package-audit 0.3.0 → 0.4.0

data/lib/package/audit/{printer.rb → services/package_printer.rb}

@@ -1,27 +1,28 @@
-require_relative 'const/fields'
-require_relative 'formatter/risk'
-require_relative 'formatter/version'
-require_relative 'formatter/version_date'
-require_relative 'formatter/vulnerability'
+require_relative '../const/fields'
+require_relative '../enum/option'
+require_relative '../formatter/risk'
+require_relative '../formatter/version'
+require_relative '../formatter/version_date'
+require_relative '../formatter/vulnerability'
 
 module Package
   module Audit
-    class Printer
+    class PackagePrinter
       BASH_FORMATTING_REGEX = /\e\[\d+(?:;\d+)*m/
 
       COLUMN_GAP = 2
 
-      def initialize(pkgs, options)
-        @pkgs = pkgs
+      def initialize(options, pkgs)
         @options = options
+        @pkgs = pkgs
       end
 
       def print(fields)
         check_fields(fields)
         return if @pkgs.empty?
 
-        if @options[:csv]
-          csv(fields, exclude_headers: @options[:'exclude-headers'])
+        if @options[Enum::Option::CSV]
+          csv(fields, exclude_headers: @options[Enum::Option::CSV_EXCLUDE_HEADERS])
         else
           pretty(fields)
         end
@@ -38,7 +39,7 @@ module Package
               "Available fields names are: #{Const::Fields::ALL}."
       end
 
-      def pretty(fields = Const::Fields::REPORT) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+      def pretty(fields = Const::Fields::ALL) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
         # find the maximum length of each field across all the packages so we know how many
         # characters of horizontal space to allocate for each field when printing
         fields.each do |key|

data/lib/package/audit/{risk_calculator.rb → services/risk_calculator.rb}

@@ -1,4 +1,7 @@
-require_relative 'const/time'
+require_relative '../const/time'
+require_relative '../enum/vulnerability_type'
+
+require 'time'
 
 module Package
   module Audit
@@ -62,12 +65,13 @@ module Package
       end
 
       def assess_deprecation_risks
+        risk = Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::POTENTIAL_DEPRECATION)
+        return [risk] if @pkg.latest_version_date.nil?
+
         risks = []
         seconds_since_date = (Time.now - Time.parse(@pkg.latest_version_date)).to_i
 
-        if seconds_since_date >= Const::Time::SECONDS_ELAPSED_TO_BE_OUTDATED
-          risks << Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::POTENTIAL_DEPRECATION)
-        end
+        risks << risk if seconds_since_date >= Const::Time::SECONDS_ELAPSED_TO_BE_OUTDATED
         risks
       end
 

data/lib/package/audit/technology/detector.rb

@@ -0,0 +1,40 @@
+require_relative '../const/cmd'
+require_relative '../const/file'
+require_relative '../enum/report'
+require_relative '../enum/technology'
+
+require 'yaml'
+
+module Package
+  module Audit
+    module Technology
+      class Detector
+        def initialize(dir)
+          @dir = dir
+        end
+
+        def detect
+          technologies = []
+          technologies << Enum::Technology::RUBY if ruby?
+          technologies << Enum::Technology::NODE if node?
+          technologies.sort
+        end
+
+        private
+
+        def node?
+          package_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_JSON}")
+          package_lock_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_LOCK_JSON}")
+          yarn_lock_present = File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")
+          package_json_present && (package_lock_json_present || yarn_lock_present)
+        end
+
+        def ruby?
+          gemfile_present = File.exist?("#{@dir}/#{Const::File::GEMFILE}")
+          gemfile_lock_present = File.exist?("#{@dir}/#{Const::File::GEMFILE_LOCK}")
+          gemfile_present && gemfile_lock_present
+        end
+      end
+    end
+  end
+end

data/lib/package/audit/technology/validator.rb

@@ -0,0 +1,56 @@
+require_relative '../const/file'
+require_relative '../enum/technology'
+
+module Package
+  module Audit
+    module Technology
+      class Validator
+        def initialize(dir)
+          @dir = dir
+        end
+
+        def validate!(technology)
+          case technology
+          when Enum::Technology::NODE
+            validate_node!
+          when Enum::Technology::RUBY
+            validate_ruby!
+          else
+            raise ArgumentError, "\"#{technology}\" is not a supported technology, " \
+                                 "use one of #{Enum::Technology.all}"
+          end
+        end
+
+        private
+
+        def validate_node!
+          package_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_JSON}")
+          package_lock_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_LOCK_JSON}")
+          yarn_lock_present = File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")
+
+          unless package_json_present
+            puts Util::BashColor.red("\"#{Const::File::PACKAGE_JSON}\" was not found in #{@dir}")
+          end
+          unless package_lock_json_present || yarn_lock_present
+            puts Util::BashColor.red("\"#{Const::File::PACKAGE_LOCK_JSON}\" or \"#{Const::File::YARN_LOCK}\" " \
+                                     "was not found in #{@dir}")
+          end
+
+          exit 1 unless package_json_present && (package_lock_json_present || yarn_lock_present)
+        end
+
+        def validate_ruby!
+          gemfile_present = File.exist?("#{@dir}/#{Const::File::GEMFILE}")
+          gemfile_lock_present = File.exist?("#{@dir}/#{Const::File::GEMFILE_LOCK}")
+
+          puts Util::BashColor.red("\"#{Const::File::GEMFILE}\" was not found in #{@dir}") unless gemfile_present
+          unless gemfile_lock_present
+            puts Util::BashColor.red("\"#{Const::File::GEMFILE_LOCK}\" was not found in #{@dir}")
+          end
+
+          exit 1 unless gemfile_present && gemfile_lock_present
+        end
+      end
+    end
+  end
+end

data/lib/package/audit/util/summary_printer.rb

@@ -5,7 +5,7 @@ module Package
   module Audit
     module Util
       module SummaryPrinter
-        def self.report
+        def self.all
           printf("\n%<info>s\n%<cmd>s\n\n",
                  info: Util::BashColor.blue('To show how risk is calculated run:'),
                  cmd: Util::BashColor.magenta(' > package-audit risk'))
@@ -16,26 +16,37 @@ module Package
           puts Util::BashColor.blue("Please contact the package author for more information about its status.\n")
         end
 
-        def self.vulnerable(package_type, cmd)
+        def self.vulnerable(technology, cmd)
           printf("%<info>s\n%<cmd>s\n\n",
-                 info: Util::BashColor.blue("To get more information about the #{package_type} vulnerabilities run:"),
+                 info: Util::BashColor.blue("To get more information about the #{technology} vulnerabilities run:"),
                  cmd: Util::BashColor.magenta(" > #{cmd}"))
         end
 
-        def self.total(package_type, pkgs)
-          puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{package_type}s.\n")
+        def self.total(technology, report, pkgs, ignored_pkgs)
+          if ignored_pkgs.any?
+            puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages " \
+                                      "(#{ignored_pkgs.length} ignored).\n")
+          elsif pkgs.any?
+            puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages.\n")
+          else
+            puts Util::BashColor.green("There are no #{report} #{technology} packages!\n")
+          end
         end
 
-        def self.statistics(package_type, pkgs)
+        def self.statistics(technology, report, pkgs, ignored_pkgs)
           outdated = pkgs.count(&:outdated?)
           deprecated = pkgs.count(&:deprecated?)
           vulnerable = pkgs.count(&:vulnerable?)
 
           vulnerabilities = pkgs.sum { |pkg| pkg.vulnerabilities.length }
 
-          puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{package_type}s.\n" \
-                                    "#{vulnerable} vulnerable (#{vulnerabilities} vulnerabilities), " \
-                                    "#{outdated} outdated, #{deprecated} deprecated.\n")
+          if pkgs.any?
+            puts Util::BashColor.cyan("#{vulnerable} vulnerable (#{vulnerabilities} vulnerabilities), " \
+                                      "#{outdated} outdated, #{deprecated} deprecated.")
+            total(technology, report, pkgs, ignored_pkgs)
+          else
+            puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology} packages!\n")
+          end
         end
 
         def self.risk # rubocop:disable Metrics/AbcSize, Metrics/MethodLength

data/lib/package/audit/version.rb

@@ -1,5 +1,5 @@
 module Package
   module Audit
-    VERSION = '0.3.0'
+    VERSION = '0.4.0'
   end
 end

data/sig/package/audit/cli.rbs

@@ -9,6 +9,8 @@ module Package
 
       def report: (String) -> void
 
+      def respond_to_missing?: -> bool
+
       def risk: -> void
 
       def version: -> void

data/sig/package/audit/const/fields.rbs

@@ -3,9 +3,10 @@ module Package
     module Const
       module Fields
         ALL: Array[Symbol]
+        AVAILABLE: Array[Symbol]
+        DEPRECATED: Array[Symbol]
         HEADERS: Hash[Symbol, String]
         OUTDATED: Array[Symbol]
-        REPORT: Array[Symbol]
         VULNERABLE: Array[Symbol]
       end
     end

data/sig/package/audit/const/file.rbs

@@ -2,6 +2,7 @@ module Package
   module Audit
     module Const
       module File
+        CONFIG: String
         GEMFILE: String
         GEMFILE_LOCK: String
         PACKAGE_JSON: String

data/sig/package/audit/const/yaml.rbs

@@ -0,0 +1,13 @@
+module Package
+  module Audit
+    module Const
+      module YAML
+        DEPRECATED: String
+        OUTDATED: String
+        TECHNOLOGY: String
+        VERSION: String
+        VULNERABLE: String
+      end
+    end
+  end
+end

data/sig/package/audit/enum/option.rbs

@@ -0,0 +1,13 @@
+module Package
+  module Audit
+    module Enum
+      module Option
+        CONFIG: String
+        CSV: String
+        CSV_EXCLUDE_HEADERS: String
+        INCLUDE_IGNORED: String
+        TECHNOLOGY: String
+      end
+    end
+  end
+end

data/sig/package/audit/enum/report.rbs

@@ -0,0 +1,12 @@
+module Package
+  module Audit
+    module Enum
+      module Report
+        ALL: Symbol
+        DEPRECATED: Symbol
+        OUTDATED: Symbol
+        VULNERABLE: Symbol
+      end
+    end
+  end
+end

data/sig/package/audit/enum/technology.rbs

@@ -0,0 +1,12 @@
+module Package
+  module Audit
+    module Enum
+      module Technology
+        NODE: String
+        RUBY: String
+
+        def self.all: -> Array[String]
+      end
+    end
+  end
+end

data/sig/package/audit/{package.rbs → models/package.rbs}

@@ -3,17 +3,19 @@ module Package
     class Package
       @groups: Array[Symbol]
       @risks: Array[Risk]
+      @technology: String
       @vulnerabilities: Array[String]
 
       attr_accessor groups: Array[Symbol]
       attr_accessor latest_version: String
       attr_accessor latest_version_date: String
       attr_reader name: String
+      attr_reader technology: String
       attr_reader version: String
       attr_accessor version_date: String
       attr_accessor vulnerabilities: Array[String]
 
-      def initialize: (String, String, **untyped) -> void
+      def initialize: (String, String, String, **untyped) -> void
 
       def deprecated?: -> bool
 

data/sig/package/audit/{risk.rbs → models/risk.rbs}

@@ -4,7 +4,7 @@ module Package
       attr_reader explanation: String?
       attr_reader type: String
 
-      def initialize: (String, ?String?)-> void
+      def initialize: (String, ?String?) -> void
 
       def <=>: (Risk) -> Integer?
     end

data/sig/package/audit/npm/node_collection.rbs

@@ -2,18 +2,17 @@ module Package
   module Audit
     module Npm
       class NodeCollection
-        PACKAGE_JSON: String
-        PACKAGE_LOCK: String
-        YARN_LOCK: String
-
         @dir: String
+        @report: Symbol
 
-        def initialize: (String) -> void
+        def initialize: (String, Symbol) -> void
 
         def all: -> Array[Package]
 
         def deprecated: -> Array[Package]
 
+        def fetch: -> Array[Package]
+
         def outdated: -> Array[Package]
 
         def vulnerable: -> Array[Package]

data/sig/package/audit/npm/vulnerability_finder.rbs

@@ -14,7 +14,7 @@ module Package
 
         private
 
-        def update_meta_data: (Hash[Symbol, untyped])-> void
+        def update_meta_data: (Hash[Symbol, untyped]) -> void
       end
     end
   end

data/sig/package/audit/ruby/gem_collection.rbs

@@ -3,13 +3,16 @@ module Package
     module Ruby
       class GemCollection
         @dir: String
+        @report: Symbol
 
-        def initialize: (String) -> void
+        def initialize: (String, Symbol) -> void
 
         def all: -> Array[Package]
 
         def deprecated: -> Array[Package]
 
+        def fetch: -> Array[Package]
+
         def outdated: (?include_implicit: bool) -> Array[Package]
 
         def vulnerable: -> Array[Package]

data/sig/package/audit/services/command_parser.rbs

@@ -0,0 +1,31 @@
+module Package
+  module Audit
+    class CommandParser
+      @config: Hash[String, untyped]?
+      @dir: String
+      @options: Hash[String, untyped]
+      @report: Symbol
+      @technologies: Array[String]
+
+      def initialize: (String, Hash[String, untyped], Symbol) -> void
+
+      def run: -> bool
+
+      private
+
+      def learn_more_command: (String) -> String?
+
+      def parse_config_file: -> Hash[String, untyped]?
+
+      def parse_technologies: -> Array[String]
+
+      def print_disclaimer: (String) -> void
+
+      def print_results: (String, Array[Package], Array[Package]) -> void
+
+      def print_summary: (String, Array[Package], Array[Package]) -> void
+
+      def report_fields: -> Array[Symbol]
+    end
+  end
+end

data/sig/package/audit/services/package_filter.rbs

@@ -0,0 +1,19 @@
+module Package
+  module Audit
+    class PackageFilter
+      @config: Hash[String, untyped]?
+
+      def initialize: (Hash[String, untyped]?) -> void
+
+      def ignored?: (Package) -> bool
+
+      private
+
+      def ignore_package?: (Package, Hash[String, untyped]?) -> bool
+
+      def pkg_version_in_config?: (Package, Hash[String, untyped]?) -> bool
+
+      def pkg_yaml_from_config: (Package) -> Hash[String, untyped]?
+    end
+  end
+end

data/sig/package/audit/services/package_finder.rbs

@@ -0,0 +1,23 @@
+module Package
+  module Audit
+    class PackageFinder
+      @config: Hash[String, untyped]?
+      @dir: String
+      @report: Symbol
+
+      def initialize: (Hash[String, untyped]?, String, Symbol) -> void
+
+      def run: (String) -> Array[Array[Package]]
+
+      private
+
+      def filter_pkgs_based_on_config: (Array[Package]) -> Array[Package]
+
+      def find_by_technology: (String) -> Array[Package]
+
+      def find_node: -> Array[Package]
+
+      def find_ruby: -> Array[Package]
+    end
+  end
+end

data/sig/package/audit/{printer.rbs → services/package_printer.rbs}

@@ -1,14 +1,14 @@
 module Package
   module Audit
-    class Printer
+    class PackagePrinter
       BASH_FORMATTING_REGEX: Regexp
       COLUMN_GAP: Integer
       CSV_HEADERS: Hash[Symbol, String]
 
       @pkgs: Array[Package]
-      @options: Hash[Symbol, untyped]
+      @options: Hash[String, untyped]
 
-      def initialize: (Array[Package], Hash[Symbol, untyped]) -> void
+      def initialize: (Hash[String, untyped], Array[Package]) -> void
 
       def print: (Array[Symbol]) -> void
 

data/sig/package/audit/technology/detector.rbs

@@ -0,0 +1,19 @@
+module Package
+  module Audit
+    module Technology
+      class Detector
+        @dir: String
+
+        def initialize: (String) -> void
+
+        def detect: -> Array[String]
+
+        private
+
+        def node?: -> bool
+
+        def ruby?: -> bool
+      end
+    end
+  end
+end

data/sig/package/audit/technology/validator.rbs

@@ -0,0 +1,19 @@
+module Package
+  module Audit
+    module Technology
+      class Validator
+        @dir: String
+
+        def initialize: (String) -> void
+
+        def validate!: (String) -> void
+
+        private
+
+        def validate_node!: -> void
+
+        def validate_ruby!: -> void
+      end
+    end
+  end
+end

data/sig/package/audit/util/summary_printer.rbs

@@ -2,17 +2,17 @@ module Package
   module Audit
     module Util
       module SummaryPrinter
-        def self.deprecated: -> void
+        def self.all: -> void
 
-        def self.report: -> void
+        def self.deprecated: -> void
 
         def self.risk: -> void
 
-        def self.statistics: (String, Array[Package]) -> void
+        def self.statistics: (String, Symbol, Array[Package], Array[Package]) -> void
 
-        def self.total: (String, Array[Package]) -> void
+        def self.total: (String, Symbol, Array[Package], Array[Package]) -> void
 
-        def self.vulnerable: (String, String) -> void
+        def self.vulnerable: (String, String?) -> void
       end
     end
   end