dependency_spy 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.circleci/config.yml +41 -0
- data/.gitignore +114 -0
- data/.rspec +3 -0
- data/.rubocop.yml +333 -0
- data/.ruby-version +1 -0
- data/CODE_OF_CONDUCT.md +74 -0
- data/Gemfile +3 -0
- data/Gemfile.lock +114 -0
- data/LICENSE +661 -0
- data/README.md +94 -0
- data/Rakefile +6 -0
- data/bin/console +7 -0
- data/bin/dependency_spy +5 -0
- data/bin/depspy +3 -0
- data/bin/setup +8 -0
- data/dependency_spy.gemspec +42 -0
- data/examples/Gemfile +6 -0
- data/examples/Gemfile.lock +80 -0
- data/examples/npm-shrinkwrap.json +3823 -0
- data/examples/package.json +85 -0
- data/examples/yarn.lock +3010 -0
- data/lib/dependency_spy.rb +102 -0
- data/lib/dependency_spy/cli.rb +71 -0
- data/lib/dependency_spy/dtos/dependency.rb +77 -0
- data/lib/dependency_spy/formatters/json.rb +40 -0
- data/lib/dependency_spy/formatters/text.rb +53 -0
- data/lib/dependency_spy/formatters/yaml.rb +40 -0
- data/lib/dependency_spy/outputs/file.rb +33 -0
- data/lib/dependency_spy/outputs/stdout.rb +27 -0
- data/lib/dependency_spy/semver.rb +71 -0
- data/lib/dependency_spy/version.rb +21 -0
- metadata +246 -0
@@ -0,0 +1,71 @@
|
|
1
|
+
# dependency_spy - Finds known vulnerabilities in your dependencies
|
2
|
+
# Copyright (C) 2017-2018 Rodrigo Fernandes
|
3
|
+
#
|
4
|
+
# This program is free software: you can redistribute it and/or modify
|
5
|
+
# it under the terms of the GNU Affero General Public License as
|
6
|
+
# published by the Free Software Foundation, either version 3 of the
|
7
|
+
# License, or (at your option) any later version.
|
8
|
+
#
|
9
|
+
# This program is distributed in the hope that it will be useful,
|
10
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
11
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
12
|
+
# GNU Affero General Public License for more details.
|
13
|
+
#
|
14
|
+
# You should have received a copy of the GNU Affero General Public License
|
15
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
16
|
+
|
17
|
+
require 'semantic_range'
|
18
|
+
|
19
|
+
module DependencySpy
|
20
|
+
|
21
|
+
class SemVer
|
22
|
+
|
23
|
+
def self.intersects(vor1, vor2)
|
24
|
+
vor1 = parse(vor1) if vor1.is_a?(String)
|
25
|
+
vor2 = parse(vor2) if vor2.is_a?(String)
|
26
|
+
|
27
|
+
if vor1.is_a?(SemanticRange::Range) && vor2.is_a?(SemanticRange::Range)
|
28
|
+
vor1.intersects(vor2)
|
29
|
+
elsif vor1.is_a?(SemanticRange::Range) && vor2.is_a?(SemanticRange::Version)
|
30
|
+
SemanticRange.satisfies(vor2, vor1)
|
31
|
+
elsif vor1.is_a?(SemanticRange::Version) && vor2.is_a?(SemanticRange::Range)
|
32
|
+
SemanticRange.satisfies(vor1, vor2)
|
33
|
+
elsif vor1.is_a?(SemanticRange::Version) && vor2.is_a?(SemanticRange::Version)
|
34
|
+
SemanticRange.eq(vor1, vor2)
|
35
|
+
else
|
36
|
+
vor1 == vor2
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
class << self
|
41
|
+
|
42
|
+
private
|
43
|
+
|
44
|
+
def parse(version_or_range, loose = false)
|
45
|
+
return version_or_range if version_or_range.is_a?(SemanticRange::Range) ||
|
46
|
+
version_or_range.is_a?(SemanticRange::Version)
|
47
|
+
|
48
|
+
begin
|
49
|
+
SemanticRange::Version.new(version_or_range, loose)
|
50
|
+
rescue SemanticRange::InvalidVersion
|
51
|
+
begin
|
52
|
+
SemanticRange::Range.new(version_or_range, loose)
|
53
|
+
rescue SemanticRange::InvalidRange
|
54
|
+
version_or_range
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
end
|
60
|
+
|
61
|
+
end
|
62
|
+
|
63
|
+
class ImpossibleComparison < StandardError
|
64
|
+
|
65
|
+
def initialize(msg)
|
66
|
+
@msg = msg
|
67
|
+
end
|
68
|
+
|
69
|
+
end
|
70
|
+
|
71
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# dependency_spy - Finds known vulnerabilities in your dependencies
