Permalink
Browse files

maybe works

  • Loading branch information...
1 parent 5b1e3fe commit 6a2aea2722e373e5462e3be9674f09cc518e2c82 @grosser committed Feb 12, 2013
View
@@ -0,0 +1 @@
+spec/private.yml
View
@@ -4,3 +4,4 @@ gemspec
gem "bump"
gem "rake"
gem "rspec", "~>2"
+gem "bundler-audit", :github => "grosser/bundler-audit" # needs pull 6,7,8
View
@@ -1,13 +1,22 @@
+GIT
+ remote: git://github.com/grosser/bundler-audit.git
+ revision: f6e2e4a79e1fcd2d22e0cb5803ab5e2804e99d0c
+ specs:
+ bundler-audit (0.1.1)
+ bundler (~> 1.0)
+
PATH
remote: .
specs:
bundler-organization_audit (0.0.0)
+ json
GEM
remote: http://rubygems.org/
specs:
bump (0.3.9)
diff-lcs (1.1.3)
+ json (1.7.7)
rake (10.0.3)
rspec (2.12.0)
rspec-core (~> 2.12.0)
@@ -23,6 +32,7 @@ PLATFORMS
DEPENDENCIES
bump
+ bundler-audit!
bundler-organization_audit!
rake
rspec (~> 2)
View
@@ -8,7 +8,39 @@ Install
Usage
=====
- CODE EXAMPLE
+### Public repos
+
+```Bash
+bundle-authorization-audit # for yourself (git config github.user)
+parllel: safe
+parllel_tests: safe
+rails_example_app:
+Name: rack
+Version: 1.4.4
+CVE: 2013-0263
+Criticality: High
+URL: http://osvdb.org/show/osvdb/89939
+Title: Rack Rack::Session::Cookie Function Timing Attack Remote Code Execution
+Patched Versions: ~> 1.1.6, ~> 1.2.8, ~> 1.3.10, ~> 1.4.5, >= 1.5.2
+
+bundle-authorization-audit --user grosser # for someone elese
+...
+
+```
+
+### Private repos
+
+```Bash
+curl -v -u grosser -X POST https://api.github.com/authorizations --data '{"scopes":["repo"]}'
+enter your password -> you get a TOKEN
+
+bundle-authorization-audit --token TOKEN
+...
+```
+
+Dev
+===
+ - test private repo fetching via `cp spec/private{.example,}.yml` and filling it out
Author
======
@@ -15,7 +15,16 @@ Usage:
Options:
BANNER
+ opts.on("-t", "--token TOKEN","Use token") { |token| options[:token] = token }
+ opts.on("-u", "--user USER","Use user") { |user| options[:user] = user }
opts.on("-h", "--help","Show this.") { puts opts; exit }
opts.on("-v", "--version","Show Version"){ puts Bundler::OrganizationAudit::VERSION; exit}
end.parse!
+def git_config(thing)
+ result = `git config #{thing}`.strip
+ result.empty? ? nil : result
+end
+
+Bundler::OrganizationAudit.run({:user => git_config("github.user")}.merge(options))
+
@@ -12,4 +12,5 @@ Gem::Specification.new name, Bundler::OrganizationAudit::VERSION do |s|
s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem")
s.cert_chain = [".public_cert.pem"]
s.executables = ["bundle-organization-audit"]
+ s.add_runtime_dependency "json"
end
@@ -1,6 +1,77 @@
require "bundler/organization_audit/version"
+require "open-uri"
+require "json"
+require "tmpdir"
module Bundler
module OrganizationAudit
+ HOST = "https://api.github.com"
+
+ class << self
+ def run(options)
+ in_temp_dir do
+ repos(options).each do |url, branch|
+ project = url.split("/").last
+ puts "\n#{project}"
+ if download_lock_file(url, branch)
+ sh("bundle-audit")
+ else
+ puts "No Gemfile.lock found for #{project}"
+ end
+ end
+ end
+ end
+
+ def download_lock_file(url, branch)
+ lock_file = "Gemfile.lock"
+ content = open(File.join(url.sub("://", "://raw."), branch, lock_file)).read
+ File.open(lock_file, "w") { |f| f.write content }
+ rescue OpenURI::HTTPError
+ end
+
+ def repos(options)
+ url, headers = if options[:token]
+ ["#{HOST}/user/repos", {"Authorization" => "token #{options[:token]}"}]
+ else
+ ["#{HOST}/users/#{options[:user]}/repos", {}]
+ end
+
+ download_all_pages(url, headers).map do |repo|
+ preferred_branch = repo["default_branch"] || repo["master_branch"] || "master"
+ [repo["url"].sub("api.", "").sub("/repos/", "/"), preferred_branch]
+ end
+ end
+
+ private
+
+ def in_temp_dir(&block)
+ Dir.mktmpdir { |dir| Dir.chdir(dir, &block) }
+ end
+
+ def sh(cmd)
+ puts cmd
+ IO.popen(cmd) do |pipe|
+ while str = pipe.gets
+ puts str
+ end
+ end
+ $?.success?
+ end
+
+ def download_all_pages(url, headers)
+ results = []
+ page = 1
+ loop do
+ result = JSON.parse(open("#{url}?page=#{page}", headers).read)
+ if result.size == 0
+ break
+ else
+ results.concat(result)
+ page += 1
+ end
+ end
+ results
+ end
+ end
end
end
@@ -5,9 +5,28 @@
Bundler::OrganizationAudit::VERSION.should =~ /^[\.\da-z]+$/
end
+ describe Bundler::OrganizationAudit do
+ describe ".repos" do
+ it "returns the list of public repositories" do
+ list = Bundler::OrganizationAudit.repos(:user => "grosser")
+ list.should include(["https://github.com/grosser/parallel", "master"])
+ end
+
+ if File.exist?("spec/private.yml")
+ it "returns the list of private repositories" do
+ config = YAML.load_file("spec/private.yml")
+ list = Bundler::OrganizationAudit.repos(:token => config["token"])
+ list.should include(["https://github.com/#{config["user"]}/#{config["expected"]}", "master"])
+ end
+ end
+ end
+ end
+
context "CLI" do
it "can audit a user" do
-
+ result = audit("--user anamartinez").gsub(/\e\[\d+m/, "")
+ result.should include "No Gemfile.lock found for I18N-tools"
+ result.should include "js-cldr-timezones\nbundle-audit\nNo unpatched versions found"
end
it "shows --version" do
View
@@ -0,0 +1,3 @@
+user: xxx
+token: yyy
+expected: zzz

0 comments on commit 6a2aea2

Please sign in to comment.