chelsea 0.0.27 → 0.0.28

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0f179d743f4810498f2e0edbe787038e2caed8e43af7279c39bf309860a568ae
-  data.tar.gz: b20643fbaa0bbc56073a53575b4d3d5ba2d1b4f5b8b1e996dcdc373e2a2bd997
+  metadata.gz: 1d6bcb375015c64ae7e452f93e38b10cfabb4ecbc9425fad0121e926a0148efa
+  data.tar.gz: f1a171d3a72a0bf910ac4e22258cee6a0d6c3e8181307856a34a5b22ca0435c7
 SHA512:
-  metadata.gz: b44c830f8e38ba6693babade3cb1da853baf545a6839aa79bea41a5821712cf055737e8af349c1c9aa9653bb09c5faa1cad0660ec3806f0add68418dadd36f54
-  data.tar.gz: ec6ebcd7e0ac9fb7ebb30349c824187cfc06390fabd40a76a39c4c622a6801c513c5446f89dc3422f703e15cab214a3b1fb72ff7acd4f7ef6e249a27c8331b6e
+  metadata.gz: decb1e4e8a54798161b2e888e1694d9558ba0bbacd6708c6cf32d4b71b32cb05520f017733a18e90dab99c0e2e2be500d3c8b8701b1ff464041ad63ab89ffa74
+  data.tar.gz: 94f91e9b3f248d7a3c494fdba567f832edf38b2e91e75f791ac1d9dace17b285e89d09c43bae25d6faacd0b2a76e5a4bb211acb3153dfc57ea4b581243f5d8d1

data/.circleci/config.yml

@@ -18,7 +18,7 @@ version: 2.1
 jobs: 
   build: 
     docker: 
-      - image: circleci/ruby:2.6.5-stretch
+      - image: circleci/ruby:2.6.6-stretch
         environment: 
           BUNDLE_PATH: vendor/bundle
     steps:
@@ -48,6 +48,9 @@ jobs:
             bundle exec rspec --format progress \
                             --format RspecJunitFormatter \
                             --out test_results/rspec.xml
+      - run:
+          name: Run linter
+          command: bundle exec rubocop
       - run:
           name: Build gem
           command: gem build chelsea.gemspec
@@ -64,7 +67,7 @@ jobs:
           path: test_results
   release:
     docker:
-      - image: circleci/ruby:2.6.5-stretch
+      - image: circleci/ruby:2.6.6-stretch
     steps:
       - add_ssh_keys:
           fingerprints:

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -23,7 +23,7 @@ If applicable, add screenshots to help explain your problem.
 
 **Desktop (please complete the following information):**
  - OS: [e.g. OS X 1.13.6]
- - Ruby Version: [e.g. 2.6.5]
+ - Ruby Version: [e.g. 2.6.6]
  - Bundler Version: [e.g. 2.1.4]
  - chelsea Version [e.g. 0.0.11]
 

data/.rubocop.yml

@@ -0,0 +1,6 @@
+AllCops:
+  NewCops: enable
+  TargetRubyVersion: 2.6.6
+
+Metrics/BlockLength:
+  IgnoredMethods: ['Slop.parse']

data/Gemfile

@@ -1,6 +1,11 @@
-source "https://rubygems.org"
+# frozen_string_literal: true
 
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 
 # Specify your gem's dependencies in chelsea.gemspec
 gemspec
+
+# linter
+gem 'rubocop', require: false

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    chelsea (0.0.26)
+    chelsea (0.0.27)
       bundler (>= 1.2.0, < 3)
       ox (~> 2.13.2)
       pastel (~> 0.7.2)
@@ -16,6 +16,7 @@ GEM
   specs:
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
+    ast (2.4.2)
     byebug (11.1.2)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
@@ -32,15 +33,21 @@ GEM
     necromancer (0.6.0)
     netrc (0.11.0)
     ox (2.13.4)
+    parallel (1.20.1)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
     pastel (0.7.4)
       equatable (~> 0.6)
       tty-color (~> 0.5)
     public_suffix (4.0.3)
+    rainbow (3.0.0)
     rake (12.3.3)
+    regexp_parser (2.0.3)
     rest-client (2.0.2)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
+    rexml (3.2.4)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
@@ -56,6 +63,18 @@ GEM
     rspec-support (3.9.2)
     rspec_junit_formatter (0.4.1)
       rspec-core (>= 2, < 4, != 2.12.0)
+    rubocop (1.9.0)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.2.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.4.1)
+      parser (>= 2.7.1.5)
+    ruby-progressbar (1.11.0)
     safe_yaml (1.0.5)
     slop (4.8.2)
     strings (0.1.8)
@@ -94,6 +113,7 @@ DEPENDENCIES
   rake (~> 12.3)
   rspec (~> 3.0)
   rspec_junit_formatter (~> 0.4.1)
+  rubocop
   webmock (~> 3.8.3)
 
