sensu-plugins-ruby 0.1.0 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ec7224c32897f3dfb83b505d4a09f43f38b58466a98f9c7cdb23a15ff08cac6e
-  data.tar.gz: 4eab94904ad8480dc8ec9d697ca5ba9a11bb1b63459c710bb0afff4fd2e5487d
+  metadata.gz: 0e1dabd0ee31dae574909c84992edf973c0c96cc6c70436304f426bd6899f4c3
+  data.tar.gz: 27bd9e4c080eaa235c3a0d144c88807a2d3dd4596fa6a919c2ae00878160f3f5
 SHA512:
-  metadata.gz: 53de6f426203ae0a80ab8fcb31a47d32054adb409bda280cf497d50e69d83f23b4a3a14acdb9d4124ef976ece01a967a8ac2cc89f1767767b1aa7226814a7717
-  data.tar.gz: 7ce5be6cbe45f37d34f8aa5ce0394d6e9733da9f05b94d471d307d7562835dd6d91082380b586f448c198d710c8902a35cc312d4111cd9990d5ab3d6ba710719
+  metadata.gz: 32f2809055e23cf00903ac8cdf05decabe7c236e6ce191fe4aea0c9b55efcf61b39f90273251534ee7dc6b0875d471f5462ea33201292845b5a8d719df230d69
+  data.tar.gz: d47888ef3bb11399b514211b3e50d14e34862bbd4492367541750897a33c79a9f9ac78f8469f282e83302011b216dc304afffddb35c30e3c7ceb2e4c3abe982b

data/.rubocop.yml

@@ -1,5 +1,21 @@
-LineLength:
-  Max: 160
+require:
+  - rubocop-performance
 
-AbcSize:
+AllCops:
+  TargetRubyVersion: 2.4
+
+Naming/FileName:
+  Exclude:
+    - 'lib/sensu-plugins-ruby.rb'
+
+Metrics/LineLength:
+  Max: 120
+
+Metrics/MethodLength:
   Max: 20
+
+Metrics/AbcSize:
+  Max: 20
+
+Style/FrozenStringLiteralComment:
+  Enabled: false

data/.travis.yml

@@ -35,7 +35,8 @@ deploy:
       repo: SICSoftwareGmbH/sensu-plugins-ruby
 
   - provider: script
-    script: bonsai/ruby-runtime/travis-build-ruby-plugin-assets.sh sensu-plugins-ruby
+    script:
+      - ./deploy.sh
     skip_cleanup: true
     on:
       tags: true

data/CHANGELOG.md

@@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.3] - 2019-07-30
+### Fixed
+- error output if updating the advisory-db failed
+
+## [0.1.2] - 2019-07-27
+
+## [0.1.1] - 2019-07-26
+
 ## [0.1.0] - 2019-07-26
 ### Added
 - check if ruby version is current

data/README.md

@@ -5,7 +5,7 @@
 [![Sensu Bonsai Asset](https://img.shields.io/badge/Bonsai-Download%20Me-brightgreen.svg?colorB=89C967&logo=sensu)](https://bonsai.sensu.io/assets/SICSoftwareGmbH/sensu-plugins-ruby)
 
 ## Sensu Asset  
-  The Sensu assets packaged from this repository are built against the Sensu ruby runtime environment. When using these assets as part of a Sensu Go resource (check, mutator or handler), make sure you include the corresponding Sensu ruby runtime asset in the list of assets needed by the resource.  The current ruby-runtime assets can be found [here](https://bonsai.sensu.io/assets/sensu/sensu-ruby-runtime) in the [Bonsai Asset Index](bonsai.sensu.io).
+  The Sensu assets packaged from this repository are built against the Sensu ruby runtime environment. When using these assets as part of a Sensu Go resource (check, mutator or handler), make sure you include the corresponding Sensu ruby runtime asset in the list of assets needed by the resource.  The current ruby-runtime assets can be found [here](https://bonsai.sensu.io/assets/sensu/sensu-ruby-runtime) in the [Bonsai Asset Index](https://bonsai.sensu.io).
 
 ## Functionality
 

data/bin/check-bundler-audit

@@ -1,6 +1,5 @@
 #!/usr/bin/env ruby
-# frozen_string_literal: true
-
+#
 #   check-bundle-audit
 #
 # DESCRIPTION:
@@ -17,7 +16,7 @@
 #   gem: bundler-audit
 #
 # LICENSE:
-#   Florian Schwab <me@ydkn.io>
+#   SIC! Software GmbH <info@sic.software>
 #   Released under the same terms as Sensu (the MIT license); see LICENSE
 #   for details.
 #
@@ -54,13 +53,7 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
   def run
     update_audit_db
 
-    checks = config[:paths].split(',').map do |path|
-      check_audit(path.strip)
-    end
-
-    message = checks.select { |c| %i[critical warning].include?(c[:status]) }
-                    .map { |c| "#{c[:path]}: #{c[:message]}" }
-                    .compact.join("\n")
+    checks, message = check_results
 
     if checks.any? { |c| c[:status] == :critical }
       critical("Vulnerabilities found: #{message}")
@@ -76,7 +69,19 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
   def update_audit_db
     ok = Bundler::Audit::Database.update!(quiet: true)
 
-    warning("Failed to update advisory db: #{stdout} #{stderr}") unless ok
+    warning('Failed to update advisory db') unless ok
+  end
+
+  def check_results
+    checks = config[:paths].split(',').map do |path|
+      check_audit(path.strip)
+    end
+
+    message = checks.select { |c| %i[critical warning].include?(c[:status]) }
+                    .map { |c| "#{c[:path]}: #{c[:message]}" }
+                    .compact.join("\n")
+
+    [checks, message]
   end
 
   def criticality_to_int(criticality)
@@ -92,7 +97,7 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
     end
   end
 
-  def check_audit(path)
+  def vulnerabilities_for_path(path)
     ENV['BUNDLE_GEMFILE'] = File.join(path, 'Gemfile.lock')
 
     vulnerabilities = []
@@ -103,24 +108,39 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
       when Bundler::Audit::Scanner::InsecureSource
         vulnerabilities << { message: "Insecure Source URI found: #{result.source}", criticality: CRITICALITY_HIGH }
       when Bundler::Audit::Scanner::UnpatchedGem
-        vulnerabilities << { gem: result.gem, advisory: result.advisory, criticality: criticality_to_int(result.advisory.criticality) }
+        vulnerabilities << {
+          gem: result.gem,
+          advisory: result.advisory,
+          criticality: criticality_to_int(result.advisory.criticality)
+        }
       end
     end
 
+    vulnerabilities
+  end
+
+  def message_for_vulnerabilities(vulnerabilities)
+    return 'No vulnerabilities found' if vulnerabilities.empty?
+
+    vulnerabilities.map do |v|
+      v[:message] || "#{v[:gem].name} #{v[:gem].version} (#{v[:advisory].cve || v[:advisory].osvdb})"
+    end.join(', ')
+  end
+
+  def ignore?(vulnerability)
+    config[:ignore].split(',').map(&:strip).include?(vulnerability[:advisory])
+  end
+
+  def check_audit(path)
+    vulnerabilities = vulnerabilities_for_path(path)
+    message = message_for_vulnerabilities(vulnerabilities)
+
     if vulnerabilities.empty?
-      { path: path, status: :ok, message: 'No vulnerabilities found' }
+      { path: path, status: :ok, message: message }
+    elsif vulnerabilities.any? { |v| v[:criticality] >= config[:criticality].to_i && !ignore?(v) }
+      { path: path, status: :critical, message: message }
     else
-      message = vulnerabilities.map do |v|
-        v[:message] || "#{v[:gem].name} #{v[:gem].version} (#{v[:advisory].cve || v[:advisory].osvdb})"
-      end.join(', ')
-
-      if vulnerabilities.any? { |v| v[:criticality] >= config[:criticality].to_i && !config[:ignore].split(',').map(&:strip).include?(v[:advisory]) }
-        { path: path, status: :critical, message: message }
-      elsif vulnerabilities.any?
-        { path: path, status: :ok, message: message }
-      else
-        { path: path, status: :warning, message: 'Vulnerabilities found' }
-      end
+      { path: path, status: :ok, message: message }
     end
   rescue StandardError => e
     { path: path, status: :warning, message: "Failed to check for vulnerabilities: #{e.message}" }

data/bin/check-ruby-version

@@ -1,6 +1,5 @@
 #!/usr/bin/env ruby
-# frozen_string_literal: true
-
+#
 #   check-ruby-version
 #
 # DESCRIPTION:
@@ -16,7 +15,7 @@
 #   gem: sensu-plugin
 #
 # LICENSE:
-#   Florian Schwab <me@ydkn.io>
+#   SIC! Software GmbH <info@sic.software>
 #   Released under the same terms as Sensu (the MIT license); see LICENSE
 #   for details.
 #
@@ -27,7 +26,7 @@ require 'sensu-plugin/check/cli'
 
