RubyGems - chelsea - Versions diffs - 0.0.23 → 0.0.28 - Mend

chelsea 0.0.23 → 0.0.28

Files changed (31) hide show

checksums.yaml +4 -4
data/.circleci/config.yml +8 -3
data/.github/ISSUE_TEMPLATE/bug_report.md +1 -1
data/.rubocop.yml +6 -0
data/Gemfile +7 -2
data/Gemfile.lock +25 -5
data/README.md +38 -2
data/Rakefile +5 -3
data/SECURITY.md +79 -0
data/bin/chelsea +14 -7
data/bin/console +5 -4
data/chelsea.gemspec +30 -29
data/lib/chelsea/bom.rb +3 -3
data/lib/chelsea/cli.rb +36 -9
data/lib/chelsea/config.rb +12 -11
data/lib/chelsea/db.rb +4 -1
data/lib/chelsea/dependency_exception.rb +4 -1
data/lib/chelsea/deps.rb +5 -2
data/lib/chelsea/formatters/factory.rb +4 -2
data/lib/chelsea/formatters/formatter.rb +15 -11
data/lib/chelsea/formatters/json.rb +5 -1
data/lib/chelsea/formatters/text.rb +9 -4
data/lib/chelsea/formatters/xml.rb +20 -16
data/lib/chelsea/gems.rb +16 -17
data/lib/chelsea/iq_client.rb +66 -38
data/lib/chelsea/oss_index.rb +8 -9
data/lib/chelsea/spinner.rb +4 -1
data/lib/chelsea/version.rb +3 -1
data/license-excludes.xml +1 -0
metadata +50 -64
data/bin/setup +0 -24

@@ -15,6 +15,7 @@
 #
 # frozen_string_literal: true
 require 'pastel'
 require 'bundler'
 require 'bundler/lockfile_parser'
@@ -31,11 +32,10 @@ module Chelsea
   # Class to collect and audit packages from a Gemfile.lock
   class Gems
     attr_accessor :deps
-    def initialize(file:, verbose:, options: { 'format': 'text' })
+    def initialize(file:, verbose:, options: { format: 'text' }) # rubocop:disable Metrics/MethodLength
       @verbose = verbose
-      unless File.file?(file) || file.nil?
-        raise 'Gemfile.lock not found, check --file path'
-      end
+      raise 'Gemfile.lock not found, check --file path' unless File.file?(file) || file.nil?
       _silence_stderr unless @verbose
@@ -52,7 +52,7 @@ module Chelsea
     # Audits depenencies using deps library and prints results
     # using formatter library
-    def execute
+    def execute # rubocop:disable Metrics/MethodLength
       server_response, dependencies, reverse_dependencies = audit
       if dependencies.nil?
         _print_err 'No dependencies retrieved. Exiting.'
@@ -62,20 +62,19 @@ module Chelsea
         _print_success 'No vulnerability data retrieved from server. Exiting.'
         return
       end
-      results = @formatter.get_results(server_response, reverse_dependencies)
+      results = @formatter.fetch_results(server_response, reverse_dependencies)
       @formatter.do_print(results)
       server_response.map { |r| r['vulnerabilities'].length.positive? }.any?
     end
     def collect_iq
-      dependencies = @deps.dependencies
-      dependencies
+      @deps.dependencies
     end
     # Runs through auditing algorithm, raising exceptions
     # on REST calls made by @deps.get_vulns
-    def audit
+    def audit # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       # This spinner management is out of control
       # we should wrap a block with start and stop messages,
       # or use a stack to ensure all spinners stop.
@@ -84,7 +83,7 @@ module Chelsea
       begin
         dependencies = @deps.dependencies
         spin.success('...done.')
-      rescue StandardError => e
+      rescue StandardError
         spin.stop
         _print_err "Parsing dependency line #{gem} failed."
       end
@@ -100,16 +99,16 @@ module Chelsea
       begin
         server_response = @client.get_vulns(coordinates)
         spin.success('...done.')
-      rescue SocketError => e
+      rescue SocketError
         spin.stop('...request failed.')
         _print_err 'Socket error getting data from OSS Index server.'
       rescue RestClient::RequestFailed => e
         spin.stop('...request failed.')
         _print_err "Error getting data from OSS Index server:#{e.response}."
-      rescue RestClient::ResourceNotFound => e
+      rescue RestClient::ResourceNotFound
         spin.stop('...request failed.')
         _print_err 'Error getting data from OSS Index server. Resource not found.'
-      rescue Errno::ECONNREFUSED => e
+      rescue Errno::ECONNREFUSED
         spin.stop('...request failed.')
         _print_err 'Error getting data from OSS Index server. Connection refused.'
       end
@@ -122,12 +121,12 @@ module Chelsea
       $stderr.reopen('/dev/null', 'w')
     end
-    def _print_err(s)
-      puts @pastel.red.bold(s)
+    def _print_err(msg)
+      puts @pastel.red.bold(msg)
     end
-    def _print_success(s)
-      puts @pastel.green.bold(s)
+    def _print_success(msg)
+      puts @pastel.green.bold(msg)
     end
   end
 end

