mackuba / holepicker Goto Github PK
View Code? Open in Web Editor NEWA Ruby gem for checking gems in Gemfiles for security updates (unmaintained)
Home Page: http://psionides.eu
License: MIT License
A Ruby gem for checking gems in Gemfiles for security updates (unmaintained)
Home Page: http://psionides.eu
License: MIT License
Basically does the same as holepicker but for all projects on your github repo, using bundler-audit
Last year I decided to leave the webdev world and concentrate only on Cocoa development. I still love Ruby as a language (especially as compared to ObjC - Swift is much better though), but it was just too much effort to try to keep up with Ruby, JS and Cocoa all the time, and I had to choose something.
I haven't been up to date with all the latest developments in the Ruby world since then, I'm not even sure which version of Ruby is the latest stable one now (2.1 I think?). I've been updating the Holepicker data file whenever I see tweets about a new Rails release with security fixes, and I've fixed the Rainbow bug, but I'm not willing to put any more effort than that into this project, since I have other projects to maintain too.
So I'm thinking that it would be better both for me and for users if this tool was taken over by someone who is still using Ruby daily and can take a better care of it. Anyone interested?
cc @cbeer @manuelvanrijn @xiazek @bct @TimPeters @pascalvanhecke @elhu @spk @ghost @lasseebert @AlexMC @adelevie
I'm trying to write a holepicker / nagios check. I now use the following grep rule:
~$ holepicker -f /etc/nginx/sites-enabled | grep -v -e OK -e Looking -e Fetching -e "No vulnerabilities" -e "โ"
But this is not always working, sometimes it gives other output and sometimes it just fails without errors.
Would it be possible to add an option (--silent for example) which would only give output when vulnerable gems are found?
Also, a --compact or --summary option which would only give the number of vulnerable gems (or 0 if none found) would be helpfull for integrating holepicker in nagios.
When I try to use holepicker recipe in "cap deploy" I get the following output:
"Can't download latest data file xpto: undefined method `version' for HolePicker:Module"
It's easy to bypass by including: "require 'holepicker/version'" in database.rb but probably this isn't the best way...
I am getting this error:
Can't download latest data file: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Hi,
I'm using HolePicker as a library, not as a CLI tool, and I came across a behaviour that seems a bit extreme.
If HolePicker can't download the data file, it prints out an error and exits. This behaviour is fine in the context of the command line tool, but isn't when using DatePicker as a library (DatePicker shouldn't cause my program to exit).
I think that if DatePicker::OnlineDatabase fails to download the data file, it should raise an exception, that could then either be handled in bin/holepicker for the CLI tool, or in the Capistrano recipe (probably with an option to decide whether to exit or not), or in any arbitrary code using HolePicker as a library.
If you think this feature could be useful, please let me know and I'll be happy to provide a pull-request!
Just installed and tried to run holepicker as per the README instructions got this error:
holepicker my_app
Fetching list of vulnerabilities...
Looking for gemfiles...
/home/sam/code/my_app/Gemfile.lock: /home/sam/.rvm/gems/ruby-2.0.0-p353/gems/holepicker-0.3.1/lib/holepicker/logger.rb:23:in `fail': undefined method `color' for "2 vulnerable gems found!":String (NoMethodError)
from /home/sam/.rvm/gems/ruby-2.0.0-p353/gems/holepicker-0.3.1/lib/holepicker/scanner.rb:77:in `scan_gemfile'
from /home/sam/.rvm/gems/ruby-2.0.0-p353/gems/holepicker-0.3.1/lib/holepicker/scanner.rb:58:in `block in scan_path'
from /home/sam/.rvm/gems/ruby-2.0.0-p353/gems/holepicker-0.3.1/lib/holepicker/scanner.rb:58:in `each'
from /home/sam/.rvm/gems/ruby-2.0.0-p353/gems/holepicker-0.3.1/lib/holepicker/scanner.rb:58:in `scan_path'
from /home/sam/.rvm/gems/ruby-2.0.0-p353/gems/holepicker-0.3.1/lib/holepicker/scanner.rb:42:in `block in scan'
from /home/sam/.rvm/gems/ruby-2.0.0-p353/gems/holepicker-0.3.1/lib/holepicker/scanner.rb:42:in `each'
from /home/sam/.rvm/gems/ruby-2.0.0-p353/gems/holepicker-0.3.1/lib/holepicker/scanner.rb:42:in `scan'
from /home/sam/.rvm/gems/ruby-2.0.0-p353/gems/holepicker-0.3.1/bin/holepicker:64:in `<top (required)>'
from /home/sam/.rvm/gems/ruby-2.0.0-p353/bin/holepicker:23:in `load'
from /home/sam/.rvm/gems/ruby-2.0.0-p353/bin/holepicker:23:in `<main>'
from /home/sam/.rvm/gems/ruby-2.0.0-p353/bin/ruby_executable_hooks:15:in `eval'
from /home/sam/.rvm/gems/ruby-2.0.0-p353/bin/ruby_executable_hooks:15:in `<main>'
When I run holepicker against this minimal Gemfile.lock:
GEM
remote: https://rubygems.org/
specs:
win32console (1.3.2-x86-mingw32)
PLATFORMS
x86-mingw32
DEPENDENCIES
win32console
I get:
/home/bct/src/test/Gemfile.lock: /home/bct/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/rubygems/version.rb:187:in `initialize': Malformed version number string 1.3.2-x86-mingw32 (ArgumentError)
from /home/bct/.rbenv/versions/1.9.3-p374/lib/ruby/gems/1.9.1/gems/holepicker-0.1.1/lib/holepicker/gem.rb:14:in `new'
Is this possible? I tried HolePicker::Scanner.new('Gemfile.lock').scan
, but this just prints a report (instead of returning a Ruby Hash
/Object
).
I watch bundle-audit and ruby-advisory-db projects. I think holepicker can use the ruby-advisory-db as bundle-audit do. It will usefull for both projects. @jsuder what do you think?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.