chelsea 0.0.26 → 0.0.31

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -14,9 +16,9 @@
 # limitations under the License.
 #
 
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
 
 RSpec::Core::RakeTask.new(:spec)
 
-task :default => :spec
+task default: :spec

data/bin/chelsea

@@ -16,7 +16,8 @@
 #
 
 # frozen_string_literal: true
-require_relative "../lib/chelsea"
+
+require_relative '../lib/chelsea'
 require 'slop'
 opts =
   begin
@@ -31,13 +32,19 @@ opts =
       o.string '-iu', '--iquser', 'Specify the IQ username', default: 'admin'
       o.string '-it', '--iqpass', 'Specify the IQ auth token', default: 'admin123'
       o.string '-w', '--whitelist', 'Set path to vulnerability whitelist file'
-      o.bool '-v', '--verbose', 'For text format, list dependencies, their reverse dependencies (what brought them in to your project), and if they are vulnerable. (default: false)', default: false
-      o.string '-t', '--format', 'Choose what type of format you want your report in (default: text) (options: text, json, xml)', default: 'text'
+      o.bool '-v', '--verbose',
+             'For text format, list dependencies, their reverse dependencies (what brought them in to your project), and
+ if they are vulnerable. (default: false)', default: false
+      o.string '-t', '--format',
+               'Choose what type of format you want your report in (default: text) (options: text, json, xml)',
+               default: 'text'
       o.bool '-b', '--iq', 'Use Nexus IQ Server to audit your project'
-      o.string '-s', '--stage', 'Specify Nexus IQ Stage (default: build) (options: develop, build, stage-release, release, operate)', default: 'build'
+      o.string '-s', '--stage',
+               'Specify Nexus IQ Stage (default: build) (options: develop, build, stage-release, release, operate)',
+               default: 'build'
       o.on '--version', 'Print the version' do
-          puts Chelsea::VERSION
-          exit
+        puts Chelsea::VERSION
+        exit
       end
       o.on '-h', '--help', 'Show usage' do
         puts(o)
@@ -45,7 +52,7 @@ opts =
       end
     end
   rescue Slop::Error => e
-    puts(e.message + ' (try --help)')
+    puts("#{e.message} (try --help)")
     exit 1
   end
 if opts.arguments.count.positive?

data/bin/console

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -15,9 +17,8 @@
 # limitations under the License.
 #
 
+require 'bundler/setup'
+require 'chelsea'
 
-require "bundler/setup"
-require "chelsea"
-
-require "irb"
+require 'irb'
 IRB.start(__FILE__)

data/chelsea.gemspec

@@ -1,42 +1,43 @@
+# frozen_string_literal: true
 
-lib = File.expand_path("../lib", __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "chelsea/version"
+require 'chelsea/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "chelsea"
-  spec.license       = "Apache-2.0"
+  spec.name          = 'chelsea'
+  spec.license       = 'Apache-2.0'
   spec.version       = Chelsea::VERSION
-  spec.authors       = ["Allister Beharry"]
-  spec.email         = ["allister.beharry@gmail.com"]
+  spec.authors       = ['Allister Beharry']
+  spec.email         = ['allister.beharry@gmail.com']
+  spec.required_ruby_version = '>= 2.6.6'
 
-  spec.summary       = "Audit Ruby package dependencies for security vulnerabilities."
-  spec.homepage      = "https://github.com/sonatype-nexus-community/chelsea"
-  
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = "https://github.com/sonatype-nexus-community/chelsea"
-  spec.metadata["changelog_uri"] = "https://github.com/sonatype-nexus-community/chelsea/CHANGELOG"
+  spec.summary       = 'Audit Ruby package dependencies for security vulnerabilities.'
+  spec.homepage      = 'https://github.com/sonatype-nexus-community/chelsea'
 
-  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/sonatype-nexus-community/chelsea'
+  spec.metadata['changelog_uri'] = 'https://github.com/sonatype-nexus-community/chelsea/CHANGELOG'
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
-  spec.bindir        = "bin"
+  spec.bindir        = 'bin'
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_dependency "tty-font", "~> 0.5.0"
-  spec.add_dependency "tty-spinner", "~> 0.9.3"
-  spec.add_dependency "slop", "~> 4.8.1"
-  spec.add_dependency "pastel", "~> 0.7.2"
-  spec.add_dependency "rest-client", "~> 2.0.2"
-  spec.add_dependency "bundler", ">= 1.2.0", "< 3"
-  spec.add_dependency "ox", "~> 2.13.2"
-  spec.add_dependency "tty-table", "~> 0.11.0"
+  spec.add_dependency 'bundler', '>= 1.2.0', '< 3'
+  spec.add_dependency 'ox', '~> 2.13.2'
+  spec.add_dependency 'pastel', '~> 0.7.2'
+  spec.add_dependency 'rest-client', '~> 2.0.2'
+  spec.add_dependency 'slop', '~> 4.8.1'
+  spec.add_dependency 'tty-font', '~> 0.5.0'
+  spec.add_dependency 'tty-spinner', '~> 0.9.3'
+  spec.add_dependency 'tty-table', '~> 0.11.0'
 
