rubygems_check_replacement_vulnerability 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 7fe635a5db61b609ced06c5904270fafbba4f8f6
4
+ data.tar.gz: 0ef2f4bde4ea72bd2b25b2c77ad995d73b4ee01d
5
+ SHA512:
6
+ metadata.gz: 8ec7011237eecfe78a84689a2c67519b6c91fd89b7e1e3c1d890834e01094105001072c7f097951a8b025bd01fbaa02cf45531ee2cc373e90318e56c844ea705
7
+ data.tar.gz: d80da6936291bbc47a9a0a961f4dd0e02a244ee7eb1fa0b73defd4fe4e153ec2856e2d3ec306b2560a9ea024a8e5c7ab281db2d45fdf7734aac05cfde993e63c
data/.coveralls.yml ADDED
@@ -0,0 +1 @@
1
+ repo_token: ECxPXWUiP62rRTgR1Q3DpH6lrJ7UPpixU
data/.gitignore ADDED
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format progress
2
+ --color
3
+ --require spec_helper
data/.travis.yml ADDED
@@ -0,0 +1,25 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.1
4
+ - 2.2
5
+ - 2.3.0
6
+ - ruby-head
7
+ bundler_args: "--jobs=2"
8
+ cache: bundler
9
+ sudo: false
10
+ before_install: gem install bundler -v 1.11.2
11
+ before_script:
12
+ - export CI=true
13
+ - CODECLIMATE_REPO_TOKEN=cc1e362553ab62ebaeda2b14f077705753a92a2b8fb4e5b0a41cc597930ac240
14
+ script:
15
+ - bundle exec rspec
16
+ branches:
17
+ only:
18
+ - master
19
+ notifications:
20
+ email: false
21
+ slack:
22
+ secure: kSjrUG/Zz/QQU8+w+Nw10QHmqoSUSk/UwuCHKtW9bhFxqHBfKCmrDjWMpFSJv8lwl64XLlFAEvKFsCPAc7a1T6llFsPno/rMPcIMOzm06jegozLYcg2cY7kpFz+C5fKAWH1HgThj5+oOcHyA1ZbeWtwJoCeR6oT5zX8noiqPBif4OZlQYCHl61D3e+6ifP1NNvf5TCKj3mAUrTciSf6THAXUi1INupKe/ZwVAesuIwKWlY3mg5wN0KjLE4bOxCbnxM58ysj87dsQLnR+/CJsUh2t0J1BORUoatuMUulsct/Urv5Bj3455PNiEvQrt4rnr4rKaeBX5l1V0SSqnue9zbdRC0Repd7Xn5liRY3vTgX2yK7uFs6tHS4Xrcunn8eZL/Qhij694N2SBp62uRBK4aCmINf2lupZRhyRsFIJznPChhfxsY4kcy26LZ3GOhG0EE1DWwqWfzG+4rY5qKqP+ew1nvnI+xhbIbTrqthvEGbBZRspcHTIi7++104Z0dY8TX4Ca5lI41fQx+egvgYSIFXI9L2UYufANh6qlv4FalX1sK1sGUw5aNb3b4BnbFieqjZIJNXSrZ+cA96igF2OsAYd+RK2dBxJe9C2egOv1Sq0YzWZEsDBVHMv4RJYfoow46Y+hGsmMWFOVOETvnGFzahyNvtt2T88xctUa7uxYgQ=
23
+ matrix:
24
+ allow_failures:
25
+ - rvm: ruby-head
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in rubygems_check_replacement_vulnerability.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2016 sue445
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,136 @@
1
+ # RubygemsCheckReplacementVulnerability
2
+
3
+ Check your gems whether affected by [RubyGems.org gem replacement vulnerability and mitigation](http://blog.rubygems.org/2016/04/06/gem-replacement-vulnerability-and-mitigation.html)
4
+
5
+ [![Build Status](https://travis-ci.org/sue445/rubygems_check_replacement_vulnerability.svg?branch=master)](https://travis-ci.org/sue445/rubygems_check_replacement_vulnerability)
6
+ [![Code Climate](https://codeclimate.com/github/sue445/rubygems_check_replacement_vulnerability/badges/gpa.svg)](https://codeclimate.com/github/sue445/rubygems_check_replacement_vulnerability)
7
+ [![Coverage Status](https://coveralls.io/repos/github/sue445/rubygems_check_replacement_vulnerability/badge.svg?branch=master)](https://coveralls.io/github/sue445/rubygems_check_replacement_vulnerability?branch=master)
