ruby_audit 1.0.1 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +6 -0
- data/.ruby-version +1 -1
- data/.travis.yml +4 -0
- data/CHANGELOG.md +27 -2
- data/CODE_OF_CONDUCT.md +50 -0
- data/CONTRIBUTING.md +2 -1
- data/README.md +0 -1
- data/lib/ruby_audit/scanner.rb +9 -19
- data/lib/ruby_audit/version.rb +1 -1
- data/ruby_audit.gemspec +4 -4
- metadata +11 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3612d5a53b16b0cf99d2be474839e2f3a5489db3
|
4
|
+
data.tar.gz: cdb8a71484f39baf3de2c970c9b456e0d595cf11
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 020fb7a066379134b03766b26ed65a0993a73c10185e62a3f91d97d8b86f995ab37f13b967c735aa51ebb9fcb053365687445066b795da0e93cbac4a57345ad9
|
7
|
+
data.tar.gz: 149540b1f57e9cfa3fb526e36d5ba0e64a7212fbc1dd615d2cd333b305f9c63a8f6db66ed1d788365f33388a11f7ad7f5a1e05e3dca81851f551478f5ead3dab
|
data/.rubocop.yml
CHANGED
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.3.
|
1
|
+
2.3.1
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,8 +1,28 @@
|
|
1
1
|
# Change Log
|
2
2
|
|
3
|
-
|
3
|
+
All notable changes to this project will be documented in this file.
|
4
|
+
This project adheres to [Semantic Versioning](http://semver.org/).
|
4
5
|
|
5
|
-
|
6
|
+
## Unreleased
|
7
|
+
|
8
|
+
## [1.1.0] - 2016-09-15
|
9
|
+
|
10
|
+
### Added
|
11
|
+
|
12
|
+
* Added a matrix build of 2.1, 2.2, and 2.3 to Travis
|
13
|
+
|
14
|
+
### Changed
|
15
|
+
|
16
|
+
* Added a [Code of Conduct](CODE_OF_CONDUCT.md)
|
17
|
+
* Bumped the bundler-audit version to 0.5
|
18
|
+
* Bumped the RSpec version for development to 3.5
|
19
|
+
* Bumped the Rake version for development to 11.2
|
20
|
+
* Bumped the RuboCop version for development to 0.42
|
21
|
+
* Bumped the Ruby version for development to 2.3.1
|
22
|
+
|
23
|
+
## [1.0.1] - 2016-02-03
|
24
|
+
|
25
|
+
### Fixed
|
6
26
|
|
7
27
|
* [#1](https://github.com/civisanalytics/ruby_audit/pull/1)
|
8
28
|
removing unreliable last-update check
|
@@ -10,3 +30,8 @@
|
|
10
30
|
## 1.0.0 (2016-02-03)
|
11
31
|
|
12
32
|
* Initial Release
|
33
|
+
|
34
|
+
[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v1.1.0...HEAD
|
35
|
+
[1.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.1...v1.1.0
|
36
|
+
[1.0.1]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.0...v1.0.1
|
37
|
+
[1.0.0]: https://github.com/civisanalytics/ruby_audit/commit/7535b70412641c888c80d99514b27ba254fb8316
|
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
# Contributor Code of Conduct
|
2
|
+
|
3
|
+
As contributors and maintainers of this project, and in the interest of
|
4
|
+
fostering an open and welcoming community, we pledge to respect all people who
|
5
|
+
contribute through reporting issues, posting feature requests, updating
|
6
|
+
documentation, submitting pull requests or patches, and other activities.
|
7
|
+
|
8
|
+
We are committed to making participation in this project a harassment-free
|
9
|
+
experience for everyone, regardless of level of experience, gender, gender
|
10
|
+
identity and expression, sexual orientation, disability, personal appearance,
|
11
|
+
body size, race, ethnicity, age, religion, or nationality.
