github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #330 from dwvisser/ruby-bundler

Browse Source 
Ruby bundler-audit Analyzer
This commit is contained in:
Jeremy Long
2015-11-24 15:53:00 -05:00
parent a3adf71a1d 2ed5dc153a
commit 7fb1b1d57b
19 changed files with 726 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
View File

@@ -27,6 +27,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.commons.cli.ParseException;
import org.apache.commons.lang.StringUtils;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
@@ -326,12 +327,15 @@ public class App {
Settings.setBoolean(Settings.KEYS.ANALYZER_CMAKE_ENABLED, !cli.isCmakeDisabled());
Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, !cli.isNuspecDisabled());
Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, !cli.isAssemblyDisabled());
Settings.setBoolean(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED, !cli.isBundleAuditDisabled());
Settings.setBoolean(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, !cli.isOpenSSLDisabled());
Settings.setBoolean(Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED, !cli.isComposerDisabled());
Settings.setBoolean(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, !cli.isNodeJsDisabled());
Settings.setBoolean(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED, !cli.isRubyGemspecDisabled());
Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, !cli.isCentralDisabled());
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, !cli.isNexusDisabled());
Settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH, cli.getPathToBundleAudit());
Settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_USES_PROXY, nexusUsesProxy);
Settings.setStringIfNotEmpty(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
@@ -341,7 +345,6 @@ public class App {
Settings.setStringIfNotEmpty(Settings.KEYS.DB_PASSWORD, databasePassword);
Settings.setStringIfNotEmpty(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, additionalZipExtensions);
Settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
if (cveBase12 != null && !cveBase12.isEmpty()) {
Settings.setString(Settings.KEYS.CVE_SCHEMA_1_2, cveBase12);
Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveBase20);

35
dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
View File

@@ -344,6 +344,10 @@ public final class CliParser {
final Option pathToMono = Option.builder().argName("path").hasArg().longOpt(ARGUMENT.PATH_TO_MONO)
.desc("The path to Mono for .NET Assembly analysis on non-windows systems.")
.build();
final Option pathToBundleAudit = Option.builder().argName("path").hasArg()
.longOpt(ARGUMENT.PATH_TO_BUNDLE_AUDIT)
.desc("The path to bundle-audit for Gem bundle analysis.").build();
final Option connectionTimeout = Option.builder(ARGUMENT.CONNECTION_TIMEOUT_SHORT).argName("timeout").hasArg()
.longOpt(ARGUMENT.CONNECTION_TIMEOUT).desc("The connection timeout (in milliseconds) to use when downloading resources.")
@@ -437,11 +441,14 @@ public final class CliParser {
.addOption(disableJarAnalyzer)
.addOption(disableArchiveAnalyzer)
.addOption(disableAssemblyAnalyzer)
.addOption(pathToBundleAudit)
.addOption(disablePythonDistributionAnalyzer)
.addOption(disableCmakeAnalyzer)
.addOption(disablePythonPackageAnalyzer)
.addOption(Option.builder().longOpt(ARGUMENT.DISABLE_RUBYGEMS)
.desc("Disable the Ruby Gemspec Analyzer.").build())
.addOption(Option.builder().longOpt(ARGUMENT.DISABLE_BUNDLE_AUDIT)
.desc("Disable the Ruby Bundler-Audit Analyzer.").build())
.addOption(disableAutoconfAnalyzer)
.addOption(disableComposerAnalyzer)
.addOption(disableOpenSSLAnalyzer)
@@ -454,6 +461,7 @@ public final class CliParser {
.addOption(nexusUsesProxy)
.addOption(additionalZipExtensions)
.addOption(pathToMono)
.addOption(pathToBundleAudit)
.addOption(purge);
}
@@ -559,6 +567,16 @@ public final class CliParser {
return (line != null) && line.hasOption(ARGUMENT.DISABLE_ASSEMBLY);
}
/**
* Returns true if the disableBundleAudit command line argument was specified.
*
* @return true if the disableBundleAudit command line argument was specified; otherwise false
*/
public boolean isBundleAuditDisabled() {
return (line != null) && line.hasOption(ARGUMENT.DISABLE_BUNDLE_AUDIT);
}
/**
* Returns true if the disablePyDist command line argument was specified.
*
@@ -740,6 +758,15 @@ public final class CliParser {
return line.getOptionValue(ARGUMENT.PATH_TO_MONO);
}
/**
* Returns the path to bundle-audit for Ruby bundle analysis.
*
* @return the path to Mono
*/
public String getPathToBundleAudit() {
return line.getOptionValue(ARGUMENT.PATH_TO_BUNDLE_AUDIT);
}
/**
* Returns the output format specified on the command line. Defaults to HTML if no format was specified.
*
@@ -1204,6 +1231,10 @@ public final class CliParser {
* Disables the Assembly Analyzer.
*/
public static final String DISABLE_ASSEMBLY = "disableAssembly";
/**
* Disables the Ruby Bundler Audit Analyzer.
*/
public static final String DISABLE_BUNDLE_AUDIT = "disableBundleAudit";
/**
* Disables the Nuspec Analyzer.
*/
@@ -1264,5 +1295,9 @@ public final class CliParser {
* Exclude path argument.
*/
public static final String EXCLUDE = "exclude";
/**
* The CLI argument name for setting the path to bundle-audit for Ruby bundle analysis.
*/
public static final String PATH_TO_BUNDLE_AUDIT = "bundleAudit";
}
}