8
+ [![Dependency Status](https://gemnasium.com/badges/github.com/sue445/rubygems_check_replacement_vulnerability.svg)](https://gemnasium.com/github.com/sue445/rubygems_check_replacement_vulnerability)
9
+
10
+ ## Requirements
11
+ * Ruby 2.1+
12
+ * git
13
+
14
+ ## Installation
15
+
16
+ ```
17
+ $ gem install rubygems_check_replacement_vulnerability
18
+ ```
19
+
20
+ ## Usage
21
+
22
+ ### 1. Search your vulnerable gems
23
+ Run `rubygems_check_replacement_vulnerability vulnerable_gems` command
24
+
25
+ ```sh
26
+ $ rubygems_check_replacement_vulnerability vulnerable_gems --username=<USERNAME>
27
+ ```
28
+
29
+ Example
30
+
31
+ ```sh
32
+ $ rubygems_check_replacement_vulnerability vulnerable_gems --username=sue445
33
+ sue445's vulnerable gems
34
+ - faker-precure : 0.0.2, 0.0.3
35
+ - fluent-plugin-out_chatwork : 0.0.1, 0.0.2, 0.0.3
36
+ - pebbles-tokyu_ruby_kaigi : 0.0.2
37
+ - rspec-every_item : 0.0.1
38
+ - rspec-parameterized : 0.1.2
39
+ - rspec-temp_dir : 0.0.1, 0.0.2, 0.0.3
40
+ ```
41
+
42
+ Algorithm
43
+
44
+ * Search gem versions that including the conditions of the following
45
+ * name contains a dash (e.g. `blank-blank`)
46
+ * pushed between June 11th, 2014 and April 2nd, 2016
47
+
48
+ ### 2. Verify gem
49
+ Run `rubygems_check_replacement_vulnerability verify_gem` command
50
+
51
+ ```sh
52
+ $ rubygems_check_replacement_vulnerability verify_gem --name=<GEM_NAME> --repo-url=<REPO_URL>
53
+ ```
54
+
55
+ Example
56
+
57
+ ```sh
58
+ $ rubygems_check_replacement_vulnerability verify_gem --name=rspec-temp_dir --repo-url=git@github.com:sue445/rspec-temp_dir.git
59
+ Unpacked gem: '/var/folders/mx/mmp8n_lx48v8_fr294_zjggw0000gn/T/gem-20160414-51500-dtg1p7/rspec-temp_dir-0.0.1'
60
+ [Info] rspec-temp_dir 0.0.1 is safe!
61
+ Unpacked gem: '/var/folders/mx/mmp8n_lx48v8_fr294_zjggw0000gn/T/gem-20160414-51500-1hpgj5i/rspec-temp_dir-0.0.2'
62
+ [Info] rspec-temp_dir 0.0.2 is safe!
63
+ Unpacked gem: '/var/folders/mx/mmp8n_lx48v8_fr294_zjggw0000gn/T/gem-20160414-51500-7aquji/rspec-temp_dir-0.0.3'
64
+ [Info] rspec-temp_dir 0.0.3 is safe!
65
+ ```
66
+
67
+ Algorithm
68
+
69
+ 1. Download specified gem file (e.g. `rspec-temp_dir-0.0.3.gem`) from rubygems.org
70
+ 2. Unpack gem to temporary directory
71
+ * e.g. `gem unpack rspec-temp_dir-0.0.3.gem`
72
+ 3. Clone from remote repository to temporary directory
73
+ * e.g. `git clone git@github.com:sue445/rspec-temp_dir.git`
74
+ 4. Checkout version tag
75
+ * e.g. `git checkout v0.0.3`
76
+ * If version tag is not found, print warning message
77
+ * e.g.`[Warn] Not found tag v0.0.3 in repository`
78
+ 5. Compare all files between unpacked gem files and repository files
79
+
80
+ ## Reference
81
+ Run `help`
82
+
83
+ ### help
84
+ ```sh
85
+ $ rubygems_check_replacement_vulnerability help
86
+ Commands:
87
+ rubygems_check_replacement_vulnerability help [COMMAND] # Describe available commands or one specifi...
