From 9bd7ea70952dbcee6e8e1d715e1d77c3ef6226f1 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Tue, 5 Mar 2024 16:35:41 +0000 Subject: [PATCH 1/4] Create techstack.yml --- techstack.yml | 344 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 344 insertions(+) create mode 100644 techstack.yml diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 0000000..1b79b61 --- /dev/null +++ b/techstack.yml @@ -0,0 +1,344 @@ +repo_name: yonasb/sample_app +report_id: 0f357a8fbdb0d9426db9ae774fbfced0 +version: 0.1 +repo_type: Public +timestamp: '2024-03-05T16:35:39+00:00' +requested_by: yonasb +provider: github +branch: master +detected_tools_count: 20 +tools: +- name: CSS 3 + description: The latest evolution of the Cascading Style Sheets language + website_url: https://developer.mozilla.org/en-US/docs/Web/CSS/CSS3 + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/6727/css.png + detection_source_url: https://github.com/yonasb/sample_app + detection_source: Repo Metadata +- name: CoffeeScript + description: A little language that compiles into JavaScript + website_url: http://coffeescript.org/ + license: MIT + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/1178/slQydAMv.png + detection_source_url: https://github.com/yonasb/sample_app + detection_source: Repo Metadata +- name: JavaScript + description: Lightweight, interpreted, object-oriented language with first-class + functions + website_url: https://developer.mozilla.org/en-US/docs/Web/JavaScript + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/1209/javascript.jpeg + detection_source_url: https://github.com/yonasb/sample_app + detection_source: Repo Metadata +- name: Ruby + description: A dynamic, interpreted, open source programming language with a focus + on simplicity and productivity + website_url: https://www.ruby-lang.org + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/989/ruby.png + detection_source_url: https://github.com/yonasb/sample_app + detection_source: Repo Metadata +- name: Rails + description: Web development that doesn't hurt + website_url: http://rubyonrails.org/ + version: 3.2.1 + license: MIT + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Frameworks (Full Stack) + image_url: https://img.stackshare.io/service/990/x57_Lorv.png + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z +- name: jQuery + description: The Write Less, Do More, JavaScript Library. + website_url: http://jquery.com/ + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: Javascript UI Libraries + image_url: https://img.stackshare.io/service/1021/lxEKmMnB_400x400.jpg + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z +- name: SQLite + description: A software library that implements a self-contained, serverless, zero-configuration, + transactional SQL database engine + website_url: http://www.sqlite.org/ + open_source: false + hosted_saas: true + category: Data Stores + sub_category: Databases + image_url: https://img.stackshare.io/service/1071/sqlite.jpg + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/yonasb/sample_app + detection_source: Repo Metadata +- name: RSpec + description: Behaviour Driven Development for Ruby + website_url: https://rspec.info/ + version: 2.6.0 + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Testing Frameworks + image_url: https://img.stackshare.io/service/2539/logo.png + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z +- name: RubyGems + description: Easily download, install, and use ruby software packages on your system + website_url: https://rubygems.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Package Managers + image_url: https://img.stackshare.io/service/12795/5jL6-BA5_400x400.jpeg + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z +- name: Twilio SendGrid + description: Email Delivery. Simplified. + website_url: http://sendgrid.com + open_source: false + hosted_saas: true + category: Communications + sub_category: Transactional Email + image_url: https://img.stackshare.io/service/43/kQ_6nwmP.jpg + detection_source_url: https://github.com/yonasb/sample_app/blob/master/config/environments/production.rb + detection_source: config/environments/production.rb + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z +- name: UglifyJS + description: A JavaScript parser, minifier, compressor and beautifier toolkit. + website_url: http://lisperator.net/uglifyjs/ + open_source: true + hosted_saas: false + category: Libraries + sub_category: Javascript Utilities & Libraries + image_url: https://img.stackshare.io/service/2203/default_9058af6f02375a99f634f537d727e32df92ac262.png + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z +- name: coffee-rails + description: CoffeeScript adapter for the Rails asset pipeline + package_url: https://rubygems.org/coffee-rails + version: 3.2.2 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18896/default_9386886dd1c6c396a11bd4b49732afb9ec444f8d.png + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z +- name: jquery-rails + description: This gem provides jQuery and the jQuery-ujs driver for your Rails 4+ + application + package_url: https://rubygems.org/jquery-rails + version: 2.0.