chelsea 0.0.26 → 0.0.31

data/lib/chelsea/formatters/json.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -18,12 +20,14 @@ require 'json'
 require_relative 'formatter'
 
 module Chelsea
+  # Produce output in json format
   class JsonFormatter < Formatter
     def initialize(options)
+      super()
       @options = options
     end
 
-    def get_results(server_response, reverse_deps)
+    def fetch_results(server_response, _reverse_deps)
       server_response.to_json
     end
 

data/lib/chelsea/formatters/text.rb

@@ -1,3 +1,6 @@
+# rubocop:disable Style/FrozenStringLiteralComment
+# rubocop:enable Style/FrozenStringLiteralComment
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -19,13 +22,16 @@ require 'tty-table'
 require_relative 'formatter'
 
 module Chelsea
+  # Produce output in text format
   class TextFormatter < Formatter
     def initialize(options)
+      super()
       @options = options
       @pastel = Pastel.new
     end
 
-    def get_results(server_response, reverse_dependencies)
+    # rubocop:disable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize
+    def fetch_results(server_response, reverse_dependencies) # rubocop:disable Metrics/MethodLength
       response = ''
       if @options[:verbose]
         response += "\n"\
@@ -65,6 +71,7 @@ module Chelsea
       response += table.render(:unicode)
       response
     end
+    # rubocop:enable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize
 
     def do_print(results)
       puts results
@@ -109,9 +116,7 @@ module Chelsea
     def _get_reverse_deps(coords, name)
       coords.each_with_object('') do |dep, s|
         dep.each do |gran|
-          if gran.class == String && !gran.include?(name)
-            s << "\tRequired by: #{gran}\n"
-          end
+          s << "\tRequired by: #{gran}\n" if gran.instance_of?(String) && !gran.include?(name)
         end
       end
     end

data/lib/chelsea/formatters/xml.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -17,12 +19,14 @@
 require 'ox'
 require_relative 'formatter'
 module Chelsea
+  # Produce output in xml format
   class XMLFormatter < Formatter
     def initialize(options)
+      super()
       @options = options
     end
 
-    def get_results(server_response, reverse_deps)
+    def fetch_results(server_response, _reverse_deps) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       doc = Ox::Document.new
       instruct = Ox::Instruct.new(:xml)
       instruct[:version] = '1.0'
@@ -37,13 +41,13 @@ module Chelsea
 
       server_response.each do |coord|
         testcase = Ox::Element.new('testcase')
-        testcase[:classname] = coord["coordinates"]
-        testcase[:name] = coord["coordinates"]
+        testcase[:classname] = coord['coordinates']
+        testcase[:name] = coord['coordinates']
 
         if coord['vulnerabilities'].length.positive?
           failure = Ox::Element.new('failure')
-          failure[:type] = "Vulnerable Dependency"
-          failure << get_vulnerability_block(coord["vulnerabilities"])
+          failure[:type] = 'Vulnerable Dependency'
+          failure << get_vulnerability_block(coord['vulnerabilities'])
           testcase << failure
           testsuite << testcase
         elsif @options[:verbose]
@@ -58,20 +62,20 @@ module Chelsea
       puts Ox.dump(results)
     end
 
-    def get_vulnerability_block(vulnerabilities)
-      vulnBlock = String.new
+    def get_vulnerability_block(vulnerabilities) # rubocop:disable Metrics/MethodLength
+      vuln_block = ''
       vulnerabilities.each do |vuln|
-        vulnBlock += "Vulnerability Title: #{vuln["title"]}\n"\
-                    "ID: #{vuln["id"]}\n"\
-                    "Description: #{vuln["description"]}\n"\
-                    "CVSS Score: #{vuln["cvssScore"]}\n"\
-                    "CVSS Vector: #{vuln["cvssVector"]}\n"\
-                    "CVE: #{vuln["cve"]}\n"\
-                    "Reference: #{vuln["reference"]}"\
+        vuln_block += "Vulnerability Title: #{vuln['title']}\n"\
+                    "ID: #{vuln['id']}\n"\
+                    "Description: #{vuln['description']}\n"\
+                    "CVSS Score: #{vuln['cvssScore']}\n"\
+                    "CVSS Vector: #{vuln['cvssVector']}\n"\
+                    "CVE: #{vuln['cve']}\n"\
+                    "Reference: #{vuln['reference']}"\
                     "\n"
       end
-      
-      vulnBlock
+
+      vuln_block
     end
   end
 end

