package-audit 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. checksums.yaml +4 -4
  2. data/lib/package/audit/cli.rb +42 -42
  3. data/lib/package/audit/const/cmd.rb +3 -3
  4. data/lib/package/audit/const/fields.rb +4 -4
  5. data/lib/package/audit/const/file.rb +1 -0
  6. data/lib/package/audit/const/yaml.rb +13 -0
  7. data/lib/package/audit/enum/option.rb +13 -0
  8. data/lib/package/audit/enum/report.rb +12 -0
  9. data/lib/package/audit/enum/technology.rb +14 -0
  10. data/lib/package/audit/formatter/risk.rb +1 -1
  11. data/lib/package/audit/formatter/version.rb +1 -1
  12. data/lib/package/audit/formatter/version_date.rb +1 -1
  13. data/lib/package/audit/formatter/vulnerability.rb +1 -1
  14. data/lib/package/audit/{package.rb → models/package.rb} +8 -7
  15. data/lib/package/audit/npm/node_collection.rb +25 -14
  16. data/lib/package/audit/npm/vulnerability_finder.rb +4 -3
  17. data/lib/package/audit/npm/yarn_lock_parser.rb +10 -6
  18. data/lib/package/audit/ruby/bundler_specs.rb +16 -9
  19. data/lib/package/audit/ruby/gem_collection.rb +36 -15
  20. data/lib/package/audit/ruby/gem_meta_data.rb +1 -1
  21. data/lib/package/audit/ruby/vulnerability_finder.rb +4 -3
  22. data/lib/package/audit/services/command_parser.rb +103 -0
  23. data/lib/package/audit/services/package_filter.rb +39 -0
  24. data/lib/package/audit/services/package_finder.rb +58 -0
  25. data/lib/package/audit/{printer.rb → services/package_printer.rb} +12 -11
  26. data/lib/package/audit/{risk_calculator.rb → services/risk_calculator.rb} +8 -4
  27. data/lib/package/audit/technology/detector.rb +40 -0
  28. data/lib/package/audit/technology/validator.rb +56 -0
  29. data/lib/package/audit/util/summary_printer.rb +22 -11
  30. data/lib/package/audit/version.rb +1 -1
  31. data/sig/package/audit/cli.rbs +2 -0
  32. data/sig/package/audit/const/fields.rbs +2 -1
  33. data/sig/package/audit/const/file.rbs +1 -0
  34. data/sig/package/audit/const/yaml.rbs +13 -0
  35. data/sig/package/audit/enum/option.rbs +13 -0
  36. data/sig/package/audit/enum/report.rbs +12 -0
  37. data/sig/package/audit/enum/technology.rbs +12 -0
  38. data/sig/package/audit/{package.rbs → models/package.rbs} +3 -1
  39. data/sig/package/audit/{risk.rbs → models/risk.rbs} +1 -1
  40. data/sig/package/audit/npm/node_collection.rbs +4 -5
  41. data/sig/package/audit/npm/vulnerability_finder.rbs +3 -2
  42. data/sig/package/audit/npm/yarn_lock_parser.rbs +1 -0
  43. data/sig/package/audit/ruby/bundler_specs.rbs +2 -2
  44. data/sig/package/audit/ruby/gem_collection.rbs +11 -4
  45. data/sig/package/audit/ruby/vulnerability_finder.rbs +3 -0
  46. data/sig/package/audit/services/command_parser.rbs +31 -0
  47. data/sig/package/audit/services/package_filter.rbs +19 -0
  48. data/sig/package/audit/services/package_finder.rbs +23 -0
  49. data/sig/package/audit/{printer.rbs → services/package_printer.rbs} +3 -3
  50. data/sig/package/audit/technology/detector.rbs +19 -0
  51. data/sig/package/audit/technology/validator.rbs +19 -0
  52. data/sig/package/audit/util/summary_printer.rbs +5 -5
  53. metadata +30 -14
  54. data/lib/package/audit/command_service.rb +0 -187
  55. data/sig/package/audit/command_service.rbs +0 -29
  56. /data/lib/package/audit/{risk.rb → models/risk.rb} +0 -0
  57. /data/lib/package/audit/{duplicate_package_merger.rb → services/duplicate_package_merger.rb} +0 -0
