package-audit 0.2.0 → 0.4.0

data/sig/package/audit/services/command_parser.rbs

@@ -0,0 +1,31 @@
+module Package
+  module Audit
+    class CommandParser
+      @config: Hash[String, untyped]?
+      @dir: String
+      @options: Hash[String, untyped]
+      @report: Symbol
+      @technologies: Array[String]
+
+      def initialize: (String, Hash[String, untyped], Symbol) -> void
+
+      def run: -> bool
+
+      private
+
+      def learn_more_command: (String) -> String?
+
+      def parse_config_file: -> Hash[String, untyped]?
+
+      def parse_technologies: -> Array[String]
+
+      def print_disclaimer: (String) -> void
+
+      def print_results: (String, Array[Package], Array[Package]) -> void
+
+      def print_summary: (String, Array[Package], Array[Package]) -> void
+
+      def report_fields: -> Array[Symbol]
+    end
+  end
+end

data/sig/package/audit/services/package_filter.rbs

@@ -0,0 +1,19 @@
+module Package
+  module Audit
+    class PackageFilter
+      @config: Hash[String, untyped]?
+
+      def initialize: (Hash[String, untyped]?) -> void
+
+      def ignored?: (Package) -> bool
+
+      private
+
+      def ignore_package?: (Package, Hash[String, untyped]?) -> bool
+
+      def pkg_version_in_config?: (Package, Hash[String, untyped]?) -> bool
+
+      def pkg_yaml_from_config: (Package) -> Hash[String, untyped]?
+    end
+  end
+end

data/sig/package/audit/services/package_finder.rbs

@@ -0,0 +1,23 @@
+module Package
+  module Audit
+    class PackageFinder
+      @config: Hash[String, untyped]?
+      @dir: String
+      @report: Symbol
+
+      def initialize: (Hash[String, untyped]?, String, Symbol) -> void
+
+      def run: (String) -> Array[Array[Package]]
+
+      private
+
+      def filter_pkgs_based_on_config: (Array[Package]) -> Array[Package]
+
+      def find_by_technology: (String) -> Array[Package]
+
+      def find_node: -> Array[Package]
+
+      def find_ruby: -> Array[Package]
+    end
+  end
+end

data/sig/package/audit/{printer.rbs → services/package_printer.rbs}

@@ -1,14 +1,14 @@
 module Package
   module Audit
-    class Printer
+    class PackagePrinter
       BASH_FORMATTING_REGEX: Regexp
       COLUMN_GAP: Integer
       CSV_HEADERS: Hash[Symbol, String]
 
       @pkgs: Array[Package]
-      @options: Hash[Symbol, untyped]
+      @options: Hash[String, untyped]
 
-      def initialize: (Array[Package], Hash[Symbol, untyped]) -> void
+      def initialize: (Hash[String, untyped], Array[Package]) -> void
 
       def print: (Array[Symbol]) -> void
 

data/sig/package/audit/technology/detector.rbs

@@ -0,0 +1,19 @@
+module Package
+  module Audit
+    module Technology
+      class Detector
+        @dir: String
+
+        def initialize: (String) -> void
+
+        def detect: -> Array[String]
+
+        private
+
+        def node?: -> bool
+
+        def ruby?: -> bool
+      end
+    end
+  end
+end

data/sig/package/audit/technology/validator.rbs

@@ -0,0 +1,19 @@
+module Package
+  module Audit
+    module Technology
+      class Validator
+        @dir: String
+
+        def initialize: (String) -> void
+
+        def validate!: (String) -> void
+
+        private
+
+        def validate_node!: -> void
+
+        def validate_ruby!: -> void
+      end
+    end
+  end
+end

data/sig/package/audit/util/summary_printer.rbs

@@ -2,17 +2,17 @@ module Package
   module Audit
     module Util
       module SummaryPrinter
-        def self.deprecated: -> void
+        def self.all: -> void
 
-        def self.report: -> void
+        def self.deprecated: -> void
 
         def self.risk: -> void
 
-        def self.statistics: (String, Array[Package]) -> void
+        def self.statistics: (String, Symbol, Array[Package], Array[Package]) -> void
 
-        def self.total: (String, Array[Package]) -> void
+        def self.total: (String, Symbol, Array[Package], Array[Package]) -> void
 
-        def self.vulnerable: (String, String) -> void
+        def self.vulnerable: (String, String?) -> void
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: package-audit
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Vadim Kononov
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-05-03 00:00:00.000000000 Z
+date: 2023-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -49,64 +49,80 @@ extra_rdoc_files: []
 files:
 - exe/package-audit
 - lib/package/audit/cli.rb
-- lib/package/audit/command_service.rb
 - lib/package/audit/const/cmd.rb
 - lib/package/audit/const/fields.rb
 - lib/package/audit/const/file.rb
 - lib/package/audit/const/time.rb
-- lib/package/audit/duplicate_package_merger.rb
+- lib/package/audit/const/yaml.rb
 - lib/package/audit/enum/environment.rb
+- lib/package/audit/enum/option.rb
+- lib/package/audit/enum/report.rb
 - lib/package/audit/enum/risk_explanation.rb
 - lib/package/audit/enum/risk_type.rb
+- lib/package/audit/enum/technology.rb
 - lib/package/audit/enum/vulnerability_type.rb
 - lib/package/audit/formatter/base.rb
 - lib/package/audit/formatter/risk.rb
 - lib/package/audit/formatter/version.rb
 - lib/package/audit/formatter/version_date.rb
 - lib/package/audit/formatter/vulnerability.rb
+- lib/package/audit/models/package.rb
+- lib/package/audit/models/risk.rb
 - lib/package/audit/npm/node_collection.rb
 - lib/package/audit/npm/npm_meta_data.rb
 - lib/package/audit/npm/vulnerability_finder.rb
 - lib/package/audit/npm/yarn_lock_parser.rb
-- lib/package/audit/package.rb
-- lib/package/audit/printer.rb
-- lib/package/audit/risk.rb
-- lib/package/audit/risk_calculator.rb
 - lib/package/audit/ruby/bundler_specs.rb
 - lib/package/audit/ruby/gem_collection.rb
 - lib/package/audit/ruby/gem_meta_data.rb
 - lib/package/audit/ruby/vulnerability_finder.rb
+- lib/package/audit/services/command_parser.rb
+- lib/package/audit/services/duplicate_package_merger.rb
+- lib/package/audit/services/package_filter.rb
+- lib/package/audit/services/package_finder.rb
+- lib/package/audit/services/package_printer.rb
+- lib/package/audit/services/risk_calculator.rb
+- lib/package/audit/technology/detector.rb
+- lib/package/audit/technology/validator.rb
 - lib/package/audit/util/bash_color.rb
 - lib/package/audit/util/summary_printer.rb
 - lib/package/audit/version.rb
 - sig/package/audit/cli.rbs
-- sig/package/audit/command_service.rbs
 - sig/package/audit/const/cmd.rbs
 - sig/package/audit/const/fields.rbs
 - sig/package/audit/const/file.rbs
 - sig/package/audit/const/time.rbs
-- sig/package/audit/duplicate_package_merger.rbs
+- sig/package/audit/const/yaml.rbs
 - sig/package/audit/enum/environment.rbs
+- sig/package/audit/enum/option.rbs
+- sig/package/audit/enum/report.rbs
 - sig/package/audit/enum/risk_explanation.rbs
 - sig/package/audit/enum/risk_type.rbs
+- sig/package/audit/enum/technology.rbs
 - sig/package/audit/enum/vulnerability_type.rbs
 - sig/package/audit/formatter/base.rbs
 - sig/package/audit/formatter/risk_printer.rbs
 - sig/package/audit/formatter/version_date.rbs
 - sig/package/audit/formatter/version_printer.rbs
 - sig/package/audit/formatter/vulnerability.rbs
+- sig/package/audit/models/package.rbs
+- sig/package/audit/models/risk.rbs
 - sig/package/audit/npm/node_collection.rbs
 - sig/package/audit/npm/npm_meta_data.rbs
 - sig/package/audit/npm/vulnerability_finder.rbs
 - sig/package/audit/npm/yarn_lock_parser.rbs
-- sig/package/audit/package.rbs
-- sig/package/audit/printer.rbs
-- sig/package/audit/risk.rbs
-- sig/package/audit/risk_calculator.rbs
 - sig/package/audit/ruby/bundler_specs.rbs
 - sig/package/audit/ruby/gem_collection.rbs
 - sig/package/audit/ruby/gem_meta_data.rbs
 - sig/package/audit/ruby/vulnerability_finder.rbs
+- sig/package/audit/services/command_parser.rbs
+- sig/package/audit/services/duplicate_package_merger.rbs
+- sig/package/audit/services/package_filter.rbs
+- sig/package/audit/services/package_finder.rbs
+- sig/package/audit/services/package_printer.rbs
+- sig/package/audit/services/risk_calculator.rbs
+- sig/package/audit/technology/detector.rbs
+- sig/package/audit/technology/validator.rbs
 - sig/package/audit/util/bash_color.rbs
 - sig/package/audit/util/summary_printer.rbs
 - sig/package/audit/version.rbs

data/lib/package/audit/command_service.rb

@@ -1,187 +0,0 @@
-require_relative './const/cmd'
-require_relative './const/file'
-
-module Package
-  module Audit
-    class CommandService # rubocop:disable Metrics/ClassLength
-      RUBY_GEM = 'ruby gem'
-      NODE_MODULE = 'node module'
-
-      def initialize(dir, options)
-        @dir = dir
-        @options = options
-      end
-
-      def all # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
-        pkgs = []
-
-        if ruby?
-          gems = Ruby::GemCollection.all
-          pkgs += gems
-          Printer.new(gems, @options).print(Const::Fields::REPORT)
-
-          unless @options[:csv]
-            if gems.any?
-              Util::SummaryPrinter.statistics(RUBY_GEM, gems)
-              Util::SummaryPrinter.vulnerable(RUBY_GEM, Const::Cmd::BUNDLE_AUDIT)
-            else
-              print_success_message "There are no deprecated, outdated or vulnerable #{RUBY_GEM}s!"
-            end
-          end
-        end
-
-        if node?
-          npms = Npm::NodeCollection.new(@dir).all
-          pkgs += npms
-          Printer.new(npms, @options).print(Const::Fields::REPORT)
-
-          unless @options[:csv]
-            if npms.any?
-              Util::SummaryPrinter.statistics(NODE_MODULE, npms)
-              Util::SummaryPrinter.vulnerable(NODE_MODULE, Const::Cmd::YARN_AUDIT)
-            else
-              print_success_message "There are no deprecated, outdated or vulnerable #{NODE_MODULE}s!"
-            end
-          end
-        end
-
-        pkgs.any?
-      end
-
-      def vulnerable # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
-        pkgs = []
-
-        if ruby?
-          gems = Ruby::GemCollection.vulnerable
-          pkgs += gems
-          Printer.new(gems, @options).print(Const::Fields::VULNERABLE)
-
-          unless @options[:csv]
-            if gems.any?
-              Util::SummaryPrinter.total(RUBY_GEM, gems)
-              Util::SummaryPrinter.vulnerable(RUBY_GEM, Const::Cmd::BUNDLE_AUDIT)
-            else
-              print_success_message "There are no #{RUBY_GEM} vulnerabilities!"
-            end
-          end
-        end
-
-        if node?
-          npms = Npm::NodeCollection.new(@dir).vulnerable
-          pkgs += npms
-          Printer.new(npms, @options).print(Const::Fields::VULNERABLE)
-
-          unless @options[:csv]
-            if npms.any?
-              Util::SummaryPrinter.total(NODE_MODULE, npms)
-              Util::SummaryPrinter.vulnerable(NODE_MODULE, Const::Cmd::YARN_AUDIT)
-            else
-              print_success_message "There are no #{NODE_MODULE} vulnerabilities!"
-            end
-          end
-        end
-
-        pkgs.any?
-      end
-
-      def outdated # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
-        pkgs = []
-
-        if ruby?
-          gems = Ruby::GemCollection.outdated
-          pkgs += gems
-          Printer.new(gems, @options).print(Const::Fields::OUTDATED)
-
-          unless @options[:csv]
-            if gems.any?
-              Util::SummaryPrinter.total(RUBY_GEM, gems)
-            else
-              print_success_message "There are no outdated #{RUBY_GEM}s!"
-            end
-          end
-        end
-
-        if node?
-          npms = Npm::NodeCollection.new(@dir).outdated
-          pkgs += npms
-          Printer.new(npms, @options).print(Const::Fields::OUTDATED)
-
-          unless @options[:csv]
-            if npms.any?
-              Util::SummaryPrinter.total(NODE_MODULE, npms)
-            else
-              print_success_message "There are no outdated #{NODE_MODULE}s!"
-            end
-          end
-        end
-
-        pkgs.any?
-      end
-
-      def deprecated # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
-        pkgs = []
-
-        if ruby?
-          gems = Ruby::GemCollection.deprecated
-          pkgs += gems
-          Printer.new(gems, @options).print(Const::Fields::OUTDATED)
-
-          unless @options[:csv]
-            if gems.any?
-              Util::SummaryPrinter.total(RUBY_GEM, gems)
-              Util::SummaryPrinter.deprecated
-            else
-              print_success_message "There are no potentially deprecated #{RUBY_GEM}s!"
-            end
-          end
-        end
-
-        if node?
-          npms = Npm::NodeCollection.new(@dir).deprecated
-          pkgs += npms
-          Printer.new(npms, @options).print(Const::Fields::OUTDATED)
-
-          unless @options[:csv]
-            if npms.any?
-              Util::SummaryPrinter.total(NODE_MODULE, npms)
-              Util::SummaryPrinter.deprecated
-            else
-              print_success_message "There are no potentially deprecated #{NODE_MODULE}s!"
-            end
-          end
-        end
-
-        pkgs.any?
-      end
-
-      private
-
-      def ruby?
-        gemfile_present = File.exist?("#{@dir}/#{Const::File::GEMFILE}")
-        gemfile_lock_present = File.exist?("#{@dir}/#{Const::File::GEMFILE_LOCK}")
-
-        if gemfile_present && gemfile_lock_present
-          true
-        elsif gemfile_present
-          raise "#{Const::File::GEMFILE_LOCK} was not found in #{@dir}/"
-        end
-      end
-
-      def node?
-        package_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_JSON}")
-        package_lock_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_LOCK_JSON}")
-        yarn_lock_present = File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")
-
-        if package_json_present && (package_lock_json_present || yarn_lock_present)
-          true
-        elsif package_json_present
-          raise "#{Const::File::PACKAGE_LOCK_JSON} or #{Const::File::YARN_LOCK} was not found in #{@dir}/"
-        end
-      end
-
-      def print_success_message(msg)
-        puts Util::BashColor.green msg
-      end
-    end
-  end
-end

data/sig/package/audit/command_service.rbs

@@ -1,29 +0,0 @@
-module Package
-  module Audit
-    class CommandService
-      NODE_MODULE: String
-      RUBY_GEM: String
-
-      @dir: String
-      @options: Hash[Symbol, untyped]
-
-      def initialize: (String, Hash[Symbol, untyped]) -> void
-
-      def all: -> bool
-
-      def deprecated: -> bool
-
-      def outdated: -> bool
-
-      def vulnerable: -> bool
-
-      private
-
-      def node?: -> bool?
-
-      def print_success_message: (String) -> void
-
-      def ruby?: -> bool?
-    end
-  end
-end