package-audit 0.2.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/package/audit/cli.rb +42 -42
- data/lib/package/audit/const/cmd.rb +3 -3
- data/lib/package/audit/const/fields.rb +4 -4
- data/lib/package/audit/const/file.rb +1 -0
- data/lib/package/audit/const/yaml.rb +13 -0
- data/lib/package/audit/enum/option.rb +13 -0
- data/lib/package/audit/enum/report.rb +12 -0
- data/lib/package/audit/enum/technology.rb +14 -0
- data/lib/package/audit/formatter/risk.rb +1 -1
- data/lib/package/audit/formatter/version.rb +1 -1
- data/lib/package/audit/formatter/version_date.rb +1 -1
- data/lib/package/audit/formatter/vulnerability.rb +1 -1
- data/lib/package/audit/{package.rb → models/package.rb} +8 -7
- data/lib/package/audit/npm/node_collection.rb +25 -14
- data/lib/package/audit/npm/vulnerability_finder.rb +4 -3
- data/lib/package/audit/npm/yarn_lock_parser.rb +10 -6
- data/lib/package/audit/ruby/bundler_specs.rb +16 -9
- data/lib/package/audit/ruby/gem_collection.rb +36 -15
- data/lib/package/audit/ruby/gem_meta_data.rb +1 -1
- data/lib/package/audit/ruby/vulnerability_finder.rb +4 -3
- data/lib/package/audit/services/command_parser.rb +103 -0
- data/lib/package/audit/services/package_filter.rb +39 -0
- data/lib/package/audit/services/package_finder.rb +58 -0
- data/lib/package/audit/{printer.rb → services/package_printer.rb} +12 -11
- data/lib/package/audit/{risk_calculator.rb → services/risk_calculator.rb} +8 -4
- data/lib/package/audit/technology/detector.rb +40 -0
- data/lib/package/audit/technology/validator.rb +56 -0
- data/lib/package/audit/util/summary_printer.rb +22 -11
- data/lib/package/audit/version.rb +1 -1
- data/sig/package/audit/cli.rbs +2 -0
- data/sig/package/audit/const/fields.rbs +2 -1
- data/sig/package/audit/const/file.rbs +1 -0
- data/sig/package/audit/const/yaml.rbs +13 -0
- data/sig/package/audit/enum/option.rbs +13 -0
- data/sig/package/audit/enum/report.rbs +12 -0
- data/sig/package/audit/enum/technology.rbs +12 -0
- data/sig/package/audit/{package.rbs → models/package.rbs} +3 -1
- data/sig/package/audit/{risk.rbs → models/risk.rbs} +1 -1
- data/sig/package/audit/npm/node_collection.rbs +4 -5
- data/sig/package/audit/npm/vulnerability_finder.rbs +3 -2
- data/sig/package/audit/npm/yarn_lock_parser.rbs +1 -0
- data/sig/package/audit/ruby/bundler_specs.rbs +2 -2
- data/sig/package/audit/ruby/gem_collection.rbs +11 -4
- data/sig/package/audit/ruby/vulnerability_finder.rbs +3 -0
- data/sig/package/audit/services/command_parser.rbs +31 -0
- data/sig/package/audit/services/package_filter.rbs +19 -0
- data/sig/package/audit/services/package_finder.rbs +23 -0
- data/sig/package/audit/{printer.rbs → services/package_printer.rbs} +3 -3
- data/sig/package/audit/technology/detector.rbs +19 -0
- data/sig/package/audit/technology/validator.rbs +19 -0
- data/sig/package/audit/util/summary_printer.rbs +5 -5
- metadata +30 -14
- data/lib/package/audit/command_service.rb +0 -187
- data/sig/package/audit/command_service.rbs +0 -29
- /data/lib/package/audit/{risk.rb → models/risk.rb} +0 -0
- /data/lib/package/audit/{duplicate_package_merger.rb → services/duplicate_package_merger.rb} +0 -0