  58. /data/sig/package/audit/{duplicate_package_merger.rbs → services/duplicate_package_merger.rbs} +0 -0
  59. /data/sig/package/audit/{risk_calculator.rbs → services/risk_calculator.rbs} +0 -0
data/lib/package/audit/services/command_parser.rb ADDED
@@ -0,0 +1,103 @@
1
+ require_relative '../const/cmd'
2
+ require_relative '../const/file'
3
+ require_relative '../enum/option'
4
+ require_relative '../enum/report'
5
+ require_relative '../technology/detector'
6
+ require_relative '../technology/validator'
7
+ require_relative '../util/summary_printer'
8
+ require_relative 'package_finder'
9
+ require_relative 'package_printer'
10
+
11
+ require 'yaml'
12
+
13
+ module Package
14
+ module Audit
15
+ class CommandParser
16
+ def initialize(dir, options, report)
17
+ @dir = dir
18
+ @options = options
19
+ @report = report
20
+ @config = parse_config_file
21
+ @technologies = parse_technologies
22
+ end
23
+
24
+ def run
25
+ cumulative_pkgs = []
26
+
27
+ @technologies.each do |technology|
28
+ all_pkgs, ignored_pkgs = PackageFinder.new(@config, @dir, @report).run(technology)
29
+ ignored_pkgs = [] if @options[Enum::Option::INCLUDE_IGNORED]
30
+ cumulative_pkgs << all_pkgs
31
+ print_results(technology, (all_pkgs || []) - (ignored_pkgs || []), ignored_pkgs || [])
32
+ end
33
+
34
+ cumulative_pkgs.any?
35
+ end
36
+
37
+ private
38
+
39
+ def print_results(technology, pkgs, ignored_pkgs)
40
+ PackagePrinter.new(@options, pkgs).print(report_fields)
41
+ print_summary(technology, pkgs, ignored_pkgs) unless @options[Enum::Option::CSV]
42
+ print_disclaimer(technology) unless @options[Enum::Option::CSV] || pkgs.empty?
43
+ end
44
+
45
+ def print_summary(technology, pkgs, ignored_pkgs)
46
+ if @report == Enum::Report::ALL
47
+ Util::SummaryPrinter.statistics(technology, @report, pkgs, ignored_pkgs)
48
+ else
49
+ Util::SummaryPrinter.total(technology, @report, pkgs, ignored_pkgs)
50
+ end
51
+ end
52
+
53
+ def print_disclaimer(technology)
54
+ case @report
55
+ when Enum::Report::DEPRECATED
56
+ Util::SummaryPrinter.deprecated
57
+ when Enum::Report::ALL, Enum::Report::VULNERABLE
58
+ Util::SummaryPrinter.vulnerable(technology, learn_more_command(technology))
59
+ end
60
+ end
61
+
62
+ def learn_more_command(technology)
63
+ case technology
64
+ when Enum::Technology::RUBY
65
+ Const::Cmd::BUNDLE_AUDIT
66
+ when Enum::Technology::NODE
67
+ Const::Cmd::YARN_AUDIT
68
+ else
69
+ raise ArgumentError, "Unexpected technology \"#{technology}\" found in #{__method__}"
70
+ end
71
+ end
72
+
73
+ def report_fields
74
+ case @report
75
+ when Enum::Report::DEPRECATED
76
+ Const::Fields::DEPRECATED
77
+ when Enum::Report::OUTDATED
78
+ Const::Fields::OUTDATED
79
+ when Enum::Report::VULNERABLE
80
+ Const::Fields::VULNERABLE
81
+ else
82
+ Const::Fields::ALL
83
+ end
84
+ end
85
+
86
+ def parse_config_file
87
+ if @options[Enum::Option::CONFIG].nil?
88
+ YAML.load_file("#{@dir}/#{Const::File::CONFIG}") if File.exist? "#{@dir}/#{Const::File::CONFIG}"
89
+ elsif File.exist? @options[Enum::Option::CONFIG]
90
+ YAML.load_file(@options[Enum::Option::CONFIG])
91
+ else
92
+ raise ArgumentError, "Configuration file not found: #{@options[Enum::Option::CONFIG]}"
93
+ end
94
+ end
95
+
96
+ def parse_technologies
97
+ technology_validator = Technology::Validator.new(@dir)
98
