dependency_spy 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. checksums.yaml +7 -0
  2. data/.circleci/config.yml +41 -0
  3. data/.gitignore +114 -0
  4. data/.rspec +3 -0
  5. data/.rubocop.yml +333 -0
  6. data/.ruby-version +1 -0
  7. data/CODE_OF_CONDUCT.md +74 -0
  8. data/Gemfile +3 -0
  9. data/Gemfile.lock +114 -0
  10. data/LICENSE +661 -0
  11. data/README.md +94 -0
  12. data/Rakefile +6 -0
  13. data/bin/console +7 -0
  14. data/bin/dependency_spy +5 -0
  15. data/bin/depspy +3 -0
  16. data/bin/setup +8 -0
  17. data/dependency_spy.gemspec +42 -0
  18. data/examples/Gemfile +6 -0
  19. data/examples/Gemfile.lock +80 -0
  20. data/examples/npm-shrinkwrap.json +3823 -0
  21. data/examples/package.json +85 -0
  22. data/examples/yarn.lock +3010 -0
  23. data/lib/dependency_spy.rb +102 -0
  24. data/lib/dependency_spy/cli.rb +71 -0
  25. data/lib/dependency_spy/dtos/dependency.rb +77 -0
  26. data/lib/dependency_spy/formatters/json.rb +40 -0
  27. data/lib/dependency_spy/formatters/text.rb +53 -0
  28. data/lib/dependency_spy/formatters/yaml.rb +40 -0
  29. data/lib/dependency_spy/outputs/file.rb +33 -0
  30. data/lib/dependency_spy/outputs/stdout.rb +27 -0
  31. data/lib/dependency_spy/semver.rb +71 -0
  32. data/lib/dependency_spy/version.rb +21 -0
  33. metadata +246 -0
data/lib/dependency_spy/semver.rb ADDED
@@ -0,0 +1,71 @@
1
+ # dependency_spy - Finds known vulnerabilities in your dependencies
2
+ # Copyright (C) 2017-2018 Rodrigo Fernandes
3
+ #
4
+ # This program is free software: you can redistribute it and/or modify
5
+ # it under the terms of the GNU Affero General Public License as
6
+ # published by the Free Software Foundation, either version 3 of the
7
+ # License, or (at your option) any later version.
8
+ #
9
+ # This program is distributed in the hope that it will be useful,
10
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
11
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
+ # GNU Affero General Public License for more details.
13
+ #
14
+ # You should have received a copy of the GNU Affero General Public License
15
+ # along with this program. If not, see <http://www.gnu.org/licenses/>.
16
+
17
+ require 'semantic_range'
18
+
19
+ module DependencySpy
20
+
21
+ class SemVer
22
+
23
+ def self.intersects(vor1, vor2)
24
+ vor1 = parse(vor1) if vor1.is_a?(String)
25
+ vor2 = parse(vor2) if vor2.is_a?(String)
26
+
27
+ if vor1.is_a?(SemanticRange::Range) && vor2.is_a?(SemanticRange::Range)
28
+ vor1.intersects(vor2)
29
+ elsif vor1.is_a?(SemanticRange::Range) && vor2.is_a?(SemanticRange::Version)
30
+ SemanticRange.satisfies(vor2, vor1)
31
+ elsif vor1.is_a?(SemanticRange::Version) && vor2.is_a?(SemanticRange::Range)
32
+ SemanticRange.satisfies(vor1, vor2)
33
+ elsif vor1.is_a?(SemanticRange::Version) && vor2.is_a?(SemanticRange::Version)
34
+ SemanticRange.eq(vor1, vor2)
35
+ else
36
+ vor1 == vor2
37
+ end
38
+ end
39
+
40
+ class << self
41
+
42
+ private
43
+
44
+ def parse(version_or_range, loose = false)
45
+ return version_or_range if version_or_range.is_a?(SemanticRange::Range) ||
46
+ version_or_range.is_a?(SemanticRange::Version)
47
+
48
+ begin
49
+ SemanticRange::Version.new(version_or_range, loose)
50
+ rescue SemanticRange::InvalidVersion
51
+ begin
52
+ SemanticRange::Range.new(version_or_range, loose)
53
+ rescue SemanticRange::InvalidRange
54
+ version_or_range
55
+ end
56
+ end
57
+ end
58
+
59
+ end
60
+
61
+ end
62
+
63
+ class ImpossibleComparison < StandardError
64
+
65
+ def initialize(msg)
66
+ @msg = msg
67
+ end
68
+
69
+ end
70
+
71
+ end
data/lib/dependency_spy/version.rb ADDED
@@ -0,0 +1,21 @@
1
+ # dependency_spy - Finds known vulnerabilities in your dependencies
2
+ # Copyright (C) 2017-2018 Rodrigo Fernandes
3
+ #
4
+ # This program is free software: you can redistribute it and/or modify
5
+ # it under the terms of the GNU Affero General Public License as
6
+ # published by the Free Software Foundation, either version 3 of the
7
+ # License, or (at your option) any later version.
