bundler-audit 0.8.0 → 0.9.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/ISSUE_TEMPLATE/bug-report.md +44 -0
- data/.github/workflows/ruby.yml +14 -1
- data/.rubocop.yml +83 -0
- data/COPYING.txt +4 -4
- data/ChangeLog.md +30 -0
- data/Gemfile +7 -3
- data/README.md +16 -10
- data/Rakefile +7 -3
- data/bundler-audit.gemspec +3 -4
- data/lib/bundler/audit/advisory.rb +23 -2
- data/lib/bundler/audit/cli/formats/json.rb +16 -2
- data/lib/bundler/audit/cli/formats/junit.rb +127 -0
- data/lib/bundler/audit/cli/formats/text.rb +11 -7
- data/lib/bundler/audit/cli/formats.rb +7 -3
- data/lib/bundler/audit/cli.rb +32 -15
- data/lib/bundler/audit/configuration.rb +7 -4
- data/lib/bundler/audit/database.rb +20 -4
- data/lib/bundler/audit/results/insecure_source.rb +4 -1
- data/lib/bundler/audit/results/unpatched_gem.rb +6 -2
- data/lib/bundler/audit/results.rb +1 -1
- data/lib/bundler/audit/scanner.rb +8 -2
- data/lib/bundler/audit/task.rb +20 -5
- data/lib/bundler/audit/version.rb +2 -2
- data/lib/bundler/audit.rb +1 -1
- data/spec/advisory_spec.rb +9 -1
- data/spec/bundle/insecure_sources/Gemfile.lock +69 -71
- data/spec/bundle/secure/Gemfile.lock +51 -53
- data/spec/cli/formats/json_spec.rb +1 -0
- data/spec/cli/formats/junit_spec.rb +284 -0
- data/spec/cli/formats/text_spec.rb +87 -17
- data/spec/cli_spec.rb +57 -17
- data/spec/database_spec.rb +25 -1
- data/spec/fixtures/advisory/CVE-2020-1234.yml +1 -0
- data/spec/fixtures/lib/bundler/audit/cli/formats/bad.rb +0 -2
- data/spec/fixtures/lib/bundler/audit/cli/formats/good.rb +0 -2
- data/spec/results/unpatched_gem_spec.rb +2 -2
- data/spec/scanner_spec.rb +25 -1
- data/spec/spec_helper.rb +5 -1
- metadata +10 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 83898613996d764bcb4e3ed517da59a95132049e29e7e8afa25698d4a03f6276
|
4
|
+
data.tar.gz: e931b427480a4bbdaeaa4bf381141780e04d26cbd2a98c60e60f3a0431c3b4d6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fcd29c11e7cee080390e9dc3b6356fc74817835a8b9f8621d230d27ea497b81ba63abcf880799f948de6eb4768747a01dc46a0aa29841c1bd76d92cd990c2659
|
7
|
+
data.tar.gz: f41ece9bf750bddcf632be46f240f079074ce26c7cb69e24184002929f041ed326e1b383a3649ec680bb3d42e03c25a167b65eb93219511065c05622bee1bef3
|
@@ -0,0 +1,44 @@
|
|
1
|
+
---
|
2
|
+
name: Bug Report
|
3
|
+
about: Report a bug
|
4
|
+
title: ''
|
5
|
+
labels: bug
|
6
|
+
assignees: ''
|
7
|
+
|
8
|
+
---
|
9
|
+
<!--
|
10
|
+
**Double Check**
|
11
|
+
|
12
|
+
- Did you update to the latest bundler-audit? (ex: `bundle update bundler-audit` or `gem update bundler-audit`)
|
13
|
+
- Did you update the ruby-advisory-db? (ex: `bundler-audit update`)
|
14
|
+
-->
|
15
|
+
|
16
|
+
## Description
|
17
|
+
|
18
|
+
<!-- A clear and concise description of what the bug is. -->
|
19
|
+
|
20
|
+
## Steps To Reproduce
|
21
|
+
|
22
|
+
Steps to reproduce the bug:
|
23
|
+
1. `$ bundle-audit ...`
|
24
|
+
2. ???
|
25
|
+
|
26
|
+
## Expected Behavior
|
27
|
+
|
28
|
+
<!-- What should happen. -->
|
29
|
+
|
30
|
+
## Actual Behavior
|
31
|
+
|
32
|
+
<!-- The error message or backtrace. -->
|
33
|
+
```
|
34
|
+
```
|
35
|
+
|
36
|
+
## Environment
|
37
|
+
|
38
|
+
$ bundler-audit --version
|
39
|
+
...
