package-audit 0.2.0 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (59) hide show
  1. checksums.yaml +4 -4
  2. data/lib/package/audit/cli.rb +42 -42
  3. data/lib/package/audit/const/cmd.rb +3 -3
  4. data/lib/package/audit/const/fields.rb +4 -4
  5. data/lib/package/audit/const/file.rb +1 -0
  6. data/lib/package/audit/const/yaml.rb +13 -0
  7. data/lib/package/audit/enum/option.rb +13 -0
  8. data/lib/package/audit/enum/report.rb +12 -0
  9. data/lib/package/audit/enum/technology.rb +14 -0
  10. data/lib/package/audit/formatter/risk.rb +1 -1
  11. data/lib/package/audit/formatter/version.rb +1 -1
  12. data/lib/package/audit/formatter/version_date.rb +1 -1
  13. data/lib/package/audit/formatter/vulnerability.rb +1 -1
  14. data/lib/package/audit/{package.rb → models/package.rb} +8 -7
  15. data/lib/package/audit/npm/node_collection.rb +25 -14
  16. data/lib/package/audit/npm/vulnerability_finder.rb +4 -3
  17. data/lib/package/audit/npm/yarn_lock_parser.rb +10 -6
  18. data/lib/package/audit/ruby/bundler_specs.rb +16 -9
  19. data/lib/package/audit/ruby/gem_collection.rb +36 -15
  20. data/lib/package/audit/ruby/gem_meta_data.rb +1 -1
  21. data/lib/package/audit/ruby/vulnerability_finder.rb +4 -3
  22. data/lib/package/audit/services/command_parser.rb +103 -0
  23. data/lib/package/audit/services/package_filter.rb +39 -0
  24. data/lib/package/audit/services/package_finder.rb +58 -0
  25. data/lib/package/audit/{printer.rb → services/package_printer.rb} +12 -11
  26. data/lib/package/audit/{risk_calculator.rb → services/risk_calculator.rb} +8 -4
  27. data/lib/package/audit/technology/detector.rb +40 -0
  28. data/lib/package/audit/technology/validator.rb +56 -0
  29. data/lib/package/audit/util/summary_printer.rb +22 -11
  30. data/lib/package/audit/version.rb +1 -1
  31. data/sig/package/audit/cli.rbs +2 -0
  32. data/sig/package/audit/const/fields.rbs +2 -1
  33. data/sig/package/audit/const/file.rbs +1 -0
  34. data/sig/package/audit/const/yaml.rbs +13 -0
  35. data/sig/package/audit/enum/option.rbs +13 -0
  36. data/sig/package/audit/enum/report.rbs +12 -0
  37. data/sig/package/audit/enum/technology.rbs +12 -0
  38. data/sig/package/audit/{package.rbs → models/package.rbs} +3 -1
  39. data/sig/package/audit/{risk.rbs → models/risk.rbs} +1 -1
  40. data/sig/package/audit/npm/node_collection.rbs +4 -5
  41. data/sig/package/audit/npm/vulnerability_finder.rbs +3 -2
  42. data/sig/package/audit/npm/yarn_lock_parser.rbs +1 -0
  43. data/sig/package/audit/ruby/bundler_specs.rbs +2 -2
  44. data/sig/package/audit/ruby/gem_collection.rbs +11 -4
  45. data/sig/package/audit/ruby/vulnerability_finder.rbs +3 -0
  46. data/sig/package/audit/services/command_parser.rbs +31 -0
  47. data/sig/package/audit/services/package_filter.rbs +19 -0
  48. data/sig/package/audit/services/package_finder.rbs +23 -0
  49. data/sig/package/audit/{printer.rbs → services/package_printer.rbs} +3 -3
  50. data/sig/package/audit/technology/detector.rbs +19 -0
  51. data/sig/package/audit/technology/validator.rbs +19 -0
  52. data/sig/package/audit/util/summary_printer.rbs +5 -5
  53. metadata +30 -14
  54. data/lib/package/audit/command_service.rb +0 -187
  55. data/sig/package/audit/command_service.rbs +0 -29
  56. /data/lib/package/audit/{risk.rb → models/risk.rb} +0 -0
  57. /data/lib/package/audit/{duplicate_package_merger.rb → services/duplicate_package_merger.rb} +0 -0
