class GemsStatus::NotASecurityAlertChecker

Attributes

gem[R]
security_messages[R]

Public Class Methods

new(conf) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 13
def initialize(conf)
  Utils::check_parameters('NotASecurityAlertChecker', conf, ["fixed", "source_repos", "email_username", "email_password", "mailing_lists", "email_to"])
  @fixed = conf["fixed"]
  @source_repos = conf["source_repos"]
  @security_messages = {}
  @email_username = conf["email_username"]
  @email_password = conf["email_password"]
  @mailing_lists = conf["mailing_lists"]
  @email_to = conf["email_to"]
  @emails = {}
  @gem = nil
  @emails = Utils.download_emails(@email_username, @email_password, @mailing_lists)
end

Public Instance Methods

check?(gem) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 27
def check?(gem)
  @gem = gem
  #ignore upstream checks
  return true if gem.origin == gem.gems_url

  @security_messages = {}
  look_in_scm(gem)
  look_in_emails(gem)
  filter_security_messages_already_fixed(gem.version, gem.date)
  send_emails(gem)
  return @security_messages.length == 0
end
description() click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 40
def description
  if !@gem
    Utils::log_debug("No gem. That means that check method has not been called in NotASecurityAlertChecker")
    return
  end
  message(@gem)
end

Private Instance Methods

filter_security_messages_already_fixed(version, date) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 112
def filter_security_messages_already_fixed(version, date)
  @security_messages.delete_if do |k,v|
    @fixed[k] && Gem::Version.new(@fixed[k]) <= version 
  end
  @security_messages.delete_if do |k,v|
    v.date && date && v.date < date
  end
end
gem_uri(gem_version_information) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 156
def gem_uri(gem_version_information)
  if gem_version_information["project_uri"] && 
     gem_version_information["project_uri"].include?("github")
    return gem_version_information["project_uri"]
  elsif gem_version_information["homepage_uri"] && 
     gem_version_information["homepage_uri"].include?("github")
    return gem_version_information["homepage_uri"]
  elsif gem_version_information["source_code_uri"] && 
     gem_version_information["source_code_uri"].include?("github")
    return gem_version_information["source_code_uri"]
  else
    return nil
  end
end
key_for_emails(listname, gem, email) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 92
def key_for_emails(listname, gem, email)
  "email_#{listname}_#{gem.name}_#{gem.origin}_#{email.uid}"
end
look_for_security_messages(name, source_repo, origin, counter = 0) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 134
def look_for_security_messages(name, source_repo, origin, counter = 0)
   Utils::log_debug "looking for security messages on #{source_repo}"
   if ! File.exists?("build_security_messages_check")
     Utils::log_debug "creating build_security_messages_check in #{Dir.pwd}"
     Dir.mkdir("build_security_messages_check")
   end
   Dir.chdir("build_security_messages_check") do
     if ! File.exists?(name)
       Dir.mkdir(name)
     end
     Dir.chdir(name) do
       scmCheckMessages = ScmCheckMessagesFactory.get_instance(source_repo)
       if scmCheckMessages == nil
         Utils::log_error name, "Not a valid source repo #{source_repo}"
         return {}
       end
       @security_messages = scmCheckMessages.check_messages(name, source_repo, 
                                       ScmSecurityMessages.new, origin)
     end
   end
end
look_in_emails(gem) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 96
def look_in_emails(gem)
  @emails.each do |listname, emails|
    emails.each do |email|
      if listname.strip == "rubyonrails-security@googlegroups.com" && gem.name == "rails" 
        @security_messages[key_for_emails(listname, gem, email)] = SecurityAlert.new(email.subject)
        Utils::log_debug "looking for security emails: listname matches gem #{gem.name}: #{listname}"
      elsif email.subject.start_with? "Re:"
        Utils::log_debug "ignoring message that starts with Re:"
      elsif match_name(email.subject, gem.name)
        @security_messages[key_for_emails(listname, gem, email)] = SecurityAlert.new(email.subject)
        Utils::log_debug "looking for security emails: subject matches gem #{gem.name}: #{email.subject}"
      end
    end
  end
end
look_in_scm(gem) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 81
def look_in_scm(gem)
  version = gem.version
  source_repo = source_repo(gem)
  if ! source_repo
    Utils::log_error gem.name, "Not source URL for #{gem.name}"
    return 
  end
  Utils::log_debug "Source URL for #{gem.name} #{source_repo}"
  look_for_security_messages(gem.name, source_repo, gem.origin)
end
match_name(str, name) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 50
def match_name(str, name)
  str =~ /(gem|ruby).*\b#{name}\b/ || str =~ /\b#{name}\b.*(gem|ruby).*/
end
message(gem) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 54
def message(gem)
  return unless gem
  mssg = ""
  mssg = "#{gem.name} #{gem.version} : #{gem.origin} \n"
  @security_messages.each do |k,v|
    mssg = mssg + "\n-- #{k} --"
    mssg = mssg + "\n #{v.desc}"
    mssg = mssg + "\nFixed in #{@fixed[k]}\n" if @fixed[k]
  end
  mssg
end
send_emails(gem) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 66
def send_emails(gem)
  return if @security_messages.length == 0
  #gems.origin == gems.gems_url if we are looking to an upstream gem,
  #for example in rubygems.org. We only care about our application gems.
  #where the origin will be a gemfile.lock file
  return if gem.origin == gem.gems_url
  mssg = message(gem)
  @email_to.each do |email_receiver|
    GemsStatus::Utils.send_email(email_receiver, @email_username,
                                 @email_password, gem.name, mssg)
  end
  Utils::log_debug "Email sent to #{@email_to} "
  Utils::log_debug "with body #{mssg} "
end
source_repo(gem) click to toggle source
# File lib/gems-status/checkers/not_a_security_alert_checker.rb, line 121
def source_repo(gem)
  if @source_repos[gem.name]
    return @source_repos[gem.name]
  end
  begin
    gem_version_information = JSON.parse(open("http://rubygems.org/api/v1/gems/#{gem.name}.json").read)
  rescue => e
    Utils::log_error gem.name, "There was a problem downloading info for #{gem.name} #{e.to_s}"
    return nil
  end
  gem_uri(gem_version_information)
end