redmine_audit 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/README.md +18 -2
  4. data/app/models/mailer.rb +2 -1
  5. data/app/views/mailer/unfixed_advisories_found.html.erb +2 -0
  6. data/app/views/mailer/unfixed_advisories_found.text.erb +2 -0
  7. data/lib/redmine_audit.rb +23 -0
  8. data/lib/redmine_audit/database.rb +3 -1
  9. data/lib/redmine_audit/version.rb +1 -1
  10. data/lib/tasks/redmine_audit.rake +14 -10
  11. data/redmine_audit.gemspec +3 -3
  12. metadata +4 -5
  13. data/Gemfile +0 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 182a256634fc3c05360c058215fa5c0bdef09bc1
4
- data.tar.gz: 2619e900354882da15f5e6775552ee95e2d68168
3
+ metadata.gz: 1bb3b023e6550d3fc79de999b8e0244ce5d4b2d4
4
+ data.tar.gz: b11e7bd9c26bfb3302ee96da910b6a4d4df913f6
5
5
  SHA512:
6
- metadata.gz: 50b2639203a7c5540b3cee8d85e71ae67914dbb4137f02c803e9303c0374b3b982d2554bbff43b24632d5ca9c6ef53b597553eb8cc0da909ad6222e83eaa2a09
7
- data.tar.gz: 4b273431a5b814f7b9d63a7d256f60a8b05026dad18fe35a7d916ad9f7c1c84fe63750089e1bd339d5720eb10aa51773c750fb081ea03ca30f8911447a3d06e6
6
+ metadata.gz: 71852521e605ddfcb0825f76417d7a4c2494cd12a1adcdfc23917fd6f16e79b2c10cc36cf3d5054493424b65b3e5c200e0aa81c9ebc76df23f3c165937de41a4
7
+ data.tar.gz: 57ad5479a04476b5629b9887c3d6a5087224ca6b59022a2c5ab5d685c19a064edaaad4fc5c8017e5275f75a99a7d95424da53990fb9abd44a3fde5989e404505
data/.gitignore CHANGED
@@ -1 +1,2 @@
1
+ /pkg
1
2
  Gemfile.lock
data/README.md CHANGED
@@ -14,6 +14,22 @@ And then execute:
14
14
 
15
15
  $ bundle
16
16
 
17
+ Or git clone under Redmine's plugins directory.
18
+
19
+ ```
20
+ $ cd /path/to/redmine/plugins && git clone https://github.com/sho-h/redmine_audit.git
21
+ ```
22
+
23
+ ## Uninstallation
24
+
25
+ Remove above line from your Redmine's Gemfile.local.
26
+
27
+ And remove file(s) this gem installed(or you cloned).
28
+
29
+ ```
30
+ $ cd /path/to/redmine/plugins && rm -rf ./redmine_audit
31
+ ```
32
+
17
33
  ## Usage
18
34
 
19
35
  Excecute redmine:audit rake task with users environment variable.
@@ -25,10 +41,10 @@ $ rake redmine:audit users=1,2 RAILS_ENV=production
25
41
  Or, add same commant to crontab.
26
42
 
27
43
  ```
28
- 30 6 * * * www-data cd /path/to/redmine ; rake redmine:audit users=1,2 RAILS_ENV=production
44
+ 30 6 * * * www-data perl -e 'sleep int(rand(3600))' && cd /path/to/redmine ; rake redmine:audit users=1,2 RAILS_ENV=production
29
45
  ```
30
46
 
31
- users environment variable can set only system administrator.
47
+ Send email if vulnerabilities found. users environment variable can set only system administrator.
32
48
 
33
49
  ## Contributing
34
50
 
data/app/models/mailer.rb CHANGED
@@ -6,7 +6,7 @@ class Mailer < ActionMailer::Base
6
6
  # The version to compare against {#unaffected_versions}.
7
7
  # @param [Array] user_ids
8
8
  # Array of user ids who should be notified
9
- def unfixed_advisories_found(advisories, user_ids)
9
+ def unfixed_advisories_found(redmine_version, advisories, user_ids)
10
10
  if advisories.nil? || advisories.empty?
11
11
  raise "Couldn't find user specified: #{advisories.inspect}"
12
12
  end
@@ -16,6 +16,7 @@ class Mailer < ActionMailer::Base
16
16
  raise ActiveRecord::RecordNotFound.new("Couldn't find user specified: #{user_ids.inspect}")
17
17
  end
18
18
 
19
+ @redmine_version = redmine_version
19
20
  @advisories = advisories
20
21
  # TODO: Internationalize suject and body.
21
22
  mail(to: users, subject: "[Redmine] Security notification")
data/app/views/mailer/unfixed_advisories_found.html.erb CHANGED
@@ -12,6 +12,8 @@
12
12
 
13
13
  <div>
14
14
  <ul style="list-style:none;">
15
+ <li>Name: Redmine</li>
16
+ <li>Version: <%= @redmine_version %></li>
15
17
  <li>Severity: <%= advisory.severity %></li>
16
18
  <li>URL: <%= ext_refs %></li>
17
19
  <li>Detail: <%= advisory.details %></li>
data/app/views/mailer/unfixed_advisories_found.text.erb CHANGED
@@ -10,6 +10,8 @@
10
10
  solution = advisory.fixed_versions.join(', ')
11
11
  -%>
12
12
 
