chelsea 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/chelsea/deps.rb +8 -18
- data/lib/chelsea/gems.rb +5 -1
- data/lib/chelsea/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f1778ec5d4e68f4e48180d3ff4d5495bf742eb4b2b36e218b044e67248493c03
|
4
|
+
data.tar.gz: b07fd8484642d229301d5636a760cff9c4f205b2deea3f408cdcc92e3dc27f01
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 90756c847bafc522b3757631a738f334be228c5d042e5e05cb4e61eecfcb518b1c57770b4828e6e9f74f35fb732fde652873b6680904f7d7a0e19ef13f613d71
|
7
|
+
data.tar.gz: c74ce61cf769d2f4612ad5a6652efc017ab417a60184a6abd6a13316ddf59dd49795dd341692503a98cf925fe360423442c0ff4ba1fe4a1711f605e93da630bd
|
data/lib/chelsea/deps.rb
CHANGED
@@ -7,13 +7,13 @@ require 'json'
|
|
7
7
|
require 'rest-client'
|
8
8
|
require 'pstore'
|
9
9
|
|
10
|
-
|
11
10
|
module Chelsea
|
12
11
|
class Deps
|
13
|
-
attr_reader :server_response, :reverse_dependencies, :coordinates
|
12
|
+
attr_reader :server_response, :reverse_dependencies, :coordinates, :dependencies
|
14
13
|
|
15
14
|
def initialize(path: , quiet: false)
|
16
15
|
@path, @quiet = path, quiet
|
16
|
+
ENV['BUNDLE_GEMFILE'] = File.expand_path(path).chomp(".lock")
|
17
17
|
|
18
18
|
begin
|
19
19
|
@lockfile = Bundler::LockfileParser.new(
|
@@ -30,14 +30,6 @@ module Chelsea
|
|
30
30
|
@server_response = []
|
31
31
|
@store = PStore.new(_get_db_store_location())
|
32
32
|
end
|
33
|
-
|
34
|
-
def to_h(reverse: false)
|
35
|
-
if reverse
|
36
|
-
@reverse_dependencies
|
37
|
-
else
|
38
|
-
@dependencies
|
39
|
-
end
|
40
|
-
end
|
41
33
|
|
42
34
|
def nil?
|
43
35
|
@dependencies.empty?
|
@@ -51,6 +43,7 @@ module Chelsea
|
|
51
43
|
"chelsea/#{Chelsea::VERSION}"
|
52
44
|
end
|
53
45
|
|
46
|
+
# Parses specs from lockfile instanct var and inserts into dependenices instance var
|
54
47
|
def get_dependencies
|
55
48
|
@lockfile.specs.each do |gem|\
|
56
49
|
begin
|
@@ -61,6 +54,7 @@ module Chelsea
|
|
61
54
|
end
|
62
55
|
end
|
63
56
|
|
57
|
+
# Collects all reverse dependencies in reverse_dependencies instance var
|
64
58
|
def get_reverse_dependencies
|
65
59
|
begin
|
66
60
|
reverse = Gem::Commands::DependencyCommand.new
|
@@ -71,6 +65,8 @@ module Chelsea
|
|
71
65
|
end
|
72
66
|
end
|
73
67
|
|
68
|
+
# Iterates over all dependencies and stores them
|
69
|
+
# in dependencies_versions and coordinates instance vars
|
74
70
|
def get_dependencies_versions_as_coordinates
|
75
71
|
@dependencies.each do |p, r|
|
76
72
|
o = r[0]
|
@@ -88,28 +84,22 @@ module Chelsea
|
|
88
84
|
end
|
89
85
|
end
|
90
86
|
|
91
|
-
# Makes
|
87
|
+
# Makes REST calls to OSS for vulnerabilities 128 coordinates at a time
|
88
|
+
# Checks cache and stores results in cache
|
92
89
|
def get_vulns()
|
93
90
|
_check_db_for_cached_values()
|
94
91
|
|
95
92
|
if @coordinates["coordinates"].count() > 0
|
96
93
|
chunked = Hash.new()
|
97
94
|
@coordinates["coordinates"].each_slice(128).to_a.each do |coords|
|
98
|
-
# Won't this return the first successful slice?
|
99
95
|
chunked["coordinates"] = coords
|
100
96
|
r = RestClient.post "https://ossindex.sonatype.org/api/v3/component-report", chunked.to_json,
|
101
97
|
{ content_type: :json, accept: :json, 'User-Agent': user_agent }
|
102
98
|
if r.code == 200
|
103
99
|
@server_response = @server_response.concat(JSON.parse(r.body))
|
104
100
|
_save_values_to_db(JSON.parse(r.body))
|
105
|
-
@server_response.count()
|
106
|
-
else
|
107
|
-
0
|
108
101
|
end
|
109
102
|
end
|
110
|
-
else
|
111
|
-
#IDGI
|
112
|
-
@server_response.count()
|
113
103
|
end
|
114
104
|
end
|
115
105
|
|
data/lib/chelsea/gems.rb
CHANGED
@@ -24,7 +24,9 @@ module Chelsea
|
|
24
24
|
@deps = Chelsea::Deps.new({path: Pathname.new(@file)})
|
25
25
|
end
|
26
26
|
|
27
|
-
|
27
|
+
# Audits depenencies using deps library and prints results
|
28
|
+
# using formatter library
|
29
|
+
def execute(input: $stdin, output: $stdout)
|
28
30
|
audit
|
29
31
|
if @deps.nil?
|
30
32
|
_print_err "No dependencies retrieved. Exiting."
|
@@ -37,6 +39,8 @@ module Chelsea
|
|
37
39
|
@formatter.do_print(@formatter.get_results(@deps))
|
38
40
|
end
|
39
41
|
|
42
|
+
# Runs through auditing algorithm, raising exceptions
|
43
|
+
# on REST calls made by @deps.get_vulns
|
40
44
|
def audit
|
41
45
|
unless @quiet
|
42
46
|
spinner = _spin_msg "Parsing dependencies"
|
data/lib/chelsea/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chelsea
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Allister Beharry
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-04-
|
11
|
+
date: 2020-04-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: tty-font
|