package-audit 0.1.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/package/audit/cli.rb +23 -66
- data/lib/package/audit/command_service.rb +187 -0
- data/lib/package/audit/const/cmd.rb +16 -0
- data/lib/package/audit/const/fields.rb +36 -0
- data/lib/package/audit/const/file.rb +13 -0
- data/lib/package/audit/const/time.rb +11 -0
- data/lib/package/audit/duplicate_package_merger.rb +26 -0
- data/lib/package/audit/enum/environment.rb +0 -2
- data/lib/package/audit/enum/risk_explanation.rb +2 -2
- data/lib/package/audit/enum/vulnerability_type.rb +1 -0
- data/lib/package/audit/formatter/risk.rb +1 -1
- data/lib/package/audit/formatter/version.rb +7 -6
- data/lib/package/audit/formatter/version_date.rb +3 -3
- data/lib/package/audit/formatter/vulnerability.rb +2 -2
- data/lib/package/audit/npm/node_collection.rb +64 -0
- data/lib/package/audit/npm/npm_meta_data.rb +41 -0
- data/lib/package/audit/npm/vulnerability_finder.rb +44 -0
- data/lib/package/audit/npm/yarn_lock_parser.rb +46 -0
- data/lib/package/audit/package.rb +91 -0
- data/lib/package/audit/{dependency_printer.rb → printer.rb} +33 -51
- data/lib/package/audit/risk_calculator.rb +49 -34
- data/lib/package/audit/ruby/bundler_specs.rb +16 -9
- data/lib/package/audit/ruby/gem_collection.rb +26 -26
- data/lib/package/audit/ruby/gem_meta_data.rb +11 -9
- data/lib/package/audit/ruby/vulnerability_finder.rb +23 -12
- data/lib/package/audit/util/summary_printer.rb +28 -21
- data/lib/package/audit/version.rb +1 -1
- data/sig/package/audit/command_service.rbs +29 -0
- data/sig/package/audit/const/cmd.rbs +14 -0
- data/sig/package/audit/const/fields.rbs +13 -0
- data/sig/package/audit/const/file.rbs +13 -0
- data/sig/package/audit/const/time.rbs +11 -0
- data/sig/package/audit/duplicate_package_merger.rbs +11 -0
- data/sig/package/audit/enum/vulnerability_type.rbs +1 -0
- data/sig/package/audit/npm/node_collection.rbs +29 -0
- data/sig/package/audit/npm/npm_meta_data.rbs +19 -0
- data/sig/package/audit/npm/vulnerability_finder.rbs +21 -0
- data/sig/package/audit/npm/yarn_lock_parser.rbs +20 -0
- data/sig/package/audit/{dependency.rbs → package.rbs} +14 -4
- data/sig/package/audit/printer.rbs +24 -0
- data/sig/package/audit/risk_calculator.rbs +6 -6
- data/sig/package/audit/ruby/bundler_specs.rbs +2 -2
- data/sig/package/audit/ruby/gem_collection.rbs +8 -4
- data/sig/package/audit/ruby/gem_meta_data.rbs +7 -8
- data/sig/package/audit/ruby/vulnerability_finder.rbs +10 -1
- data/sig/package/audit/util/summary_printer.rbs +3 -5
- metadata +27 -9
- data/lib/package/audit/const.rb +0 -5
- data/lib/package/audit/dependency.rb +0 -57
- data/sig/const.rbs +0 -5
- data/sig/package/audit/dependency_printer.rbs +0 -24
@@ -1,5 +1,5 @@
|
|
1
|
-
require_relative '../const'
|
2
|
-
require_relative '
|
1
|
+
require_relative '../const/time'
|
2
|
+
require_relative 'bash_color'
|
3
3
|
|
4
4
|
module Package
|
5
5
|
module Audit
|
@@ -8,48 +8,55 @@ module Package
|
|
8
8
|
def self.report
|
9
9
|
printf("\n%<info>s\n%<cmd>s\n\n",
|
10
10
|
info: Util::BashColor.blue('To show how risk is calculated run:'),
|
11
|
-
cmd: Util::BashColor.magenta(' >
|
11
|
+
cmd: Util::BashColor.magenta(' > package-audit risk'))
|
12
12
|
end
|
13
13
|
|
14
14
|
def self.deprecated
|
15
|
-
puts Util::BashColor.blue(
|
16
|
-
puts Util::BashColor.blue("Please contact the
|
15
|
+
puts Util::BashColor.blue('Although the packages above have no recent updates, they may not be deprecated.')
|
16
|
+
puts Util::BashColor.blue("Please contact the package author for more information about its status.\n")
|
17
17
|
end
|
18
18
|
|
19
|
-
def self.
|
20
|
-
printf("
|
21
|
-
info: Util::BashColor.blue(
|
22
|
-
cmd: Util::BashColor.magenta(
|
19
|
+
def self.vulnerable(package_type, cmd)
|
20
|
+
printf("%<info>s\n%<cmd>s\n\n",
|
21
|
+
info: Util::BashColor.blue("To get more information about the #{package_type} vulnerabilities run:"),
|
22
|
+
cmd: Util::BashColor.magenta(" > #{cmd}"))
|
23
23
|
end
|
24
24
|
|
25
|
-
def self.
|
26
|
-
|
27
|
-
info: Util::BashColor.blue('To get more information about the vulnerabilities run:'),
|
28
|
-
cmd: Util::BashColor.magenta(' > bundle exec bundle-audit check --update'))
|
25
|
+
def self.total(package_type, pkgs)
|
26
|
+
puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{package_type}s.\n")
|
29
27
|
end
|
30
28
|
|
31
|
-
def self.
|
32
|
-
|
29
|
+
def self.statistics(package_type, pkgs)
|
30
|
+
outdated = pkgs.count(&:outdated?)
|
31
|
+
deprecated = pkgs.count(&:deprecated?)
|
32
|
+
vulnerable = pkgs.count(&:vulnerable?)
|
33
|
+
|
34
|
+
vulnerabilities = pkgs.sum { |pkg| pkg.vulnerabilities.length }
|
35
|
+
|
36
|
+
puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{package_type}s.\n" \
|
37
|
+
"#{vulnerable} vulnerable (#{vulnerabilities} vulnerabilities), " \
|
38
|
+
"#{outdated} outdated, #{deprecated} deprecated.\n")
|
33
39
|
end
|
34
40
|
|
35
41
|
def self.risk # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
36
|
-
puts Util::BashColor.blue('1. Check if the
|
42
|
+
puts Util::BashColor.blue('1. Check if the package has a security vulnerability.')
|
37
43
|
puts ' If yes, the following vulnerability -> risk mapping is used:'
|
38
44
|
puts " - #{Util::BashColor.red('unknown')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
|
39
45
|
puts " - #{Util::BashColor.red('critical')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
|
40
46
|
puts " - #{Util::BashColor.red('high')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
|
41
47
|
puts " - #{Util::BashColor.orange('medium')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk"
|
48
|
+
puts " - #{Util::BashColor.orange('moderate')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
|
42
49
|
puts " - #{Util::BashColor.yellow('low')} vulnerability\t-> #{Util::BashColor.yellow('low')} risk"
|
43
50
|
|
44
51
|
puts
|
45
52
|
|
46
|
-
puts Util::BashColor.blue('2. Check the
|
47
|
-
puts " If no new releases by author for at least #{Const::YEARS_ELAPSED_TO_BE_OUTDATED} years:"
|
53
|
+
puts Util::BashColor.blue('2. Check the package for potential deprecation.')
|
54
|
+
puts " If no new releases by author for at least #{Const::Time::YEARS_ELAPSED_TO_BE_OUTDATED} years:"
|
48
55
|
puts " - assign the risk to\t-> #{Util::BashColor.orange('medium')} risk"
|
49
56
|
|
50
57
|
puts
|
51
58
|
|
52
|
-
puts Util::BashColor.blue('3. Check if a newer version of the
|
59
|
+
puts Util::BashColor.blue('3. Check if a newer version of the package is available.')
|
53
60
|
|
54
61
|
puts ' If yes, assign risk as follows:'
|
55
62
|
puts " - #{Util::BashColor.orange('major version')} mismatch\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
|
@@ -65,8 +72,8 @@ module Package
|
|
65
72
|
|
66
73
|
puts
|
67
74
|
|
68
|
-
puts Util::BashColor.blue('5. Check whether the
|
69
|
-
puts ' If a
|
75
|
+
puts Util::BashColor.blue('5. Check whether the package is used in production or not.')
