sensu-plugins-ruby 0.1.0 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ec7224c32897f3dfb83b505d4a09f43f38b58466a98f9c7cdb23a15ff08cac6e
4
- data.tar.gz: 4eab94904ad8480dc8ec9d697ca5ba9a11bb1b63459c710bb0afff4fd2e5487d
3
+ metadata.gz: 0e1dabd0ee31dae574909c84992edf973c0c96cc6c70436304f426bd6899f4c3
4
+ data.tar.gz: 27bd9e4c080eaa235c3a0d144c88807a2d3dd4596fa6a919c2ae00878160f3f5
5
5
  SHA512:
6
- metadata.gz: 53de6f426203ae0a80ab8fcb31a47d32054adb409bda280cf497d50e69d83f23b4a3a14acdb9d4124ef976ece01a967a8ac2cc89f1767767b1aa7226814a7717
7
- data.tar.gz: 7ce5be6cbe45f37d34f8aa5ce0394d6e9733da9f05b94d471d307d7562835dd6d91082380b586f448c198d710c8902a35cc312d4111cd9990d5ab3d6ba710719
6
+ metadata.gz: 32f2809055e23cf00903ac8cdf05decabe7c236e6ce191fe4aea0c9b55efcf61b39f90273251534ee7dc6b0875d471f5462ea33201292845b5a8d719df230d69
7
+ data.tar.gz: d47888ef3bb11399b514211b3e50d14e34862bbd4492367541750897a33c79a9f9ac78f8469f282e83302011b216dc304afffddb35c30e3c7ceb2e4c3abe982b
@@ -1,5 +1,21 @@
1
- LineLength:
2
- Max: 160
1
+ require:
2
+ - rubocop-performance
3
3
 
4
- AbcSize:
4
+ AllCops:
5
+ TargetRubyVersion: 2.4
6
+
7
+ Naming/FileName:
8
+ Exclude:
9
+ - 'lib/sensu-plugins-ruby.rb'
10
+
11
+ Metrics/LineLength:
12
+ Max: 120
13
+
14
+ Metrics/MethodLength:
5
15
  Max: 20
16
+
17
+ Metrics/AbcSize:
18
+ Max: 20
19
+
20
+ Style/FrozenStringLiteralComment:
21
+ Enabled: false
@@ -35,7 +35,8 @@ deploy:
35
35
  repo: SICSoftwareGmbH/sensu-plugins-ruby
36
36
 
37
37
  - provider: script
38
- script: bonsai/ruby-runtime/travis-build-ruby-plugin-assets.sh sensu-plugins-ruby
38
+ script:
39
+ - ./deploy.sh
39
40
  skip_cleanup: true
40
41
  on:
41
42
  tags: true
@@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## [0.1.3] - 2019-07-30
10
+ ### Fixed
11
+ - error output if updating the advisory-db failed
12
+
13
+ ## [0.1.2] - 2019-07-27
14
+
15
+ ## [0.1.1] - 2019-07-26
16
+
9
17
  ## [0.1.0] - 2019-07-26
10
18
  ### Added
11
19
  - check if ruby version is current
data/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
  [![Sensu Bonsai Asset](https://img.shields.io/badge/Bonsai-Download%20Me-brightgreen.svg?colorB=89C967&logo=sensu)](https://bonsai.sensu.io/assets/SICSoftwareGmbH/sensu-plugins-ruby)
6
6
 
7
7
  ## Sensu Asset
8
- The Sensu assets packaged from this repository are built against the Sensu ruby runtime environment. When using these assets as part of a Sensu Go resource (check, mutator or handler), make sure you include the corresponding Sensu ruby runtime asset in the list of assets needed by the resource. The current ruby-runtime assets can be found [here](https://bonsai.sensu.io/assets/sensu/sensu-ruby-runtime) in the [Bonsai Asset Index](bonsai.sensu.io).
8
+ The Sensu assets packaged from this repository are built against the Sensu ruby runtime environment. When using these assets as part of a Sensu Go resource (check, mutator or handler), make sure you include the corresponding Sensu ruby runtime asset in the list of assets needed by the resource. The current ruby-runtime assets can be found [here](https://bonsai.sensu.io/assets/sensu/sensu-ruby-runtime) in the [Bonsai Asset Index](https://bonsai.sensu.io).
9
9
 
