security_report 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/Gemfile.lock +46 -46
- data/{exe → bin}/security_report +0 -0
- data/lib/security_report.rb +1 -33
- data/lib/security_report/auditor.rb +36 -0
- data/lib/security_report/cli.rb +4 -4
- data/lib/security_report/grouped_result.rb +1 -1
- data/lib/security_report/insecure_source_result.rb +2 -2
- data/lib/security_report/plain_reporter.rb +11 -8
- data/lib/security_report/problem.rb +1 -1
- data/lib/security_report/scanner.rb +1 -1
- data/lib/security_report/unpatched_gem_result.rb +3 -2
- data/lib/security_report/version.rb +1 -1
- data/security_report.gemspec +31 -31
- metadata +16 -14
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: e200510386d7cec8e885bc8273b8d2ab6805b8d4f5301b6b2a8323218780bcec
|
4
|
+
data.tar.gz: f9aaf71856a68ca43fa28e59ec4eeeb39d2f72cd4c436bfb0f250c0891273137
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f23c6d59f2f45f63c4c0d03c4f3bbb234319162726bd9733a46f42a5964ad8986bbaba1e556ced48b3ca2edad663584e18b01338f4a7e661b0c014d625139133
|
7
|
+
data.tar.gz: 995b4308b4d1a4e2f21eb16df7b94d67dce0e53f2760eb1a5e061c7b8d82ec20873ec021516cd3c59842b5a5d33299b55dd335178cfed2fc64cd8b43dd4687c3
|
data/Gemfile.lock
CHANGED
@@ -1,46 +1,46 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
security_report (0.1.
|
5
|
-
bundler-audit (~> 0.
|
6
|
-
clap (~> 1.0)
|
7
|
-
terminal-table (~>
|
8
|
-
|
9
|
-
GEM
|
10
|
-
remote: https://rubygems.org/
|
11
|
-
specs:
|
12
|
-
bundler-audit (0.
|
13
|
-
bundler (
|
14
|
-
thor (~> 0
|
15
|
-
clap (1.0.0)
|
16
|
-
diff-lcs (1.
|
17
|
-
rake (
|
18
|
-
rspec (3.
|
19
|
-
rspec-core (~> 3.
|
20
|
-
rspec-expectations (~> 3.
|
21
|
-
rspec-mocks (~> 3.
|
22
|
-
rspec-core (3.
|
23
|
-
rspec-support (~> 3.
|
24
|
-
rspec-expectations (3.
|
25
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
26
|
-
rspec-support (~> 3.
|
27
|
-
rspec-mocks (3.
|
28
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
29
|
-
rspec-support (~> 3.
|
30
|
-
rspec-support (3.
|
31
|
-
terminal-table (
|
32
|
-
unicode-display_width (~> 1.1, >= 1.1.1)
|
33
|
-
thor (
|
34
|
-
unicode-display_width (1.
|
35
|
-
|
36
|
-
PLATFORMS
|
37
|
-
ruby
|
38
|
-
|
39
|
-
DEPENDENCIES
|
40
|
-
bundler (
|
41
|
-
rake (~>
|
42
|
-
rspec (~> 3.0)
|
43
|
-
security_report!
