail: <%= advisory.details %>
data/lib/redmine_audit.rb CHANGED
@@ -5,6 +5,29 @@ module RedmineAudit
5
5
  class Plugin < ::Rails::Engine
6
6
  config.after_initialize do
7
7
  require File.expand_path('../init', __dir__)
8
+
9
+ create_hint = true
10
+ # TODO: support Redmine 3.4.0
11
+ plugins_dir = File.join(Bundler.root, 'plugins')
12
+ Dir.glob(File.join(plugins_dir, '*/redmine_audit.gemspec')) do |gemspec_path|
13
+ Rails.logger.warn('Skip to load redmine_audit plugin installed as gem.')
14
+ Rails.logger.warn('Use plugins directory\'s redmine_audit plugin')
15
+ create_hint = false
16
+ end
17
+
18
+ if create_hint
19
+ # Create text file to Redmine's plugins directory.
20
+ # The purpose is telling plugins directory to users.
21
+ path = File.join(plugins_dir, 'redmine_audit')
22
+ if !File.exists?(path)
23
+ File.open(path, 'w') do |f|
24
+ f.write(<<EOS)
25
+ This plugin was installed as gem wrote to Gemfile.local instead of putting Redmine's plugin directory.
26
+ See redmine_audit gem installed directory.
27
+ EOS
28
+ end
29
+ end
30
+ end
8
31
  end
9
32
  end
10
33
  end
data/lib/redmine_audit/database.rb CHANGED
@@ -57,7 +57,9 @@ module RedmineAudit
57
57
  # Ignore depends gem
58
58
  return nil if /Ruby on Rails vulnerability/.match(res[1])
59
59
 
60
- versions = tds[4].content.split(/\s*(?:and|,)\s*/)
60
+ versions = tds[4].content.split(/\s*(?:and|,)\s*/).sort {|v1, v2|
61
+ Gem::Version.new(v1) <=> Gem::Version.new(v2)
62
+ }
61
63
  fixed_versions = []
62
64
  if versions.length > 1
63
65
  fixed_versions =
data/lib/redmine_audit/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module RedmineAudit
2
- VERSION = '0.1.0'
2
+ VERSION = '0.1.1'
3
3
  end
data/lib/tasks/redmine_audit.rake CHANGED
@@ -13,17 +13,21 @@ Example:
13
13
  END_DESC
14
14
 
15
15
  namespace :redmine do
16
- task audit: :environment do
17
- # TODO: More better if requires mailer automatically.
18
- require_dependency 'mailer'
19
- require_relative '../../app/models/mailer.rb'
16
+ # Avoid to define same task twice.
17
+ # TODO: stop load twice this .rake file.
18
+ if !Rake::Task.task_defined?(:audit)
19
+ task audit: :environment do
20
+ # TODO: More better if requires mailer automatically.
21
+ require_dependency 'mailer'
22
+ require_relative '../../app/models/mailer.rb'
20
23
 
21
- redmine_ver = Redmine::VERSION
22
- advisories = RedmineAudit::Database.new.advisories(redmine_ver.to_s)
23
- if advisories.length > 0
24
- users = (ENV['users'] || '').split(',').each(&:strip!)
25
- Mailer.with_synched_deliveries do
26
- Mailer.unfixed_advisories_found(advisories, users).deliver
24
+ redmine_ver = Redmine::VERSION
25
+ advisories = RedmineAudit::Database.new.advisories(redmine_ver.to_s)
26
+ if advisories.length > 0
27
+ users = (ENV['users'] || '').split(',').each(&:strip!)
28
+ Mailer.with_synched_deliveries do
29
+ Mailer.unfixed_advisories_found(redmine_ver, advisories, users).deliver
30
+ end
27
31
  end
28
32
  end
29
33
  end
data/redmine_audit.gemspec CHANGED
@@ -9,13 +9,13 @@ Gem::Specification.new do |spec|
9
9
  spec.authors = ['Sho Hashimoto']
10
10
  spec.email = ['sho.hsmt@gmail.com']
11
11
 
12
- spec.summary = %q{Redmine plugin for checking vulnerabilities}
13
- spec.description = %q{Redmine plugin for checking vulnerabilities}
12
+ spec.summary = %q{Redmine plugin for checking Redmine's own vulnerabilities}
13
+ spec.description = %q{Redmine plugin for checking Redmine's own vulnerabilities}
14
14
  spec.homepage = 'https://github.com/sho-h/redmine_audit'
15
15
  spec.license = 'MIT'
16
16
 
17
17
  spec.files = `git ls-files -z`.split("\x0").reject do |f|
18
- f.match(%r{^(test|spec|features)/})
18
+ f.match(%r{^((test|spec|features)/|Gemfile)})
19
19
  end
20
20
  spec.bindir = 'exe'
21
21
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: redmine_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sho Hashimoto
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-06-12 00:00:00.000000000 Z
11
+ date: 2017-06-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -80,7 +80,7 @@ dependencies:
80
80
  - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
- description: Redmine plugin for checking vulnerabilities
83
+ description: Redmine plugin for checking Redmine's own vulnerabilities
84
84
  email:
85
85
  - sho.hsmt@gmail.com
86
86
  executables: []
@@ -88,7 +88,6 @@ extensions: []
88
88
  extra_rdoc_files: []
89
89
  files:
90
90
  - ".gitignore"
91
- - Gemfile
92
91
  - LICENSE
93
92
  - README.md
94
93
  - Rakefile
@@ -136,5 +135,5 @@ rubyforge_project:
136
135
  rubygems_version: 2.5.2
137
136
  signing_key:
138
137
  specification_version: 4
139
- summary: Redmine plugin for checking vulnerabilities
138
+ summary: Redmine plugin for checking Redmine's own vulnerabilities
140
139
  test_files: []
data/Gemfile DELETED
@@ -1,4 +0,0 @@
1
- source 'https://rubygems.org'
2
-
3
- # Specify your gem's dependencies in redmine_audit.gemspec
4
- gemspec