chelsea 0.0.6 → 0.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f1778ec5d4e68f4e48180d3ff4d5495bf742eb4b2b36e218b044e67248493c03
-  data.tar.gz: b07fd8484642d229301d5636a760cff9c4f205b2deea3f408cdcc92e3dc27f01
+  metadata.gz: 52f656dfb244ce9739b9dff4ae38959a211bd38d5849a3c97bea14b43f2f5a3a
+  data.tar.gz: 06443dcea17e77700763020b47d899179c062dcfb8003c944628b1bf8bb8491b
 SHA512:
-  metadata.gz: 90756c847bafc522b3757631a738f334be228c5d042e5e05cb4e61eecfcb518b1c57770b4828e6e9f74f35fb732fde652873b6680904f7d7a0e19ef13f613d71
-  data.tar.gz: c74ce61cf769d2f4612ad5a6652efc017ab417a60184a6abd6a13316ddf59dd49795dd341692503a98cf925fe360423442c0ff4ba1fe4a1711f605e93da630bd
+  metadata.gz: 90bba2fec2be99b5168ba80366fffdff8774f3120bdfa50aa87720c6348b16628a1784ef1cb40cc20bfd31a7c1e50aa20eca9d5fb426e100421d568cc33eeae4
+  data.tar.gz: 4dfbbf3db3529e7ef257c71c4f30f9ecfb00adae8c7cd59dea98fe27380dc33b0724b5d34d078d6b740892b51eebc640bad1500045487fb77963baa66e6dd256

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    chelsea (0.0.3)
+    chelsea (0.0.6)
       bundler (>= 1.2.0, < 3)
       ox (~> 2.13.2)
       pastel (~> 0.7.2)

data/bin/chelsea

@@ -6,6 +6,10 @@ opts =
   begin
     Slop.parse do |o|
       o.string '-f', '--file', 'path to your Gemfile.lock'
+      o.bool '-c', '--config', 'Set persistent config for OSS Index'
+      o.string '-u', '--user', 'Specify OSS Index Username', default: ""
+      o.string '-p', '--token', 'Specify OSS Index API Token', default: ""
+      o.string '-w', '--whitelist', 'Set path to vulnerability whitelist file'
       o.bool '-q', '--quiet', 'make chelsea only output vulnerable third party dependencies for text output (default: false)', default: false 
       o.string '-t', '--format', 'choose what type of format you want your report in (default: text) (options: text, json, xml)', default: 'text'
       o.on '--version', 'print the version' do

data/lib/chelsea/cli.rb

@@ -4,6 +4,7 @@ require 'tty-font'
 
 require_relative 'version'
 require_relative 'gems'
+require_relative 'config'
 
 module Chelsea
   ##
@@ -18,12 +19,12 @@ module Chelsea
     end
 
     def process!
+      if @opts.config?
+        _try_set_config()
+      end
       if @opts.file?
-        @gems = Chelsea::Gems.new(file: @opts[:file])
+        @gems = Chelsea::Gems.new(file: @opts[:file], quiet: false, options: @opts)
         @gems.execute
-      elsif @opts.help?
-        puts _cli_flags
-
       end
     end
 
@@ -35,28 +36,10 @@ module Chelsea
 
   protected
 
-    def _cli_flags
-      opts = Slop::Options.new
-      opts.banner = "usage: chelsea [options] ..."
-      opts.separator ""
-      opts.separator 'Options:'
-      opts.bool '-h', '--help', 'show usage'
-      opts.bool '-q', '--quiet', 'make chelsea only output vulnerable third party dependencies for text output (default: false)', default: false 
-      opts.string '-t', '--format', 'choose what type of format you want your report in (default: text) (options: text, json, xml)', default: 'text'
-      opts.string '-f', '--file', 'path to your Gemfile.lock'
-      opts.on '--version', 'print the version' do
-        puts version()
-        exit
-      end
-
-      opts
-    end
-
     def _flags_error
       # should be custom exception! 
       switches = _flags.collect {|f| "--#{f}"}
-      puts _cli_flags
-      puts
+
       abort "please set one of #{switches}"
     end
 
