rubion 0.3.14 → 0.3.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +36 -43
  3. data/lib/rubion/scanner.rb +4 -22
  4. data/lib/rubion/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f69e93b8534eeaf2045d43f775aec23a72ccf97335ebca9fd8bcb323375dfdca
4
- data.tar.gz: 4d96785c60788e1933a566e8483a79c7ae98f93d301f94b97923ec4c80026af1
3
+ metadata.gz: 1749851afa6f0075dc159a4f4d406a6c1900d8404eaf61fc4737d9d350deb3d7
4
+ data.tar.gz: c59e82269f8e505a62c9fdd54141547ccd67d0ee72ceb139a47d65fb02627293
5
5
  SHA512:
6
- metadata.gz: b64a88b924fe46d2979c06a520aa8458661ad8d06d374c9fe9fa945730b05d1f93e26073a5ef69779ae87e88c840d617ea016be52df356a4ba7753f2c4d1f5a5
7
- data.tar.gz: cccf29d1fe83443774d4b83421edbb086d1f22e1b557f9b413918c90464da4501a95f4f866374d9861cb78fc1e2b4a869ee92f70ddd4666587a0df352dde7f0f
6
+ metadata.gz: b842fac77f18bfbbd548a2a7ae43f6f98022a47c2c2ad4678e755349c712ffb4ec6c27404b7b7b6c4ed6719e4b65d3bd9f66aa44f4adefb9b3f8681b387cb2ca
7
+ data.tar.gz: 1fcc0c42ca646da4ecd88b178969663a4b45b79d1c95657dfe0f5948e293b49fb4042b9e0b710e42a62b8832050266e662b7366c02b433ca8aeeb80c8a5cb746
data/README.md CHANGED
@@ -131,7 +131,6 @@ rubion -v
131
131
  ## Output Example
132
132
 
