chelsea 0.0.6 → 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/bin/chelsea +4 -0
- data/lib/chelsea/cli.rb +17 -24
- data/lib/chelsea/config.rb +53 -0
- data/lib/chelsea/deps.rb +8 -12
- data/lib/chelsea/formatters/factory.rb +3 -3
- data/lib/chelsea/gems.rb +11 -2
- data/lib/chelsea/oss_index.rb +50 -0
- data/lib/chelsea/version.rb +1 -1
- metadata +3 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 52f656dfb244ce9739b9dff4ae38959a211bd38d5849a3c97bea14b43f2f5a3a
|
4
|
+
data.tar.gz: 06443dcea17e77700763020b47d899179c062dcfb8003c944628b1bf8bb8491b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 90bba2fec2be99b5168ba80366fffdff8774f3120bdfa50aa87720c6348b16628a1784ef1cb40cc20bfd31a7c1e50aa20eca9d5fb426e100421d568cc33eeae4
|
7
|
+
data.tar.gz: 4dfbbf3db3529e7ef257c71c4f30f9ecfb00adae8c7cd59dea98fe27380dc33b0724b5d34d078d6b740892b51eebc640bad1500045487fb77963baa66e6dd256
|
data/Gemfile.lock
CHANGED
data/bin/chelsea
CHANGED
@@ -6,6 +6,10 @@ opts =
|
|
6
6
|
begin
|
7
7
|
Slop.parse do |o|
|
8
8
|
o.string '-f', '--file', 'path to your Gemfile.lock'
|
9
|
+
o.bool '-c', '--config', 'Set persistent config for OSS Index'
|
10
|
+
o.string '-u', '--user', 'Specify OSS Index Username', default: ""
|
11
|
+
o.string '-p', '--token', 'Specify OSS Index API Token', default: ""
|
12
|
+
o.string '-w', '--whitelist', 'Set path to vulnerability whitelist file'
|
9
13
|
o.bool '-q', '--quiet', 'make chelsea only output vulnerable third party dependencies for text output (default: false)', default: false
|
10
14
|
o.string '-t', '--format', 'choose what type of format you want your report in (default: text) (options: text, json, xml)', default: 'text'
|
11
15
|
o.on '--version', 'print the version' do
|
data/lib/chelsea/cli.rb
CHANGED
@@ -4,6 +4,7 @@ require 'tty-font'
|
|
4
4
|
|
5
5
|
require_relative 'version'
|
6
6
|
require_relative 'gems'
|
7
|
+
require_relative 'config'
|
7
8
|
|
8
9
|
module Chelsea
|
9
10
|
##
|
@@ -18,12 +19,12 @@ module Chelsea
|
|
18
19
|
end
|
19
20
|
|
20
21
|
def process!
|
22
|
+
if @opts.config?
|
23
|
+
_try_set_config()
|
24
|
+
end
|
21
25
|
if @opts.file?
|
22
|
-
@gems = Chelsea::Gems.new(file: @opts[:file])
|
26
|
+
@gems = Chelsea::Gems.new(file: @opts[:file], quiet: false, options: @opts)
|
23
27
|
@gems.execute
|
24
|
-
elsif @opts.help?
|
25
|
-
puts _cli_flags
|
26
|
-
|
27
28
|
end
|
28
29
|
end
|
29
30
|
|
@@ -35,28 +36,10 @@ module Chelsea
|
|
35
36
|
|
36
37
|
protected
|
37
38
|
|
38
|
-
def _cli_flags
|
39
|
-
opts = Slop::Options.new
|
40
|
-
opts.banner = "usage: chelsea [options] ..."