88
+ rubygems_check_replacement_vulnerability verify_gem n, --name=NAME u, --repo-url=REPO_URL # Verify whether replacemented gem
89
+ rubygems_check_replacement_vulnerability version # Show version
90
+ rubygems_check_replacement_vulnerability vulnerable_gems u, --username=USERNAME # Show vulnerable gems
91
+ ```
92
+
93
+ ### vulnerable_gems
94
+ ```sh
95
+ $ rubygems_check_replacement_vulnerability help vulnerable_gems
96
+ Usage:
97
+ rubygems_check_replacement_vulnerability vulnerable_gems u, --username=USERNAME
98
+
99
+ Options:
100
+ u, --username=USERNAME # Username of rubygems.org
101
+ f, [--format=FORMAT] # Print format (plain, yaml, json)
102
+ # Default: plain
103
+
104
+ Show vulnerable gems
105
+ ```
106
+
107
+ ### verify_gem
108
+ ```sh
109
+ $ rubygems_check_replacement_vulnerability help verify_gem
110
+ Usage:
111
+ rubygems_check_replacement_vulnerability verify_gem n, --name=NAME u, --repo-url=REPO_URL
112
+
113
+ Options:
114
+ n, --name=NAME # Gem name
115
+ v, [--version=VERSION] # Version to check (default: all vulnerable versions)
116
+ u, --repo-url=REPO_URL # Git repository url (e.g. git@github.com:rails/rails.git)
117
+
118
+ Verify whether replacemented gem
119
+
120
+ ```
121
+
122
+ ## Development
123
+
124
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. Run `bundle exec rubygems_check_replacement_vulnerability` to use the gem in this directory, ignoring other installed copies of this gem.
125
+
126
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
127
+
128
+ ## Contributing
129
+
130
+ Bug reports and pull requests are welcome on GitHub at https://github.com/sue445/rubygems_check_replacement_vulnerability.
131
+
132
+
133
+ ## License
134
+
135
+ The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
136
+
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "rubygems_check_replacement_vulnerability"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,5 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "rubygems_check_replacement_vulnerability/cli"
4
+
5
+ RubygemsCheckReplacementVulnerability::CLI.start
@@ -0,0 +1,8 @@
1
+ require "rubygems_check_replacement_vulnerability/version"
2
+ require "rubygems_check_replacement_vulnerability/shell_methods"
3
+ require "rubygems_check_replacement_vulnerability/rubygems"
4
+ require "rubygems_check_replacement_vulnerability/repository"
5
+
6
+ module RubygemsCheckReplacementVulnerability
7
+ class FailedCommandError < StandardError; end
8
+ end
@@ -0,0 +1,137 @@
1
+ require "rubygems_check_replacement_vulnerability"
2
+ require "thor"
3
+
4
+ module RubygemsCheckReplacementVulnerability
5
+ require "yaml"
6
+ require "json"
7
+
8
+ class CLI < Thor
9
+ include ShellMethods
10
+
11
+ desc "version", "Show version"
12
+ def version
13
+ puts RubygemsCheckReplacementVulnerability::VERSION
14
+ end
15
+
16
+ desc "vulnerable_gems", "Show vulnerable gems"
17
+ option :username, aliases: "u", desc: "Username of rubygems.org", required: true
18
+ option :format, aliases: "f", desc: "Print format (plain, yaml, json)", default: "plain"
19
+ def vulnerable_gems
20
+ gems = Rubygems.owner_gems(options[:username]).select { |gem| gem.include?("-") }.sort
21
+
22
+ vulnerable_gems =
23
+ gems.each_with_object({}) do |gem, result|
24
+ rubygems = Rubygems.new(gem)
25
+ versions = rubygems.vulnerable_versions
26
+ result[gem] = versions unless versions.empty?