2
dependency-check-cli/src/site/markdown/arguments.md
View File

@@ -34,6 +34,7 @@ Short | Argument Name        | Paramete
| \-\-disablePyPkg | | Sets whether the Python Package Analyzer will be used. | false
| \-\-disableNodeJS | | Sets whether the Node.js Package Analyzer will be used. | false
| \-\-disableRubygems | | Sets whether the Ruby Gemspec Analyzer will be used. | false
| \-\-disableBundleAudit | | Sets whether the Ruby Bundler Audit Analyzer will be used. | false
| \-\-disableAutoconf | | Sets whether the Autoconf Analyzer will be used. | false
| \-\-disableOpenSSL | | Sets whether the OpenSSL Analyzer will be used. | false
| \-\-disableCmake | | Sets whether the Cmake Analyzer will be disabled. | false
@@ -48,6 +49,7 @@ Short | Argument Name        | Paramete
| \-\-disableNuspec | | Sets whether or not the .NET Nuget Nuspec Analyzer will be used. | false
| \-\-disableAssembly | | Sets whether or not the .NET Assembly Analyzer should be used. | false
| \-\-mono | \<path\> | The path to Mono for .NET Assembly analysis on non-windows systems. | &nbsp;
| \-\-bundleAudit | | The path to the bundle-audit executable. | &nbsp;
| \-\-proxyserver | \<server\> | The proxy server to use when downloading resources. | &nbsp;
| \-\-proxyport | \<port\> | The proxy port to use when downloading resources. | &nbsp;
| \-\-connectiontimeout | \<timeout\> | The connection timeout (in milliseconds) to use when downloading resources. | &nbsp;

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalysisPhase.java
View File

@@ -28,6 +28,10 @@ public enum AnalysisPhase {
* Initialization phase.
*/
INITIAL,
/**
* Pre information collection phase
*/
PRE_INFORMATION_COLLECTION,
/**
* Information collection phase.
*/

326
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java Normal file
View File