|
76
|
+
puts ' If a package is limited to a non-production environment:'
|
70
77
|
puts " - cap risk severity to\t -> #{Util::BashColor.orange('medium')} risk"
|
71
78
|
end
|
72
79
|
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Package
|
2
|
+
module Audit
|
3
|
+
class CommandService
|
4
|
+
NODE_MODULE: String
|
5
|
+
RUBY_GEM: String
|
6
|
+
|
7
|
+
@dir: String
|
8
|
+
@options: Hash[Symbol, untyped]
|
9
|
+
|
10
|
+
def initialize: (String, Hash[Symbol, untyped]) -> void
|
11
|
+
|
12
|
+
def all: -> bool
|
13
|
+
|
14
|
+
def deprecated: -> bool
|
15
|
+
|
16
|
+
def outdated: -> bool
|
17
|
+
|
18
|
+
def vulnerable: -> bool
|
19
|
+
|
20
|
+
private
|
21
|
+
|
22
|
+
def node?: -> bool?
|
23
|
+
|
24
|
+
def print_success_message: (String) -> void
|
25
|
+
|
26
|
+
def ruby?: -> bool?
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Package
|
2
|
+
module Audit
|
3
|
+
module Npm
|
4
|
+
class NodeCollection
|
5
|
+
PACKAGE_JSON: String
|
6
|
+
PACKAGE_LOCK: String
|
7
|
+
YARN_LOCK: String
|
8
|
+
|
9
|
+
@dir: String
|
10
|
+
|
11
|
+
def initialize: (String) -> void
|
12
|
+
|
13
|
+
def all: -> Array[Package]
|
14
|
+
|
15
|
+
def deprecated: -> Array[Package]
|
16
|
+
|
17
|
+
def outdated: -> Array[Package]
|
18
|
+
|
19
|
+
def vulnerable: -> Array[Package]
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def fetch_from_lock_file: -> Array[Package]
|
24
|
+
|
25
|
+
def fetch_from_package_json: -> Array[Hash[Symbol, untyped]]
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module Package
|
2
|
+
module Audit
|
3
|
+
module Npm
|
4
|
+
class NpmMetaData
|
5
|
+
REGISTRY_URL: String
|
6
|
+
|
7
|
+
@packages: Array[Package]
|
8
|
+
|
9
|
+
def initialize: (Array[Package]) -> void
|
10
|
+
|
11
|
+
def fetch: -> Array[Package]
|
12
|
+
|
13
|
+
private
|
14
|
+
|
15
|
+
def update_meta_data: (Package, Hash[Symbol, untyped]) -> void
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module Package
|
2
|
+
module Audit
|
3
|
+
module Npm
|
4
|
+
class VulnerabilityFinder
|
5
|
+
AUDIT_ADVISORY_REGEX: Regexp
|
6
|
+
|
7
|
+
@dir: String
|
8
|
+
@pkg_hash: Hash[String, Package]
|
9
|
+
@vuln_hash: Hash[String?, Package]
|
10
|
+
|
11
|
+
def initialize: (String, Array[Package]) -> void
|
12
|
+
|
13
|
+
def run: -> Array[Package]
|
14
|
+
|
15
|
+
private
|
16
|
+
|
17
|
+
def update_meta_data: (Hash[Symbol, untyped])-> void
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module Package
|
2
|
+
module Audit
|
3
|
+
module Npm
|
4
|
+
class YarnLockParser
|
5
|
+
@yarn_lock_file: String
|
6
|
+
@yarn_lock_path: String
|
7
|
+
|
8
|
+
def initialize: (String) -> void
|
9
|
+
|
10
|
+
def fetch: (Hash[Symbol, untyped], Hash[Symbol, untyped]) -> Array[Package]
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
def fetch_package_block: (Symbol, String) -> String
|
15
|
+
|
16
|
+
def fetch_package_version: (Symbol, String) -> String
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -1,8 +1,8 @@
|
|
1
1
|
module Package
|
2
2
|
module Audit
|
3
|
-
class
|
3
|
+
class Package
|
4
4
|
@groups: Array[Symbol]
|
5
|
-
@
|
5
|
+
@risks: Array[Risk]
|
6
6
|
@vulnerabilities: Array[String]
|
7
7
|
|
8
8
|
attr_accessor groups: Array[Symbol]
|
@@ -13,14 +13,22 @@ module Package
|
|
13
13
|
attr_accessor version_date: String
|
14
14
|
attr_accessor vulnerabilities: Array[String]
|
15
15
|
|
16
|
-
def initialize: (String, String) -> void
|
16
|
+
def initialize: (String, String, **untyped) -> void
|
17
|
+
|
18
|
+
def deprecated?: -> bool
|
19
|
+
|
20
|
+
def full_name: -> String
|
17
21
|
|
18
22
|
def group_list: -> String
|
19
23
|
|
20
|
-
def
|
24
|
+
def outdated?: -> bool
|
21
25
|
|
22
26
|
def risk: -> Risk
|
23
27
|
|
28
|
+
def risk?: -> bool
|
29
|
+
|
30
|
+
def risks: -> Array[Risk]
|
31
|
+
|
24
32
|
def risk_explanation: -> String?
