dependency_spy 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4fd249e65300f9e7f1e49970446831638f66d54e
4
- data.tar.gz: f2f0ebc11c4b96b704d27e13c94a05f0497bd5ac
3
+ metadata.gz: 0bd2e870a6e0baec4974d3d1eb6603c73b2d40cd
4
+ data.tar.gz: c07f0e46d2954d97a1787cc06355a97a465a2c64
5
5
  SHA512:
6
- metadata.gz: ef6365eaa9e9155dce4cd67b61bc9227f2231e39a9a1a7b2c77c38780243bdabd93d9cc84e2621a67dec3cd8b16d83539734e16200781480c6e99c7ef761f91f
7
- data.tar.gz: 21277d4f3760c7abe502695be22e3ac7ee7a42b90079c1bab8daf67568a43966bdec6648646c3560fda2397d1b8962b51206ef2f7b69e9ac148ad416ae9bbd8b
6
+ metadata.gz: b8b3607be32c792bc9457a5c67fb539cbbacdfbffd09283c0aacff793c484be82f546ab88d5c6ef4bf23989b2eb47a86e85829e21abf169b6d70ffeedfececda
7
+ data.tar.gz: f9fe9f2185c0dc51514632c4a6b9cd1c2449dd517f369cfc77d5541e00bb2b4fa67f7e464f8db852ed0c984eea49a5283072fdd2ea33e193ba5cbc185854ae42
@@ -1,8 +1,9 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- dependency_spy (0.2.2)
4
+ dependency_spy (0.3.0)
5
5
  bibliothecary (~> 6.3)
6
+ colorize (~> 0.8.1)
6
7
  semantic_range (~> 2.1)
7
8
  thor (~> 0.20)
8
9
  yavdb (~> 0.4)
@@ -23,6 +24,7 @@ GEM
23
24
  citrus (3.0.2)
24
25
  codacy-coverage (2.1.0)
25
26
  simplecov
27
+ colorize (0.8.1)
26
28
  commander (4.4.7)
27
29
  highline (~> 2.0.0)
28
30
  deb_control (0.0.1)
@@ -36,6 +36,7 @@ Gem::Specification.new do |spec|
36
36
 
37
37
  # Runtime
38
38
  spec.add_runtime_dependency 'bibliothecary', ['~> 6.3']
39
+ spec.add_runtime_dependency 'colorize', ['~> 0.8.1']
39
40
  spec.add_runtime_dependency 'semantic_range', ['~> 2.1']
40
41
  spec.add_runtime_dependency 'thor', ['~> 0.20']
41
42
  spec.add_runtime_dependency 'yavdb', ['~> 0.4']
@@ -23,6 +23,7 @@ require_relative 'formatters/json'
23
23
  require_relative 'formatters/yaml'
24
24
  require_relative 'outputs/stdout'
25
25
  require_relative 'outputs/file'
26
+ require_relative 'helper/helper'
26
27
 
27
28
  module DependencySpy
28
29
  class CLI < Thor
@@ -46,14 +47,18 @@ module DependencySpy
46
47
  method_option('output-path', :aliases => :o, :type => :string)
47
48
  method_option('database-path', :type => :string, :aliases => :p, :default => YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH)
48
49
  method_option('offline', :type => :boolean, :default => false)
49
-
50
+ method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES, :default => 'low')
51
+ method_option('with-color', :type => :boolean, :default => true)
50
52
  def check
51
53
  manifests = API.check(options['path'], options['files'], options['platform'], options['database-path'], options['offline'])
52
54
 
53
- formatted_output =
54
- FORMATTERS
55
- .find { |f| f.name.split('::').last.downcase == options['formatter'] }
56
- .format(manifests)
55
+ formatted_output = if (options['formatter'] == 'text') && !options['output-path'] && options['with-color']
56
+ DependencySpy::Formatters::Text.format(manifests, options['severity-threshold'])
57
+ else
58
+ FORMATTERS
59
+ .find { |f| f.name.split('::').last.downcase == options['formatter'] }
60
+ .format(manifests)
61
+ end
57
62
 
