rubygems_check_replacement_vulnerability 0.1.2.beta1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9e69fc9a91d8c22e12e8d3ae19fa92f1d9a3100f
4
- data.tar.gz: 9c62504caad58a82581e05b399efdf47aca8e533
3
+ metadata.gz: 3e17a59e36a06d27175d4ab484f1e84d70550a81
4
+ data.tar.gz: 0d710e1214d615c6202e8886788d2676f5229d9d
5
5
  SHA512:
6
- metadata.gz: e92f9d774d3cff533950ad5275277b0d37a2ef24bbd45f6759a32618441d09b0d389422e544796c68d721668194f64541f764a641d1aab5c58f192f1f1933968
7
- data.tar.gz: c611725a5a87bf3d35c75ea7972a6c89d6910f1bf461b0a0709ffc1a8589fbdc691a5fda0047c576a51bc5ffeed70ae3c17717d998d6410d4c10a7b9ca0f28a5
6
+ metadata.gz: 17d47e14109f6efac6834970786b18f89df937a9e9d455274ad3f03463e9bff4862f1e93bd2b21e3087af63e27bed5d085d49b0f9437db2b5fb706813d4364bf
7
+ data.tar.gz: ed725be1fa836b02dcfcb8605610d5fb1231456c0919d2358ac7d02945e0db109f3e98c7d2928f874d43c9349ab86a56062a526a4667088a14ab8a637da3dd67
@@ -1,11 +1,33 @@
1
1
  ## master
2
2
  [full changelog](http://github.com/sue445/rubygems_check_replacement_vulnerability/compare/v0.1.1...master)
3
3
 
4
+ ## v0.2.0
5
+ [full changelog](http://github.com/sue445/rubygems_check_replacement_vulnerability/compare/v0.1.0...v0.1.1)
6
+
7
+ ### Enhancement
8
+ * Support version tag both "with v" and "without v"
9
+ * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/9
10
+ * Support multiple gems in a repo
11
+ * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/10
12
+
13
+ ### Refactoring
14
+ * exit with status code 1 when not safe
15
+ * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/7
16
+
17
+ ### Other
18
+ * Relax bundler version
19
+ * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/6
20
+ * Tweak description
21
+ * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/8
22
+
4
23
  ## v0.1.1
5
24
  [full changelog](http://github.com/sue445/rubygems_check_replacement_vulnerability/compare/v0.1.0...v0.1.1)
6
25
 
26
+ ### Bugfix
7
27
  * Fix. uninitialized constant RubygemsCheckReplacementVulnerability::CLI::Pathname (NameError)
8
28
  * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/2
29
+
30
+ ### Other
9
31
  * Shorten description
10
32
  * https://github.com/sue445/rubygems_check_replacement_vulnerability/pull/3
11
33
 
@@ -54,6 +54,7 @@ module RubygemsCheckReplacementVulnerability
54
54
  option :name, aliases: "n", desc: "Gem name", required: true
55
55
  option :version, aliases: "v", desc: "Version to check (default: all vulnerable versions)", required: false
56
56
  option :repo_url, aliases: "u", desc: "Git repository url (e.g. git@github.com:rails/rails.git)", required: true
57
+ option :prefix, aliases: "p", desc: "gemspec path prefix in repo (e.g. activerecord/)"
57
58
  def verify_gem
58
59
  rubygems = Rubygems.new(options[:name])
59
60
 
@@ -70,16 +71,16 @@ module RubygemsCheckReplacementVulnerability
70
71
  repository.git_clone
71
72
 
72
73
  versions.each do |version|
73
- git_tag = "v#{version}"
74
+ git_tag = repository.find_version_tag(version)
74
75
 
75
- unless repository.tags.include?(git_tag)
76
- puts "[Warn] Not found tag #{git_tag} in repository"
76
+ unless git_tag
77
+ puts "[Warn] Not found version tag #{version} in repository"
77
78
  next
78
79
  end
79
80
 
80
81
  repository.checkout(git_tag)
81
82
 
82
- safe = verify?(repository: repository, rubygems: rubygems, version: version)
83
+ safe = verify?(repository: repository, rubygems: rubygems, version: version, prefix: options[:prefix])
83
84
 
84
85
  if safe
85
86
  puts "[Info] #{rubygems.gem_name} #{version} is safe!"
@@ -97,7 +98,8 @@ module RubygemsCheckReplacementVulnerability
97
98
  # @param repository [RubygemsCheckReplacementVulnerability::Repository]
98
99
  # @param rubygems [RubygemsCheckReplacementVulnerability::Rubygems]
99
100
  # @param version [String]
100
- def verify?(repository:, rubygems:, version:)
101
+ # @param prefix [String]
102
+ def verify?(repository:, rubygems:, version:, prefix:)
101
103
  safe = true
102
104
 
103
105
  Dir.mktmpdir("gem-") do |gem_dir|
@@ -109,7 +111,7 @@ module RubygemsCheckReplacementVulnerability
109
111
  Dir.chdir(File.join(gem_dir, gem_basename)) do
110
112
  unpacked_file = Pathname.glob("**/**").select(&:file?)
111
113
  unpacked_file.each do |unpacked_file|
112
- repo_file = repository.find_file(unpacked_file)
114
+ repo_file = repository.find_file(unpacked_file, prefix)
113
115
  result = compare_file?(unpacked_file, repo_file)
114
116
  safe = result unless result
115
117
  end
@@ -31,14 +31,25 @@ module RubygemsCheckReplacementVulnerability
31
31
  @tags = tags
32
32
  end
33
33
 
34
+ def find_version_tag(version)
35
+ tags.find { |tag| tag == version || tag == "v#{version}" }
36
+ end
37
+
34
38
  def checkout(hash)
35
39
  Dir.chdir(@work_dir) do
36
40
  run_command("git checkout #{hash} --quiet")
37
41
  end
38
42
  end
39
43
 
40
- def find_file(file)
41
- Pathname.new(File.join(@work_dir, file))
44
+ def find_file(file, prefix = nil)
45
+ array =
46
+ if prefix
47
+ [@work_dir, prefix, file]
48
+ else
49
+ [@work_dir, file]
50
+ end
51
+
52
+ Pathname.new(File.join(*array))
42
53
  end
43
54
  end
44
55
  end
@@ -1,3 +1,3 @@
1
1
  module RubygemsCheckReplacementVulnerability
2
- VERSION = "0.1.2.beta1"
2
+ VERSION = "0.2.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rubygems_check_replacement_vulnerability
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2.beta1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - sue445
@@ -180,9 +180,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
180
180
  version: 2.1.0
181
181
  required_rubygems_version: !ruby/object:Gem::Requirement
182
182
  requirements:
183
- - - ">"
183
+ - - ">="
184
184
  - !ruby/object:Gem::Version
185
- version: 1.3.1
185
+ version: '0'
186
186
  requirements: []
187
187
  rubyforge_project:
188
188
  rubygems_version: 2.5.1