  58. /data/sig/package/audit/{duplicate_package_merger.rbs → services/duplicate_package_merger.rbs} +0 -0
  59. /data/sig/package/audit/{risk_calculator.rbs → services/risk_calculator.rbs} +0 -0
data/lib/package/audit/services/command_parser.rb ADDED
@@ -0,0 +1,103 @@
1
+ require_relative '../const/cmd'
2
+ require_relative '../const/file'
3
+ require_relative '../enum/option'
4
+ require_relative '../enum/report'
5
+ require_relative '../technology/detector'
6
+ require_relative '../technology/validator'
7
+ require_relative '../util/summary_printer'
8
+ require_relative 'package_finder'
9
+ require_relative 'package_printer'
10
+
11
+ require 'yaml'
12
+
13
+ module Package
14
+ module Audit
15
+ class CommandParser
16
+ def initialize(dir, options, report)
17
+ @dir = dir
18
+ @options = options
19
+ @report = report
20
+ @config = parse_config_file
21
+ @technologies = parse_technologies
22
+ end
23
+
24
+ def run
25
+ cumulative_pkgs = []
26
+
27
+ @technologies.each do |technology|
28
+ all_pkgs, ignored_pkgs = PackageFinder.new(@config, @dir, @report).run(technology)
29
+ ignored_pkgs = [] if @options[Enum::Option::INCLUDE_IGNORED]
30
+ cumulative_pkgs << all_pkgs
31
+ print_results(technology, (all_pkgs || []) - (ignored_pkgs || []), ignored_pkgs || [])
32
+ end
33
+
34
+ cumulative_pkgs.any?
35
+ end
36
+
37
+ private
38
+
39
+ def print_results(technology, pkgs, ignored_pkgs)
40
+ PackagePrinter.new(@options, pkgs).print(report_fields)
41
+ print_summary(technology, pkgs, ignored_pkgs) unless @options[Enum::Option::CSV]
42
+ print_disclaimer(technology) unless @options[Enum::Option::CSV] || pkgs.empty?
43
+ end
44
+
45
+ def print_summary(technology, pkgs, ignored_pkgs)
46
+ if @report == Enum::Report::ALL
47
+ Util::SummaryPrinter.statistics(technology, @report, pkgs, ignored_pkgs)
48
+ else
49
+ Util::SummaryPrinter.total(technology, @report, pkgs, ignored_pkgs)
50
+ end
51
+ end
52
+
53
+ def print_disclaimer(technology)
54
+ case @report
55
+ when Enum::Report::DEPRECATED
56
+ Util::SummaryPrinter.deprecated
57
+ when Enum::Report::ALL, Enum::Report::VULNERABLE
58
+ Util::SummaryPrinter.vulnerable(technology, learn_more_command(technology))
59
+ end
60
+ end
61
+
62
+ def learn_more_command(technology)
63
+ case technology
64
+ when Enum::Technology::RUBY
65
+ Const::Cmd::BUNDLE_AUDIT
66
+ when Enum::Technology::NODE
67
+ Const::Cmd::YARN_AUDIT
68
+ else
69
+ raise ArgumentError, "Unexpected technology \"#{technology}\" found in #{__method__}"
70
+ end
71
+ end
72
+
73
+ def report_fields
74
+ case @report
75
+ when Enum::Report::DEPRECATED
76
+ Const::Fields::DEPRECATED
77
+ when Enum::Report::OUTDATED
78
+ Const::Fields::OUTDATED
79
+ when Enum::Report::VULNERABLE
80
+ Const::Fields::VULNERABLE
81
+ else
82
+ Const::Fields::ALL
83
+ end
84
+ end
85
+
86
+ def parse_config_file
87
+ if @options[Enum::Option::CONFIG].nil?
88
+ YAML.load_file("#{@dir}/#{Const::File::CONFIG}") if File.exist? "#{@dir}/#{Const::File::CONFIG}"
89
+ elsif File.exist? @options[Enum::Option::CONFIG]
90
+ YAML.load_file(@options[Enum::Option::CONFIG])
91
+ else
92
+ raise ArgumentError, "Configuration file not found: #{@options[Enum::Option::CONFIG]}"
93
+ end
94
+ end
95
+
96
+ def parse_technologies
97
+ technology_validator = Technology::Validator.new(@dir)
98
