Address multiple CVE's

majormoses · majormoses · commit 820d80b5cebe · 2018-09-09T10:56:43.000-07:00
Address the following CVE's: - https://nvd.nist.gov/vuln/detail/CVE-2017-17042 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8418 Breaking Changes: - removed ruby versions `< 2.3` support Misc Changes: - appeased the cops - target rubocop rules to ruby 2.3 - update changelog guidelines locations Signed-off-by: Ben Abrams <me@benabrams.it>
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -4,7 +4,7 @@
 
 #### General
 
-- [ ] Update Changelog following the conventions laid out on [Keep A Changelog](http://keepachangelog.com/)
+- [ ] Update Changelog following the conventions laid out [here](https://github.com/sensu-plugins/community/blob/master/HOW_WE_CHANGELOG.md)
 
 - [ ] Update README with any necessary configuration snippets
 
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -31,3 +31,6 @@ Style/Documentation:
 
 Lint/ImplicitStringConcatenation:
   Enabled: false
+
+AllCops:
+  TargetRubyVersion: 2.3
diff --git a/.travis.yml b/.travis.yml
@@ -4,9 +4,6 @@ cache:
 install:
 - bundle install
 rvm:
-- 2.0
-- 2.1
-- 2.2
 - 2.3.0
 - 2.4.1
 notifications:
@@ -27,9 +24,6 @@ deploy:
   on:
     tags: true
     all_branches: true
-    rvm: 2.0
-    rvm: 2.1
-    rvm: 2.2
     rvm: 2.3.0
     rvm: 2.4.1
     repo: sensu-plugins/sensu-plugins-hipchat
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,10 +1,22 @@
 # Change Log
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachangelog.com/)
+This CHANGELOG follows the format laid out [here](https://github.com/sensu-plugins/community/blob/master/HOW_WE_CHANGELOG.md)
 
 ## [Unreleased]
 
+### Security
+- updated `yard` dependency to `~> 0.9.11` per: https://nvd.nist.gov/vuln/detail/CVE-2017-17042 which closes attacks against a yard server loading arbitrary files (@majormoses)
+- updated rubocop dependency to `~> 0.51.0` per: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8418 (@majormoses)
+
+### Breaking Changes
+- removed ruby support for `< 2.3` (@majormoses)
+
+### Changed
+- appeased the cops (@majormoses)
+- bumped min `sensu-plugin` to the latest version of 2.x (@majormoses)
+- update changelog guidelines location (@majormoses)
+
 ## [3.1.0] - 2018-09-03
 ### Added
 - support list of hipchat rooms, so notifications are sent to multiple rooms (@cgarciaarano)
diff --git a/Gemfile b/Gemfile
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 # Specify your gem's dependencies in sensu-plugins-hipchat.gemspec
diff --git a/Rakefile b/Rakefile
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'bundler/gem_tasks'
 require 'github/markup'
 require 'redcarpet'
@@ -7,9 +9,9 @@ require 'yard'
 require 'yard/rake/yardoc_task'
 
 YARD::Rake::YardocTask.new do |t|
-  OTHER_PATHS = %w().freeze
+  OTHER_PATHS = %w[].freeze
   t.files = ['lib/**/*.rb', 'bin/**/*.rb', OTHER_PATHS]
-  t.options = %w(--markup-provider=redcarpet --markup=markdown --main=README.md --files CHANGELOG.md)
+  t.options = %w[--markup-provider=redcarpet --markup=markdown --main=README.md --files CHANGELOG.md]
 end
 
 RuboCop::RakeTask.new
@@ -35,4 +37,4 @@ task :check_binstubs do
   end
 end
 
-task default: [:spec, :make_bin_executable, :yard, :rubocop, :check_binstubs]
+task default: %i[spec make_bin_executable yard rubocop check_binstubs]
diff --git a/bin/handler-hipchat.rb b/bin/handler-hipchat.rb
@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 # Sensu Handler: hipchat
 #
@@ -52,33 +54,33 @@ def handle
 
     # If the playbook attribute exists and is a URL, "[<a href='url'>playbook</a>]" will be output.
     # To control the link name, set the playbook value to the HTML output you would like.
-    playbook = ''
+    playbook = +'' # unary operator for unfrozen string literal
     if @event['check']['playbook']
       begin
         uri = URI.parse(@event['check']['playbook'])
-        playbook << if %w( http https ).include?(uri.scheme)
+        playbook << if %w[http https].include?(uri.scheme)
                       "  [<a href='#{@event['check']['playbook']}'>Playbook</a>]"
                     else
                       "  Playbook:  #{@event['check']['playbook']}"
                     end
-      rescue
+      rescue StandardError
         playbook << "  Playbook:  #{@event['check']['playbook']}"
       end
     end
 
