dependency_spy 0.2.2 → 0.3.0

This diff has not been reviewed by any users.
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4fd249e65300f9e7f1e49970446831638f66d54e
4
- data.tar.gz: f2f0ebc11c4b96b704d27e13c94a05f0497bd5ac
3
+ metadata.gz: 0bd2e870a6e0baec4974d3d1eb6603c73b2d40cd
4
+ data.tar.gz: c07f0e46d2954d97a1787cc06355a97a465a2c64
5
5
  SHA512:
6
- metadata.gz: ef6365eaa9e9155dce4cd67b61bc9227f2231e39a9a1a7b2c77c38780243bdabd93d9cc84e2621a67dec3cd8b16d83539734e16200781480c6e99c7ef761f91f
7
- data.tar.gz: 21277d4f3760c7abe502695be22e3ac7ee7a42b90079c1bab8daf67568a43966bdec6648646c3560fda2397d1b8962b51206ef2f7b69e9ac148ad416ae9bbd8b
6
+ metadata.gz: b8b3607be32c792bc9457a5c67fb539cbbacdfbffd09283c0aacff793c484be82f546ab88d5c6ef4bf23989b2eb47a86e85829e21abf169b6d70ffeedfececda
7
+ data.tar.gz: f9fe9f2185c0dc51514632c4a6b9cd1c2449dd517f369cfc77d5541e00bb2b4fa67f7e464f8db852ed0c984eea49a5283072fdd2ea33e193ba5cbc185854ae42
@@ -1,8 +1,9 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- dependency_spy (0.2.2)
4
+ dependency_spy (0.3.0)
5
5
  bibliothecary (~> 6.3)
6
+ colorize (~> 0.8.1)
6
7
  semantic_range (~> 2.1)
7
8
  thor (~> 0.20)
8
9
  yavdb (~> 0.4)
@@ -23,6 +24,7 @@ GEM
23
24
  citrus (3.0.2)
24
25
  codacy-coverage (2.1.0)
25
26
  simplecov
27
+ colorize (0.8.1)
26
28
  commander (4.4.7)
27
29
  highline (~> 2.0.0)
28
30
  deb_control (0.0.1)
@@ -36,6 +36,7 @@ Gem::Specification.new do |spec|
36
36
 
37
37
  # Runtime
38
38
  spec.add_runtime_dependency 'bibliothecary', ['~> 6.3']
39
+ spec.add_runtime_dependency 'colorize', ['~> 0.8.1']
39
40
  spec.add_runtime_dependency 'semantic_range', ['~> 2.1']
40
41
  spec.add_runtime_dependency 'thor', ['~> 0.20']
41
42
  spec.add_runtime_dependency 'yavdb', ['~> 0.4']
@@ -23,6 +23,7 @@ require_relative 'formatters/json'
23
23
  require_relative 'formatters/yaml'
24
24
  require_relative 'outputs/stdout'
25
25
  require_relative 'outputs/file'
26
+ require_relative 'helper/helper'
26
27
 
27
28
  module DependencySpy
28
29
  class CLI < Thor
@@ -46,14 +47,18 @@ module DependencySpy
46
47
  method_option('output-path', :aliases => :o, :type => :string)
47
48
  method_option('database-path', :type => :string, :aliases => :p, :default => YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH)
48
49
  method_option('offline', :type => :boolean, :default => false)
49
-
50
+ method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES, :default => 'low')
51
+ method_option('with-color', :type => :boolean, :default => true)
50
52
  def check
51
53
  manifests = API.check(options['path'], options['files'], options['platform'], options['database-path'], options['offline'])
52
54
 
53
- formatted_output =
54
- FORMATTERS
55
- .find { |f| f.name.split('::').last.downcase == options['formatter'] }
56
- .format(manifests)
55
+ formatted_output = if (options['formatter'] == 'text') && !options['output-path'] && options['with-color']
56
+ DependencySpy::Formatters::Text.format(manifests, options['severity-threshold'])
57
+ else
58
+ FORMATTERS
59
+ .find { |f| f.name.split('::').last.downcase == options['formatter'] }
60
+ .format(manifests)
61
+ end
57
62
 
