chelsea 0.0.16 → 0.0.21

data/Rakefile

@@ -1,3 +1,19 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 

data/bin/chelsea

@@ -1,4 +1,20 @@
 #!/usr/bin/env ruby
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 # frozen_string_literal: true
 require_relative "../lib/chelsea"
 require 'slop'
@@ -15,7 +31,7 @@ opts =
       o.string '-iu', '--iquser', 'Specify the IQ username', default: 'admin'
       o.string '-it', '--iqpass', 'Specify the IQ auth token', default: 'admin123'
       o.string '-w', '--whitelist', 'Set path to vulnerability whitelist file'
-      o.bool '-q', '--quiet', 'Make chelsea only output vulnerable third party dependencies for text output (default: false)', default: false 
+      o.bool '-v', '--verbose', 'Make chelsea only output vulnerable third party dependencies for text output (default: true)', default: false 
       o.string '-t', '--format', 'Choose what type of format you want your report in (default: text) (options: text, json, xml)', default: 'text'
       o.bool '-b', '--iq', 'Use Nexus IQ Server to audit your project'
       o.on '--version', 'Print the version' do
@@ -36,4 +52,4 @@ if opts.arguments.count.positive?
   exit 1
 end
 
-Chelsea::CLI.new(opts).process!
+Chelsea::CLI.new(opts).process!

data/bin/console

@@ -1,14 +1,23 @@
 #!/usr/bin/env ruby
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 
 require "bundler/setup"
 require "chelsea"
 
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
 require "irb"
 IRB.start(__FILE__)

data/bin/setup

@@ -1,4 +1,20 @@
 #!/usr/bin/env bash
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 set -euo pipefail
 IFS=$'\n\t'
 set -vx

data/chelsea

@@ -1,2 +1,18 @@
 #!/bin/bash
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 ruby ./bin/chelsea "$@"

data/chelsea.gemspec

@@ -5,7 +5,7 @@ require "chelsea/version"
 
 Gem::Specification.new do |spec|
   spec.name          = "chelsea"
-  spec.license       = "MIT"
+  spec.license       = "Apache-2.0"
   spec.version       = Chelsea::VERSION
   spec.authors       = ["Allister Beharry"]
   spec.email         = ["allister.beharry@gmail.com"]
@@ -17,17 +17,6 @@ Gem::Specification.new do |spec|
   spec.metadata["source_code_uri"] = "https://github.com/sonatype-nexus-community/chelsea"
   spec.metadata["changelog_uri"] = "https://github.com/sonatype-nexus-community/chelsea/CHANGELOG"
 
-  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
-  # to allow pushing to a single host or delete this section to allow pushing to any host.
-  # if spec.respond_to?(:metadata)
-  #   spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
-  # else
-  #   raise "RubyGems 2.0 or newer is required to protect against " \
-  #     "public gem pushes."
-  # end
-
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
@@ -42,10 +31,12 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rest-client", "~> 2.0.2"
   spec.add_dependency "bundler", ">= 1.2.0", "< 3"
   spec.add_dependency "ox", "~> 2.13.2"
+  spec.add_dependency "tty-table", "~> 0.11.0"
 
   spec.add_development_dependency "rake", "~> 12.3"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "rspec_junit_formatter", "~> 0.4.1"
   spec.add_development_dependency "webmock", "~> 3.8.3"
   spec.add_development_dependency "byebug", "~> 11.1.2"
+  spec.add_development_dependency 'pry'
 end

data/header.txt

@@ -0,0 +1,13 @@
+Copyright 2019-Present Sonatype Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/lib/chelsea.rb

@@ -1,3 +1,19 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 # frozen_string_literal: true
 
 # Lazy loading

data/lib/chelsea/bom.rb

@@ -1,3 +1,19 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 # frozen_string_literal: true
 
 require 'securerandom'

data/lib/chelsea/cli.rb

@@ -1,3 +1,19 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 require 'slop'
 require 'pastel'
 require 'tty-font'
@@ -62,7 +78,7 @@ module Chelsea
     def _process_file
       gems = Chelsea::Gems.new(
         file: @opts[:file],
-        quiet: @opts[:quiet],
+        verbose: @opts[:verbose],
         options: @opts
       )
       gems.execute ? (exit 1) : (exit 0)
@@ -71,7 +87,7 @@ module Chelsea
     def _process_file_iq
       gems = Chelsea::Gems.new(
         file: @opts[:file],
-        quiet: @opts[:quiet],
+        verbose: @opts[:verbose],
         options: @opts
       )
       gems.collect_iq

data/lib/chelsea/config.rb

@@ -1,3 +1,19 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 require 'yaml'
 require_relative 'oss_index'
 

data/lib/chelsea/db.rb

@@ -1,3 +1,19 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 require 'pstore'
 
 module Chelsea

data/lib/chelsea/dependency_exception.rb

@@ -1,3 +1,19 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 module Chelsea
   class DependencyException < StandardError
     def initialize(msg="This is a custom exception", exception_type="custom")

data/lib/chelsea/deps.rb

@@ -1,3 +1,19 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 require 'bundler'
 require 'bundler/lockfile_parser'
 require 'rubygems'
@@ -7,8 +23,8 @@ require 'rest-client'
 
 module Chelsea
   class Deps
-    def initialize(path:, quiet: false)
-      @quiet = quiet
+    def initialize(path:, verbose: false)
+      @verbose = verbose
       ENV['BUNDLE_GEMFILE'] = File.expand_path(path).chomp('.lock')
       @lockfile = Bundler::LockfileParser.new(File.read(path))
     end
@@ -41,7 +57,7 @@ module Chelsea
       reverse
         .reverse_dependencies(@lockfile.specs)
         .to_h
-        .transform_values do |reverse_dep|
+        .transform_values! do |reverse_dep|
           reverse_dep.select do |name, _dep, _req, _|
             spec_names.include?(name.split('-')[0])
           end

data/lib/chelsea/formatters/factory.rb

@@ -1,19 +1,35 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 require_relative 'json'
 require_relative 'xml'
 require_relative 'text'
 
 # Factory for formatting dependencies
 class FormatterFactory
-  def get_formatter(format: 'text', quiet: false)
+  def get_formatter(format: 'text', verbose:)
     case format
     when 'text'
-      Chelsea::TextFormatter.new quiet: quiet
+      Chelsea::TextFormatter.new verbose: verbose
     when 'json'
-      Chelsea::JsonFormatter.new quiet: quiet
+      Chelsea::JsonFormatter.new verbose: verbose
     when 'xml'
-      Chelsea::XMLFormatter.new quiet: quiet
+      Chelsea::XMLFormatter.new verbose: verbose
     else
-      Chelsea::TextFormatter.new quiet: quiet
+      Chelsea::TextFormatter.new verbose: verbose
     end
   end
 end

data/lib/chelsea/formatters/formatter.rb

@@ -1,3 +1,19 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 class Formatter
     def initialize
         @pastel = Pastel.new

data/lib/chelsea/formatters/json.rb

@@ -1,3 +1,19 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 require 'json'
 require_relative 'formatter'