+ @options[Enum::Option::TECHNOLOGY]&.each { |technology| technology_validator.validate! technology }
99
+ @options[Enum::Option::TECHNOLOGY] || Technology::Detector.new(@dir).detect
100
+ end
101
+ end
102
+ end
103
+ end
data/lib/package/audit/services/package_filter.rb ADDED
@@ -0,0 +1,39 @@
1
+ require_relative '../const/cmd'
2
+ require_relative '../const/file'
3
+ require_relative '../const/yaml'
4
+ require_relative '../enum/technology'
5
+ require_relative '../ruby/gem_collection'
6
+
7
+ require 'yaml'
8
+
9
+ module Package
10
+ module Audit
11
+ class PackageFilter
12
+ def initialize(config)
13
+ @config = config
14
+ end
15
+
16
+ def ignored?(pkg)
17
+ pkg_yaml = pkg_yaml_from_config(pkg)
18
+ pkg_version_in_config?(pkg, pkg_yaml) && ignore_package?(pkg, pkg_yaml)
19
+ end
20
+
21
+ private
22
+
23
+ def pkg_yaml_from_config(pkg)
24
+ yaml_fragment = @config&.dig(Const::YAML::TECHNOLOGY, pkg.technology, pkg.name)&.to_yaml
25
+ yaml_fragment.nil? ? nil : YAML.safe_load(yaml_fragment)
26
+ end
27
+
28
+ def pkg_version_in_config?(pkg, yaml)
29
+ yaml&.dig(Const::YAML::VERSION) == pkg.version
30
+ end
31
+
32
+ def ignore_package?(pkg, yaml)
33
+ (!pkg.deprecated? || yaml&.dig(Const::YAML::DEPRECATED) == false) &&
34
+ (!pkg.outdated? || yaml&.dig(Const::YAML::OUTDATED) == false) &&
35
+ (!pkg.vulnerable? || yaml&.dig(Const::YAML::VULNERABLE) == false)
36
+ end
37
+ end
38
+ end
39
+ end
data/lib/package/audit/services/package_finder.rb ADDED
@@ -0,0 +1,58 @@
1
+ require_relative '../const/cmd'
2
+ require_relative '../const/file'
3
+ require_relative '../const/yaml'
4
+ require_relative '../enum/technology'
5
+ require_relative '../npm/node_collection'
6
+ require_relative '../ruby/gem_collection'
7
+ require_relative 'package_filter'
8
+
9
+ require 'yaml'
10
+
11
+ module Package
12
+ module Audit
13
+ class PackageFinder
14
+ def initialize(config, dir, report)
15
+ @config = config
16
+ @dir = dir
17
+ @report = report
18
+ end
19
+
20
+ def run(technology)
21
+ all_pkgs = find_by_technology(technology)
22
+ ignored_pkgs = filter_pkgs_based_on_config(all_pkgs)
23
+ [all_pkgs, ignored_pkgs]
24
+ end
25
+
26
+ private
27
+
28
+ def find_by_technology(technology)
29
+ case technology
30
+ when Enum::Technology::RUBY
31
+ find_ruby
32
+ when Enum::Technology::NODE
33
+ find_node
34
+ else
35
+ []
36
+ end
37
+ end
38
+
39
+ def find_node
40
+ Npm::NodeCollection.new(@dir, @report).fetch
41
+ end
42
+
43
+ def find_ruby
44
+ Ruby::GemCollection.new(@dir, @report).fetch
45
+ end
46
+
47
+ def filter_pkgs_based_on_config(pkgs)
48
+ package_filter = PackageFilter.new(@config)
49
+ ignored_pkgs = []
50
+
51
+ pkgs.each do |pkg|
52
+ ignored_pkgs << pkg if package_filter.ignored?(pkg)
53
+ end
54
+ ignored_pkgs
55
+ end
56
+ end
57
+ end
58
+ end
data/lib/package/audit/{printer.rb → services/package_printer.rb} RENAMED
@@ -1,27 +1,28 @@
1
- require_relative './const/fields'
2
- require_relative './formatter/risk'
3
- require_relative './formatter/version'
4
- require_relative './formatter/version_date'
5
- require_relative './formatter/vulnerability'
1
+ require_relative '../const/fields'
2
+ require_relative '../enum/option'
3
+ require_relative '../formatter/risk'
4
+ require_relative '../formatter/version'
5
+ require_relative '../formatter/version_date'
6
+ require_relative '../formatter/vulnerability'
6
7
 