data/lib/chelsea/gems.rb

@@ -15,6 +15,7 @@
 #
 
 # frozen_string_literal: true
+
 require 'pastel'
 require 'bundler'
 require 'bundler/lockfile_parser'
@@ -31,11 +32,10 @@ module Chelsea
   # Class to collect and audit packages from a Gemfile.lock
   class Gems
     attr_accessor :deps
-    def initialize(file:, verbose:, options: { 'format': 'text' })
+
+    def initialize(file:, verbose:, options: { format: 'text' }) # rubocop:disable Metrics/MethodLength
       @verbose = verbose
-      unless File.file?(file) || file.nil?
-        raise 'Gemfile.lock not found, check --file path'
-      end
+      raise 'Gemfile.lock not found, check --file path' unless File.file?(file) || file.nil?
 
       _silence_stderr unless @verbose
 
@@ -52,7 +52,7 @@ module Chelsea
     # Audits depenencies using deps library and prints results
     # using formatter library
 
-    def execute
+    def execute # rubocop:disable Metrics/MethodLength
       server_response, dependencies, reverse_dependencies = audit
       if dependencies.nil?
         _print_err 'No dependencies retrieved. Exiting.'
@@ -62,20 +62,19 @@ module Chelsea
         _print_success 'No vulnerability data retrieved from server. Exiting.'
         return
       end
-      results = @formatter.get_results(server_response, reverse_dependencies)
+      results = @formatter.fetch_results(server_response, reverse_dependencies)
       @formatter.do_print(results)
 
       server_response.map { |r| r['vulnerabilities'].length.positive? }.any?
     end
 
     def collect_iq
-      dependencies = @deps.dependencies
-      dependencies
+      @deps.dependencies
     end
 
     # Runs through auditing algorithm, raising exceptions
     # on REST calls made by @deps.get_vulns
-    def audit
+    def audit # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       # This spinner management is out of control
       # we should wrap a block with start and stop messages,
       # or use a stack to ensure all spinners stop.
@@ -84,7 +83,7 @@ module Chelsea
       begin
         dependencies = @deps.dependencies
         spin.success('...done.')
-      rescue StandardError => e
+      rescue StandardError
         spin.stop
         _print_err "Parsing dependency line #{gem} failed."
       end
@@ -100,16 +99,16 @@ module Chelsea
       begin
         server_response = @client.get_vulns(coordinates)
         spin.success('...done.')
-      rescue SocketError => e
+      rescue SocketError
         spin.stop('...request failed.')
         _print_err 'Socket error getting data from OSS Index server.'
       rescue RestClient::RequestFailed => e
         spin.stop('...request failed.')
         _print_err "Error getting data from OSS Index server:#{e.response}."
-      rescue RestClient::ResourceNotFound => e
+      rescue RestClient::ResourceNotFound
         spin.stop('...request failed.')
         _print_err 'Error getting data from OSS Index server. Resource not found.'
-      rescue Errno::ECONNREFUSED => e
+      rescue Errno::ECONNREFUSED
         spin.stop('...request failed.')
         _print_err 'Error getting data from OSS Index server. Connection refused.'
       end
@@ -122,12 +121,12 @@ module Chelsea
       $stderr.reopen('/dev/null', 'w')
     end
 
-    def _print_err(s)
-      puts @pastel.red.bold(s)
+    def _print_err(msg)
+      puts @pastel.red.bold(msg)
     end
 
-    def _print_success(s)
-      puts @pastel.green.bold(s)
+    def _print_success(msg)
+      puts @pastel.green.bold(msg)
     end
   end
 end

data/lib/chelsea/iq_client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -17,12 +19,13 @@
 require 'rest-client'
 require 'json'
 require 'pastel'
+require 'uri'
 
 require_relative 'spinner'
 
 module Chelsea
-  class IQClient
-
+  # IQ audit operations
+  class IQClient # rubocop:disable Metrics/ClassLength
     DEFAULT_OPTIONS = {
       public_application_id: 'testapp',
       server_url: 'http://localhost:8070',
@@ -30,15 +33,16 @@ module Chelsea
       auth_token: 'admin123',
       internal_application_id: '',
       stage: 'build'
-    }
+    }.freeze
+
     def initialize(options: DEFAULT_OPTIONS)
       @options = options
       @pastel = Pastel.new
       @spinner = Chelsea::Spinner.new
     end
 
-    def post_sbom(sbom)
-      spin = @spinner.spin_msg "Submitting sbom to Nexus IQ Server"
+    def post_sbom(sbom) # rubocop:disable Metrics/MethodLength
+      spin = @spinner.spin_msg 'Submitting sbom to Nexus IQ Server'
       @internal_application_id = _get_internal_application_id
       resource = RestClient::Resource.new(
         _api_url,
@@ -46,8 +50,8 @@ module Chelsea
         password: @options[:auth_token]
       )
       res = resource.post sbom.to_s, _headers.merge(content_type: 'application/xml')
-      unless res.code != 202
-        spin.success("...done.")
+      if res.code == 202
+        spin.success('...done.')
         status_url(res)
       else
         spin.stop('...request failed.')
@@ -61,33 +65,51 @@ module Chelsea
     end
 
     def poll_status(url)
-      spin = @spinner.spin_msg "Polling Nexus IQ Server for results"
+      spin = @spinner.spin_msg 'Polling Nexus IQ Server for results'
       loop do
-        begin
-          res = _poll_iq_server(url)
-          if res.code == 200
-            spin.success("...done.")
-            _handle_response(res)
-            break
-          end
-        rescue
-          sleep(1)
+        res = _poll_iq_server(url)
+        if res.code == 200
+          spin.success('...done.')
+          return _handle_response(res)
         end
+      rescue StandardError
+        sleep(1)
       end
     end
 
+    # colors to use when printing message
+    COLOR_FAILURE = 31
+    COLOR_WARNING = 33 # want yellow, but doesn't appear to print
+    COLOR_NONE = 32
+    # Known policy actions
+    POLICY_ACTION_FAILURE = 'Failure'
+    POLICY_ACTION_WARNING = 'Warning'
+    POLICY_ACTION_NONE = 'None'
+
     private
 
-    def _handle_response(res)
+    def _handle_response(res) # rubocop:disable Metrics/MethodLength
       res = JSON.parse(res.body)
-      unless res['policyAction'] == 'Failure'
-        puts @pastel.white.bold("Hi! Chelsea here, no policy violations for this audit!")
-        puts @pastel.white.bold("Report URL: #{res['reportHtmlUrl']}")
-        exit 0
+      # get absolute report url
+      absolute_report_html_url = URI.join(@options[:server_url], res['reportHtmlUrl'])
+
+      case res['policyAction']
+      when POLICY_ACTION_FAILURE
+        ['Hi! Chelsea here, you have some policy violations to clean up!'\
+          "\nReport URL: #{absolute_report_html_url}",
+         COLOR_FAILURE, 1]
+      when POLICY_ACTION_WARNING
+        ['Hi! Chelsea here, you have some policy warnings to peck at!'\
+        "\nReport URL: #{absolute_report_html_url}",
+         COLOR_WARNING, 0]
+      when POLICY_ACTION_NONE
+        ['Hi! Chelsea here, no policy violations for this audit!'\
+        "\nReport URL: #{absolute_report_html_url}",
+         COLOR_NONE, 0]
       else
-        puts @pastel.red.bold("Hi! Chelsea here, you have some policy violations to clean up!")
-        puts @pastel.red.bold("Report URL: #{res['reportHtmlUrl']}")
-        exit 1
+        ['Hi! Chelsea here, no policy violations for this audit, but unknown policy action!'\
+        "\nReport URL: #{absolute_report_html_url}",
+         COLOR_FAILURE, 1]
       end
     end
 