+ @options[Enum::Option::TECHNOLOGY]&.each { |technology| technology_validator.validate! technology }
99
+ @options[Enum::Option::TECHNOLOGY] || Technology::Detector.new(@dir).detect
100
+ end
101
+ end
102
+ end
103
+ end
data/lib/package/audit/services/package_filter.rb ADDED
@@ -0,0 +1,39 @@
1
+ require_relative '../const/cmd'
2
+ require_relative '../const/file'
3
+ require_relative '../const/yaml'
4
+ require_relative '../enum/technology'
5
+ require_relative '../ruby/gem_collection'
6
+
7
+ require 'yaml'
8
+
9
+ module Package
10
+ module Audit
11
+ class PackageFilter
12
+ def initialize(config)
13
+ @config = config
14
+ end
15
+
16
+ def ignored?(pkg)
17
+ pkg_yaml = pkg_yaml_from_config(pkg)
18
+ pkg_version_in_config?(pkg, pkg_yaml) && ignore_package?(pkg, pkg_yaml)
19
+ end
20
+
21
+ private
22
+
23
+ def pkg_yaml_from_config(pkg)
24
+ yaml_fragment = @config&.dig(Const::YAML::TECHNOLOGY, pkg.technology, pkg.name)&.to_yaml
25
+ yaml_fragment.nil? ? nil : YAML.safe_load(yaml_fragment)
26
+ end
27
+
28
+ def pkg_version_in_config?(pkg, yaml)
29
+ yaml&.dig(Const::YAML::VERSION) == pkg.version
30
+ end
31
+
32
+ def ignore_package?(pkg, yaml)
33
+ (!pkg.deprecated? || yaml&.dig(Const::YAML::DEPRECATED) == false) &&
34
+ (!pkg.outdated? || yaml&.dig(Const::YAML::OUTDATED) == false) &&
35
+ (!pkg.vulnerable? || yaml&.dig(Const::YAML::VULNERABLE) == false)
36
+ end
37
+ end
38
+ end
39
+ end
data/lib/package/audit/services/package_finder.rb ADDED
@@ -0,0 +1,58 @@
1
+ require_relative '../const/cmd'
2
+ require_relative '../const/file'
3
+ require_relative '../const/yaml'
4
+ require_relative '../enum/technology'
5
+ require_relative '../npm/node_collection'
6
+ require_relative '../ruby/gem_collection'
7
+ require_relative 'package_filter'
8
+
9
+ require 'yaml'
10
+
11
+ module Package
12
+ module Audit
13
+ class PackageFinder
14
+ def initialize(config, dir, report)
15
+ @config = config
16
+ @dir = dir
17
+ @report = report
18
+ end
19
+
20
+ def run(technology)
21
+ all_pkgs = find_by_technology(technology)
22
+ ignored_pkgs = filter_pkgs_based_on_config(all_pkgs)
23
+ [all_pkgs, ignored_pkgs]
24
+ end
25
+
26
+ private
27
+
28
+ def find_by_technology(technology)
29
+ case technology
30
+ when Enum::Technology::RUBY
31
+ find_ruby
32
+ when Enum::Technology::NODE
33
+ find_node
34
+ else
35
+ []
36
+ end
37
+ end
38
+
39
+ def find_node
40
+ Npm::NodeCollection.new(@dir, @report).fetch
41
+ end
42
+
43
+ def find_ruby
44
+ Ruby::GemCollection.new(@dir, @report).fetch
45
+ end
46
+
47
+ def filter_pkgs_based_on_config(pkgs)
48
+ package_filter = PackageFilter.new(@config)
49
+ ignored_pkgs = []
50
+
51
+ pkgs.each do |pkg|
52
+ ignored_pkgs << pkg if package_filter.ignored?(pkg)
53
+ end
54
+ ignored_pkgs
55
+ end
56
+ end
57
+ end
58
+ end
data/lib/package/audit/{printer.rb → services/package_printer.rb} RENAMED
@@ -1,27 +1,28 @@
1
- require_relative './const/fields'
2
- require_relative './formatter/risk'
3
- require_relative './formatter/version'
4
- require_relative './formatter/version_date'
5
- require_relative './formatter/vulnerability'
1
+ require_relative '../const/fields'
2
+ require_relative '../enum/option'
3
+ require_relative '../formatter/risk'
4
+ require_relative '../formatter/version'
5
+ require_relative '../formatter/version_date'
6
+ require_relative '../formatter/vulnerability'
6
7
 
