RubyGems - hrw - Versions diffs - 0.2.3 → 0.3.0 - Mend

hrw 0.2.3 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 81e42c96aba4df5cd502c91d7a3a25915370f2ae1e8061859f7bd9cc7f53a37c
-  data.tar.gz: 2fd961abdc269078ad76e14cc1ef9eb4394ba326a234c456973461822c340ea3
+  metadata.gz: 8cabda6b327c8534533ce19127ad8ef171b1aa98daafb12d1123285e4c100eef
+  data.tar.gz: 3727dab2676b9412906cfe9606dbd8bb4f77e1ef63d56e2e3ec2b30108927d03
 SHA512:
-  metadata.gz: 2ecb22650fffc06c764530b76aa303adf22e9c2538b0639fc0b6a13bfa641a329efcf3bcd491d4fe8b04ce7b0ab24e612376c10a73818a115474bf9c7447246d
-  data.tar.gz: df63bdc4146b2905a14c722e809ac3542084640ee3d8716a2fed2d3ef4991aac02f77fc7c52aa0a20ee1067bb71ef2cf4cd30ba5602e604fd1b452aa529302dd
+  metadata.gz: 363c6d96c9ea9822f7dd05dd9f577c4e800418150cee5338889080ff9336aa7973fc12856c5967b379855804adceb90377cd644b8ff42676bcfa556d94b36e9b
+  data.tar.gz: f12bc6139b20c57cd485e13bb3298407c881c6162aaaddc2f7e95b3ad206487518f7047a49bd5e21d2203e5d1c62468c1b449468a55afc65b69f67b776f6bf91

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hrw (0.2.3)
+    hrw (0.3.0)
       http (~> 4.1, >= 4.1.1)
       rainbow (~> 3.0)

data/exe/hrw CHANGED Viewed

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
 require 'ostruct'
 require 'optparse'
 require 'hrw'
 ARGV << '--help' if ARGV.empty?
@@ -31,9 +32,8 @@ hash = api.submit(specs, scanner.package_manager)
 result = api.retrieve(hash)
 formatter = Hrw::Formatter.new
-vulnerable_deps = formatter.format(result)
-unless vulnerable_deps.empty?
-  formatter.print_vulnerable_deps(vulnerable_deps)
+if formatter.pretty_print(result)
   exit(1)
+else
+  exit(0)
 end

data/lib/hrw/formatter.rb CHANGED Viewed

@@ -14,15 +14,22 @@ module Hrw
   # Format result and pretty print it
   #
   class Formatter
-    # Format result
+    # Class constructor
+    #
+    def initialize
+      @count = 0
+    end
+    # Filter result
     #
     # @param [Hash] result scan result
-    # @return [Boolean] vulnerable or not
-    def format(result)
+    # @return [Array] vulnerable or not
+    def filter(result)
       deps = []
       result['ancestry']['layers'].each do |layer|
         layer['detected_features'].each do |feature|
+          @count += 1
           deps << feature if feature.key?('vulnerabilities')
         end
       end
@@ -32,20 +39,83 @@ module Hrw
     # Pretty print result
     #
-    def print_vulnerable_deps(deps)
+    # @param [Hash] result scan result
+    # @return [Boolean] true if has vulnerability
+    def pretty_print(result)
+      high = medium = low = unknown = 0
+      puts
+      puts("scanning #{Dir.pwd} ...".foreground(:aliceblue))
+      puts
+      deps = filter(result)
       deps.each do |dep|
         dep['vulnerabilities'].each do |vuln|
           patched_version = JSON.parse(vuln['fixed_by'])
-          puts "Name: #{dep['name']}"
-          puts "Version: #{dep['version']}"
-          puts "Advisory: #{vuln['name']}"
-          puts "Severity: #{vuln['severity']}"
-          puts "Link: #{vuln['link']}"
-          puts "Patched: #{patched_version['spec'].join(', ')}"
+          case vuln['severity']
+          when 'Defcon1', 'Critical', 'High'
+            color = :red
+            high += 1
+          when 'Medium'
+            color = :yellow
+            medium += 1
+          when 'Unknown'
+            color = :magenta
+            unknown += 1
+          else
+            color = :aliceblue
+            low += 1
+          end
+          pkg = "#{dep['name']}@#{dep['version']}"
+          puts "✗ #{vuln['severity']} severity vulnerability found in #{pkg.underline.bright}".foreground(color)
+          puts 'Name:'
+          puts "  #{vuln['name']}"
+          puts
+          puts 'Description:'
+          puts vuln['description'].gsub(/^/, '  ')
+          puts
+          puts 'Severity:'
+          puts "  #{vuln['severity']}"
+          puts
+          puts 'Link:'
+          puts "  #{vuln['link']}"
+          puts
+          puts 'Patched version:'
+          puts "  #{patched_version['spec'].join(', ')}"
+          puts
           puts
         end
       end
+      puts "Tested #{@count} dependencies for known vulnerabilities".foreground(:aliceblue)
+      puts
+      if deps.empty?
+        puts '✓ no vulnerabilities found.'.foreground(:green)
+        puts
+        false
+      else
+        puts "✗ found #{high + medium + low + unknown} vulnerabilities:".foreground(:red)
+        puts
+        color = high > 0 ? :red : :aliceblue
+        puts "  high: #{high}".foreground(color)
+        color = medium > 0 ? :yellow : :aliceblue
+        puts "  medium: #{medium}".foreground(color)
+        puts "  low: #{low}".foreground(:aliceblue)
+        color = unknown > 0 ? :magenta : :aliceblue
+        puts "  unknown: #{unknown}".foreground(color)
+        puts
+        true
+      end
     end
   end
 end

data/lib/hrw/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Hrw
-  VERSION = '0.2.3'.freeze
+  VERSION = '0.3.0'.freeze
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hrw
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.3.0
 platform: ruby
 authors:
 - hi_ztz