RubyGems - security_report - Versions diffs - 0.1.1 → 0.1.2 - Mend

security_report 0.1.1 → 0.1.2

Files changed (15) hide show

checksums.yaml +5 -5
data/Gemfile.lock +46 -46
data/{exe → bin}/security_report +0 -0
data/lib/security_report.rb +1 -33
data/lib/security_report/auditor.rb +36 -0
data/lib/security_report/cli.rb +4 -4
data/lib/security_report/grouped_result.rb +1 -1
data/lib/security_report/insecure_source_result.rb +2 -2
data/lib/security_report/plain_reporter.rb +11 -8
data/lib/security_report/problem.rb +1 -1
data/lib/security_report/scanner.rb +1 -1
data/lib/security_report/unpatched_gem_result.rb +3 -2
data/lib/security_report/version.rb +1 -1
data/security_report.gemspec +31 -31
metadata +16 -14

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0415e271e2c6ac392c09173d4b1b4cb5522e1e63
-  data.tar.gz: 9a4cb354f2c6bd5ebe242012e96746aef80b9b93
+SHA256:
+  metadata.gz: e200510386d7cec8e885bc8273b8d2ab6805b8d4f5301b6b2a8323218780bcec
+  data.tar.gz: f9aaf71856a68ca43fa28e59ec4eeeb39d2f72cd4c436bfb0f250c0891273137
 SHA512:
-  metadata.gz: 514d0547fd8c5a66585d4756a5c144af3714a53e371ae3117cdabf2f94e6a01361879cc20071fb167acd3d65b6c48900d91cfa40a5a0818577e6aeb0992d7428
-  data.tar.gz: 607906c9ecdee7423f45a01af18acb429dba01b0ff22229a93ac417510989d14ab982f700ca95713da98b81e474c63249036acfd9a61260bb35d86a662dd7dd6
+  metadata.gz: f23c6d59f2f45f63c4c0d03c4f3bbb234319162726bd9733a46f42a5964ad8986bbaba1e556ced48b3ca2edad663584e18b01338f4a7e661b0c014d625139133
+  data.tar.gz: 995b4308b4d1a4e2f21eb16df7b94d67dce0e53f2760eb1a5e061c7b8d82ec20873ec021516cd3c59842b5a5d33299b55dd335178cfed2fc64cd8b43dd4687c3

data/Gemfile.lock CHANGED Viewed

@@ -1,46 +1,46 @@
-PATH
-  remote: .
-  specs:
-    security_report (0.1.1)
-      bundler-audit (~> 0.6)
-      clap (~> 1.0)
-      terminal-table (~> 1.8)
-GEM
-  remote: https://rubygems.org/
-  specs:
-    bundler-audit (0.6.0)
-      bundler (~> 1.2)
-      thor (~> 0.18)
-    clap (1.0.0)
-    diff-lcs (1.3)
-    rake (12.3.1)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.1)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    terminal-table (1.8.0)
-      unicode-display_width (~> 1.1, >= 1.1.1)
-    thor (0.20.0)
-    unicode-display_width (1.4.0)
-PLATFORMS
-  ruby
-DEPENDENCIES
-  bundler (~> 1.16)
-  rake (~> 12.3)
-  rspec (~> 3.0)
-  security_report!
-BUNDLED WITH
-   1.16.3
+PATH
+  remote: .
+  specs:
+    security_report (0.1.2)
+      bundler-audit (~> 0.8)
+      clap (~> 1.0)
+      terminal-table (~> 3.0)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    bundler-audit (0.8.0)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
+    clap (1.0.0)
+    diff-lcs (1.4.4)
+    rake (13.0.3)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
+    terminal-table (3.0.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    thor (1.1.0)
+    unicode-display_width (1.7.0)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (>= 1.1)
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  security_report!
+BUNDLED WITH
+   2.2.5

