RubyGems - dependency_spy - Versions diffs - 0.2.2 → 0.3.0 - Mend

dependency_spy 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/Gemfile.lock +3 -1
data/dependency_spy.gemspec +1 -0
data/lib/dependency_spy/cli.rb +17 -6
data/lib/dependency_spy/formatters/text.rb +8 -3
data/lib/dependency_spy/helper/helper.rb +13 -0
data/lib/dependency_spy/version.rb +1 -1
metadata +16 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4fd249e65300f9e7f1e49970446831638f66d54e
-  data.tar.gz: f2f0ebc11c4b96b704d27e13c94a05f0497bd5ac
+  metadata.gz: 0bd2e870a6e0baec4974d3d1eb6603c73b2d40cd
+  data.tar.gz: c07f0e46d2954d97a1787cc06355a97a465a2c64
 SHA512:
-  metadata.gz: ef6365eaa9e9155dce4cd67b61bc9227f2231e39a9a1a7b2c77c38780243bdabd93d9cc84e2621a67dec3cd8b16d83539734e16200781480c6e99c7ef761f91f
-  data.tar.gz: 21277d4f3760c7abe502695be22e3ac7ee7a42b90079c1bab8daf67568a43966bdec6648646c3560fda2397d1b8962b51206ef2f7b69e9ac148ad416ae9bbd8b
+  metadata.gz: b8b3607be32c792bc9457a5c67fb539cbbacdfbffd09283c0aacff793c484be82f546ab88d5c6ef4bf23989b2eb47a86e85829e21abf169b6d70ffeedfececda
+  data.tar.gz: f9fe9f2185c0dc51514632c4a6b9cd1c2449dd517f369cfc77d5541e00bb2b4fa67f7e464f8db852ed0c984eea49a5283072fdd2ea33e193ba5cbc185854ae42

data/Gemfile.lock CHANGED

@@ -1,8 +1,9 @@
 PATH
   remote: .
   specs:
-    dependency_spy (0.2.2)
+    dependency_spy (0.3.0)
       bibliothecary (~> 6.3)
+      colorize (~> 0.8.1)
       semantic_range (~> 2.1)
       thor (~> 0.20)
       yavdb (~> 0.4)
@@ -23,6 +24,7 @@ GEM
     citrus (3.0.2)
     codacy-coverage (2.1.0)
       simplecov
+    colorize (0.8.1)
     commander (4.4.7)
       highline (~> 2.0.0)
     deb_control (0.0.1)

data/dependency_spy.gemspec CHANGED

@@ -36,6 +36,7 @@ Gem::Specification.new do |spec|
   # Runtime
   spec.add_runtime_dependency 'bibliothecary', ['~> 6.3']
+  spec.add_runtime_dependency 'colorize', ['~> 0.8.1']
   spec.add_runtime_dependency 'semantic_range', ['~> 2.1']
   spec.add_runtime_dependency 'thor', ['~> 0.20']
   spec.add_runtime_dependency 'yavdb', ['~> 0.4']

data/lib/dependency_spy/cli.rb CHANGED

@@ -23,6 +23,7 @@ require_relative 'formatters/json'
 require_relative 'formatters/yaml'
 require_relative 'outputs/stdout'
 require_relative 'outputs/file'
+require_relative 'helper/helper'
 module DependencySpy
   class CLI < Thor
@@ -46,14 +47,18 @@ module DependencySpy
     method_option('output-path', :aliases => :o, :type => :string)
     method_option('database-path', :type => :string, :aliases => :p, :default => YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH)
     method_option('offline', :type => :boolean, :default => false)
+    method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES, :default => 'low')
+    method_option('with-color', :type => :boolean, :default => true)
     def check
       manifests = API.check(options['path'], options['files'], options['platform'], options['database-path'], options['offline'])
-      formatted_output =
-        FORMATTERS
-          .find { |f| f.name.split('::').last.downcase == options['formatter'] }
-          .format(manifests)
+      formatted_output = if (options['formatter'] == 'text') && !options['output-path'] && options['with-color']
+                           DependencySpy::Formatters::Text.format(manifests, options['severity-threshold'])
+                         else
+                           FORMATTERS
+                             .find { |f| f.name.split('::').last.downcase == options['formatter'] }
+                             .format(manifests)
+                         end
       if options['output-path']
         DependencySpy::Outputs::FileSystem.write(options['output-path'], formatted_output)
@@ -62,7 +67,13 @@ module DependencySpy
       end
       has_vulnerabilities =
-        manifests.any? { |manifest| manifest[:dependencies]&.any? { |dependency| dependency[:vulnerabilities]&.any? } }
+        manifests.any? do |manifest|
+          manifest[:dependencies]&.any? do |dependency|
+            dependency[:vulnerabilities]&.any? do |vuln|
+              DependencySpy::Helper.severity_above_threshold?(vuln.severity, options['severity-threshold'])
+            end
+          end
+        end
       exit(1) if has_vulnerabilities
     end

data/lib/dependency_spy/formatters/text.rb CHANGED

@@ -13,12 +13,14 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+require 'colorize'
+require_relative '../helper/helper'
 module DependencySpy
   class Formatters
     class Text
-      def self.format(manifests)
+      def self.format(manifests, severity_threshold = nil)
         manifests_text = manifests.map do |manifest|
           manifest_header = "#{manifest.platform}: #{manifest.kind} ~> #{manifest.path} "
           manifest_body = manifest.dependencies.map do |package|
@@ -29,8 +31,11 @@ module DependencySpy
               first = "        Title: #{vuln.title}\n"
               second = "        Severity: #{(vuln.severity || 'unknown').capitalize}\n"
               third = "        Source: #{vuln.source_url}\n\n"
-              "#{first}#{second}#{third}"
+              if severity_threshold && DependencySpy::Helper.severity_above_threshold?(vuln.severity, severity_threshold)
+                "#{first}#{second}#{third}".red
+              else
+                "#{first}#{second}#{third}"
+              end
             end
             "#{package_header}\n#{package_body.join("\n")}"

data/lib/dependency_spy/helper/helper.rb ADDED

@@ -0,0 +1,13 @@
+module DependencySpy
+  class Helper
+    def self.severity_above_threshold?(severity = 'unknown', severity_threshold)
+      return true if severity_threshold == 'low' || severity == 'unknown'
+      return ['medium', 'high'].include? severity if severity_threshold == 'medium'
+      return severity == 'high' if severity_threshold == 'high'
+      false
+    end
+  end
+end

data/lib/dependency_spy/version.rb CHANGED

@@ -16,6 +16,6 @@
 module DependencySpy
-  VERSION = '0.2.2'
+  VERSION = '0.3.0'
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependency_spy
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.3.0
 platform: ruby
 authors:
 - Rodrigo Fernandes
@@ -136,6 +136,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '6.3'
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.1
 - !ruby/object:Gem::Dependency
   name: semantic_range
   requirement: !ruby/object:Gem::Requirement
@@ -215,6 +229,7 @@ files:
 - lib/dependency_spy/formatters/json.rb
 - lib/dependency_spy/formatters/text.rb
 - lib/dependency_spy/formatters/yaml.rb
+- lib/dependency_spy/helper/helper.rb
 - lib/dependency_spy/outputs/file.rb
 - lib/dependency_spy/outputs/stdout.rb
 - lib/dependency_spy/semver.rb