data/lib/chelsea/iq_client.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -17,12 +19,13 @@
 require 'rest-client'
 require 'json'
 require 'pastel'
+require 'uri'
 require_relative 'spinner'
 module Chelsea
-  class IQClient
+  # IQ audit operations
+  class IQClient # rubocop:disable Metrics/ClassLength
     DEFAULT_OPTIONS = {
       public_application_id: 'testapp',
       server_url: 'http://localhost:8070',
@@ -30,15 +33,16 @@ module Chelsea
       auth_token: 'admin123',
       internal_application_id: '',
       stage: 'build'
-    }
+    }.freeze
     def initialize(options: DEFAULT_OPTIONS)
       @options = options
       @pastel = Pastel.new
       @spinner = Chelsea::Spinner.new
     end
-    def post_sbom(sbom)
-      spin = @spinner.spin_msg "Submitting sbom to Nexus IQ Server"
+    def post_sbom(sbom) # rubocop:disable Metrics/MethodLength
+      spin = @spinner.spin_msg 'Submitting sbom to Nexus IQ Server'
       @internal_application_id = _get_internal_application_id
       resource = RestClient::Resource.new(
         _api_url,
@@ -46,8 +50,8 @@ module Chelsea
         password: @options[:auth_token]
       )
       res = resource.post sbom.to_s, _headers.merge(content_type: 'application/xml')
-      unless res.code != 202
-        spin.success("...done.")
+      if res.code == 202
+        spin.success('...done.')
         status_url(res)
       else
         spin.stop('...request failed.')
@@ -61,33 +65,51 @@ module Chelsea
     end
     def poll_status(url)
-      spin = @spinner.spin_msg "Polling Nexus IQ Server for results"
+      spin = @spinner.spin_msg 'Polling Nexus IQ Server for results'
       loop do
-        begin
-          res = _poll_iq_server(url)
-          if res.code == 200
-            spin.success("...done.")
-            _handle_response(res)
-            break
-          end
-        rescue
-          sleep(1)
+        res = _poll_iq_server(url)
+        if res.code == 200
+          spin.success('...done.')
+          return _handle_response(res)
         end
+      rescue StandardError
+        sleep(1)
       end
     end
+    # colors to use when printing message
+    COLOR_FAILURE = 31
+    COLOR_WARNING = 33 # want yellow, but doesn't appear to print
+    COLOR_NONE = 32
+    # Known policy actions
+    POLICY_ACTION_FAILURE = 'Failure'
+    POLICY_ACTION_WARNING = 'Warning'
+    POLICY_ACTION_NONE = 'None'
     private
-    def _handle_response(res)
+    def _handle_response(res) # rubocop:disable Metrics/MethodLength
       res = JSON.parse(res.body)
-      unless res['policyAction'] == 'Failure'
-        puts @pastel.white.bold("Hi! Chelsea here, no policy violations for this audit!")
-        puts @pastel.white.bold("Report URL: #{res['reportHtmlUrl']}")
-        exit 0
+      # get absolute report url
+      absolute_report_html_url = URI.join(@options[:server_url], res['reportHtmlUrl'])
+      case res['policyAction']
+      when POLICY_ACTION_FAILURE
+        ['Hi! Chelsea here, you have some policy violations to clean up!'\
+          "\nReport URL: #{absolute_report_html_url}",
+         COLOR_FAILURE, 1]
+      when POLICY_ACTION_WARNING
+        ['Hi! Chelsea here, you have some policy warnings to peck at!'\
+        "\nReport URL: #{absolute_report_html_url}",
+         COLOR_WARNING, 0]
+      when POLICY_ACTION_NONE
+        ['Hi! Chelsea here, no policy violations for this audit!'\
+        "\nReport URL: #{absolute_report_html_url}",
+         COLOR_NONE, 0]
       else
-        puts @pastel.red.bold("Hi! Chelsea here, you have some policy violations to clean up!")
-        puts @pastel.red.bold("Report URL: #{res['reportHtmlUrl']}")
-        exit 1
+        ['Hi! Chelsea here, no policy violations for this audit, but unknown policy action!'\
+        "\nReport URL: #{absolute_report_html_url}",
+         COLOR_FAILURE, 1]
       end
     end
@@ -115,33 +137,37 @@ module Chelsea
       res['statusUrl']
     end
-    private
-    def _poll_status
+    def _poll_status # rubocop:disable Metrics/MethodLength
       return unless @status_url
       loop do
-        begin
-          res = check_status(@status_url)
-          if res.code == 200
-            puts JSON.parse(res.body)
-            break
-          end
-        rescue RestClient::ResourceNotFound => _e
-          print '.'
-          sleep(1)
+        res = check_status(@status_url)
+        if res.code == 200
+          puts JSON.parse(res.body)
+          break
         end
+      rescue RestClient::ResourceNotFound => _e
+        print '.'
+        sleep(1)
       end
     end
-    def _get_internal_application_id
+    def _get_internal_application_id # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       resource = RestClient::Resource.new(
         _internal_application_id_api_url,
         user: @options[:username],
         password: @options[:auth_token]
       )
       res = resource.get _headers
+      if res.code != 200
+        puts "failure reading application id: #{@options[:public_application_id]}. response status: #{res.code}"
+        return
+      end
       body = JSON.parse(res)
+      if body['applications'].empty?
+        puts "failed to get internal application id for IQ application id: #{@options[:public_application_id]}"
+        return
+      end
       body['applications'][0]['id']
     end
@@ -150,7 +176,9 @@ module Chelsea
     end
     def _api_url
+      # rubocop:disable Layout/LineLength
       "#{@options[:server_url]}/api/v2/scan/applications/#{@internal_application_id}/sources/chelsea?stageId=#{@options[:stage]}"
+      # rubocop:enable Layout/LineLength
     end
     def _internal_application_id_api_url

