sensu-plugins-ruby 0.1.0 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ec7224c32897f3dfb83b505d4a09f43f38b58466a98f9c7cdb23a15ff08cac6e
4
- data.tar.gz: 4eab94904ad8480dc8ec9d697ca5ba9a11bb1b63459c710bb0afff4fd2e5487d
3
+ metadata.gz: 0e1dabd0ee31dae574909c84992edf973c0c96cc6c70436304f426bd6899f4c3
4
+ data.tar.gz: 27bd9e4c080eaa235c3a0d144c88807a2d3dd4596fa6a919c2ae00878160f3f5
5
5
  SHA512:
6
- metadata.gz: 53de6f426203ae0a80ab8fcb31a47d32054adb409bda280cf497d50e69d83f23b4a3a14acdb9d4124ef976ece01a967a8ac2cc89f1767767b1aa7226814a7717
7
- data.tar.gz: 7ce5be6cbe45f37d34f8aa5ce0394d6e9733da9f05b94d471d307d7562835dd6d91082380b586f448c198d710c8902a35cc312d4111cd9990d5ab3d6ba710719
6
+ metadata.gz: 32f2809055e23cf00903ac8cdf05decabe7c236e6ce191fe4aea0c9b55efcf61b39f90273251534ee7dc6b0875d471f5462ea33201292845b5a8d719df230d69
7
+ data.tar.gz: d47888ef3bb11399b514211b3e50d14e34862bbd4492367541750897a33c79a9f9ac78f8469f282e83302011b216dc304afffddb35c30e3c7ceb2e4c3abe982b
@@ -1,5 +1,21 @@
1
- LineLength:
2
- Max: 160
1
+ require:
2
+ - rubocop-performance
3
3
 
4
- AbcSize:
4
+ AllCops:
5
+ TargetRubyVersion: 2.4
6
+
7
+ Naming/FileName:
8
+ Exclude:
9
+ - 'lib/sensu-plugins-ruby.rb'
10
+
11
+ Metrics/LineLength:
12
+ Max: 120
13
+
14
+ Metrics/MethodLength:
5
15
  Max: 20
16
+
17
+ Metrics/AbcSize:
18
+ Max: 20
19
+
20
+ Style/FrozenStringLiteralComment:
21
+ Enabled: false
@@ -35,7 +35,8 @@ deploy:
35
35
  repo: SICSoftwareGmbH/sensu-plugins-ruby
36
36
 
37
37
  - provider: script
38
- script: bonsai/ruby-runtime/travis-build-ruby-plugin-assets.sh sensu-plugins-ruby
38
+ script:
39
+ - ./deploy.sh
39
40
  skip_cleanup: true
40
41
  on:
41
42
  tags: true
@@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## [0.1.3] - 2019-07-30
10
+ ### Fixed
11
+ - error output if updating the advisory-db failed
12
+
13
+ ## [0.1.2] - 2019-07-27
14
+
15
+ ## [0.1.1] - 2019-07-26
16
+
9
17
  ## [0.1.0] - 2019-07-26
10
18
  ### Added
11
19
  - check if ruby version is current
data/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
  [![Sensu Bonsai Asset](https://img.shields.io/badge/Bonsai-Download%20Me-brightgreen.svg?colorB=89C967&logo=sensu)](https://bonsai.sensu.io/assets/SICSoftwareGmbH/sensu-plugins-ruby)
6
6
 
7
7
  ## Sensu Asset
8
- The Sensu assets packaged from this repository are built against the Sensu ruby runtime environment. When using these assets as part of a Sensu Go resource (check, mutator or handler), make sure you include the corresponding Sensu ruby runtime asset in the list of assets needed by the resource. The current ruby-runtime assets can be found [here](https://bonsai.sensu.io/assets/sensu/sensu-ruby-runtime) in the [Bonsai Asset Index](bonsai.sensu.io).
8
+ The Sensu assets packaged from this repository are built against the Sensu ruby runtime environment. When using these assets as part of a Sensu Go resource (check, mutator or handler), make sure you include the corresponding Sensu ruby runtime asset in the list of assets needed by the resource. The current ruby-runtime assets can be found [here](https://bonsai.sensu.io/assets/sensu/sensu-ruby-runtime) in the [Bonsai Asset Index](https://bonsai.sensu.io).
9
9
 
