Module: BundlerAuditNotifier

Defined in:
lib/bundler_audit_notifier.rb,
lib/bundler_audit_notifier/engine.rb,
lib/generators/bundler_audit_notifier/bundler_audit_notifier_generator.rb

Defined Under Namespace

Classes: BundlerAuditNotifierGenerator, Engine

Class Method Summary collapse

Class Method Details

.audit_parseObject 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/bundler_audit_notifier.rb', line 7

def self.audit_parse
  r, w = IO.pipe
  audit_script_file = File.join(File.dirname(__FILE__), 'auditer_script.rb')
  # Spawn executes specified command and return its pid
  # This line will execute code that runs bundler-audit and then write the output into the IO pipe
  # Spawning a process to read the output of bundler-audit update and check because after the commands finish running exit 1 is called and the output can no longer be read.
  pid = spawn(RbConfig.ruby, audit_script_file, :out => w, :err => [:child, :out])

  Process.wait2(pid)
  w.close
  # At this point, the results of the bundler-audit check command are written in the IO pipe
  vulnerabilities = []# load quieries from database 
  while !r.eof?
    name_line = r.gets
    
    if name = name_line[/Name: (?<name>.+)/, :name]
      version_line = r.gets
      advisory_line = r.gets
      criticality_line = r.gets
      url_line = r.gets
      title_line = r.gets
      solution_line = r.gets
      space = r.gets
      if version_line && advisory_line && criticality_line && url_line && title_line && solution_line
        version = version_line[/Version: (?<version>.+)/, :version]
        advisory = advisory_line[/Advisory: (?<advisory>.+)/, :advisory]
        criticality = criticality_line[/Criticality: (?<criticality>.+)/, :criticality]
        url = url_line[/URL: (?<url>.+)/, :url]
        title = title_line[/Title: (?<title>.+)/, :title]
        solution = solution_line[/Solution: (?<solution>.+)/, :solution]

        # check for valid data
        # check database table for existing event
        if BundlerAuditIssue.exists?(advisory: advisory)
          bundler_audit_issue = BundlerAuditIssue.where(advisory: advisory).first
          #   if event found, touch event
          bundler_audit_issue.touch
          #  add event to vulnerabilities array if it was not marked ignored
          if !bundler_audit_issue.ignore
            vulnerabilities << bundler_audit_issue
          end
        else 
          bundler_audit_issue = BundlerAuditIssue.create(:name => name, :version => version, :advisory => advisory, :criticality => criticality, :url => url, :title => title, :solution => solution)

          vulnerabilities << bundler_audit_issue
        end
      else
        puts "ERROR: nil line found #{version_line}, #{advisory_line}, #{criticality_line}, #{url_line}, #{title_line}, #{solution_line}"
      end
    elsif name_line.strip == "Vulnerabilities found!"
      puts "End of output reached!"
    end
  end
  # iterate through remaining vulnerabilties and send them in an email if any are remaining
  if vulnerabilities.present?
    BundlerAuditIssuesMailer.vulnerability_email(vulnerabilities).deliver_now
  end
end