dependagrab 0.1.1 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGE_LOG.md +13 -0
- data/Dockerfile +8 -0
- data/Gemfile.lock +4 -4
- data/dependagrab.gemspec +1 -1
- data/lib/dependagrab/cli.rb +4 -7
- data/lib/dependagrab/file_writer.rb +12 -7
- data/lib/dependagrab/gh_api.rb +1 -1
- data/lib/dependagrab/github_client.rb +0 -2
- data/lib/dependagrab/version.rb +1 -1
- data/lib/dependagrab.rb +3 -0
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cd35ef0ade298a293c34027c89bfdb351610bf2ccbaf2101492153b9e605b20a
|
|
4
|
+
data.tar.gz: 5645015e5ba4cb5ec457001cc9125e10f50c5fe9458b53b79b117b23f3549065
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d73f942dd1c05ef4b923e874917d5d3d7752e2a7e85755f431161d41d02a5d9e82d98dd60af6ad92cada4203dfd7433b474af5c7244ce0e386b899156c3a249b
|
|
7
|
+
data.tar.gz: a4a915c49803c23ab5a782d905833243f720070fc440a4e285f43386da9560a6db9358c112396e3c8e0895b782f18eaece6e3c68472ad81107677c2677489cae
|
data/CHANGE_LOG.md
CHANGED
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
# V0.1.5
|
|
2
|
+
Fix when there is no CWE present
|
|
3
|
+
|
|
4
|
+
# V0.1.4 (broken)
|
|
5
|
+
Fix when there is no CWE present
|
|
6
|
+
Improve error logging
|
|
7
|
+
|
|
8
|
+
# V0.1.3
|
|
9
|
+
Fix add support for repos names with dots in them.
|
|
10
|
+
|
|
11
|
+
# V0.1.2
|
|
12
|
+
Fix require paths
|
|
13
|
+
|
|
1
14
|
# V0.1.1
|
|
2
15
|
Fix executable config
|
|
3
16
|
|
data/Dockerfile
ADDED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
dependagrab (0.1.
|
|
4
|
+
dependagrab (0.1.5)
|
|
5
5
|
graphql-client (= 0.17.0)
|
|
6
6
|
|
|
7
7
|
GEM
|
|
@@ -46,14 +46,14 @@ GEM
|
|
|
46
46
|
zeitwerk (2.5.1)
|
|
47
47
|
|
|
48
48
|
PLATFORMS
|
|
49
|
-
|
|
49
|
+
x86_64-linux
|
|
50
50
|
|
|
51
51
|
DEPENDENCIES
|
|
52
|
-
bundler (~>
|
|
52
|
+
bundler (~> 2.2)
|
|
53
53
|
dependagrab!
|
|
54
54
|
pry (~> 0.14)
|
|
55
55
|
rake (~> 10.0)
|
|
56
56
|
rspec (~> 3.0)
|
|
57
57
|
|
|
58
58
|
BUNDLED WITH
|
|
59
|
-
|
|
59
|
+
2.2.32
|
data/dependagrab.gemspec
CHANGED
|
@@ -39,7 +39,7 @@ Gem::Specification.new do |spec|
|
|
|
39
39
|
spec.require_paths = ["lib", "static"]
|
|
40
40
|
|
|
41
41
|
spec.add_dependency "graphql-client", "0.17.0"
|
|
42
|
-
spec.add_development_dependency "bundler", "~>
|
|
42
|
+
spec.add_development_dependency "bundler", "~> 2.2"
|
|
43
43
|
spec.add_development_dependency "rake", "~> 10.0"
|
|
44
44
|
spec.add_development_dependency "rspec", "~> 3.0"
|
|
45
45
|
spec.add_development_dependency "pry", "~> 0.14"
|
data/lib/dependagrab/cli.rb
CHANGED
|
@@ -2,9 +2,6 @@ require 'getoptlong'
|
|
|
2
2
|
require 'dependagrab'
|
|
3
3
|
|
|
4
4
|
module Dependagrab
|
|
5
|
-
require 'dependagrab/console_writer'
|
|
6
|
-
require 'dependagrab/file_writer'
|
|
7
|
-
|
|
8
5
|
class CLI
|
|
9
6
|
def self.start
|
|
10
7
|
opts = GetoptLong.new(
|
|
@@ -13,7 +10,6 @@ module Dependagrab
|
|
|
13
10
|
[ '--output', '-o', GetoptLong::REQUIRED_ARGUMENT ],
|
|
14
11
|
)
|
|
15
12
|
|
|
16
|
-
|
|
17
13
|
options = {}
|
|
18
14
|
|
|
19
15
|
begin
|
|
@@ -40,8 +36,8 @@ module Dependagrab
|
|
|
40
36
|
end
|
|
41
37
|
|
|
42
38
|
repo = ARGV.shift
|
|
43
|
-
_, options[:owner], options[:repo] = repo.split /([\
|
|
44
|
-
if
|
|
39
|
+
_, options[:owner], options[:repo] = repo.split /([\w_-]+)\/([\w._-]+)$/
|
|
40
|
+
if options[:owner].nil? || options[:repo].nil?
|
|
45
41
|
STDERR.puts "Invalid REPO format"
|
|
46
42
|
exit 1
|
|
47
43
|
end
|
|
@@ -60,7 +56,8 @@ module Dependagrab
|
|
|
60
56
|
puts "#{result[:alerts].count} dependency warnings written to '#{options.fetch(:output)}'"
|
|
61
57
|
rescue => e
|
|
62
58
|
STDERR.puts "Failed to write file '#{options.fetch(:output)}'"
|
|
63
|
-
STDERR.puts e.message
|
|
59
|
+
STDERR.puts "#{e.message} (set DEBUG=true for detailed backtrace)"
|
|
60
|
+
STDERR.puts e.backtrace if ENV['DEBUG']
|
|
64
61
|
exit 1
|
|
65
62
|
end
|
|
66
63
|
else
|
|
@@ -59,13 +59,18 @@ module Dependagrab
|
|
|
59
59
|
version: alert[:vulnerable_version_range],
|
|
60
60
|
issueType: "VULNERABILITY",
|
|
61
61
|
},
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
62
|
+
}.tap do |finding|
|
|
63
|
+
# Only add CWE when present
|
|
64
|
+
if alert[:cwe]
|
|
65
|
+
finding[:mappings] = [
|
|
66
|
+
{
|
|
67
|
+
mappingType: "CWE",
|
|
68
|
+
value: alert[:cwe][4..],
|
|
69
|
+
}
|
|
70
|
+
]
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
end
|
|
69
74
|
end
|
|
70
75
|
end
|
|
71
76
|
end
|
data/lib/dependagrab/gh_api.rb
CHANGED
|
@@ -4,7 +4,7 @@ require "graphql/client/http"
|
|
|
4
4
|
module Dependagrab
|
|
5
5
|
module GHAPI
|
|
6
6
|
GRAPHQL_API = "https://api.github.com/graphql"
|
|
7
|
-
SCHEMA_PATH = "static/gh_schema.json"
|
|
7
|
+
SCHEMA_PATH = File.join(File.expand_path('../../', File.dirname(__FILE__)), "static/gh_schema.json")
|
|
8
8
|
|
|
9
9
|
# Configure GraphQL endpoint using the basic HTTP network adapter.
|
|
10
10
|
HTTP = GraphQL::Client::HTTP.new(GRAPHQL_API) do
|
data/lib/dependagrab/version.rb
CHANGED
data/lib/dependagrab.rb
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
module Dependagrab
|
|
2
2
|
require "dependagrab/version"
|
|
3
|
+
require 'dependagrab/gh_api'
|
|
3
4
|
require "dependagrab/github_client"
|
|
5
|
+
require "dependagrab/console_writer"
|
|
6
|
+
require "dependagrab/file_writer"
|
|
4
7
|
|
|
5
8
|
class Error < StandardError; end
|
|
6
9
|
class MissingConfigError < Dependagrab::Error; end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependagrab
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dave Elliott
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-12-
|
|
11
|
+
date: 2021-12-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: graphql-client
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '2.2'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
40
|
+
version: '2.2'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rake
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -92,6 +92,7 @@ files:
|
|
|
92
92
|
- ".rspec"
|
|
93
93
|
- ".travis.yml"
|
|
94
94
|
- CHANGE_LOG.md
|
|
95
|
+
- Dockerfile
|
|
95
96
|
- Gemfile
|
|
96
97
|
- Gemfile.lock
|
|
97
98
|
- LICENSE
|
|
@@ -132,7 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
132
133
|
- !ruby/object:Gem::Version
|
|
133
134
|
version: '0'
|
|
134
135
|
requirements: []
|
|
135
|
-
rubygems_version: 3.
|
|
136
|
+
rubygems_version: 3.2.32
|
|
136
137
|
signing_key:
|
|
137
138
|
specification_version: 4
|
|
138
139
|
summary: Utility for extracting dependency warnings from GitHub
|