|
2
|
+
# Copyright (C) 2017-2018 Rodrigo Fernandes
|
3
|
+
#
|
4
|
+
# This program is free software: you can redistribute it and/or modify
|
5
|
+
# it under the terms of the GNU Affero General Public License as
|
6
|
+
# published by the Free Software Foundation, either version 3 of the
|
7
|
+
# License, or (at your option) any later version.
|
8
|
+
#
|
9
|
+
# This program is distributed in the hope that it will be useful,
|
10
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
11
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
12
|
+
# GNU Affero General Public License for more details.
|
13
|
+
#
|
14
|
+
# You should have received a copy of the GNU Affero General Public License
|
15
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
16
|
+
|
17
|
+
module DependencySpy
|
18
|
+
|
19
|
+
VERSION = '0.1.3'
|
20
|
+
|
21
|
+
end
|
metadata
ADDED
@@ -0,0 +1,246 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: dependency_spy
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.3
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Rodrigo Fernandes
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2018-09-25 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.16'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.16'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: codacy-coverage
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '12.3'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '12.3'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '3.8'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '3.8'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rspec-collection_matchers
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '1.1'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '1.1'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: simplecov
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: rubocop
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0.59'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0.59'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: rubocop-rspec
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '1.29'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '1.29'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: bibliothecary
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '6.3'
|
132
|
+
type: :runtime
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '6.3'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: semantic_range
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '2.1'
|
146
|
+
type: :runtime
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '2.1'
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: thor
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - "~>"
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: '0.20'
|
160
|
+
type: :runtime
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - "~>"
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: '0.20'
|
167
|
+
- !ruby/object:Gem::Dependency
|
168
|
+
name: yavdb
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - "~>"
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '0.1'
|
174
|
+
type: :runtime
|
175
|
+
prerelease: false
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
177
|
+
requirements:
|
178
|
+
- - "~>"
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '0.1'
|
181
|
+
description: "\n Finds known vulnerabilities in your dependencies\n Using rubysec/ruby-advisory-db,
|
182
|
+
snyk.io, ossindex.net, nodesecurity.io\n "
|
183
|
+
email:
|
184
|
+
- rodrigo.fernandes@tecnico.ulisboa.pt
|
185
|
+
executables:
|
186
|
+
- dependency_spy
|
187
|
+
- depspy
|
188
|
+
extensions: []
|
189
|
+
extra_rdoc_files: []
|
190
|
+
files:
|
191
|
+
- ".circleci/config.yml"
|
192
|
+
- ".gitignore"
|
193
|
+
- ".rspec"
|
194
|
+
- ".rubocop.yml"
|
195
|
+
- ".ruby-version"
|
196
|
+
- CODE_OF_CONDUCT.md
|
197
|
+
- Gemfile
|
198
|
+
- Gemfile.lock
|
199
|
+
- LICENSE
|
200
|
+
- README.md
|
201
|
+
- Rakefile
|
202
|
+
- bin/console
|
203
|
+
- bin/dependency_spy
|
204
|
+
- bin/depspy
|
205
|
+
- bin/setup
|
206
|
+
- dependency_spy.gemspec
|
207
|
+
- examples/Gemfile
|
208
|
+
- examples/Gemfile.lock
|
209
|
+
- examples/npm-shrinkwrap.json
|
210
|
+
- examples/package.json
|
211
|
+
- examples/yarn.lock
|
212
|
+
- lib/dependency_spy.rb
|
213
|
+
- lib/dependency_spy/cli.rb
|
214
|
+
- lib/dependency_spy/dtos/dependency.rb
|
215
|
+
- lib/dependency_spy/formatters/json.rb
|
216
|
+
- lib/dependency_spy/formatters/text.rb
|
217
|
+
- lib/dependency_spy/formatters/yaml.rb
|
218
|
+
- lib/dependency_spy/outputs/file.rb
|
219
|
+
- lib/dependency_spy/outputs/stdout.rb
|
220
|
+
- lib/dependency_spy/semver.rb
|
221
|
+
- lib/dependency_spy/version.rb
|
222
|
+
homepage: https://github.com/rtfpessoa/dependency_spy
|
223
|
+
licenses:
|
224
|
+
- AGPL-3.0+
|
225
|
+
metadata: {}
|
226
|
+
post_install_message:
|
227
|
+
rdoc_options: []
|
228
|
+
require_paths:
|
229
|
+
- lib
|
230
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
231
|
+
requirements:
|
232
|
+
- - ">="
|
233
|
+
- !ruby/object:Gem::Version
|
234
|
+
version: 2.3.7
|
235
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
236
|
+
requirements:
|
237
|
+
- - ">="
|
238
|
+
- !ruby/object:Gem::Version
|
239
|
+
version: '0'
|
240
|
+
requirements: []
|
241
|
+
rubyforge_project:
|
242
|
+
rubygems_version: 2.5.2.3
|
243
|
+
signing_key:
|
244
|
+
specification_version: 4
|
245
|
+
summary: Finds known vulnerabilities in your dependencies
|
246
|
+
test_files: []
|