From de0bfb12d6e9248fa6406b397ed0ef859257781e Mon Sep 17 00:00:00 2001 From: Allister Beharry Date: Fri, 4 Oct 2019 13:03:31 -0400 Subject: [PATCH 1/4] Add Gemfile.lock parsing for transitive deps --- lib/auditrb/commands/gems.rb | 77 ++++++++++++++++++++++++++++++------ 1 file changed, 64 insertions(+), 13 deletions(-) diff --git a/lib/auditrb/commands/gems.rb b/lib/auditrb/commands/gems.rb index b2f8a4a..a5787d4 100644 --- a/lib/auditrb/commands/gems.rb +++ b/lib/auditrb/commands/gems.rb @@ -10,6 +10,7 @@ module Commands class Gems < Auditrb::Command def initialize(file, options) @file = file + @lock_file = '' @options = options @pastel = Pastel.new @dependencies = Hash.new() @@ -23,6 +24,7 @@ def execute(input: $stdin, output: $stdout) if not gemspec_file_exists? return end + gem_lock_file_exists?() n = get_dependencies() if n == 0 print_err "No dependencies retrieved. Exiting." @@ -40,7 +42,7 @@ def execute(input: $stdin, output: $stdout) def gemspec_file_exists?() if not ::File.file? @file - print_err "Could not fifnd .gemspec file #{@file}." + print_err "Could not find .gemspec file #{@file}." return false else require 'pathname' @@ -50,8 +52,21 @@ def gemspec_file_exists?() end end + def gem_lock_file_exists?() + lf = File.join(File.dirname(@file), "Gemfile.lock") + if ::File.file? lf + @lock_file = lf + require 'pathname' + path = Pathname.new(@lock_file) + print_success "Using Gemfile.lock at #{path.realpath}." + return true + else + return false + end + end + def get_dependencies() - format = "[#{@pastel.green(':spinner')}] " + @pastel.white("Parsing dependencies") + format = "[#{@pastel.green(':spinner')}] " + @pastel.white("Parsing dependencies from #{@file}") spinner = TTY::Spinner.new(format, success_mark: @pastel.green('+'), hide_cursor: true) spinner.auto_spin() IO.foreach(@file) do |x| @@ -72,12 +87,45 @@ def get_dependencies() print_err "Parsing dependency line #{x} failed." end c = @dependencies.count() - spinner.success("...done. Parsed #{c} dependencies.") - c + spinner.success("...done. Parsed #{c} dependencies from spec file #{@file}.") + if @lock_file == '' then + return c + end + format = "[#{@pastel.green(':spinner')}] " + @pastel.white("Parsing dependencies from lock file #{@lock_file}\n") + spinner = TTY::Spinner.new(format, success_mark: @pastel.green('+'), hide_cursor: true) + spinner.auto_spin() + IO.foreach(@lock_file) do |x| + case x + when /^\s+(\S+)\s*\((.+)\)\s*$/ + p = $1 + v = $2.to_s + r = + if v.start_with?('"') then + v.gsub!(/\A"|"\Z/, '') + else + v + end + if not @dependencies.key?(p) then + begin + @dependencies[p] = Gem::Requirement.parse(r) + rescue => ex + print_err "Error parsing Gemfile requirement #{r}: #{ex.message}." + end + end + end + rescue StandardError => e + spinner.stop("...failed.") + print_err "Parsing dependency line #{x} failed." + end + if @dependencies.count() > c then + spinner.success("...done. Parsed #{@dependencies.count() - c} additional dependencies from lock file #{@lock_file}.") + else + spinner.stop("...done. Did not parse any additional dependencies from lock file #{@lock_file}.") + end end def get_dependencies_versions() - format = "[#{@pastel.green(':spinner')}] " + @pastel.white("Parsing versions") + format = "[#{@pastel.green(':spinner')}] " + @pastel.white("Parsing versions\n") spinner = TTY::Spinner.new(format, success_mark: @pastel.green('+'), hide_cursor: true) spinner.auto_spin() @dependencies.each do |p, r| @@ -88,15 +136,18 @@ def get_dependencies_versions() elsif v.split('.').length == 2 then v = v + ".0" end - version = Semantic::Version.new(v) - case o - when '>' - version = version.increment!(:minor) - when '<' - version = decrement(version) + begin + version = Semantic::Version.new(v) + case o + when '>' + version = version.increment!(:minor) + when '<' + version = decrement(version) + end + @dependencies_versions[p] = version + rescue => ex + print_err "Error parsing #{p} dependency version #{v}: #{ex.message}. Skipping." end - #puts "p:#{p} o:#{o} v:#{v} version:#{version}." - @dependencies_versions[p] = version end c = @dependencies_versions.count() spinner.success("...done.") From 3780b1ded3d924acfe5b02af1c3207f4a380566e Mon Sep 17 00:00:00 2001 From: Allister Beharry Date: Fri, 4 Oct 2019 13:39:13 -0400 Subject: [PATCH 2/4] Add --deployment flag to bundler --- build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sh b/build.sh index c32b739..811c3b4 100755 --- a/build.sh +++ b/build.sh @@ -1,3 +1,3 @@ #!/bin/bash echo Installing Ruby dependencies... -bundle install "$@" +bundle install --deployment "$@" From bb3d2eeefe8a9aa85772d507f7e7a333f91d8ce5 Mon Sep 17 00:00:00 2001 From: Allister Beharry Date: Fri, 4 Oct 2019 13:40:34 -0400 Subject: [PATCH 3/4] Add --deployment flag to bundler script --- build.cmd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.cmd b/build.cmd index 1df08e5..b560ac1 100644 --- a/build.cmd +++ b/build.cmd @@ -1,3 +1,3 @@ @echo off echo Installing Ruby dependencies... -bundle install %* +bundle install --deployment %* From fc992e1bb12e9768abe08983c990444274796a63 Mon Sep 17 00:00:00 2001 From: Allister Beharry Date: Sun, 22 Mar 2020 23:20:43 -0400 Subject: [PATCH 4/4] Add Windows run and build script --- Gemfile.lock | 14 ++++++++++++-- bin/chelseawin.rb | 5 +++++ build.cmd | 3 +++ chelsea.cmd | 2 ++ 4 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 bin/chelseawin.rb create mode 100644 build.cmd create mode 100644 chelsea.cmd diff --git a/Gemfile.lock b/Gemfile.lock index 765f2f7..209a9e5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,8 +1,8 @@ PATH remote: . specs: - chelsea (0.0.1) - bundler (~> 2.0.0) + chelsea (0.0.2) + bundler (>= 1.2.0, < 3) pastel (~> 0.7.2) rest-client (~> 2.0.2) slop (~> 4.8.0) @@ -16,6 +16,7 @@ GEM domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) equatable (0.6.1) + ffi (1.12.2-x64-mingw32) http-cookie (1.0.3) domain_name (~> 0.5) mime-types (3.3.1) @@ -30,6 +31,11 @@ GEM http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) + rest-client (2.0.2-x64-mingw32) + ffi (~> 1.9) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 4.0) + netrc (~> 0.8) rspec (3.9.0) rspec-core (~> 3.9.0) rspec-expectations (~> 3.9.0) @@ -43,6 +49,8 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.9.0) rspec-support (3.9.2) + rspec_junit_formatter (0.4.1) + rspec-core (>= 2, < 4, != 2.12.0) slop (4.8.0) tty-color (0.5.1) tty-cursor (0.7.1) @@ -55,11 +63,13 @@ GEM PLATFORMS ruby + x64-mingw32 DEPENDENCIES chelsea! rake (~> 10.0) rspec (~> 3.0) + rspec_junit_formatter (~> 0.4.1) BUNDLED WITH 2.0.2 diff --git a/bin/chelseawin.rb b/bin/chelseawin.rb new file mode 100644 index 0000000..32ae185 --- /dev/null +++ b/bin/chelseawin.rb @@ -0,0 +1,5 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true +require ".\\lib\\chelsea.rb" + +Chelsea::CLI.new.main diff --git a/build.cmd b/build.cmd new file mode 100644 index 0000000..1df08e5 --- /dev/null +++ b/build.cmd @@ -0,0 +1,3 @@ +@echo off +echo Installing Ruby dependencies... +bundle install %* diff --git a/chelsea.cmd b/chelsea.cmd new file mode 100644 index 0000000..b05cfe8 --- /dev/null +++ b/chelsea.cmd @@ -0,0 +1,2 @@ +@echo off +ruby .\bin\chelseawin.rb %* \ No newline at end of file