- /data/sig/package/audit/{duplicate_package_merger.rbs → services/duplicate_package_merger.rbs} +0 -0
- /data/sig/package/audit/{risk_calculator.rbs → services/risk_calculator.rbs} +0 -0
@@ -0,0 +1,103 @@
|
|
1
|
+
require_relative '../const/cmd'
|
2
|
+
require_relative '../const/file'
|
3
|
+
require_relative '../enum/option'
|
4
|
+
require_relative '../enum/report'
|
5
|
+
require_relative '../technology/detector'
|
6
|
+
require_relative '../technology/validator'
|
7
|
+
require_relative '../util/summary_printer'
|
8
|
+
require_relative 'package_finder'
|
9
|
+
require_relative 'package_printer'
|
10
|
+
|
11
|
+
require 'yaml'
|
12
|
+
|
13
|
+
module Package
|
14
|
+
module Audit
|
15
|
+
class CommandParser
|
16
|
+
def initialize(dir, options, report)
|
17
|
+
@dir = dir
|
18
|
+
@options = options
|
19
|
+
@report = report
|
20
|
+
@config = parse_config_file
|
21
|
+
@technologies = parse_technologies
|
22
|
+
end
|
23
|
+
|
24
|
+
def run
|
25
|
+
cumulative_pkgs = []
|
26
|
+
|
27
|
+
@technologies.each do |technology|
|
28
|
+
all_pkgs, ignored_pkgs = PackageFinder.new(@config, @dir, @report).run(technology)
|
29
|
+
ignored_pkgs = [] if @options[Enum::Option::INCLUDE_IGNORED]
|
30
|
+
cumulative_pkgs << all_pkgs
|
31
|
+
print_results(technology, (all_pkgs || []) - (ignored_pkgs || []), ignored_pkgs || [])
|
32
|
+
end
|
33
|
+
|
34
|
+
cumulative_pkgs.any?
|
35
|
+
end
|
36
|
+
|
37
|
+
private
|
38
|
+
|
39
|
+
def print_results(technology, pkgs, ignored_pkgs)
|
40
|
+
PackagePrinter.new(@options, pkgs).print(report_fields)
|
41
|
+
print_summary(technology, pkgs, ignored_pkgs) unless @options[Enum::Option::CSV]
|
42
|
+
print_disclaimer(technology) unless @options[Enum::Option::CSV] || pkgs.empty?
|
43
|
+
end
|
44
|
+
|
45
|
+
def print_summary(technology, pkgs, ignored_pkgs)
|
46
|
+
if @report == Enum::Report::ALL
|
47
|
+
Util::SummaryPrinter.statistics(technology, @report, pkgs, ignored_pkgs)
|
48
|
+
else
|
49
|
+
Util::SummaryPrinter.total(technology, @report, pkgs, ignored_pkgs)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def print_disclaimer(technology)
|
54
|
+
case @report
|
55
|
+
when Enum::Report::DEPRECATED
|
56
|
+
Util::SummaryPrinter.deprecated
|
57
|
+
when Enum::Report::ALL, Enum::Report::VULNERABLE
|
58
|
+
Util::SummaryPrinter.vulnerable(technology, learn_more_command(technology))
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
def learn_more_command(technology)
|
63
|
+
case technology
|
64
|
+
when Enum::Technology::RUBY
|
65
|
+
Const::Cmd::BUNDLE_AUDIT
|
66
|
+
when Enum::Technology::NODE
|
67
|
+
Const::Cmd::YARN_AUDIT
|
68
|
+
else
|
69
|
+
raise ArgumentError, "Unexpected technology \"#{technology}\" found in #{__method__}"
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def report_fields
|
74
|
+
case @report
|
75
|
+
when Enum::Report::DEPRECATED
|
76
|
+
Const::Fields::DEPRECATED
|
77
|
+
when Enum::Report::OUTDATED
|
78
|
+
Const::Fields::OUTDATED
|
79
|
+
when Enum::Report::VULNERABLE
|
80
|
+
Const::Fields::VULNERABLE
|
81
|
+
else
|
82
|
+
Const::Fields::ALL
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
def parse_config_file
|
87
|
+
if @options[Enum::Option::CONFIG].nil?