|
41
|
-
opts.separator ""
|
42
|
-
opts.separator 'Options:'
|
43
|
-
opts.bool '-h', '--help', 'show usage'
|
44
|
-
opts.bool '-q', '--quiet', 'make chelsea only output vulnerable third party dependencies for text output (default: false)', default: false
|
45
|
-
opts.string '-t', '--format', 'choose what type of format you want your report in (default: text) (options: text, json, xml)', default: 'text'
|
46
|
-
opts.string '-f', '--file', 'path to your Gemfile.lock'
|
47
|
-
opts.on '--version', 'print the version' do
|
48
|
-
puts version()
|
49
|
-
exit
|
50
|
-
end
|
51
|
-
|
52
|
-
opts
|
53
|
-
end
|
54
|
-
|
55
39
|
def _flags_error
|
56
40
|
# should be custom exception!
|
57
41
|
switches = _flags.collect {|f| "--#{f}"}
|
58
|
-
|
59
|
-
puts
|
42
|
+
|
60
43
|
abort "please set one of #{switches}"
|
61
44
|
end
|
62
45
|
|
@@ -75,7 +58,7 @@ module Chelsea
|
|
75
58
|
|
76
59
|
def _flags
|
77
60
|
# Seems wrong, should all be handled by bin
|
78
|
-
[:file, :help]
|
61
|
+
[:file, :help, :config]
|
79
62
|
end
|
80
63
|
|
81
64
|
def _show_logo()
|
@@ -83,5 +66,15 @@ module Chelsea
|
|
83
66
|
puts @pastel.green(font.write("Chelsea"))
|
84
67
|
puts @pastel.green("Version: " + CLI::version)
|
85
68
|
end
|
69
|
+
|
70
|
+
def _try_load_config()
|
71
|
+
config = Chelsea::Config.new
|
72
|
+
oss_index_config = config.get_oss_index_config()
|
73
|
+
end
|
74
|
+
|
75
|
+
def _try_set_config()
|
76
|
+
config = Chelsea::Config.new
|
77
|
+
config.get_oss_index_config_from_command_line()
|
78
|
+
end
|
86
79
|
end
|
87
80
|
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
|
3
|
+
module Chelsea
|
4
|
+
class Config
|
5
|
+
def initialize(opts = {})
|
6
|
+
@oss_index_config_location = File.join("#{Dir.home}", ".ossindex")
|
7
|
+
@oss_index_config_filename = ".oss-index-config"
|
8
|
+
end
|
9
|
+
|
10
|
+
def get_oss_index_config()
|
11
|
+
if !File.exist? File.join(@oss_index_config_location, @oss_index_config_filename)
|
12
|
+
return {}
|
13
|
+
else
|
14
|
+
oss_index_config = YAML.load(File.read(File.join(@oss_index_config_location, @oss_index_config_filename)))
|
15
|
+
|
16
|
+
oss_index_config
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def get_white_list_vuln_config(white_list_config_path)
|
21
|
+
if white_list_config_path.nil?
|
22
|
+
white_list_vuln_config = YAML.load(File.read(File.join(Dir.pwd, "chelsea-ignore.yaml")))
|
23
|
+
else
|
24
|
+
white_list_vuln_config = YAML.load(File.read(white_list_config_path))
|
25
|
+
end
|
26
|
+
|
27
|
+
white_list_vuln_config
|
28
|
+
end
|
29
|
+
|
30
|
+
def get_oss_index_config_from_command_line()
|
31
|
+
config = {}
|
32
|
+
|
33
|
+
puts "What username do you want to authenticate as (ex: your email address)? "
|
34
|
+
config["Username"] = STDIN.gets.chomp
|
35
|
+
|
36
|
+
puts "What token do you want to use? "
|
37
|
+
config["Token"] = STDIN.gets.chomp
|
38
|
+
|
39
|
+
_set_oss_index_config(config)
|
40
|
+
end
|
41
|
+
|
42
|
+
private
|
43
|
+
|
44
|
+
def _set_oss_index_config(config)
|
45
|
+
Dir.mkdir(@oss_index_config_location) unless File.exists? @oss_index_config_location
|
46
|
+
|
47
|
+