|
25
33
|
|
26
34
|
def risk_type: -> String
|
@@ -30,6 +38,8 @@ module Package
|
|
30
38
|
def update: (**untyped) -> void
|
31
39
|
|
32
40
|
def vulnerabilities_grouped: -> String
|
41
|
+
|
42
|
+
def vulnerable?: -> bool
|
33
43
|
end
|
34
44
|
end
|
35
45
|
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Package
|
2
|
+
module Audit
|
3
|
+
class Printer
|
4
|
+
BASH_FORMATTING_REGEX: Regexp
|
5
|
+
COLUMN_GAP: Integer
|
6
|
+
CSV_HEADERS: Hash[Symbol, String]
|
7
|
+
|
8
|
+
@pkgs: Array[Package]
|
9
|
+
@options: Hash[Symbol, untyped]
|
10
|
+
|
11
|
+
def initialize: (Array[Package], Hash[Symbol, untyped]) -> void
|
12
|
+
|
13
|
+
def print: (Array[Symbol]) -> void
|
14
|
+
|
15
|
+
private
|
16
|
+
|
17
|
+
def check_fields: (Array[Symbol]) -> void
|
18
|
+
|
19
|
+
def csv: (Array[Symbol], ?exclude_headers: bool) -> void
|
20
|
+
|
21
|
+
def pretty: (?Array[Symbol]) -> void
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -1,19 +1,19 @@
|
|
1
1
|
module Package
|
2
2
|
module Audit
|
3
3
|
class RiskCalculator
|
4
|
-
@
|
4
|
+
@pkg: Package
|
5
5
|
|
6
|
-
def initialize: (
|
6
|
+
def initialize: (Package) -> void
|
7
7
|
|
8
|
-
def find: -> Risk
|
8
|
+
def find: -> Array[Risk]
|
9
9
|
|
10
10
|
private
|
11
11
|
|
12
|
-
def
|
12
|
+
def assess_deprecation_risks: -> Array[Risk]
|
13
13
|
|
14
|
-
def
|
14
|
+
def assess_version_risks: -> Array[Risk]
|
15
15
|
|
16
|
-
def
|
16
|
+
def assess_vulnerability_risks: -> Array[Risk]
|
17
17
|
|
18
18
|
def production_dependency?: -> bool
|
19
19
|
end
|
@@ -2,13 +2,17 @@ module Package
|
|
2
2
|
module Audit
|
3
3
|
module Ruby
|
4
4
|
class GemCollection
|
5
|
-
|
5
|
+
@dir: String
|
6
6
|
|
7
|
-
def
|
7
|
+
def initialize: (String) -> void
|
8
8
|
|
9
|
-
def
|
9
|
+
def all: -> Array[Package]
|
10
10
|
|
11
|
-
def
|
11
|
+
def deprecated: -> Array[Package]
|
12
|
+
|
13
|
+
def outdated: (?include_implicit: bool) -> Array[Package]
|
14
|
+
|
15
|
+
def vulnerable: -> Array[Package]
|
12
16
|
end
|
13
17
|
end
|
14
18
|
end
|
@@ -2,21 +2,20 @@ module Package
|
|
2
2
|
module Audit
|
3
3
|
module Ruby
|
4
4
|
class GemMetaData
|
5
|
-
@
|
5
|
+
@gem_hash: Hash[String, Package]
|
6
|
+
@pkgs: Array[Package]
|
6
7
|
|
7
|
-
|
8
|
+
def initialize: (Array[Package]) -> void
|
8
9
|
|
9
|
-
def
|
10
|
+
def fetch: -> Array[Package]
|
10
11
|
|
11
|
-
def
|
12
|
-
|
13
|
-
def find: -> Array[Dependency]
|
12
|
+
def find: -> Array[Package]
|
14
13
|
|
15
14
|
private
|
16
15
|
|
17
|
-
def assign_groups: -> Array[
|
16
|
+
def assign_groups: -> Array[Package]
|
18
17
|
|
19
|
-
def find_rubygems_metadata: -> Array[
|
18
|
+
def find_rubygems_metadata: -> Array[Package]
|
20
19
|
end
|
21
20
|
end
|
22
21
|
end
|
@@ -2,7 +2,16 @@ module Package
|
|
2
2
|
module Audit
|
3
3
|
module Ruby
|
4
4
|
class VulnerabilityFinder
|
5
|
-
|
5
|
+
@dir: String
