ruby_audit 1.3.0 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 529f49e7e88c457cb4c29a4aace7564b7753d2252541d61a4383110e6a7e8b48
4
- data.tar.gz: cd616a710742a529c9782f032980e3d6c350aab2e6bff3c683b5886d2123e39e
3
+ metadata.gz: b939a8de9d5f33649faf17b6181580235b4c40566e5582d99220bcf36588afb2
4
+ data.tar.gz: 22d2f224e26baac967f47a402f971175c3c7489af24720f31edc2d3d301efa5e
5
5
  SHA512:
6
- metadata.gz: ce3763a7c324c47adf80a8558e6b3f11ed579730f7ebca3a726e40bd3a23ee98928c7f3dc6c3fc63823010a9cdc2c56672c4e58a6cb2a6cf1118ef7bfcbcf9d5
7
- data.tar.gz: aab0478eb61ab75e739d6197394cf0bd6dac75bf96f66c94cd115329a510f82f0917837374d226266cec043383759b59ce3cebd904d0df9858532354cc5b140c
6
+ metadata.gz: c04e0bf277cbb8ad80690abb7adb4680c811479e952e08257a9ae7a89792fb33e08acc7a1674195a88592c01a865fd47a2d71501b9642c37330dcd1f71bbca12
7
+ data.tar.gz: 5c54e924a470a1d9ecc7e8f913ddd50aa3e5d8f4540a70afa8e9636187cac3d9ecd4993d62f3bb6936d791bcc259c3bebf2ebe305e492905950c9709cc4a9d26
data/.rspec CHANGED
@@ -1 +1,2 @@
1
1
  --color
2
+ --warnings
data/.rubocop.yml CHANGED
@@ -1,4 +1,9 @@
1
- Metrics/LineLength:
1
+ AllCops:
2
+ TargetRubyVersion: 2.5
3
+ NewCops: enable
4
+ SuggestExtensions: false
5
+
6
+ Layout/LineLength:
2
7
  Exclude:
3
8
  - 'ruby_audit.gemspec'
4
9
 
@@ -6,7 +11,7 @@ Metrics/MethodLength:
6
11
  Max: 15
7
12
 
8
13
  Metrics/BlockLength:
9
- ExcludedMethods:
14
+ IgnoredMethods:
10
15
  - describe
11
16
 
12
17
  Style/Documentation:
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 2.7.1
1
+ 3.0.0
data/.travis.yml CHANGED
@@ -3,7 +3,8 @@ cache: bundler
3
3
  rvm:
4
4
  - 2.5.8
5
5
  - 2.6.6
6
- - 2.7.1
6
+ - 2.7.2
7
+ - 3.0.0
7
8
  branches:
8
9
  only:
9
10
  - master
data/CHANGELOG.md CHANGED
@@ -5,6 +5,17 @@ This project adheres to [Semantic Versioning](http://semver.org/).
5
5
 
6
6
  ## [Unreleased]
7
7
 
8
+ ## [2.0.0] - 2021-03-22
9
+
10
+ ### Added
11
+
12
+ * Require bundler-audit 0.8
13
+ * Added Ruby 3.0 to the Travis matrix
14
+
15
+ ### Removed
16
+
17
+ * Removed support for bundler-audit 0.7
18
+
8
19
  ## [1.3.0] - 2020-07-01
9
20
 
10
21
  ### Added
@@ -66,7 +77,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
66
77
 
67
78
  * Initial Release
68
79
 
69
- [Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...HEAD
80
+ [Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...HEAD
81
+ [1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...v2.0.0
70
82
  [1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.2.0...v1.3.0
71
83
  [1.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.1.0...v1.2.0
72
84
  [1.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.1...v1.1.0
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # RubyAudit
2
2
 
3
- [![Build Status](https://travis-ci.org/civisanalytics/ruby_audit.svg?branch=master)](https://travis-ci.org/civisanalytics/ruby_audit)
3
+ [![Build Status](https://travis-ci.com/civisanalytics/ruby_audit.svg?branch=master)](https://travis-ci.com/civisanalytics/ruby_audit)
4
4
  [![Gem Version](https://badge.fury.io/rb/ruby_audit.svg)](http://badge.fury.io/rb/ruby_audit)
5
5
 