13
+ Name: Redmine
14
+ Version: <%= @redmine_version %>
13
15
  Severity: <%= advisory.severity %>
14
16
  URL: <%= ext_refs %>
15
17
  Detail: <%= advisory.details %>
data/lib/redmine_audit.rb CHANGED
@@ -5,6 +5,29 @@ module RedmineAudit
5
5
  class Plugin < ::Rails::Engine
6
6
  config.after_initialize do
7
7
  require File.expand_path('../init', __dir__)
8
+
9
+ create_hint = true
10
+ # TODO: support Redmine 3.4.0
11
+ plugins_dir = File.join(Bundler.root, 'plugins')
12
+ Dir.glob(File.join(plugins_dir, '*/redmine_audit.gemspec')) do |gemspec_path|
13
+ Rails.logger.warn('Skip to load redmine_audit plugin installed as gem.')
14
+ Rails.logger.warn('Use plugins directory\'s redmine_audit plugin')
15
+ create_hint = false
16
+ end
17
+
18
+ if create_hint
19
+ # Create text file to Redmine's plugins directory.
20
+ # The purpose is telling plugins directory to users.
21
+ path = File.join(plugins_dir, 'redmine_audit')
22
+ if !File.exists?(path)
23
+ File.open(path, 'w') do |f|
24
+ f.write(<<EOS)
25
+ This plugin was installed as gem wrote to Gemfile.local instead of putting Redmine's plugin directory.
26
+ See redmine_audit gem installed directory.
27
+ EOS
28
+ end
29
+ end
30
+ end
8
31
  end
9
32
  end
10
33
  end
data/lib/redmine_audit/database.rb CHANGED
@@ -57,7 +57,9 @@ module RedmineAudit
57
57
  # Ignore depends gem
58
58
  return nil if /Ruby on Rails vulnerability/.match(res[1])
59
59
 
60
- versions = tds[4].content.split(/\s*(?:and|,)\s*/)
60
+ versions = tds[4].content.split(/\s*(?:and|,)\s*/).sort {|v1, v2|
61
+ Gem::Version.new(v1) <=> Gem::Version.new(v2)
62
+ }
61
63
  fixed_versions = []
62
64
  if versions.length > 1
63
65
  fixed_versions =
data/lib/redmine_audit/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module RedmineAudit
2
- VERSION = '0.1.0'
2
+ VERSION = '0.1.1'
3
3
  end
data/lib/tasks/redmine_audit.rake CHANGED
@@ -13,17 +13,21 @@ Example:
13
13
  END_DESC
14
14
 
15
15
  namespace :redmine do
16
- task audit: :environment do
17
- # TODO: More better if requires mailer automatically.
18
- require_dependency 'mailer'
19
- require_relative '../../app/models/mailer.rb'
16
+ # Avoid to define same task twice.
17
+ # TODO: stop load twice this .rake file.
18
+ if !Rake::Task.task_defined?(:audit)
19
+ task audit: :environment do
20
+ # TODO: More better if requires mailer automatically.
21
+ require_dependency 'mailer'
22
+ require_relative '../../app/models/mailer.rb'
20
23
 
21
- redmine_ver = Redmine::VERSION
22
- advisories = RedmineAudit::Database.new.advisories(redmine_ver.to_s)
23
- if advisories.length > 0
24
- users = (ENV['users'] || '').split(',').each(&:strip!)
25
- Mailer.with_synched_deliveries do
26
- Mailer.unfixed_advisories_found(advisories, users).deliver
24
+ redmine_ver = Redmine::VERSION
25
+ advisories = RedmineAudit::Database.new.advisories(redmine_ver.to_s)
26
+ if advisories.length > 0
27
+ users = (ENV['users'] || '').split(',').each(&:strip!)
28
+ Mailer.with_synched_deliveries do
29
+ Mailer.unfixed_advisories_found(redmine_ver, advisories, users).deliver
30
+ end
27
31
  end
28
32
  end
29
33
  end
data/redmine_audit.gemspec CHANGED
@@ -9,13 +9,13 @@ Gem::Specification.new do |spec|
9
9
  spec.authors = ['Sho Hashimoto']
10
10
  spec.email = ['sho.hsmt@gmail.com']
11
11
 
12
- spec.summary = %q{Redmine plugin for checking vulnerabilities}
13
- spec.description = %q{Redmine plugin for checking vulnerabilities}
12
+ spec.summary = %q{Redmine plugin for checking Redmine's own vulnerabilities}
13
+ spec.description = %q{Redmine plugin for checking Redmine's own vulnerabilities}
14
14
  spec.homepage = 'https://github.com/sho-h/redmine_audit'
15
15
  spec.license = 'MIT'
16
16
 
17
17
  spec.files = `git ls-files -z`.split("\x0").reject do |f|
18
- f.match(%r{^(test|spec|features)/})
18
+ f.match(%r{^((test|spec|features)/|Gemfile)})
19
19
  end
20
20
  spec.bindir = 'exe'
21
21
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: redmine_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sho Hashimoto
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-06-12 00:00:00.000000000 Z
11
+ date: 2017-06-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -80,7 +80,7 @@ dependencies:
80
80
  - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
- description: Redmine plugin for checking vulnerabilities
83
+ description: Redmine plugin for checking Redmine's own vulnerabilities
84
84
  email:
85
85
  - sho.hsmt@gmail.com
86
86
  executables: []
@@ -88,7 +88,6 @@ extensions: []
88
88
  extra_rdoc_files: []
89
89
  files:
90
90
  - ".gitignore"
91
- - Gemfile
92
91
  - LICENSE
93
92
  - README.md
94
93
  - Rakefile
@@ -136,5 +135,5 @@ rubyforge_project:
136
135
  rubygems_version: 2.5.2
137
136
  signing_key:
138
137
  specification_version: 4
139
- summary: Redmine plugin for checking vulnerabilities
138
+ summary: Redmine plugin for checking Redmine's own vulnerabilities
140
139
  test_files: []
data/Gemfile DELETED
@@ -1,4 +0,0 @@
1
- source 'https://rubygems.org'
2
-
3
- # Specify your gem's dependencies in redmine_audit.gemspec
4
- gemspec