10
10
  ## Functionality
11
11
 
@@ -1,6 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
- # frozen_string_literal: true
3
-
2
+ #
4
3
  # check-bundle-audit
5
4
  #
6
5
  # DESCRIPTION:
@@ -17,7 +16,7 @@
17
16
  # gem: bundler-audit
18
17
  #
19
18
  # LICENSE:
20
- # Florian Schwab <me@ydkn.io>
19
+ # SIC! Software GmbH <info@sic.software>
21
20
  # Released under the same terms as Sensu (the MIT license); see LICENSE
22
21
  # for details.
23
22
  #
@@ -54,13 +53,7 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
54
53
  def run
55
54
  update_audit_db
56
55
 
57
- checks = config[:paths].split(',').map do |path|
58
- check_audit(path.strip)
59
- end
60
-
61
- message = checks.select { |c| %i[critical warning].include?(c[:status]) }
62
- .map { |c| "#{c[:path]}: #{c[:message]}" }
63
- .compact.join("\n")
56
+ checks, message = check_results
64
57
 
65
58
  if checks.any? { |c| c[:status] == :critical }
66
59
  critical("Vulnerabilities found: #{message}")
@@ -76,7 +69,19 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
76
69
  def update_audit_db
77
70
  ok = Bundler::Audit::Database.update!(quiet: true)
78
71
 
79
- warning("Failed to update advisory db: #{stdout} #{stderr}") unless ok
72
+ warning('Failed to update advisory db') unless ok
73
+ end
74
+
75
+ def check_results
76
+ checks = config[:paths].split(',').map do |path|
77
+ check_audit(path.strip)
78
+ end
79
+
80
+ message = checks.select { |c| %i[critical warning].include?(c[:status]) }
81
+ .map { |c| "#{c[:path]}: #{c[:message]}" }
82
+ .compact.join("\n")
83
+
84
+ [checks, message]
80
85
  end
81
86
 
82
87
  def criticality_to_int(criticality)
@@ -92,7 +97,7 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
92
97
  end
93
98
  end
94
99
 
95
- def check_audit(path)
100
+ def vulnerabilities_for_path(path)
96
101
  ENV['BUNDLE_GEMFILE'] = File.join(path, 'Gemfile.lock')
97
102
 
98
103
  vulnerabilities = []
@@ -103,24 +108,39 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
103
108
  when Bundler::Audit::Scanner::InsecureSource
104
109
  vulnerabilities << { message: "Insecure Source URI found: #{result.source}", criticality: CRITICALITY_HIGH }
105
110
  when Bundler::Audit::Scanner::UnpatchedGem
106
- vulnerabilities << { gem: result.gem, advisory: result.advisory, criticality: criticality_to_int(result.advisory.criticality) }
111
+ vulnerabilities << {
112
+ gem: result.gem,
113
+ advisory: result.advisory,
114
+ criticality: criticality_to_int(result.advisory.criticality)
115
+ }
107
116
  end
108
117
  end
109
118
 
119
+ vulnerabilities
120
+ end
121
+
122
+ def message_for_vulnerabilities(vulnerabilities)
123
+ return 'No vulnerabilities found' if vulnerabilities.empty?
124
+
125
+ vulnerabilities.map do |v|
126
+ v[:message] || "#{v[:gem].name} #{v[:gem].version} (#{v[:advisory].cve || v[:advisory].osvdb})"
127
+ end.join(', ')
128
+ end
129
+
130
+ def ignore?(vulnerability)
131
+ config[:ignore].split(',').map(&:strip).include?(vulnerability[:advisory])
132
+ end
133
+
134
+ def check_audit(path)
135
+ vulnerabilities = vulnerabilities_for_path(path)
136
+ message = message_for_vulnerabilities(vulnerabilities)
137
+
110
138
  if vulnerabilities.empty?
111
- { path: path, status: :ok, message: 'No vulnerabilities found' }
139
+ { path: path, status: :ok, message: message }
140
+ elsif vulnerabilities.any? { |v| v[:criticality] >= config[:criticality].to_i && !ignore?(v) }
141
+ { path: path, status: :critical, message: message }
112
142
  else
113
- message = vulnerabilities.map do |v|
114
- v[:message] || "#{v[:gem].name} #{v[:gem].version} (#{v[:advisory].cve || v[:advisory].osvdb})"
115
- end.join(', ')
116
-
117
- if vulnerabilities.any? { |v| v[:criticality] >= config[:criticality].to_i && !config[:ignore].split(',').map(&:strip).include?(v[:advisory]) }
118
- { path: path, status: :critical, message: message }
119
- elsif vulnerabilities.any?
120
- { path: path, status: :ok, message: message }
121
- else
122
- { path: path, status: :warning, message: 'Vulnerabilities found' }
123
- end
143
+ { path: path, status: :ok, message: message }
124
144
  end
125
145
  rescue StandardError => e
126
146
  { path: path, status: :warning, message: "Failed to check for vulnerabilities: #{e.message}" }
@@ -1,6 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
- # frozen_string_literal: true
3
-
2
+ #
4
3
  # check-ruby-version
5
4
  #
6
5
  # DESCRIPTION:
@@ -16,7 +15,7 @@
16
15
  # gem: sensu-plugin
17
16
  #
18
17
  # LICENSE:
19
- # Florian Schwab <me@ydkn.io>
18
+ # SIC! Software GmbH <info@sic.software>
20
19
  # Released under the same terms as Sensu (the MIT license); see LICENSE
21
20
  # for details.
22
21
  #
@@ -27,7 +26,7 @@ require 'sensu-plugin/check/cli'
27
26
 
28
27
  # Sensu plugin for checking bundle audit status
29
28
  class RubyVersionCheck < Sensu::Plugin::Check::CLI
30
- RVM_KNOWN_RUBIES_URL = 'https://raw.githubusercontent.com/rvm/rvm/stable/config/known'
29
+ RVM_KNOWN_RUBIES_URL = 'https://raw.githubusercontent.com/rvm/rvm/stable/config/known'.freeze
31
30
  MIN_RUBY_VERSION = [2, 4].freeze
32
31
 
33
32
  option :paths,
@@ -37,16 +36,7 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
37
36
  required: true
38
37
 
39
38
  def run
40
- known_rubies = fetch_known_rubies
41
- latest_ruby = known_rubies.max
42
-
43
- checks = config[:paths].split(',').map do |path|
44
- check_path(path, known_rubies, latest_ruby)
45
- end
46
-
47
- message = checks.select { |c| %i[critical warning].include?(c[:status]) }
48
- .map { |c| "#{c[:path]}: #{c[:message]}" }
49
- .compact.join("\n")
39
+ checks, message = check_results
50
40
 
51
41
  if checks.any? { |c| c[:status] == :critical }
52
42
  critical(message)
@@ -61,6 +51,21 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
61
51
 
62
52
  private
63
53
 
54
+ def check_results
55
+ known_rubies = fetch_known_rubies
56
+ latest_ruby = known_rubies.max
57
+
58
+ checks = config[:paths].split(',').map do |path|
59
+ check_path(path, known_rubies, latest_ruby)
60
+ end
61
+
62
+ message = checks.select { |c| %i[critical warning].include?(c[:status]) }
63
+ .map { |c| "#{c[:path]}: #{c[:message]}" }
64
+ .compact.join("\n")
65
+
66
+ [checks, message]
67
+ end
68
+
64
69
  def fetch_known_rubies
65
70
  Net::HTTP.get(URI.parse(RVM_KNOWN_RUBIES_URL))
66
71
  .split("\n")
@@ -82,31 +87,52 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
82
87
  used_ruby = parse_ruby_version(File.read(File.join(path, '.ruby-version')))
83
88
  current_branch_patch_version = known_rubies.find { |v| v[0] == used_ruby[0] && v[1] == used_ruby[1] }
84
89
 
