diff --git a/Gemfile.lock b/Gemfile.lock index 73908ef..75bd925 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - gem_guard (1.2.6) + gem_guard (1.2.8) json (~> 2.0) thor (~> 1.0) tty-prompt (~> 0.23) diff --git a/gem_guard-1.2.6.gem b/gem_guard-1.2.6.gem new file mode 100644 index 0000000..56db88a Binary files /dev/null and b/gem_guard-1.2.6.gem differ diff --git a/gem_guard-1.2.8.gem b/gem_guard-1.2.8.gem new file mode 100644 index 0000000..def59b3 Binary files /dev/null and b/gem_guard-1.2.8.gem differ diff --git a/lib/gem_guard/parser.rb b/lib/gem_guard/parser.rb index 67c26c7..b7b1c66 100644 --- a/lib/gem_guard/parser.rb +++ b/lib/gem_guard/parser.rb @@ -58,11 +58,12 @@ def validate_dependencies_section!(content, spec_names, lockfile_path) end # Expect indentation then a gem name optionally with version in parens - if !/^\s{2,}[a-z0-9_\-]+(\s*\([^)]*\))?\s*$/i.match?(stripped) + # Allow ! character for local gem references (e.g., gem_guard!) + if !/^\s{2,}[a-z0-9_\-!]+(\s*\([^)]*\))?\s*$/i.match?(stripped) raise GemGuard::InvalidLockfileError, "Invalid Gemfile.lock at #{lockfile_path}: malformed DEPENDENCIES entry '#{line.strip}'" end - name = stripped.strip.split.first + name = stripped.strip.split.first.delete("!") # remove optional version tuple e.g., rails, or rails(=7.0.0) case without space name = name.split("(").first diff --git a/lib/gem_guard/version.rb b/lib/gem_guard/version.rb index 51b848b..356f90a 100644 --- a/lib/gem_guard/version.rb +++ b/lib/gem_guard/version.rb @@ -1,3 +1,3 @@ module GemGuard - VERSION = "1.2.6" + VERSION = "1.2.8" end diff --git a/lib/gem_guard/vulnerability_fetcher.rb b/lib/gem_guard/vulnerability_fetcher.rb index 32ea6f3..1627c88 100644 --- a/lib/gem_guard/vulnerability_fetcher.rb +++ b/lib/gem_guard/vulnerability_fetcher.rb @@ -18,10 +18,19 @@ def fetch_for(dependencies) vulnerabilities = [] dependencies.each do |dependency| + spinner.update(text: "[:spinner] Fetching OSV for #{dependency.name}") vulnerabilities.concat(fetch_osv_vulnerabilities(dependency)) + + spinner.update(text: "[:spinner] Fetching Ruby Advisory DB for #{dependency.name}") vulnerabilities.concat(fetch_ruby_advisory_vulnerabilities(dependency)) + + spinner.update(text: "[:spinner] Fetching GHSA for #{dependency.name}") vulnerabilities.concat(fetch_ghsa_vulnerabilities(dependency)) + + spinner.update(text: "[:spinner] Fetching NVD for #{dependency.name}") vulnerabilities.concat(fetch_nvd_vulnerabilities(dependency)) + + spinner.update(text: "[:spinner] Fetching Curesec Advisory DB for #{dependency.name}") vulnerabilities.concat(fetch_cu_advisory_vulnerabilities(dependency)) end diff --git a/spec/examples.txt b/spec/examples.txt index 3772818..8b6d82f 100644 --- a/spec/examples.txt +++ b/spec/examples.txt @@ -1,104 +1,104 @@ example_id | status | run_time | ----------------------------------------------------- | ------ | --------------- | -./spec/gem_guard/analyzer_spec.rb[1:1:1] | passed | 0.00003 seconds | -./spec/gem_guard/analyzer_spec.rb[1:1:2] | passed | 0.00058 seconds | -./spec/gem_guard/analyzer_spec.rb[1:1:3] | passed | 0.00017 seconds | -./spec/gem_guard/analyzer_spec.rb[2:1:1] | passed | 0.00003 seconds | +./spec/gem_guard/analyzer_spec.rb[1:1:1] | passed | 0.00004 seconds | +./spec/gem_guard/analyzer_spec.rb[1:1:2] | passed | 0.00003 seconds | +./spec/gem_guard/analyzer_spec.rb[1:1:3] | passed | 0.00002 seconds | +./spec/gem_guard/analyzer_spec.rb[2:1:1] | passed | 0.00004 seconds | ./spec/gem_guard/analyzer_spec.rb[2:1:2] | passed | 0.00002 seconds | -./spec/gem_guard/analyzer_spec.rb[2:2:1] | passed | 0.00008 seconds | -./spec/gem_guard/auto_fixer_spec.rb[1:1:1:1] | passed | 0.00061 seconds | -./spec/gem_guard/auto_fixer_spec.rb[1:1:1:2] | passed | 0.00038 seconds | -./spec/gem_guard/auto_fixer_spec.rb[1:1:1:3] | passed | 0.00082 seconds | -./spec/gem_guard/auto_fixer_spec.rb[1:1:1:4] | passed | 0.00048 seconds | -./spec/gem_guard/auto_fixer_spec.rb[1:1:2:1] | passed | 0.00034 seconds | -./spec/gem_guard/auto_fixer_spec.rb[1:1:2:2] | passed | 0.00039 seconds | -./spec/gem_guard/auto_fixer_spec.rb[1:1:3:1] | passed | 0.00048 seconds | -./spec/gem_guard/auto_fixer_spec.rb[1:2:1:1] | passed | 0.00034 seconds | +./spec/gem_guard/analyzer_spec.rb[2:2:1] | passed | 0.00005 seconds | +./spec/gem_guard/auto_fixer_spec.rb[1:1:1:1] | passed | 0.00049 seconds | +./spec/gem_guard/auto_fixer_spec.rb[1:1:1:2] | passed | 0.00098 seconds | +./spec/gem_guard/auto_fixer_spec.rb[1:1:1:3] | passed | 0.00065 seconds | +./spec/gem_guard/auto_fixer_spec.rb[1:1:1:4] | passed | 0.00273 seconds | +./spec/gem_guard/auto_fixer_spec.rb[1:1:2:1] | passed | 0.00062 seconds | +./spec/gem_guard/auto_fixer_spec.rb[1:1:2:2] | passed | 0.00033 seconds | +./spec/gem_guard/auto_fixer_spec.rb[1:1:3:1] | passed | 0.00045 seconds | +./spec/gem_guard/auto_fixer_spec.rb[1:2:1:1] | passed | 0.00027 seconds | ./spec/gem_guard/auto_fixer_spec.rb[1:2:1:2] | passed | 0.00033 seconds | -./spec/gem_guard/auto_fixer_spec.rb[1:2:2:1] | passed | 0.00048 seconds | +./spec/gem_guard/auto_fixer_spec.rb[1:2:2:1] | passed | 0.00044 seconds | ./spec/gem_guard/auto_fixer_spec.rb[1:2:2:2] | passed | 0.00029 seconds | -./spec/gem_guard/auto_fixer_spec.rb[1:2:3:1] | passed | 0.00034 seconds | -./spec/gem_guard/cli_snapshot_spec.rb[1:1] | passed | 0.00072 seconds | -./spec/gem_guard/cli_snapshot_spec.rb[1:2] | passed | 0.00364 seconds | -./spec/gem_guard/cli_spec.rb[1:1:1] | passed | 0.00031 seconds | -./spec/gem_guard/cli_spec.rb[1:1:2] | passed | 0.00072 seconds | -./spec/gem_guard/cli_spec.rb[1:2:1] | passed | 0.0003 seconds | -./spec/gem_guard/cli_spec.rb[1:2:2] | passed | 0.00029 seconds | -./spec/gem_guard/cli_spec.rb[1:3:1] | passed | 0.00049 seconds | -./spec/gem_guard/cli_spec.rb[1:3:2] | passed | 0.00045 seconds | -./spec/gem_guard/config_spec.rb[1:1:1:1] | passed | 0.00015 seconds | -./spec/gem_guard/config_spec.rb[1:1:2:1] | passed | 0.00056 seconds | -./spec/gem_guard/config_spec.rb[1:1:3:1] | passed | 0.00047 seconds | +./spec/gem_guard/auto_fixer_spec.rb[1:2:3:1] | passed | 0.0003 seconds | +./spec/gem_guard/cli_snapshot_spec.rb[1:1] | passed | 0.0025 seconds | +./spec/gem_guard/cli_snapshot_spec.rb[1:2] | passed | 0.00112 seconds | +./spec/gem_guard/cli_spec.rb[1:1:1] | passed | 0.00045 seconds | +./spec/gem_guard/cli_spec.rb[1:1:2] | passed | 0.00033 seconds | +./spec/gem_guard/cli_spec.rb[1:2:1] | passed | 0.00031 seconds | +./spec/gem_guard/cli_spec.rb[1:2:2] | passed | 0.00033 seconds | +./spec/gem_guard/cli_spec.rb[1:3:1] | passed | 0.00047 