7
8
  module Package
8
9
  module Audit
9
- class Printer
10
+ class PackagePrinter
10
11
  BASH_FORMATTING_REGEX = /\e\[\d+(?:;\d+)*m/
11
12
 
12
13
  COLUMN_GAP = 2
13
14
 
14
- def initialize(pkgs, options)
15
- @pkgs = pkgs
15
+ def initialize(options, pkgs)
16
16
  @options = options
17
+ @pkgs = pkgs
17
18
  end
18
19
 
19
20
  def print(fields)
20
21
  check_fields(fields)
21
22
  return if @pkgs.empty?
22
23
 
23
- if @options[:csv]
24
- csv(fields, exclude_headers: @options[:'exclude-headers'])
24
+ if @options[Enum::Option::CSV]
25
+ csv(fields, exclude_headers: @options[Enum::Option::CSV_EXCLUDE_HEADERS])
25
26
  else
26
27
  pretty(fields)
27
28
  end
@@ -38,7 +39,7 @@ module Package
38
39
  "Available fields names are: #{Const::Fields::ALL}."
39
40
  end
40
41
 
41
- def pretty(fields = Const::Fields::REPORT) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
42
+ def pretty(fields = Const::Fields::ALL) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
42
43
  # find the maximum length of each field across all the packages so we know how many
43
44
  # characters of horizontal space to allocate for each field when printing
44
45
  fields.each do |key|
data/lib/package/audit/{risk_calculator.rb → services/risk_calculator.rb} RENAMED
@@ -1,4 +1,7 @@
1
- require_relative './const/time'
1
+ require_relative '../const/time'
2
+ require_relative '../enum/vulnerability_type'
3
+
4
+ require 'time'
2
5
 
3
6
  module Package
4
7
  module Audit
@@ -62,12 +65,13 @@ module Package
62
65
  end
63
66
 
64
67
  def assess_deprecation_risks
68
+ risk = Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::POTENTIAL_DEPRECATION)
69
+ return [risk] if @pkg.latest_version_date.nil?
70
+
65
71
  risks = []
66
72
  seconds_since_date = (Time.now - Time.parse(@pkg.latest_version_date)).to_i
67
73
 
68
- if seconds_since_date >= Const::Time::SECONDS_ELAPSED_TO_BE_OUTDATED
69
- risks << Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::POTENTIAL_DEPRECATION)
70
- end
74
+ risks << risk if seconds_since_date >= Const::Time::SECONDS_ELAPSED_TO_BE_OUTDATED
71
75
  risks
72
76
  end
73
77
 
