moose-inventory 1.0.7 → 1.0.9

data/lib/moose_inventory/cli/host_rmgroup.rb

@@ -20,7 +20,7 @@ module Moose
             abort('ERROR: Wrong number of arguments, '\
                   "#{args.length} for 2 or more.")
           end
-          
+
           # Convenience
           db = Moose::Inventory::DB
           fmt = Moose::Inventory::Cli::Formatter
@@ -34,10 +34,10 @@ module Moose
             abort 'ERROR: Cannot manually manipulate the automatic '\
               'group \'ungrouped\'.'
           end
-          
+
           # Transaction
           db.transaction do # Transaction start
-            puts "Dissociate host '#{name}' from groups '#{groups.join(',')}':" 
+            puts "Dissociate host '#{name}' from groups '#{groups.join(',')}':"
             fmt.puts 2, "- Retrieve host '#{name}'..."
             host = db.models[:host].find(name: name)
             if host.nil?
@@ -54,7 +54,7 @@ module Moose
               # Check against existing associations
               if groups_ds[name: g].nil?
                 fmt.warn "Association {host:#{name} <-> group:#{g}} doesn't exist, skipping.\n"
-                fmt.puts 4,  "- Doesn't exist, skipping."
+                fmt.puts 4, "- Doesn't exist, skipping."
               else
                 group = db.models[:group].find(name: g)
                 host.remove_group(group) unless group.nil?
@@ -66,7 +66,7 @@ module Moose
             if host.groups_dataset.count == 0
               fmt.puts 2, '- Add automatic association '\
                 "{host:#{name} <-> group:ungrouped}..."
-              ungrouped  = db.models[:group].find_or_create(name: 'ungrouped')
+              ungrouped = db.models[:group].find_or_create(name: 'ungrouped')
               host.add_group(ungrouped) unless ungrouped.nil?
               fmt.puts 4, '- OK'
             end

data/lib/moose_inventory/cli/host_rmvar.rb

@@ -13,7 +13,7 @@ module Moose
         #==========================
         desc 'rmvar', 'Remove a variable from the host'
         # rubocop:disable Metrics/LineLength
-        def rmvar(*args) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize
+        def rmvar(*args) # rubocop:disable Metrics/AbcSize
           # rubocop:enableMetrics/LineLength
           if args.length < 2
             abort('ERROR: Wrong number of arguments, ' \
@@ -30,8 +30,8 @@ module Moose
 
           # Transaction
           db.transaction do # Transaction start
-            puts "Remove variable(s) '#{vars.join(",")}' from host '#{name}':"
-            
+            puts "Remove variable(s) '#{vars.join(',')}' from host '#{name}':"
+
             fmt.puts 2, "- retrieve host '#{name}'..."
             host = db.models[:host].find(name: name)
             if host.nil?

data/lib/moose_inventory/config/config.rb

@@ -41,19 +41,19 @@ module Moose
         #                   Default is to search standard locations.
         #
         # --env ENV      => sets the section to be used as the configuration.
-        #                   Defaults to "", which forces the use of the 
-        #                   defaultenv parameter from the general section of 
-        #                   the config file. 
+        #                   Defaults to "", which forces the use of the
+        #                   defaultenv parameter from the general section of
+        #                   the config file.
         #
         # --format FORMAT=> See formatter for supported types.
         #                   Defaults to json.
         #
         # -- trace       => Enable more complete exceptions for db transactions
-        #                   Default is not to trace. 
+        #                   Default is not to trace.
 
         @_confopts = { env: '', format: 'json', ansible: false, trace: false }
 
-        # Check for two-part flags   
+        # Check for two-part flags
         %w(config env format).each do |var|
           @_argv.each_with_index do |val, index|
             next if val != "--#{var}"
@@ -62,7 +62,7 @@ module Moose
             break
           end
         end
-        
+
         # Check for one-part flags
         %w(ansible trace).each do |var|
           @_argv.each_with_index do |val, index|
@@ -72,59 +72,58 @@ module Moose
             break
           end
         end
-        
+
         # Sanity
-        # - Ansible output format must be json - pjson is permitted, but yaml is not. 
+        # - Ansible output format must be json - pjson is permitted, but yaml is not.
         if @_confopts[:ansible] == true
-          unless @_confopts[:format] =~ /p|pjson|j|json/ 
+          unless @_confopts[:format] =~ /p|pjson|j|json/
             @_confopts[:format] = 'json'
-          end 
+          end
         end
-        
       end
 
