RubyGems - security_report - Versions diffs - 0.1.1 → 0.1.2 - Mend

security_report 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +5 -5
data/Gemfile.lock +46 -46
data/{exe → bin}/security_report +0 -0
data/lib/security_report.rb +1 -33
data/lib/security_report/auditor.rb +36 -0
data/lib/security_report/cli.rb +4 -4
data/lib/security_report/grouped_result.rb +1 -1
data/lib/security_report/insecure_source_result.rb +2 -2
data/lib/security_report/plain_reporter.rb +11 -8
data/lib/security_report/problem.rb +1 -1
data/lib/security_report/scanner.rb +1 -1
data/lib/security_report/unpatched_gem_result.rb +3 -2
data/lib/security_report/version.rb +1 -1
data/security_report.gemspec +31 -31
metadata +16 -14

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0415e271e2c6ac392c09173d4b1b4cb5522e1e63
-  data.tar.gz: 9a4cb354f2c6bd5ebe242012e96746aef80b9b93
+SHA256:
+  metadata.gz: e200510386d7cec8e885bc8273b8d2ab6805b8d4f5301b6b2a8323218780bcec
+  data.tar.gz: f9aaf71856a68ca43fa28e59ec4eeeb39d2f72cd4c436bfb0f250c0891273137
 SHA512:
-  metadata.gz: 514d0547fd8c5a66585d4756a5c144af3714a53e371ae3117cdabf2f94e6a01361879cc20071fb167acd3d65b6c48900d91cfa40a5a0818577e6aeb0992d7428
-  data.tar.gz: 607906c9ecdee7423f45a01af18acb429dba01b0ff22229a93ac417510989d14ab982f700ca95713da98b81e474c63249036acfd9a61260bb35d86a662dd7dd6
+  metadata.gz: f23c6d59f2f45f63c4c0d03c4f3bbb234319162726bd9733a46f42a5964ad8986bbaba1e556ced48b3ca2edad663584e18b01338f4a7e661b0c014d625139133
+  data.tar.gz: 995b4308b4d1a4e2f21eb16df7b94d67dce0e53f2760eb1a5e061c7b8d82ec20873ec021516cd3c59842b5a5d33299b55dd335178cfed2fc64cd8b43dd4687c3

data/Gemfile.lock CHANGED Viewed

@@ -1,46 +1,46 @@
-PATH
-  remote: .
-  specs:
-    security_report (0.1.1)
-      bundler-audit (~> 0.6)
-      clap (~> 1.0)
-      terminal-table (~> 1.8)
-GEM
-  remote: https://rubygems.org/
-  specs:
-    bundler-audit (0.6.0)
-      bundler (~> 1.2)
-      thor (~> 0.18)
-    clap (1.0.0)
-    diff-lcs (1.3)
-    rake (12.3.1)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.1)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    terminal-table (1.8.0)
-      unicode-display_width (~> 1.1, >= 1.1.1)
-    thor (0.20.0)
-    unicode-display_width (1.4.0)
-PLATFORMS
-  ruby
-DEPENDENCIES
-  bundler (~> 1.16)
-  rake (~> 12.3)
-  rspec (~> 3.0)
-  security_report!
-BUNDLED WITH
-   1.16.3
+PATH
+  remote: .
+  specs:
+    security_report (0.1.2)
+      bundler-audit (~> 0.8)
+      clap (~> 1.0)
+      terminal-table (~> 3.0)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    bundler-audit (0.8.0)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
+    clap (1.0.0)
+    diff-lcs (1.4.4)
+    rake (13.0.3)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
+    terminal-table (3.0.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    thor (1.1.0)
+    unicode-display_width (1.7.0)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (>= 1.1)
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  security_report!
+BUNDLED WITH
+   2.2.5