|
44
|
-
|
45
|
-
BUNDLED WITH
|
46
|
-
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
security_report (0.1.2)
|
5
|
+
bundler-audit (~> 0.8)
|
6
|
+
clap (~> 1.0)
|
7
|
+
terminal-table (~> 3.0)
|
8
|
+
|
9
|
+
GEM
|
10
|
+
remote: https://rubygems.org/
|
11
|
+
specs:
|
12
|
+
bundler-audit (0.8.0)
|
13
|
+
bundler (>= 1.2.0, < 3)
|
14
|
+
thor (~> 1.0)
|
15
|
+
clap (1.0.0)
|
16
|
+
diff-lcs (1.4.4)
|
17
|
+
rake (13.0.3)
|
18
|
+
rspec (3.10.0)
|
19
|
+
rspec-core (~> 3.10.0)
|
20
|
+
rspec-expectations (~> 3.10.0)
|
21
|
+
rspec-mocks (~> 3.10.0)
|
22
|
+
rspec-core (3.10.1)
|
23
|
+
rspec-support (~> 3.10.0)
|
24
|
+
rspec-expectations (3.10.1)
|
25
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
26
|
+
rspec-support (~> 3.10.0)
|
27
|
+
rspec-mocks (3.10.2)
|
28
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
29
|
+
rspec-support (~> 3.10.0)
|
30
|
+
rspec-support (3.10.2)
|
31
|
+
terminal-table (3.0.0)
|
32
|
+
unicode-display_width (~> 1.1, >= 1.1.1)
|
33
|
+
thor (1.1.0)
|
34
|
+
unicode-display_width (1.7.0)
|
35
|
+
|
36
|
+
PLATFORMS
|
37
|
+
ruby
|
38
|
+
|
39
|
+
DEPENDENCIES
|
40
|
+
bundler (>= 1.1)
|
41
|
+
rake (~> 13.0)
|
42
|
+
rspec (~> 3.0)
|
43
|
+
security_report!
|
44
|
+
|
45
|
+
BUNDLED WITH
|
46
|
+
2.2.5
|
data/{exe → bin}/security_report
RENAMED
File without changes
|
data/lib/security_report.rb
CHANGED
@@ -1,38 +1,6 @@
|
|
1
1
|
require 'security_report/version'
|
2
2
|
require 'security_report/database'
|
3
|
-
require 'security_report/
|
4
|
-
require 'security_report/grouped_result'
|
3
|
+
require 'security_report/auditor'
|
5
4
|
|
6
5
|
module SecurityReport
|
7
|
-
class Auditor
|
8
|
-
def self.audit(directories)
|
9
|
-
auditor = new
|
10
|
-
|
11
|
-
directories.each do |directory|
|
12
|
-
auditor.check(directory)
|
13
|
-
end
|
14
|
-
|
15
|
-
auditor
|
16
|
-
end
|
17
|
-
|
18
|
-
attr_reader :skipped
|
19
|
-
|
20
|
-
def initialize
|
21
|
-
@results = []
|
22
|
-
@skipped = []
|
23
|
-
@scanner = Scanner.new
|
24
|
-
end
|
25
|
-
|
26
|
-
def check(directory)
|
27
|
-
@results.concat(@scanner.scan(directory))
|
28
|
-
rescue Errno::ENOENT
|
29
|
-
@skipped.push(directory)
|
30
|
-
end
|
31
|
-
|
32
|
-
def results
|
33
|
-
@results.group_by(&:identifier).map do |_, results|
|
34
|
-
GroupedResult.new(results)
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
6
|
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
require 'security_report/scanner'
|
2
|
+
require 'security_report/grouped_result'
|
3
|
+
|
4
|
+
module SecurityReport
|
5
|
+
class Auditor
|
6
|
+
def self.audit(directories)
|
7
|
+
auditor = self.new
|
8
|
+
|
9
|
+
directories.each do |directory|
|
10
|
+
auditor.check(directory)
|
11
|
+
end
|
12
|
+
|
13
|
+
auditor
|
14
|
+
end
|
15
|
+
|
16
|
+
attr_reader :skipped
|
17
|
+
|
18
|
+
def initialize
|
19
|
+
@results = []
|
20
|
+
@skipped = []
|
21
|
+
@scanner = Scanner.new
|
22
|
+
end
|
23
|
+
|
24
|
+
def check(directory)
|
25
|
+
@results.concat(@scanner.scan(directory))
|
26
|
+
rescue Errno::ENOENT, Bundler::GemfileLockNotFound
|
27
|
+
@skipped.push(directory)
|
28
|
+
end
|
29
|
+
|
30
|
+
def results
|
31
|
+
@results.group_by(&:identifier).map do |_, results|
|
32
|
+
GroupedResult.new(results)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
data/lib/security_report/cli.rb
CHANGED
@@ -5,7 +5,7 @@ module SecurityReport
|
|
5
5
|
attr_accessor :format
|
6
6
|
|
7
7
|
def initialize
|
8
|
-
@format =
|
8
|
+
@format = 'plain'
|
9
9
|
end
|
10
10
|
|
11
11
|
def help
|
@@ -24,10 +24,10 @@ module SecurityReport
|
|
24
24
|
|
25
25
|
def reporter
|
26
26
|
case format
|
27
|
-
when
|
27
|
+
when 'plain'
|
28
28
|
require 'security_report/plain_reporter'
|
29
29
|
@reporter = PlainReporter.new
|
30
|
-
when
|
30
|
+
when 'table'
|
31
31
|
require 'security_report/table_reporter'
|
32
32
|
@reporter = TableReporter.new
|
33
33
|
else
|
@@ -38,7 +38,7 @@ module SecurityReport
|
|
38
38
|
|
39
39
|
def update
|
40
40
|
return if Database.update
|
41
|
-
puts
|
41
|
+
puts 'Failed updating database!'