27
+ end
28
+
29
+ case options[:format]
30
+ when "plain"
31
+ puts "#{options[:username]}'s vulnerable gems"
32
+
33
+ if vulnerable_gems.empty?
34
+ puts "Nothing!"
35
+ else
36
+ vulnerable_gems.each do |gem, versions|
37
+ puts "- #{gem} : #{versions.join(", ")}"
38
+ end
39
+ end
40
+
41
+ when "yaml"
42
+ puts YAML.dump(vulnerable_gems)
43
+
44
+ when "json"
45
+ puts JSON.dump(vulnerable_gems)
46
+
47
+ else
48
+ raise "Unknown format: #{options[:format]}"
49
+ end
50
+ end
51
+
52
+ desc "verify_gem", "Verify whether replacemented gem"
53
+ option :name, aliases: "n", desc: "Gem name", required: true
54
+ option :version, aliases: "v", desc: "Version to check (default: all vulnerable versions)", required: false
55
+ option :repo_url, aliases: "u", desc: "Git repository url (e.g. git@github.com:rails/rails.git)", required: true
56
+ def verify_gem
57
+ rubygems = Rubygems.new(options[:name])
58
+
59
+ versions =
60
+ if options[:version]
61
+ Array(options[:version])
62
+ else
63
+ rubygems.vulnerable_versions
64
+ end
65
+
66
+ Dir.mktmpdir("repo-") do |work_dir|
67
+ repository = Repository.new(options[:repo_url], work_dir)
68
+ repository.git_clone
69
+
70
+ versions.each do |version|
71
+ git_tag = "v#{version}"
72
+
73
+ unless repository.tags.include?(git_tag)
74
+ puts "[Warn] Not found tag #{git_tag} in repository"
75
+ next
76
+ end
77
+
78
+ repository.checkout(git_tag)
79
+
80
+ safe = verify?(repository: repository, rubygems: rubygems, version: version)
81
+
82
+ if safe
83
+ puts "[Info] #{rubygems.gem_name} #{version} is safe!"
84
+ else
85
+ puts "[Warn] #{rubygems.gem_name} #{version} is contaminated!"
86
+ end
87
+ end
88
+ end
89
+ end
90
+
91
+ no_commands do
92
+ # @param repository [RubygemsCheckReplacementVulnerability::Repository]
93
+ # @param rubygems [RubygemsCheckReplacementVulnerability::Rubygems]
94
+ # @param version [String]
95
+ def verify?(repository:, rubygems:, version:)
96
+ safe = true
97
+
98
+ Dir.mktmpdir("gem-") do |gem_dir|
99
+ gem_path = rubygems.download_gem(version, gem_dir)
100
+ gem_basename = File.basename(gem_path, ".gem")
101
+
102
+ run_command("gem unpack #{gem_path} --target=#{gem_dir} --quiet")
103
+
104
+ Dir.chdir(File.join(gem_dir, gem_basename)) do
105
+ unpacked_file = Pathname.glob("**/**").select(&:file?)
106
+ unpacked_file.each do |unpacked_file|
107
+ repo_file = repository.find_file(unpacked_file)
108
+ result = compare_file?(unpacked_file, repo_file)
109
+ safe = result unless result
110
+ end
111
+ end
112
+ end
113
+
114
+ safe
115
+ end
116
+
117
+ def compare_file?(unpacked_file, repo_file)
118
+ unless repo_file.exist?
119
+ puts "Not found #{unpacked_file} in repository"
120
+ return false
121
+ end
122
+
123
+ unless unpacked_file.size == repo_file.size
124
+ puts "Expect #{unpacked_file} is #{unpacked_file.size} bytes, but actual #{repo_file.size} bytes!"
125
+ return false
126
+ end
127
+
128
+ unless unpacked_file.read == repo_file.read
129
+ puts "#{unpacked_file} is not match between gem file and repository!"