@@ -75,7 +58,7 @@ module Chelsea
 
     def _flags
       # Seems wrong, should all be handled by bin
-      [:file, :help]
+      [:file, :help, :config]
     end
 
     def _show_logo()
@@ -83,5 +66,15 @@ module Chelsea
       puts @pastel.green(font.write("Chelsea"))
       puts @pastel.green("Version: " + CLI::version)
     end
+
+    def _try_load_config()
+      config = Chelsea::Config.new
+      oss_index_config = config.get_oss_index_config()
+    end
+
+    def _try_set_config()
+      config = Chelsea::Config.new
+      config.get_oss_index_config_from_command_line()
+    end
   end
 end

data/lib/chelsea/config.rb

@@ -0,0 +1,53 @@
+require 'yaml'
+
+module Chelsea
+  class Config
+    def initialize(opts = {})
+      @oss_index_config_location = File.join("#{Dir.home}", ".ossindex")
+      @oss_index_config_filename = ".oss-index-config"
+    end
+
+    def get_oss_index_config()
+      if !File.exist? File.join(@oss_index_config_location, @oss_index_config_filename)
+        return {}
+      else
+        oss_index_config = YAML.load(File.read(File.join(@oss_index_config_location, @oss_index_config_filename)))
+
+        oss_index_config
+      end
+    end
+
+    def get_white_list_vuln_config(white_list_config_path)
+      if white_list_config_path.nil?
+        white_list_vuln_config = YAML.load(File.read(File.join(Dir.pwd, "chelsea-ignore.yaml")))
+      else
+        white_list_vuln_config = YAML.load(File.read(white_list_config_path))
+      end
+
+      white_list_vuln_config
+    end
+
+    def get_oss_index_config_from_command_line()
+      config = {}
+
+      puts "What username do you want to authenticate as (ex: your email address)? "
+      config["Username"] = STDIN.gets.chomp
+
+      puts "What token do you want to use? "
+      config["Token"] = STDIN.gets.chomp
+
+      _set_oss_index_config(config)
+    end
+
+    private
+
+      def _set_oss_index_config(config)
+        Dir.mkdir(@oss_index_config_location) unless File.exists? @oss_index_config_location
+
+        File.open(File.join(@oss_index_config_location, @oss_index_config_filename), "w") do |file|
+          file.write config.to_yaml
+        end
+      end
+
+  end
+end

data/lib/chelsea/deps.rb

@@ -2,16 +2,19 @@ require 'bundler'
 require 'bundler/lockfile_parser'
 require 'rubygems'
 require 'rubygems/commands/dependency_command'
-require_relative 'dependency_exception'
 require 'json'
 require 'rest-client'
 require 'pstore'
 
+require_relative 'dependency_exception'
+require_relative 'oss_index'
+
 module Chelsea
   class Deps
     attr_reader :server_response, :reverse_dependencies, :coordinates, :dependencies
 
-    def initialize(path: , quiet: false)
+    def initialize(path: , oss_index_client: , quiet: false)
+      @oss_index_client = oss_index_client
       @path, @quiet = path, quiet
       ENV['BUNDLE_GEMFILE'] = File.expand_path(path).chomp(".lock")
 
@@ -39,10 +42,6 @@ module Chelsea
       return "pkg:gem/#{name}@#{version}"
     end
 
-    def user_agent
-      "chelsea/#{Chelsea::VERSION}"
-    end
-
     # Parses specs from lockfile instanct var and inserts into dependenices instance var
     def get_dependencies
       @lockfile.specs.each do |gem|\
@@ -93,12 +92,9 @@ module Chelsea
         chunked = Hash.new()
         @coordinates["coordinates"].each_slice(128).to_a.each do |coords|
           chunked["coordinates"] = coords
-          r = RestClient.post "https://ossindex.sonatype.org/api/v3/component-report", chunked.to_json,
-            { content_type: :json, accept: :json, 'User-Agent': user_agent }
-          if r.code == 200
-            @server_response = @server_response.concat(JSON.parse(r.body))
-            _save_values_to_db(JSON.parse(r.body))
-          end
+          res_json = @oss_index_client.call_oss_index(chunked)
+          @server_response = @server_response.concat(res_json)
+          _save_values_to_db(res_json)
         end
       end
     end

