sensu-plugins-ruby 0.1.0 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +19 -3
- data/.travis.yml +2 -1
- data/CHANGELOG.md +8 -0
- data/README.md +1 -1
- data/bin/check-bundler-audit +45 -25
- data/bin/check-ruby-version +61 -35
- data/deploy.sh +5 -0
- data/lib/sensu-plugins-ruby/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0e1dabd0ee31dae574909c84992edf973c0c96cc6c70436304f426bd6899f4c3
|
4
|
+
data.tar.gz: 27bd9e4c080eaa235c3a0d144c88807a2d3dd4596fa6a919c2ae00878160f3f5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 32f2809055e23cf00903ac8cdf05decabe7c236e6ce191fe4aea0c9b55efcf61b39f90273251534ee7dc6b0875d471f5462ea33201292845b5a8d719df230d69
|
7
|
+
data.tar.gz: d47888ef3bb11399b514211b3e50d14e34862bbd4492367541750897a33c79a9f9ac78f8469f282e83302011b216dc304afffddb35c30e3c7ceb2e4c3abe982b
|
data/.rubocop.yml
CHANGED
@@ -1,5 +1,21 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
require:
|
2
|
+
- rubocop-performance
|
3
3
|
|
4
|
-
|
4
|
+
AllCops:
|
5
|
+
TargetRubyVersion: 2.4
|
6
|
+
|
7
|
+
Naming/FileName:
|
8
|
+
Exclude:
|
9
|
+
- 'lib/sensu-plugins-ruby.rb'
|
10
|
+
|
11
|
+
Metrics/LineLength:
|
12
|
+
Max: 120
|
13
|
+
|
14
|
+
Metrics/MethodLength:
|
5
15
|
Max: 20
|
16
|
+
|
17
|
+
Metrics/AbcSize:
|
18
|
+
Max: 20
|
19
|
+
|
20
|
+
Style/FrozenStringLiteralComment:
|
21
|
+
Enabled: false
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
6
6
|
|
7
7
|
## [Unreleased]
|
8
8
|
|
9
|
+
## [0.1.3] - 2019-07-30
|
10
|
+
### Fixed
|
11
|
+
- error output if updating the advisory-db failed
|
12
|
+
|
13
|
+
## [0.1.2] - 2019-07-27
|
14
|
+
|
15
|
+
## [0.1.1] - 2019-07-26
|
16
|
+
|
9
17
|
## [0.1.0] - 2019-07-26
|
10
18
|
### Added
|
11
19
|
- check if ruby version is current
|
data/README.md
CHANGED
@@ -5,7 +5,7 @@
|
|
5
5
|
[](https://bonsai.sensu.io/assets/SICSoftwareGmbH/sensu-plugins-ruby)
|
6
6
|
|
7
7
|
## Sensu Asset
|
8
|
-
The Sensu assets packaged from this repository are built against the Sensu ruby runtime environment. When using these assets as part of a Sensu Go resource (check, mutator or handler), make sure you include the corresponding Sensu ruby runtime asset in the list of assets needed by the resource. The current ruby-runtime assets can be found [here](https://bonsai.sensu.io/assets/sensu/sensu-ruby-runtime) in the [Bonsai Asset Index](bonsai.sensu.io).
|
8
|
+
The Sensu assets packaged from this repository are built against the Sensu ruby runtime environment. When using these assets as part of a Sensu Go resource (check, mutator or handler), make sure you include the corresponding Sensu ruby runtime asset in the list of assets needed by the resource. The current ruby-runtime assets can be found [here](https://bonsai.sensu.io/assets/sensu/sensu-ruby-runtime) in the [Bonsai Asset Index](https://bonsai.sensu.io).