data/lib/chelsea/oss_index.rb CHANGED

@@ -21,11 +21,12 @@ require 'rest-client'
 require_relative 'db'
 module Chelsea
+  # OSS Index audit operations
   class OSSIndex
     DEFAULT_OPTIONS = {
       oss_index_username: '',
       oss_index_user_token: ''
-    }
+    }.freeze
     def initialize(options: DEFAULT_OPTIONS)
       @oss_index_user_name = options[:oss_index_user_name]
       @oss_index_user_token = options[:oss_index_user_token]
@@ -37,13 +38,11 @@ module Chelsea
     def get_vulns(coordinates)
       remaining_coordinates, cached_server_response = _cache(coordinates)
-      unless remaining_coordinates['coordinates'].count.positive?
-        return cached_server_response
-      end
+      return cached_server_response unless remaining_coordinates['coordinates'].count.positive?
       remaining_coordinates['coordinates'].each_slice(128).to_a.each do |coords|
         res_json = JSON.parse(call_oss_index({ 'coordinates' => coords }))
-        cached_server_response = cached_server_response.concat(res_json)
+        cached_server_response.concat(res_json)
         @db.save_values_to_db(res_json)
       end
@@ -57,15 +56,15 @@ module Chelsea
     private
-    def _cache(coordinates)
+    def _cache(coordinates) # rubocop:disable Metrics/MethodLength
       new_coords = { 'coordinates' => [] }
       cached_server_response = []
       coordinates['coordinates'].each do |coord|
         record = @db.get_cached_value_from_db(coord)
-        if !record.nil?
-          cached_server_response << record
-        else
+        if record.nil?
           new_coords['coordinates'].push(coord)
+        else
+          cached_server_response << record
         end
       end
       [new_coords, cached_server_response]