 BUNDLED WITH

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -14,9 +16,9 @@
 # limitations under the License.
 #
 
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
 
 RSpec::Core::RakeTask.new(:spec)
 
-task :default => :spec
+task default: :spec

data/bin/chelsea

@@ -16,7 +16,8 @@
 #
 
 # frozen_string_literal: true
-require_relative "../lib/chelsea"
+
+require_relative '../lib/chelsea'
 require 'slop'
 opts =
   begin
@@ -31,13 +32,19 @@ opts =
       o.string '-iu', '--iquser', 'Specify the IQ username', default: 'admin'
       o.string '-it', '--iqpass', 'Specify the IQ auth token', default: 'admin123'
       o.string '-w', '--whitelist', 'Set path to vulnerability whitelist file'
-      o.bool '-v', '--verbose', 'For text format, list dependencies, their reverse dependencies (what brought them in to your project), and if they are vulnerable. (default: false)', default: false
-      o.string '-t', '--format', 'Choose what type of format you want your report in (default: text) (options: text, json, xml)', default: 'text'
+      o.bool '-v', '--verbose',
+             'For text format, list dependencies, their reverse dependencies (what brought them in to your project), and
+ if they are vulnerable. (default: false)', default: false
+      o.string '-t', '--format',
+               'Choose what type of format you want your report in (default: text) (options: text, json, xml)',
+               default: 'text'
       o.bool '-b', '--iq', 'Use Nexus IQ Server to audit your project'
-      o.string '-s', '--stage', 'Specify Nexus IQ Stage (default: build) (options: develop, build, stage-release, release, operate)', default: 'build'
+      o.string '-s', '--stage',
+               'Specify Nexus IQ Stage (default: build) (options: develop, build, stage-release, release, operate)',
+               default: 'build'
       o.on '--version', 'Print the version' do
-          puts Chelsea::VERSION
-          exit
+        puts Chelsea::VERSION
+        exit
       end
       o.on '-h', '--help', 'Show usage' do
         puts(o)
@@ -45,7 +52,7 @@ opts =
       end
     end
   rescue Slop::Error => e
-    puts(e.message + ' (try --help)')
+    puts("#{e.message} (try --help)")
     exit 1
   end
 if opts.arguments.count.positive?

data/bin/console

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -15,9 +17,8 @@
 # limitations under the License.
 #
 
+require 'bundler/setup'
+require 'chelsea'
 
-require "bundler/setup"
-require "chelsea"
-
-require "irb"
+require 'irb'
 IRB.start(__FILE__)

data/chelsea.gemspec

@@ -1,41 +1,43 @@
+# frozen_string_literal: true
 
-lib = File.expand_path("../lib", __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "chelsea/version"
+require 'chelsea/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "chelsea"
-  spec.license       = "Apache-2.0"
+  spec.name          = 'chelsea'
+  spec.license       = 'Apache-2.0'
   spec.version       = Chelsea::VERSION
-  spec.authors       = ["Allister Beharry"]
-  spec.email         = ["allister.beharry@gmail.com"]
+  spec.authors       = ['Allister Beharry']
+  spec.email         = ['allister.beharry@gmail.com']
+  spec.required_ruby_version = '>= 2.6.6'
 
-  spec.summary       = "Audit Ruby package dependencies for security vulnerabilities."
-  spec.homepage      = "https://github.com/sonatype-nexus-community/chelsea"
-  
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = "https://github.com/sonatype-nexus-community/chelsea"
-  spec.metadata["changelog_uri"] = "https://github.com/sonatype-nexus-community/chelsea/CHANGELOG"
+  spec.summary       = 'Audit Ruby package dependencies for security vulnerabilities.'
+  spec.homepage      = 'https://github.com/sonatype-nexus-community/chelsea'
 
-  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/sonatype-nexus-community/chelsea'
+  spec.metadata['changelog_uri'] = 'https://github.com/sonatype-nexus-community/chelsea/CHANGELOG'
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
-  spec.bindir        = "bin"
+  spec.bindir        = 'bin'
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_dependency "tty-font", "~> 0.5.0"
-  spec.add_dependency "tty-spinner", "~> 0.9.3"
-  spec.add_dependency "slop", "~> 4.8.1"
-  spec.add_dependency "pastel", "~> 0.7.2"
-  spec.add_dependency "rest-client", "~> 2.0.2"
-  spec.add_dependency "bundler", ">= 1.2.0", "< 3"
-  spec.add_dependency "ox", "~> 2.13.2"
-  spec.add_dependency "tty-table", "~> 0.11.0"
+  spec.add_dependency 'bundler', '>= 1.2.0', '< 3'
+  spec.add_dependency 'ox', '~> 2.13.2'
+  spec.add_dependency 'pastel', '~> 0.7.2'
+  spec.add_dependency 'rest-client', '~> 2.0.2'
+  spec.add_dependency 'slop', '~> 4.8.1'
+  spec.add_dependency 'tty-font', '~> 0.5.0'
+  spec.add_dependency 'tty-spinner', '~> 0.9.3'
+  spec.add_dependency 'tty-table', '~> 0.11.0'
 
-  spec.add_development_dependency "rake", "~> 12.3"
-  spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency "rspec_junit_formatter", "~> 0.4.1"
-  spec.add_development_dependency "webmock", "~> 3.8.3"
-  spec.add_development_dependency "byebug", "~> 11.1.2"
+  spec.add_development_dependency 'byebug', '~> 11.1.2'
+  spec.add_development_dependency 'rake', '~> 12.3'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rspec_junit_formatter', '~> 0.4.1'
+  spec.add_development_dependency 'webmock', '~> 3.8.3'
 end

data/lib/chelsea/bom.rb

@@ -40,7 +40,7 @@ module Chelsea
     end
 
     def random_urn_uuid
-      'urn:uuid:' + SecureRandom.uuid
+      "urn:uuid:#{SecureRandom.uuid}"
     end
 
     private
@@ -87,8 +87,8 @@ module Chelsea
       component
     end
 
-    def _show_logo
-      logo = %Q(
+    def _show_logo # rubocop:disable Metrics/MethodLength
+      logo = %(
                           -o/
                       -+hNmNN-
     .:+osyhddddyso/-``ody+-  .NN.

data/lib/chelsea/cli.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -26,7 +28,7 @@ require_relative 'config'
 module Chelsea
   ##
   # This class provides an interface to the oss index, gems and deps
-  class CLI
+  class CLI # rubocop:disable Metrics/ClassLength
     def initialize(opts)
       @opts = opts
       @pastel = Pastel.new
@@ -34,26 +36,28 @@ module Chelsea
       _show_logo # Move to formatter
     end
 
-    def process!
+    # rubocop:disable Metrics/CyclomaticComplexity
+    def process! # rubocop:disable Metrics/AbcSize, Metrics/MethodLength,  Metrics/PerceivedComplexity
       if @opts.config?
         _set_config # move to init
       elsif @opts.clear?
         require_relative 'db'
         Chelsea::DB.new.clear_cache
-        puts "OSS Index cache cleared"
+        puts 'OSS Index cache cleared'
       elsif @opts.file? && @opts.iq?
         dependencies = _process_file_iq
         _submit_sbom(dependencies)
       elsif !@opts.file? && @opts.iq?
-        abort "Missing the --file argument. It is required with the --iq argument."
+        abort 'Missing the --file argument. It is required with the --iq argument.'
       elsif @opts.file?
         _process_file
       elsif @opts.help? # quit on opts.help earlier
         puts _cli_flags # this doesn't exist
       else
-        abort "Missing arguments! Chelsea did nothing. Try providing the --file <Gemfile.lock> argument."
+        abort 'Missing arguments! Chelsea did nothing. Try providing the --file <Gemfile.lock> argument.'
       end
     end
+    # rubocop:enable Metrics/CyclomaticComplexity
 
     def self.version
       Chelsea::VERSION
@@ -61,7 +65,7 @@ module Chelsea
 
     private
 
-    def _submit_sbom(gems)
+    def _submit_sbom(gems) # rubocop:disable Metrics/MethodLength
       iq = Chelsea::IQClient.new(
         options: {
           public_application_id: @opts[:application],
@@ -74,7 +78,7 @@ module Chelsea
       bom = Chelsea::Bom.new(gems.deps.dependencies).collect
 
       status_url = iq.post_sbom(bom)
-      
+
       return unless status_url
 
       msg, color, exit_code = iq.poll_status(status_url)
@@ -131,7 +135,7 @@ module Chelsea
 
     def _flags_set?
       # I'm still unsure what this is trying to express
-      valid_flags = _flags.collect {|arg| @opts[arg] }.compact
+      valid_flags = _flags.collect { |arg| @opts[arg] }.compact
       valid_flags.count > 1
     end
 