8
+ #
9
+ # This program is distributed in the hope that it will be useful,
10
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
11
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
+ # GNU Affero General Public License for more details.
13
+ #
14
+ # You should have received a copy of the GNU Affero General Public License
15
+ # along with this program. If not, see <http://www.gnu.org/licenses/>.
16
+
17
+ module DependencySpy
18
+
19
+ VERSION = '0.1.3'
20
+
21
+ end
metadata ADDED
@@ -0,0 +1,246 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: dependency_spy
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.3
5
+ platform: ruby
6
+ authors:
7
+ - Rodrigo Fernandes
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2018-09-25 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.16'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.16'
27
+ - !ruby/object:Gem::Dependency
28
+ name: codacy-coverage
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '12.3'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '12.3'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3.8'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3.8'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec-collection_matchers
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.1'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.1'
83
+ - !ruby/object:Gem::Dependency
84
+ name: simplecov
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rubocop
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '0.59'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '0.59'
111
+ - !ruby/object:Gem::Dependency
112
+ name: rubocop-rspec
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '1.29'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '1.29'
125
+ - !ruby/object:Gem::Dependency
126
+ name: bibliothecary
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '6.3'
132
+ type: :runtime
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '6.3'
139
+ - !ruby/object:Gem::Dependency
140
+ name: semantic_range
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: '2.1'
146
+ type: :runtime
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: '2.1'
153
+ - !ruby/object:Gem::Dependency
154
+ name: thor
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: '0.20'
160
+ type: :runtime
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - "~>"
165
+ - !ruby/object:Gem::Version
166
+ version: '0.20'
167
+ - !ruby/object:Gem::Dependency
168
+ name: yavdb
169
+ requirement: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - "~>"
172
+ - !ruby/object:Gem::Version
173
+ version: '0.1'
174
+ type: :runtime
175
+ prerelease: false
176
+ version_requirements: !ruby/object:Gem::Requirement
177
+ requirements:
178
+ - - "~>"
179
+ - !ruby/object:Gem::Version
180
+ version: '0.1'
181
+ description: "\n Finds known vulnerabilities in your dependencies\n Using rubysec/ruby-advisory-db,
182
+ snyk.io, ossindex.net, nodesecurity.io\n "
183
+ email:
184
+ - rodrigo.fernandes@tecnico.ulisboa.pt
185
+ executables:
186
+ - dependency_spy
187
+ - depspy
188
+ extensions: []
189
+ extra_rdoc_files: []
190
+ files:
191
+ - ".circleci/config.yml"
192
+ - ".gitignore"
193
+ - ".rspec"
194
+ - ".rubocop.yml"
195
+ - ".ruby-version"
196
+ - CODE_OF_CONDUCT.md
197
+ - Gemfile
198
+ - Gemfile.lock
199
+ - LICENSE
200
+ - README.md
201
+ - Rakefile
202
+ - bin/console
203
+ - bin/dependency_spy
204
+ - bin/depspy
205
+ - bin/setup
206
+ - dependency_spy.gemspec
207
+ - examples/Gemfile
208
+ - examples/Gemfile.lock
209
+ - examples/npm-shrinkwrap.json
210
+ - examples/package.json
211
+ - examples/yarn.lock
212
+ - lib/dependency_spy.rb
213
+ - lib/dependency_spy/cli.rb
214
+ - lib/dependency_spy/dtos/dependency.rb
215
+ - lib/dependency_spy/formatters/json.rb
216
+ - lib/dependency_spy/formatters/text.rb
217
+ - lib/dependency_spy/formatters/yaml.rb
218
+ - lib/dependency_spy/outputs/file.rb
219
+ - lib/dependency_spy/outputs/stdout.rb
220
+ - lib/dependency_spy/semver.rb
221
+ - lib/dependency_spy/version.rb
222
+ homepage: https://github.com/rtfpessoa/dependency_spy
223
+ licenses:
224
+ - AGPL-3.0+
225
+ metadata: {}
226
+ post_install_message:
227
+ rdoc_options: []
228
+ require_paths:
229
+ - lib
230
+ required_ruby_version: !ruby/object:Gem::Requirement
231
+ requirements:
232
+ - - ">="
233
+ - !ruby/object:Gem::Version
234
+ version: 2.3.7
235
+ required_rubygems_version: !ruby/object:Gem::Requirement
236
+ requirements:
237
+ - - ">="
238
+ - !ruby/object:Gem::Version
239
+ version: '0'
240
+ requirements: []
241
+ rubyforge_project:
242
+ rubygems_version: 2.5.2.3
243
+ signing_key:
244
+ specification_version: 4
245
+ summary: Finds known vulnerabilities in your dependencies
246
+ test_files: []