|
40
|
+
$ bundle --version
|
41
|
+
...
|
42
|
+
$ ruby --version
|
43
|
+
...
|
44
|
+
|
data/.github/workflows/ruby.yml
CHANGED
@@ -9,7 +9,6 @@ jobs:
|
|
9
9
|
fail-fast: false
|
10
10
|
matrix:
|
11
11
|
ruby:
|
12
|
-
- 2.4
|
13
12
|
- 2.5
|
14
13
|
- 2.6
|
15
14
|
- 2.7
|
@@ -27,3 +26,17 @@ jobs:
|
|
27
26
|
run: bundle install --jobs 4 --retry 3
|
28
27
|
- name: Run tests
|
29
28
|
run: bundle exec rake test
|
29
|
+
|
30
|
+
# rubocop linting
|
31
|
+
rubocop:
|
32
|
+
runs-on: ubuntu-latest
|
33
|
+
steps:
|
34
|
+
- uses: actions/checkout@v2
|
35
|
+
- name: Set up Ruby
|
36
|
+
uses: ruby/setup-ruby@v1
|
37
|
+
with:
|
38
|
+
ruby-version: 2.7
|
39
|
+
- name: Install dependencies
|
40
|
+
run: bundle install --jobs 4 --retry 3
|
41
|
+
- name: Run rubocop
|
42
|
+
run: bundle exec rubocop --parallel
|
data/.rubocop.yml
ADDED
@@ -0,0 +1,83 @@
|
|
1
|
+
AllCops:
|
2
|
+
NewCops: enable
|
3
|
+
SuggestExtensions: false
|
4
|
+
TargetRubyVersion: 2.7
|
5
|
+
Exclude:
|
6
|
+
- 'spec/bundle/**/*'
|
7
|
+
- 'spec/fixtures/database/**/*'
|
8
|
+
- 'vendor/**/*'
|
9
|
+
|
10
|
+
#
|
11
|
+
# Style
|
12
|
+
#
|
13
|
+
Layout/FirstArrayElementIndentation: { EnforcedStyle: consistent }
|
14
|
+
Layout/FirstHashElementIndentation: { EnforcedStyle: consistent }
|
15
|
+
Layout/SpaceAroundEqualsInParameterDefault: { EnforcedStyle: no_space }
|
16
|
+
Style/SymbolArray: { EnforcedStyle: brackets }
|
17
|
+
Style/PercentLiteralDelimiters:
|
18
|
+
Enabled: true
|
19
|
+
PreferredDelimiters:
|
20
|
+
default: '{}'
|
21
|
+
'%i': '[]'
|
22
|
+
'%I': '[]'
|
23
|
+
'%w': '[]'
|
24
|
+
'%W': '[]'
|
25
|
+
|
26
|
+
#
|
27
|
+
# Rules that conflict with my style.
|
28
|
+
#
|
29
|
+
Metrics: { Enabled: false }
|
30
|
+
Layout/BeginEndAlignment: { Enabled: false } # Offense count: 1
|
31
|
+
Layout/BlockAlignment: { Enabled: false } # Offense count: 1
|
32
|
+
Layout/EmptyLinesAroundClassBody: { Enabled: false } # Offense count: 15
|
33
|
+
Layout/ExtraSpacing: { Enabled: false } # Offense count: 9
|
34
|
+
Layout/HashAlignment: { Enabled: false } # Offense count: 3
|
35
|
+
Layout/SpaceAfterComma: { Enabled: false } # Offense count: 122
|
36
|
+
Layout/SpaceInsideHashLiteralBraces: { Enabled: false } # Offense count: 8
|
37
|
+
Lint/MissingSuper: { Enabled: false } # Offense count: 3
|
38
|
+
Lint/ShadowingOuterLocalVariable: { Enabled: false }
|
39
|
+
Lint/ConstantDefinitionInBlock: { Exclude: ['spec/cli/formats_spec.rb'] }
|
40
|
+
Lint/SuppressedException: { Exclude: ['spec/cli_spec.rb'] }
|
41
|
+
Lint/UnusedBlockArgument: { Enabled: false } # Offense count: 4
|
42
|
+
Lint/UnusedMethodArgument: { Enabled: false } # Offense count: 6
|
43
|
+
Naming/RescuedExceptionsVariableName: { Enabled: false } # Offense count: 2
|
44
|
+
Style/BlockDelimiters: { Enabled: false } # Offense count: 20
|
45
|
+
Style/CaseEquality: { Exclude: ['lib/bundler/audit/advisory.rb'] }
|
46
|
+
Style/ClassCheck: { Enabled: false } # Offense count: 4
|
47
|
+
Style/Documentation: { Enabled: false } # Offense count: 12
|
48
|
+
Style/GuardClause: { Enabled: false } # Offense count: 1
|
49
|
+
Style/HashSyntax:
|
50
|
+
Exclude:
|
51