@@ -143,7 +147,7 @@ module Chelsea
     def _show_logo
       font = TTY::Font.new(:doom)
       puts @pastel.green(font.write('Chelsea'))
-      puts @pastel.green('Version: ' + CLI.version)
+      puts @pastel.green("Version: #{CLI.version}")
     end
 
     def _load_config

data/lib/chelsea/config.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -17,6 +19,7 @@
 require 'yaml'
 require_relative 'oss_index'
 
+# Saved credentials
 module Chelsea
   @oss_index_config_location = File.join(Dir.home.to_s, '.ossindex')
   @oss_index_config_filename = '.oss-index-config'
@@ -43,10 +46,8 @@ module Chelsea
     @client
   end
 
-  def self.oss_index_config
-    if !File.exist? File.join(@oss_index_config_location, @oss_index_config_filename)
-      { oss_index_user_name: '', oss_index_user_token: '' }
-    else
+  def self.oss_index_config # rubocop:disable Metrics/MethodLength
+    if File.exist? File.join(@oss_index_config_location, @oss_index_config_filename)
       conf_hash = YAML.safe_load(
         File.read(
           File.join(@oss_index_config_location, @oss_index_config_filename)
@@ -56,6 +57,8 @@ module Chelsea
         oss_index_user_name: conf_hash['Username'],
         oss_index_user_token: conf_hash['Token']
       }
+    else
+      { oss_index_user_name: '', oss_index_user_token: '' }
     end
   end
 
@@ -71,20 +74,18 @@ module Chelsea
     config = {}
 
     puts 'What username do you want to authenticate as (ex: your email address)? '
-    config['Username'] = STDIN.gets.chomp
+    config['Username'] = $stdin.gets.chomp
 
     puts 'What token do you want to use? '
-    config['Token'] = STDIN.gets.chomp
+    config['Token'] = $stdin.gets.chomp
 
     _write_oss_index_config_file(config)
   end
 
   def self._write_oss_index_config_file(config)
-    unless File.exist? @oss_index_config_location
-      Dir.mkdir(@oss_index_config_location)
-    end
-    File.open(File.join(@oss_index_config_location, @oss_index_config_filename), "w") do |file|
+    Dir.mkdir(@oss_index_config_location) unless File.exist? @oss_index_config_location
+    File.open(File.join(@oss_index_config_location, @oss_index_config_filename), 'w') do |file|
       file.write config.to_yaml
     end
   end
-end
+end

data/lib/chelsea/db.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -17,6 +19,7 @@
 require 'pstore'
 
 module Chelsea
+  # OSS Index data cache
   class DB
     def initialize
       @store = PStore.new(_get_db_store_location)
@@ -45,7 +48,7 @@ module Chelsea
       end
     end
 
-    def _get_db_store_location()
+    def _get_db_store_location
       initial_path = File.join(Dir.home.to_s, '.ossindex')
       Dir.mkdir(initial_path) unless File.exist? initial_path
       File.join(initial_path, 'chelsea.pstore')

data/lib/chelsea/dependency_exception.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -15,8 +17,9 @@
 #
 
 module Chelsea
+  # Project dependency exception
   class DependencyException < StandardError
-    def initialize(msg="This is a custom exception", exception_type="custom")
+    def initialize(msg = 'This is a custom exception', exception_type = 'custom')
       @exception_type = exception_type
       super(msg)
     end

data/lib/chelsea/deps.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -22,6 +24,7 @@ require 'json'
 require 'rest-client'
 
 module Chelsea
+  # Project dependencies
   class Deps
     def initialize(path:, verbose: false)
       @verbose = verbose
@@ -47,7 +50,7 @@ module Chelsea
 
     # Collects all reverse dependencies in reverse_dependencies instance var
     # this rescue block honks
-    def reverse_dependencies
+    def reverse_dependencies # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       reverse = Gem::Commands::DependencyCommand.new
       reverse.options[:reverse_dependencies] = true
       # We want to filter the reverses dependencies by specs in lockfile
@@ -68,7 +71,7 @@ module Chelsea
     # in dependencies_versions and coordinates instance vars
     def coordinates
       dependencies.each_with_object({ 'coordinates' => [] }) do |(name, v), coords|
-        coords['coordinates'] << self.class.to_purl(name, v[1]);
+        coords['coordinates'] << self.class.to_purl(name, v[1])
       end
     end
   end

data/lib/chelsea/formatters/factory.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -20,7 +22,7 @@ require_relative 'text'
 