       #----------------------
       def self.top_level_help
         if @_argv[0] == 'help'
-          puts "Global flags:"
-          printf "  %-31s %-10s", "--ansible", "# Force Ansible mode (automatically set when using ansible flags)\n"
-          printf "  %-31s %-10s", "--config FILE", "# Specifies a configuration file to use\n"
-          printf "  %-31s %-10s", "--env ENV", "# Specifies the environment section of the config to use\n"
-          printf "  %-31s %-10s", "--format yaml|json|pjson", "# Format for the output of 'get', 'list', and 'listvars' subcommands\n"
-          printf "  %-31s %-10s", "--trace", "# Enable more complete exception dumps for database transactions\n"
+          puts 'Global flags:'
+          printf '  %-31s %-10s', '--ansible', "# Force Ansible mode (automatically set when using ansible flags)\n"
+          printf '  %-31s %-10s', '--config FILE', "# Specifies a configuration file to use\n"
+          printf '  %-31s %-10s', '--env ENV', "# Specifies the environment section of the config to use\n"
+          printf '  %-31s %-10s', '--format yaml|json|pjson', "# Format for the output of 'get', 'list', and 'listvars' subcommands\n"
+          printf '  %-31s %-10s', '--trace', "# Enable more complete exception dumps for database transactions\n"
           puts "\nAnsible flags:"
-          printf "  %-31s %-10s", "--host HOSTNAME", "# Retrieves host variables for the specified host (alias for 'host listvars HOSTNAME')\n"
-          printf "  %-31s %-10s", "--list", "# Retrieves the list of groups (alias for 'group list')\n\n"
+          printf '  %-31s %-10s', '--host HOSTNAME', "# Retrieves host variables for the specified host (alias for 'host listvars HOSTNAME')\n"
+          printf '  %-31s %-10s', '--list', "# Retrieves the list of groups (alias for 'group list')\n\n"
         end
       end
-      
+
       #----------------------
-      def self.ansible_args  # rubocop:disable Metrics/AbcSize
+      def self.ansible_args
         #
         # See http://docs.ansible.com/developing_inventory.html for Ansible specs
         # for dynamic inventory sources
-        
+
         # --list            => group list
         # --host HOSTNAME  => host getvars HOSTNAME
 
         case @_argv[0]
-          when '--list' 
-            @_confopts[:ansible] = true
-            @_confopts[:format] = 'json' unless @_confopts[:format] =~ /p|pjson|j|json/ 
-            @_argv.clear
-            @_argv.concat(['group', 'list']).flatten
-          when '--host'
-            @_confopts[:ansible] = true
-            @_confopts[:format] = 'json' unless @_confopts[:format] =~ /p|pjson|j|json/ 
-            host = @_argv[1]
-            @_argv.clear
-            @_argv.concat(['host', 'listvars', "#{host}"]).flatten
-        end 
+        when '--list'
+          @_confopts[:ansible] = true
+          @_confopts[:format] = 'json' unless @_confopts[:format] =~ /p|pjson|j|json/
+          @_argv.clear
+          @_argv.concat(%w(group list)).flatten
+        when '--host'
+          @_confopts[:ansible] = true
+          @_confopts[:format] = 'json' unless @_confopts[:format] =~ /p|pjson|j|json/
+          host = @_argv[1]
+          @_argv.clear
+          @_argv.concat(['host', 'listvars', host.to_s]).flatten
+        end
       end
 