7
8
  module Package
8
9
  module Audit
9
- class Printer
10
+ class PackagePrinter
10
11
  BASH_FORMATTING_REGEX = /\e\[\d+(?:;\d+)*m/
11
12
 
12
13
  COLUMN_GAP = 2
13
14
 
14
- def initialize(pkgs, options)
15
- @pkgs = pkgs
15
+ def initialize(options, pkgs)
16
16
  @options = options
17
+ @pkgs = pkgs
17
18
  end
18
19
 
19
20
  def print(fields)
20
21
  check_fields(fields)
21
22
  return if @pkgs.empty?
22
23
 
23
- if @options[:csv]
24
- csv(fields, exclude_headers: @options[:'exclude-headers'])
24
+ if @options[Enum::Option::CSV]
25
+ csv(fields, exclude_headers: @options[Enum::Option::CSV_EXCLUDE_HEADERS])
25
26
  else
26
27
  pretty(fields)
27
28
  end
@@ -38,7 +39,7 @@ module Package
38
39
  "Available fields names are: #{Const::Fields::ALL}."
39
40
  end
40
41
 
41
- def pretty(fields = Const::Fields::REPORT) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
42
+ def pretty(fields = Const::Fields::ALL) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
42
43
  # find the maximum length of each field across all the packages so we know how many
43
44
  # characters of horizontal space to allocate for each field when printing
44
45
  fields.each do |key|
data/lib/package/audit/{risk_calculator.rb → services/risk_calculator.rb} RENAMED
@@ -1,4 +1,7 @@
1
- require_relative './const/time'
1
+ require_relative '../const/time'
2
+ require_relative '../enum/vulnerability_type'
3
+
4
+ require 'time'
2
5
 
3
6
  module Package
4
7
  module Audit
@@ -62,12 +65,13 @@ module Package
62
65
  end
63
66
 
64
67
  def assess_deprecation_risks
68
+ risk = Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::POTENTIAL_DEPRECATION)
69
+ return [risk] if @pkg.latest_version_date.nil?
70
+
65
71
  risks = []
66
72
  seconds_since_date = (Time.now - Time.parse(@pkg.latest_version_date)).to_i
67
73
 
68
- if seconds_since_date >= Const::Time::SECONDS_ELAPSED_TO_BE_OUTDATED
69
- risks << Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::POTENTIAL_DEPRECATION)
70
- end
74
+ risks << risk if seconds_since_date >= Const::Time::SECONDS_ELAPSED_TO_BE_OUTDATED
71
75
  risks
72
76
  end
73
77
 