130
+ return false
131
+ end
132
+
133
+ true
134
+ end
135
+ end
136
+ end
137
+ end
@@ -0,0 +1,44 @@
1
+ module RubygemsCheckReplacementVulnerability
2
+ class Repository
3
+ include ShellMethods
4
+
5
+ attr_reader :repo_url, :work_dir
6
+
7
+ def initialize(repo_url, work_dir)
8
+ @repo_url = repo_url
9
+ @work_dir = work_dir
10
+ end
11
+
12
+ def git_clone
13
+ Dir.chdir(@work_dir) do
14
+ run_command("git clone #{@repo_url} . --quiet")
15
+ end
16
+ end
17
+
18
+ def tags
19
+ return @tags if @tags
20
+
21
+ tags = []
22
+
23
+ Dir.chdir(@work_dir) do
24
+ stdout = `git tag`
25
+
26
+ stdout.each_line do |line|
27
+ tags << line.strip
28
+ end
29
+ end
30
+
31
+ @tags = tags
32
+ end
33
+
34
+ def checkout(hash)
35
+ Dir.chdir(@work_dir) do
36
+ run_command("git checkout #{hash} --quiet")
37
+ end
38
+ end
39
+
40
+ def find_file(file)
41
+ Pathname.new(File.join(@work_dir, file))
42
+ end
43
+ end
44
+ end
@@ -0,0 +1,46 @@
1
+ module RubygemsCheckReplacementVulnerability
2
+ require "open-uri"
3
+ require "json"
4
+
5
+ class Rubygems
6
+ VULNERABLE_TERMS = Time.parse("2014-6-11")...Time.parse("2015-02-08")
7
+
8
+ attr_reader :gem_name
9
+
10
+ def initialize(gem_name)
11
+ @gem_name = gem_name
12
+ end
13
+
14
+ def vulnerable_versions
15
+ all_gems = self.class.get("https://rubygems.org/api/v1/versions/#{@gem_name}.json")
16
+ vulnerable_gems = all_gems.select do |gem|
17
+ created_at = Time.parse(gem["created_at"])
18
+ VULNERABLE_TERMS.cover?(created_at)
19
+ end
20
+
21
+ vulnerable_gems.map{ |gem| gem["number"] }.sort_by { |version| Gem::Version.new(version) }
22
+ end
23
+
24
+ def gem_uri(version)
25
+ "https://rubygems.org/gems/#{@gem_name}-#{version}.gem"
26
+ end
27
+
28
+ # @return [String] path to downloaded gem file
29
+ def download_gem(version, dist_dir)
30
+ gem_path = File.join(dist_dir, "#{@gem_name}-#{version}.gem")
31
+ File.open(gem_path, "wb") do |f|
32
+ f.write(open(gem_uri(version)).read)
33
+ end
34
+ gem_path
35
+ end
36
+
37
+ def self.owner_gems(user_id)
38
+ gems = get("https://rubygems.org/api/v1/owners/#{user_id}/gems.json")
39
+ gems.map { |gem| gem["name"] }
40
+ end
41
+
42
+ def self.get(url)
43
+ JSON.parse(open(url).read)
44
+ end
45
+ end
46
+ end
@@ -0,0 +1,10 @@
1
+ module RubygemsCheckReplacementVulnerability
2
+ module ShellMethods
3
+ private
4
+
5
+ def run_command(command)
6
+ ret = system(command)
7
+ raise FailedCommandError, "Failed: #{command}" unless ret
8
+ end
9
+ end
10
+ end
@@ -0,0 +1,3 @@
1
+ module RubygemsCheckReplacementVulnerability
2
+ VERSION = "0.1.0"
3
+ end
@@ -0,0 +1,34 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'rubygems_check_replacement_vulnerability/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "rubygems_check_replacement_vulnerability"
8
+ spec.version = RubygemsCheckReplacementVulnerability::VERSION
9
+ spec.authors = ["sue445"]
10
+ spec.email = ["sue445@sue445.net"]
11
+
12
+ spec.summary = %q{Check your gems whether affected by "RubyGems.org gem replacement vulnerability and mitigation"}
13
+ spec.description = %q{Check your gems whether affected by "RubyGems.org gem replacement vulnerability and mitigation (http://blog.rubygems.org/2016/04/06/gem-replacement-vulnerability-and-mitigation.html)"}
14
+ spec.homepage = "https://github.com/sue445/rubygems_check_replacement_vulnerability"
15
+ spec.license = "MIT"
16
+
17
+ spec.required_ruby_version = ">= 2.1.0"
18
+
19
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
20
+ spec.bindir = "exe"
21
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
22
+ spec.require_paths = ["lib"]
23
+
24
+ spec.add_dependency "thor"
25
+
26
