Skip to content

Instantly share code, notes, and snippets.

@jordimassaguerpla

jordimassaguerpla/get_ruby_sec_status.rb

Created July 13, 2015 10:18
Show Gist options
  • Save jordimassaguerpla/18ebe41a71b1ad084309 to your computer and use it in GitHub Desktop.
Save jordimassaguerpla/18ebe41a71b1ad084309 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
get_ruby_sec_status.rb
# Use this ruby script on a rubysec/ruby-advisory-db checkout
# to get the number of security issues on ruby gems per year
require "yaml"
if ARGV.length != 1
puts "usage: ruby get_stats.rb YEAR"
exit -1
end
if ARGV[0] !~ /\d\d\d\d/
puts "usage: ruby get_stats.rb YEAR"
exit -2
end
year = Integer(ARGV[0])
result = {}
counter = 0
Dir.entries("gems").each do |gem|
next if !File.directory?("gems/#{gem}")
$stderr.puts "\nParsing gem #{gem}"
$stderr.puts "|"
issues = Dir.entries("gems/#{gem}")
issues.each do |issue|
next if File.directory?(issue)
next if !issue.end_with?(".yml")
$stderr.puts "-- Parsing #{issue}"
data = YAML::load(File.read("gems/#{gem}/#{issue}"))
next unless data
if !data["cve"]
$stderr.puts "** error: no cve information for #{issue} **"
else
m = data["cve"].match(/(\d\d\d\d)-.*/)
if !m
$stderr.puts "** error parsing date **"
next
end
cve_year = Integer(m[1])
$stderr.puts " year: #{cve_year}"
if cve_year == year
counter = counter + 1
result[data["gem"]] ||= []
result[data["gem"]] << data["year"]
end
end
end
end
puts "-------------- RESULT -------------"
result.each do |k,v|
puts "#{k}, #{v.length}"
end
puts "TOTAL: #{counter}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment