dependagrab 0.1.1 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGE_LOG.md +13 -0
- data/Dockerfile +8 -0
- data/Gemfile.lock +4 -4
- data/dependagrab.gemspec +1 -1
- data/lib/dependagrab/cli.rb +4 -7
- data/lib/dependagrab/file_writer.rb +12 -7
- data/lib/dependagrab/gh_api.rb +1 -1
- data/lib/dependagrab/github_client.rb +0 -2
- data/lib/dependagrab/version.rb +1 -1
- data/lib/dependagrab.rb +3 -0
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cd35ef0ade298a293c34027c89bfdb351610bf2ccbaf2101492153b9e605b20a
|
|
4
|
+
data.tar.gz: 5645015e5ba4cb5ec457001cc9125e10f50c5fe9458b53b79b117b23f3549065
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d73f942dd1c05ef4b923e874917d5d3d7752e2a7e85755f431161d41d02a5d9e82d98dd60af6ad92cada4203dfd7433b474af5c7244ce0e386b899156c3a249b
|
|
7
|
+
data.tar.gz: a4a915c49803c23ab5a782d905833243f720070fc440a4e285f43386da9560a6db9358c112396e3c8e0895b782f18eaece6e3c68472ad81107677c2677489cae
|
data/CHANGE_LOG.md
CHANGED
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
# V0.1.5
|
|
2
|
+
Fix when there is no CWE present
|
|
3
|
+
|
|
4
|
+
# V0.1.4 (broken)
|
|
5
|
+
Fix when there is no CWE present
|
|
6
|
+
Improve error logging
|
|
7
|
+
|
|
8
|
+
# V0.1.3
|
|
9
|
+
Fix add support for repos names with dots in them.
|
|
10
|
+
|
|
11
|
+
# V0.1.2
|
|
12
|
+
Fix require paths
|
|
13
|
+
|
|
1
14
|
# V0.1.1
|
|
2
15
|
Fix executable config
|
|
3
16
|
|
data/Dockerfile
ADDED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
dependagrab (0.1.
|
|
4
|
+
dependagrab (0.1.5)
|
|
5
5
|
graphql-client (= 0.17.0)
|
|
6
6
|
|
|
7
7
|
GEM
|
|
@@ -46,14 +46,14 @@ GEM
|
|
|
46
46
|
zeitwerk (2.5.1)
|
|
47
47
|
|
|
48
48
|
PLATFORMS
|
|
49
|
-
|
|
49
|
+
x86_64-linux
|
|
50
50
|
|
|
51
51
|
DEPENDENCIES
|
|
52
|
-
bundler (~>
|
|
52
|
+
bundler (~> 2.2)
|
|
53
53
|
dependagrab!
|
|
54
54
|
pry (~> 0.14)
|
|
55
55
|
rake (~> 10.0)
|
|
56
56
|
rspec (~> 3.0)
|
|
57
57
|
|
|
58
58
|
BUNDLED WITH
|
|
59
|
-
|
|
59
|
+
2.2.32
|
data/dependagrab.gemspec
CHANGED
|
@@ -39,7 +39,7 @@ Gem::Specification.new do |spec|
|
|
|
39
39
|
spec.require_paths = ["lib", "static"]
|
|
40
40
|
|
|
41
41
|
spec.add_dependency "graphql-client", "0.17.0"
|
|
42
|
-
spec.add_development_dependency "bundler", "~>
|
|
42
|
+
spec.add_development_dependency "bundler", "~> 2.2"
|
|
43
43
|
spec.add_development_dependency "rake", "~> 10.0"
|
|
44
44
|
spec.add_development_dependency "rspec", "~> 3.0"
|
|
45
45
|
spec.add_development_dependency "pry", "~> 0.14"
|
data/lib/dependagrab/cli.rb
CHANGED
|
@@ -2,9 +2,6 @@ require 'getoptlong'
|
|
|
2
2
|
require 'dependagrab'
|
|
3
3
|
|
|
4
4
|
module Dependagrab
|
|
5
|
-
require 'dependagrab/console_writer'
|
|
6
|
-
require 'dependagrab/file_writer'
|
|
7
|
-
|
|
8
5
|
class CLI
|
|
9
6
|
def self.start
|
|
10
7
|
opts = GetoptLong.new(
|
|
@@ -13,7 +10,6 @@ module Dependagrab
|
|
|
13
10
|
[ '--output', '-o', GetoptLong::REQUIRED_ARGUMENT ],
|
|
14
11
|
)
|
|
15
12
|
|
|
16
|
-
|
|
17
13
|
options = {}
|
|
18
14
|
|
|
19
15
|
begin
|
|
@@ -40,8 +36,8 @@ module Dependagrab
|
|
|
40
36
|
end
|
|
41
37
|
|
|
42
38
|
repo = ARGV.shift
|
|
43
|
-
_, options[:owner], options[:repo] = repo.split /([\
|
|
44
|
-
if
|
|
39
|
+
_, options[:owner], options[:repo] = repo.split /([\w_-]+)\/([\w._-]+)$/
|
|
40
|
+
if options[:owner].nil? || options[:repo].nil?
|
|
45
41
|
STDERR.puts "Invalid REPO format"
|
|
46
42
|
exit 1
|
|
47
43
|
end
|
|
@@ -60,7 +56,8 @@ module Dependagrab
|
|
|
60
56
|
puts "#{result[:alerts].count} dependency warnings written to '#{options.fetch(:output)}'"
|
|
61
57
|
rescue => e
|
|
62
58
|
STDERR.puts "Failed to write file '#{options.fetch(:output)}'"
|
|
63
|
-
STDERR.puts e.message
|
|
59
|
+
STDERR.puts "#{e.message} (set DEBUG=true for detailed backtrace)"
|
|
60
|
+
STDERR.puts e.backtrace if ENV['DEBUG']
|
|
64
61
|
exit 1
|
|
65
62
|
end
|
|
66
63
|
else
|
|
@@ -59,13 +59,18 @@ module Dependagrab
|
|
|
59
59
|
version: alert[:vulnerable_version_range],
|
|
60
60
|
issueType: "VULNERABILITY",
|
|
61
61
|
},
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
62
|
+
}.tap do |finding|
|
|
63
|
+
# Only add CWE when present
|
|
64
|
+
if alert[:cwe]
|
|
65
|
+
finding[:mappings] = [
|
|
66
|
+
{
|
|
67
|
+
mappingType: "CWE",
|
|
68
|
+
value: alert[:cwe][4..],
|
|
69
|
+
}
|
|
70
|
+
]
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
end
|
|
69
74
|
end
|
|
70
75
|
end
|
|
71
76
|
end
|
data/lib/dependagrab/gh_api.rb
CHANGED
|
@@ -4,7 +4,7 @@ require "graphql/client/http"
|
|
|
4
4
|
module Dependagrab
|
|
5
5
|
module GHAPI
|
|
6
6
|
GRAPHQL_API = "https://api.github.com/graphql"
|
|
7
|
-
SCHEMA_PATH = "static/gh_schema.json"
|
|
7
|
+
SCHEMA_PATH = File.join(File.expand_path('../../', File.dirname(__FILE__)), "static/gh_schema.json")
|
|
8
8
|
|
|
9
9
|
# Configure GraphQL endpoint using the basic HTTP network adapter.
|
|
10
10
|
HTTP = GraphQL::Client::HTTP.new(GRAPHQL_API) do
|
data/lib/dependagrab/version.rb
CHANGED
data/lib/dependagrab.rb
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
module Dependagrab
|
|
2
2
|
require "dependagrab/version"
|
|
3
|
+
require 'dependagrab/gh_api'
|
|
3
4
|
require "dependagrab/github_client"
|
|
5
|
+
require "dependagrab/console_writer"
|
|
6
|
+
require "dependagrab/file_writer"
|
|
4
7
|
|
|
5
8
|
class Error < StandardError; end
|
|
6
9
|
class MissingConfigError < Dependagrab::Error; end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependagrab
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dave Elliott
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-12-
|
|
11
|
+
date: 2021-12-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: graphql-client
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '2.2'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
40
|
+
version: '2.2'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rake
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -92,6 +92,7 @@ files:
|
|
|
92
92
|
- ".rspec"
|
|
93
93
|
- ".travis.yml"
|
|
94
94
|
- CHANGE_LOG.md
|
|
95
|
+
- Dockerfile
|
|
95
96
|
- Gemfile
|
|
96
97
|
- Gemfile.lock
|
|
97
98
|
- LICENSE
|
|
@@ -132,7 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
132
133
|
- !ruby/object:Gem::Version
|
|
133
134
|
version: '0'
|
|
134
135
|
requirements: []
|
|
135
|
-
rubygems_version: 3.
|
|
136
|
+
rubygems_version: 3.2.32
|
|
136
137
|
signing_key:
|
|
137
138
|
specification_version: 4
|
|
138
139
|
summary: Utility for extracting dependency warnings from GitHub
|