data/{exe → bin}/security_report RENAMED Viewed

File without changes

data/lib/security_report.rb CHANGED Viewed

@@ -1,38 +1,6 @@
 require 'security_report/version'
 require 'security_report/database'
-require 'security_report/scanner'
-require 'security_report/grouped_result'
+require 'security_report/auditor'
 module SecurityReport
-  class Auditor
-    def self.audit(directories)
-      auditor = new
-      directories.each do |directory|
-        auditor.check(directory)
-      end
-      auditor
-    end
-    attr_reader :skipped
-    def initialize
-      @results = []
-      @skipped = []
-      @scanner = Scanner.new
-    end
-    def check(directory)
-      @results.concat(@scanner.scan(directory))
-    rescue Errno::ENOENT
-      @skipped.push(directory)
-    end
-    def results
-      @results.group_by(&:identifier).map do |_, results|
-        GroupedResult.new(results)
-      end
-    end
-  end
 end

data/lib/security_report/auditor.rb ADDED Viewed

@@ -0,0 +1,36 @@
+require 'security_report/scanner'
+require 'security_report/grouped_result'
+module SecurityReport
+  class Auditor
+    def self.audit(directories)
+      auditor = self.new
+      directories.each do |directory|
+        auditor.check(directory)
+      end
+      auditor
+    end
+    attr_reader :skipped
+    def initialize
+      @results = []
+      @skipped = []
+      @scanner = Scanner.new
+    end
+    def check(directory)
+      @results.concat(@scanner.scan(directory))
+    rescue Errno::ENOENT, Bundler::GemfileLockNotFound
+      @skipped.push(directory)
+    end
+    def results
+      @results.group_by(&:identifier).map do |_, results|
+        GroupedResult.new(results)
+      end
+    end
+  end
+end

data/lib/security_report/cli.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module SecurityReport
     attr_accessor :format
     def initialize
-      @format = "plain"
+      @format = 'plain'
     end
     def help
@@ -24,10 +24,10 @@ module SecurityReport
     def reporter
       case format
-      when "plain"
+      when 'plain'
         require 'security_report/plain_reporter'
         @reporter = PlainReporter.new
-      when "table"
+      when 'table'
         require 'security_report/table_reporter'
         @reporter = TableReporter.new
       else
@@ -38,7 +38,7 @@ module SecurityReport
     def update
       return if Database.update
-      puts "Failed updating database!"
+      puts 'Failed updating database!'
       exit 1
     end

data/lib/security_report/grouped_result.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module SecurityReport
     def criticality
       criticalities = @results.map(&:criticality).uniq
-      return :high if criticalities.include? :high
+      return :high   if criticalities.include? :high
       return :medium if criticalities.include? :medium
       :low
     end

data/lib/security_report/insecure_source_result.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module SecurityReport
     end
     def solution
-      "Use a secure URI"
+      "Use a secure URI (https)"
     end
     def criticality
@@ -21,7 +21,7 @@ module SecurityReport
     end
     def self.matches?(obj)
-      obj.instance_of? ::Bundler::Audit::Scanner::InsecureSource
+      obj.instance_of? ::Bundler::Audit::Results::InsecureSource
     end
   end
 end

data/lib/security_report/plain_reporter.rb CHANGED Viewed

@@ -5,9 +5,9 @@ module SecurityReport
         high, medium_or_lower = results.partition { |result| result.criticality == :high }
         medium, low_or_unknown = medium_or_lower.partition { |result| result.criticality == :medium }
-        puts format_results(high) if high.any?
-        puts format_results(medium) if medium.any?
-        puts format_results(low_or_unknown) if low_or_unknown.any?
+        [high, medium, low_or_unknown].each do |results|
+          puts format_results(results) if results.any?
+        end
       else
         puts "No vulnerabilities found"
       end
@@ -23,10 +23,13 @@ module SecurityReport
     def format_results(results)
       results.map do |result|
         <<~HELPTEXT
-        # #{result.identifier}"
-        Projects: #{result.targets.join(", ")}"
-        Criticality: #{result.criticality}"
-        Solution: #{result.solution}"
+        # #{result.identifier}
+        Projects:    #{result.targets.join(", ")}
+        Criticality: #{result.criticality}
+        Solution:    #{result.solution}
         Problems:
         #{format_problems(result.problems)}
         HELPTEXT
@@ -35,7 +38,7 @@ module SecurityReport
     def format_problems(problems)
       problems.map do |problem|
-        "* #{problem.summary}"
+        " * #{problem.summary}"
       end.join("\n")
     end
   end

