From 13f430b55c8966c748f6993b696e37ef30c518ad Mon Sep 17 00:00:00 2001 From: Andrew Bromwich Date: Sun, 1 Mar 2020 17:56:53 +1000 Subject: [PATCH] Bump version to 0.1.19 Address CVE-2020-8130 - `rake` OS command injection vulnerability Fix some Rubocop warnings --- CHANGELOG.md | 4 ++++ Gemfile | 2 ++ Rakefile | 2 ++ bin/console | 1 + lib/rocket_chat/error.rb | 2 ++ lib/rocket_chat/gem_version.rb | 4 +++- lib/rocket_chat/im_summary.rb | 2 ++ lib/rocket_chat/info.rb | 2 ++ lib/rocket_chat/message.rb | 2 ++ lib/rocket_chat/messages/channel.rb | 2 ++ lib/rocket_chat/messages/chat.rb | 2 ++ lib/rocket_chat/messages/group.rb | 2 ++ lib/rocket_chat/messages/im.rb | 2 ++ lib/rocket_chat/messages/list_support.rb | 2 ++ lib/rocket_chat/messages/room.rb | 2 ++ lib/rocket_chat/messages/room_support.rb | 2 ++ lib/rocket_chat/messages/settings.rb | 2 ++ lib/rocket_chat/messages/user.rb | 2 ++ lib/rocket_chat/messages/user_support.rb | 2 ++ lib/rocket_chat/presence_status.rb | 2 ++ lib/rocket_chat/request_helper.rb | 4 +++- lib/rocket_chat/room.rb | 2 ++ lib/rocket_chat/server.rb | 2 ++ lib/rocket_chat/session.rb | 2 ++ lib/rocket_chat/token.rb | 2 ++ lib/rocket_chat/user.rb | 2 ++ lib/rocket_chat/util.rb | 2 ++ lib/rocketchat.rb | 2 ++ rocketchat.gemspec | 4 +++- spec/rocket_chat/message_spec.rb | 2 ++ spec/rocket_chat/messages/channel_spec.rb | 2 ++ spec/rocket_chat/messages/chat_spec.rb | 2 ++ spec/rocket_chat/messages/group_spec.rb | 2 ++ spec/rocket_chat/messages/im_spec.rb | 2 ++ spec/rocket_chat/messages/settings_spec.rb | 2 ++ spec/rocket_chat/messages/user_spec.rb | 2 ++ spec/rocket_chat/server_spec.rb | 2 ++ spec/rocket_chat/session_spec.rb | 2 ++ spec/rocket_chat/user_spec.rb | 2 ++ spec/shared/room_behaviors.rb | 2 ++ spec/spec_helper.rb | 12 +++++++----- 41 files changed, 91 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 68272ae..5fc8104 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ ## Unreleased - None +## [0.1.19](releases/tag/v0.1.19) - 2019-03-01 +### Fixed +- Address CVE-2020-8130 - `rake` OS command injection vulnerability + ## [0.1.18](releases/tag/v0.1.18) - 2018-01-05 ### Added - [#29] Support for im.create and im.counters ([@christianmoretti][]) diff --git a/Gemfile b/Gemfile index a743565..0801b46 100644 --- a/Gemfile +++ b/Gemfile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source 'https://rubygems.org' # Specify your gem's dependencies in rocketchat.gemspec diff --git a/Rakefile b/Rakefile index 4c774a2..82bb534 100644 --- a/Rakefile +++ b/Rakefile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'bundler/gem_tasks' require 'rspec/core/rake_task' diff --git a/bin/console b/bin/console index 4847424..058002f 100755 --- a/bin/console +++ b/bin/console @@ -1,4 +1,5 @@ #!/usr/bin/env ruby +# frozen_string_literal: true require 'bundler/setup' require 'rocketchat' diff --git a/lib/rocket_chat/error.rb b/lib/rocket_chat/error.rb index 61b9f17..ab8c60d 100644 --- a/lib/rocket_chat/error.rb +++ b/lib/rocket_chat/error.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat class Error < StandardError; end class HTTPError < Error; end diff --git a/lib/rocket_chat/gem_version.rb b/lib/rocket_chat/gem_version.rb index bd2bfab..3dea040 100644 --- a/lib/rocket_chat/gem_version.rb +++ b/lib/rocket_chat/gem_version.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat - VERSION = '0.1.18'.freeze + VERSION = '0.1.19' end diff --git a/lib/rocket_chat/im_summary.rb b/lib/rocket_chat/im_summary.rb index 17bb90e..c78f013 100644 --- a/lib/rocket_chat/im_summary.rb +++ b/lib/rocket_chat/im_summary.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat # # Rocket.Chat IM Summary diff --git a/lib/rocket_chat/info.rb b/lib/rocket_chat/info.rb index a8b6760..0999516 100644 --- a/lib/rocket_chat/info.rb +++ b/lib/rocket_chat/info.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat # # Rocket.Chat Info diff --git a/lib/rocket_chat/message.rb b/lib/rocket_chat/message.rb index e7f2830..49a2878 100644 --- a/lib/rocket_chat/message.rb +++ b/lib/rocket_chat/message.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat # # Rocket.Chat Message diff --git a/lib/rocket_chat/messages/channel.rb b/lib/rocket_chat/messages/channel.rb index 7238157..6728a1a 100644 --- a/lib/rocket_chat/messages/channel.rb +++ b/lib/rocket_chat/messages/channel.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat module Messages # diff --git a/lib/rocket_chat/messages/chat.rb b/lib/rocket_chat/messages/chat.rb index 82c0b14..ccbb7fa 100644 --- a/lib/rocket_chat/messages/chat.rb +++ b/lib/rocket_chat/messages/chat.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat module Messages # diff --git a/lib/rocket_chat/messages/group.rb b/lib/rocket_chat/messages/group.rb index 928b779..d6b2770 100644 --- a/lib/rocket_chat/messages/group.rb +++ b/lib/rocket_chat/messages/group.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat module Messages # diff --git a/lib/rocket_chat/messages/im.rb b/lib/rocket_chat/messages/im.rb index b104ffe..753ab52 100644 --- a/lib/rocket_chat/messages/im.rb +++ b/lib/rocket_chat/messages/im.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat module Messages # diff --git a/lib/rocket_chat/messages/list_support.rb b/lib/rocket_chat/messages/list_support.rb index 17b9daa..05d989f 100644 --- a/lib/rocket_chat/messages/list_support.rb +++ b/lib/rocket_chat/messages/list_support.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat module Messages # diff --git a/lib/rocket_chat/messages/room.rb b/lib/rocket_chat/messages/room.rb index 0798764..d53fc62 100644 --- a/lib/rocket_chat/messages/room.rb +++ b/lib/rocket_chat/messages/room.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat module Messages # diff --git a/lib/rocket_chat/messages/room_support.rb b/lib/rocket_chat/messages/room_support.rb index d224c20..6391ba1 100644 --- a/lib/rocket_chat/messages/room_support.rb +++ b/lib/rocket_chat/messages/room_support.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat module Messages # diff --git a/lib/rocket_chat/messages/settings.rb b/lib/rocket_chat/messages/settings.rb index c8be56f..2031d77 100644 --- a/lib/rocket_chat/messages/settings.rb +++ b/lib/rocket_chat/messages/settings.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat module Messages # diff --git a/lib/rocket_chat/messages/user.rb b/lib/rocket_chat/messages/user.rb index e00090d..d1e8ee5 100644 --- a/lib/rocket_chat/messages/user.rb +++ b/lib/rocket_chat/messages/user.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat module Messages # diff --git a/lib/rocket_chat/messages/user_support.rb b/lib/rocket_chat/messages/user_support.rb index c5a6547..76215cc 100644 --- a/lib/rocket_chat/messages/user_support.rb +++ b/lib/rocket_chat/messages/user_support.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat module Messages # diff --git a/lib/rocket_chat/presence_status.rb b/lib/rocket_chat/presence_status.rb index 8311bae..9bc5655 100644 --- a/lib/rocket_chat/presence_status.rb +++ b/lib/rocket_chat/presence_status.