|
9
9
|
|
10
10
|
## Functionality
|
11
11
|
|
data/bin/check-bundler-audit
CHANGED
@@ -1,6 +1,5 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
-
#
|
3
|
-
|
2
|
+
#
|
4
3
|
# check-bundle-audit
|
5
4
|
#
|
6
5
|
# DESCRIPTION:
|
@@ -17,7 +16,7 @@
|
|
17
16
|
# gem: bundler-audit
|
18
17
|
#
|
19
18
|
# LICENSE:
|
20
|
-
#
|
19
|
+
# SIC! Software GmbH <info@sic.software>
|
21
20
|
# Released under the same terms as Sensu (the MIT license); see LICENSE
|
22
21
|
# for details.
|
23
22
|
#
|
@@ -54,13 +53,7 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
|
|
54
53
|
def run
|
55
54
|
update_audit_db
|
56
55
|
|
57
|
-
checks =
|
58
|
-
check_audit(path.strip)
|
59
|
-
end
|
60
|
-
|
61
|
-
message = checks.select { |c| %i[critical warning].include?(c[:status]) }
|
62
|
-
.map { |c| "#{c[:path]}: #{c[:message]}" }
|
63
|
-
.compact.join("\n")
|
56
|
+
checks, message = check_results
|
64
57
|
|
65
58
|
if checks.any? { |c| c[:status] == :critical }
|
66
59
|
critical("Vulnerabilities found: #{message}")
|
@@ -76,7 +69,19 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
|
|
76
69
|
def update_audit_db
|
77
70
|
ok = Bundler::Audit::Database.update!(quiet: true)
|
78
71
|
|
79
|
-
warning(
|
72
|
+
warning('Failed to update advisory db') unless ok
|
73
|
+
end
|
74
|
+
|
75
|
+
def check_results
|
76
|
+
checks = config[:paths].split(',').map do |path|
|
77
|
+
check_audit(path.strip)
|
78
|
+
end
|
79
|
+
|
80
|
+
message = checks.select { |c| %i[critical warning].include?(c[:status]) }
|
81
|
+
.map { |c| "#{c[:path]}: #{c[:message]}" }
|
82
|
+
.compact.join("\n")
|
83
|
+
|
84
|
+
[checks, message]
|
80
85
|
end
|
81
86
|
|
82
87
|
def criticality_to_int(criticality)
|
@@ -92,7 +97,7 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
|
|
92
97
|
end
|
93
98
|
end
|
94
99
|
|
95
|
-
def
|
100
|
+
def vulnerabilities_for_path(path)
|
96
101
|
ENV['BUNDLE_GEMFILE'] = File.join(path, 'Gemfile.lock')
|
97
102
|
|
98
103
|
vulnerabilities = []
|
@@ -103,24 +108,39 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
|
|
103
108
|
when Bundler::Audit::Scanner::InsecureSource
|
104
109
|
vulnerabilities << { message: "Insecure Source URI found: #{result.source}", criticality: CRITICALITY_HIGH }
|
105
110
|
when Bundler::Audit::Scanner::UnpatchedGem
|
106
|
-
vulnerabilities << {
|
111
|
+
vulnerabilities << {
|
112
|
+
gem: result.gem,
|
113
|
+
advisory: result.advisory,
|
114
|
+
criticality: criticality_to_int(result.advisory.criticality)
|
115
|
+
}
|
107
116
|
end
|
108
117
|
end
|
109
118
|
|
119
|
+
vulnerabilities
|
120
|
+
end
|
121
|
+
|
122
|
+
def message_for_vulnerabilities(vulnerabilities)
|
123
|
+
return 'No vulnerabilities found' if vulnerabilities.empty?
|
124
|
+
|
125
|
+
vulnerabilities.map do |v|
|
126
|
+
v[:message] || "#{v[:gem].name} #{v[:gem].version} (#{v[:advisory].cve || v[:advisory].osvdb})"
|
127
|
+
end.join(', ')
|
128
|
+
end
|
129
|
+
|
130
|
+
def ignore?(vulnerability)
|
131
|
+
config[:ignore].split(',').map(&:strip).include?(vulnerability[:advisory])
|
132
|
+
end
|
133
|
+
|
134
|
+
def check_audit(path)
|
135
|
+
vulnerabilities = vulnerabilities_for_path(path)
|
136
|
+
message = message_for_vulnerabilities(vulnerabilities)
|
137
|
+
|
110
138
|
if vulnerabilities.empty?