|
42
42
|
exit 1
|
43
43
|
end
|
44
44
|
|
@@ -13,7 +13,7 @@ module SecurityReport
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def solution
|
16
|
-
"Use a secure URI"
|
16
|
+
"Use a secure URI (https)"
|
17
17
|
end
|
18
18
|
|
19
19
|
def criticality
|
@@ -21,7 +21,7 @@ module SecurityReport
|
|
21
21
|
end
|
22
22
|
|
23
23
|
def self.matches?(obj)
|
24
|
-
obj.instance_of? ::Bundler::Audit::
|
24
|
+
obj.instance_of? ::Bundler::Audit::Results::InsecureSource
|
25
25
|
end
|
26
26
|
end
|
27
27
|
end
|
@@ -5,9 +5,9 @@ module SecurityReport
|
|
5
5
|
high, medium_or_lower = results.partition { |result| result.criticality == :high }
|
6
6
|
medium, low_or_unknown = medium_or_lower.partition { |result| result.criticality == :medium }
|
7
7
|
|
8
|
-
|
9
|
-
|
10
|
-
|
8
|
+
[high, medium, low_or_unknown].each do |results|
|
9
|
+
puts format_results(results) if results.any?
|
10
|
+
end
|
11
11
|
else
|
12
12
|
puts "No vulnerabilities found"
|
13
13
|
end
|
@@ -23,10 +23,13 @@ module SecurityReport
|
|
23
23
|
def format_results(results)
|
24
24
|
results.map do |result|
|
25
25
|
<<~HELPTEXT
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
26
|
+
|
27
|
+
# #{result.identifier}
|
28
|
+
|
29
|
+
Projects: #{result.targets.join(", ")}
|
30
|
+
Criticality: #{result.criticality}
|
31
|
+
Solution: #{result.solution}
|
32
|
+
|
30
33
|
Problems:
|
31
34
|
#{format_problems(result.problems)}
|
32
35
|
HELPTEXT
|
@@ -35,7 +38,7 @@ module SecurityReport
|
|
35
38
|
|
36
39
|
def format_problems(problems)
|
37
40
|
problems.map do |problem|
|
38
|
-
"* #{problem.summary}"
|
41
|
+
" * #{problem.summary}"
|
39
42
|
end.join("\n")
|
40
43
|
end
|
41
44
|
end
|
@@ -29,7 +29,7 @@ module SecurityReport
|
|
29
29
|
end
|
30
30
|
|
31
31
|
def self.matches?(obj)
|
32
|
-
obj.instance_of? ::Bundler::Audit::
|
32
|
+
obj.instance_of? ::Bundler::Audit::Results::UnpatchedGem
|
33
33
|
end
|
34
34
|
|
35
35
|
private
|
@@ -38,7 +38,8 @@ module SecurityReport
|
|
38
38
|
|
39
39
|
def problem_id
|
40
40
|
if advisory.cve
|
41
|
-
"CVE-#{advisory.cve}"
|
41
|
+
#"CVE-#{advisory.cve}"
|
42
|
+
"https://cve.circl.lu/cve/CVE-#{advisory.cve}"
|
42
43
|
elsif advisory.osvdb
|
43
44
|
advisory.osvdb
|
44
45
|
end
|
data/security_report.gemspec
CHANGED
@@ -1,31 +1,31 @@
|
|
1
|
-
lib = File.expand_path("lib", __dir__)
|
2
|
-
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
-
require "security_report/version"
|
4
|
-
|
5
|
-
Gem::Specification.new do |spec|
|
6
|
-
spec.name = "security_report"
|
7
|
-
spec.version = SecurityReport::VERSION
|
8
|
-
spec.authors = ["Lucas Dohmen"]
|
9
|
-
spec.email = ["lucas.dohmen@innoq.com"]
|
10
|
-
spec.license = "Apache-2.0"
|
11
|
-
|
12
|
-
spec.summary = "Generate a security report"
|
13
|
-
spec.description = "Check Ruby projects for dependencies with known security problems"