seconds | +./spec/gem_guard/cli_spec.rb[1:3:2] | passed | 0.00044 seconds | +./spec/gem_guard/config_spec.rb[1:1:1:1] | passed | 0.00012 seconds | +./spec/gem_guard/config_spec.rb[1:1:2:1] | passed | 0.00031 seconds | +./spec/gem_guard/config_spec.rb[1:1:3:1] | passed | 0.00051 seconds | ./spec/gem_guard/config_spec.rb[1:2:1] | passed | 0.00012 seconds | -./spec/gem_guard/config_spec.rb[1:2:2] | passed | 0.00015 seconds | -./spec/gem_guard/config_spec.rb[1:3:1] | passed | 0.00056 seconds | +./spec/gem_guard/config_spec.rb[1:2:2] | passed | 0.00013 seconds | +./spec/gem_guard/config_spec.rb[1:3:1] | passed | 0.00045 seconds | ./spec/gem_guard/config_spec.rb[1:4:1] | passed | 0.00013 seconds | ./spec/gem_guard/config_spec.rb[1:4:2] | passed | 0.00014 seconds | -./spec/gem_guard/config_spec.rb[1:5:1] | passed | 0.00013 seconds | -./spec/gem_guard/config_spec.rb[1:5:2] | passed | 0.00013 seconds | +./spec/gem_guard/config_spec.rb[1:5:1] | passed | 0.00021 seconds | +./spec/gem_guard/config_spec.rb[1:5:2] | passed | 0.00014 seconds | ./spec/gem_guard/config_spec.rb[1:6:1:1] | passed | 0.00014 seconds | -./spec/gem_guard/config_spec.rb[1:6:1:2] | passed | 0.00014 seconds | -./spec/gem_guard/config_spec.rb[1:6:1:3] | passed | 0.00013 seconds | -./spec/gem_guard/config_spec.rb[1:6:2:1] | passed | 0.00014 seconds | -./spec/gem_guard/config_spec.rb[1:7:1] | passed | 0.00039 seconds | -./spec/gem_guard/config_spec.rb[1:8:1] | passed | 0.00018 seconds | +./spec/gem_guard/config_spec.rb[1:6:1:2] | passed | 0.00013 seconds | +./spec/gem_guard/config_spec.rb[1:6:1:3] | passed | 0.00012 seconds | +./spec/gem_guard/config_spec.rb[1:6:2:1] | passed | 0.00017 seconds | +./spec/gem_guard/config_spec.rb[1:7:1] | passed | 0.00048 seconds | +./spec/gem_guard/config_spec.rb[1:8:1] | passed | 0.00023 seconds | ./spec/gem_guard/config_spec.rb[1:8:2] | passed | 0.00011 seconds | -./spec/gem_guard/parser_spec.rb[1:1:1] | passed | 0.00064 seconds | -./spec/gem_guard/parser_spec.rb[1:1:2] | passed | 0.00015 seconds | -./spec/gem_guard/parser_spec.rb[1:1:3] | passed | 0.00029 seconds | -./spec/gem_guard/parser_spec.rb[1:1:4] | passed | 0.00047 seconds | -./spec/gem_guard/parser_spec.rb[1:1:5] | passed | 0.00044 seconds | +./spec/gem_guard/parser_spec.rb[1:1:1] | passed | 0.00021 seconds | +./spec/gem_guard/parser_spec.rb[1:1:2] | passed | 0.0001 seconds | +./spec/gem_guard/parser_spec.rb[1:1:3] | passed | 0.00025 seconds | +./spec/gem_guard/parser_spec.rb[1:1:4] | passed | 0.0002 seconds | +./spec/gem_guard/parser_spec.rb[1:1:5] | passed | 0.00045 seconds | ./spec/gem_guard/parser_spec.rb[2:1:1] | passed | 0.00003 seconds | -./spec/gem_guard/parser_spec.rb[2:2:1] | passed | 0.00003 seconds | -./spec/gem_guard/reporter_spec.rb[1:1:1:1] | passed | 0.00105 seconds | -./spec/gem_guard/reporter_spec.rb[1:1:1:2] | passed | 0.00022 seconds | -./spec/gem_guard/reporter_spec.rb[1:1:2:1] | passed | 0.00003 seconds | -./spec/gem_guard/reporter_spec.rb[1:1:2:2] | passed | 0.00005 seconds | -./spec/gem_guard/reporter_spec.rb[1:1:3] | passed | 0.00004 seconds | -./spec/gem_guard/sbom_cli_spec.rb[1:1] | passed | 0.00019 seconds | -./spec/gem_guard/sbom_cli_spec.rb[1:2] | passed | 0.00028 seconds | -./spec/gem_guard/sbom_generator_spec.rb[1:1:1] | passed | 0.00003 