 # Factory for formatting dependencies
 class FormatterFactory
-  def get_formatter(format: 'text', verbose:)
+  def get_formatter(verbose:, format: 'text')
     case format
     when 'text'
       Chelsea::TextFormatter.new verbose: verbose
@@ -28,7 +30,7 @@ class FormatterFactory
       Chelsea::JsonFormatter.new verbose: verbose
     when 'xml'
       Chelsea::XMLFormatter.new verbose: verbose
-    else
+    else # rubocop:disable Lint/DuplicateBranch
       Chelsea::TextFormatter.new verbose: verbose
     end
   end

data/lib/chelsea/formatters/formatter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -14,15 +16,17 @@
 # limitations under the License.
 #
 
+# Base formatter class
 class Formatter
-    def initialize
-        @pastel = Pastel.new
-    end
-    def get_results
-        raise 'must implement get_results method in subclass'
-    end
-    
-    def do_print
-        raise 'must implement do_print method in subclass'
-    end
-end
+  def initialize
+    @pastel = Pastel.new
+  end
+
+  def fetch_results
+    raise 'must implement get_results method in subclass'
+  end
+
+  def do_print
+    raise 'must implement do_print method in subclass'
+  end
+end

data/lib/chelsea/formatters/json.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -18,12 +20,14 @@ require 'json'
 require_relative 'formatter'
 
 module Chelsea
+  # Produce output in json format
   class JsonFormatter < Formatter
     def initialize(options)
+      super()
       @options = options
     end
 
-    def get_results(server_response, reverse_deps)
+    def fetch_results(server_response, _reverse_deps)
       server_response.to_json
     end
 

data/lib/chelsea/formatters/text.rb

@@ -1,3 +1,6 @@
+# rubocop:disable Style/FrozenStringLiteralComment
+# rubocop:enable Style/FrozenStringLiteralComment
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -19,13 +22,16 @@ require 'tty-table'
 require_relative 'formatter'
 
 module Chelsea
+  # Produce output in text format
   class TextFormatter < Formatter
     def initialize(options)
+      super()
       @options = options
       @pastel = Pastel.new
     end
 
-    def get_results(server_response, reverse_dependencies)
+    # rubocop:disable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize
+    def fetch_results(server_response, reverse_dependencies) # rubocop:disable Metrics/MethodLength
       response = ''
       if @options[:verbose]
         response += "\n"\
@@ -65,6 +71,7 @@ module Chelsea
       response += table.render(:unicode)
       response
     end
+    # rubocop:enable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize
 
     def do_print(results)
       puts results
@@ -109,9 +116,7 @@ module Chelsea
     def _get_reverse_deps(coords, name)
       coords.each_with_object('') do |dep, s|
         dep.each do |gran|
-          if gran.class == String && !gran.include?(name)
-            s << "\tRequired by: #{gran}\n"
-          end
+          s << "\tRequired by: #{gran}\n" if gran.instance_of?(String) && !gran.include?(name)
         end
       end
     end

data/lib/chelsea/formatters/xml.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -17,12 +19,14 @@
 require 'ox'
 require_relative 'formatter'
 module Chelsea
+  # Produce output in xml format
   class XMLFormatter < Formatter
     def initialize(options)
+      super()
       @options = options
     end
 
-    def get_results(server_response, reverse_deps)
+    def fetch_results(server_response, _reverse_deps) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       doc = Ox::Document.new
       instruct = Ox::Instruct.new(:xml)
       instruct[:version] = '1.0'
@@ -37,13 +41,13 @@ module Chelsea
 
       server_response.each do |coord|
         testcase = Ox::Element.new('testcase')
-        testcase[:classname] = coord["coordinates"]
-        testcase[:name] = coord["coordinates"]
+        testcase[:classname] = coord['coordinates']
+        testcase[:name] = coord['coordinates']
 
         if coord['vulnerabilities'].length.positive?
           failure = Ox::Element.new('failure')
-          failure[:type] = "Vulnerable Dependency"
-          failure << get_vulnerability_block(coord["vulnerabilities"])
+          failure[:type] = 'Vulnerable Dependency'
+          failure << get_vulnerability_block(coord['vulnerabilities'])
           testcase << failure
           testsuite << testcase
         elsif @options[:verbose]
@@ -58,20 +62,20 @@ module Chelsea
       puts Ox.dump(results)
     end
 