data/{exe → bin}/security_report RENAMED Viewed

File without changes

data/lib/security_report.rb CHANGED Viewed

@@ -1,38 +1,6 @@
 require 'security_report/version'
 require 'security_report/database'
-require 'security_report/scanner'
-require 'security_report/grouped_result'
+require 'security_report/auditor'
 module SecurityReport
-  class Auditor
-    def self.audit(directories)
-      auditor = new
-      directories.each do |directory|
-        auditor.check(directory)
-      end
-      auditor
-    end
-    attr_reader :skipped
-    def initialize
-      @results = []
-      @skipped = []
-      @scanner = Scanner.new
-    end
-    def check(directory)
-      @results.concat(@scanner.scan(directory))
-    rescue Errno::ENOENT
-      @skipped.push(directory)
-    end
-    def results
-      @results.group_by(&:identifier).map do |_, results|
-        GroupedResult.new(results)
-      end
-    end
-  end
 end

data/lib/security_report/auditor.rb ADDED Viewed

@@ -0,0 +1,36 @@
+require 'security_report/scanner'
+require 'security_report/grouped_result'
+module SecurityReport
+  class Auditor
+    def self.audit(directories)
+      auditor = self.new
+      directories.each do |directory|
+        auditor.check(directory)
+      end
+      auditor
+    end
+    attr_reader :skipped
+    def initialize
+      @results = []
+      @skipped = []
+      @scanner = Scanner.new
+    end
+    def check(directory)
+      @results.concat(@scanner.scan(directory))
+    rescue Errno::ENOENT, Bundler::GemfileLockNotFound
+      @skipped.push(directory)
+    end
+    def results
+      @results.group_by(&:identifier).map do |_, results|
+        GroupedResult.new(results)
+      end
+    end
+  end
+end

data/lib/security_report/cli.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module SecurityReport
     attr_accessor :format
     def initialize
-      @format = "plain"
+      @format = 'plain'
     end
     def help
@@ -24,10 +24,10 @@ module SecurityReport
     def reporter
       case format
-      when "plain"
+      when 'plain'
         require 'security_report/plain_reporter'
         @reporter = PlainReporter.new
-      when "table"
+      when 'table'
         require 'security_report/table_reporter'
         @reporter = TableReporter.new
       else
@@ -38,7 +38,7 @@ module SecurityReport
     def update
       return if Database.update
-      puts "Failed updating database!"
+      puts 'Failed updating database!'
       exit 1
     end

data/lib/security_report/grouped_result.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module SecurityReport
     def criticality
       criticalities = @results.map(&:criticality).uniq
-      return :high if criticalities.include? :high
+      return :high   if criticalities.include? :high
       return :medium if criticalities.include? :medium
       :low
     end

data/lib/security_report/insecure_source_result.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module SecurityReport
     end
     def solution
-      "Use a secure URI"
+      "Use a secure URI (https)"
     end
     def criticality
@@ -21,7 +21,7 @@ module SecurityReport
     end
     def self.matches?(obj)
-      obj.instance_of? ::Bundler::Audit::Scanner::InsecureSource
+      obj.instance_of? ::Bundler::Audit::Results::InsecureSource
     end
   end
 end

data/lib/security_report/plain_reporter.rb CHANGED Viewed

@@ -5,9 +5,9 @@ module SecurityReport
         high, medium_or_lower = results.partition { |result| result.criticality == :high }
         medium, low_or_unknown = medium_or_lower.partition { |result| result.criticality == :medium }
-        puts format_results(high) if high.any?
-        puts format_results(medium) if medium.any?
-        puts format_results(low_or_unknown) if low_or_unknown.any?
+        [high, medium, low_or_unknown].each do |results|
+          puts format_results(results) if results.any?
+        end
       else
         puts "No vulnerabilities found"
       end
@@ -23,10 +23,13 @@ module SecurityReport
     def format_results(results)
       results.map do |result|
         <<~HELPTEXT
-        # #{result.identifier}"
-        Projects: #{result.targets.join(", ")}"
-        Criticality: #{result.criticality}"
-        Solution: #{result.solution}"
+        # #{result.identifier}
+        Projects:    #{result.targets.join(", ")}
+        Criticality: #{result.criticality}
+        Solution:    #{result.solution}
         Problems:
         #{format_problems(result.problems)}
         HELPTEXT
@@ -35,7 +38,7 @@ module SecurityReport
     def format_problems(problems)
       problems.map do |problem|
-        "* #{problem.summary}"
+        " * #{problem.summary}"
       end.join("\n")
     end
   end