|
88
|
+
YAML.load_file("#{@dir}/#{Const::File::CONFIG}") if File.exist? "#{@dir}/#{Const::File::CONFIG}"
|
89
|
+
elsif File.exist? @options[Enum::Option::CONFIG]
|
90
|
+
YAML.load_file(@options[Enum::Option::CONFIG])
|
91
|
+
else
|
92
|
+
raise ArgumentError, "Configuration file not found: #{@options[Enum::Option::CONFIG]}"
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
def parse_technologies
|
97
|
+
technology_validator = Technology::Validator.new(@dir)
|
98
|
+
@options[Enum::Option::TECHNOLOGY]&.each { |technology| technology_validator.validate! technology }
|
99
|
+
@options[Enum::Option::TECHNOLOGY] || Technology::Detector.new(@dir).detect
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
require_relative '../const/cmd'
|
2
|
+
require_relative '../const/file'
|
3
|
+
require_relative '../const/yaml'
|
4
|
+
require_relative '../enum/technology'
|
5
|
+
require_relative '../ruby/gem_collection'
|
6
|
+
|
7
|
+
require 'yaml'
|
8
|
+
|
9
|
+
module Package
|
10
|
+
module Audit
|
11
|
+
class PackageFilter
|
12
|
+
def initialize(config)
|
13
|
+
@config = config
|
14
|
+
end
|
15
|
+
|
16
|
+
def ignored?(pkg)
|
17
|
+
pkg_yaml = pkg_yaml_from_config(pkg)
|
18
|
+
pkg_version_in_config?(pkg, pkg_yaml) && ignore_package?(pkg, pkg_yaml)
|
19
|
+
end
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def pkg_yaml_from_config(pkg)
|
24
|
+
yaml_fragment = @config&.dig(Const::YAML::TECHNOLOGY, pkg.technology, pkg.name)&.to_yaml
|
25
|
+
yaml_fragment.nil? ? nil : YAML.safe_load(yaml_fragment)
|
26
|
+
end
|
27
|
+
|
28
|
+
def pkg_version_in_config?(pkg, yaml)
|
29
|
+
yaml&.dig(Const::YAML::VERSION) == pkg.version
|
30
|
+
end
|
31
|
+
|
32
|
+
def ignore_package?(pkg, yaml)
|
33
|
+
(!pkg.deprecated? || yaml&.dig(Const::YAML::DEPRECATED) == false) &&
|
34
|
+
(!pkg.outdated? || yaml&.dig(Const::YAML::OUTDATED) == false) &&
|
35
|
+
(!pkg.vulnerable? || yaml&.dig(Const::YAML::VULNERABLE) == false)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
require_relative '../const/cmd'
|
2
|
+
require_relative '../const/file'
|
3
|
+
require_relative '../const/yaml'
|
4
|
+
require_relative '../enum/technology'
|
5
|
+
require_relative '../npm/node_collection'
|
6
|
+
require_relative '../ruby/gem_collection'
|
7
|
+
require_relative 'package_filter'
|
8
|
+
|
9
|
+
require 'yaml'
|
10
|
+
|
11
|
+
module Package
|
12
|
+
module Audit
|
13
|
+
class PackageFinder
|
14
|
+
def initialize(config, dir, report)
|
15
|
+
@config = config
|
16
|
+
@dir = dir
|
17
|
+
@report = report
|
18
|
+
end
|
19
|
+
|
20
|
+
def run(technology)
|
21
|
+
all_pkgs = find_by_technology(technology)
|
22
|
+
ignored_pkgs = filter_pkgs_based_on_config(all_pkgs)
|
23
|
+
[all_pkgs, ignored_pkgs]
|
24
|
+
end
|
25
|
+
|
26
|
+
private
|
27
|
+
|
28
|
+
def find_by_technology(technology)