|
+
- 'Rakefile'
|
52
|
+
- 'lib/bundler/audit/task.rb'
|
53
|
+
Style/IfUnlessModifier: { Enabled: false } # Offense count: 14
|
54
|
+
Style/MethodCallWithoutArgsParentheses: { Enabled: false } # Offense count: 1
|
55
|
+
Style/MultilineBlockChain: { Exclude: ['spec/**/*'] } # Offense count: 6
|
56
|
+
Style/MutableConstant: { Enabled: false } # Offense count: 4
|
57
|
+
Style/ParenthesesAroundCondition: { Enabled: false } # Offense count: 1
|
58
|
+
Style/RedundantBegin: { Exclude: ['spec/cli_spec.rb'] } # Offense count: 1
|
59
|
+
Style/RedundantReturn: { Enabled: false } # Offense count: 6
|
60
|
+
Style/SpecialGlobalVars: { Enabled: false } # Offense count: 5
|
61
|
+
Style/StringLiterals: { Enabled: false } # Offense count: 333
|
62
|
+
Style/StructInheritance: { Enabled: false } # Offense count: 1
|
63
|
+
Style/UnlessElse: { Enabled: false } # Offense count: 1
|
64
|
+
Style/WordArray: { Enabled: false } # Offense count: 1
|
65
|
+
Style/Lambda: { Enabled: false } # Offense count: 2
|
66
|
+
Style/SafeNavigation: { Enabled: false } # Offense count: 2
|
67
|
+
Lint/IneffectiveAccessModifier: { Enabled: false } # Offense count: 1
|
68
|
+
|
69
|
+
#
|
70
|
+
# Rules that may be disabled in the future.
|
71
|
+
#
|
72
|
+
# Layout/SpaceInsideParens: { Enabled: false }
|
73
|
+
# Layout/TrailingWhitespace: { Enabled: false }
|
74
|
+
|
75
|
+
#
|
76
|
+
# Rules that I want to fully enabled in the future.
|
77
|
+
#
|
78
|
+
Style/DoubleNegation: { Exclude: ['spec/spec_helper.rb'] } # Offense count: 1
|
79
|
+
Style/EmptyMethod: { Exclude: ['spec/cli/formats_spec.rb'] } # Offense count: 2
|
80
|
+
Style/ExpandPathArguments: { Enabled: false } # Offense count: 5
|
81
|
+
Style/FrozenStringLiteralComment: { Enabled: false } # Offense count: 42
|
82
|
+
Style/MixinUsage: { Exclude: ['spec/spec_helper.rb'] } # Offense count: 1
|
83
|
+
Layout/LineLength: { Enabled: false }
|
data/COPYING.txt
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
GNU GENERAL PUBLIC LICENSE
|
2
2
|
Version 3, 29 June 2007
|
3
3
|
|
4
|
-
Copyright (C) 2007 Free Software Foundation, Inc. <
|
4
|
+
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
5
5
|
Everyone is permitted to copy and distribute verbatim copies
|
6
6
|
of this license document, but changing it is not allowed.
|
7
7
|
|
@@ -645,7 +645,7 @@ the "copyright" line and a pointer to where the full notice is found.
|
|
645
645
|
GNU General Public License for more details.
|
646
646
|
|
647
647
|
You should have received a copy of the GNU General Public License
|
648
|
-
along with this program. If not, see <
|
648
|
+
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
649
649
|
|
650
650
|
Also add information on how to contact you by electronic and paper mail.
|
651
651
|
|
@@ -664,11 +664,11 @@ might be different; for a GUI interface, you would use an "about box".
|
|
664
664
|
You should also get your employer (if you work as a programmer) or school,
|
665
665
|
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
666
666
|
For more information on this, and how to apply and follow the GNU GPL, see
|
667
|
-
<
|
667
|
+
<https://www.gnu.org/licenses/>.