-  spec.add_development_dependency "rake", "~> 12.3"
-  spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency "rspec_junit_formatter", "~> 0.4.1"
-  spec.add_development_dependency "webmock", "~> 3.8.3"
-  spec.add_development_dependency "byebug", "~> 11.1.2"
-  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'byebug', '~> 11.1.2'
+  spec.add_development_dependency 'rake', '~> 12.3'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rspec_junit_formatter', '~> 0.4.1'
+  spec.add_development_dependency 'webmock', '~> 3.8.3'
 end

data/lib/chelsea/bom.rb

@@ -40,7 +40,7 @@ module Chelsea
     end
 
     def random_urn_uuid
-      'urn:uuid:' + SecureRandom.uuid
+      "urn:uuid:#{SecureRandom.uuid}"
     end
 
     private
@@ -87,8 +87,8 @@ module Chelsea
       component
     end
 
-    def _show_logo
-      logo = %Q(
+    def _show_logo # rubocop:disable Metrics/MethodLength
+      logo = %(
                           -o/
                       -+hNmNN-
     .:+osyhddddyso/-``ody+-  .NN.

data/lib/chelsea/cli.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -26,7 +28,7 @@ require_relative 'config'
 module Chelsea
   ##
   # This class provides an interface to the oss index, gems and deps
-  class CLI
+  class CLI # rubocop:disable Metrics/ClassLength
     def initialize(opts)
       @opts = opts
       @pastel = Pastel.new
@@ -34,22 +36,28 @@ module Chelsea
       _show_logo # Move to formatter
     end
 
-    def process!
+    # rubocop:disable Metrics/CyclomaticComplexity
+    def process! # rubocop:disable Metrics/AbcSize, Metrics/MethodLength,  Metrics/PerceivedComplexity
       if @opts.config?
         _set_config # move to init
       elsif @opts.clear?
         require_relative 'db'
-        Chelsea::DB.new().clear_cache
-        puts "OSS Index cache cleared"
+        Chelsea::DB.new.clear_cache
+        puts 'OSS Index cache cleared'
       elsif @opts.file? && @opts.iq?
         dependencies = _process_file_iq
         _submit_sbom(dependencies)
+      elsif !@opts.file? && @opts.iq?
+        abort 'Missing the --file argument. It is required with the --iq argument.'
       elsif @opts.file?
         _process_file
       elsif @opts.help? # quit on opts.help earlier
         puts _cli_flags # this doesn't exist
+      else
+        abort 'Missing arguments! Chelsea did nothing. Try providing the --file <Gemfile.lock> argument.'
       end
     end
+    # rubocop:enable Metrics/CyclomaticComplexity
 
     def self.version
       Chelsea::VERSION
@@ -57,7 +65,7 @@ module Chelsea
 
     private
 
-    def _submit_sbom(gems)
+    def _submit_sbom(gems) # rubocop:disable Metrics/MethodLength
       iq = Chelsea::IQClient.new(
         options: {
           public_application_id: @opts[:application],
@@ -70,10 +78,29 @@ module Chelsea
       bom = Chelsea::Bom.new(gems.deps.dependencies).collect
 
       status_url = iq.post_sbom(bom)
-      
+
       return unless status_url
 
-      iq.poll_status(status_url)
+      msg, color, exit_code = iq.poll_status(status_url)
+      show_status(msg, color)
+      # this may not be very ruby-esque, but `return exit_code` and `exit_code` didn't result in the desired exit status
+      exit exit_code
+    end
+
+    def show_status(msg, color)
+      case color
+      when Chelsea::IQClient::COLOR_FAILURE
+        puts @pastel.red.bold(msg)
+      when Chelsea::IQClient::COLOR_WARNING
+        # want yellow, but that doesn't print
+        # puts @pastel.color.bold(msg, color)
+        puts @pastel.blue.blue(msg)
+      when Chelsea::IQClient::COLOR_NONE
+        # want yellow, but that doesn't print
+        puts @pastel.green.bold(msg)
+      else
+        puts @pastel.bold(msg)
+      end
     end
 
     def _process_file
@@ -108,7 +135,7 @@ module Chelsea
 
     def _flags_set?
       # I'm still unsure what this is trying to express
-      valid_flags = _flags.collect {|arg| @opts[arg] }.compact
+      valid_flags = _flags.collect { |arg| @opts[arg] }.compact
       valid_flags.count > 1
     end
 
@@ -120,7 +147,7 @@ module Chelsea
     def _show_logo
       font = TTY::Font.new(:doom)
       puts @pastel.green(font.write('Chelsea'))
-      puts @pastel.green('Version: ' + CLI.version)
+      puts @pastel.green("Version: #{CLI.version}")
     end
 
     def _load_config

data/lib/chelsea/config.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -17,6 +19,7 @@
 require 'yaml'
 require_relative 'oss_index'
 
+# Saved credentials
 module Chelsea
   @oss_index_config_location = File.join(Dir.home.to_s, '.ossindex')
   @oss_index_config_filename = '.oss-index-config'
@@ -43,10 +46,8 @@ module Chelsea
     @client
   end
 