-    if message_template && File.readable?(message_template)
-      template = File.read(message_template)
-    else
-      template = '''<%=
-      [
-        @event["action"].eql?("resolve") ? "RESOLVED" : "ALERT",
-        " - [#{event_name}] - ",
-        @event["check"]["notification"] || @event["check"]["output"],
-        playbook,
-        "."
-      ].join
-      %>'''
-    end
+    template = if message_template && File.readable?(message_template)
+                 File.read(message_template)
+               else
+                 '''<%=
+                 [
+                   @event["action"].eql?("resolve") ? "RESOLVED" : "ALERT",
+                   " - [#{event_name}] - ",
+                   @event["check"]["notification"] || @event["check"]["output"],
+                   playbook,
+                   "."
+                 ].join
+                 %>'''
+               end
     eruby = Erubis::Eruby.new(template)
     message = eruby.result(binding)
 
diff --git a/lib/sensu-plugins-hipchat.rb b/lib/sensu-plugins-hipchat.rb
@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 require 'sensu-plugins-hipchat/version'
diff --git a/lib/sensu-plugins-hipchat/version.rb b/lib/sensu-plugins-hipchat/version.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module SensuPluginsHipchat
   module Version
     MAJOR = 3
diff --git a/sensu-plugins-hipchat.gemspec b/sensu-plugins-hipchat.gemspec
@@ -1,16 +1,18 @@
-lib = File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 require 'date'
 require_relative 'lib/sensu-plugins-hipchat'
 
-Gem::Specification.new do |s|
+Gem::Specification.new do |s| # rubocop:disable Metrics/BlockLength
   s.authors                = ['Sensu-Plugins and contributors']
   s.date                   = Date.today.to_s
   s.description            = 'Sensu plugins for hipchat'
   s.email                  = '<sensu-users@googlegroups.com>'
   s.executables            = Dir.glob('bin/**/*.rb').map { |file| File.basename(file) }
-  s.files                  = Dir.glob('{bin,lib}/**/*') + %w(LICENSE README.md CHANGELOG.md)
+  s.files                  = Dir.glob('{bin,lib}/**/*') + %w[LICENSE README.md CHANGELOG.md]
   s.homepage               = 'https://github.com/sensu-plugins/sensu-plugins-hipchat'
   s.license                = 'MIT'
   s.metadata               = { 'maintainer'         => 'sensu-plugin',
@@ -22,22 +24,22 @@ Gem::Specification.new do |s|
   s.platform               = Gem::Platform::RUBY
   s.post_install_message   = 'You can use the embedded Ruby by setting EMBEDDED_RUBY=true in /etc/default/sensu'
   s.require_paths          = ['lib']
-  s.required_ruby_version  = '>= 2.0.0'
+  s.required_ruby_version  = '>= 2.3.0'
   s.summary                = 'Sensu plugins for hipchat'
   s.test_files             = s.files.grep(%r{^(test|spec|features)/})
   s.version                = SensuPluginsHipchat::Version::VER_STRING
 
-  s.add_runtime_dependency 'hipchat',      '1.5.1'
-  s.add_runtime_dependency 'sensu-plugin', '~> 2.0'
   s.add_runtime_dependency 'erubis',       '2.7.0'
+  s.add_runtime_dependency 'hipchat',      '1.5.1'
+  s.add_runtime_dependency 'sensu-plugin', '~> 2.5'
 
   s.add_development_dependency 'bundler',                   '~> 1.7'
   s.add_development_dependency 'codeclimate-test-reporter', '~> 0.4'
   s.add_development_dependency 'github-markup',             '~> 1.3'
   s.add_development_dependency 'pry',                       '~> 0.10'
   s.add_development_dependency 'rake',                      '~> 10.5'
   s.add_development_dependency 'redcarpet',                 '~> 3.2'
-  s.add_development_dependency 'rubocop',                   '~> 0.40.0'
   s.add_development_dependency 'rspec',                     '~> 3.4'
-  s.add_development_dependency 'yard',                      '~> 0.8'
+  s.add_development_dependency 'rubocop',                   '~> 0.51.0'
+  s.add_development_dependency 'yard',                      '~> 0.9.11'
 end
diff --git a/test/spec_helper.rb b/test/spec_helper.rb
@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 require 'codeclimate-test-reporter'
 CodeClimate::TestReporter.start

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+# frozen_string_literal: true`
	`2`	`+`
`1`	`3`	`source 'https://rubygems.org'`
`2`	`4`
`3`	`5`	`# Specify your gem's dependencies in sensu-plugins-hipchat.gemspec`
Original file line number	Diff line number	Diff line change
`@@ -1 +1,3 @@`
	`1`	`+# frozen_string_literal: true`
	`2`	`+`
`1`	`3`	`require 'sensu-plugins-hipchat/version'`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+# frozen_string_literal: true`
	`2`	`+`
`1`	`3`	`module SensuPluginsHipchat`
`2`	`4`	`module Version`
`3`	`5`	`MAJOR = 3`