|
6
|
+
@vuln_hash: Hash[String?, Package]
|
7
|
+
|
8
|
+
def initialize: (String) -> void
|
9
|
+
|
10
|
+
def run: -> Array[Package]
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
def update_meta_data: (Hash[Symbol, untyped]) -> void
|
6
15
|
end
|
7
16
|
end
|
8
17
|
end
|
@@ -4,17 +4,15 @@ module Package
|
|
4
4
|
module SummaryPrinter
|
5
5
|
def self.deprecated: -> void
|
6
6
|
|
7
|
-
def self.outdated: -> void
|
8
|
-
|
9
7
|
def self.report: -> void
|
10
8
|
|
11
9
|
def self.risk: -> void
|
12
10
|
|
13
|
-
def self.
|
11
|
+
def self.statistics: (String, Array[Package]) -> void
|
14
12
|
|
15
|
-
def self.
|
13
|
+
def self.total: (String, Array[Package]) -> void
|
16
14
|
|
17
|
-
def
|
15
|
+
def self.vulnerable: (String, String) -> void
|
18
16
|
end
|
19
17
|
end
|
20
18
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: package-audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Vadim Kononov
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-07-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler-audit
|
@@ -49,9 +49,12 @@ extra_rdoc_files: []
|
|
49
49
|
files:
|
50
50
|
- exe/package-audit
|
51
51
|
- lib/package/audit/cli.rb
|
52
|
-
- lib/package/audit/
|
53
|
-
- lib/package/audit/
|
54
|
-
- lib/package/audit/
|
52
|
+
- lib/package/audit/command_service.rb
|
53
|
+
- lib/package/audit/const/cmd.rb
|
54
|
+
- lib/package/audit/const/fields.rb
|
55
|
+
- lib/package/audit/const/file.rb
|
56
|
+
- lib/package/audit/const/time.rb
|
57
|
+
- lib/package/audit/duplicate_package_merger.rb
|
55
58
|
- lib/package/audit/enum/environment.rb
|
56
59
|
- lib/package/audit/enum/risk_explanation.rb
|
57
60
|
- lib/package/audit/enum/risk_type.rb
|
@@ -61,6 +64,12 @@ files:
|
|
61
64
|
- lib/package/audit/formatter/version.rb
|
62
65
|
- lib/package/audit/formatter/version_date.rb
|
63
66
|
- lib/package/audit/formatter/vulnerability.rb
|
67
|
+
- lib/package/audit/npm/node_collection.rb
|
68
|
+
- lib/package/audit/npm/npm_meta_data.rb
|
69
|
+
- lib/package/audit/npm/vulnerability_finder.rb
|
70
|
+
- lib/package/audit/npm/yarn_lock_parser.rb
|
71
|
+
- lib/package/audit/package.rb
|
72
|
+
- lib/package/audit/printer.rb
|
64
73
|
- lib/package/audit/risk.rb
|
65
74
|
- lib/package/audit/risk_calculator.rb
|
66
75
|
- lib/package/audit/ruby/bundler_specs.rb
|
@@ -70,10 +79,13 @@ files:
|
|
70
79
|
- lib/package/audit/util/bash_color.rb
|
71
80
|
- lib/package/audit/util/summary_printer.rb
|
72
81
|
- lib/package/audit/version.rb
|
73
|
-
- sig/const.rbs
|
74
82
|
- sig/package/audit/cli.rbs
|
75
|
-
- sig/package/audit/
|
76
|
-
- sig/package/audit/
|
83
|
+
- sig/package/audit/command_service.rbs
|
84
|
+
- sig/package/audit/const/cmd.rbs
|
85
|
+
- sig/package/audit/const/fields.rbs
|
86
|
+
- sig/package/audit/const/file.rbs
|
87
|
+
- sig/package/audit/const/time.rbs
|