File.open(File.join(@oss_index_config_location, @oss_index_config_filename), "w") do |file|
|
48
|
+
file.write config.to_yaml
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
end
|
53
|
+
end
|
data/lib/chelsea/deps.rb
CHANGED
@@ -2,16 +2,19 @@ require 'bundler'
|
|
2
2
|
require 'bundler/lockfile_parser'
|
3
3
|
require 'rubygems'
|
4
4
|
require 'rubygems/commands/dependency_command'
|
5
|
-
require_relative 'dependency_exception'
|
6
5
|
require 'json'
|
7
6
|
require 'rest-client'
|
8
7
|
require 'pstore'
|
9
8
|
|
9
|
+
require_relative 'dependency_exception'
|
10
|
+
require_relative 'oss_index'
|
11
|
+
|
10
12
|
module Chelsea
|
11
13
|
class Deps
|
12
14
|
attr_reader :server_response, :reverse_dependencies, :coordinates, :dependencies
|
13
15
|
|
14
|
-
def initialize(path: , quiet: false)
|
16
|
+
def initialize(path: , oss_index_client: , quiet: false)
|
17
|
+
@oss_index_client = oss_index_client
|
15
18
|
@path, @quiet = path, quiet
|
16
19
|
ENV['BUNDLE_GEMFILE'] = File.expand_path(path).chomp(".lock")
|
17
20
|
|
@@ -39,10 +42,6 @@ module Chelsea
|
|
39
42
|
return "pkg:gem/#{name}@#{version}"
|
40
43
|
end
|
41
44
|
|
42
|
-
def user_agent
|
43
|
-
"chelsea/#{Chelsea::VERSION}"
|
44
|
-
end
|
45
|
-
|
46
45
|
# Parses specs from lockfile instanct var and inserts into dependenices instance var
|
47
46
|
def get_dependencies
|
48
47
|
@lockfile.specs.each do |gem|\
|
@@ -93,12 +92,9 @@ module Chelsea
|
|
93
92
|
chunked = Hash.new()
|
94
93
|
@coordinates["coordinates"].each_slice(128).to_a.each do |coords|
|
95
94
|
chunked["coordinates"] = coords
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
@server_response = @server_response.concat(JSON.parse(r.body))
|
100
|
-
_save_values_to_db(JSON.parse(r.body))
|
101
|
-
end
|
95
|
+
res_json = @oss_index_client.call_oss_index(chunked)
|
96
|
+
@server_response = @server_response.concat(res_json)
|
97
|
+
_save_values_to_db(res_json)
|
102
98
|
end
|
103
99
|
end
|
104
100
|
end
|
@@ -6,11 +6,11 @@ class FormatterFactory
|
|
6
6
|
def get_formatter(format: 'text', options: {})
|
7
7
|
case format
|
8
8
|
when 'text'
|
9
|
-
Chelsea::TextFormatter.new(
|
9
|
+
Chelsea::TextFormatter.new()
|
10
10
|
when 'json'
|
11
|
-
Chelsea::JsonFormatter.new(
|
11
|
+
Chelsea::JsonFormatter.new()
|
12
12
|
when 'xml'
|
13
|
-
Chelsea::XMLFormatter.new(
|
13
|
+
Chelsea::XMLFormatter.new()
|
14
14
|
end
|
15
15
|
end
|
16
16
|
end
|
data/lib/chelsea/gems.rb
CHANGED
@@ -20,8 +20,8 @@ module Chelsea
|
|
20
20
|
raise "Gemfile.lock not found, check --file path"
|
21
21
|
end
|
22
22
|
@pastel = Pastel.new
|
23
|
-
@formatter = FormatterFactory.new.get_formatter(@options)
|
24
|
-
@deps = Chelsea::Deps.new({path: Pathname.new(@file)})
|
23
|
+
@formatter = FormatterFactory.new.get_formatter(format: @options[:format], options: @options)
|
24
|
+
@deps = Chelsea::Deps.new({path: Pathname.new(@file), oss_index_client: Chelsea::OSSIndex.new(oss_index_user_name: @options[:user], oss_index_user_token: @options[:token])})
|
25
25
|
end
|
26
26
|
|
27
27
|
# Audits depenencies using deps library and prints results
|
@@ -36,6 +36,9 @@ module Chelsea
|
|
36
36
|
_print_err "No vulnerability data retrieved from server. Exiting."