 # Sensu plugin for checking bundle audit status
 class RubyVersionCheck < Sensu::Plugin::Check::CLI
-  RVM_KNOWN_RUBIES_URL = 'https://raw.githubusercontent.com/rvm/rvm/stable/config/known'
+  RVM_KNOWN_RUBIES_URL = 'https://raw.githubusercontent.com/rvm/rvm/stable/config/known'.freeze
   MIN_RUBY_VERSION     = [2, 4].freeze
 
   option :paths,
@@ -37,16 +36,7 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
          required: true
 
   def run
-    known_rubies = fetch_known_rubies
-    latest_ruby = known_rubies.max
-
-    checks = config[:paths].split(',').map do |path|
-      check_path(path, known_rubies, latest_ruby)
-    end
-
-    message = checks.select { |c| %i[critical warning].include?(c[:status]) }
-                    .map { |c| "#{c[:path]}: #{c[:message]}" }
-                    .compact.join("\n")
+    checks, message = check_results
 
     if checks.any? { |c| c[:status] == :critical }
       critical(message)
@@ -61,6 +51,21 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
 
   private
 
+  def check_results
+    known_rubies = fetch_known_rubies
+    latest_ruby = known_rubies.max
+
+    checks = config[:paths].split(',').map do |path|
+      check_path(path, known_rubies, latest_ruby)
+    end
+
+    message = checks.select { |c| %i[critical warning].include?(c[:status]) }
+                    .map { |c| "#{c[:path]}: #{c[:message]}" }
+                    .compact.join("\n")
+
+    [checks, message]
+  end
+
   def fetch_known_rubies
     Net::HTTP.get(URI.parse(RVM_KNOWN_RUBIES_URL))
              .split("\n")
@@ -82,31 +87,52 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
     used_ruby = parse_ruby_version(File.read(File.join(path, '.ruby-version')))
     current_branch_patch_version = known_rubies.find { |v| v[0] == used_ruby[0] && v[1] == used_ruby[1] }
 
+    path_status(used_ruby, current_branch_patch_version, latest_ruby)
+  end
+
+  def eol_status(used_ruby)
+    {
+      status: :critical,
+      message: format('The ruby version has reached its end of live: %<version>s',
+                      version: used_ruby.join('.'))
+    }
+  end
+
+  def outdated_status(used_ruby)
+    {
+      status: :warning,
+      message: format('Outdated Ruby version of %<branch>s branch: %<version>s',
+                      branch: used_ruby[0..-2].join('.'),
+                      version: used_ruby.join('.'))
+    }
+  end
+
+  def latest_branch_status(used_ruby, latest_ruby)
+    {
+      status: :ok,
+      message: format('Using latest version of %<branch>s branch: %<version>s - latest version: %<latest>s',
+                      branch: used_ruby[0..-2].join('.'),
+                      version: used_ruby.join('.'),
+                      latest: latest_ruby[0..-2].join('.'))
+    }
+  end
+
+  def latest_status(used_ruby)
+    {
+      status: :ok,
+      message: format('Using latest version of ruby %<version>s', version: used_ruby.join('.'))
+    }
+  end
+
+  def path_status(used_ruby, current_branch_patch_version, latest_ruby)
     if current_branch_patch_version.nil?
-      {
-        path: path,
-        status: :critical,
-        message: format('The ruby version has reached its end of live: %s', used_ruby.join('.'))
-      }
+      eol_status(used_ruby)
     elsif current_branch_patch_version[2] > used_ruby[2]
-      {
-        path: path,
-        status: :warning,
-        message: format('Outdated Ruby version of %s branch: %s', used_ruby[0..-2].join('.'), used_ruby.join('.'))
-      }
+      outdated_status(used_ruby)
     elsif latest_ruby[0] > used_ruby[0] || latest_ruby[1] > used_ruby[1]
-      {
-        path: path,
-        status: :ok,
-        message: format('Using latest version of %s branch: %s - latest version: %s',
-                        used_ruby[0..-2].join('.'), used_ruby.join('.'), latest_ruby[0..-2].join('.'))
-      }
+      latest_branch_status(used_ruby, latest_ruby)
     else
-      {
-        path: path,
-        status: :ok,
-        message: format('Using latest version of ruby %s', used_ruby.join('.'))
-      }
+      latest_status(used_ruby)
     end
   end
 end

data/deploy.sh

@@ -0,0 +1,5 @@
+#!/bin/bash -e
+
+curl -s -H "Authorization: token ${GITHUB_TOKEN}" --data "{\"tag_name\": \"${TRAVIS_TAG}\"}" -X POST "https://api.github.com/repos/${TRAVIS_REPO_SLUG}/releases"
+
+./bonsai/ruby-runtime/travis-build-ruby-plugin-assets.sh sensu-plugins-ruby

data/lib/sensu-plugins-ruby/version.rb

@@ -4,7 +4,7 @@ module SensuPluginsRuby
   module Version
     MAJOR = 0
     MINOR = 1
-    PATCH = 0
+    PATCH = 3
 
     STRING = [MAJOR, MINOR, PATCH].compact.join('.')
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sensu-plugins-ruby
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.3
 platform: ruby
 authors:
 - SIC! Software GmbH
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-26 00:00:00.000000000 Z
+date: 2019-07-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -60,6 +60,7 @@ files:
 - Rakefile
 - bin/check-bundler-audit
 - bin/check-ruby-version
+- deploy.sh
 - lib/sensu-plugins-ruby.rb
 - lib/sensu-plugins-ruby/version.rb
 - sensu-plugins-ruby.gemspec