data/lib/chelsea/formatters/factory.rb

@@ -6,11 +6,11 @@ class FormatterFactory
     def get_formatter(format: 'text', options: {})
         case format
         when 'text'
-          Chelsea::TextFormatter.new(options)
+          Chelsea::TextFormatter.new()
         when 'json'
-          Chelsea::JsonFormatter.new(options)
+          Chelsea::JsonFormatter.new()
         when 'xml'
-          Chelsea::XMLFormatter.new(options)
+          Chelsea::XMLFormatter.new()
         end
   end
 end

data/lib/chelsea/gems.rb

@@ -20,8 +20,8 @@ module Chelsea
         raise "Gemfile.lock not found, check --file path"
       end
       @pastel = Pastel.new
-      @formatter = FormatterFactory.new.get_formatter(@options)
-      @deps = Chelsea::Deps.new({path: Pathname.new(@file)})
+      @formatter = FormatterFactory.new.get_formatter(format: @options[:format], options: @options)
+      @deps = Chelsea::Deps.new({path: Pathname.new(@file), oss_index_client: Chelsea::OSSIndex.new(oss_index_user_name: @options[:user], oss_index_user_token: @options[:token])})
     end
 
     # Audits depenencies using deps library and prints results
@@ -36,6 +36,9 @@ module Chelsea
         _print_err "No vulnerability data retrieved from server. Exiting."
         return
       end
+      # if !@options[:whitelist]
+
+      # end
       @formatter.do_print(@formatter.get_results(@deps))
     end
 
@@ -48,6 +51,9 @@ module Chelsea
 
       begin
         @deps.get_dependencies
+        unless @quiet
+          spinner.success("...done.")
+        end
       rescue StandardError => e
         unless @quiet
           spinner.stop
@@ -71,6 +77,9 @@ module Chelsea
 
       begin
         @deps.get_vulns
+        unless @quiet
+          spinner.success("...done.")
+        end
       rescue SocketError => e
         unless @quiet
           spinner.stop("...request failed.")

data/lib/chelsea/oss_index.rb

@@ -0,0 +1,50 @@
+require_relative 'config'
+require 'rest-client'
+
+module Chelsea
+  class OSSIndex
+
+    def initialize(oss_index_user_name: "", oss_index_user_token: "")
+      if oss_index_user_name.empty? || oss_index_user_token.empty?
+        config = Chelsea::Config.new().get_oss_index_config()
+        if config != {}
+          @oss_index_user_name, @oss_index_user_token = config["Username"], config["Token"]
+        else
+          @oss_index_user_name, @oss_index_user_token = oss_index_user_name, oss_index_user_token
+        end
+      else
+        @oss_index_user_name, @oss_index_user_token = oss_index_user_name, oss_index_user_token
+      end
+    end
+
+    def call_oss_index(coords)
+      r = _resource.post coords.to_json, _headers
+      if r.code == 200
+        JSON.parse(r.body)
+      end
+    end
+
+    private
+
+    def _headers
+      { :content_type => :json, :accept => :json, 'User-Agent' => _user_agent }
+    end
+
+    def _resource
+      if !@oss_index_user_name.empty? && !@oss_index_user_token.empty?
+        RestClient::Resource.new _api_url, :user => @oss_index_user_name, :password => @oss_index_user_token
+      else
+        RestClient::Resource.new _api_url
+      end
+    end
+
+    def _api_url
+      "https://ossindex.sonatype.org/api/v3/component-report"
+    end
+
+    def _user_agent
+      "chelsea/#{Chelsea::VERSION}"
+    end
+
+  end
+end

data/lib/chelsea/version.rb

@@ -1,3 +1,3 @@
 module Chelsea
-  VERSION = "0.0.6"
+  VERSION = "0.0.7"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chelsea
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.7
 platform: ruby
 authors:
 - Allister Beharry
@@ -199,6 +199,7 @@ files:
 - chelsea.gemspec
 - lib/chelsea.rb
 - lib/chelsea/cli.rb
+- lib/chelsea/config.rb
 - lib/chelsea/dependency_exception.rb
 - lib/chelsea/deps.rb
 - lib/chelsea/formatters/factory.rb
@@ -207,6 +208,7 @@ files:
 - lib/chelsea/formatters/text.rb
 - lib/chelsea/formatters/xml.rb
 - lib/chelsea/gems.rb
+- lib/chelsea/oss_index.rb
 - lib/chelsea/version.rb
 homepage: https://github.com/sonatype-nexus-community/chelsea
 licenses: