package-audit 0.5.0 → 0.5.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/lib/package/audit/cli.rb +3 -3
  3. data/lib/package/audit/enum/{environment.rb → group.rb} +2 -2
  4. data/lib/package/audit/enum/option.rb +1 -1
  5. data/lib/package/audit/models/package.rb +1 -1
  6. data/lib/package/audit/npm/yarn_lock_parser.rb +3 -3
  7. data/lib/package/audit/services/command_parser.rb +2 -13
  8. data/lib/package/audit/services/package_finder.rb +10 -7
  9. data/lib/package/audit/services/risk_calculator.rb +2 -2
  10. data/lib/package/audit/util/summary_printer.rb +1 -1
  11. data/lib/package/audit/version.rb +1 -1
  12. data/sig/package/audit/enum/{environment.rbs → group.rbs} +1 -1
  13. data/sig/package/audit/enum/option.rbs +1 -1
  14. data/sig/package/audit/services/command_parser.rbs +1 -3
  15. data/sig/package/audit/services/package_finder.rbs +2 -2
  16. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4c2f009e294663828a3055ac8b8facb3106251875a240f9abf74754747102cef
4
- data.tar.gz: 0a11812a839205caa7793c5b34baf31006438b020e9f535ffe1fd5b3ee0333ab
3
+ metadata.gz: 3987dbcffb0bef510d5897ad47ec79aa5ba65572c62d1a78003496a44264ca7e
4
+ data.tar.gz: f2608608cee05dde5a409e9dc6a4c885b208ee7d52cc7d6e745e0d3ccf37d7b7
5
5
  SHA512:
6
- metadata.gz: 7e7a294008ddcb510e8335193ac013447c38b27a71f440325ae2221f5bd0dea29bf714a88e6089b451d50c64f24964da04215c5e54c74c0729fa37a3f277d44b
7
- data.tar.gz: 29bb2f4dbef1bb9a6c38eb7d4b17c9aa299f943916765d05a02b14b8f48a0e8ce212bc834e4657285b99d9ba0eb33c80df479e907b673f13fa6834c098e8649e
6
+ metadata.gz: baa304f965258c639f7e4bee858da18ddd74bfb83926a66d95ce43367ac5bfcf363e4847dd56c98ed649cda9d7143cbb44bb2015d1c7dc263b73f8942538011e
7
+ data.tar.gz: a5adfb16e863dacea34dc1d1ca8e4962e76ab984f766d86073f2a5bcfceea9923d2c048ae11487e8a0644d9420025a6dba61f57dede9b6faaf74cd82954f5f52
data/lib/package/audit/cli.rb CHANGED
@@ -15,9 +15,9 @@ module Package
15
15
  class_option Enum::Option::CONFIG,
16
16
  aliases: '-c', banner: 'FILE',
17
17
  desc: "Path to a custom configuration file, default: #{Const::File::CONFIG})"
18
- class_option Enum::Option::ENVIRONMENT,
19
- aliases: '-e', repeatable: true,
20
- desc: 'Environment to be audited (repeat this flag for each environment)'
18
+ class_option Enum::Option::GROUP,
19
+ aliases: '-g', repeatable: true,
20
+ desc: 'Group to be audited (repeat this flag for each group)'
21
21
  class_option Enum::Option::TECHNOLOGY,
22
22
  aliases: '-t', repeatable: true,
23
23
  desc: 'Technology to be audited (repeat this flag for each technology)'
data/lib/package/audit/enum/{environment.rb → group.rb} RENAMED
@@ -1,7 +1,7 @@
1
1
  module Package
2
2
  module Audit
3
3
  module Enum
4
- module Environment
4
+ module Group
5
5
  DEV = 'development'
6
6
  TEST = 'test'
7
7
  STAGING = 'staging'
@@ -9,7 +9,7 @@ module Package
9
9
  DEFAULT = 'default'
10
10
 
11
11
  def self.all
12
- constants.map { |key| Enum::Environment.const_get(key) }.sort
12
+ constants.map { |key| Enum::Group.const_get(key) }.sort
13
13
  end
14
14
  end
15
15
  end
data/lib/package/audit/enum/option.rb CHANGED
@@ -5,7 +5,7 @@ module Package
5
5
  CONFIG = 'config'
6
6
  CSV = 'csv'
7
7
  CSV_EXCLUDE_HEADERS = 'exclude-headers'
8
- ENVIRONMENT = 'environment'
8
+ GROUP = 'group'
9
9
  INCLUDE_IGNORED = 'include-ignored'
10
10
  TECHNOLOGY = 'technology'
11
11
  end
data/lib/package/audit/models/package.rb CHANGED
@@ -1,4 +1,4 @@
1
- require_relative '../enum/environment'
1
+ require_relative '../enum/group'
2
2
  require_relative '../enum/risk_explanation'
3
3
  require_relative '../enum/risk_type'
4
4
  require_relative '../services/risk_calculator'
data/lib/package/audit/npm/yarn_lock_parser.rb CHANGED
@@ -1,4 +1,4 @@
1
- require_relative '../enum/environment'
1
+ require_relative '../enum/group'
2
2
 