       #----------------------
-      def self.resolve_config_file # rubocop:disable Metrics/AbcSize
-        if ! @_confopts[:config].nil?
+      def self.resolve_config_file
+        if !@_confopts[:config].nil?
           path = File.expand_path(@_confopts[:config])
           if File.exist?(path)
             @_confopts[:config] = path
@@ -135,8 +134,7 @@ module Moose
           possibles = ['./.moose-tools/inventory/config',
                        '~/.moose-tools/inventory/config',
                        '~/local/etc/moose-tools/inventory/config',
-                       '/etc/moose-tools/inventory/config'
-                      ]
+                       '/etc/moose-tools/inventory/config']
           possibles.each do |f|
             file = File.expand_path(f)
             @_confopts[:config] = file if File.exist?(file)
@@ -170,7 +168,12 @@ module Moose
       # rubocop:disable PerceivedComplexity
       # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize
       def self.load
-        newsets = symbolize_keys(YAML.load_file(@_confopts[:config]))
+        newsets = symbolize_keys(YAML.safe_load_file(
+          @_confopts[:config],
+          aliases: false,
+          permitted_classes: [],
+          permitted_symbols: []
+        ))
 
         path = @_confopts[:config]
 
@@ -184,7 +187,7 @@ module Moose
           env = @_confopts[:env]
           @_settings[:config] = newsets[@_confopts[:env].to_sym]
         else
-          env  = @_settings[:general][:defaultenv]
+          env = @_settings[:general][:defaultenv]
           (env.nil? || env.empty?) && fail("No defaultenv set in #{path}")
           @_settings[:config] = newsets[env.to_sym]
         end

data/lib/moose_inventory/db/db.rb

@@ -22,6 +22,8 @@ module Moose
 
       #----------------------
       def self.init
+        init_exceptions
+
         # If we allow init more than once, then the db connection is remade,
         # which changes Sequel:DATABASES[0], thereby invalidating the sequel
         # models.  This causes unexpected behavour. That is to say, because
@@ -31,8 +33,8 @@ module Moose
         # So, we allow init only once, gated by whether @db is nil. In effect,
         # this means we pool the DB connection for the life of the application.
         # Again, not a problem for our one-shot app, but it may be an issue in
-        # long-running code. Personally, I don't like this pooling regime - 
-        # perhaps I'm not understanding how it's supposed to be used? 
+        # long-running code. Personally, I don't like this pooling regime -
+        # perhaps I'm not understanding how it's supposed to be used?
         #
         # QUESTION: can the models be refreshed, to make then again valid? What if
         #       we "load" instead of "require" the models?
@@ -57,55 +59,58 @@ module Moose
         @models[:group]    = Moose::Inventory::DB::Group
         @models[:groupvar] = Moose::Inventory::DB::Groupvar
 
-        @exceptions = {}
-        @exceptions[:moose] = Moose::Inventory::DB::MooseDBException
+      end
 
+      #--------------------
+      def self.init_exceptions
+        @exceptions ||= {}
+        @exceptions[:moose] ||= Moose::Inventory::DB::MooseDBException
       end
 
       #--------------------
       def self.transaction
         fail('Database connection has not been established') if @db.nil?
-        
+
         tries = 0
-        
+
         begin
           @db.transaction(savepoint: true) do
             yield
           end
 
         rescue Sequel::DatabaseError => e
-        # We want to rescue Sqlite3::BusyException.  But, sequel catches that
-        # and re-raises it as Sequel::DatabaseError, with a message referencing
-        # the original exception class  
-         
-        # We look into e, to see whether it is a BusyException.  If not, 
-        # we re-raise immediately.  
-        raise unless e.message.include?("BusyException")  
-
-        # Looks like a BusyException, so we retry, after a random delay.           
-        tries += 1
-        case tries
-        when 1..10
-          if Moose::Inventory::Config._confopts[:trace] == true
-            STDERR.puts e.message
+          # We want to rescue Sqlite3::BusyException.  But, sequel catches that
+          # and re-raises it as Sequel::DatabaseError, with a message referencing
+          # the original exception class
+
+          # We look into e, to see whether it is a BusyException.  If not,
+          # we re-raise immediately.
+          raise unless e.message.include?('BusyException')
+
+          # Looks like a BusyException, so we retry, after a random delay.
+          tries += 1
+          case tries
+          when 1..10
+            if Moose::Inventory::Config._confopts[:trace] == true
+              STDERR.puts e.message
+            end
+            sleep rand
+            retry
+          else
+            warn('The database appears to be locked by another process, and '\
+                 " did not become free after #{tries} tries. Giving up. ")
+
+            # TODO: Some useful advice to the user, as to what to do about this error.
+            raise
           end
-          sleep rand()
-          retry
-        else
-          warn('The database appears to be locked by another process, and '\
-               " did not become free after #{tries} tries. Giving up. ")
 