6
6
  RubyAudit checks your current version of Ruby and RubyGems against known security vulnerabilities (CVEs), alerting you if you are using an insecure version.
data/lib/ruby_audit.rb CHANGED
@@ -1,4 +1,3 @@
1
- require 'bundler/audit/cli'
2
1
  require 'ruby_audit/cli'
3
2
  require 'ruby_audit/database'
4
3
  require 'ruby_audit/scanner'
@@ -1,5 +1,10 @@
1
+ require 'thor'
2
+
1
3
  module RubyAudit
2
- class CLI < Bundler::Audit::CLI
4
+ class CLI < ::Thor
5
+ default_task :check
6
+ map '--version' => :version
7
+
3
8
  desc 'check', 'Checks Ruby and RubyGems for insecure versions'
4
9
  method_option :ignore, type: :array, aliases: '-i'
5
10
  method_option :no_update, type: :boolean, aliases: '-n'
@@ -52,6 +57,72 @@ module RubyAudit
52
57
 
53
58
  private
54
59
 
60
+ def say(message = '', color = nil)
61
+ color = nil unless $stdout.tty?
62
+ super(message.to_s, color)
63
+ end
64
+
65
+ # rubocop:disable Metrics/AbcSize
66
+ # rubocop:disable Metrics/CyclomaticComplexity
67
+ # rubocop:disable Metrics/MethodLength
68
+ # rubocop:disable Metrics/PerceivedComplexity
69
+ def print_advisory(gem, advisory)
70
+ say 'Name: ', :red
71
+ say gem.name
72
+
73
+ say 'Version: ', :red
74
+ say gem.version
75
+
76
+ say 'Advisory: ', :red
77
+
78
+ if advisory.cve
79
+ say advisory.cve_id
80
+ elsif advisory.osvdb
81
+ say advisory.osvdb_id
82
+ elsif advisory.ghsa
83
+ say advisory.ghsa_id
84
+ end
85
+
86
+ say 'Criticality: ', :red
87
+ case advisory.criticality
88
+ when :none then say 'None'
89
+ when :low then say 'Low'
90
+ when :medium then say 'Medium', :yellow
91
+ when :high then say 'High', %i[red bold]
92
+ when :critical then say 'Critical', %i[red bold]
93
+ else say 'Unknown'
94
+ end
95
+
96
+ say 'URL: ', :red
97
+ say advisory.url
98
+
99
+ if options.verbose?
100
+ say 'Description:', :red
101
+ say
102
+
103
+ print_wrapped advisory.description, indent: 2
104
+ say
105
+ else
106
+
107
+ say 'Title: ', :red
108
+ say advisory.title
109
+ end
110
+
111
+ if advisory.patched_versions.empty?
112
+ say 'Solution: ', :red
113
+ say 'remove or disable this gem until a patch is available!', %i[red bold]
114
+ else
115
+ say 'Solution: upgrade to ', :red
116
+ say advisory.patched_versions.join(', ')
117
+ end
118
+
119
+ say
120
+ end
121
+ # rubocop:enable Metrics/PerceivedComplexity
122
+ # rubocop:enable Metrics/MethodLength
123
+ # rubocop:enable Metrics/CyclomaticComplexity
124
+ # rubocop:enable Metrics/AbcSize
125
+
55
126
  def check_for_stale_database
56
127
  database = Database.new
57
128
  return unless database.size == 89
@@ -1,3 +1,5 @@
1
+ require 'bundler/audit/database'
2
+
1
3
  module RubyAudit
2
4
  class Database < Bundler::Audit::Database
3
5
  def advisories_for(name, type)
@@ -1,5 +1,8 @@
1
+ require 'bundler/audit/results/unpatched_gem'
2
+ require 'set'
3
+
1
4
  module RubyAudit
2
- class Scanner < Bundler::Audit::Scanner
5
+ class Scanner
3
6
  class Version
4
7
  def initialize(name, version)
5
8
  @name = name
@@ -52,14 +55,16 @@ module RubyAudit
52
55
  end
53
56
 