|
14
|
-
|
15
|
-
# Specify which files should be added to the gem when it is released.
|
16
|
-
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
17
|
-
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
18
|
-
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec)/}) }
|
19
|
-
end
|
20
|
-
spec.bindir = "
|
21
|
-
spec.executables = spec.files.grep(%r{^
|
22
|
-
spec.require_paths = ["lib"]
|
23
|
-
|
24
|
-
spec.add_dependency "bundler-audit", "~> 0.
|
25
|
-
spec.add_dependency "clap", "~> 1.0"
|
26
|
-
spec.add_dependency "terminal-table", "~>
|
27
|
-
|
28
|
-
spec.add_development_dependency "bundler", "~> 1.
|
29
|
-
spec.add_development_dependency "rake", "~>
|
30
|
-
spec.add_development_dependency "rspec", "~> 3.0"
|
31
|
-
end
|
1
|
+
lib = File.expand_path("lib", __dir__)
|
2
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
+
require "security_report/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |spec|
|
6
|
+
spec.name = "security_report"
|
7
|
+
spec.version = SecurityReport::VERSION
|
8
|
+
spec.authors = ["Lucas Dohmen", "Willem van Kerkhof"]
|
9
|
+
spec.email = ["lucas.dohmen@innoq.com", "wvk@innoq.com"]
|
10
|
+
spec.license = "Apache-2.0"
|
11
|
+
|
12
|
+
spec.summary = "Generate a security report"
|
13
|
+
spec.description = "Check Ruby projects for dependencies with known security problems"
|
14
|
+
|
15
|
+
# Specify which files should be added to the gem when it is released.
|
16
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
17
|
+
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
18
|
+
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec)/}) }
|
19
|
+
end
|
20
|
+
spec.bindir = "bin"
|
21
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
22
|
+
spec.require_paths = ["lib"]
|
23
|
+
|
24
|
+
spec.add_dependency "bundler-audit", "~> 0.8"
|
25
|
+
spec.add_dependency "clap", "~> 1.0"
|
26
|
+
spec.add_dependency "terminal-table", "~> 3.0"
|
27
|
+
|
28
|
+
spec.add_development_dependency "bundler", "~> 1.1"
|
29
|
+
spec.add_development_dependency "rake", "~> 13.0"
|
30
|
+
spec.add_development_dependency "rspec", "~> 3.0"
|
31
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: security_report
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Lucas Dohmen
|
8
|
+
- Willem van Kerkhof
|
8
9
|
autorequire:
|
9
|
-
bindir:
|
10
|
+
bindir: bin
|
10
11
|
cert_chain: []
|
11
|
-
date:
|
12
|
+
date: 2021-03-15 00:00:00.000000000 Z
|
12
13
|
dependencies:
|
13
14
|
- !ruby/object:Gem::Dependency
|
14
15
|
name: bundler-audit
|
@@ -16,14 +17,14 @@ dependencies:
|
|
16
17
|
requirements:
|
17
18
|
- - "~>"
|
18
19
|
- !ruby/object:Gem::Version
|
19
|
-
version: '0.