@@ -115,33 +137,37 @@ module Chelsea
       res['statusUrl']
     end
 
-    private
-
-    def _poll_status
+    def _poll_status # rubocop:disable Metrics/MethodLength
       return unless @status_url
 
       loop do
-        begin
-          res = check_status(@status_url)
-          if res.code == 200
-            puts JSON.parse(res.body)
-            break
-          end
-        rescue RestClient::ResourceNotFound => _e
-          print '.'
-          sleep(1)
+        res = check_status(@status_url)
+        if res.code == 200
+          puts JSON.parse(res.body)
+          break
         end
+      rescue RestClient::ResourceNotFound => _e
+        print '.'
+        sleep(1)
       end
     end
 
-    def _get_internal_application_id
+    def _get_internal_application_id # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       resource = RestClient::Resource.new(
         _internal_application_id_api_url,
         user: @options[:username],
         password: @options[:auth_token]
       )
       res = resource.get _headers
+      if res.code != 200
+        puts "failure reading application id: #{@options[:public_application_id]}. response status: #{res.code}"
+        return
+      end
       body = JSON.parse(res)
+      if body['applications'].empty?
+        puts "failed to get internal application id for IQ application id: #{@options[:public_application_id]}"
+        return
+      end
       body['applications'][0]['id']
     end
 
@@ -150,7 +176,9 @@ module Chelsea
     end
 
     def _api_url
+      # rubocop:disable Layout/LineLength
       "#{@options[:server_url]}/api/v2/scan/applications/#{@internal_application_id}/sources/chelsea?stageId=#{@options[:stage]}"
+      # rubocop:enable Layout/LineLength
     end
 
     def _internal_application_id_api_url

data/lib/chelsea/oss_index.rb

@@ -21,11 +21,12 @@ require 'rest-client'
 require_relative 'db'
 
 module Chelsea
+  # OSS Index audit operations
   class OSSIndex
     DEFAULT_OPTIONS = {
       oss_index_username: '',
       oss_index_user_token: ''
-    }
+    }.freeze
     def initialize(options: DEFAULT_OPTIONS)
       @oss_index_user_name = options[:oss_index_user_name]
       @oss_index_user_token = options[:oss_index_user_token]
@@ -37,13 +38,11 @@ module Chelsea
 
     def get_vulns(coordinates)
       remaining_coordinates, cached_server_response = _cache(coordinates)
-      unless remaining_coordinates['coordinates'].count.positive?
-        return cached_server_response
-      end
+      return cached_server_response unless remaining_coordinates['coordinates'].count.positive?
 
       remaining_coordinates['coordinates'].each_slice(128).to_a.each do |coords|
         res_json = JSON.parse(call_oss_index({ 'coordinates' => coords }))
-        cached_server_response = cached_server_response.concat(res_json)
+        cached_server_response.concat(res_json)
         @db.save_values_to_db(res_json)
       end
 
@@ -57,15 +56,15 @@ module Chelsea
 
     private
 
-    def _cache(coordinates)
+    def _cache(coordinates) # rubocop:disable Metrics/MethodLength
       new_coords = { 'coordinates' => [] }
       cached_server_response = []
       coordinates['coordinates'].each do |coord|
         record = @db.get_cached_value_from_db(coord)
-        if !record.nil?
-          cached_server_response << record
-        else
+        if record.nil?
           new_coords['coordinates'].push(coord)
+        else
+          cached_server_response << record
         end
       end
       [new_coords, cached_server_response]