133
133
  ### Complete Scan Output
134
-
135
134
  ```
136
135
  🔍 Scanning project at: /path/to/project
137
136
 
@@ -139,57 +138,54 @@ rubion -v
139
138
 
140
139
  Gem Vulnerabilities:
141
140
 
142
- +----------+--------+---------+------------------------------------------+
143
- | Level | Name | Version | Vulnerability |
144
- +----------+--------+---------+------------------------------------------+
145
- | 🔴 Critical | rexml | 3.4.1 | REXML has DoS condition when parsing... |
146
- | 🟠 High | rack | 2.0.8 | Denial of Service vulnerability |
147
- | 🟡 Medium | nokogiri | 1.13.8 | XML parsing vulnerability |
148
- | 🟢 Low | json | 2.6.1 | JSON parsing issue |
149
- +----------+--------+---------+------------------------------------------+
141
+ +--------------+----------+---------+---------------------------------------------+
142
+ | Level | Name | Version | Vulnerability |
143
+ +--------------+----------+---------+---------------------------------------------+
144
+ | 🔴 Critical | rexml | 3.4.1 | REXML has DoS condition when parsing... |
145
+ | 🟠 High | rack | 2.0.8 | Denial of Service vulnerability |
146
+ | 🟡 Medium | nokogiri | 1.13.8 | XML parsing vulnerability |
147
+ | 🟢 Low | json | 2.6.1 | JSON parsing issue |
148
+ +--------------+----------+---------+---------------------------------------------+
150
149
 
151
150
  Gem Versions:
152
151
 
153
- +------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
154
- | Name | Current | Current version released on | Latest | Latest version released on | Behind By(Time)| Behind By(Versions) |
155
- +------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
156
- | sidekiq | 7.30 | 3/5/2024 | 8.1 | 11/11/2025 | 1 year | 15 |
157
- | rails | 7.0.0 | 12/15/2022 | 7.1.0 | 10/4/2024 | 1 year 10 months | 8 |
158
- | fastimage | 2.2.7 | 2/2/2025 | 2.3.2 | 9/9/2025 | 7 months | 3 |
159
- | nokogiri | 1.13.8 | 5/10/2023 | 1.15.0 | 8/20/2024 | 1 year 3 months | 12 |
160
- | redis | 4.8.0 | 1/15/2023 | 5.0.0 | 11/1/2024 | 1 year 9 months | 20 |
161
- | pg | 1.4.0 | 3/20/2023 | 1.5.0 | 9/15/2024 | 1 year 5 months | 6 |
162
- +------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
152
+ +------------------+---------+-------------------------------+---------+-------------------------------+---------------------+-----------------------+
153
+ | Name | Current | Current Released On | Latest | Latest Released On | Behind By(Time) | Behind By(Versions) |
154
+ +------------------+---------+-------------------------------+---------+-------------------------------+---------------------+-----------------------+
155
+ | sidekiq | 7.30 | 3/5/2024 | 8.1 | 11/11/2025 | 1 year | 15 |
156
+ | rails | 7.0.0 | 12/15/2022 | 7.1.0 | 10/4/2024 | 1 year 10 months | 8 |
157
+ | fastimage | 2.2.7 | 2/2/2025 | 2.3.2 | 9/9/2025 | 7 months | 3 |
158
+ | nokogiri | 1.13.8 | 5/10/2023 | 1.15.0 | 8/20/2024 | 1 year 3 months | 12 |
159
+ | redis | 4.8.0 | 1/15/2023 | 5.0.0 | 11/1/2024 | 1 year 9 months | 20 |
160
+ | pg | 1.4.0 | 3/20/2023 | 1.5.0 | 9/15/2024 | 1 year 5 months | 6 |
161
+ +------------------+---------+-------------------------------+---------+-------------------------------+---------------------+-----------------------+
163
162
 
164
163
  📦 Checking NPM packages... 45/45 ✓
165
164
 
166
165
  Package Vulnerabilities:
167
166
 
168
- +----------+--------+---------+------------------------------------------+
169
- | Level | Name | Version | Vulnerability |
170
- +----------+--------+---------+------------------------------------------+
171
- | 🔴 Critical | lodash | 4.17.20 | Prototype pollution vulnerability |
172
- | 🟠 High | moment | 2.29.1 | Wrong timezone date calculation |
173
- | 🟡 Medium | axios | 0.21.1 | Server-Side Request Forgery (SSRF) |
174
- | 🟢 Low | debug | 4.3.1 | Regular Expression Denial of Service |
175
- +----------+--------+---------+------------------------------------------+
167
+ +--------------+---------+---------+-----------------------------------------------+
168
+ | Level | Name | Version | Vulnerability |
169
+ +--------------+---------+---------+-----------------------------------------------+
170
+ | 🔴 Critical | lodash | 4.17.20 | Prototype pollution vulnerability |
171
+ | 🟠 High | moment | 2.29.1 | Wrong timezone date calculation |
172
+ | 🟡 Medium | axios | 0.21.1 | Server-Side Request Forgery (SSRF) |
173
+ | 🟢 Low | debug | 4.3.1 | Regular Expression Denial of Service |
174
+ +--------------+---------+---------+-----------------------------------------------+
176
175
 
177
176
  Package Versions:
178
177
 
179
- +------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
180
- | Name | Current | Current version released on | Latest | Latest version released on | Behind By(Time)| Behind By(Versions) |
181
- +------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
182
- | react | 17.0.2 | 3/3/2021 | 18.2.0 | 6/14/2023 | 2 years 3 months | 45 |
183
- | vue | 3.2.0 | 8/5/2021 | 3.3.0 | 5/18/2023 | 1 year 9 months | 8 |
184
- | jquery | 3.7.1 | 4/5/2024 | 3.9.1 | 10/11/2025 | 1 year | 8 |
185
- | express | 4.18.0 | 4/25/2022 | 4.18.2 | 8/15/2023 | 1 year 3 months | 2 |
186
- | webpack | 5.70.0 | 3/1/2022 | 5.88.0 | 6/1/2023 | 1 year 3 months | 18 |
187
- | typescript | 4.7.0 | 5/24/2022 | 5.1.0 | 5/25/2023 | 1 year | 12 |
188
- +------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
178
+ +------------------+---------+-------------------------------+---------+-------------------------------+---------------------+-----------------------+
179
+ | Name | Current | Current Released On | Latest | Latest Released On | Behind By(Time) | Behind By(Versions) |
180
+ +------------------+---------+-------------------------------+---------+-------------------------------+---------------------+-----------------------+
181
+ | react | 17.0.2 | 3/3/2021 | 18.2.0 | 6/14/2023 | 2 years 3 months | 45 |
182
+ | vue | 3.2.0 | 8/5/2021 | 3.3.0 | 5/18/2023 | 1 year 9 months | 8 |
183
+ | jquery | 3.7.1 | 4/5/2024 | 3.9.1 | 10/11/2025 | 1 year | 8 |
184
+ | express | 4.18.0 | 4/25/2022 | 4.18.2 | 8/15/2023 | 1 year 3 months | 2 |
185
+ | webpack | 5.70.0 | 3/1/2022 | 5.88.0 | 6/1/2023 | 1 year 3 months | 18 |
186
+ | typescript | 4.7.0 | 5/24/2022 | 5.1.0 | 5/25/2023 | 1 year | 12 |
187
+ +------------------+---------+-------------------------------+---------+-------------------------------+---------------------+-----------------------+
189
188
  ```
190
- ![aaaScreenshot 2025-11-15 at 2 54 24 pm](https://github.com/user-attachments/assets/9ce27e07-9c95-44ea-a96c-ec9537234d06)
191
- <img width="1333" height="741" alt="Screenshot 2025-11-15 at 2 54 34 pm" src="https://github.com/user-attachments/assets/22759b64-776f-4c9d-9bbb-3b70adead02e" />
192
-
193
189
 