-  def self.oss_index_config
-    if !File.exist? File.join(@oss_index_config_location, @oss_index_config_filename)
-      { oss_index_user_name: '', oss_index_user_token: '' }
-    else
+  def self.oss_index_config # rubocop:disable Metrics/MethodLength
+    if File.exist? File.join(@oss_index_config_location, @oss_index_config_filename)
       conf_hash = YAML.safe_load(
         File.read(
           File.join(@oss_index_config_location, @oss_index_config_filename)
@@ -56,6 +57,8 @@ module Chelsea
         oss_index_user_name: conf_hash['Username'],
         oss_index_user_token: conf_hash['Token']
       }
+    else
+      { oss_index_user_name: '', oss_index_user_token: '' }
     end
   end
 
@@ -71,20 +74,18 @@ module Chelsea
     config = {}
 
     puts 'What username do you want to authenticate as (ex: your email address)? '
-    config['Username'] = STDIN.gets.chomp
+    config['Username'] = $stdin.gets.chomp
 
     puts 'What token do you want to use? '
-    config['Token'] = STDIN.gets.chomp
+    config['Token'] = $stdin.gets.chomp
 
     _write_oss_index_config_file(config)
   end
 
   def self._write_oss_index_config_file(config)
-    unless File.exist? @oss_index_config_location
-      Dir.mkdir(@oss_index_config_location)
-    end
-    File.open(File.join(@oss_index_config_location, @oss_index_config_filename), "w") do |file|
+    Dir.mkdir(@oss_index_config_location) unless File.exist? @oss_index_config_location
+    File.open(File.join(@oss_index_config_location, @oss_index_config_filename), 'w') do |file|
       file.write config.to_yaml
     end
   end
-end
+end

data/lib/chelsea/db.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -17,6 +19,7 @@
 require 'pstore'
 
 module Chelsea
+  # OSS Index data cache
   class DB
     def initialize
       @store = PStore.new(_get_db_store_location)
@@ -45,7 +48,7 @@ module Chelsea
       end
     end
 
-    def _get_db_store_location()
+    def _get_db_store_location
       initial_path = File.join(Dir.home.to_s, '.ossindex')
       Dir.mkdir(initial_path) unless File.exist? initial_path
       File.join(initial_path, 'chelsea.pstore')

data/lib/chelsea/dependency_exception.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -15,8 +17,9 @@
 #
 
 module Chelsea
+  # Project dependency exception
   class DependencyException < StandardError
-    def initialize(msg="This is a custom exception", exception_type="custom")
+    def initialize(msg = 'This is a custom exception', exception_type = 'custom')
       @exception_type = exception_type
       super(msg)
     end

data/lib/chelsea/deps.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -22,6 +24,7 @@ require 'json'
 require 'rest-client'
 
 module Chelsea
+  # Project dependencies
   class Deps
     def initialize(path:, verbose: false)
       @verbose = verbose
@@ -47,7 +50,7 @@ module Chelsea
 
     # Collects all reverse dependencies in reverse_dependencies instance var
     # this rescue block honks
-    def reverse_dependencies
+    def reverse_dependencies # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       reverse = Gem::Commands::DependencyCommand.new
       reverse.options[:reverse_dependencies] = true
       # We want to filter the reverses dependencies by specs in lockfile
@@ -68,7 +71,7 @@ module Chelsea
     # in dependencies_versions and coordinates instance vars
     def coordinates
       dependencies.each_with_object({ 'coordinates' => [] }) do |(name, v), coords|
-        coords['coordinates'] << self.class.to_purl(name, v[1]);
+        coords['coordinates'] << self.class.to_purl(name, v[1])
       end
     end
   end

data/lib/chelsea/formatters/factory.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -20,7 +22,7 @@ require_relative 'text'
 
 # Factory for formatting dependencies
 class FormatterFactory
-  def get_formatter(format: 'text', verbose:)
+  def get_formatter(verbose:, format: 'text')
     case format
     when 'text'
       Chelsea::TextFormatter.new verbose: verbose
@@ -28,7 +30,7 @@ class FormatterFactory
       Chelsea::JsonFormatter.new verbose: verbose
     when 'xml'
       Chelsea::XMLFormatter.new verbose: verbose
-    else
+    else # rubocop:disable Lint/DuplicateBranch
       Chelsea::TextFormatter.new verbose: verbose
     end
   end

data/lib/chelsea/formatters/formatter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -14,15 +16,17 @@
 # limitations under the License.
 #
 
+# Base formatter class
 class Formatter
-    def initialize
-        @pastel = Pastel.new
-    end
-    def get_results
-        raise 'must implement get_results method in subclass'
-    end
-    
-    def do_print
-        raise 'must implement do_print method in subclass'
-    end
-end
+  def initialize
+    @pastel = Pastel.new
+  end
+
+  def fetch_results
+    raise 'must implement get_results method in subclass'
+  end
+
+  def do_print
+    raise 'must implement do_print method in subclass'
+  end
+end