rubion 0.3.17 → 0.3.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/rubion/scanner.rb +31 -3
- data/lib/rubion/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c02b3b976c548af77be89141a6abb06ee9ee8431606512361fce0375bae02f91
|
|
4
|
+
data.tar.gz: 77032534958a027081fdf213339eb43456cb5891b009ffe6a9200b39f851d7bd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a02452fc1e9bf2587eedee8146c3fa4d4427434ed2dd7cc9d78fbfb94646179ea466b9de047d02502d92f410f21a944e6e8da3b18cff44b23d775112992fe407
|
|
7
|
+
data.tar.gz: b04981ce97169f9b8727beea93beb88b9f78bf1d8dc5075317355645f67ba7d47f87c0107f4da6ad1d1ca7dcf5a4f8dbd164de3095d7996f1d2668dd1d2900e8
|
data/lib/rubion/scanner.rb
CHANGED
|
@@ -151,12 +151,16 @@ module Rubion
|
|
|
151
151
|
if status.exitstatus.nil?
|
|
152
152
|
# Command not found or failed to execute
|
|
153
153
|
raise "#{@package_manager} audit command failed or is not available. Error: #{stderr}"
|
|
154
|
-
elsif !status.success? && status.exitstatus != 1
|
|
155
|
-
#
|
|
156
|
-
# Other non-zero codes are errors
|
|
154
|
+
elsif @package_manager == 'npm' && !status.success? && status.exitstatus != 1
|
|
155
|
+
# For npm, exit code 1 means vulnerabilities were found; any other non-zero code is an error
|
|
157
156
|
raise "#{@package_manager} audit failed with exit code #{status.exitstatus}. Output: #{stdout}#{unless stderr.empty?
|
|
158
157
|
"\nError: #{stderr}"
|
|
159
158
|
end}"
|
|
159
|
+
elsif @package_manager == 'yarn' && !status.success?
|
|
160
|
+
# For Yarn (classic), any non-zero exit code is a bitmask of severities:
|
|
161
|
+
# 1=info, 2=low, 4=moderate, 8=high, 16=critical. The exit code is the sum of severities found.
|
|
162
|
+
# Non-zero here indicates vulnerabilities were found; we'll still try to parse the JSON output below.
|
|
163
|
+
# Do not raise here so that vulnerabilities are handled gracefully.
|
|
160
164
|
end
|
|
161
165
|
|
|
162
166
|
begin
|
|
@@ -168,6 +172,30 @@ module Rubion
|
|
|
168
172
|
parse_npm_audit_output(data)
|
|
169
173
|
end
|
|
170
174
|
rescue JSON::ParserError => e
|
|
175
|
+
# npm audit can emit human-readable errors plus a JSON error object when there is
|
|
176
|
+
# no lockfile (ENOLOCK) or similar issues. Because we redirect stderr to stdout
|
|
177
|
+
# (2>&1), the mixed output may not be valid JSON.
|
|
178
|
+
if @package_manager == 'npm'
|
|
179
|
+
json_start = stdout.index('{')
|
|
180
|
+
json_end = stdout.rindex('}')
|
|
181
|
+
|
|
182
|
+
if json_start && json_end && json_end > json_start
|
|
183
|
+
json_str = stdout[json_start..json_end]
|
|
184
|
+
|
|
185
|
+
begin
|
|
186
|
+
error_data = JSON.parse(json_str)
|
|
187
|
+
|
|
188
|
+
if error_data.is_a?(Hash) && error_data.dig('error', 'code') == 'ENOLOCK'
|
|
189
|
+
puts "\n ℹ️ npm audit requires a package-lock.json. Skipping npm vulnerability check.\n"
|
|
190
|
+
@result.package_vulnerabilities = []
|
|
191
|
+
return
|
|
192
|
+
end
|
|
193
|
+
rescue JSON::ParserError
|
|
194
|
+
# Fall through to the generic error below
|
|
195
|
+
end
|
|
196
|
+
end
|
|
197
|
+
end
|
|
198
|
+
|
|
171
199
|
raise "Failed to parse #{@package_manager} audit JSON output: #{e.message}. Raw output: #{stdout}"
|
|
172
200
|
end
|
|
173
201
|
end
|
data/lib/rubion/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rubion
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.19
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- bipashant
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-11-
|
|
11
|
+
date: 2025-11-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: terminal-table
|