seconds | +./spec/gem_guard/parser_spec.rb[2:2:1] | passed | 0.00002 seconds | +./spec/gem_guard/reporter_spec.rb[1:1:1:1] | passed | 0.00095 seconds | +./spec/gem_guard/reporter_spec.rb[1:1:1:2] | passed | 0.00021 seconds | +./spec/gem_guard/reporter_spec.rb[1:1:2:1] | passed | 0.00002 seconds | +./spec/gem_guard/reporter_spec.rb[1:1:2:2] | passed | 0.00003 seconds | +./spec/gem_guard/reporter_spec.rb[1:1:3] | passed | 0.00003 seconds | +./spec/gem_guard/sbom_cli_spec.rb[1:1] | passed | 0.00022 seconds | +./spec/gem_guard/sbom_cli_spec.rb[1:2] | passed | 0.00031 seconds | +./spec/gem_guard/sbom_generator_spec.rb[1:1:1] | passed | 0.00005 seconds | ./spec/gem_guard/sbom_generator_spec.rb[1:1:2] | passed | 0.00004 seconds | ./spec/gem_guard/sbom_generator_spec.rb[1:1:3] | passed | 0.00004 seconds | ./spec/gem_guard/sbom_generator_spec.rb[1:1:4] | passed | 0.00003 seconds | ./spec/gem_guard/sbom_generator_spec.rb[1:1:5] | passed | 0.00004 seconds | ./spec/gem_guard/sbom_generator_spec.rb[1:2:1] | passed | 0.00004 seconds | -./spec/gem_guard/sbom_generator_spec.rb[1:2:2] | passed | 0.00005 seconds | -./spec/gem_guard/sbom_generator_spec.rb[1:2:3] | passed | 0.00012 seconds | -./spec/gem_guard/sbom_generator_spec.rb[1:2:4] | passed | 0.00004 seconds | -./spec/gem_guard/sbom_generator_spec.rb[1:2:5] | passed | 0.00005 seconds | -./spec/gem_guard/sbom_generator_spec.rb[1:2:6] | passed | 0.00023 seconds | -./spec/gem_guard/sbom_generator_spec.rb[1:3:1:1] | passed | 0.00003 seconds | +./spec/gem_guard/sbom_generator_spec.rb[1:2:2] | passed | 0.00004 seconds | +./spec/gem_guard/sbom_generator_spec.rb[1:2:3] | passed | 0.00003 seconds | +./spec/gem_guard/sbom_generator_spec.rb[1:2:4] | passed | 0.00003 seconds | +./spec/gem_guard/sbom_generator_spec.rb[1:2:5] | passed | 0.00004 seconds | +./spec/gem_guard/sbom_generator_spec.rb[1:2:6] | passed | 0.00003 seconds | +./spec/gem_guard/sbom_generator_spec.rb[1:3:1:1] | passed | 0.00002 seconds | ./spec/gem_guard/sbom_generator_spec.rb[1:3:1:2] | passed | 0.00002 seconds | -./spec/gem_guard/sbom_generator_spec.rb[1:3:2:1] | passed | 0.00003 seconds | +./spec/gem_guard/sbom_generator_spec.rb[1:3:2:1] | passed | 0.00002 seconds | ./spec/gem_guard/sbom_generator_spec.rb[1:3:3:1] | passed | 0.00002 seconds | -./spec/gem_guard/sbom_generator_spec.rb[1:3:4:1] | passed | 0.00003 seconds | -./spec/gem_guard/sbom_generator_spec.rb[1:3:4:2] | passed | 0.00004 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:1:1] | passed | 0.00082 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:1:2] | passed | 0.00079 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:1:3] | passed | 0.00061 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:1:4] | passed | 0.00079 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:1:5] | passed | 0.00324 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:1:6] | passed | 0.0009 seconds | +./spec/gem_guard/sbom_generator_spec.rb[1:3:4:1] | passed | 0.00021 seconds | +./spec/gem_guard/sbom_generator_spec.rb[1:3:4:2] | passed | 0.00003 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:1:1] | passed | 0.00079 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:1:2] | passed | 0.00089 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:1:3] | passed | 0.00088 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:1:4] | passed | 0.00185 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:1:5] | passed | 0.00301 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:1:6] | passed | 0.00091 seconds | ./spec/gem_guard/typosquat_checker_spec.rb[1:2:1:1] | passed | 0.00003 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:2:1:2] | passed | 0.00005 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:2:1:2] | passed | 0.00003 seconds | ./spec/gem_guard/typosquat_checker_spec.rb[1:2:1:3] | passed | 0.00003 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:2:1:4] | passed | 0.00003 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:2:1:4] | passed | 0.00002 seconds | ./spec/gem_guard/typosquat_checker_spec.rb[1:2:1:5] | passed | 0.00003 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:2:2:1] | passed | 0.00002 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:2:2:2] | passed | 0.00003 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:2:2:1] | passed | 0.00004 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:2:2:2] | passed | 0.00004 seconds | ./spec/gem_guard/typosquat_checker_spec.rb[1:2:2:3] | passed | 0.00003 seconds | ./spec/gem_guard/typosquat_checker_spec.rb[1:2:2:4] | passed | 0.00003 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:2:3:1] | passed | 0.00003 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:2:3:2] | passed | 0.00004 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:2:3:1] | passed | 0.00002 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:2:3:2] | passed | 0.00002 seconds | ./spec/gem_guard/typosquat_checker_spec.rb[1:2:3:3] | passed | 0.00002 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:2:3:4] | passed | 0.00008 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:2:3:4] | passed | 0.00002 seconds | ./spec/gem_guard/typosquat_checker_spec.rb[1:2:4:1] | passed | 0.00003 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:2:4:2] | passed | 0.00003 seconds | -./spec/gem_guard/typosquat_checker_spec.rb[1:2:4:3] | passed | 0.00002 seconds | -./spec/gem_guard/vulnerability_fetcher_spec.rb[1:1:1] | passed | 0.00217 seconds | -./spec/gem_guard/vulnerability_fetcher_spec.rb[1:1:2] | passed | 0.00013 seconds | -./spec/gem_guard/vulnerability_fetcher_spec.rb[1:1:3] | passed | 0.00066 seconds | -./spec/gem_guard/vulnerability_fetcher_spec.rb[1:1:4] | passed | 0.00024 seconds | -./spec/gem_guard/vulnerability_fetcher_spec.rb[2:1:1] | passed | 0.00003 seconds | -./spec/gem_guard/vulnerability_fetcher_spec.rb[2:2:1] | passed | 0.00003 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:2:4:2] | passed | 0.00002 seconds | +./spec/gem_guard/typosquat_checker_spec.rb[1:2:4:3] | passed | 0.00003 seconds | +./spec/gem_guard/vulnerability_fetcher_spec.rb[1:1:1] | passed | 0.00014 seconds | +./spec/gem_guard/vulnerability_fetcher_spec.rb[1:1:2] | passed | 0.00012 seconds | +./spec/gem_guard/vulnerability_fetcher_spec.rb[1:1:3] | passed | 0.00012 seconds | +./spec/gem_guard/vulnerability_fetcher_spec.rb[1:1:4] | passed | 0.00019 seconds | +./spec/gem_guard/vulnerability_fetcher_spec.rb[2:1:1] | passed | 0.00002 seconds | +./spec/gem_guard/vulnerability_fetcher_spec.rb[2:2:1] | passed | 0.00002 seconds |