10
10
  ## Functionality
11
11
 
@@ -1,6 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
- # frozen_string_literal: true
3
-
2
+ #
4
3
  # check-bundle-audit
5
4
  #
6
5
  # DESCRIPTION:
@@ -17,7 +16,7 @@
17
16
  # gem: bundler-audit
18
17
  #
19
18
  # LICENSE:
20
- # Florian Schwab <me@ydkn.io>
19
+ # SIC! Software GmbH <info@sic.software>
21
20
  # Released under the same terms as Sensu (the MIT license); see LICENSE
22
21
  # for details.
23
22
  #
@@ -54,13 +53,7 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
54
53
  def run
55
54
  update_audit_db
56
55
 
57
- checks = config[:paths].split(',').map do |path|
58
- check_audit(path.strip)
59
- end
60
-
61
- message = checks.select { |c| %i[critical warning].include?(c[:status]) }
62
- .map { |c| "#{c[:path]}: #{c[:message]}" }
63
- .compact.join("\n")
56
+ checks, message = check_results
64
57
 
65
58
  if checks.any? { |c| c[:status] == :critical }
66
59
  critical("Vulnerabilities found: #{message}")
@@ -76,7 +69,19 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
76
69
  def update_audit_db
77
70
  ok = Bundler::Audit::Database.update!(quiet: true)
78
71
 
79
- warning("Failed to update advisory db: #{stdout} #{stderr}") unless ok
72
+ warning('Failed to update advisory db') unless ok
73
+ end
74
+
75
+ def check_results
76
+ checks = config[:paths].split(',').map do |path|
77
+ check_audit(path.strip)
78
+ end
79
+
80
+ message = checks.select { |c| %i[critical warning].include?(c[:status]) }
81
+ .map { |c| "#{c[:path]}: #{c[:message]}" }
82
+ .compact.join("\n")
83
+
84
+ [checks, message]
80
85
  end
81
86
 
82
87
  def criticality_to_int(criticality)
@@ -92,7 +97,7 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
92
97
  end
93
98
  end
94
99
 
95
- def check_audit(path)
100
+ def vulnerabilities_for_path(path)
96
101
  ENV['BUNDLE_GEMFILE'] = File.join(path, 'Gemfile.lock')
97
102
 
98
103
  vulnerabilities = []
@@ -103,24 +108,39 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
103
108
  when Bundler::Audit::Scanner::InsecureSource
104
109
  vulnerabilities << { message: "Insecure Source URI found: #{result.source}", criticality: CRITICALITY_HIGH }
105
110
  when Bundler::Audit::Scanner::UnpatchedGem
106
- vulnerabilities << { gem: result.gem, advisory: result.advisory, criticality: criticality_to_int(result.advisory.criticality) }
111
+ vulnerabilities << {
112
+ gem: result.gem,
113
+ advisory: result.advisory,
114
+ criticality: criticality_to_int(result.advisory.criticality)
115
+ }
107
116
  end
108
117
  end
109
118
 