|
668
668
|
|
669
669
|
The GNU General Public License does not permit incorporating your program
|
670
670
|
into proprietary programs. If your program is a subroutine library, you
|
671
671
|
may consider it more useful to permit linking proprietary applications with
|
672
672
|
the library. If this is what you want to do, use the GNU Lesser General
|
673
673
|
Public License instead of this License. But first, please read
|
674
|
-
<
|
674
|
+
<https://www.gnu.org/philosophy/why-not-lgpl.html>.
|
data/ChangeLog.md
CHANGED
@@ -1,3 +1,33 @@
|
|
1
|
+
### 0.9.0.1 / 2021-08-31
|
2
|
+
|
3
|
+
* Add a workaround for Psych < 3.1.0 to support running on Ruby < 2.6.
|
4
|
+
(issue #319)
|
5
|
+
|
6
|
+
### 0.9.0 / 2021-08-31
|
7
|
+
|
8
|
+
* Load advisory metadata using `YAML.safe_load`. (issue #302)
|
9
|
+
* Explicitly permit the `Date` class for Psych >= 4.0.0 and Ruby >= 3.1.0.
|
10
|
+
* Added {Bundler::Audit::Advisory#to_h}. (pull #310)
|
11
|
+
* Added {Bundler::Audit::Database#commit_id}.
|
12
|
+
|
13
|
+
#### CLI
|
14
|
+
|
15
|
+
* Added the `--config` option. (pull #306)
|
16
|
+
* Added the `junit` output format (ex: `--format junit`). (pull #314)
|
17
|
+
* Add missing output for CVSSv3 criticality information. (pull #302)
|
18
|
+
* Include criticality information in the JSON output as well. (pull #310)
|
19
|
+
* `bundle-audit stats` now prints the commit ID of the ruby-advisory-db.
|
20
|
+
* Fixed a deprecation warning from Thor. (issue #317)
|
21
|
+
|
22
|
+
#### Rake Task
|
23
|
+
|
24
|
+
* Add the `bundle:audit:update` task for updating the [ruby-advisory-db].
|
25
|
+
(pull #296)
|
26
|
+
* Aliased `bundle:audit` to `bundle:audit:check`.
|
27
|
+
* Aliased `bundler:audit:*` to `bundle:audit:*`.
|
28
|
+
* Rake tasks now execute `bundle-audit` command as a subprocess to ensure
|
29
|
+
isolation.
|
30
|
+
|
1
31
|
### 0.8.0 / 2021-03-10
|
2
32
|
|
3
33
|
* No longer vendor [ruby-advisory-db].
|
data/Gemfile
CHANGED
@@ -4,10 +4,14 @@ gemspec
|
|
4
4
|
|
5
5
|
group :development do
|
6
6
|
gem 'rake'
|
7
|
-
gem 'kramdown', '~> 2.0'
|
8
|
-
|
9
7
|
gem 'rubygems-tasks', '~> 0.2'
|
8
|
+
|
9
|
+
gem 'rubocop', '~> 1.18'
|
10
|
+
|
10
11
|
gem 'rspec', '~> 3.0'
|
12
|
+
gem 'simplecov', '~> 0.7', require: false
|
13
|
+
|
14
|
+
gem 'kramdown', '~> 2.0'
|
11
15
|
gem 'yard', '~> 0.9'
|
12
|
-
gem '
|
16
|
+
gem 'yard-spellcheck', require: false
|
13
17
|
end
|
data/README.md
CHANGED
@@ -1,6 +1,8 @@
|
|
1
1
|
# bundler-audit
|
2
|
+
|
2
3
|
[![CI](https://github.com/rubysec/bundler-audit/actions/workflows/ruby.yml/badge.svg)](https://github.com/rubysec/bundler-audit/actions/workflows/ruby.yml)
|
3
4
|
[![Code Climate](https://codeclimate.com/github/rubysec/bundler-audit.svg)](https://codeclimate.com/github/rubysec/bundler-audit)
|
5
|
+
[![Gem Version](https://badge.fury.io/rb/bundler-audit.svg)](https://badge.fury.io/rb/bundler-audit)
|
4
6
|
|
5
7
|
* [Homepage](https://github.com/rubysec/bundler-audit#readme)
|
6
8
|
* [Issues](https://github.com/rubysec/bundler-audit/issues)
|
@@ -13,7 +15,7 @@ Patch-level verification for [bundler].