data/lib/chelsea/spinner.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -18,8 +20,9 @@ require 'tty-spinner'
 require 'pastel'
 module Chelsea
+  # the spinner we use in Chelsea, needs work
   class Spinner
-    def initialize()
+    def initialize
       @pastel = Pastel.new
     end

data/lib/chelsea/version.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -15,5 +17,5 @@
 #
 module Chelsea
-  VERSION = '0.0.23'.freeze
+  VERSION = '0.0.28'
 end

data/license-excludes.xml CHANGED

@@ -9,4 +9,5 @@
   <exclude>src/chelsea.gemspec</exclude>
   <exclude>src/CODE_OF_CONDUCT.md</exclude>
   <exclude>src/CONTRIBUTORS.md</exclude>
+  <exclude>src/SECURITY.md</exclude>
 </excludes>

metadata CHANGED

@@ -1,57 +1,49 @@
 --- !ruby/object:Gem::Specification
 name: chelsea
 version: !ruby/object:Gem::Version
-  version: 0.0.23
+  version: 0.0.28
 platform: ruby
 authors:
 - Allister Beharry
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-10-07 00:00:00.000000000 Z
+date: 2021-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: tty-font
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.5.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.5.0
-- !ruby/object:Gem::Dependency
-  name: tty-spinner
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
+        version: 1.2.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 0.9.3
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.9.3
+        version: 1.2.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
-  name: slop
+  name: ox
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.8.1
+        version: 2.13.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.8.1
+        version: 2.13.2
 - !ruby/object:Gem::Dependency
   name: pastel
   requirement: !ruby/object:Gem::Requirement
@@ -81,144 +73,137 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 2.0.2
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: slop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.2.0
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: 4.8.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.2.0
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: 4.8.1
 - !ruby/object:Gem::Dependency
-  name: ox
+  name: tty-font
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.13.2
+        version: 0.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.13.2
+        version: 0.5.0
 - !ruby/object:Gem::Dependency
-  name: tty-table
+  name: tty-spinner
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.11.0
+        version: 0.9.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.11.0
+        version: 0.9.3
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: tty-table
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
-  type: :development
+        version: 0.11.0
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: 0.11.0
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 11.1.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 11.1.2
 - !ruby/object:Gem::Dependency
-  name: rspec_junit_formatter
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.1
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.1
+        version: '12.3'
 - !ruby/object:Gem::Dependency
-  name: webmock
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.3
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.3
+        version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: rspec_junit_formatter
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 11.1.2
+        version: 0.4.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 11.1.2
+        version: 0.4.1
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.8.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.8.3
 description:
 email:
 - allister.beharry@gmail.com
 executables:
 - chelsea
 - console
-- setup
 extensions: []
 extra_rdoc_files: []
 files:
@@ -232,6 +217,7 @@ files:
 - ".github/pull_request_template.md"
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".vscode/launch.json"
 - CODE_OF_CONDUCT.md
 - CONTRIBUTORS.md
@@ -242,9 +228,9 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- SECURITY.md
 - bin/chelsea
 - bin/console
-- bin/setup
 - chelsea
 - chelsea.gemspec
 - docs/images/chelsea.png
@@ -282,7 +268,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.6.6
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="