ruby_audit 2.2.0 → 2.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +1 -1
- data/.ruby-version +1 -1
- data/CHANGELOG.md +23 -2
- data/README.md +4 -1
- data/lib/ruby_audit/cli.rb +5 -17
- data/lib/ruby_audit/database.rb +3 -4
- data/lib/ruby_audit/scanner.rb +2 -2
- data/lib/ruby_audit/version.rb +1 -1
- data/ruby_audit.gemspec +1 -1
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f279cf36dd7235aecac769d5179ac4dd4bd827aeb63091f656a8b28a840856e8
|
|
4
|
+
data.tar.gz: f9e74e7dc700d31d521df493659379baf922957c9727f79efb57f9166d95cf64
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d0e764605a9362ba2af5e0ae830625a3496091c00d436fd655c9f582f410a00f5ecf5787bf51c2feb7c460d88bb26564d62baeaaa1c0126936c2c48c6c79828b
|
|
7
|
+
data.tar.gz: b0192910cf78633adb5b82a8b5cb9e43b725d3d829c240b6507e583e387f19fd1eb0bd64d317a72fcc571ec9bc1983eb5f37ec85b151c052ba6e6fa781610f37
|
data/.github/workflows/test.yml
CHANGED
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.3.0
|
data/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,24 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|
|
5
5
|
|
|
6
6
|
## [Unreleased]
|
|
7
7
|
|
|
8
|
+
## [2.3.1] - 2024-05-17
|
|
9
|
+
|
|
10
|
+
### Removed
|
|
11
|
+
|
|
12
|
+
* [#34](https://github.com/civisanalytics/ruby_audit/pull/34)
|
|
13
|
+
Removed check for stale database that no longer does anything
|
|
14
|
+
|
|
15
|
+
### Fixed
|
|
16
|
+
|
|
17
|
+
* [#35](https://github.com/civisanalytics/ruby_audit/pull/35)
|
|
18
|
+
Look for rubygems advisories in the correct directory of the ruby-advisory-db
|
|
19
|
+
|
|
20
|
+
## [2.3.0] - 2024-01-10
|
|
21
|
+
|
|
22
|
+
### Added
|
|
23
|
+
|
|
24
|
+
* Support for Ruby 3.3
|
|
25
|
+
|
|
8
26
|
## [2.2.0] - 2023-01-05
|
|
9
27
|
|
|
10
28
|
### Added
|
|
@@ -90,8 +108,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|
|
90
108
|
|
|
91
109
|
* Initial Release
|
|
92
110
|
|
|
93
|
-
[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.
|
|
94
|
-
[
|
|
111
|
+
[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.3.0...HEAD
|
|
112
|
+
[2.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.2.0...v2.3.0
|
|
113
|
+
[2.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.1.0...v2.2.0
|
|
114
|
+
[2.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...v2.1.0
|
|
115
|
+
[2.0.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...v2.0.0
|
|
95
116
|
[1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.2.0...v1.3.0
|
|
96
117
|
[1.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.1.0...v1.2.0
|
|
97
118
|
[1.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.1...v1.1.0
|
data/README.md
CHANGED
|
@@ -57,9 +57,12 @@ $ ruby-audit check -n
|
|
|
57
57
|
|
|
58
58
|
After checking out the repo, run `bin/setup` to install dependencies.
|
|
59
59
|
You'll also want to run `git submodule update --init` to populate the ruby-advisory-db
|
|
60
|
-
submodule used for testing. Then, run `rake spec` to run the tests.
|
|
60
|
+
submodule in `/vendor` that is used for testing. Then, run `rake spec` to run the tests.
|
|
61
61
|
You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
62
62
|
|
|
63
|
+
The database in `/vendor/ruby-advisory-db` is only used as a fixture for unit tests.
|
|
64
|
+
By default, the database used for actual vulnerability checks is stored at `~/.local/share/ruby-advisory-db`.
|
|
65
|
+
|
|
63
66
|
To install this gem onto your local machine, run `bundle exec rake install`.
|
|
64
67
|
To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
|
65
68
|
|
data/lib/ruby_audit/cli.rb
CHANGED
|
@@ -12,8 +12,6 @@ module RubyAudit
|
|
|
12
12
|
def check
|
|
13
13
|
update unless options[:no_update]
|
|
14
14
|
|
|
15
|
-
check_for_stale_database
|
|
16
|
-
|
|
17
15
|
scanner = Scanner.new
|
|
18
16
|
vulnerable = false
|
|
19
17
|
|
|
@@ -30,7 +28,6 @@ module RubyAudit
|
|
|
30
28
|
end
|
|
31
29
|
end
|
|
32
30
|
|
|
33
|
-
# Copied from bundler-audit master. Not present in 0.4.0.
|
|
34
31
|
desc 'update', 'Updates the ruby-advisory-db'
|
|
35
32
|
def update
|
|
36
33
|
say 'Updating ruby-advisory-db ...'