|
|
13
15
|
## Features
|
14
16
|
|
15
17
|
* Checks for vulnerable versions of gems in `Gemfile.lock`.
|
16
|
-
* Checks for insecure gem sources (`http://`).
|
18
|
+
* Checks for insecure gem sources (`http://` and `git://`).
|
17
19
|
* Allows ignoring certain advisories that have been manually worked around.
|
18
20
|
* Prints advisory information.
|
19
21
|
* Does not require a network connection.
|
@@ -131,13 +133,14 @@ Output the audit's results in JSON, to a file:
|
|
131
133
|
|
132
134
|
$ bundle-audit check --format json --output bundle-audit.json
|
133
135
|
|
134
|
-
Rake
|
136
|
+
## Rake Tasks
|
135
137
|
|
136
|
-
|
137
|
-
|
138
|
-
Bundler::Audit::Task.new
|
138
|
+
Bundler-audit provides Rake tasks for checking the code and for updating
|
139
|
+
its vulnerability database:
|
139
140
|
|
140
|
-
|
141
|
+
```bash
|
142
|
+
rake bundle:audit
|
143
|
+
rake bundle:audit:update
|
141
144
|
```
|
142
145
|
|
143
146
|
## Configuration File
|
@@ -153,6 +156,10 @@ bundler-audit also supports a per-project configuration file:
|
|
153
156
|
|
154
157
|
* `ignore:` \[Array\<String\>\] - A list of advisory IDs to ignore.
|
155
158
|
|
159
|
+
You can provide a path to a config file using the `--config` flag:
|
160
|
+
|
161
|
+
$ bundle-audit check --config bundler-audit.custom.yaml
|
162
|
+
|
156
163
|
## Requirements
|
157
164
|
|
158
165
|
* [git]
|
@@ -188,7 +195,7 @@ bundler-audit also supports a per-project configuration file:
|
|
188
195
|
1. https://github.com/rubysec/bundler-audit/fork
|
189
196
|
2. `git clone YOUR_FORK_URI`
|
190
197
|
3. `cd bundler-audit/`
|
191
|
-
4. `
|
198
|
+
4. `bundle install`
|
192
199
|
5. `bundle exec rake spec`
|
193
200
|
6. `git checkout -b YOUR_FEATURE`
|
194
201
|
7. Make your changes
|
@@ -211,14 +218,13 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
211
218
|
GNU General Public License for more details.
|
212
219
|
|
213
220
|
You should have received a copy of the GNU General Public License
|
214
|
-
along with bundler-audit. If not, see <
|
221
|
+
along with bundler-audit. If not, see <https://www.gnu.org/licenses/>.
|
215
222
|
|
216
223
|
[git]: https://git-scm.com
|
217
224
|
[ruby]: https://ruby-lang.org
|
218
225
|
[rubygems]: https://rubygems.org
|
219
226
|
[thor]: http://whatisthor.com/
|
220
|
-
[bundler]: https://
|
221
|
-
[git]: https://github.com/git/git
|
227
|
+
[bundler]: https://bundler.io
|
222
228
|
|
223
229
|
[OSVDB]: http://osvdb.org/
|
224
230
|
[ruby-advisory-db]: https://github.com/rubysec/ruby-advisory-db
|
data/Rakefile
CHANGED
@@ -1,5 +1,3 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
|
3
1
|
require 'rubygems'
|
4
2
|
|
5
3
|
begin
|
@@ -36,5 +34,11 @@ task :test => :spec
|
|
36
34
|
task :default => :spec
|
37
35
|
|
38
36
|
require 'yard'
|
39
|
-
YARD::Rake::YardocTask.new
|
37
|
+
YARD::Rake::YardocTask.new
|
40
38
|
task :doc => :yard
|
39
|
+
|
40
|
+
require 'bundler/audit/task'
|
41
|
+
Bundler::Audit::Task.new
|
42
|
+
|
43
|
+
require 'rubocop/rake_task'
|
44
|
+
RuboCop::RakeTask.new
|
data/bundler-audit.gemspec
CHANGED
@@ -1,5 +1,3 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
|
3
1
|
require 'yaml'
|
4
2
|
|
5
3
|
Gem::Specification.new do |gem|
|
@@ -23,8 +21,9 @@ Gem::Specification.new do |gem|
|
|
23
21
|
|
24
22
|
glob = lambda { |patterns| gem.files & Dir[*patterns] }
|
25
23
|
|
26
|
-
gem.files =
|
27
|
-
|
24
|
+
gem.files = if gemspec['files'] then glob[gemspec['files']]
|
25
|
+
else `git ls-files`.split($/)