119
+ vulnerabilities
120
+ end
121
+
122
+ def message_for_vulnerabilities(vulnerabilities)
123
+ return 'No vulnerabilities found' if vulnerabilities.empty?
124
+
125
+ vulnerabilities.map do |v|
126
+ v[:message] || "#{v[:gem].name} #{v[:gem].version} (#{v[:advisory].cve || v[:advisory].osvdb})"
127
+ end.join(', ')
128
+ end
129
+
130
+ def ignore?(vulnerability)
131
+ config[:ignore].split(',').map(&:strip).include?(vulnerability[:advisory])
132
+ end
133
+
134
+ def check_audit(path)
135
+ vulnerabilities = vulnerabilities_for_path(path)
136
+ message = message_for_vulnerabilities(vulnerabilities)
137
+
110
138
  if vulnerabilities.empty?
111
- { path: path, status: :ok, message: 'No vulnerabilities found' }
139
+ { path: path, status: :ok, message: message }
140
+ elsif vulnerabilities.any? { |v| v[:criticality] >= config[:criticality].to_i && !ignore?(v) }
141
+ { path: path, status: :critical, message: message }
112
142
  else
113
- message = vulnerabilities.map do |v|
114
- v[:message] || "#{v[:gem].name} #{v[:gem].version} (#{v[:advisory].cve || v[:advisory].osvdb})"
115
- end.join(', ')
116
-
117
- if vulnerabilities.any? { |v| v[:criticality] >= config[:criticality].to_i && !config[:ignore].split(',').map(&:strip).include?(v[:advisory]) }
118
- { path: path, status: :critical, message: message }
119
- elsif vulnerabilities.any?
120
- { path: path, status: :ok, message: message }
121
- else
122
- { path: path, status: :warning, message: 'Vulnerabilities found' }
123
- end
143
+ { path: path, status: :ok, message: message }
124
144
  end
125
145
  rescue StandardError => e
126
146
  { path: path, status: :warning, message: "Failed to check for vulnerabilities: #{e.message}" }
@@ -1,6 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
- # frozen_string_literal: true
3
-
2
+ #
4
3
  # check-ruby-version
5
4
  #
6
5
  # DESCRIPTION:
@@ -16,7 +15,7 @@
16
15
  # gem: sensu-plugin
17
16
  #
18
17
  # LICENSE:
19
- # Florian Schwab <me@ydkn.io>
18
+ # SIC! Software GmbH <info@sic.software>
20
19
  # Released under the same terms as Sensu (the MIT license); see LICENSE
21
20
  # for details.
22
21
  #
@@ -27,7 +26,7 @@ require 'sensu-plugin/check/cli'
27
26
 
28
27
  # Sensu plugin for checking bundle audit status
29
28
  class RubyVersionCheck < Sensu::Plugin::Check::CLI
30
- RVM_KNOWN_RUBIES_URL = 'https://raw.githubusercontent.com/rvm/rvm/stable/config/known'
29
+ RVM_KNOWN_RUBIES_URL = 'https://raw.githubusercontent.com/rvm/rvm/stable/config/known'.freeze
31
30
  MIN_RUBY_VERSION = [2, 4].freeze
32
31
 
33
32
  option :paths,
@@ -37,16 +36,7 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
37
36
  required: true
38
37
 
39
38
  def run
40
- known_rubies = fetch_known_rubies
41
- latest_ruby = known_rubies.max
42
-
43
- checks = config[:paths].split(',').map do |path|
44
- check_path(path, known_rubies, latest_ruby)
45
- end
46
-
47
- message = checks.select { |c| %i[critical warning].include?(c[:status]) }
48
- .map { |c| "#{c[:path]}: #{c[:message]}" }
49
- .compact.join("\n")
39
+ checks, message = check_results
50
40
 
51
41
  if checks.any? { |c| c[:status] == :critical }
52
42
  critical(message)
@@ -61,6 +51,21 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
61
51
 
62
52
  private
63
53
 
54
+ def check_results
55
+ known_rubies = fetch_known_rubies
56
+ latest_ruby = known_rubies.max
57
+
58
+ checks = config[:paths].split(',').map do |path|
59
+ check_path(path, known_rubies, latest_ruby)
60
+ end
61
+
62
+ message = checks.select { |c| %i[critical warning].include?(c[:status]) }
63
+ .map { |c| "#{c[:path]}: #{c[:message]}" }
64
+ .compact.join("\n")
65
+
66
+ [checks, message]
67
+ end
68
+
64
69
  def fetch_known_rubies
65
70
  Net::HTTP.get(URI.parse(RVM_KNOWN_RUBIES_URL))
66
71
  .split("\n")
@@ -82,31 +87,52 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
82
87
  used_ruby = parse_ruby_version(File.read(File.join(path, '.ruby-version')))
83
88
  current_branch_patch_version = known_rubies.find { |v| v[0] == used_ruby[0] && v[1] == used_ruby[1] }
84
89
 