-          # TODO: Some useful advice to the user, as to what to do about this error. 
-          raise  
-        end
-            
         rescue @exceptions[:moose] => e
           warn 'An error occurred during a transaction, any changes have been rolled back.'
 
           if Moose::Inventory::Config._confopts[:trace] == true
-            STDERR.puts $!.backtrace    
+            STDERR.puts $ERROR_INFO.backtrace
             abort("ERROR: #{e}")
-          else      
+          else
             abort("ERROR: #{e.message}")
           end
 
@@ -158,7 +163,7 @@ module Moose
 
         else
           @db.drop_table(:hosts, :hostvars,
-                         :groups,  :groupvars, :group_hosts,
+                         :groups, :groupvars, :group_hosts,
                          if_exists: true, cascade: true)
         end
       end
@@ -195,7 +200,7 @@ module Moose
             foreign_key :child_id,  :groups
           end
         end
-        
+
         unless @db.table_exists? :groupvars
           @db.create_table(:groupvars) do
             primary_key :id
@@ -225,28 +230,29 @@ module Moose
         when 'sqlite3'
           init_sqlite3
 
-        when 'msqsql'
+        when 'mysql'
           init_mysql
 
         when 'postgresql'
           init_postgresql
 
         else
-          fail @exceptions[:moose ], 
-            "database adapter #{adapter} is not yet supported."
+          fail @exceptions[:moose],
+               "database adapter #{adapter} is not yet supported."
         end
       end
 
       #--------------------
       def self.init_sqlite3 # rubocop:disable Metrics/AbcSize
         require 'sqlite3'
+        require 'fileutils'
 
         # Quick check that expected keys are at least present & sensible
         config = Moose::Inventory::Config._settings[:config][:db]
         [:file].each do |key|
           if config[key].nil?
-            fail @exceptions[:moose ], 
-              "Expected key #{key} missing in sqlite3 configuration"
+            fail @exceptions[:moose],
+                 "Expected key #{key} missing in sqlite3 configuration"
           end
         end
         config[:file].empty? && fail("SQLite3 DB 'file' cannot be empty")
@@ -254,7 +260,7 @@ module Moose
         # Make sure the directory exists
         dbfile = File.expand_path(config[:file])
         dbdir = File.dirname(dbfile)
-        Dir.mkdir(dbdir) unless Dir.exist?(dbdir)
+        FileUtils.mkdir_p(dbdir) unless Dir.exist?(dbdir)
 
         # Create and/or open the database file
         @db = Sequel.sqlite(dbfile)
@@ -262,26 +268,40 @@ module Moose
 
       #--------------------
       def self.init_mysql
-        require 'mysql'
+        require 'mysql2'
 
-        # TODO: native MySQL driver vs the pure ruby one?
-        #       Sequel requires the native on.
-        # gem('mysql')
+        # Quick check that expected keys are at least present
+        config = Moose::Inventory::Config._settings[:config][:db]
+        [:host, :database, :user, :password].each do |key|
+          if config[key].nil?
+            fail @exceptions[:moose],
+                 "Expected key #{key} missing in mysql configuration"
+          end
+        end
+
+        @db = Sequel.mysql2(user: config[:user],
+                            password: config[:password],
+                            host: config[:host],
+                            database: config[:database])
+      end
+
+      #--------------------
+      def self.init_postgresql
+        require 'pg'
 
         # Quick check that expected keys are at least present
         config = Moose::Inventory::Config._settings[:config][:db]
         [:host, :database, :user, :password].each do |key|
           if config[key].nil?
-            fail @exceptions[:moose ],
-              "Expected key #{key} missing in mysql configuration"
+            fail @exceptions[:moose],
+                 "Expected key #{key} missing in postgresql configuration"
           end
         end
 