|
20
|
+
version: '0.8'
|
20
21
|
type: :runtime
|
21
22
|
prerelease: false
|
22
23
|
version_requirements: !ruby/object:Gem::Requirement
|
23
24
|
requirements:
|
24
25
|
- - "~>"
|
25
26
|
- !ruby/object:Gem::Version
|
26
|
-
version: '0.
|
27
|
+
version: '0.8'
|
27
28
|
- !ruby/object:Gem::Dependency
|
28
29
|
name: clap
|
29
30
|
requirement: !ruby/object:Gem::Requirement
|
@@ -44,42 +45,42 @@ dependencies:
|
|
44
45
|
requirements:
|
45
46
|
- - "~>"
|
46
47
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
48
|
+
version: '3.0'
|
48
49
|
type: :runtime
|
49
50
|
prerelease: false
|
50
51
|
version_requirements: !ruby/object:Gem::Requirement
|
51
52
|
requirements:
|
52
53
|
- - "~>"
|
53
54
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
55
|
+
version: '3.0'
|
55
56
|
- !ruby/object:Gem::Dependency
|
56
57
|
name: bundler
|
57
58
|
requirement: !ruby/object:Gem::Requirement
|
58
59
|
requirements:
|
59
60
|
- - "~>"
|
60
61
|
- !ruby/object:Gem::Version
|
61
|
-
version: '1.
|
62
|
+
version: '1.1'
|
62
63
|
type: :development
|
63
64
|
prerelease: false
|
64
65
|
version_requirements: !ruby/object:Gem::Requirement
|
65
66
|
requirements:
|
66
67
|
- - "~>"
|
67
68
|
- !ruby/object:Gem::Version
|
68
|
-
version: '1.
|
69
|
+
version: '1.1'
|
69
70
|
- !ruby/object:Gem::Dependency
|
70
71
|
name: rake
|
71
72
|
requirement: !ruby/object:Gem::Requirement
|
72
73
|
requirements:
|
73
74
|
- - "~>"
|
74
75
|
- !ruby/object:Gem::Version
|
75
|
-
version: '
|
76
|
+
version: '13.0'
|
76
77
|
type: :development
|
77
78
|
prerelease: false
|
78
79
|
version_requirements: !ruby/object:Gem::Requirement
|
79
80
|
requirements:
|
80
81
|
- - "~>"
|
81
82
|
- !ruby/object:Gem::Version
|
82
|
-
version: '
|
83
|
+
version: '13.0'
|
83
84
|
- !ruby/object:Gem::Dependency
|
84
85
|
name: rspec
|
85
86
|
requirement: !ruby/object:Gem::Requirement
|
@@ -97,6 +98,7 @@ dependencies:
|
|
97
98
|
description: Check Ruby projects for dependencies with known security problems
|
98
99
|
email:
|
99
100
|
- lucas.dohmen@innoq.com
|
101
|
+
- wvk@innoq.com
|
100
102
|
executables:
|
101
103
|
- security_report
|
102
104
|
extensions: []
|
@@ -110,8 +112,9 @@ files:
|
|
110
112
|
- LICENSE
|
111
113
|
- README.md
|
112
114
|
- Rakefile
|
113
|
-
-
|
115
|
+
- bin/security_report
|
114
116
|
- lib/security_report.rb
|
117
|
+
- lib/security_report/auditor.rb
|
115
118
|
- lib/security_report/cli.rb
|
116
119
|
- lib/security_report/database.rb
|
117
120
|
- lib/security_report/grouped_result.rb
|
@@ -142,8 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
142
145
|
- !ruby/object:Gem::Version
|
143
146
|
version: '0'
|
144
147
|
requirements: []
|
145
|
-
|
146
|
-
rubygems_version: 2.6.14.1
|
148
|
+
rubygems_version: 3.2.5
|
147
149
|
signing_key:
|
148
150
|
specification_version: 4
|
149
151
|
summary: Generate a security report
|