|
29
|
+
case technology
|
30
|
+
when Enum::Technology::RUBY
|
31
|
+
find_ruby
|
32
|
+
when Enum::Technology::NODE
|
33
|
+
find_node
|
34
|
+
else
|
35
|
+
[]
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def find_node
|
40
|
+
Npm::NodeCollection.new(@dir, @report).fetch
|
41
|
+
end
|
42
|
+
|
43
|
+
def find_ruby
|
44
|
+
Ruby::GemCollection.new(@dir, @report).fetch
|
45
|
+
end
|
46
|
+
|
47
|
+
def filter_pkgs_based_on_config(pkgs)
|
48
|
+
package_filter = PackageFilter.new(@config)
|
49
|
+
ignored_pkgs = []
|
50
|
+
|
51
|
+
pkgs.each do |pkg|
|
52
|
+
ignored_pkgs << pkg if package_filter.ignored?(pkg)
|
53
|
+
end
|
54
|
+
ignored_pkgs
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -1,27 +1,28 @@
|
|
1
|
-
require_relative '
|
2
|
-
require_relative '
|
3
|
-
require_relative '
|
4
|
-
require_relative '
|
5
|
-
require_relative '
|
1
|
+
require_relative '../const/fields'
|
2
|
+
require_relative '../enum/option'
|
3
|
+
require_relative '../formatter/risk'
|
4
|
+
require_relative '../formatter/version'
|
5
|
+
require_relative '../formatter/version_date'
|
6
|
+
require_relative '../formatter/vulnerability'
|
6
7
|
|
7
8
|
module Package
|
8
9
|
module Audit
|
9
|
-
class
|
10
|
+
class PackagePrinter
|
10
11
|
BASH_FORMATTING_REGEX = /\e\[\d+(?:;\d+)*m/
|
11
12
|
|
12
13
|
COLUMN_GAP = 2
|
13
14
|
|
14
|
-
def initialize(
|
15
|
-
@pkgs = pkgs
|
15
|
+
def initialize(options, pkgs)
|
16
16
|
@options = options
|
17
|
+
@pkgs = pkgs
|
17
18
|
end
|
18
19
|
|
19
20
|
def print(fields)
|
20
21
|
check_fields(fields)
|
21
22
|
return if @pkgs.empty?
|
22
23
|
|
23
|
-
if @options[
|
24
|
-
csv(fields, exclude_headers: @options[
|
24
|
+
if @options[Enum::Option::CSV]
|
25
|
+
csv(fields, exclude_headers: @options[Enum::Option::CSV_EXCLUDE_HEADERS])
|
25
26
|
else
|
26
27
|
pretty(fields)
|
27
28
|
end
|
@@ -38,7 +39,7 @@ module Package
|
|
38
39
|
"Available fields names are: #{Const::Fields::ALL}."
|
39
40
|
end
|
40
41
|
|
41
|
-
def pretty(fields = Const::Fields::
|
42
|
+
def pretty(fields = Const::Fields::ALL) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
|
42
43
|
# find the maximum length of each field across all the packages so we know how many
|
43
44
|
# characters of horizontal space to allocate for each field when printing
|
44
45
|
fields.each do |key|
|
@@ -1,4 +1,7 @@
|
|
1
|
-
require_relative '
|
1
|
+
require_relative '../const/time'
|
2
|
+
require_relative '../enum/vulnerability_type'
|
3
|
+
|
4
|
+
require 'time'
|
2
5
|
|
3
6
|
module Package
|
4
7
|
module Audit
|
@@ -62,12 +65,13 @@ module Package
|
|
62
65
|
end
|
63
66
|
|
64
67
|
def assess_deprecation_risks
|
68
|
+
risk = Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::POTENTIAL_DEPRECATION)
|
69
|
+
return [risk] if @pkg.latest_version_date.nil?