90
+ path_status(used_ruby, current_branch_patch_version, latest_ruby)
91
+ end
92
+
93
+ def eol_status(used_ruby)
94
+ {
95
+ status: :critical,
96
+ message: format('The ruby version has reached its end of live: %<version>s',
97
+ version: used_ruby.join('.'))
98
+ }
99
+ end
100
+
101
+ def outdated_status(used_ruby)
102
+ {
103
+ status: :warning,
104
+ message: format('Outdated Ruby version of %<branch>s branch: %<version>s',
105
+ branch: used_ruby[0..-2].join('.'),
106
+ version: used_ruby.join('.'))
107
+ }
108
+ end
109
+
110
+ def latest_branch_status(used_ruby, latest_ruby)
111
+ {
112
+ status: :ok,
113
+ message: format('Using latest version of %<branch>s branch: %<version>s - latest version: %<latest>s',
114
+ branch: used_ruby[0..-2].join('.'),
115
+ version: used_ruby.join('.'),
116
+ latest: latest_ruby[0..-2].join('.'))
117
+ }
118
+ end
119
+
120
+ def latest_status(used_ruby)
121
+ {
122
+ status: :ok,
123
+ message: format('Using latest version of ruby %<version>s', version: used_ruby.join('.'))
124
+ }
125
+ end
126
+
127
+ def path_status(used_ruby, current_branch_patch_version, latest_ruby)
85
128
  if current_branch_patch_version.nil?
86
- {
87
- path: path,
88
- status: :critical,
89
- message: format('The ruby version has reached its end of live: %s', used_ruby.join('.'))
90
- }
129
+ eol_status(used_ruby)
91
130
  elsif current_branch_patch_version[2] > used_ruby[2]
92
- {
93
- path: path,
94
- status: :warning,
95
- message: format('Outdated Ruby version of %s branch: %s', used_ruby[0..-2].join('.'), used_ruby.join('.'))
96
- }
131
+ outdated_status(used_ruby)
97
132
  elsif latest_ruby[0] > used_ruby[0] || latest_ruby[1] > used_ruby[1]
98
- {
99
- path: path,
100
- status: :ok,
101
- message: format('Using latest version of %s branch: %s - latest version: %s',
102
- used_ruby[0..-2].join('.'), used_ruby.join('.'), latest_ruby[0..-2].join('.'))
103
- }
133
+ latest_branch_status(used_ruby, latest_ruby)
104
134
  else
105
- {
106
- path: path,
107
- status: :ok,
108
- message: format('Using latest version of ruby %s', used_ruby.join('.'))
109
- }
135
+ latest_status(used_ruby)
110
136
  end
111
137
  end
112
138
  end
@@ -0,0 +1,5 @@
1
+ #!/bin/bash -e
2
+
3
+ curl -s -H "Authorization: token ${GITHUB_TOKEN}" --data "{\"tag_name\": \"${TRAVIS_TAG}\"}" -X POST "https://api.github.com/repos/${TRAVIS_REPO_SLUG}/releases"
4
+
5
+ ./bonsai/ruby-runtime/travis-build-ruby-plugin-assets.sh sensu-plugins-ruby
@@ -4,7 +4,7 @@ module SensuPluginsRuby
4
4
  module Version
5
5
  MAJOR = 0
6
6
  MINOR = 1
7
- PATCH = 0
7
+ PATCH = 3
8
8
 
9
9
  STRING = [MAJOR, MINOR, PATCH].compact.join('.')
10
10
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sensu-plugins-ruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - SIC! Software GmbH
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2019-07-26 00:00:00.000000000 Z
12
+ date: 2019-07-30 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -60,6 +60,7 @@ files:
60
60
  - Rakefile
61
61
  - bin/check-bundler-audit
62
62
  - bin/check-ruby-version
63
+ - deploy.sh
63
64
  - lib/sensu-plugins-ruby.rb
64
65
  - lib/sensu-plugins-ruby/version.rb
65
66
  - sensu-plugins-ruby.gemspec