data/lib/package/audit/technology/detector.rb ADDED
@@ -0,0 +1,40 @@
1
+ require_relative '../const/cmd'
2
+ require_relative '../const/file'
3
+ require_relative '../enum/report'
4
+ require_relative '../enum/technology'
5
+
6
+ require 'yaml'
7
+
8
+ module Package
9
+ module Audit
10
+ module Technology
11
+ class Detector
12
+ def initialize(dir)
13
+ @dir = dir
14
+ end
15
+
16
+ def detect
17
+ technologies = []
18
+ technologies << Enum::Technology::RUBY if ruby?
19
+ technologies << Enum::Technology::NODE if node?
20
+ technologies.sort
21
+ end
22
+
23
+ private
24
+
25
+ def node?
26
+ package_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_JSON}")
27
+ package_lock_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_LOCK_JSON}")
28
+ yarn_lock_present = File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")
29
+ package_json_present && (package_lock_json_present || yarn_lock_present)
30
+ end
31
+
32
+ def ruby?
33
+ gemfile_present = File.exist?("#{@dir}/#{Const::File::GEMFILE}")
34
+ gemfile_lock_present = File.exist?("#{@dir}/#{Const::File::GEMFILE_LOCK}")
35
+ gemfile_present && gemfile_lock_present
36
+ end
37
+ end
38
+ end
39
+ end
40
+ end
data/lib/package/audit/technology/validator.rb ADDED
@@ -0,0 +1,56 @@
1
+ require_relative '../const/file'
2
+ require_relative '../enum/technology'
3
+
4
+ module Package
5
+ module Audit
6
+ module Technology
7
+ class Validator
8
+ def initialize(dir)
9
+ @dir = dir
10
+ end
11
+
12
+ def validate!(technology)
13
+ case technology
14
+ when Enum::Technology::NODE
15
+ validate_node!
16
+ when Enum::Technology::RUBY
17
+ validate_ruby!
18
+ else
19
+ raise ArgumentError, "\"#{technology}\" is not a supported technology, " \
20
+ "use one of #{Enum::Technology.all}"
21
+ end
22
+ end
23
+
24
+ private
25
+
26
+ def validate_node!
27
+ package_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_JSON}")
28
+ package_lock_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_LOCK_JSON}")
29
+ yarn_lock_present = File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")
30
+
31
+ unless package_json_present
32
+ puts Util::BashColor.red("\"#{Const::File::PACKAGE_JSON}\" was not found in #{@dir}")
33
+ end
34
+ unless package_lock_json_present || yarn_lock_present
35
+ puts Util::BashColor.red("\"#{Const::File::PACKAGE_LOCK_JSON}\" or \"#{Const::File::YARN_LOCK}\" " \
36
+ "was not found in #{@dir}")
37
+ end
38
+
39
+ exit 1 unless package_json_present && (package_lock_json_present || yarn_lock_present)
40
+ end
41
+
42
+ def validate_ruby!
43
+ gemfile_present = File.exist?("#{@dir}/#{Const::File::GEMFILE}")
44
+ gemfile_lock_present = File.exist?("#{@dir}/#{Const::File::GEMFILE_LOCK}")
45
+
46
+ puts Util::BashColor.red("\"#{Const::File::GEMFILE}\" was not found in #{@dir}") unless gemfile_present
47
+ unless gemfile_lock_present
48
+ puts Util::BashColor.red("\"#{Const::File::GEMFILE_LOCK}\" was not found in #{@dir}")
49
+ end
50
+
51
+ exit 1 unless gemfile_present && gemfile_lock_present
52
+ end
53
+ end
54
+ end
55
+ end
56
+ end
data/lib/package/audit/util/summary_printer.rb CHANGED
@@ -1,14 +1,14 @@
1
1
  require_relative '../const/time'
2
- require_relative './bash_color'
2
+ require_relative 'bash_color'
3
3
 
4
4
  module Package
5
5
  module Audit
6
6
  module Util
7
7
  module SummaryPrinter
8
- def self.report
8
+ def self.all
9
9
  printf("\n%<info>s\n%<cmd>s\n\n",
10
10
  info: Util::BashColor.blue('To show how risk is calculated run:'),
11
- cmd: Util::BashColor.magenta(' > bundle exec package-audit risk'))
11
+ cmd: Util::BashColor.magenta(' > package-audit risk'))
12
12
  end
13
13
 
14
14
  def self.deprecated
@@ -16,26 +16,37 @@ module Package
16
16
  puts Util::BashColor.blue("Please contact the package author for more information about its status.\n")
17
17
  end
18
18
 
19
- def self.vulnerable(package_type, cmd)
19
+ def self.vulnerable(technology, cmd)
20
20
  printf("%<info>s\n%<cmd>s\n\n",
21
- info: Util::BashColor.blue("To get more information about the #{package_type} vulnerabilities run:"),
21
+ info: Util::BashColor.blue("To get more information about the #{technology} vulnerabilities run:"),
22
22
  cmd: Util::BashColor.magenta(" > #{cmd}"))
23
23
  end
24
24
 
25
- def self.total(package_type, pkgs)
26
- puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{package_type}s.\n")
25
+ def self.total(technology, report, pkgs, ignored_pkgs)
26
+ if ignored_pkgs.any?
27
+ puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages " \
28
+ "(#{ignored_pkgs.length} ignored).\n")
29
+ elsif pkgs.any?
30
+ puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages.\n")
31
+ else
32
+ puts Util::BashColor.green("There are no #{report} #{technology} packages!\n")
33
+ end
27
34
  end
28
35
 
29
- def self.statistics(package_type, pkgs)
36
+ def self.statistics(technology, report, pkgs, ignored_pkgs)
30
37
  outdated = pkgs.count(&:outdated?)
31
38
  deprecated = pkgs.count(&:deprecated?)
32
39
  vulnerable = pkgs.count(&:vulnerable?)
33
40
 
