rubygems_check_replacement_vulnerability 0.1.2.beta1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9e69fc9a91d8c22e12e8d3ae19fa92f1d9a3100f
-  data.tar.gz: 9c62504caad58a82581e05b399efdf47aca8e533
+  metadata.gz: 3e17a59e36a06d27175d4ab484f1e84d70550a81
+  data.tar.gz: 0d710e1214d615c6202e8886788d2676f5229d9d
 SHA512:
-  metadata.gz: e92f9d774d3cff533950ad5275277b0d37a2ef24bbd45f6759a32618441d09b0d389422e544796c68d721668194f64541f764a641d1aab5c58f192f1f1933968
-  data.tar.gz: c611725a5a87bf3d35c75ea7972a6c89d6910f1bf461b0a0709ffc1a8589fbdc691a5fda0047c576a51bc5ffeed70ae3c17717d998d6410d4c10a7b9ca0f28a5
+  metadata.gz: 17d47e14109f6efac6834970786b18f89df937a9e9d455274ad3f03463e9bff4862f1e93bd2b21e3087af63e27bed5d085d49b0f9437db2b5fb706813d4364bf
+  data.tar.gz: ed725be1fa836b02dcfcb8605610d5fb1231456c0919d2358ac7d02945e0db109f3e98c7d2928f874d43c9349ab86a56062a526a4667088a14ab8a637da3dd67

data/CHANGELOG.md

@@ -1,11 +1,33 @@
 ## master
 [full changelog](http://github.com/sue445/rubygems_check_replacement_vulnerability/compare/v0.1.1...master)
 
+## v0.2.0
+[full changelog](http://github.com/sue445/rubygems_check_replacement_vulnerability/compare/v0.1.0...v0.1.1)
+
+### Enhancement
+* Support version tag both "with v" and "without v"
+  * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/9
+* Support multiple gems in a repo
+  * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/10
+
+### Refactoring
+* exit with status code 1 when not safe
+  * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/7
+
+### Other
+* Relax bundler version
+  * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/6
+* Tweak description
+  * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/8
+
 ## v0.1.1
 [full changelog](http://github.com/sue445/rubygems_check_replacement_vulnerability/compare/v0.1.0...v0.1.1)
 
+### Bugfix
 * Fix. uninitialized constant RubygemsCheckReplacementVulnerability::CLI::Pathname (NameError)
   * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/2
+
+### Other
 * Shorten description
   * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/3
 

data/lib/rubygems_check_replacement_vulnerability/cli.rb

@@ -54,6 +54,7 @@ module RubygemsCheckReplacementVulnerability
     option :name, aliases: "n", desc: "Gem name", required: true
     option :version, aliases: "v", desc: "Version to check (default: all vulnerable versions)", required: false
     option :repo_url, aliases: "u", desc: "Git repository url (e.g. git@github.com:rails/rails.git)", required: true
+    option :prefix, aliases: "p", desc: "gemspec path prefix in repo (e.g. activerecord/)"
     def verify_gem
       rubygems = Rubygems.new(options[:name])
 
@@ -70,16 +71,16 @@ module RubygemsCheckReplacementVulnerability
         repository.git_clone
 
         versions.each do |version|
-          git_tag = "v#{version}"
+          git_tag = repository.find_version_tag(version)
 
-          unless repository.tags.include?(git_tag)
-            puts "[Warn] Not found tag #{git_tag} in repository"
+          unless git_tag
+            puts "[Warn] Not found version tag #{version} in repository"
             next
           end
 
           repository.checkout(git_tag)
 
-          safe = verify?(repository: repository, rubygems: rubygems, version: version)
+          safe = verify?(repository: repository, rubygems: rubygems, version: version, prefix: options[:prefix])
 
           if safe
             puts "[Info] #{rubygems.gem_name} #{version} is safe!"
@@ -97,7 +98,8 @@ module RubygemsCheckReplacementVulnerability
       # @param repository [RubygemsCheckReplacementVulnerability::Repository]
       # @param rubygems [RubygemsCheckReplacementVulnerability::Rubygems]
       # @param version [String]
-      def verify?(repository:, rubygems:, version:)
+      # @param prefix [String]
+      def verify?(repository:, rubygems:, version:, prefix:)
         safe = true
 
         Dir.mktmpdir("gem-") do |gem_dir|
@@ -109,7 +111,7 @@ module RubygemsCheckReplacementVulnerability
           Dir.chdir(File.join(gem_dir, gem_basename)) do
             unpacked_file = Pathname.glob("**/**").select(&:file?)
             unpacked_file.each do |unpacked_file|
-              repo_file = repository.find_file(unpacked_file)
+              repo_file = repository.find_file(unpacked_file, prefix)
               result = compare_file?(unpacked_file, repo_file)
               safe = result unless result
             end

data/lib/rubygems_check_replacement_vulnerability/repository.rb

@@ -31,14 +31,25 @@ module RubygemsCheckReplacementVulnerability
       @tags = tags
     end
 
+    def find_version_tag(version)
+      tags.find { |tag| tag == version || tag == "v#{version}" }
+    end
+
     def checkout(hash)
       Dir.chdir(@work_dir) do
         run_command("git checkout #{hash} --quiet")
       end
     end
 
-    def find_file(file)
-      Pathname.new(File.join(@work_dir, file))
+    def find_file(file, prefix = nil)
+      array =
+        if prefix
+          [@work_dir, prefix, file]
+        else
+          [@work_dir, file]
+        end
+
+      Pathname.new(File.join(*array))
     end
   end
 end

data/lib/rubygems_check_replacement_vulnerability/version.rb

@@ -1,3 +1,3 @@
 module RubygemsCheckReplacementVulnerability
-  VERSION = "0.1.2.beta1"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems_check_replacement_vulnerability
 version: !ruby/object:Gem::Version
-  version: 0.1.2.beta1
+  version: 0.2.0
 platform: ruby
 authors:
 - sue445
@@ -180,9 +180,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.5.1