data/lib/security_report/problem.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module SecurityReport
     private
     def truncate(string, max)
-      string.length > max ? "#{string[0...max].strip}..." : string
+      string.length > max ? "#{string[0 ... max - 3].strip}..." : string
     end
   end
 end

data/lib/security_report/scanner.rb CHANGED Viewed

@@ -17,7 +17,7 @@ module SecurityReport
     private
-    # This is a weird workaround, for methods that
+    # This is a weird workaround for methods that
     # require a Gemfile in the current directory
     def with_gemfile
       if File.exist? 'Gemfile'

data/lib/security_report/unpatched_gem_result.rb CHANGED Viewed

@@ -29,7 +29,7 @@ module SecurityReport
     end
     def self.matches?(obj)
-      obj.instance_of? ::Bundler::Audit::Scanner::UnpatchedGem
+      obj.instance_of? ::Bundler::Audit::Results::UnpatchedGem
     end
     private
@@ -38,7 +38,8 @@ module SecurityReport
     def problem_id
       if advisory.cve
-        "CVE-#{advisory.cve}"
+        #"CVE-#{advisory.cve}"
+        "https://cve.circl.lu/cve/CVE-#{advisory.cve}"
       elsif advisory.osvdb
         advisory.osvdb
       end

data/lib/security_report/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module SecurityReport
-  VERSION = "0.1.1".freeze
+  VERSION = "0.1.2".freeze
 end

data/security_report.gemspec CHANGED Viewed

@@ -1,31 +1,31 @@
-lib = File.expand_path("lib", __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "security_report/version"
-Gem::Specification.new do |spec|
-  spec.name          = "security_report"
-  spec.version       = SecurityReport::VERSION
-  spec.authors       = ["Lucas Dohmen"]
-  spec.email         = ["lucas.dohmen@innoq.com"]
-  spec.license       = "Apache-2.0"
-  spec.summary       = "Generate a security report"
-  spec.description   = "Check Ruby projects for dependencies with known security problems"
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files = Dir.chdir(File.expand_path(__dir__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec)/}) }
-  end
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-  spec.add_dependency "bundler-audit", "~> 0.6"
-  spec.add_dependency "clap", "~> 1.0"
-  spec.add_dependency "terminal-table", "~> 1.8"
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 12.3"
-  spec.add_development_dependency "rspec", "~> 3.0"
-end
+lib = File.expand_path("lib", __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "security_report/version"
+Gem::Specification.new do |spec|
+  spec.name          = "security_report"
+  spec.version       = SecurityReport::VERSION
+  spec.authors       = ["Lucas Dohmen", "Willem van Kerkhof"]
+  spec.email         = ["lucas.dohmen@innoq.com", "wvk@innoq.com"]
+  spec.license       = "Apache-2.0"
+  spec.summary       = "Generate a security report"
+  spec.description   = "Check Ruby projects for dependencies with known security problems"
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec)/}) }
+  end
+  spec.bindir        = "bin"
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_dependency "bundler-audit", "~> 0.8"
+  spec.add_dependency "clap", "~> 1.0"
+  spec.add_dependency "terminal-table", "~> 3.0"
+  spec.add_development_dependency "bundler", "~> 1.1"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

metadata CHANGED Viewed

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: security_report
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Lucas Dohmen
+- Willem van Kerkhof
 autorequire:
-bindir: exe
+bindir: bin
 cert_chain: []
-date: 2018-08-16 00:00:00.000000000 Z
+date: 2021-03-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -16,14 +17,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: clap
   requirement: !ruby/object:Gem::Requirement
@@ -44,42 +45,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -97,6 +98,7 @@ dependencies:
 description: Check Ruby projects for dependencies with known security problems
 email:
 - lucas.dohmen@innoq.com
+- wvk@innoq.com
 executables:
 - security_report
 extensions: []
@@ -110,8 +112,9 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- exe/security_report
+- bin/security_report
 - lib/security_report.rb
+- lib/security_report/auditor.rb
 - lib/security_report/cli.rb
 - lib/security_report/database.rb
 - lib/security_report/grouped_result.rb
@@ -142,8 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.14.1
+rubygems_version: 3.2.5
 signing_key:
 specification_version: 4
 summary: Generate a security report