Skip to content

Commit

Permalink
code style
Browse files Browse the repository at this point in the history
  • Loading branch information
@ydkn
ydkn committed Jul 27, 2019
1 parent d4feb82 commit 1487195
Show file tree
Hide file tree
Showing 3 changed files with 124 additions and 62 deletions.
22 changes: 19 additions & 3 deletions .rubocop.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,21 @@
LineLength:
Max: 160
require:
- rubocop-performance

AbcSize:
AllCops:
TargetRubyVersion: 2.4

Naming/FileName:
Exclude:
- 'lib/sensu-plugins-ruby.rb'

Metrics/LineLength:
Max: 120

Metrics/MethodLength:
Max: 20

Metrics/AbcSize:
Max: 20

Style/FrozenStringLiteralComment:
Enabled: false
70 changes: 45 additions & 25 deletions bin/check-bundler-audit
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
#!/usr/bin/env ruby
# frozen_string_literal: true

#
# check-bundle-audit
#
# DESCRIPTION:
Expand Down Expand Up @@ -52,15 +51,7 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
default: ''

def run
update_audit_db

checks = config[:paths].split(',').map do |path|
check_audit(path.strip)
end

message = checks.select { |c| %i[critical warning].include?(c[:status]) }
.map { |c| "#{c[:path]}: #{c[:message]}" }
.compact.join("\n")
checks, message = check_results

if checks.any? { |c| c[:status] == :critical }
critical("Vulnerabilities found: #{message}")
Expand All @@ -79,6 +70,20 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
warning("Failed to update advisory db: #{stdout} #{stderr}") unless ok
end

def check_results
update_audit_db

checks = config[:paths].split(',').map do |path|
check_audit(path.strip)
end

message = checks.select { |c| %i[critical warning].include?(c[:status]) }
.map { |c| "#{c[:path]}: #{c[:message]}" }
.compact.join("\n")

[checks, message]
end

def criticality_to_int(criticality)
case criticality
when :high
Expand All @@ -92,7 +97,7 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
end
end

def check_audit(path)
def vulnerabilities_for_path(path)
ENV['BUNDLE_GEMFILE'] = File.join(path, 'Gemfile.lock')

vulnerabilities = []
Expand All @@ -103,24 +108,39 @@ class BundlerAuditCheck < Sensu::Plugin::Check::CLI
when Bundler::Audit::Scanner::InsecureSource
vulnerabilities << { message: "Insecure Source URI found: #{result.source}", criticality: CRITICALITY_HIGH }
when Bundler::Audit::Scanner::UnpatchedGem
vulnerabilities << { gem: result.gem, advisory: result.advisory, criticality: criticality_to_int(result.advisory.criticality) }
vulnerabilities << {
gem: result.gem,
advisory: result.advisory,
criticality: criticality_to_int(result.advisory.criticality)
}
end
end

vulnerabilities
end

def message_for_vulnerabilities(vulnerabilities)
return 'No vulnerabilities found' if vulnerabilities.empty?

vulnerabilities.map do |v|
v[:message] || "#{v[:gem].name} #{v[:gem].version} (#{v[:advisory].cve || v[:advisory].osvdb})"
end.join(', ')
end

def ignore?(vulnerability)
config[:ignore].split(',').map(&:strip).include?(vulnerability[:advisory])
end

def check_audit(path)
vulnerabilities = vulnerabilities_for_path(path)
message = message_for_vulnerabilities(vulnerabilities)

if vulnerabilities.empty?
{ path: path, status: :ok, message: 'No vulnerabilities found' }
{ path: path, status: :ok, message: message }
elsif vulnerabilities.any? { |v| v[:criticality] >= config[:criticality].to_i && !ignore?(v) }
{ path: path, status: :critical, message: message }
else
message = vulnerabilities.map do |v|
v[:message] || "#{v[:gem].name} #{v[:gem].version} (#{v[:advisory].cve || v[:advisory].osvdb})"
end.join(', ')

if vulnerabilities.any? { |v| v[:criticality] >= config[:criticality].to_i && !config[:ignore].split(',').map(&:strip).include?(v[:advisory]) }
{ path: path, status: :critical, message: message }
elsif vulnerabilities.any?
{ path: path, status: :ok, message: message }
else
{ path: path, status: :warning, message: 'Vulnerabilities found' }
end
{ path: path, status: :ok, message: message }
end
rescue StandardError => e
{ path: path, status: :warning, message: "Failed to check for vulnerabilities: #{e.message}" }
Expand Down
94 changes: 60 additions & 34 deletions bin/check-ruby-version
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
#!/usr/bin/env ruby
# frozen_string_literal: true