|
70
|
+
|
65
71
|
risks = []
|
66
72
|
seconds_since_date = (Time.now - Time.parse(@pkg.latest_version_date)).to_i
|
67
73
|
|
68
|
-
if seconds_since_date >= Const::Time::SECONDS_ELAPSED_TO_BE_OUTDATED
|
69
|
-
risks << Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::POTENTIAL_DEPRECATION)
|
70
|
-
end
|
74
|
+
risks << risk if seconds_since_date >= Const::Time::SECONDS_ELAPSED_TO_BE_OUTDATED
|
71
75
|
risks
|
72
76
|
end
|
73
77
|
|
@@ -0,0 +1,40 @@
|
|
1
|
+
require_relative '../const/cmd'
|
2
|
+
require_relative '../const/file'
|
3
|
+
require_relative '../enum/report'
|
4
|
+
require_relative '../enum/technology'
|
5
|
+
|
6
|
+
require 'yaml'
|
7
|
+
|
8
|
+
module Package
|
9
|
+
module Audit
|
10
|
+
module Technology
|
11
|
+
class Detector
|
12
|
+
def initialize(dir)
|
13
|
+
@dir = dir
|
14
|
+
end
|
15
|
+
|
16
|
+
def detect
|
17
|
+
technologies = []
|
18
|
+
technologies << Enum::Technology::RUBY if ruby?
|
19
|
+
technologies << Enum::Technology::NODE if node?
|
20
|
+
technologies.sort
|
21
|
+
end
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
def node?
|
26
|
+
package_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_JSON}")
|
27
|
+
package_lock_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_LOCK_JSON}")
|
28
|
+
yarn_lock_present = File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")
|
29
|
+
package_json_present && (package_lock_json_present || yarn_lock_present)
|
30
|
+
end
|
31
|
+
|
32
|
+
def ruby?
|
33
|
+
gemfile_present = File.exist?("#{@dir}/#{Const::File::GEMFILE}")
|
34
|
+
gemfile_lock_present = File.exist?("#{@dir}/#{Const::File::GEMFILE_LOCK}")
|
35
|
+
gemfile_present && gemfile_lock_present
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
require_relative '../const/file'
|
2
|
+
require_relative '../enum/technology'
|
3
|
+
|
4
|
+
module Package
|
5
|
+
module Audit
|
6
|
+
module Technology
|
7
|
+
class Validator
|
8
|
+
def initialize(dir)
|
9
|
+
@dir = dir
|
10
|
+
end
|
11
|
+
|
12
|
+
def validate!(technology)
|
13
|
+
case technology
|
14
|
+
when Enum::Technology::NODE
|
15
|
+
validate_node!
|
16
|
+
when Enum::Technology::RUBY
|
17
|
+
validate_ruby!
|
18
|
+
else
|
19
|
+
raise ArgumentError, "\"#{technology}\" is not a supported technology, " \
|
20
|
+
"use one of #{Enum::Technology.all}"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
private
|
25
|
+
|
26
|
+
def validate_node!
|
27
|
+
package_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_JSON}")
|
28
|
+
package_lock_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_LOCK_JSON}")
|
29
|
+
yarn_lock_present = File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")
|
30
|
+
|
31
|
+
unless package_json_present
|
32
|
+
puts Util::BashColor.red("\"#{Const::File::PACKAGE_JSON}\" was not found in #{@dir}")
|
33
|
+
end
|
34
|
+
unless package_lock_json_present || yarn_lock_present
|
35
|
+
puts Util::BashColor.red("\"#{Const::File::PACKAGE_LOCK_JSON}\" or \"#{Const::File::YARN_LOCK}\" " \
|
36
|
+
"was not found in #{@dir}")
|
37
|
+
end
|
38
|
+
|
39
|
+
exit 1 unless package_json_present && (package_lock_json_present || yarn_lock_present)
|
40
|
+
end
|
41
|
+
|
42
|
+
def validate_ruby!