@@ -0,0 +1,326 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Reference;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.*;
import java.util.*;
/**
* Used to analyze Ruby Bundler Gemspec.lock files utilizing the 3rd party bundle-audit tool.
*
* @author Dale Visser <dvisser@ida.org>
*/
public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzer.class);
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Ruby Bundle Audit Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_INFORMATION_COLLECTION;
private static final FileFilter FILTER =
FileFilterBuilder.newInstance().addFilenames("Gemfile.lock").build();
public static final String NAME = "Name: ";
public static final String VERSION = "Version: ";
public static final String ADVISORY = "Advisory: ";
public static final String CRITICALITY = "Criticality: ";
/**
* @return a filter that accepts files named Gemfile.lock
*/
@Override
protected FileFilter getFileFilter() {
return FILTER;
}
/**
* Launch bundle-audit.
*
* @return a handle to the process
*/
private Process launchBundleAudit(File folder) throws AnalysisException {
if (!folder.isDirectory()) {
throw new AnalysisException(String.format("%s should have been a directory.", folder.getAbsolutePath()));
}
final List<String> args = new ArrayList<String>();
final String bundleAuditPath = Settings.getString(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH);
args.add(null == bundleAuditPath ? "bundle-audit" : bundleAuditPath);
args.add("check");
args.add("--verbose");
final ProcessBuilder builder = new ProcessBuilder(args);
builder.directory(folder);
try {
return builder.start();
} catch (IOException ioe) {
throw new AnalysisException("bundle-audit failure", ioe);
}
}
/**
* Initialize the analyzer. In this case, extract GrokAssembly.exe to a temporary location.
*
* @throws Exception if anything goes wrong
*/
@Override
public void initializeFileTypeAnalyzer() throws Exception {
// Now, need to see if bundle-audit actually runs from this location.
Process process = launchBundleAudit(Settings.getTempDirectory());
int exitValue = process.waitFor();
if (0 == exitValue) {
LOGGER.warn("Unexpected exit code from bundle-audit process. Disabling {}: {}", ANALYZER_NAME, exitValue);
setEnabled(false);
throw new AnalysisException("Unexpected exit code from bundle-audit process.");
} else {
BufferedReader reader = null;
try {
reader = new BufferedReader(new InputStreamReader(process.getErrorStream(), "UTF-8"));
if (!reader.ready()) {
LOGGER.warn("Bundle-audit error stream unexpectedly not ready. Disabling " + ANALYZER_NAME);
setEnabled(false);
throw new AnalysisException("Bundle-audit error stream unexpectedly not ready.");
} else {
final String line = reader.readLine();
if (!line.contains("Errno::ENOENT")) {
LOGGER.warn("Unexpected bundle-audit output. Disabling {}: {}", ANALYZER_NAME, line);
setEnabled(false);
throw new AnalysisException("Unexpected bundle-audit output.");
}
}
} finally {
if (null != reader) {
reader.close();
}
}
}
if (isEnabled()) {
LOGGER.info(ANALYZER_NAME + " is enabled. It is necessary to manually run \"bundle-audit update\" " +
"occasionally to keep its database up to date.");
}
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
@Override
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
@Override
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
/**
* Returns the key used in the properties file to reference the analyzer's enabled property.
*
* @return the analyzer's enabled property setting key
*/
@Override
protected String getAnalyzerEnabledSettingKey() {
return Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED;
}
/**
* If {@link #analyzeFileType(Dependency, Engine)} is called, then we have successfully initialized, and it will
* be necessary to disable {@link RubyGemspecAnalyzer}.
*/
private boolean needToDisableGemspecAnalyzer = true;
@Override
protected void analyzeFileType(Dependency dependency, Engine engine)
throws AnalysisException {
if (needToDisableGemspecAnalyzer) {
boolean failed = true;
final String className = RubyGemspecAnalyzer.class.getName();
for (FileTypeAnalyzer analyzer : engine.getFileTypeAnalyzers()) {
if (analyzer instanceof RubyGemspecAnalyzer) {
((RubyGemspecAnalyzer) analyzer).setEnabled(false);
LOGGER.info("Disabled " + className + " to avoid noisy duplicate results.");
failed = false;
}
}
if (failed) {
LOGGER.warn("Did not find" + className + '.');
}
needToDisableGemspecAnalyzer = false;
}
final File parentFile = dependency.getActualFile().getParentFile();
final Process process = launchBundleAudit(parentFile);
try {
process.waitFor();
} catch (InterruptedException ie) {
throw new AnalysisException("bundle-audit process interrupted", ie);
}
BufferedReader rdr = null;
try {
rdr = new BufferedReader(new InputStreamReader(process.getInputStream(), "UTF-8"));
processBundlerAuditOutput(dependency, engine, rdr);
} catch (IOException ioe) {
LOGGER.warn("bundle-audit failure", ioe);
} finally {
if (null != rdr) {
try {
rdr.close();
} catch (IOException ioe) {
LOGGER.warn("bundle-audit close failure", ioe);
}
}
}
}
private void processBundlerAuditOutput(Dependency original, Engine engine, BufferedReader rdr) throws IOException {
final String parentName = original.getActualFile().getParentFile().getName();
final String fileName = original.getFileName();
Dependency dependency = null;
Vulnerability vulnerability = null;
String gem = null;
final Map<String, Dependency> map = new HashMap<String, Dependency>();
boolean appendToDescription = false;
while (rdr.ready()) {
final String nextLine = rdr.readLine();
if (null == nextLine) {
break;
} else if (nextLine.startsWith(NAME)) {
appendToDescription = false;
gem = nextLine.substring(NAME.length());
if (!map.containsKey(gem)) {
map.put(gem, createDependencyForGem(engine, parentName, fileName, gem));
}
dependency = map.get(gem);
LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
} else if (nextLine.startsWith(VERSION)) {
vulnerability = createVulnerability(parentName, dependency, vulnerability, gem, nextLine);
} else if (nextLine.startsWith(ADVISORY)) {
setVulnerabilityName(parentName, dependency, vulnerability, nextLine);
} else if (nextLine.startsWith(CRITICALITY)) {
addCriticalityToVulnerability(parentName, vulnerability, nextLine);
} else if (nextLine.startsWith("URL: ")) {
addReferenceToVulnerability(parentName, vulnerability, nextLine);
} else if (nextLine.startsWith("Description:")) {
appendToDescription = true;
if (null != vulnerability) {
vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0 indicates unknown). See link below for full details. *** ");
}
} else if (appendToDescription) {
if (null != vulnerability) {
vulnerability.setDescription(vulnerability.getDescription() + nextLine + "\n");
}
}
}
}
private void setVulnerabilityName(String parentName, Dependency dependency, Vulnerability vulnerability, String nextLine) {
final String advisory = nextLine.substring((ADVISORY.length()));
if (null != vulnerability) {
vulnerability.setName(advisory);
}
if (null != dependency) {
dependency.getVulnerabilities().add(vulnerability); // needed to wait for vulnerability name to avoid NPE
}
LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
}
private void addReferenceToVulnerability(String parentName, Vulnerability vulnerability, String nextLine) {
final String url = nextLine.substring(("URL: ").length());
if (null != vulnerability) {
Reference ref = new Reference();
ref.setName(vulnerability.getName());
ref.setSource("bundle-audit");
ref.setUrl(url);
vulnerability.getReferences().add(ref);
}
LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
}
private void addCriticalityToVulnerability(String parentName, Vulnerability vulnerability, String nextLine) {
if (null != vulnerability) {
final String criticality = nextLine.substring(CRITICALITY.length()).trim();
if ("High".equals(criticality)) {
vulnerability.setCvssScore(8.5f);
} else if ("Medium".equals(criticality)) {
vulnerability.setCvssScore(5.5f);
} else if ("Low".equals(criticality)) {
vulnerability.setCvssScore(2.0f);
} else {
vulnerability.setCvssScore(-1.0f);
}
}
LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
}
private Vulnerability createVulnerability(String parentName, Dependency dependency, Vulnerability vulnerability, String gem, String nextLine) {
if (null != dependency) {
final String version = nextLine.substring(VERSION.length());
dependency.getVersionEvidence().addEvidence(
"bundler-audit",
"Version",
version,
Confidence.HIGHEST);
vulnerability = new Vulnerability(); // don't add to dependency until we have name set later
vulnerability.setMatchedCPE(
String.format("cpe:/a:%1$s_project:%1$s:%2$s::~~~ruby~~", gem, version),
null);
vulnerability.setCvssAccessVector("-");
vulnerability.setCvssAccessComplexity("-");
vulnerability.setCvssAuthentication("-");
vulnerability.setCvssAvailabilityImpact("-");
vulnerability.setCvssConfidentialityImpact("-");
vulnerability.setCvssIntegrityImpact("-");
}
LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
return vulnerability;
}
private Dependency createDependencyForGem(Engine engine, String parentName, String fileName, String gem) throws IOException {
final File tempFile = File.createTempFile("Gemfile-" + gem, ".lock", Settings.getTempDirectory());
final String displayFileName = String.format("%s%c%s:%s", parentName, File.separatorChar, fileName, gem);
FileUtils.write(tempFile, displayFileName); // unique contents to avoid dependency bundling
final Dependency dependency = new Dependency(tempFile);
dependency.getProductEvidence().addEvidence("bundler-audit", "Name", gem, Confidence.HIGHEST);
dependency.setDisplayFileName(displayFileName);
engine.getDependencies().add(dependency);
return dependency;
}
}