58
63
  if options['output-path']
59
64
  DependencySpy::Outputs::FileSystem.write(options['output-path'], formatted_output)
@@ -62,7 +67,13 @@ module DependencySpy
62
67
  end
63
68
 
64
69
  has_vulnerabilities =
65
- manifests.any? { |manifest| manifest[:dependencies]&.any? { |dependency| dependency[:vulnerabilities]&.any? } }
70
+ manifests.any? do |manifest|
71
+ manifest[:dependencies]&.any? do |dependency|
72
+ dependency[:vulnerabilities]&.any? do |vuln|
73
+ DependencySpy::Helper.severity_above_threshold?(vuln.severity, options['severity-threshold'])
74
+ end
75
+ end
76
+ end
66
77
 
67
78
  exit(1) if has_vulnerabilities
68
79
  end
@@ -13,12 +13,14 @@
13
13
  #
14
14
  # You should have received a copy of the GNU Affero General Public License
15
15
  # along with this program. If not, see <http://www.gnu.org/licenses/>.
16
+ require 'colorize'
17
+ require_relative '../helper/helper'
16
18
 
17
19
  module DependencySpy
18
20
  class Formatters
19
21
  class Text
20
22
 
21
- def self.format(manifests)
23
+ def self.format(manifests, severity_threshold = nil)
22
24
  manifests_text = manifests.map do |manifest|
23
25
  manifest_header = "#{manifest.platform}: #{manifest.kind} ~> #{manifest.path} "
24
26
  manifest_body = manifest.dependencies.map do |package|
@@ -29,8 +31,11 @@ module DependencySpy
29
31
  first = " Title: #{vuln.title}\n"
30
32
  second = " Severity: #{(vuln.severity || 'unknown').capitalize}\n"
31
33
  third = " Source: #{vuln.source_url}\n\n"
32
-
33
- "#{first}#{second}#{third}"
34
+ if severity_threshold && DependencySpy::Helper.severity_above_threshold?(vuln.severity, severity_threshold)
35
+ "#{first}#{second}#{third}".red
36
+ else
37
+ "#{first}#{second}#{third}"
38
+ end
34
39
  end
35
40
 
36
41
  "#{package_header}\n#{package_body.join("\n")}"
@@ -0,0 +1,13 @@
1
+ module DependencySpy
2
+ class Helper
3
+
4
+ def self.severity_above_threshold?(severity = 'unknown', severity_threshold)
5
+ return true if severity_threshold == 'low' || severity == 'unknown'
6
+ return ['medium', 'high'].include? severity if severity_threshold == 'medium'
7
+ return severity == 'high' if severity_threshold == 'high'
8
+
9
+ false
10
+ end
11
+
12
+ end
13
+ end
@@ -16,6 +16,6 @@
16
16
 
17
17
  module DependencySpy
18
18
 
19
- VERSION = '0.2.2'
19
+ VERSION = '0.3.0'
20
20
 
21
21
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependency_spy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rodrigo Fernandes
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: '6.3'
139
+ - !ruby/object:Gem::Dependency
140
+ name: colorize
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 0.8.1
146
+ type: :runtime
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 0.8.1
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: semantic_range
141
155
  requirement: !ruby/object:Gem::Requirement
@@ -215,6 +229,7 @@ files:
215
229
  - lib/dependency_spy/formatters/json.rb
216
230
  - lib/dependency_spy/formatters/text.rb
217
231
  - lib/dependency_spy/formatters/yaml.rb
232
+ - lib/dependency_spy/helper/helper.rb
218
233
  - lib/dependency_spy/outputs/file.rb
219
234
  - lib/dependency_spy/outputs/stdout.rb
220
235
  - lib/dependency_spy/semver.rb