34
41
  vulnerabilities = pkgs.sum { |pkg| pkg.vulnerabilities.length }
35
42
 
36
- puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{package_type}s.\n" \
37
- "#{vulnerable} vulnerable (#{vulnerabilities} vulnerabilities), " \
38
- "#{outdated} outdated, #{deprecated} deprecated.\n")
43
+ if pkgs.any?
44
+ puts Util::BashColor.cyan("#{vulnerable} vulnerable (#{vulnerabilities} vulnerabilities), " \
45
+ "#{outdated} outdated, #{deprecated} deprecated.")
46
+ total(technology, report, pkgs, ignored_pkgs)
47
+ else
48
+ puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology} packages!\n")
49
+ end
39
50
  end
40
51
 
41
52
  def self.risk # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
data/lib/package/audit/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Package
2
2
  module Audit
3
- VERSION = '0.2.0'
3
+ VERSION = '0.4.0'
4
4
  end
5
5
  end
data/sig/package/audit/cli.rbs CHANGED
@@ -9,6 +9,8 @@ module Package
9
9
 
10
10
  def report: (String) -> void
11
11
 
12
+ def respond_to_missing?: -> bool
13
+
12
14
  def risk: -> void
13
15
 
14
16
  def version: -> void
data/sig/package/audit/const/fields.rbs CHANGED
@@ -3,9 +3,10 @@ module Package
3
3
  module Const
4
4
  module Fields
5
5
  ALL: Array[Symbol]
6
+ AVAILABLE: Array[Symbol]
7
+ DEPRECATED: Array[Symbol]
6
8
  HEADERS: Hash[Symbol, String]
7
9
  OUTDATED: Array[Symbol]
8
- REPORT: Array[Symbol]
9
10
  VULNERABLE: Array[Symbol]
10
11
  end
11
12
  end
data/sig/package/audit/const/file.rbs CHANGED
@@ -2,6 +2,7 @@ module Package
2
2
  module Audit
3
3
  module Const
4
4
  module File
5
+ CONFIG: String
5
6
  GEMFILE: String
6
7
  GEMFILE_LOCK: String
7
8
  PACKAGE_JSON: String
data/sig/package/audit/const/yaml.rbs ADDED
@@ -0,0 +1,13 @@
1
+ module Package
2
+ module Audit
3
+ module Const
4
+ module YAML
5
+ DEPRECATED: String
6
+ OUTDATED: String
7
+ TECHNOLOGY: String
8
+ VERSION: String
9
+ VULNERABLE: String
10
+ end
11
+ end
12
+ end
13
+ end
data/sig/package/audit/enum/option.rbs ADDED
@@ -0,0 +1,13 @@
1
+ module Package
2
+ module Audit
3
+ module Enum
4
+ module Option
5
+ CONFIG: String
6
+ CSV: String
7
+ CSV_EXCLUDE_HEADERS: String
8
+ INCLUDE_IGNORED: String
9
+ TECHNOLOGY: String
10
+ end
11
+ end
12
+ end
13
+ end
data/sig/package/audit/enum/report.rbs ADDED
@@ -0,0 +1,12 @@
1
+ module Package
2
+ module Audit
3
+ module Enum
4
+ module Report
5
+ ALL: Symbol
6
+ DEPRECATED: Symbol
7
+ OUTDATED: Symbol
8
+ VULNERABLE: Symbol
9
+ end
10
+ end
11
+ end
12
+ end
data/sig/package/audit/enum/technology.rbs ADDED
@@ -0,0 +1,12 @@
1
+ module Package
2
+ module Audit
3
+ module Enum
4
+ module Technology
5
+ NODE: String
6
+ RUBY: String
7
+
8
+ def self.all: -> Array[String]
9
+ end
10
+ end
11
+ end
12
+ end
data/sig/package/audit/{package.rbs → models/package.rbs} RENAMED
@@ -3,17 +3,19 @@ module Package
3
3
  class Package
4
4
  @groups: Array[Symbol]
5
5
  @risks: Array[Risk]
6
+ @technology: String
6
7
  @vulnerabilities: Array[String]
7
8
 
8
9
  attr_accessor groups: Array[Symbol]
9
10
  attr_accessor latest_version: String
10
11
  attr_accessor latest_version_date: String
11
12
  attr_reader name: String
13
+ attr_reader technology: String
12
14
  attr_reader version: String
13
15
  attr_accessor version_date: String
14
16
  attr_accessor vulnerabilities: Array[String]
15
17
 
16
- def initialize: (String, String, **untyped) -> void
18
+ def initialize: (String, String, String, **untyped) -> void
17
19
 