+ spec.add_development_dependency "bundler", "~> 1.11"
27
+ spec.add_development_dependency "coveralls"
28
+ spec.add_development_dependency "codeclimate-test-reporter"
29
+ spec.add_development_dependency "rake", "~> 10.0"
30
+ spec.add_development_dependency "rspec", "~> 3.0"
31
+ spec.add_development_dependency "rspec-its"
32
+ spec.add_development_dependency "rspec-power_assert"
33
+ spec.add_development_dependency "rspec-temp_dir"
34
+ end
metadata ADDED
@@ -0,0 +1,191 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rubygems_check_replacement_vulnerability
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - sue445
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2016-04-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: thor
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.11'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.11'
41
+ - !ruby/object:Gem::Dependency
42
+ name: coveralls
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: codeclimate-test-reporter
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rake
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '10.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '10.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rspec
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '3.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '3.0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rspec-its
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: rspec-power_assert
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
125
+ - !ruby/object:Gem::Dependency
126
+ name: rspec-temp_dir
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - ">="
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ type: :development
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - ">="
137
+ - !ruby/object:Gem::Version
138
+ version: '0'
139
+ description: Check your gems whether affected by "RubyGems.org gem replacement vulnerability
140
+ and mitigation (http://blog.rubygems.org/2016/04/06/gem-replacement-vulnerability-and-mitigation.html)"
141
+ email:
142
+ - sue445@sue445.net
143
+ executables:
144
+ - rubygems_check_replacement_vulnerability
145
+ extensions: []
146
+ extra_rdoc_files: []
147
+ files:
148
+ - ".coveralls.yml"
149
+ - ".gitignore"
150
+ - ".rspec"
151
+ - ".travis.yml"
152
+ - Gemfile
153
+ - LICENSE.txt
154
+ - README.md
155
+ - Rakefile
156
+ - bin/console
157
+ - bin/setup
158
+ - exe/rubygems_check_replacement_vulnerability
159
+ - lib/rubygems_check_replacement_vulnerability.rb
160
+ - lib/rubygems_check_replacement_vulnerability/cli.rb
161
+ - lib/rubygems_check_replacement_vulnerability/repository.rb
162
+ - lib/rubygems_check_replacement_vulnerability/rubygems.rb
163
+ - lib/rubygems_check_replacement_vulnerability/shell_methods.rb
164
+ - lib/rubygems_check_replacement_vulnerability/version.rb
165
+ - rubygems_check_replacement_vulnerability.gemspec
166
+ homepage: https://github.com/sue445/rubygems_check_replacement_vulnerability
167
+ licenses:
168
+ - MIT
169
+ metadata: {}
170
+ post_install_message:
171
+ rdoc_options: []
172
+ require_paths:
173
+ - lib
174
+ required_ruby_version: !ruby/object:Gem::Requirement
175
+ requirements:
176
+ - - ">="
177
+ - !ruby/object:Gem::Version
178
+ version: 2.1.0
179
+ required_rubygems_version: !ruby/object:Gem::Requirement
180
+ requirements:
181
+ - - ">="
182
+ - !ruby/object:Gem::Version
183
+ version: '0'
184
+ requirements: []
185
+ rubyforge_project:
186
+ rubygems_version: 2.5.1
187
+ signing_key:
188
+ specification_version: 4
189
+ summary: Check your gems whether affected by "RubyGems.org gem replacement vulnerability
190
+ and mitigation"
191
+ test_files: []