|
43
|
+
gemfile_present = File.exist?("#{@dir}/#{Const::File::GEMFILE}")
|
44
|
+
gemfile_lock_present = File.exist?("#{@dir}/#{Const::File::GEMFILE_LOCK}")
|
45
|
+
|
46
|
+
puts Util::BashColor.red("\"#{Const::File::GEMFILE}\" was not found in #{@dir}") unless gemfile_present
|
47
|
+
unless gemfile_lock_present
|
48
|
+
puts Util::BashColor.red("\"#{Const::File::GEMFILE_LOCK}\" was not found in #{@dir}")
|
49
|
+
end
|
50
|
+
|
51
|
+
exit 1 unless gemfile_present && gemfile_lock_present
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
@@ -1,14 +1,14 @@
|
|
1
1
|
require_relative '../const/time'
|
2
|
-
require_relative '
|
2
|
+
require_relative 'bash_color'
|
3
3
|
|
4
4
|
module Package
|
5
5
|
module Audit
|
6
6
|
module Util
|
7
7
|
module SummaryPrinter
|
8
|
-
def self.
|
8
|
+
def self.all
|
9
9
|
printf("\n%<info>s\n%<cmd>s\n\n",
|
10
10
|
info: Util::BashColor.blue('To show how risk is calculated run:'),
|
11
|
-
cmd: Util::BashColor.magenta(' >
|
11
|
+
cmd: Util::BashColor.magenta(' > package-audit risk'))
|
12
12
|
end
|
13
13
|
|
14
14
|
def self.deprecated
|
@@ -16,26 +16,37 @@ module Package
|
|
16
16
|
puts Util::BashColor.blue("Please contact the package author for more information about its status.\n")
|
17
17
|
end
|
18
18
|
|
19
|
-
def self.vulnerable(
|
19
|
+
def self.vulnerable(technology, cmd)
|
20
20
|
printf("%<info>s\n%<cmd>s\n\n",
|
21
|
-
info: Util::BashColor.blue("To get more information about the #{
|
21
|
+
info: Util::BashColor.blue("To get more information about the #{technology} vulnerabilities run:"),
|
22
22
|
cmd: Util::BashColor.magenta(" > #{cmd}"))
|
23
23
|
end
|
24
24
|
|
25
|
-
def self.total(
|
26
|
-
|
25
|
+
def self.total(technology, report, pkgs, ignored_pkgs)
|
26
|
+
if ignored_pkgs.any?
|
27
|
+
puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages " \
|
28
|
+
"(#{ignored_pkgs.length} ignored).\n")
|
29
|
+
elsif pkgs.any?
|
30
|
+
puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages.\n")
|
31
|
+
else
|
32
|
+
puts Util::BashColor.green("There are no #{report} #{technology} packages!\n")
|
33
|
+
end
|
27
34
|
end
|
28
35
|
|
29
|
-
def self.statistics(
|
36
|
+
def self.statistics(technology, report, pkgs, ignored_pkgs)
|
30
37
|
outdated = pkgs.count(&:outdated?)
|
31
38
|
deprecated = pkgs.count(&:deprecated?)
|
32
39
|
vulnerable = pkgs.count(&:vulnerable?)
|
33
40
|
|
34
41
|
vulnerabilities = pkgs.sum { |pkg| pkg.vulnerabilities.length }
|
35
42
|
|
36
|
-
|
37
|
-
|
38
|
-
|
43
|
+
if pkgs.any?
|
44
|
+
puts Util::BashColor.cyan("#{vulnerable} vulnerable (#{vulnerabilities} vulnerabilities), " \
|
45
|
+
"#{outdated} outdated, #{deprecated} deprecated.")
|
46
|
+
total(technology, report, pkgs, ignored_pkgs)
|
47
|
+
else
|
48
|
+
puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology} packages!\n")
|
49
|
+
end
|
39
50
|
end
|
40
51
|
|
41
52
|
def self.risk # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
data/sig/package/audit/cli.rbs
CHANGED
@@ -3,17 +3,19 @@ module Package
|
|
3
3
|
class Package
|
4
4
|
@groups: Array[Symbol]
|
5
5
|
@risks: Array[Risk]
|
6
|
+
@technology: String
|
6
7
|
@vulnerabilities: Array[String]
|
7
8
|
|
8
9
|
attr_accessor groups: Array[Symbol]
|
9
10
|
attr_accessor latest_version: String
|
10
11
|
attr_accessor latest_version_date: String
|
11
12
|
attr_reader name: String
|
13
|
+
attr_reader technology: String
|
12
14
|
attr_reader version: String
|
13
15
|
attr_accessor version_date: String
|
14
16
|
attr_accessor vulnerabilities: Array[String]
|
15
17
|
|
16
|
-
def initialize: (String, String, **untyped) -> void
|
18
|
+
def initialize: (String, String, String, **untyped) -> void
|
17
19
|
|
18
20
|
def deprecated?: -> bool
|
19
21
|
|
@@ -2,18 +2,17 @@ module Package
|
|
2
2
|
module Audit
|
3
3
|
module Npm
|
4
4
|
class NodeCollection
|
5
|
-
PACKAGE_JSON: String
|
6
|
-
PACKAGE_LOCK: String
|
7
|
-
YARN_LOCK: String
|
8
|
-
|
9
5
|
@dir: String
|
6
|
+
@report: Symbol
|
10
7
|
|
11
|
-
def initialize: (String) -> void
|
8
|
+
def initialize: (String, Symbol) -> void
|
12
9
|
|
13
10
|
def all: -> Array[Package]
|
14
11
|
|
15
12
|
def deprecated: -> Array[Package]
|
16
13
|
|
14
|
+
def fetch: -> Array[Package]
|
15
|
+
|
17
16
|
def outdated: -> Array[Package]
|
18
17
|
|
19
18
|
def vulnerable: -> Array[Package]
|
@@ -4,16 +4,17 @@ module Package
|
|
4
4
|
class VulnerabilityFinder
|
5
5
|
AUDIT_ADVISORY_REGEX: Regexp
|
6
6
|
|
7
|
+
@dir: String
|
7
8
|
@pkg_hash: Hash[String, Package]
|
8
9
|
@vuln_hash: Hash[String?, Package]
|
9
10
|
|
10
|
-
def initialize: (Array[Package]) -> void
|
11
|
+
def initialize: (String, Array[Package]) -> void
|
11
12
|
|
12
13
|
def run: -> Array[Package]
|
13
14
|
|
14
15
|
private
|
15
16
|
|
16
|
-
def update_meta_data: (Hash[Symbol, untyped])-> void
|
17
|
+
def update_meta_data: (Hash[Symbol, untyped]) -> void
|
17
18
|
end
|
18
19
|
end
|
19
20
|
end
|
@@ -2,13 +2,20 @@ module Package
|
|
2
2
|
module Audit
|
3
3
|
module Ruby
|
4
4
|
class GemCollection
|
5
|
-
|
5
|
+
@dir: String
|
6
|
+
@report: Symbol
|
6
7
|
|
7
|
-
def
|
8
|
+
def initialize: (String, Symbol) -> void
|
8
9
|
|
9
|
-
def
|
10
|
+
def all: -> Array[Package]
|
10
11
|
|
11
|
-
def
|
12
|
+
def deprecated: -> Array[Package]
|
13
|
+
|
14
|
+
def fetch: -> Array[Package]
|
15
|
+
|
16
|
+
def outdated: (?include_implicit: bool) -> Array[Package]
|
17
|
+
|
18
|
+
def vulnerable: -> Array[Package]
|
12
19
|
end
|
13
20
|
end
|
14
21
|
end
|