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java
View File

@@ -49,11 +49,12 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
private static final String GEMSPEC = "gemspec";
private static final FileFilter FILTER =
FileFilterBuilder.newInstance().addExtensions("gemspec").addFilenames("Rakefile").build();
FileFilterBuilder.newInstance().addExtensions(GEMSPEC).addFilenames("Rakefile").build();
private static final String EMAIL = "email";
private static final String GEMSPEC = "gemspec";
/**
* @return a filter that accepts files named Rakefile or matching the glob pattern, *.gemspec

1
dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
View File

@@ -19,4 +19,5 @@ org.owasp.dependencycheck.analyzer.OpenSSLAnalyzer
org.owasp.dependencycheck.analyzer.CMakeAnalyzer
org.owasp.dependencycheck.analyzer.NodePackageAnalyzer
org.owasp.dependencycheck.analyzer.RubyGemspecAnalyzer
org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer
org.owasp.dependencycheck.analyzer.ComposerLockAnalyzer

109
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java Normal file
View File

@@ -0,0 +1,109 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import org.junit.After;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.not;
import static org.junit.Assert.assertThat;
/**
* Unit tests for {@link RubyBundleAuditAnalyzer}.
*
* @author Dale Visser <dvisser@ida.org>
*/
public class RubyBundleAuditAnalyzerTest extends BaseTest {
private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzerTest.class);
/**
* The analyzer to test.
*/
RubyBundleAuditAnalyzer analyzer;
/**
* Correctly setup the analyzer for testing.
*
* @throws Exception thrown if there is a problem
*/
@Before
public void setUp() throws Exception {
try {
analyzer = new RubyBundleAuditAnalyzer();
analyzer.setFilesMatched(true);
analyzer.initialize();
} catch (Exception e) {
LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Tests will be incomplete", e);
Assume.assumeNoException("Is bundle-audit installed? TESTS WILL BE INCOMPLETE", e);
}
}
/**
* Cleanup the analyzer's temp files, etc.
*
* @throws Exception thrown if there is a problem
*/
@After
public void tearDown() throws Exception {
analyzer.close();
analyzer = null;
}
/**
* Test Ruby Gemspec name.
*/
@Test
public void testGetName() {
assertThat(analyzer.getName(), is("Ruby Bundle Audit Analyzer"));
}
/**
* Test Ruby Bundler Audit file support.
*/
@Test
public void testSupportsFiles() {
assertThat(analyzer.accept(new File("Gemfile.lock")), is(true));
}
/**
* Test Ruby BundlerAudit analysis.
*
* @throws AnalysisException is thrown when an exception occurs.
*/
@Test
public void testAnalysis() throws AnalysisException, DatabaseException {
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
"ruby/vulnerable/Gemfile.lock"));
final Engine engine = new Engine();
analyzer.analyze(result, engine);
assertThat(engine.getDependencies().size(), is(not(0)));
}
}

8
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java
View File

@@ -66,7 +66,7 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
}
/**
* Test of getName method, of class PythonDistributionAnalyzer.
* Test Ruby Gemspec name.
*/
@Test
public void testGetName() {
@@ -74,7 +74,7 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
}
/**
* Test of supportsExtension method, of class PythonDistributionAnalyzer.
* Test Ruby Gemspec file support.
*/
@Test
public void testSupportsFiles() {
@@ -83,14 +83,14 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
}
/**
* Test of inspect method, of class PythonDistributionAnalyzer.
* Test Ruby Gemspec analysis.
*
* @throws AnalysisException is thrown when an exception occurs.
*/
@Test
public void testAnalyzePackageJson() throws AnalysisException {
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
"ruby/gems/specifications/rest-client-1.7.2.gemspec"));
"ruby/vulnerable/gems/specifications/rest-client-1.7.2.gemspec"));
analyzer.analyze(result, null);
final String vendorString = result.getVendorEvidence().toString();
assertThat(vendorString, containsString("REST Client Team"));

72
dependency-check-core/src/test/resources/ruby/gems/specifications/mime-types-2.6.1.gemspec
View File