54
57
  def scan_inner(specs, type, options = {})
55
- return enum_for(__method__, options) unless block_given?
58
+ return enum_for(__method__, specs, type, options) unless block_given?
56
59
 
57
60
  ignore = Set[]
58
61
  ignore += options[:ignore] if options[:ignore]
59
62
 
60
63
  specs.each do |spec|
61
64
  @database.send("check_#{type}".to_sym, spec) do |advisory|
62
- yield UnpatchedGem.new(spec, advisory) unless ignore.intersect?(advisory.identifiers.to_set)
65
+ unless ignore.intersect?(advisory.identifiers.to_set)
66
+ yield Bundler::Audit::Results::UnpatchedGem.new(spec, advisory)
67
+ end
63
68
  end
64
69
  end
65
70
  end
@@ -1,3 +1,3 @@
1
1
  module RubyAudit
2
- VERSION = '1.3.0'.freeze
2
+ VERSION = '2.0.0'.freeze
3
3
  end
data/ruby_audit.gemspec CHANGED
@@ -15,17 +15,18 @@ Gem::Specification.new do |spec|
15
15
  'version. It complements bundler-audit, providing ' \
16
16
  'complete coverage for your Ruby stack.'
17
17
  spec.homepage = 'https://github.com/civisanalytics/ruby_audit'
18
- spec.license = 'GPLv3'
18
+ spec.license = 'GPL-3.0-or-later'
19
19
 
20
+ spec.required_ruby_version = ['>= 2.5', '< 3.1']
20
21
  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
21
22
  spec.bindir = 'exe'
22
23
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
23
24
  spec.require_paths = ['lib']
24
25
 
25
- spec.add_dependency 'bundler-audit', '~> 0.7.0'
26
+ spec.add_dependency 'bundler-audit', '~> 0.8.0'
26
27
  spec.add_development_dependency 'pry', '~> 0.13.0'
27
28
  spec.add_development_dependency 'rake', '~> 13.0'
28
29
  spec.add_development_dependency 'rspec', '~> 3.9'
29
- spec.add_development_dependency 'rubocop', '~> 0.86.0'
30
+ spec.add_development_dependency 'rubocop', '~> 1.9.1'
30
31
  spec.add_development_dependency 'timecop', '~> 0.9.1'
31
32
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeff Cousens, Mike Saelim
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-07-01 00:00:00.000000000 Z
11
+ date: 2021-03-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-audit
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.7.0
19
+ version: 0.8.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.7.0
26
+ version: 0.8.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: pry
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -72,14 +72,14 @@ dependencies:
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 0.86.0
75
+ version: 1.9.1
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 0.86.0
82
+ version: 1.9.1
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: timecop
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -128,9 +128,9 @@ files:
128
128
  - ruby_audit.gemspec
129
129
  homepage: https://github.com/civisanalytics/ruby_audit
130
130
  licenses:
131
- - GPLv3
131
+ - GPL-3.0-or-later
132
132
  metadata: {}
133
- post_install_message:
133
+ post_install_message:
134
134
  rdoc_options: []
135
135
  require_paths:
136
136
  - lib
@@ -138,15 +138,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
138
138
  requirements:
139
139
  - - ">="
140
140
  - !ruby/object:Gem::Version
141
- version: '0'
141
+ version: '2.5'
142
+ - - "<"
143
+ - !ruby/object:Gem::Version
144
+ version: '3.1'
142
145
  required_rubygems_version: !ruby/object:Gem::Requirement
143
146
  requirements:
144
147
  - - ">="
145
148
  - !ruby/object:Gem::Version
146
149
  version: '0'
147
150
  requirements: []
148
- rubygems_version: 3.1.2
149
- signing_key:
151
+ rubygems_version: 3.2.3
152
+ signing_key:
150
153
  specification_version: 4
151
154
  summary: Checks Ruby and RubyGems against known vulnerabilities.
152
155
  test_files: []