58
63
  if options['output-path']
59
64
  DependencySpy::Outputs::FileSystem.write(options['output-path'], formatted_output)
@@ -62,7 +67,13 @@ module DependencySpy
62
67
  end
63
68
 
64
69
  has_vulnerabilities =
65
- manifests.any? { |manifest| manifest[:dependencies]&.any? { |dependency| dependency[:vulnerabilities]&.any? } }
70
+ manifests.any? do |manifest|
71
+ manifest[:dependencies]&.any? do |dependency|
72
+ dependency[:vulnerabilities]&.any? do |vuln|
73
+ DependencySpy::Helper.severity_above_threshold?(vuln.severity, options['severity-threshold'])
74
+ end
75
+ end
76
+ end
66
77
 
67
78
  exit(1) if has_vulnerabilities
68
79
  end
@@ -13,12 +13,14 @@
13
13
  #
14
14
  # You should have received a copy of the GNU Affero General Public License
15
15
  # along with this program. If not, see <http://www.gnu.org/licenses/>.
16
+ require 'colorize'
17
+ require_relative '../helper/helper'
16
18
 
17
19
  module DependencySpy
18
20
  class Formatters
19
21
  class Text
20
22
 
21
- def self.format(manifests)
23
+ def self.format(manifests, severity_threshold = nil)
22
24
  manifests_text = manifests.map do |manifest|
23
25
  manifest_header = "#{manifest.platform}: #{manifest.kind} ~> #{manifest.path} "
24
26
  manifest_body = manifest.dependencies.map do |package|
@@ -29,8 +31,11 @@ module DependencySpy
29
31
  first = " Title: #{vuln.title}\n"
30
32
  second = " Severity: #{(vuln.severity || 'unknown').capitalize}\n"
31
33
  third = " Source: #{vuln.source_url}\n\n"
32
-
33
- "#{first}#{second}#{third}"
34
+ if severity_threshold && DependencySpy::Helper.severity_above_threshold?(vuln.severity, severity_threshold)
35
+ "#{first}#{second}#{third}".red
36
+ else
37
+ "#{first}#{second}#{third}"
38
+ end
34
39
  end
35
40
 
36
41
  "#{package_header}\n#{package_body.join("\n")}"
@@ -0,0 +1,13 @@
1
+ module DependencySpy
2
+ class Helper
3
+
4
+ def self.severity_above_threshold?(severity = 'unknown', severity_threshold)
5
+ return true if severity_threshold == 'low' || severity == 'unknown'
6
+ return ['medium', 'high'].include? severity if severity_threshold == 'medium'
7
+ return severity == 'high' if severity_threshold == 'high'
8
+
9
+ false
10
+ end
11
+
12
+ end
13
+ end
@@ -16,6 +16,6 @@
16
16
 
17
17
  module DependencySpy
18
18
 
19
- VERSION = '0.2.2'
19
+ VERSION = '0.3.0'
20
20
 
21
21
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependency_spy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rodrigo Fernandes
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: '6.3'
139
+ - !ruby/object:Gem::Dependency
140
+ name: colorize
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 0.8.1
146
+ type: :runtime
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 0.8.1
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: semantic_range
141
155
  requirement: !ruby/object:Gem::Requirement
@@ -215,6 +229,7 @@ files:
215
229
  - lib/dependency_spy/formatters/json.rb
216
230
  - lib/dependency_spy/formatters/text.rb
217
231
  - lib/dependency_spy/formatters/yaml.rb
232
+ - lib/dependency_spy/helper/helper.rb
218
233
  - lib/dependency_spy/outputs/file.rb
219
234
  - lib/dependency_spy/outputs/stdout.rb
220
235
  - lib/dependency_spy/semver.rb