-    def get_vulnerability_block(vulnerabilities)
-      vulnBlock = String.new
+    def get_vulnerability_block(vulnerabilities) # rubocop:disable Metrics/MethodLength
+      vuln_block = ''
       vulnerabilities.each do |vuln|
-        vulnBlock += "Vulnerability Title: #{vuln["title"]}\n"\
-                    "ID: #{vuln["id"]}\n"\
-                    "Description: #{vuln["description"]}\n"\
-                    "CVSS Score: #{vuln["cvssScore"]}\n"\
-                    "CVSS Vector: #{vuln["cvssVector"]}\n"\
-                    "CVE: #{vuln["cve"]}\n"\
-                    "Reference: #{vuln["reference"]}"\
+        vuln_block += "Vulnerability Title: #{vuln['title']}\n"\
+                    "ID: #{vuln['id']}\n"\
+                    "Description: #{vuln['description']}\n"\
+                    "CVSS Score: #{vuln['cvssScore']}\n"\
+                    "CVSS Vector: #{vuln['cvssVector']}\n"\
+                    "CVE: #{vuln['cve']}\n"\
+                    "Reference: #{vuln['reference']}"\
                     "\n"
       end
-      
-      vulnBlock
+
+      vuln_block
     end
   end
 end

data/lib/chelsea/gems.rb

@@ -15,6 +15,7 @@
 #
 
 # frozen_string_literal: true
+
 require 'pastel'
 require 'bundler'
 require 'bundler/lockfile_parser'
@@ -31,11 +32,10 @@ module Chelsea
   # Class to collect and audit packages from a Gemfile.lock
   class Gems
     attr_accessor :deps
-    def initialize(file:, verbose:, options: { 'format': 'text' })
+
+    def initialize(file:, verbose:, options: { format: 'text' }) # rubocop:disable Metrics/MethodLength
       @verbose = verbose
-      unless File.file?(file) || file.nil?
-        raise 'Gemfile.lock not found, check --file path'
-      end
+      raise 'Gemfile.lock not found, check --file path' unless File.file?(file) || file.nil?
 
       _silence_stderr unless @verbose
 
@@ -52,7 +52,7 @@ module Chelsea
     # Audits depenencies using deps library and prints results
     # using formatter library
 
-    def execute
+    def execute # rubocop:disable Metrics/MethodLength
       server_response, dependencies, reverse_dependencies = audit
       if dependencies.nil?
         _print_err 'No dependencies retrieved. Exiting.'
@@ -62,20 +62,19 @@ module Chelsea
         _print_success 'No vulnerability data retrieved from server. Exiting.'
         return
       end
-      results = @formatter.get_results(server_response, reverse_dependencies)
+      results = @formatter.fetch_results(server_response, reverse_dependencies)
       @formatter.do_print(results)
 
       server_response.map { |r| r['vulnerabilities'].length.positive? }.any?
     end
 
     def collect_iq
-      dependencies = @deps.dependencies
-      dependencies
+      @deps.dependencies
     end
 
     # Runs through auditing algorithm, raising exceptions
     # on REST calls made by @deps.get_vulns
-    def audit
+    def audit # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       # This spinner management is out of control
       # we should wrap a block with start and stop messages,
       # or use a stack to ensure all spinners stop.
@@ -84,7 +83,7 @@ module Chelsea
       begin
         dependencies = @deps.dependencies
         spin.success('...done.')
-      rescue StandardError => e
+      rescue StandardError
         spin.stop
         _print_err "Parsing dependency line #{gem} failed."
       end
@@ -100,16 +99,16 @@ module Chelsea
       begin
         server_response = @client.get_vulns(coordinates)
         spin.success('...done.')
-      rescue SocketError => e
+      rescue SocketError
         spin.stop('...request failed.')
         _print_err 'Socket error getting data from OSS Index server.'
       rescue RestClient::RequestFailed => e
         spin.stop('...request failed.')
         _print_err "Error getting data from OSS Index server:#{e.response}."
-      rescue RestClient::ResourceNotFound => e
+      rescue RestClient::ResourceNotFound
         spin.stop('...request failed.')
         _print_err 'Error getting data from OSS Index server. Resource not found.'
-      rescue Errno::ECONNREFUSED => e
+      rescue Errno::ECONNREFUSED
         spin.stop('...request failed.')
         _print_err 'Error getting data from OSS Index server. Connection refused.'
       end
@@ -122,12 +121,12 @@ module Chelsea
       $stderr.reopen('/dev/null', 'w')
     end
 
-    def _print_err(s)
-      puts @pastel.red.bold(s)
+    def _print_err(msg)
+      puts @pastel.red.bold(msg)
     end
 
-    def _print_success(s)
-      puts @pastel.green.bold(s)
+    def _print_success(msg)
+      puts @pastel.green.bold(msg)
     end
   end
 end

data/lib/chelsea/iq_client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -22,8 +24,8 @@ require 'uri'
 require_relative 'spinner'
 
 module Chelsea
-  class IQClient
-
+  # IQ audit operations
+  class IQClient # rubocop:disable Metrics/ClassLength
     DEFAULT_OPTIONS = {
       public_application_id: 'testapp',
       server_url: 'http://localhost:8070',
@@ -31,7 +33,7 @@ module Chelsea
       auth_token: 'admin123',
       internal_application_id: '',
       stage: 'build'
-    }
+    }.freeze
 
     def initialize(options: DEFAULT_OPTIONS)
       @options = options
@@ -39,8 +41,8 @@ module Chelsea
       @spinner = Chelsea::Spinner.new
     end
 