-        @db = Sequel.mysql(user: config[:user],
-                           password: config[:password],
-                           host: config[:host],
-                           database: config[:database]
-                          )
+        @db = Sequel.postgres(user: config[:user],
+                              password: config[:password],
+                              host: config[:host],
+                              database: config[:database])
       end
     end
   end

data/lib/moose_inventory/db/models.rb

@@ -11,20 +11,19 @@ module Moose
       ##
       # Model for the groups table
       class Group < Sequel::Model
-        
-        many_to_many :parents,  
-                     :left_key=>:parent_id, 
-                     :right_key=>:child_id, 
-                     :class=>self
-        
-        many_to_many :children, 
-                     :left_key=>:child_id, 
-                     :right_key=>:parent_id, 
-                     :class=>self        
+        many_to_many :parents,
+                     left_key: :parent_id,
+                     right_key: :child_id,
+                     class: self
 
-        many_to_many :hosts 
+        many_to_many :children,
+                     left_key: :child_id,
+                     right_key: :parent_id,
+                     class: self
+
+        many_to_many :hosts
         one_to_many  :groupvars
-      end   
+      end
 
       ##
       # Model for the hostvars table

data/lib/moose_inventory/version.rb

@@ -2,6 +2,6 @@ module Moose
   ##
   # The Moose-Tools dynamic inventory management library
   module Inventory
-    VERSION = '1.0.7'
+    VERSION = '1.0.9'.freeze
   end
 end

data/moose-inventory.gemspec

@@ -16,30 +16,45 @@ Gem::Specification.new do |spec|
   # rubocop:enable Metrics/LineLength
   spec.homepage      = 'https://github.com/RusDavies/moose-inventory'
   spec.license       = 'MIT'
+  spec.required_ruby_version = '>= 3.2'
 
   spec.files         = `git ls-files -z`.split("\x0")
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_runtime_dependency 'indentation', '~> 0.1'
-  spec.add_runtime_dependency 'json',        '~>1.8'
-  spec.add_runtime_dependency 'mysql',       '~>2.9'
-  # spec.add_runtime_dependency 'mysql2',    '~>0.3'
-  spec.add_runtime_dependency 'pg',        '~>0.17'
-  spec.add_runtime_dependency 'sequel',    '~>4.22'
-  spec.add_runtime_dependency 'sqlite3',   '~>1.3'
-  spec.add_runtime_dependency 'thor',      '~>0.19'
-  # spec.add_runtime_dependency   'yaml',      '~>1.0'
-
-  spec.add_development_dependency 'bundler',      '~> 1.10'
-  spec.add_development_dependency 'coveralls',    '~> 0.8'
-  spec.add_development_dependency 'hitimes',      '~> 1.2'
-  spec.add_development_dependency 'guard',        '~> 2.12'
-  spec.add_development_dependency 'guard-rspec',  '~> 4.5'
-  spec.add_development_dependency 'guard-rubocop',  '~> 1.2'
-  spec.add_development_dependency 'rake',         '~> 10.1'
-  spec.add_development_dependency 'rspec',        '~>3.2'
-  spec.add_development_dependency 'rubocop',      '>= 0.19'
-  spec.add_development_dependency 'simplecov',    '~> 0.10'
+#  spec.add_runtime_dependency 'indentation', '~> 0.1'
+#  spec.add_runtime_dependency 'json',        '~>1.8'
+#  #spec.add_runtime_dependency 'mysql',       '~>2.9' # This causes lots of problems.  Need to migrate to the newer mysql2.
+#  #spec.add_runtime_dependency 'mysql2',    '~>0.3'
+#  spec.add_runtime_dependency 'mysql2'
+#  spec.add_runtime_dependency 'pg',        '~>0.17'
+#  spec.add_runtime_dependency 'sequel',    '~>4.22'
+#  spec.add_runtime_dependency 'sqlite3',   '~>1.3'
+#  spec.add_runtime_dependency 'thor',      '~>0.19'
+#  # spec.add_runtime_dependency   'yaml',      '~>1.0'
+
+#  spec.add_development_dependency 'bundler',      '~> 1.7'
+#  spec.add_development_dependency 'coveralls',    '~> 0.8'
+#  spec.add_development_dependency 'guard',        '~> 2.12'
+#  spec.add_development_dependency 'guard-rspec',  '~> 4.5'
+#  spec.add_development_dependency 'guard-rubocop', '~> 1.2'
+#  spec.add_development_dependency 'rake',         '~> 10.1'
+#  spec.add_development_dependency 'rspec',        '~>3.2'
+#  spec.add_development_dependency 'rubocop',      '>= 0.19'
+#  spec.add_development_dependency 'simplecov',    '~> 0.10'
+
+  spec.add_runtime_dependency 'indentation', '~> 0'
+  spec.add_runtime_dependency 'json', '>= 2.7', '< 3'
+  spec.add_runtime_dependency 'mysql2', '>= 0.5.7', '< 0.6'
+  spec.add_runtime_dependency 'pg', '>= 1.5', '< 2'
+  spec.add_runtime_dependency 'sequel', '>= 5.80', '< 6'
+  spec.add_runtime_dependency 'sqlite3', '>= 1.7', '< 3'
+  spec.add_runtime_dependency 'thor', '>= 1.3', '< 2'
+
+  spec.add_development_dependency 'bundler', '>= 2.2.33', '< 3'
+  spec.add_development_dependency 'rake', '>= 13.0', '< 14'
+  spec.add_development_dependency 'rspec', '~> 3'
+  spec.add_development_dependency 'simplecov', '~> 0'
+
 end