88
|
+
- sig/package/audit/duplicate_package_merger.rbs
|
77
89
|
- sig/package/audit/enum/environment.rbs
|
78
90
|
- sig/package/audit/enum/risk_explanation.rbs
|
79
91
|
- sig/package/audit/enum/risk_type.rbs
|
@@ -83,6 +95,12 @@ files:
|
|
83
95
|
- sig/package/audit/formatter/version_date.rbs
|
84
96
|
- sig/package/audit/formatter/version_printer.rbs
|
85
97
|
- sig/package/audit/formatter/vulnerability.rbs
|
98
|
+
- sig/package/audit/npm/node_collection.rbs
|
99
|
+
- sig/package/audit/npm/npm_meta_data.rbs
|
100
|
+
- sig/package/audit/npm/vulnerability_finder.rbs
|
101
|
+
- sig/package/audit/npm/yarn_lock_parser.rbs
|
102
|
+
- sig/package/audit/package.rbs
|
103
|
+
- sig/package/audit/printer.rbs
|
86
104
|
- sig/package/audit/risk.rbs
|
87
105
|
- sig/package/audit/risk_calculator.rbs
|
88
106
|
- sig/package/audit/ruby/bundler_specs.rbs
|
@@ -114,7 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
114
132
|
- !ruby/object:Gem::Version
|
115
133
|
version: '0'
|
116
134
|
requirements: []
|
117
|
-
rubygems_version: 3.4.
|
135
|
+
rubygems_version: 3.4.12
|
118
136
|
signing_key:
|
119
137
|
specification_version: 4
|
120
138
|
summary: A helper tool to find outdated, deprecated and vulnerable dependencies.
|
data/lib/package/audit/const.rb
DELETED
@@ -1,57 +0,0 @@
|
|
1
|
-
require_relative './risk'
|
2
|
-
require_relative './risk_calculator'
|
3
|
-
require_relative './enum/environment'
|
4
|
-
require_relative './enum/risk_type'
|
5
|
-
require_relative './enum/risk_explanation'
|
6
|
-
|
7
|
-
module Package
|
8
|
-
module Audit
|
9
|
-
class Dependency
|
10
|
-
attr_reader :name, :version
|
11
|
-
attr_accessor :groups, :version_date, :latest_version, :latest_version_date, :vulnerabilities
|
12
|
-
|
13
|
-
def initialize(name, version)
|
14
|
-
@name = name.to_s
|
15
|
-
@version = version.to_s
|
16
|
-
@groups = []
|
17
|
-
@vulnerabilities = []
|
18
|
-
end
|
19
|
-
|
20
|
-
def update(**attr)
|
21
|
-
attr.each { |key, value| instance_variable_set("@#{key}", value) }
|
22
|
-
end
|
23
|
-
|
24
|
-
def risk
|
25
|
-
@risk ||= RiskCalculator.new(self).find || Risk.new(Enum::RiskType::NONE)
|
26
|
-
end
|
27
|
-
|
28
|
-
def risk?
|
29
|
-
risk.type != Enum::RiskType::NONE
|
30
|
-
end
|
31
|
-
|
32
|
-
def group_list
|
33
|
-
@groups.join('|')
|
34
|
-
end
|
35
|
-
|
36
|
-
def vulnerabilities_grouped
|
37
|
-
@vulnerabilities.group_by(&:itself).map { |k, v| "#{k}(#{v.length})" }.join('|')
|
38
|
-
end
|
39
|
-
|
40
|
-
def risk_type
|
41
|
-
risk.type
|
42
|
-
end
|
43
|
-
|
44
|
-
def risk_explanation
|
45
|
-
risk.explanation
|
46
|
-
end
|
47
|
-
|
48
|
-
def to_csv(fields)
|
49
|
-
fields.map { |field| send(field) }.join(',')
|
50
|
-
end
|
51
|
-
|
52
|
-
def to_s
|
53
|
-
"#{@name} #{@version} - [#{@groups.sort.join(', ')}]"
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|