data/lib/package/audit/technology/detector.rb ADDED
@@ -0,0 +1,40 @@
1
+ require_relative '../const/cmd'
2
+ require_relative '../const/file'
3
+ require_relative '../enum/report'
4
+ require_relative '../enum/technology'
5
+
6
+ require 'yaml'
7
+
8
+ module Package
9
+ module Audit
10
+ module Technology
11
+ class Detector
12
+ def initialize(dir)
13
+ @dir = dir
14
+ end
15
+
16
+ def detect
17
+ technologies = []
18
+ technologies << Enum::Technology::RUBY if ruby?
19
+ technologies << Enum::Technology::NODE if node?
20
+ technologies.sort
21
+ end
22
+
23
+ private
24
+
25
+ def node?
26
+ package_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_JSON}")
27
+ package_lock_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_LOCK_JSON}")
28
+ yarn_lock_present = File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")
29
+ package_json_present && (package_lock_json_present || yarn_lock_present)
30
+ end
31
+
32
+ def ruby?
33
+ gemfile_present = File.exist?("#{@dir}/#{Const::File::GEMFILE}")
34
+ gemfile_lock_present = File.exist?("#{@dir}/#{Const::File::GEMFILE_LOCK}")
35
+ gemfile_present && gemfile_lock_present
36
+ end
37
+ end
38
+ end
39
+ end
40
+ end
data/lib/package/audit/technology/validator.rb ADDED
@@ -0,0 +1,56 @@
1
+ require_relative '../const/file'
2
+ require_relative '../enum/technology'
3
+
4
+ module Package
5
+ module Audit
6
+ module Technology
7
+ class Validator
8
+ def initialize(dir)
9
+ @dir = dir
10
+ end
11
+
12
+ def validate!(technology)
13
+ case technology
14
+ when Enum::Technology::NODE
15
+ validate_node!
16
+ when Enum::Technology::RUBY
17
+ validate_ruby!
18
+ else
19
+ raise ArgumentError, "\"#{technology}\" is not a supported technology, " \
20
+ "use one of #{Enum::Technology.all}"
21
+ end
22
+ end
23
+
24
+ private
25
+
26
+ def validate_node!
27
+ package_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_JSON}")
28
+ package_lock_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_LOCK_JSON}")
29
+ yarn_lock_present = File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")
30
+
31
+ unless package_json_present
32
+ puts Util::BashColor.red("\"#{Const::File::PACKAGE_JSON}\" was not found in #{@dir}")
33
+ end
34
+ unless package_lock_json_present || yarn_lock_present
35
+ puts Util::BashColor.red("\"#{Const::File::PACKAGE_LOCK_JSON}\" or \"#{Const::File::YARN_LOCK}\" " \
36
+ "was not found in #{@dir}")
37
+ end
38
+
39
+ exit 1 unless package_json_present && (package_lock_json_present || yarn_lock_present)
40
+ end
41
+
42
+ def validate_ruby!
43
+ gemfile_present = File.exist?("#{@dir}/#{Const::File::GEMFILE}")
44
+ gemfile_lock_present = File.exist?("#{@dir}/#{Const::File::GEMFILE_LOCK}")
45
+
46
+ puts Util::BashColor.red("\"#{Const::File::GEMFILE}\" was not found in #{@dir}") unless gemfile_present
47
+ unless gemfile_lock_present
48
+ puts Util::BashColor.red("\"#{Const::File::GEMFILE_LOCK}\" was not found in #{@dir}")
49
+ end
50
+
51
+ exit 1 unless gemfile_present && gemfile_lock_present
52
+ end
53
+ end
54
+ end
55
+ end
56
+ end
data/lib/package/audit/util/summary_printer.rb CHANGED
@@ -1,14 +1,14 @@
1
1
  require_relative '../const/time'
2
- require_relative './bash_color'
2
+ require_relative 'bash_color'
3
3
 
4
4
  module Package
5
5
  module Audit
6
6
  module Util
7
7
  module SummaryPrinter
8
- def self.report
8
+ def self.all
9
9
  printf("\n%<info>s\n%<cmd>s\n\n",
10
10
  info: Util::BashColor.blue('To show how risk is calculated run:'),
11
- cmd: Util::BashColor.magenta(' > bundle exec package-audit risk'))
11
+ cmd: Util::BashColor.magenta(' > package-audit risk'))
12
12
  end
13
13
 
14
14
  def self.deprecated
@@ -16,26 +16,37 @@ module Package
16
16
  puts Util::BashColor.blue("Please contact the package author for more information about its status.\n")
17
17
  end
18
18
 
19
- def self.vulnerable(package_type, cmd)
19
+ def self.vulnerable(technology, cmd)
20
20
  printf("%<info>s\n%<cmd>s\n\n",
21
- info: Util::BashColor.blue("To get more information about the #{package_type} vulnerabilities run:"),
21
+ info: Util::BashColor.blue("To get more information about the #{technology} vulnerabilities run:"),
22
22
  cmd: Util::BashColor.magenta(" > #{cmd}"))
23
23
  end
24
24
 
25
- def self.total(package_type, pkgs)
26
- puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{package_type}s.\n")
25
+ def self.total(technology, report, pkgs, ignored_pkgs)
26
+ if ignored_pkgs.any?
27
+ puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages " \
28
+ "(#{ignored_pkgs.length} ignored).\n")
29
+ elsif pkgs.any?
30
+ puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages.\n")
31
+ else
32
+ puts Util::BashColor.green("There are no #{report} #{technology} packages!\n")
33
+ end
27
34
  end
28
35
 
29
- def self.statistics(package_type, pkgs)
36
+ def self.statistics(technology, report, pkgs, ignored_pkgs)
30
37
  outdated = pkgs.count(&:outdated?)
31
38
  deprecated = pkgs.count(&:deprecated?)
32
39
  vulnerable = pkgs.count(&:vulnerable?)
33
40
 