#
# check-ruby-version
#
# DESCRIPTION:
Expand All @@ -27,7 +26,7 @@ require 'sensu-plugin/check/cli'

# Sensu plugin for checking bundle audit status
class RubyVersionCheck < Sensu::Plugin::Check::CLI
RVM_KNOWN_RUBIES_URL = 'https://raw.githubusercontent.com/rvm/rvm/stable/config/known'
RVM_KNOWN_RUBIES_URL = 'https://raw.githubusercontent.com/rvm/rvm/stable/config/known'.freeze
MIN_RUBY_VERSION = [2, 4].freeze

option :paths,
Expand All @@ -37,16 +36,7 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
required: true

def run
known_rubies = fetch_known_rubies
latest_ruby = known_rubies.max

checks = config[:paths].split(',').map do |path|
check_path(path, known_rubies, latest_ruby)
end

message = checks.select { |c| %i[critical warning].include?(c[:status]) }
.map { |c| "#{c[:path]}: #{c[:message]}" }
.compact.join("\n")
checks, message = check_results

if checks.any? { |c| c[:status] == :critical }
critical(message)
Expand All @@ -61,6 +51,21 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI

private

def check_results
known_rubies = fetch_known_rubies
latest_ruby = known_rubies.max

checks = config[:paths].split(',').map do |path|
check_path(path, known_rubies, latest_ruby)
end

message = checks.select { |c| %i[critical warning].include?(c[:status]) }
.map { |c| "#{c[:path]}: #{c[:message]}" }
.compact.join("\n")

[checks, message]
end

def fetch_known_rubies
Net::HTTP.get(URI.parse(RVM_KNOWN_RUBIES_URL))
.split("\n")
Expand All @@ -82,31 +87,52 @@ class RubyVersionCheck < Sensu::Plugin::Check::CLI
used_ruby = parse_ruby_version(File.read(File.join(path, '.ruby-version')))
current_branch_patch_version = known_rubies.find { |v| v[0] == used_ruby[0] && v[1] == used_ruby[1] }

path_status(used_ruby, current_branch_patch_version, latest_ruby)
end

def eol_status(used_ruby)
{
status: :critical,
message: format('The ruby version has reached its end of live: %<version>s',
version: used_ruby.join('.'))
}
end

def outdated_status(used_ruby)
{
status: :warning,
message: format('Outdated Ruby version of %<branch>s branch: %<version>s',
branch: used_ruby[0..-2].join('.'),
version: used_ruby.join('.'))
}
end

def latest_branch_status(used_ruby, latest_ruby)
{
status: :ok,
message: format('Using latest version of %<branch>s branch: %<version>s - latest version: %<latest>s',
branch: used_ruby[0..-2].join('.'),
version: used_ruby.join('.'),
latest: latest_ruby[0..-2].join('.'))
}
end

def latest_status(used_ruby)
{
status: :ok,
message: format('Using latest version of ruby %<version>s', version: used_ruby.join('.'))
}
end

def path_status(used_ruby, current_branch_patch_version, latest_ruby)
if current_branch_patch_version.nil?
{
path: path,
status: :critical,
message: format('The ruby version has reached its end of live: %s', used_ruby.join('.'))
}
eol_status(used_ruby)
elsif current_branch_patch_version[2] > used_ruby[2]
{
path: path,
status: :warning,
message: format('Outdated Ruby version of %s branch: %s', used_ruby[0..-2].join('.'), used_ruby.join('.'))
}
outdated_status(used_ruby)
elsif latest_ruby[0] > used_ruby[0] || latest_ruby[1] > used_ruby[1]
{
path: path,
status: :ok,
message: format('Using latest version of %s branch: %s - latest version: %s',
used_ruby[0..-2].join('.'), used_ruby.join('.'), latest_ruby[0..-2].join('.'))
}
latest_branch_status(used_ruby, latest_ruby)
else
{
path: path,
status: :ok,
message: format('Using latest version of ruby %s', used_ruby.join('.'))
}
latest_status(used_ruby)
end
end
end

0 comments on commit 1487195

Please sign in to comment.