@@ -1,72 +0,0 @@
# -*- encoding: utf-8 -*-
# stub: mime-types 2.6.1 ruby lib
Gem::Specification.new do |s|
s.name = "mime-types"
s.version = "2.6.1"
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.require_paths = ["lib"]
s.authors = ["Austin Ziegler"]
s.date = "2015-05-25"
s.description = "The mime-types library provides a library and registry for information about\nMIME content type definitions. It can be used to determine defined filename\nextensions for MIME types, or to use filename extensions to look up the likely\nMIME type definitions.\n\nMIME content types are used in MIME-compliant communications, as in e-mail or\nHTTP traffic, to indicate the type of content which is transmitted. The\nmime-types library provides the ability for detailed information about MIME\nentities (provided as an enumerable collection of MIME::Type objects) to be\ndetermined and used. There are many types defined by RFCs and vendors, so the\nlist is long but by definition incomplete; don't hesitate to add additional\ntype definitions. MIME type definitions found in mime-types are from RFCs, W3C\nrecommendations, the {IANA Media Types\nregistry}[https://www.iana.org/assignments/media-types/media-types.xhtml], and\nuser contributions. It conforms to RFCs 2045 and 2231.\n\nThis is release 2.6 with two new experimental features. The first new feature\nis a new default registry storage format that greatly reduces the initial\nmemory use of the mime-types library. This feature is enabled by requiring\n+mime/types/columnar+ instead of +mime/types+ with a small performance cost and\nno change in *total* memory use if certain methods are called (see {Columnar\nStore}[#columnar-store] for more details). The second new feature is a logger\ninterface that conforms to the expectations of an ActiveSupport::Logger so that\nwarnings can be written to an application's log rather than the default\nlocation for +warn+. This interface may be used for other logging purposes in\nthe future.\n\nmime-types 2.6 is the last planned version of mime-types 2.x, so deprecation\nwarnings are no longer cached but provided every time the method is called.\nmime-types 2.6 supports Ruby 1.9.2 or later."
s.email = ["halostatue@gmail.com"]
s.extra_rdoc_files = ["Contributing.rdoc", "History-Types.rdoc", "History.rdoc", "Licence.rdoc", "Manifest.txt", "README.rdoc", "docs/COPYING.txt", "docs/artistic.txt"]
s.files = ["Contributing.rdoc", "History-Types.rdoc", "History.rdoc", "Licence.rdoc", "Manifest.txt", "README.rdoc", "docs/COPYING.txt", "docs/artistic.txt"]
s.homepage = "https://github.com/mime-types/ruby-mime-types/"
s.licenses = ["MIT", "Artistic 2.0", "GPL-2"]
s.rdoc_options = ["--main", "README.rdoc"]
s.required_ruby_version = Gem::Requirement.new(">= 1.9.2")
s.rubygems_version = "2.2.2"
s.summary = "The mime-types library provides a library and registry for information about MIME content type definitions"
s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
if s.respond_to? :specification_version then
s.specification_version = 4
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
s.add_development_dependency(%q<minitest>, ["~> 5.6"])
s.add_development_dependency(%q<rdoc>, ["~> 4.0"])
s.add_development_dependency(%q<hoe-doofus>, ["~> 1.0"])
s.add_development_dependency(%q<hoe-gemspec2>, ["~> 1.1"])
s.add_development_dependency(%q<hoe-git>, ["~> 1.6"])
s.add_development_dependency(%q<hoe-rubygems>, ["~> 1.0"])
s.add_development_dependency(%q<hoe-travis>, ["~> 1.2"])
s.add_development_dependency(%q<minitest-autotest>, ["~> 1.0"])
s.add_development_dependency(%q<minitest-focus>, ["~> 1.0"])
s.add_development_dependency(%q<rake>, ["~> 10.0"])
s.add_development_dependency(%q<simplecov>, ["~> 0.7"])
s.add_development_dependency(%q<coveralls>, ["~> 0.8"])
s.add_development_dependency(%q<hoe>, ["~> 3.13"])
else
s.add_dependency(%q<minitest>, ["~> 5.6"])
s.add_dependency(%q<rdoc>, ["~> 4.0"])
s.add_dependency(%q<hoe-doofus>, ["~> 1.0"])
s.add_dependency(%q<hoe-gemspec2>, ["~> 1.1"])
s.add_dependency(%q<hoe-git>, ["~> 1.6"])
s.add_dependency(%q<hoe-rubygems>, ["~> 1.0"])
s.add_dependency(%q<hoe-travis>, ["~> 1.2"])
s.add_dependency(%q<minitest-autotest>, ["~> 1.0"])
s.add_dependency(%q<minitest-focus>, ["~> 1.0"])
s.add_dependency(%q<rake>, ["~> 10.0"])
s.add_dependency(%q<simplecov>, ["~> 0.7"])
s.add_dependency(%q<coveralls>, ["~> 0.8"])
s.add_dependency(%q<hoe>, ["~> 3.13"])
end
else
s.add_dependency(%q<minitest>, ["~> 5.6"])
s.add_dependency(%q<rdoc>, ["~> 4.0"])
s.add_dependency(%q<hoe-doofus>, ["~> 1.0"])
s.add_dependency(%q<hoe-gemspec2>, ["~> 1.1"])
s.add_dependency(%q<hoe-git>, ["~> 1.6"])
s.add_dependency(%q<hoe-rubygems>, ["~> 1.0"])
s.add_dependency(%q<hoe-travis>, ["~> 1.2"])
s.add_dependency(%q<minitest-autotest>, ["~> 1.0"])
s.add_dependency(%q<minitest-focus>, ["~> 1.0"])
s.add_dependency(%q<rake>, ["~> 10.0"])
s.add_dependency(%q<simplecov>, ["~> 0.7"])
s.add_dependency(%q<coveralls>, ["~> 0.8"])
s.add_dependency(%q<hoe>, ["~> 3.13"])
end
end

24
dependency-check-core/src/test/resources/ruby/vulnerable/gems/specifications/activerecord-oracle_enhanced-adapter-1.1.7.gemspec Normal file
View File

@@ -0,0 +1,24 @@
# -*- encoding: utf-8 -*-
# stub: activerecord-oracle_enhanced-adapter 1.1.7 ruby lib
Gem::Specification.new do |s|
s.name = "activerecord-oracle_enhanced-adapter"
s.version = "1.1.7"
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.require_paths = ["lib"]
s.authors = ["Raimonds Simanovskis"]
s.date = "2008-08-20"
s.description = "Oracle enhaced adapter for Active Record"
s.email = ["raymonds72@gmail.com"]
s.extra_rdoc_files = ["History.txt", "License.txt", "README.txt"]
s.files = ["History.txt", "License.txt", "README.txt"]
s.homepage = "http://oracle-enhanced.rubyforge.org"
s.post_install_message = ""
s.rdoc_options = ["--main", "README.txt"]
s.rubyforge_project = "oracle-enhanced"
s.rubygems_version = "2.2.2"
s.summary = "Oracle enhaced adapter for Active Record"
s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
end

22
dependency-check-core/src/test/resources/ruby/vulnerable/gems/specifications/i18n-0.7.0.gemspec Normal file
View File