data/lib/security_report/problem.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module SecurityReport
     private
     def truncate(string, max)
-      string.length > max ? "#{string[0...max].strip}..." : string
+      string.length > max ? "#{string[0 ... max - 3].strip}..." : string
     end
   end
 end

data/lib/security_report/scanner.rb CHANGED Viewed

@@ -17,7 +17,7 @@ module SecurityReport
     private
-    # This is a weird workaround, for methods that
+    # This is a weird workaround for methods that
     # require a Gemfile in the current directory
     def with_gemfile
       if File.exist? 'Gemfile'

data/lib/security_report/unpatched_gem_result.rb CHANGED Viewed

@@ -29,7 +29,7 @@ module SecurityReport
     end
     def self.matches?(obj)
-      obj.instance_of? ::Bundler::Audit::Scanner::UnpatchedGem
+      obj.instance_of? ::Bundler::Audit::Results::UnpatchedGem
     end
     private
@@ -38,7 +38,8 @@ module SecurityReport
     def problem_id
       if advisory.cve
-        "CVE-#{advisory.cve}"
+        #"CVE-#{advisory.cve}"
+        "https://cve.circl.lu/cve/CVE-#{advisory.cve}"
       elsif advisory.osvdb
         advisory.osvdb
       end

data/lib/security_report/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module SecurityReport
-  VERSION = "0.1.1".freeze
+  VERSION = "0.1.2".freeze
 end

data/security_report.gemspec CHANGED Viewed

@@ -1,31 +1,31 @@
-lib = File.expand_path("lib", __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "security_report/version"
-Gem::Specification.new do |spec|
-  spec.name          = "security_report"
-  spec.version       = SecurityReport::VERSION
-  spec.authors       = ["Lucas Dohmen"]
-  spec.email         = ["lucas.dohmen@innoq.com"]
-  spec.license       = "Apache-2.0"
-  spec.summary       = "Generate a security report"
-  spec.description   = "Check Ruby projects for dependencies with known security problems"
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files = Dir.chdir(File.expand_path(__dir__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec)/}) }
-  end
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-  spec.add_dependency "bundler-audit", "~> 0.6"
-  spec.add_dependency "clap", "~> 1.0"
-  spec.add_dependency "terminal-table", "~> 1.8"
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 12.3"
-  spec.add_development_dependency "rspec", "~> 3.0"
-end
+lib = File.expand_path("lib", __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "security_report/version"
+Gem::Specification.new do |spec|
+  spec.name          = "security_report"
+  spec.version       = SecurityReport::VERSION
+  spec.authors       = ["Lucas Dohmen", "Willem van Kerkhof"]
+  spec.email         = ["lucas.dohmen@innoq.com", "wvk@innoq.com"]
+  spec.license       = "Apache-2.0"
+  spec.summary       = "Generate a security report"
+  spec.description   = "Check Ruby projects for dependencies with known security problems"
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec)/}) }
+  end
+  spec.bindir        = "bin"
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_dependency "bundler-audit", "~> 0.8"
+  spec.add_dependency "clap", "~> 1.0"
+  spec.add_dependency "terminal-table", "~> 3.0"
+  spec.add_development_dependency "bundler", "~> 1.1"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

metadata CHANGED Viewed

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: security_report
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Lucas Dohmen
+- Willem van Kerkhof
 autorequire:
-bindir: exe
+bindir: bin
 cert_chain: []
-date: 2018-08-16 00:00:00.000000000 Z
+date: 2021-03-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -16,14 +17,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: clap
   requirement: !ruby/object:Gem::Requirement
@@ -44,42 +45,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -97,6 +98,7 @@ dependencies:
 description: Check Ruby projects for dependencies with known security problems
 email:
 - lucas.dohmen@innoq.com
+- wvk@innoq.com
 executables:
 - security_report
 extensions: []
@@ -110,8 +112,9 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- exe/security_report
+- bin/security_report
 - lib/security_report.rb
+- lib/security_report/auditor.rb
 - lib/security_report/cli.rb
 - lib/security_report/database.rb
 - lib/security_report/grouped_result.rb
@@ -142,8 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.14.1
+rubygems_version: 3.2.5
 signing_key:
 specification_version: 4
 summary: Generate a security report