90
+ path_status(used_ruby, current_branch_patch_version, latest_ruby)
91
+ end
92
+
93
+ def eol_status(used_ruby)
94
+ {
95
+ status: :critical,
96
+ message: format('The ruby version has reached its end of live: %<version>s',
97
+ version: used_ruby.join('.'))
98
+ }
99
+ end
100
+
101
+ def outdated_status(used_ruby)
102
+ {
103
+ status: :warning,
104
+ message: format('Outdated Ruby version of %<branch>s branch: %<version>s',
105
+ branch: used_ruby[0..-2].join('.'),
106
+ version: used_ruby.join('.'))
107
+ }
108
+ end
109
+
110
+ def latest_branch_status(used_ruby, latest_ruby)
111
+ {
112
+ status: :ok,
113
+ message: format('Using latest version of %<branch>s branch: %<version>s - latest version: %<latest>s',
114
+ branch: used_ruby[0..-2].join('.'),
115
+ version: used_ruby.join('.'),
116
+ latest: latest_ruby[0..-2].join('.'))
117
+ }
118
+ end
119
+
120
+ def latest_status(used_ruby)
121
+ {
122
+ status: :ok,
123
+ message: format('Using latest version of ruby %<version>s', version: used_ruby.join('.'))
124
+ }
125
+ end
126
+
127
+ def path_status(used_ruby, current_branch_patch_version, latest_ruby)
85
128
  if current_branch_patch_version.nil?
86
- {
87
- path: path,
88
- status: :critical,
89
- message: format('The ruby version has reached its end of live: %s', used_ruby.join('.'))
90
- }
129
+ eol_status(used_ruby)
91
130
  elsif current_branch_patch_version[2] > used_ruby[2]
92
- {
93
- path: path,
94
- status: :warning,
95
- message: format('Outdated Ruby version of %s branch: %s', used_ruby[0..-2].join('.'), used_ruby.join('.'))
96
- }
131
+ outdated_status(used_ruby)
97
132
  elsif latest_ruby[0] > used_ruby[0] || latest_ruby[1] > used_ruby[1]
98
- {
99
- path: path,
100
- status: :ok,
101
- message: format('Using latest version of %s branch: %s - latest version: %s',
102
- used_ruby[0..-2].join('.'), used_ruby.join('.'), latest_ruby[0..-2].join('.'))
103
- }
133
+ latest_branch_status(used_ruby, latest_ruby)
104
134
  else
105
- {
106
- path: path,
107
- status: :ok,
108
- message: format('Using latest version of ruby %s', used_ruby.join('.'))
109
- }
135
+ latest_status(used_ruby)
110
136
  end
111
137
  end
112
138
  end
@@ -0,0 +1,5 @@
1
+ #!/bin/bash -e
2
+
3
+ curl -s -H "Authorization: token ${GITHUB_TOKEN}" --data "{\"tag_name\": \"${TRAVIS_TAG}\"}" -X POST "https://api.github.com/repos/${TRAVIS_REPO_SLUG}/releases"
4
+
5
+ ./bonsai/ruby-runtime/travis-build-ruby-plugin-assets.sh sensu-plugins-ruby
@@ -4,7 +4,7 @@ module SensuPluginsRuby
4
4
  module Version
5
5
  MAJOR = 0
6
6
  MINOR = 1
7
- PATCH = 0
7
+ PATCH = 3
8
8
 
9
9
  STRING = [MAJOR, MINOR, PATCH].compact.join('.')
10
10
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sensu-plugins-ruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - SIC! Software GmbH
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2019-07-26 00:00:00.000000000 Z
12
+ date: 2019-07-30 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -60,6 +60,7 @@ files:
60
60
  - Rakefile
61
61
  - bin/check-bundler-audit
62
62
  - bin/check-ruby-version
63
+ - deploy.sh
63
64
  - lib/sensu-plugins-ruby.rb
64
65
  - lib/sensu-plugins-ruby/version.rb
65
66
  - sensu-plugins-ruby.gemspec