@@ -0,0 +1,22 @@
# -*- encoding: utf-8 -*-
# stub: i18n 0.7.0 ruby lib
Gem::Specification.new do |s|
s.name = "i18n"
s.version = "0.7.0"
s.required_rubygems_version = Gem::Requirement.new(">= 1.3.5") if s.respond_to? :required_rubygems_version=
s.require_paths = ["lib"]
s.authors = ["Sven Fuchs", "Joshua Harvey", "Matt Aimonetti", "Stephan Soller", "Saimon Moore"]
s.date = "2014-12-19"
s.description = "New wave Internationalization support for Ruby."
s.email = "rails-i18n@googlegroups.com"
s.homepage = "http://github.com/svenfuchs/i18n"
s.licenses = ["MIT"]
s.required_ruby_version = Gem::Requirement.new(">= 1.9.3")
s.rubyforge_project = "[none]"
s.rubygems_version = "2.2.2"
s.summary = "New wave Internationalization support for Ruby"
s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
end

39
dependency-check-core/src/test/resources/ruby/vulnerable/gems/specifications/mail-2.4.3.gemspec Normal file
View File

@@ -0,0 +1,39 @@
# -*- encoding: utf-8 -*-
# stub: mail 2.4.3 ruby lib
Gem::Specification.new do |s|
s.name = "mail"
s.version = "2.4.3"
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.require_paths = ["lib"]
s.authors = ["Mikel Lindsaar"]
s.date = "2012-03-05"
s.description = "A really Ruby Mail handler."
s.email = "raasdnil@gmail.com"
s.extra_rdoc_files = ["README.md", "CONTRIBUTING.md", "CHANGELOG.rdoc", "TODO.rdoc"]
s.files = ["CHANGELOG.rdoc", "CONTRIBUTING.md", "README.md", "TODO.rdoc"]
s.homepage = "http://github.com/mikel/mail"
s.rubygems_version = "2.2.2"
s.summary = "Mail provides a nice Ruby DSL for making, sending and reading emails."
s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
if s.respond_to? :specification_version then
s.specification_version = 3
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
s.add_runtime_dependency(%q<mime-types>, ["~> 1.16"])
s.add_runtime_dependency(%q<treetop>, ["~> 1.4.8"])
s.add_runtime_dependency(%q<i18n>, [">= 0.4.0"])
else
s.add_dependency(%q<mime-types>, ["~> 1.16"])
s.add_dependency(%q<treetop>, ["~> 1.4.8"])
s.add_dependency(%q<i18n>, [">= 0.4.0"])
end
else
s.add_dependency(%q<mime-types>, ["~> 1.16"])
s.add_dependency(%q<treetop>, ["~> 1.4.8"])
s.add_dependency(%q<i18n>, [">= 0.4.0"])
end
end

67
dependency-check-core/src/test/resources/ruby/vulnerable/gems/specifications/mime-types-1.25.1.gemspec Normal file
View File