-    def post_sbom(sbom)
-      spin = @spinner.spin_msg "Submitting sbom to Nexus IQ Server"
+    def post_sbom(sbom) # rubocop:disable Metrics/MethodLength
+      spin = @spinner.spin_msg 'Submitting sbom to Nexus IQ Server'
       @internal_application_id = _get_internal_application_id
       resource = RestClient::Resource.new(
         _api_url,
@@ -48,12 +50,12 @@ module Chelsea
         password: @options[:auth_token]
       )
       res = resource.post sbom.to_s, _headers.merge(content_type: 'application/xml')
-      if res.code != 202
+      if res.code == 202
+        spin.success('...done.')
+        status_url(res)
+      else
         spin.stop('...request failed.')
         nil
-      else
-        spin.success("...done.")
-        status_url(res)
       end
     end
 
@@ -63,17 +65,15 @@ module Chelsea
     end
 
     def poll_status(url)
-      spin = @spinner.spin_msg "Polling Nexus IQ Server for results"
+      spin = @spinner.spin_msg 'Polling Nexus IQ Server for results'
       loop do
-        begin
-          res = _poll_iq_server(url)
-          if res.code == 200
-            spin.success("...done.")
-            return _handle_response(res)
-          end
-        rescue
-          sleep(1)
+        res = _poll_iq_server(url)
+        if res.code == 200
+          spin.success('...done.')
+          return _handle_response(res)
         end
+      rescue StandardError
+        sleep(1)
       end
     end
 
@@ -88,28 +88,28 @@ module Chelsea
 
     private
 
-    def _handle_response(res)
+    def _handle_response(res) # rubocop:disable Metrics/MethodLength
       res = JSON.parse(res.body)
       # get absolute report url
       absolute_report_html_url = URI.join(@options[:server_url], res['reportHtmlUrl'])
 
       case res['policyAction']
       when POLICY_ACTION_FAILURE
-        return "Hi! Chelsea here, you have some policy violations to clean up!"\
+        ['Hi! Chelsea here, you have some policy violations to clean up!'\
           "\nReport URL: #{absolute_report_html_url}",
-          COLOR_FAILURE, 1
+         COLOR_FAILURE, 1]
       when POLICY_ACTION_WARNING
-        return "Hi! Chelsea here, you have some policy warnings to peck at!"\
+        ['Hi! Chelsea here, you have some policy warnings to peck at!'\
         "\nReport URL: #{absolute_report_html_url}",
-          COLOR_WARNING, 0
+         COLOR_WARNING, 0]
       when POLICY_ACTION_NONE
-        return "Hi! Chelsea here, no policy violations for this audit!"\
+        ['Hi! Chelsea here, no policy violations for this audit!'\
         "\nReport URL: #{absolute_report_html_url}",
-          COLOR_NONE, 0
+         COLOR_NONE, 0]
       else
-        return "Hi! Chelsea here, no policy violations for this audit, but unknown policy action!"\
+        ['Hi! Chelsea here, no policy violations for this audit, but unknown policy action!'\
         "\nReport URL: #{absolute_report_html_url}",
-          COLOR_FAILURE, 1
+         COLOR_FAILURE, 1]
       end
     end
 
@@ -137,26 +137,22 @@ module Chelsea
       res['statusUrl']
     end
 
-    private
-
-    def _poll_status
+    def _poll_status # rubocop:disable Metrics/MethodLength
       return unless @status_url
 
       loop do
-        begin
-          res = check_status(@status_url)
-          if res.code == 200
-            puts JSON.parse(res.body)
-            break
-          end
-        rescue RestClient::ResourceNotFound => _e
-          print '.'
-          sleep(1)
+        res = check_status(@status_url)
+        if res.code == 200
+          puts JSON.parse(res.body)
+          break
         end
+      rescue RestClient::ResourceNotFound => _e
+        print '.'
+        sleep(1)
       end
     end
 