|
12
|
+
|
13
|
+
Examples of unacceptable behavior by participants include:
|
14
|
+
|
15
|
+
* The use of sexualized language or imagery
|
16
|
+
* Personal attacks
|
17
|
+
* Trolling or insulting/derogatory comments
|
18
|
+
* Public or private harassment
|
19
|
+
* Publishing other's private information, such as physical or electronic
|
20
|
+
addresses, without explicit permission
|
21
|
+
* Other unethical or unprofessional conduct
|
22
|
+
|
23
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
24
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
25
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
26
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
27
|
+
threatening, offensive, or harmful.
|
28
|
+
|
29
|
+
By adopting this Code of Conduct, project maintainers commit themselves to
|
30
|
+
fairly and consistently applying these principles to every aspect of managing
|
31
|
+
this project. Project maintainers who do not follow or enforce the Code of
|
32
|
+
Conduct may be permanently removed from the project team.
|
33
|
+
|
34
|
+
This Code of Conduct applies both within project spaces and in public spaces
|
35
|
+
when an individual is representing the project or its community.
|
36
|
+
|
37
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
38
|
+
reported by contacting a project maintainer at opensource@civisanalytics.com.
|
39
|
+
All complaints will be reviewed and investigated and will result in a response
|
40
|
+
that is deemed necessary and appropriate to the circumstances. Maintainers are
|
41
|
+
obligated to maintain confidentiality with regard to the reporter of an
|
42
|
+
incident.
|
43
|
+
|
44
|
+
|
45
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
46
|
+
version 1.3.0, available at
|
47
|
+
[http://contributor-covenant.org/version/1/3/0/][version]
|
48
|
+
|
49
|
+
[homepage]: http://contributor-covenant.org
|
50
|
+
[version]: http://contributor-covenant.org/version/1/3/0/
|
data/CONTRIBUTING.md
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
# Contributing to RubyAudit
|
2
2
|
|
3
|
-
We welcome pull requests from everyone!
|
3
|
+
We welcome bug reports and pull requests from everyone!
|
4
|
+
This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
4
5
|
|
5
6
|
## Getting Started
|
6
7
|
|
data/README.md
CHANGED
@@ -2,7 +2,6 @@
|
|
2
2
|
|
3
3
|
[![Build Status](https://travis-ci.org/civisanalytics/ruby_audit.svg?branch=master)](https://travis-ci.org/civisanalytics/ruby_audit)
|
4
4
|
[![Gem Version](https://badge.fury.io/rb/ruby_audit.svg)](http://badge.fury.io/rb/ruby_audit)
|
5
|
-
[![Dependency Status](https://gemnasium.com/civisanalytics/ruby_audit.svg)](https://gemnasium.com/civisanalytics/ruby_audit)
|
6
5
|
|
7
6
|
RubyAudit checks your current version of Ruby and RubyGems against known security vulnerabilities (CVEs), alerting you if you are using an insecure version.
|
8
7
|
It complements [bundler-audit](https://github.com/rubysec/bundler-audit), providing complete coverage for your Ruby stack.
|
data/lib/ruby_audit/scanner.rb
CHANGED
@@ -23,11 +23,11 @@ module RubyAudit
|
|
23
23
|
end
|
24
24
|
|
25
25
|
def scan_ruby(options = {}, &block)
|
26
|
-
if RUBY_PATCHLEVEL < 0
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
26
|
+
version = if RUBY_PATCHLEVEL < 0
|
27
|
+
ruby_version
|
28
|
+
else
|
29
|
+
"#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
|
30
|
+
end
|
31
31
|
specs = [Version.new(RUBY_ENGINE, version)]
|
32
32
|
scan_inner(specs, 'ruby', options, &block)
|
33
33
|
end
|
@@ -43,8 +43,8 @@ module RubyAudit
|
|
43
43
|
# .gsub to separate strings (e.g., 2.1.0dev -> 2.1.0.dev,
|
44
44
|
# 2.2.0preview1 -> 2.2.0.preview.1).
|
45
45
|
`ruby --version`.split[1]
|
46
|
-
|
47
|
-
|
46
|
+
.gsub(/(\d)([a-z]+)/, '\1.\2')
|
47
|
+
.gsub(/([a-z]+)(\d)/, '\1.\2')
|
48
48
|
end
|
49
49
|
|
50
50
|
def rubygems_version
|
@@ -59,22 +59,12 @@ module RubyAudit
|
|
59
59
|
|
60
60
|
specs.each do |spec|
|
61
61
|
@database.send("check_#{type}".to_sym, spec) do |advisory|
|
62
|
-
unless ignore.include?(cve_id
|
63
|
-
ignore.include?(osvdb_id
|
62
|
+
unless ignore.include?(advisory.cve_id) ||
|
63
|
+
ignore.include?(advisory.osvdb_id)
|
64
64
|
yield UnpatchedGem.new(spec, advisory)
|
65
65
|
end
|
66
66
|
end
|
67
67
|
end
|
68
68
|
end
|
69
|
-
|
70
|
-
# Workaround for advisory.cve_id, present in master but not 0.4.0.
|
71
|
-
def cve_id(advisory)
|
72
|
-
"CVE-#{advisory.cve}" if advisory.cve
|
73
|
-
end
|
74
|
-
|
75
|
-
# Workaround for advisory.osvdb_id, present in master but not 0.4.0.
|
76
|
-
def osvdb_id(advisory)
|
77
|
-
"OSVDB-#{advisory.osvdb}" if advisory.osvdb
|
78
|
-
end
|
79
69
|
end
|
80
70
|
end
|
data/lib/ruby_audit/version.rb
CHANGED
data/ruby_audit.gemspec
CHANGED
@@ -23,11 +23,11 @@ Gem::Specification.new do |spec|
|
|
23
23
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
24
24
|
spec.require_paths = ['lib']
|
25
25
|
|
26
|
-
spec.add_dependency 'bundler-audit', '~> 0.
|
26
|
+
spec.add_dependency 'bundler-audit', '~> 0.5.0'
|
27
27
|
spec.add_development_dependency 'bundler', '~> 1.11'
|
28
28
|
spec.add_development_dependency 'pry', '~> 0.10.3'
|
29
|
-
spec.add_development_dependency 'rake', '~>
|
30
|
-
spec.add_development_dependency 'rspec', '~> 3.
|
31
|
-
spec.add_development_dependency 'rubocop', '~> 0.
|
29
|
+
spec.add_development_dependency 'rake', '~> 11.2'
|
30
|
+
spec.add_development_dependency 'rspec', '~> 3.5'
|
31
|
+
spec.add_development_dependency 'rubocop', '~> 0.42.0'
|
32
32
|
spec.add_development_dependency 'timecop', '~> 0.8.0'
|
33
33
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby_audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeff Cousens
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-09-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler-audit
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.5.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.5.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -58,42 +58,42 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: '
|
61
|
+
version: '11.2'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: '
|
68
|
+
version: '11.2'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rspec
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
73
|
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: '3.
|
75
|
+
version: '3.5'
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: '3.
|
82
|
+
version: '3.5'
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: rubocop
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: 0.
|
89
|
+
version: 0.42.0
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: 0.
|
96
|
+
version: 0.42.0
|
97
97
|
- !ruby/object:Gem::Dependency
|
98
98
|
name: timecop
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
@@ -125,6 +125,7 @@ files:
|
|
125
125
|
- ".ruby-version"
|
126
126
|
- ".travis.yml"
|
127
127
|
- CHANGELOG.md
|
128
|
+
- CODE_OF_CONDUCT.md
|
128
129
|
- CONTRIBUTING.md
|
129
130
|
- Gemfile
|
130
131
|
- LICENSE.md
|