|
|
@@ -45,14 +42,16 @@ module RubyAudit
|
|
|
45
42
|
say 'Skipping update', :yellow
|
|
46
43
|
end
|
|
47
44
|
|
|
48
|
-
|
|
45
|
+
database = Database.new
|
|
46
|
+
puts "ruby-advisory-db: #{database.size} advisories, " \
|
|
47
|
+
"last updated #{database.last_updated_at.utc}"
|
|
49
48
|
end
|
|
50
49
|
|
|
51
50
|
desc 'version', 'Prints the ruby-audit version'
|
|
52
51
|
def version
|
|
53
52
|
database = Database.new
|
|
54
|
-
puts "#{File.basename($PROGRAM_NAME)} #{VERSION} "\
|
|
55
|
-
"(advisories: #{database.size})"
|
|
53
|
+
puts "#{File.basename($PROGRAM_NAME)} #{VERSION} " \
|
|
54
|
+
"(advisories: #{database.size}, last updated: #{database.last_updated_at.utc})"
|
|
56
55
|
end
|
|
57
56
|
|
|
58
57
|
private
|
|
@@ -122,16 +121,5 @@ module RubyAudit
|
|
|
122
121
|
# rubocop:enable Metrics/MethodLength
|
|
123
122
|
# rubocop:enable Metrics/CyclomaticComplexity
|
|
124
123
|
# rubocop:enable Metrics/AbcSize
|
|
125
|
-
|
|
126
|
-
def check_for_stale_database
|
|
127
|
-
database = Database.new
|
|
128
|
-
return unless database.size == 89
|
|
129
|
-
|
|
130
|
-
# bundler-audit 0.4.0 comes bundled with an old verison of
|
|
131
|
-
# ruby-advisory-db that has 89 advisories and NO advisories for Ruby
|
|
132
|
-
# or RubyGems. If #size == 89, the database has never been updated.
|
|
133
|
-
say 'The database must be updated before using RubyAudit', :red
|
|
134
|
-
exit 1
|
|
135
|
-
end
|
|
136
124
|
end
|
|
137
125
|
end
|
data/lib/ruby_audit/database.rb
CHANGED
|
@@ -14,8 +14,8 @@ module RubyAudit
|
|
|
14
14
|
check(ruby, 'rubies', &block)
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
def
|
|
18
|
-
check(
|
|
17
|
+
def check_rubygems(rubygems, &block)
|
|
18
|
+
check(rubygems, 'gems', &block)
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def check(object, type = 'gems')
|
|
@@ -29,8 +29,7 @@ module RubyAudit
|
|
|
29
29
|
protected
|
|
30
30
|
|
|
31
31
|
def each_advisory_path(&block)
|
|
32
|
-
Dir.glob(File.join(@path, '{gems,
|
|
33
|
-
&block)
|
|
32
|
+
Dir.glob(File.join(@path, '{gems,rubies}', '*', '*.yml'), &block)
|
|
34
33
|
end
|
|
35
34
|
|
|
36
35
|
def each_advisory_path_for(name, type = 'gems', &block)
|
data/lib/ruby_audit/scanner.rb
CHANGED
|
@@ -36,8 +36,8 @@ module RubyAudit
|
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def scan_rubygems(options = {}, &block)
|
|
39
|
-
specs = [Version.new('rubygems', rubygems_version)]
|
|
40
|
-
scan_inner(specs, '
|
|
39
|
+
specs = [Version.new('rubygems-update', rubygems_version)]
|
|
40
|
+
scan_inner(specs, 'rubygems', options, &block)
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
private
|
data/lib/ruby_audit/version.rb
CHANGED
data/ruby_audit.gemspec
CHANGED
|
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
|
|
|
17
17
|
spec.homepage = 'https://github.com/civisanalytics/ruby_audit'
|
|
18
18
|
spec.license = 'GPL-3.0-or-later'
|
|
19
19
|
|
|
20
|
-
spec.required_ruby_version = ['>= 2.5', '< 3.
|
|
20
|
+
spec.required_ruby_version = ['>= 2.5', '< 3.4']
|
|
21
21
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
|
22
22
|
spec.bindir = 'exe'
|
|
23
23
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
metadata
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby_audit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeff Cousens, Mike Saelim
|
|
8
8
|
- John Zhang
|
|
9
9
|
- Cristina Muñoz
|
|
10
|
-
autorequire:
|
|
10
|
+
autorequire:
|
|
11
11
|
bindir: exe
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2024-05-23 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: bundler-audit
|
|
@@ -132,7 +132,7 @@ homepage: https://github.com/civisanalytics/ruby_audit
|
|
|
132
132
|
licenses:
|
|
133
133
|
- GPL-3.0-or-later
|
|
134
134
|
metadata: {}
|
|
135
|
-
post_install_message:
|
|
135
|
+
post_install_message:
|
|
136
136
|
rdoc_options: []
|
|
137
137
|
require_paths:
|
|
138
138
|
- lib
|
|
@@ -143,15 +143,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
143
143
|
version: '2.5'
|
|
144
144
|
- - "<"
|
|
145
145
|
- !ruby/object:Gem::Version
|
|
146
|
-
version: '3.
|
|
146
|
+
version: '3.4'
|
|
147
147
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
148
148
|
requirements:
|
|
149
149
|
- - ">="
|
|
150
150
|
- !ruby/object:Gem::Version
|
|
151
151
|
version: '0'
|
|
152
152
|
requirements: []
|
|
153
|
-
rubygems_version: 3.
|
|
154
|
-
signing_key:
|
|
153
|
+
rubygems_version: 3.4.10
|
|
154
|
+
signing_key:
|
|
155
155
|
specification_version: 4
|
|
156
156
|
summary: Checks Ruby and RubyGems against known vulnerabilities.
|
|
157
157
|
test_files: []
|