194
190
  ### Direct Dependencies Only (with --exclude-dependencies)
195
191
 
@@ -346,9 +342,6 @@ Future features planned:
346
342
  - [ ] Export formats (JSON, CSV, HTML)
347
343
  - [ ] Summary statistics
348
344
  - [ ] Update command suggestions
349
- - [ ] Support for Python (pip) packages
350
- - [ ] Support for PHP (composer) packages
351
- - [ ] Support for Go modules
352
345
  - [ ] CI/CD integration flags
353
346
  - [ ] Configurable severity thresholds
354
347
  - [ ] Auto-fix suggestions
data/lib/rubion/scanner.rb CHANGED
@@ -106,8 +106,10 @@ module Rubion
106
106
  # Exit code 0 means no vulnerabilities found
107
107
  # Any other exit code or error means the command failed
108
108
  if status.exitstatus.nil? || status.exitstatus == 127 || stderr.include?('command not found') || stdout.include?('command not found')
109
- # Command not found - try to install bundler-audit automatically
110
- install_bundler_audit_and_retry
109
+ # Command not found - show friendly message and skip vulnerability check
110
+ puts "\n ℹ️ bundle-audit is not installed. Skipping gem vulnerability check."
111
+ puts " To enable vulnerability scanning, install it with: gem install bundler-audit\n"
112
+ @result.gem_vulnerabilities = []
111
113
  elsif status.exitstatus == 1 || status.success? || (!stdout.empty? && (stdout.include?('vulnerabilities found') || stdout.include?('Name:')))
112
114
  # Exit code 1 (vulnerabilities found) or 0 (no vulnerabilities) - parse output
113
115
  # Also try to parse if output looks valid even if exit code is unexpected
@@ -120,26 +122,6 @@ module Rubion
120
122
  end
121
123
  end
122
124
 
123
- def install_bundler_audit_and_retry
124
- puts "\n ⚠️ bundle-audit is not installed."
125
- print ' Attempting to install bundler-audit... '
126
- $stdout.flush
127
-
128
- _install_stdout, install_stderr, install_status = Open3.capture3('gem install bundler-audit 2>&1')
129
-
130
- if install_status.success?
131
- puts "✓ Successfully installed bundler-audit\n"
132
- puts " Retrying gem vulnerability check...\n\n"
133
- # Retry the check after installation
134
- check_gem_vulnerabilities
135
- else
136
- puts '✗ Failed to install bundler-audit'
137
- raise "bundle-audit is not installed and automatic installation failed.\n" \
138
- "Please install it manually by running: gem install bundler-audit\n" \
139
- "Installation error: #{install_stderr}"
140
- end
141
- end
142
-
143
125
  def check_gem_versions
144
126
  stdout, stderr, status = Open3.capture3('bundle outdated --parseable', chdir: @project_path)
145
127
 
data/lib/rubion/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Rubion
4
- VERSION = "0.3.14"
4
+ VERSION = "0.3.16"
5
5
  end
6
6
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rubion
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.14
4
+ version: 0.3.16
5
5
  platform: ruby
6
6
  authors:
7
7
  - bipashant