34
41
  vulnerabilities = pkgs.sum { |pkg| pkg.vulnerabilities.length }
35
42
 
36
- puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{package_type}s.\n" \
37
- "#{vulnerable} vulnerable (#{vulnerabilities} vulnerabilities), " \
38
- "#{outdated} outdated, #{deprecated} deprecated.\n")
43
+ if pkgs.any?
44
+ puts Util::BashColor.cyan("#{vulnerable} vulnerable (#{vulnerabilities} vulnerabilities), " \
45
+ "#{outdated} outdated, #{deprecated} deprecated.")
46
+ total(technology, report, pkgs, ignored_pkgs)
47
+ else
48
+ puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology} packages!\n")
49
+ end
39
50
  end
40
51
 
41
52
  def self.risk # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
data/lib/package/audit/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Package
2
2
  module Audit
3
- VERSION = '0.2.0'
3
+ VERSION = '0.4.0'
4
4
  end
5
5
  end
data/sig/package/audit/cli.rbs CHANGED
@@ -9,6 +9,8 @@ module Package
9
9
 
10
10
  def report: (String) -> void
11
11
 
12
+ def respond_to_missing?: -> bool
13
+
12
14
  def risk: -> void
13
15
 
14
16
  def version: -> void
data/sig/package/audit/const/fields.rbs CHANGED
@@ -3,9 +3,10 @@ module Package
3
3
  module Const
4
4
  module Fields
5
5
  ALL: Array[Symbol]
6
+ AVAILABLE: Array[Symbol]
7
+ DEPRECATED: Array[Symbol]
6
8
  HEADERS: Hash[Symbol, String]
7
9
  OUTDATED: Array[Symbol]
8
- REPORT: Array[Symbol]
9
10
  VULNERABLE: Array[Symbol]
10
11
  end
11
12
  end
data/sig/package/audit/const/file.rbs CHANGED
@@ -2,6 +2,7 @@ module Package
2
2
  module Audit
3
3
  module Const
4
4
  module File
5
+ CONFIG: String
5
6
  GEMFILE: String
6
7
  GEMFILE_LOCK: String
7
8
  PACKAGE_JSON: String
data/sig/package/audit/const/yaml.rbs ADDED
@@ -0,0 +1,13 @@
1
+ module Package
2
+ module Audit
3
+ module Const
4
+ module YAML
5
+ DEPRECATED: String
6
+ OUTDATED: String
7
+ TECHNOLOGY: String
8
+ VERSION: String
9
+ VULNERABLE: String
10
+ end
11
+ end
12
+ end
13
+ end
data/sig/package/audit/enum/option.rbs ADDED
@@ -0,0 +1,13 @@
1
+ module Package
2
+ module Audit
3
+ module Enum
4
+ module Option
5
+ CONFIG: String
6
+ CSV: String
7
+ CSV_EXCLUDE_HEADERS: String
8
+ INCLUDE_IGNORED: String
9
+ TECHNOLOGY: String
10
+ end
11
+ end
12
+ end
13
+ end
data/sig/package/audit/enum/report.rbs ADDED
@@ -0,0 +1,12 @@
1
+ module Package
2
+ module Audit
3
+ module Enum
4
+ module Report
5
+ ALL: Symbol
6
+ DEPRECATED: Symbol
7
+ OUTDATED: Symbol
8
+ VULNERABLE: Symbol
9
+ end
10
+ end
11
+ end
12
+ end
data/sig/package/audit/enum/technology.rbs ADDED
@@ -0,0 +1,12 @@
1
+ module Package
2
+ module Audit
3
+ module Enum
4
+ module Technology
5
+ NODE: String
6
+ RUBY: String
7
+
8
+ def self.all: -> Array[String]
9
+ end
10
+ end
11
+ end
12
+ end
data/sig/package/audit/{package.rbs → models/package.rbs} RENAMED
@@ -3,17 +3,19 @@ module Package
3
3
  class Package
4
4
  @groups: Array[Symbol]
5
5
  @risks: Array[Risk]
6
+ @technology: String
6
7
  @vulnerabilities: Array[String]
7
8
 
8
9
  attr_accessor groups: Array[Symbol]
9
10
  attr_accessor latest_version: String
10
11
  attr_accessor latest_version_date: String
11
12
  attr_reader name: String
13
+ attr_reader technology: String
12
14
  attr_reader version: String
13
15
  attr_accessor version_date: String
14
16
  attr_accessor vulnerabilities: Array[String]
15
17
 
16
- def initialize: (String, String, **untyped) -> void
18
+ def initialize: (String, String, String, **untyped) -> void
17
19
 