data/scripts/check.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -euo pipefail
+
+bundle exec rspec --format progress
+git diff --check
+scripts/ci/check_permissions.sh
+scripts/ci/check_security.sh
+scripts/ci/package_sanity.sh

data/scripts/ci/check_permissions.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+set -euo pipefail
+
+allowed_executables=(
+  "bin/moose-inventory"
+  "scripts/check.sh"
+  "scripts/ci/check_permissions.sh"
+  "scripts/ci/check_security.sh"
+  "scripts/ci/package_sanity.sh"
+  "scripts/files.rb"
+  "scripts/install_dependencies.sh"
+  "scripts/reports.sh"
+  "scripts/work-through.sh"
+)
+
+allowed_file="$(mktemp)"
+actual_file="$(mktemp)"
+trap 'rm -f "$allowed_file" "$actual_file"' EXIT
+
+printf '%s\n' "${allowed_executables[@]}" | sort > "$allowed_file"
+
+git ls-files -z | while IFS= read -r -d '' path; do
+  if [[ -x "$path" ]]; then
+    printf '%s\n' "$path"
+  fi
+done | sort > "$actual_file"
+
+if ! diff -u "$allowed_file" "$actual_file"; then
+  echo "Unexpected executable file permissions detected." >&2
+  echo "Update scripts/ci/check_permissions.sh only when a new executable entrypoint is intentional." >&2
+  exit 1
+fi

data/scripts/ci/check_security.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+set -euo pipefail
+
+python3 - <<'PY'
+import json
+import sys
+import urllib.error
+import urllib.request
+
+specs = []
+for line in open('Gemfile.lock', encoding='utf-8'):
+    item = line.strip()
+    if not item or ' (' not in item:
+        continue
+    if item.startswith('moose-inventory'):
+        continue
+    name = item.split(' (', 1)[0]
+    version = item.split(' (', 1)[1].split(')', 1)[0].split('-', 1)[0]
+    if name and name[0].isalpha():
+        specs.append((name, version))
+
+queries = [
+    {'package': {'name': name, 'ecosystem': 'RubyGems'}, 'version': version}
+    for name, version in specs
+]
+
+request = urllib.request.Request(
+    'https://api.osv.dev/v1/querybatch',
+    data=json.dumps({'queries': queries}).encode('utf-8'),
+    headers={'Content-Type': 'application/json'},
+)
+
+try:
+    with urllib.request.urlopen(request, timeout=30) as response:
+        data = json.load(response)
+except (urllib.error.URLError, TimeoutError) as exc:
+    print(f'OSV dependency check failed: {exc}', file=sys.stderr)
+    sys.exit(2)
+
+findings = []
+for (name, version), result in zip(specs, data.get('results', [])):
+    for vuln in result.get('vulns') or []:
+        findings.append((name, version, vuln.get('id', 'unknown'), vuln.get('summary') or ''))
+
+print(f'OSV dependency check: queried={len(specs)} vulnerable={len(findings)}')
+if findings:
+    for name, version, vuln_id, summary in findings:
+        print(f'- {name} {version}: {vuln_id} {summary}', file=sys.stderr)
+    sys.exit(1)
+PY