Browse files

ignore-cve option

  • Loading branch information...
1 parent e7f8ccb commit 553352309c9f6bb9a3cde353b439462efd6cac4e @grosser committed Feb 20, 2013
Showing with 36 additions and 6 deletions.
  1. +1 −1 Gemfile
  2. +9 −3 Gemfile.lock
  3. +14 −1 Readme.md
  4. +2 −0 bin/bundle-organization-audit
  5. +5 −1 lib/bundler/organization_audit.rb
  6. +5 −0 spec/bundler/organization_audit_spec.rb
View
2 Gemfile
@@ -4,4 +4,4 @@ gemspec
gem "bump"
gem "rake"
gem "rspec", "~>2"
-gem "bundler-audit"
+gem "bundler-audit", :github => "grosser/bundler-audit", :branch => "ignore"
View
12 Gemfile.lock
@@ -1,3 +1,11 @@
+GIT
+ remote: git://github.com/grosser/bundler-audit.git
+ revision: 654cb6f50a46fddaa33b9840f76a33f921d69c4e
+ branch: ignore
+ specs:
+ bundler-audit (0.1.2)
+ bundler (~> 1.2)
+
PATH
remote: .
specs:
@@ -8,8 +16,6 @@ GEM
remote: http://rubygems.org/
specs:
bump (0.3.9)
- bundler-audit (0.1.2)
- bundler (~> 1.2)
diff-lcs (1.1.3)
json (1.7.7)
rake (10.0.3)
@@ -27,7 +33,7 @@ PLATFORMS
DEPENDENCIES
bump
- bundler-audit
+ bundler-audit!
bundler-organization_audit!
rake
rspec (~> 2)
View
15 Readme.md
@@ -1,7 +1,15 @@
Audit all Gemfiles of a user/organization on Github for unpatched versions
+ # simple
gem install bundler-organization_audit
+ # if you want --ignore-cve
+ git clone git://github.com/grosser/bundler-organization_audit.git
+ cd bundler-organization_audit
+ bundle
+ cd `bundle show bundler-audit` && git submodule init && git submodule update && cd -
+ bundle exec ./bin/bundle-organization-audit ... options ...
+
Usage
=====
@@ -45,15 +53,20 @@ For pipe -> only show vulnerable repos
bundle-organization-audit 2>/dev/null
```
-Use for CI -> ignore old/unmaintained proejcts
+Use for CI -> ignore old/unmaintained proejcts and unfixable/unimportant cves
```
bundle-organization-audit \
--ignore https://github.com/xxx/a \
--ignore https://github.com/xxx/b \
+ --ignore-cve 2013-0269@1.5.3 \
+ --ignore-cve '2013-0123@~>3.2.10' \
+ --ignore-cve 2013-0234 \
--organization xxx \
--token yyy
```
+Ignore cve
+
### Private repos
```Bash
View
2 bin/bundle-organization-audit
@@ -12,6 +12,7 @@ end
options = {
:ignore => [],
+ :ignore_cves => [],
:user => git_config("github.user")
}
OptionParser.new do |opts|
@@ -27,6 +28,7 @@ BANNER
opts.on("--user USER", "Use user") { |user| options[:user] = user }
opts.on("--ignore REPO_URL", "Ignore given repo urls (use multiple times)") { |repo_url| options[:ignore] << repo_url }
opts.on("--ignore-gems", "Ignore repos that have a %{repo}.gemspec") { options[:ignore_gems] = true }
+ opts.on("--ignore-cve CVE_NUMBER", "Ignore CVE that you do not want to get warned about just number or number@gem-version") { |cve| options[:ignore_cves] << cve }
opts.on("--organization ORGANIZATION", "Use user") { |organization| options[:organization] = organization }
opts.on("-h", "--help", "Show this.") { puts opts; exit }
opts.on("-v", "--version", "Show Version"){ puts Bundler::OrganizationAudit::VERSION; exit}
View
6 lib/bundler/organization_audit.rb
@@ -38,7 +38,11 @@ def audit_repo(repo, options)
if options[:ignore_gems] && repo.gem?(options)
$stderr.puts "Ignored because it's a gem"
else
- success = !sh("bundle-audit")
+ command = "bundle-audit"
+ if options[:ignore_cves] && options[:ignore_cves].any?
+ command << " --safe #{options[:ignore_cves].map { |cve| "'#{cve}'" }.join(" ")}"
+ end
+ success = !sh(command)
end
else
$stderr.puts "No Gemfile.lock found"
View
5 spec/bundler/organization_audit_spec.rb
@@ -72,6 +72,11 @@
result.should == ""
end
+ it "ignores CVEs via --ignore-cve" do
+ result = audit("--user user-with-unpatched-apps --ignore-cve 2013-0269@1.5.3", :keep_output => true)
+ result.should == ""
+ end
+
it "shows --version" do
audit("--version").should include(Bundler::OrganizationAudit::VERSION)
end

0 comments on commit 5533523

Please sign in to comment.