18
20
  def deprecated?: -> bool
19
21
 
data/sig/package/audit/{risk.rbs → models/risk.rbs} RENAMED
@@ -4,7 +4,7 @@ module Package
4
4
  attr_reader explanation: String?
5
5
  attr_reader type: String
6
6
 
7
- def initialize: (String, ?String?)-> void
7
+ def initialize: (String, ?String?) -> void
8
8
 
9
9
  def <=>: (Risk) -> Integer?
10
10
  end
data/sig/package/audit/npm/node_collection.rbs CHANGED
@@ -2,18 +2,17 @@ module Package
2
2
  module Audit
3
3
  module Npm
4
4
  class NodeCollection
5
- PACKAGE_JSON: String
6
- PACKAGE_LOCK: String
7
- YARN_LOCK: String
8
-
9
5
  @dir: String
6
+ @report: Symbol
10
7
 
11
- def initialize: (String) -> void
8
+ def initialize: (String, Symbol) -> void
12
9
 
13
10
  def all: -> Array[Package]
14
11
 
15
12
  def deprecated: -> Array[Package]
16
13
 
14
+ def fetch: -> Array[Package]
15
+
17
16
  def outdated: -> Array[Package]
18
17
 
19
18
  def vulnerable: -> Array[Package]
data/sig/package/audit/npm/vulnerability_finder.rbs CHANGED
@@ -4,16 +4,17 @@ module Package
4
4
  class VulnerabilityFinder
5
5
  AUDIT_ADVISORY_REGEX: Regexp
6
6
 
7
+ @dir: String
7
8
  @pkg_hash: Hash[String, Package]
8
9
  @vuln_hash: Hash[String?, Package]
9
10
 
10
- def initialize: (Array[Package]) -> void
11
+ def initialize: (String, Array[Package]) -> void
11
12
 
12
13
  def run: -> Array[Package]
13
14
 
14
15
  private
15
16
 
16
- def update_meta_data: (Hash[Symbol, untyped])-> void
17
+ def update_meta_data: (Hash[Symbol, untyped]) -> void
17
18
  end
18
19
  end
19
20
  end
data/sig/package/audit/npm/yarn_lock_parser.rbs CHANGED
@@ -2,6 +2,7 @@ module Package
2
2
  module Audit
3
3
  module Npm
4
4
  class YarnLockParser
5
+ @yarn_lock_file: String
5
6
  @yarn_lock_path: String
6
7
 
7
8
  def initialize: (String) -> void
data/sig/package/audit/ruby/bundler_specs.rbs CHANGED
@@ -2,9 +2,9 @@ module Package
2
2
  module Audit
3
3
  module Ruby
4
4
  class BundlerSpecs
5
- def self.all: -> untyped
5
+ def self.all: (String) -> untyped
6
6
 
7
- def self.gemfile: -> untyped
7
+ def self.gemfile: (String) -> untyped
8
8
  end
9
9
  end
10
10
  end
data/sig/package/audit/ruby/gem_collection.rbs CHANGED
@@ -2,13 +2,20 @@ module Package
2
2
  module Audit
3
3
  module Ruby
4
4
  class GemCollection
5
- def self.all: -> Array[Package]
5
+ @dir: String
6
+ @report: Symbol
6
7
 
7
- def self.deprecated: -> Array[Package]
8
+ def initialize: (String, Symbol) -> void
8
9
 
9
- def self.outdated: (?include_implicit: bool) -> Array[Package]
10
+ def all: -> Array[Package]
10
11
 
11
- def self.vulnerable: -> Array[Package]
12
+ def deprecated: -> Array[Package]
13
+
14
+ def fetch: -> Array[Package]
15
+
16
+ def outdated: (?include_implicit: bool) -> Array[Package]
17
+
18
+ def vulnerable: -> Array[Package]
12
19
  end
13
20
  end
14
21
  end
data/sig/package/audit/ruby/vulnerability_finder.rbs CHANGED
@@ -2,8 +2,11 @@ module Package
2
2
  module Audit
3
3
  module Ruby
4
4
  class VulnerabilityFinder
5
+ @dir: String
5
6
  @vuln_hash: Hash[String?, Package]
6
7
 
8
+ def initialize: (String) -> void
9
+
7
10
  def run: -> Array[Package]
8
11
 
9
12
  private