|
111
|
-
{ path: path, status: :ok, message:
|
139
|
+
{ path: path, status: :ok, message: message }
|
140
|
+
elsif vulnerabilities.any? { |v| v[:criticality] >= config[:criticality].to_i && !ignore?(v) }
|
141
|
+
{ path: path, status: :critical, message: message }
|
112
142
|
else
|
113
|
-
|
114
|
-
v[:message] || "#{v[:gem].name} #{v[:gem].version} (#{v[:advisory].cve || v[:advisory].osvdb})"
|
115
|
-
end.join(', ')
|
116
|
-
|
117
|
-
if vulnerabilities.any? { |v| v[:criticality] >= config[:criticality].to_i && !config[:ignore].split(',').map(&:strip).include?(v[:advisory]) }
|
118
|
-
{ path: path, status: :critical, message: message }
|
119
|
-
elsif vulnerabilities.any?
|
120
|
-
{ path: path, status: :ok, message: message }
|
121
|
-
else
|
122
|
-
{ path: path, status: :warning, message: 'Vulnerabilities found' }
|
123
|
-
end
|
143
|
+
{ path: path, status: :ok, message: message }
|
124
144
|
end
|
125
145
|
rescue StandardError => e
|
126
146
|
{ path: path, status: :warning, message: "Failed to check for vulnerabilities: #{e.message}" }
|
data/bin/check-ruby-version
CHANGED
@@ -1,6 +1,5 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
-
#
|
3
|
-
|
2
|
+
#
|
4
3
|
# check-ruby-version
|
5
4
|
#
|
6
5
|
# DESCRIPTION:
|
@@ -16,7 +15,7 @@
|
|
16
15
|
# gem: sensu-plugin
|
17
16
|
#
|
18
17
|
# LICENSE:
|
19
|
-
#
|
18
|
+
# SIC! Software GmbH <info@sic.software>
|
20
19
|
# Released under the same terms as Sensu (the MIT license); see LICENSE
|
21
20
|
# for details.
|
22
21
|
#
|
@@ -27,7 +26,7 @@ require 'sensu-plugin/check/cli'
|
|
27
26
|
|
28
27
|
# Sensu plugin for checking bundle audit status
|
29
28
|
class RubyVersionCheck < Sensu::Plugin::Check::CLI
|
30
|
-
RVM_KNOWN_RUBIES_URL = 'https://raw.githubusercontent.com/rvm/rvm/stable/config/known'
|
29
|
+
RVM_KNOWN_RUBIES_URL = 'https://raw.githubusercontent.com/rvm/rvm/stable/config/known'.freeze
|
31
30
|
MIN_RUBY_VERSION = [2, 4].freeze
|
32
31
|
|
33
32
|
option :paths,
|
@@ -37,16 +36,7 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
|
|
37
36
|
required: true
|
38
37
|
|
39
38
|
def run
|
40
|
-
|
41
|
-
latest_ruby = known_rubies.max
|
42
|
-
|
43
|
-
checks = config[:paths].split(',').map do |path|
|
44
|
-
check_path(path, known_rubies, latest_ruby)
|
45
|
-
end
|
46
|
-
|
47
|
-
message = checks.select { |c| %i[critical warning].include?(c[:status]) }
|
48
|
-
.map { |c| "#{c[:path]}: #{c[:message]}" }
|
49
|
-
.compact.join("\n")
|
39
|
+
checks, message = check_results
|
50
40
|
|
51
41
|
if checks.any? { |c| c[:status] == :critical }
|
52
42
|
critical(message)
|
@@ -61,6 +51,21 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
|
|
61
51
|
|
62
52
|
private
|
63
53
|
|
54
|
+
def check_results
|
55
|
+
known_rubies = fetch_known_rubies
|
56
|
+
latest_ruby = known_rubies.max
|
57
|
+
|
58
|
+
checks = config[:paths].split(',').map do |path|
|
59
|
+
check_path(path, known_rubies, latest_ruby)
|
60
|
+
end
|
61
|
+
|
62
|
+
message = checks.select { |c| %i[critical warning].include?(c[:status]) }
|
63
|
+
.map { |c| "#{c[:path]}: #{c[:message]}" }
|
64
|
+
.compact.join("\n")
|
65
|
+
|
66
|
+
[checks, message]
|
67
|
+
end
|
68
|
+
|
64
69
|
def fetch_known_rubies
|
65
70
|
Net::HTTP.get(URI.parse(RVM_KNOWN_RUBIES_URL))
|
66
71
|
.split("\n")
|
@@ -82,31 +87,52 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
|
|
82
87
|
used_ruby = parse_ruby_version(File.read(File.join(path, '.ruby-version')))
|
83
88
|
current_branch_patch_version = known_rubies.find { |v| v[0] == used_ruby[0] && v[1] == used_ruby[1] }
|
84
89
|
|
90
|
+
path_status(used_ruby, current_branch_patch_version, latest_ruby)
|
91
|
+
end
|
92
|
+
|
93
|
+
def eol_status(used_ruby)
|
94
|
+
{
|
95
|
+
status: :critical,
|
96
|
+
message: format('The ruby version has reached its end of live: %<version>s',
|
97
|
+
version: used_ruby.join('.'))