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18864/default_96cb61a9c0f8ef41b80df83209dca4f4c229184e.png + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z + vulnerabilities: + - name: 'Duplicate Advisory: Prototype Pollution in jquery' + cve_id: CVE-2019-5428 + cve_url: https://github.com/advisories/GHSA-wv67-q8rr-grjp + detected_date: Sep 26 + severity: moderate + first_patched: 3.4.0 + - name: jquery-rails and jquery-ujs subject to Exposure of Sensitive Information + cve_id: CVE-2015-1840 + cve_url: https://github.com/advisories/GHSA-4whc-pp4x-9pf3 + detected_date: Aug 22 + severity: moderate + first_patched: 3.1.3 + - name: jQuery Cross Site Scripting vulnerability + cve_id: CVE-2020-23064 + cve_url: https://github.com/advisories/GHSA-257q-pv89-v3xv + detected_date: Jul 8 + severity: moderate + first_patched: 4.4.0 + - name: Cross-Site Scripting in jquery + cve_id: CVE-2020-7656 + cve_url: https://github.com/advisories/GHSA-q4m3-2j7h-f7xw + detected_date: Jul 6 + severity: moderate + first_patched: 2.2.0 + - name: Cross-Site Scripting (XSS) in jquery + cve_id: CVE-2015-9251 + cve_url: https://github.com/advisories/GHSA-rmxg-73gg-4p98 + detected_date: Jul 6 + severity: moderate + first_patched: 4.2.0 + - name: Cross-Site Scripting in jquery + cve_id: CVE-2012-6708 + cve_url: https://github.com/advisories/GHSA-2pqj-h3vj-pqgw + detected_date: Jul 6 + severity: moderate + first_patched: 2.2.0 + - name: XSS in jQuery as used in Drupal, Backdrop CMS, and other products + cve_id: CVE-2019-11358 + cve_url: https://github.com/advisories/GHSA-6c3j-c64m-qhgq + detected_date: May 31 + severity: moderate + first_patched: 4.3.4 + - name: Potential XSS vulnerability in jQuery + cve_id: CVE-2020-11022 + cve_url: https://github.com/advisories/GHSA-gxr4-xjj5-5px2 + detected_date: Sep 26 + severity: moderate + first_patched: 4.4.0 + - name: Potential XSS vulnerability in jQuery + cve_id: CVE-2020-11023 + cve_url: https://github.com/advisories/GHSA-jpcq-cgw6-v4j6 + detected_date: May 5 + severity: moderate + first_patched: 4.4.0 +- name: json + description: This is a JSON implementation as a Ruby extension in C + package_url: https://rubygems.org/json + version: 1.6.5 + license: Ruby + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18822/default_19184669508c0f71aec9521d5f14d71b77203130.png + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z + vulnerabilities: + - name: Unsafe object creation in json RubyGem + cve_id: CVE-2020-10663 + cve_url: https://github.com/advisories/GHSA-jphg-qwrw-7w9g + detected_date: Aug 22 + severity: high + first_patched: 2.3.0 + - name: JSON gem has Improper Input Validation vulnerability + cve_id: CVE-2013-0269 + cve_url: https://github.com/advisories/GHSA-x457-cw4h-hq5f + detected_date: Aug 22 + severity: high + first_patched: 1.6.8 +- name: rspec-rails + description: Rspec-rails is a testing framework for Rails 3+ + package_url: https://rubygems.org/rspec-rails + version: 2.6.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18830/default_ba8d7756589e5fc0164687950e3f091b32554546.png + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z +- name: sass-rails + description: Sass adapter for the Rails asset pipeline + package_url: https://rubygems.org/sass-rails + version: 3.2.5 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18876/default_d416e715a80ce80ae31b87cff032f5873c8a9d2a.png + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z +- name: sqlite3 + description: This module allows Ruby programs to interface with the SQLite3 database + engine + package_url: https://rubygems.org/sqlite3 + version: 1.3.5 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18820/default_6564ae059af6c4ea7065fd2329370c7a05341cf8.png + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z +- name: uglifier + description: Uglifier minifies JavaScript files by wrapping UglifyJS to be accessible + in Ruby + package_url: https://rubygems.org/uglifier + version: 1.2.3 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18967/default_20d16c1471b93397c8ef93b19baf0989f59663c0.png + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z + vulnerabilities: + - name: Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js + cve_id: CVE-2015-8857 + cve_url: https://github.com/advisories/GHSA-34r7-q49f-h37c + detected_date: Mar 28 + severity: critical + first_patched: 2.7.2 +- name: webrat + description: Webrat lets you quickly write expressive and robust acceptance tests + for a Ruby web application + package_url: https://rubygems.org/webrat + version: 0.7.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19139/default_8dfa87240818385496427db2d6489b2c70b1c02a.png + detection_source_url: https://github.com/yonasb/sample_app/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: yonasb + last_updated_on: 2012-03-24 00:21:49.000000000 Z From 9b3919f8aece2e5cb661631790aa5575848f4840 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Tue, 5 Mar 2024 16:35:42 +0000 Subject: [PATCH 2/4] Create techstack.md --- techstack.md | 192 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 192 insertions(+) create mode 100644 techstack.md diff --git a/techstack.md b/techstack.md new file mode 100644 index 0000000..272b328 --- /dev/null +++ b/techstack.md @@ -0,0 +1,192 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [yonasb/sample_app](https://github.com/yonasb/sample_app)![](https://img.stackshare.io/public_badge.svg "public") +

+|20
Tools used|03/05/24
Report generated| +|------|------| +
+ +## Languages (4) + + + + + + + + + + +
+ CSS 3 +
+ CSS 3 +
+ +		 + CoffeeScript +
+ CoffeeScript +
+ +		 + JavaScript +
+ JavaScript +
+ +		 + Ruby +
+ Ruby +
+ +
+ +## Frameworks (2) + + + + + + +
+ Rails +
+ Rails +
+ v3.2.1 +		 + jQuery +
+ jQuery +
+ +
+ +## Data (1) + + + + +
+ SQLite +
+ SQLite +
+ +
+ +## DevOps (3) + + + + + + + + +
+ Git +
+ Git +
+ +		 + RSpec +
+ RSpec +
+ v2.6.0 +		 + RubyGems +
+ RubyGems +
+ +
+ +## Software as a Service (SaaS) (1) + + + + +
+ Twilio SendGrid +
+ Twilio SendGrid +
+ +
+ +## Other (1) + + + + +
+ UglifyJS +
+ UglifyJS +
+ +
+ + +## Open source packages (8) + +## RubyGems (8) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[coffee-rails](https://rubygems.org/coffee-rails)|v3.2.2|03/24/12|yonasb |MIT|N/A| +|[jquery-rails](https://rubygems.org/jquery-rails)|v2.0.1|03/24/12|yonasb |MIT|[CVE-2019-5428](https://github.com/advisories/GHSA-wv67-q8rr-grjp) (Moderate)
[CVE-2015-1840](https://github.com/advisories/GHSA-4whc-pp4x-9pf3) (Moderate)
[CVE-2020-23064](https://github.com/advisories/GHSA-257q-pv89-v3xv) (Moderate)
[CVE-2020-7656](https://github.com/advisories/GHSA-q4m3-2j7h-f7xw) (Moderate)
[CVE-2015-9251](https://github.com/advisories/GHSA-rmxg-73gg-4p98) (Moderate)
[CVE-2012-6708](https://github.com/advisories/GHSA-2pqj-h3vj-pqgw) (Moderate)
[CVE-2019-11358](https://github.com/advisories/GHSA-6c3j-c64m-qhgq) (Moderate)
[CVE-2020-11022](https://github.com/advisories/GHSA-gxr4-xjj5-5px2) (Moderate)
[CVE-2020-11023](https://github.com/advisories/GHSA-jpcq-cgw6-v4j6) (Moderate)| +|[json](https://rubygems.org/json)|v1.6.5|03/24/12|yonasb |Ruby|[CVE-2020-10663](https://github.com/advisories/GHSA-jphg-qwrw-7w9g) (High)
[CVE-2013-0269](https://github.com/advisories/GHSA-x457-cw4h-hq5f) (High)| +|[rspec-rails](https://rubygems.org/rspec-rails)|v2.6.1|03/24/12|yonasb |MIT|N/A| +|[sass-rails](https://rubygems.org/sass-rails)|v3.2.5|03/24/12|yonasb |MIT|N/A| +|[sqlite3](https://rubygems.org/sqlite3)|v1.3.5|03/24/12|yonasb |BSD-3-Clause|N/A| +|[uglifier](https://rubygems.org/uglifier)|v1.2.3|03/24/12|yonasb |MIT|[CVE-2015-8857](https://github.com/advisories/GHSA-34r7-q49f-h37c) (Critical)| +|[webrat](https://rubygems.org/webrat)|v0.7.1|03/24/12|yonasb |MIT|N/A| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file) From 26097ff7b4db74c5f28241f76c547ff31df25bd8 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Wed, 13 Mar 2024 16:30:06 +0000 Subject: [PATCH 3/4] Update techstack.yml --- techstack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.yml b/techstack.yml index 1b79b61..31700d3 100644 --- a/techstack.yml +++ b/techstack.yml @@ -2,7 +2,7 @@ repo_name: yonasb/sample_app report_id: 0f357a8fbdb0d9426db9ae774fbfced0 version: 0.1 repo_type: Public -timestamp: '2024-03-05T16:35:39+00:00' +timestamp: '2024-03-13T16:30:04+00:00' requested_by: yonasb provider: github branch: master From 3d9632996126605ed7efc5bb96df3b2db19b2be3 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Wed, 13 Mar 2024 16:30:06 +0000 Subject: [PATCH 4/4] Update techstack.md --- techstack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.md b/techstack.md index 272b328..1c1bc35 100644 --- a/techstack.md +++ b/techstack.md @@ -40,7 +40,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [yonasb/sample_app](https://github.com/yonasb/sample_app)![](https://img.stackshare.io/public_badge.svg "public")

-|20
Tools used|03/05/24
Report generated| +|20
Tools used|03/13/24
Report generated| |------|------|