|
26
|
+
end
|
28
27
|
|
29
28
|
gem.executables = gemspec.fetch('executables') do
|
30
29
|
glob['bin/*'].map { |path| File.basename(path) }
|
@@ -12,13 +12,16 @@
|
|
12
12
|
# GNU General Public License for more details.
|
13
13
|
#
|
14
14
|
# You should have received a copy of the GNU General Public License
|
15
|
-
# along with bundler-audit. If not, see <
|
15
|
+
# along with bundler-audit. If not, see <https://www.gnu.org/licenses/>.
|
16
16
|
#
|
17
17
|
|
18
18
|
require 'yaml'
|
19
19
|
|
20
20
|
module Bundler
|
21
21
|
module Audit
|
22
|
+
#
|
23
|
+
# Represents an advisory loaded from the {Database}.
|
24
|
+
#
|
22
25
|
class Advisory < Struct.new(:path,
|
23
26
|
:id,
|
24
27
|
:url,
|
@@ -45,7 +48,14 @@ module Bundler
|
|
45
48
|
#
|
46
49
|
def self.load(path)
|
47
50
|
id = File.basename(path).chomp('.yml')
|
48
|
-
data =
|
51
|
+
data = File.open(path) do |yaml|
|
52
|
+
if Psych::VERSION >= '3.1.0'
|
53
|
+
YAML.safe_load(yaml, permitted_classes: [Date])
|
54
|
+
else
|
55
|
+
# XXX: psych < 3.1.0 YAML.safe_load calling convention
|
56
|
+
YAML.safe_load(yaml, [Date])
|
57
|
+
end
|
58
|
+
end
|
49
59
|
|
50
60
|
unless data.kind_of?(Hash)
|
51
61
|
raise("advisory data in #{path.dump} was not a Hash")
|
@@ -200,6 +210,17 @@ module Bundler
|
|
200
210
|
id == other.id
|
201
211
|
end
|
202
212
|
|
213
|
+
#
|
214
|
+
# Converts the advisory to a Hash.
|
215
|
+
#
|
216
|
+
# @return [Hash{Symbol => Object}]
|
217
|
+
#
|
218
|
+
def to_h
|
219
|
+
super.merge({
|
220
|
+
criticality: criticality
|
221
|
+
})
|
222
|
+
end
|
223
|
+
|
203
224
|
alias to_s id
|
204
225
|
|
205
226
|
end
|
@@ -12,7 +12,7 @@
|
|
12
12
|
# GNU General Public License for more details.
|
13
13
|
#
|
14
14
|
# You should have received a copy of the GNU General Public License
|
15
|
-
# along with bundler-audit. If not, see <
|
15
|
+
# along with bundler-audit. If not, see <https://www.gnu.org/licenses/>.
|
16
16
|
#
|
17
17
|
|
18
18
|
require 'thor'
|
@@ -22,6 +22,9 @@ module Bundler
|
|
22
22
|
module Audit
|
23
23
|
class CLI < ::Thor
|
24
24
|
module Formats
|
25
|
+
#
|
26
|
+
# The JSON output format.
|
27
|
+
#
|
25
28
|
module JSON
|
26
29
|
#
|
27
30
|
# Outputs the report as JSON. Will pretty-print JSON if `output`
|
@@ -37,11 +40,22 @@ module Bundler
|
|
37
40
|
hash = report.to_h
|
38
41
|
|
39
42
|
if output.tty?
|
40
|
-
output.puts
|
43
|
+
output.puts(::JSON.pretty_generate(hash))
|
41
44
|
else
|
42
45
|
output.write(::JSON.generate(hash))
|
43
46
|
end
|
44
47
|
end
|
48
|
+
|
49
|
+
def criticality_label(advisory)
|
50
|
+
case advisory.criticality
|
51
|
+
when :none then "none"
|
52
|
+
when :low then "low"
|
53
|
+
when :medium then "medium"
|
54
|
+
when :high then "high"
|
55
|
+
when :critical then "critical"
|
56
|
+
else "unknown"
|
57
|
+
end
|
58
|
+
end
|
45
59
|
end
|
46
60
|
|
47
61
|
Formats.register :json, JSON
|