|
98
|
+
}
|
99
|
+
end
|
100
|
+
|
101
|
+
def outdated_status(used_ruby)
|
102
|
+
{
|
103
|
+
status: :warning,
|
104
|
+
message: format('Outdated Ruby version of %<branch>s branch: %<version>s',
|
105
|
+
branch: used_ruby[0..-2].join('.'),
|
106
|
+
version: used_ruby.join('.'))
|
107
|
+
}
|
108
|
+
end
|
109
|
+
|
110
|
+
def latest_branch_status(used_ruby, latest_ruby)
|
111
|
+
{
|
112
|
+
status: :ok,
|
113
|
+
message: format('Using latest version of %<branch>s branch: %<version>s - latest version: %<latest>s',
|
114
|
+
branch: used_ruby[0..-2].join('.'),
|
115
|
+
version: used_ruby.join('.'),
|
116
|
+
latest: latest_ruby[0..-2].join('.'))
|
117
|
+
}
|
118
|
+
end
|
119
|
+
|
120
|
+
def latest_status(used_ruby)
|
121
|
+
{
|
122
|
+
status: :ok,
|
123
|
+
message: format('Using latest version of ruby %<version>s', version: used_ruby.join('.'))
|
124
|
+
}
|
125
|
+
end
|
126
|
+
|
127
|
+
def path_status(used_ruby, current_branch_patch_version, latest_ruby)
|
85
128
|
if current_branch_patch_version.nil?
|
86
|
-
|
87
|
-
path: path,
|
88
|
-
status: :critical,
|
89
|
-
message: format('The ruby version has reached its end of live: %s', used_ruby.join('.'))
|
90
|
-
}
|
129
|
+
eol_status(used_ruby)
|
91
130
|
elsif current_branch_patch_version[2] > used_ruby[2]
|
92
|
-
|
93
|
-
path: path,
|
94
|
-
status: :warning,
|
95
|
-
message: format('Outdated Ruby version of %s branch: %s', used_ruby[0..-2].join('.'), used_ruby.join('.'))
|
96
|
-
}
|
131
|
+
outdated_status(used_ruby)
|
97
132
|
elsif latest_ruby[0] > used_ruby[0] || latest_ruby[1] > used_ruby[1]
|
98
|
-
|
99
|
-
path: path,
|
100
|
-
status: :ok,
|
101
|
-
message: format('Using latest version of %s branch: %s - latest version: %s',
|
102
|
-
used_ruby[0..-2].join('.'), used_ruby.join('.'), latest_ruby[0..-2].join('.'))
|
103
|
-
}
|
133
|
+
latest_branch_status(used_ruby, latest_ruby)
|
104
134
|
else
|
105
|
-
|
106
|
-
path: path,
|
107
|
-
status: :ok,
|
108
|
-
message: format('Using latest version of ruby %s', used_ruby.join('.'))
|
109
|
-
}
|
135
|
+
latest_status(used_ruby)
|
110
136
|
end
|
111
137
|
end
|
112
138
|
end
|
data/deploy.sh
ADDED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sensu-plugins-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- SIC! Software GmbH
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2019-07-
|
12
|
+
date: 2019-07-30 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -60,6 +60,7 @@ files:
|
|
60
60
|
- Rakefile
|
61
61
|
- bin/check-bundler-audit
|
62
62
|
- bin/check-ruby-version
|
63
|
+
- deploy.sh
|
63
64
|
- lib/sensu-plugins-ruby.rb
|
64
65
|
- lib/sensu-plugins-ruby/version.rb
|
65
66
|
- sensu-plugins-ruby.gemspec
|