18
20
  def deprecated?: -> bool
19
21
 
data/sig/package/audit/{risk.rbs → models/risk.rbs} RENAMED
@@ -4,7 +4,7 @@ module Package
4
4
  attr_reader explanation: String?
5
5
  attr_reader type: String
6
6
 
7
- def initialize: (String, ?String?)-> void
7
+ def initialize: (String, ?String?) -> void
8
8
 
9
9
  def <=>: (Risk) -> Integer?
10
10
  end
data/sig/package/audit/npm/node_collection.rbs CHANGED
@@ -2,18 +2,17 @@ module Package
2
2
  module Audit
3
3
  module Npm
4
4
  class NodeCollection
5
- PACKAGE_JSON: String
6
- PACKAGE_LOCK: String
7
- YARN_LOCK: String
8
-
9
5
  @dir: String
6
+ @report: Symbol
10
7
 
11
- def initialize: (String) -> void
8
+ def initialize: (String, Symbol) -> void
12
9
 
13
10
  def all: -> Array[Package]
14
11
 
15
12
  def deprecated: -> Array[Package]
16
13
 
14
+ def fetch: -> Array[Package]
15
+
17
16
  def outdated: -> Array[Package]
18
17
 
19
18
  def vulnerable: -> Array[Package]
data/sig/package/audit/npm/vulnerability_finder.rbs CHANGED
@@ -4,16 +4,17 @@ module Package
4
4
  class VulnerabilityFinder
5
5
  AUDIT_ADVISORY_REGEX: Regexp
6
6
 
7
+ @dir: String
7
8
  @pkg_hash: Hash[String, Package]
8
9
  @vuln_hash: Hash[String?, Package]
9
10
 
10
- def initialize: (Array[Package]) -> void
11
+ def initialize: (String, Array[Package]) -> void
11
12
 
12
13
  def run: -> Array[Package]
13
14
 
14
15
  private
15
16
 
16
- def update_meta_data: (Hash[Symbol, untyped])-> void
17
+ def update_meta_data: (Hash[Symbol, untyped]) -> void
17
18
  end
18
19
  end
19
20
  end
data/sig/package/audit/npm/yarn_lock_parser.rbs CHANGED
@@ -2,6 +2,7 @@ module Package
2
2
  module Audit
3
3
  module Npm
4
4
  class YarnLockParser
5
+ @yarn_lock_file: String
5
6
  @yarn_lock_path: String
6
7
 
7
8
  def initialize: (String) -> void
data/sig/package/audit/ruby/bundler_specs.rbs CHANGED
@@ -2,9 +2,9 @@ module Package
2
2
  module Audit
3
3
  module Ruby
4
4
  class BundlerSpecs
5
- def self.all: -> untyped
5
+ def self.all: (String) -> untyped
6
6
 
7
- def self.gemfile: -> untyped
7
+ def self.gemfile: (String) -> untyped
8
8
  end
9
9
  end
10
10
  end
data/sig/package/audit/ruby/gem_collection.rbs CHANGED
@@ -2,13 +2,20 @@ module Package
2
2
  module Audit
3
3
  module Ruby
4
4
  class GemCollection
5
- def self.all: -> Array[Package]
5
+ @dir: String
6
+ @report: Symbol
6
7
 
7
- def self.deprecated: -> Array[Package]
8
+ def initialize: (String, Symbol) -> void
8
9
 
9
- def self.outdated: (?include_implicit: bool) -> Array[Package]
10
+ def all: -> Array[Package]
10
11
 
11
- def self.vulnerable: -> Array[Package]
12
+ def deprecated: -> Array[Package]
13
+
14
+ def fetch: -> Array[Package]
15
+
16
+ def outdated: (?include_implicit: bool) -> Array[Package]
17
+
18
+ def vulnerable: -> Array[Package]
12
19
  end
13
20
  end
14
21
  end
data/sig/package/audit/ruby/vulnerability_finder.rbs CHANGED
@@ -2,8 +2,11 @@ module Package
2
2
  module Audit
3
3
  module Ruby
4
4
  class VulnerabilityFinder
5
+ @dir: String
5
6
  @vuln_hash: Hash[String?, Package]
6
7
 
8
+ def initialize: (String) -> void
9
+
7
10
  def run: -> Array[Package]
8
11
 
9
12
  private