@@ -0,0 +1,67 @@
# -*- encoding: utf-8 -*-
# stub: mime-types 1.25.1 ruby lib
Gem::Specification.new do |s|
s.name = "mime-types"
s.version = "1.25.1"
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.require_paths = ["lib"]
s.authors = ["Austin Ziegler"]
s.cert_chain = ["-----BEGIN CERTIFICATE-----\nMIIDNjCCAh6gAwIBAgIBADANBgkqhkiG9w0BAQUFADBBMQ8wDQYDVQQDDAZhdXN0\naW4xGTAXBgoJkiaJk/IsZAEZFglydWJ5Zm9yZ2UxEzARBgoJkiaJk/IsZAEZFgNv\ncmcwHhcNMTMwMjA0MDMzMzI3WhcNMTQwMjA0MDMzMzI3WjBBMQ8wDQYDVQQDDAZh\ndXN0aW4xGTAXBgoJkiaJk/IsZAEZFglydWJ5Zm9yZ2UxEzARBgoJkiaJk/IsZAEZ\nFgNvcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2mPNf4L37GhKI\nSPCYsvYWXA2/R9u5+pyUnbJ2R1o2CiRq2ZA/AIzY6N3hGnsgoWnh5RzvgTN1Lt08\nDNIrsIG2VDYk/JVt6f9J6zZ8EQHbznWa3cWYoCFaaICdk7jV1n/42hg70jEDYXl9\ngDOl0k6JmyF/rtfFu/OIkFGWeFYIuFHvRuLyUbw66+QDTOzKb3t8o55Ihgy1GVwT\ni6pkDs8LhZWXdOD+921l2Z1NZGZa9KNbJIg6vtgYKU98jQ5qr9iY3ikBAspHrFas\nK6USvGgAg8fCD5YiotBEvCBMYtfqmfrhpdU2p+gvTgeLW1Kaevwqd7ngQmFUrFG1\neUJSURv5AgMBAAGjOTA3MAkGA1UdEwQCMAAwHQYDVR0OBBYEFAtJKMp6YYNqlgR3\n9TiZLWqvLagSMAsGA1UdDwQEAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEApTPkvDm8\n7gJlUT4FfumXPvtuqP67LxUtGE8syvR0A4As+0P/wylLJFUOsGTTdZYtThhxCSJG\n+7KG2FfIcH4Zz2d97arZGAzBoi8iPht2/UtSl1fCcUI5vmJa1MiXZT2oqdW7Wydq\nrAZcBPlrYYuiwtGI0yqIOgBfXSZCWWsJsuyTKELep6mCLgz0YZUfmvKr8W/Ab3ax\nDuLzH92LSRjZJyjyAUpw/Vc2rM4giiP5jtByrb1Y1dGnQhHTMHf1GfucWm7Nw/V9\ntwEPVw8+0f88JQucxOTmTF1NbLFpiRwQUZ1zoZbNg2e7mShc/eexnVLWKFKxRoP6\nKPj3WoD+spB8fA==\n-----END CERTIFICATE-----\n"]
s.date = "2013-11-24"
s.description = "This library allows for the identification of a file's likely MIME content\ntype. This is release 1.25.1, fixing an issue with priority comparison for\nmime-types 1.x. The current release is 2.0, which only supports Ruby 1.9 or\nlater.\n\nRelease 1.25.1 contains all features of 1.25, including the experimental\ncaching and lazy loading functionality. The caching and lazy loading features\nwere initially implemented by Greg Brockman (gdb). As these features are\nexperimental, they are disabled by default and must be enabled through the use\nof environment variables. The cache is invalidated on a per-version basis; the\ncache for version 1.25 will not be reused for any later version.\n\nTo use lazy loading, set the environment variable +RUBY_MIME_TYPES_LAZY_LOAD+\nto any value other than 'false'. When using lazy loading, the initial startup\nof MIME::Types is around 12\u{2013}25\u{d7} faster than normal startup (on my system,\nnormal startup is about 90 ms; lazy startup is about 4 ms). This isn't\ngenerally useful, however, as the MIME::Types database has not been loaded.\nLazy startup and load is just *slightly* faster\u{2014}around 1 ms. The real advantage\ncomes from using the cache.\n\nTo enable the cache, set the environment variable +RUBY_MIME_TYPES_CACHE+ to a\nfilename where MIME::Types will have read-write access. The first time a new\nversion of MIME::Types is run using this file, it will be created, taking a\nlittle longer than normal. Subsequent loads using the same cache file will be\napproximately 3\u{bd}\u{d7} faster (25 ms) than normal loads. This can be combined with\n+RUBY_MIME_TYPES_LAZY_LOAD+, but this is *not* recommended in a multithreaded\nor multiprocess environment where all threads or processes will be using the\nsame cache file.\n\nAs the caching interface is still experimental, the only values cached are the\ndefault MIME::Types database, not any custom MIME::Types added by users.\n\nMIME types are used in MIME-compliant communications, as in e-mail or HTTP\ntraffic, to indicate the type of content which is transmitted. MIME::Types\nprovides the ability for detailed information about MIME entities (provided as\na set of MIME::Type objects) to be determined and used programmatically. There\nare many types defined by RFCs and vendors, so the list is long but not\ncomplete; don't hesitate to ask to add additional information. This library\nfollows the IANA collection of MIME types (see below for reference).\n\nMIME::Types for Ruby was originally based on MIME::Types for Perl by Mark\nOvermeer, copyright 2001 - 2009.\n\nMIME::Types is built to conform to the MIME types of RFCs 2045 and 2231. It\ntracks the {IANA registry}[http://www.iana.org/assignments/media-types/]\n({ftp}[ftp://ftp.iana.org/assignments/media-types]) with some unofficial types\nadded from the {LTSW collection}[http://www.ltsw.se/knbase/internet/mime.htp]\nand added by the users of MIME::Types."
s.email = ["austin@rubyforge.org"]
s.extra_rdoc_files = ["Contributing.rdoc", "History.rdoc", "Licence.rdoc", "Manifest.txt", "README.rdoc", "docs/COPYING.txt", "docs/artistic.txt"]
s.files = ["Contributing.rdoc", "History.rdoc", "Licence.rdoc", "Manifest.txt", "README.rdoc", "docs/COPYING.txt", "docs/artistic.txt"]
s.homepage = "http://mime-types.rubyforge.org/"
s.licenses = ["MIT", "Artistic 2.0", "GPL-2"]
s.rdoc_options = ["--main", "README.rdoc"]
s.rubyforge_project = "mime-types"
s.rubygems_version = "2.2.2"
s.summary = "This library allows for the identification of a file's likely MIME content type"
s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
if s.respond_to? :specification_version then
s.specification_version = 4
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
s.add_development_dependency(%q<rubyforge>, [">= 2.0.4"])
s.add_development_dependency(%q<minitest>, ["~> 5.0"])
s.add_development_dependency(%q<rdoc>, ["~> 4.0"])
s.add_development_dependency(%q<hoe-bundler>, ["~> 1.2"])
s.add_development_dependency(%q<hoe-doofus>, ["~> 1.0"])
s.add_development_dependency(%q<hoe-gemspec2>, ["~> 1.1"])
s.add_development_dependency(%q<hoe-git>, ["~> 1.5"])
s.add_development_dependency(%q<hoe-rubygems>, ["~> 1.0"])
s.add_development_dependency(%q<hoe-travis>, ["~> 1.2"])
s.add_development_dependency(%q<rake>, ["~> 10.0"])
s.add_development_dependency(%q<hoe>, ["~> 3.7"])
else
s.add_dependency(%q<rubyforge>, [">= 2.0.4"])
s.add_dependency(%q<minitest>, ["~> 5.0"])
s.add_dependency(%q<rdoc>, ["~> 4.0"])
s.add_dependency(%q<hoe-bundler>, ["~> 1.2"])
s.add_dependency(%q<hoe-doofus>, ["~> 1.0"])
s.add_dependency(%q<hoe-gemspec2>, ["~> 1.1"])
s.add_dependency(%q<hoe-git>, ["~> 1.5"])
s.add_dependency(%q<hoe-rubygems>, ["~> 1.0"])
s.add_dependency(%q<hoe-travis>, ["~> 1.2"])
s.add_dependency(%q<rake>, ["~> 10.0"])
s.add_dependency(%q<hoe>, ["~> 3.7"])
end
else
s.add_dependency(%q<rubyforge>, [">= 2.0.4"])
s.add_dependency(%q<minitest>, ["~> 5.0"])
s.add_dependency(%q<rdoc>, ["~> 4.0"])
s.add_dependency(%q<hoe-bundler>, ["~> 1.2"])
s.add_dependency(%q<hoe-doofus>, ["~> 1.0"])
s.add_dependency(%q<hoe-gemspec2>, ["~> 1.1"])
s.add_dependency(%q<hoe-git>, ["~> 1.5"])
s.add_dependency(%q<hoe-rubygems>, ["~> 1.0"])
s.add_dependency(%q<hoe-travis>, ["~> 1.2"])
s.add_dependency(%q<rake>, ["~> 10.0"])
s.add_dependency(%q<hoe>, ["~> 3.7"])
end
end

0
dependency-check-core/src/test/resources/ruby/gems/specifications/netrc-0.10.3.gemspec → dependency-check-core/src/test/resources/ruby/vulnerable/gems/specifications/netrc-0.10.3.gemspec
View File

22
dependency-check-core/src/test/resources/ruby/vulnerable/gems/specifications/polyglot-0.3.5.gemspec Normal file
View File

@@ -0,0 +1,22 @@
# -*- encoding: utf-8 -*-
# stub: polyglot 0.3.5 ruby lib
Gem::Specification.new do |s|
s.name = "polyglot"
s.version = "0.3.5"
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.require_paths = ["lib"]
s.authors = ["Clifford Heath"]
s.date = "2014-05-30"
s.description = "\nThe Polyglot library allows a Ruby module to register a loader\nfor the file type associated with a filename extension, and it\naugments 'require' to find and load matching files."
s.email = ["clifford.heath@gmail.com"]
s.extra_rdoc_files = ["README.txt"]
s.files = ["README.txt"]
s.homepage = "http://github.com/cjheath/polyglot"
s.licenses = ["MIT"]
s.rubygems_version = "2.2.2"
s.summary = "Augment 'require' to load non-Ruby file types"
s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
end

0
dependency-check-core/src/test/resources/ruby/gems/specifications/rest-client-1.7.2.gemspec → dependency-check-core/src/test/resources/ruby/vulnerable/gems/specifications/rest-client-1.7.2.gemspec
View File

56
dependency-check-core/src/test/resources/ruby/vulnerable/gems/specifications/treetop-1.4.15.gemspec Normal file
View File

@@ -0,0 +1,56 @@
# -*- encoding: utf-8 -*-
# stub: treetop 1.4.15 ruby lib
Gem::Specification.new do |s|
s.name = "treetop"
s.version = "1.4.15"
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.require_paths = ["lib"]
s.authors = ["Nathan Sobo", "Clifford Heath"]
s.autorequire = "treetop"
s.date = "2013-08-17"
s.email = "cliffordheath@gmail.com"
s.executables = ["tt"]
s.extra_rdoc_files = ["LICENSE", "README.md"]
s.files = ["LICENSE", "README.md", "bin/tt"]
s.homepage = "https://github.com/cjheath/treetop"
s.licenses = ["MIT"]
s.rubygems_version = "2.2.2"
s.summary = "A Ruby-based text parsing and interpretation DSL"
s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
if s.respond_to? :specification_version then
s.specification_version = 3
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
s.add_runtime_dependency(%q<polyglot>, [">= 0"])
s.add_development_dependency(%q<jeweler>, [">= 0"])
s.add_development_dependency(%q<activesupport>, [">= 0"])
s.add_development_dependency(%q<i18n>, ["~> 0.5.0"])
s.add_development_dependency(%q<rr>, ["~> 1.0"])
s.add_development_dependency(%q<rspec>, [">= 2.0.0"])
s.add_development_dependency(%q<rake>, [">= 0"])
s.add_runtime_dependency(%q<polyglot>, [">= 0.3.1"])
else
s.add_dependency(%q<polyglot>, [">= 0"])
s.add_dependency(%q<jeweler>, [">= 0"])
s.add_dependency(%q<activesupport>, [">= 0"])
s.add_dependency(%q<i18n>, ["~> 0.5.0"])
s.add_dependency(%q<rr>, ["~> 1.0"])
s.add_dependency(%q<rspec>, [">= 2.0.0"])
s.add_dependency(%q<rake>, [">= 0"])
s.add_dependency(%q<polyglot>, [">= 0.3.1"])
end
else
s.add_dependency(%q<polyglot>, [">= 0"])
s.add_dependency(%q<jeweler>, [">= 0"])
s.add_dependency(%q<activesupport>, [">= 0"])
s.add_dependency(%q<i18n>, ["~> 0.5.0"])
s.add_dependency(%q<rr>, ["~> 1.0"])
s.add_dependency(%q<rspec>, [">= 2.0.0"])
s.add_dependency(%q<rake>, [">= 0"])
s.add_dependency(%q<polyglot>, [">= 0.3.1"])
end
end

8
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View File

@@ -217,6 +217,10 @@ public final class Settings {
* The properties key for whether the CMake analyzer is enabled.
*/
public static final String ANALYZER_CMAKE_ENABLED = "analyzer.cmake.enabled";
/**
* The properties key for whether the Ruby Bundler Audit analyzer is enabled.
*/
public static final String ANALYZER_BUNDLE_AUDIT_ENABLED = "analyzer.bundle.audit.enabled";
/**
* The properties key for whether the .NET Assembly analyzer is enabled.
*/
@@ -253,6 +257,10 @@ public final class Settings {
* The path to mono, if available.
*/
public static final String ANALYZER_ASSEMBLY_MONO_PATH = "analyzer.assembly.mono.path";
/**
* The path to bundle-audit, if available.
*/
public static final String ANALYZER_BUNDLE_AUDIT_PATH = "analyzer.bundle.audit.path";
/**
* The additional configured zip file extensions, if available.
*/