|
37
37
|
return
|
38
38
|
end
|
39
|
+
# if !@options[:whitelist]
|
40
|
+
|
41
|
+
# end
|
39
42
|
@formatter.do_print(@formatter.get_results(@deps))
|
40
43
|
end
|
41
44
|
|
@@ -48,6 +51,9 @@ module Chelsea
|
|
48
51
|
|
49
52
|
begin
|
50
53
|
@deps.get_dependencies
|
54
|
+
unless @quiet
|
55
|
+
spinner.success("...done.")
|
56
|
+
end
|
51
57
|
rescue StandardError => e
|
52
58
|
unless @quiet
|
53
59
|
spinner.stop
|
@@ -71,6 +77,9 @@ module Chelsea
|
|
71
77
|
|
72
78
|
begin
|
73
79
|
@deps.get_vulns
|
80
|
+
unless @quiet
|
81
|
+
spinner.success("...done.")
|
82
|
+
end
|
74
83
|
rescue SocketError => e
|
75
84
|
unless @quiet
|
76
85
|
spinner.stop("...request failed.")
|
@@ -0,0 +1,50 @@
|
|
1
|
+
require_relative 'config'
|
2
|
+
require 'rest-client'
|
3
|
+
|
4
|
+
module Chelsea
|
5
|
+
class OSSIndex
|
6
|
+
|
7
|
+
def initialize(oss_index_user_name: "", oss_index_user_token: "")
|
8
|
+
if oss_index_user_name.empty? || oss_index_user_token.empty?
|
9
|
+
config = Chelsea::Config.new().get_oss_index_config()
|
10
|
+
if config != {}
|
11
|
+
@oss_index_user_name, @oss_index_user_token = config["Username"], config["Token"]
|
12
|
+
else
|
13
|
+
@oss_index_user_name, @oss_index_user_token = oss_index_user_name, oss_index_user_token
|
14
|
+
end
|
15
|
+
else
|
16
|
+
@oss_index_user_name, @oss_index_user_token = oss_index_user_name, oss_index_user_token
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def call_oss_index(coords)
|
21
|
+
r = _resource.post coords.to_json, _headers
|
22
|
+
if r.code == 200
|
23
|
+
JSON.parse(r.body)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def _headers
|
30
|
+
{ :content_type => :json, :accept => :json, 'User-Agent' => _user_agent }
|
31
|
+
end
|
32
|
+
|
33
|
+
def _resource
|
34
|
+
if !@oss_index_user_name.empty? && !@oss_index_user_token.empty?
|
35
|
+
RestClient::Resource.new _api_url, :user => @oss_index_user_name, :password => @oss_index_user_token
|
36
|
+
else
|
37
|
+
RestClient::Resource.new _api_url
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def _api_url
|
42
|
+
"https://ossindex.sonatype.org/api/v3/component-report"
|
43
|
+
end
|
44
|
+
|
45
|
+
def _user_agent
|
46
|
+
"chelsea/#{Chelsea::VERSION}"
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
50
|
+
end
|
data/lib/chelsea/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chelsea
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Allister Beharry
|
@@ -199,6 +199,7 @@ files:
|
|
199
199
|
- chelsea.gemspec
|
200
200
|
- lib/chelsea.rb
|
201
201
|
- lib/chelsea/cli.rb
|
202
|
+
- lib/chelsea/config.rb
|
202
203
|
- lib/chelsea/dependency_exception.rb
|
203
204
|
- lib/chelsea/deps.rb
|
204
205
|
- lib/chelsea/formatters/factory.rb
|
@@ -207,6 +208,7 @@ files:
|
|
207
208
|
- lib/chelsea/formatters/text.rb
|
208
209
|
- lib/chelsea/formatters/xml.rb
|
209
210
|
- lib/chelsea/gems.rb
|
211
|
+
- lib/chelsea/oss_index.rb
|
210
212
|
- lib/chelsea/version.rb
|
211
213
|
homepage: https://github.com/sonatype-nexus-community/chelsea
|
212
214
|
licenses:
|