-    def _get_internal_application_id
+    def _get_internal_application_id # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       resource = RestClient::Resource.new(
         _internal_application_id_api_url,
         user: @options[:username],
@@ -164,7 +160,7 @@ module Chelsea
       )
       res = resource.get _headers
       if res.code != 200
-        puts "failed to get internal application id for IQ application id: #{@options[:public_application_id]}. response status: #{res.code}"
+        puts "failure reading application id: #{@options[:public_application_id]}. response status: #{res.code}"
         return
       end
       body = JSON.parse(res)
@@ -180,7 +176,9 @@ module Chelsea
     end
 
     def _api_url
+      # rubocop:disable Layout/LineLength
       "#{@options[:server_url]}/api/v2/scan/applications/#{@internal_application_id}/sources/chelsea?stageId=#{@options[:stage]}"
+      # rubocop:enable Layout/LineLength
     end
 
     def _internal_application_id_api_url

data/lib/chelsea/oss_index.rb

@@ -21,11 +21,12 @@ require 'rest-client'
 require_relative 'db'
 
 module Chelsea
+  # OSS Index audit operations
   class OSSIndex
     DEFAULT_OPTIONS = {
       oss_index_username: '',
       oss_index_user_token: ''
-    }
+    }.freeze
     def initialize(options: DEFAULT_OPTIONS)
       @oss_index_user_name = options[:oss_index_user_name]
       @oss_index_user_token = options[:oss_index_user_token]
@@ -37,13 +38,11 @@ module Chelsea
 
     def get_vulns(coordinates)
       remaining_coordinates, cached_server_response = _cache(coordinates)
-      unless remaining_coordinates['coordinates'].count.positive?
-        return cached_server_response
-      end
+      return cached_server_response unless remaining_coordinates['coordinates'].count.positive?
 
       remaining_coordinates['coordinates'].each_slice(128).to_a.each do |coords|
         res_json = JSON.parse(call_oss_index({ 'coordinates' => coords }))
-        cached_server_response = cached_server_response.concat(res_json)
+        cached_server_response.concat(res_json)
         @db.save_values_to_db(res_json)
       end
 
@@ -57,15 +56,15 @@ module Chelsea
 
     private
 
-    def _cache(coordinates)
+    def _cache(coordinates) # rubocop:disable Metrics/MethodLength
       new_coords = { 'coordinates' => [] }
       cached_server_response = []
       coordinates['coordinates'].each do |coord|
         record = @db.get_cached_value_from_db(coord)
-        if !record.nil?
-          cached_server_response << record
-        else
+        if record.nil?
           new_coords['coordinates'].push(coord)
+        else
+          cached_server_response << record
         end
       end
       [new_coords, cached_server_response]

data/lib/chelsea/spinner.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -18,6 +20,7 @@ require 'tty-spinner'
 require 'pastel'
 
 module Chelsea
+  # the spinner we use in Chelsea, needs work
   class Spinner
     def initialize
       @pastel = Pastel.new

data/lib/chelsea/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 #
 # Copyright 2019-Present Sonatype Inc.
 #
@@ -15,5 +17,5 @@
 #
 
 module Chelsea
-  VERSION = '0.0.27'.freeze
+  VERSION = '0.0.28'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chelsea
 version: !ruby/object:Gem::Version
-  version: 0.0.27
+  version: 0.0.28
 platform: ruby
 authors:
 - Allister Beharry
@@ -11,109 +11,109 @@ cert_chain: []
 date: 2021-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: tty-font
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.5.0
+        version: 1.2.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.5.0
+        version: 1.2.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
-  name: tty-spinner
+  name: ox
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.3
+        version: 2.13.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.3
+        version: 2.13.2
 - !ruby/object:Gem::Dependency
-  name: slop
+  name: pastel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.8.1
+        version: 0.7.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.8.1
+        version: 0.7.2
 - !ruby/object:Gem::Dependency
-  name: pastel
+  name: rest-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 2.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 2.0.2
 - !ruby/object:Gem::Dependency
-  name: rest-client
+  name: slop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.2
+        version: 4.8.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.2
+        version: 4.8.1
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: tty-font
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.2.0
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: 0.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.2.0
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: 0.5.0
 - !ruby/object:Gem::Dependency
-  name: ox
+  name: tty-spinner
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.13.2
+        version: 0.9.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.13.2
+        version: 0.9.3
 - !ruby/object:Gem::Dependency
   name: tty-table
   requirement: !ruby/object:Gem::Requirement
@@ -128,6 +128,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.11.0
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 11.1.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 11.1.2
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -184,20 +198,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 3.8.3
-- !ruby/object:Gem::Dependency
-  name: byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 11.1.2
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 11.1.2
 description: 
 email:
 - allister.beharry@gmail.com
@@ -217,6 +217,7 @@ files:
 - ".github/pull_request_template.md"
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".vscode/launch.json"
 - CODE_OF_CONDUCT.md
 - CONTRIBUTORS.md
@@ -267,7 +268,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.6.6
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="