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat # # Rocket.Chat PresenceStatus diff --git a/lib/rocket_chat/request_helper.rb b/lib/rocket_chat/request_helper.rb index 5bc733d..e38642a 100644 --- a/lib/rocket_chat/request_helper.rb +++ b/lib/rocket_chat/request_helper.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'uri' require 'openssl' require 'net/http' @@ -30,7 +32,7 @@ def request_json(path, options = {}) check_response response, fail_unless_ok response_json = parse_response(response.body) - options[:debug].puts("Response: #{response_json.inspect}") if options[:debug] + options[:debug]&.puts("Response: #{response_json.inspect}") check_response_json response_json, upstreamed_errors response_json diff --git a/lib/rocket_chat/room.rb b/lib/rocket_chat/room.rb index ed26a28..6424d81 100644 --- a/lib/rocket_chat/room.rb +++ b/lib/rocket_chat/room.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat # # Rocket.Chat Room diff --git a/lib/rocket_chat/server.rb b/lib/rocket_chat/server.rb index 205278b..8e1dfd0 100644 --- a/lib/rocket_chat/server.rb +++ b/lib/rocket_chat/server.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat # # Rocket.Chat Server diff --git a/lib/rocket_chat/session.rb b/lib/rocket_chat/session.rb index 0a542d3..64866e7 100644 --- a/lib/rocket_chat/session.rb +++ b/lib/rocket_chat/session.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat # # Rocket.Chat Session diff --git a/lib/rocket_chat/token.rb b/lib/rocket_chat/token.rb index d3a3857..c5f07f0 100644 --- a/lib/rocket_chat/token.rb +++ b/lib/rocket_chat/token.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat # # Rocket.Chat Token diff --git a/lib/rocket_chat/user.rb b/lib/rocket_chat/user.rb index 3d5130b..8cec410 100644 --- a/lib/rocket_chat/user.rb +++ b/lib/rocket_chat/user.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat # # Rocket.Chat User diff --git a/lib/rocket_chat/util.rb b/lib/rocket_chat/util.rb index 85b1172..4754d50 100644 --- a/lib/rocket_chat/util.rb +++ b/lib/rocket_chat/util.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module RocketChat # # Rocket.Chat generic utility functions diff --git a/lib/rocketchat.rb b/lib/rocketchat.rb index 6bb8fd6..cf6f96c 100644 --- a/lib/rocketchat.rb +++ b/lib/rocketchat.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rocket_chat/gem_version' require 'json' diff --git a/rocketchat.gemspec b/rocketchat.gemspec index 908ff1b..74d3456 100644 --- a/rocketchat.gemspec +++ b/rocketchat.gemspec @@ -1,3 +1,5 @@ +# frozen_string_literal: true + lib = File.expand_path('lib', __dir__) $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) @@ -19,7 +21,7 @@ Gem::Specification.new do |spec| spec.require_paths = ['lib'] spec.add_development_dependency 'bundler', ['>= 1.11', '< 3.0'] - spec.add_development_dependency 'rake', '~> 10.0' + spec.add_development_dependency 'rake', '>= 12.3.3' spec.add_development_dependency 'rspec', '~> 3.0' spec.add_development_dependency 'rubocop', '~> 0.62' spec.add_development_dependency 'rubocop-rspec', '~> 1.31' diff --git a/spec/rocket_chat/message_spec.rb b/spec/rocket_chat/message_spec.rb index 3fe8302..307d4ff 100644 --- a/spec/rocket_chat/message_spec.rb +++ b/spec/rocket_chat/message_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe RocketChat::Message do diff --git a/spec/rocket_chat/messages/channel_spec.rb b/spec/rocket_chat/messages/channel_spec.rb index 721c906..3291e8e 100644 --- a/spec/rocket_chat/messages/channel_spec.rb +++ b/spec/rocket_chat/messages/channel_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe RocketChat::Messages::Channel do diff --git a/spec/rocket_chat/messages/chat_spec.rb b/spec/rocket_chat/messages/chat_spec.rb index 298e944..d4be696 100644 --- a/spec/rocket_chat/messages/chat_spec.rb +++ b/spec/rocket_chat/messages/chat_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe RocketChat::Messages::Chat do diff --git a/spec/rocket_chat/messages/group_spec.rb b/spec/rocket_chat/messages/group_spec.rb index 2625c91..bf26128 100644 --- a/spec/rocket_chat/messages/group_spec.rb +++ b/spec/rocket_chat/messages/group_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe RocketChat::Messages::Group do diff --git a/spec/rocket_chat/messages/im_spec.rb b/spec/rocket_chat/messages/im_spec.rb index 102baf0..b0cdad8 100644 --- a/spec/rocket_chat/messages/im_spec.rb +++ b/spec/rocket_chat/messages/im_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe RocketChat::Messages::Im do diff --git a/spec/rocket_chat/messages/settings_spec.rb b/spec/rocket_chat/messages/settings_spec.rb index 712da85..b3de2c5 100644 --- a/spec/rocket_chat/messages/settings_spec.rb +++ b/spec/rocket_chat/messages/settings_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe RocketChat::Messages::Settings do diff --git a/spec/rocket_chat/messages/user_spec.rb b/spec/rocket_chat/messages/user_spec.rb index 8df4de9..8f4faa3 100644 --- a/spec/rocket_chat/messages/user_spec.rb +++ b/spec/rocket_chat/messages/user_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe RocketChat::Messages::User do diff --git a/spec/rocket_chat/server_spec.rb b/spec/rocket_chat/server_spec.rb index 81dbdca..7264697 100644 --- a/spec/rocket_chat/server_spec.rb +++ b/spec/rocket_chat/server_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe RocketChat::Server do diff --git a/spec/rocket_chat/session_spec.rb b/spec/rocket_chat/session_spec.rb index b00244a..bc0d51b 100644 --- a/spec/rocket_chat/session_spec.rb +++ b/spec/rocket_chat/session_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe RocketChat::Session do diff --git a/spec/rocket_chat/user_spec.rb b/spec/rocket_chat/user_spec.rb index bbbc2d3..add655a 100644 --- a/spec/rocket_chat/user_spec.rb +++ b/spec/rocket_chat/user_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe RocketChat::User do diff --git a/spec/shared/room_behaviors.rb b/spec/shared/room_behaviors.rb index 6fcf560..6e434db 100644 --- a/spec/shared/room_behaviors.rb +++ b/spec/shared/room_behaviors.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + shared_examples 'room_behavior' do |room_type: nil, query: false| let(:server) { RocketChat::Server.new(SERVER_URI) } let(:token) { RocketChat::Token.new(authToken: AUTH_TOKEN, userId: USER_ID) } diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index daec7f1..3576c2e 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'simplecov' SimpleCov.start @@ -10,11 +12,11 @@ require 'shared/room_behaviors' SERVER_URI = URI.parse('http://www.example.com/') -AUTH_TOKEN = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.freeze -USER_ID = 'AAAAAAAAAAAAAAAAA'.freeze -OTHER_USER_ID = 'BBBBBBBBBBBBBBBBB'.freeze -USERNAME = 'user'.freeze -PASSWORD = 'password'.freeze +AUTH_TOKEN = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +USER_ID = 'AAAAAAAAAAAAAAAAA' +OTHER_USER_ID = 'BBBBBBBBBBBBBBBBB' +USERNAME = 'user' +PASSWORD = 'password' UNAUTHORIZED_BODY = { status: :error, message: 'You must be logged in to do this.'