3
3
  module Package
4
4
  module Audit
@@ -16,9 +16,9 @@ module Package
16
16
  version = fetch_package_version(dep_name, pkg_block)
17
17
  pks = Package.new(dep_name.to_s, version, 'node')
18
18
  pks.update groups: if dev_deps.key?(dep_name)
19
- [Enum::Environment::DEV]
19
+ [Enum::Group::DEV]
20
20
  else
21
- [Enum::Environment::DEFAULT, Enum::Environment::DEV]
21
+ [Enum::Group::DEFAULT, Enum::Group::DEV]
22
22
  end
23
23
  pkgs << pks
24
24
  end
data/lib/package/audit/services/command_parser.rb CHANGED
@@ -19,7 +19,7 @@ module Package
19
19
  @options = options
20
20
  @report = report
21
21
  @config = parse_config_file
22
- @environments = parse_environments
22
+ @groups = @options[Enum::Option::GROUP]
23
23
  @technologies = parse_technologies
24
24
  @spinner = Util::Spinner.new('Evaluating packages and their dependencies...')
25
25
  end
@@ -32,7 +32,7 @@ module Package
32
32
  @spinner.start
33
33
  threads = @technologies.map.with_index do |technology, technology_index|
34
34
  Thread.new do
35
- all_pkgs, ignored_pkgs = PackageFinder.new(@config, @dir, @report, @environments).run(technology)
35
+ all_pkgs, ignored_pkgs = PackageFinder.new(@config, @dir, @report, @groups).run(technology)
36
36
  ignored_pkgs = [] if @options[Enum::Option::INCLUDE_IGNORED]
37
37
  cumulative_pkgs += all_pkgs || []
38
38
  sleep 0.1 while technology_index != thread_index # print each technology in order
@@ -101,17 +101,6 @@ module Package
101
101
  end
102
102
  end
103
103
 
104
- def parse_environments
105
- unsupported_technologies = (@options[Enum::Option::ENVIRONMENT] || []) - Enum::Environment.all
106
-
107
- if unsupported_technologies.any?
108
- raise ArgumentError, "#{unsupported_technologies} is not valid list of environments, " \
109
- "use one of #{Enum::Environment.all}"
110
- end
111
-
112
- (@options[Enum::Option::ENVIRONMENT] || Enum::Environment.all) | [Enum::Environment::DEFAULT]
113
- end
114
-
115
104
  def parse_technologies
116
105
  technology_validator = Technology::Validator.new(@dir)
117
106
  @options[Enum::Option::TECHNOLOGY]&.each { |technology| technology_validator.validate! technology }
data/lib/package/audit/services/package_finder.rb CHANGED
@@ -11,17 +11,17 @@ require 'yaml'
11
11
  module Package
12
12
  module Audit
13
13
  class PackageFinder
14
- def initialize(config, dir, report, environments)
14
+ def initialize(config, dir, report, groups)
15
15
  @config = config
16
16
  @dir = dir
17
17
  @report = report
18
- @environments = environments
18
+ @groups = groups
19
19
  end
20
20
 
21
21
  def run(technology)
22
22
  all_pkgs = find_by_technology(technology)
23
- ignored_by_environment_pkgs = filter_pkgs_based_on_environment(all_pkgs)
24
- active_pkgs = all_pkgs - ignored_by_environment_pkgs
23
+ ignored_by_group_pkgs = filter_pkgs_based_on_group(all_pkgs)
24
+ active_pkgs = all_pkgs - ignored_by_group_pkgs
25
25
  ignored_by_config_pkgs = filter_pkgs_based_on_config(active_pkgs)
26
26
  [active_pkgs, ignored_by_config_pkgs]
27
27
  end
@@ -57,12 +57,15 @@ module Package
57
57
  ignored_pkgs
58
58
  end
59
59
 
60
- def filter_pkgs_based_on_environment(pkgs)
60
+ def filter_pkgs_based_on_group(pkgs)
61
61
  ignored_pkgs = []
62
62
 
63
- pkgs.each do |pkg|
64
- ignored_pkgs << pkg unless (pkg.groups & @environments).any?
63
+ unless @groups.nil?
64
+ pkgs.each do |pkg|
65
+ ignored_pkgs << pkg unless (pkg.groups & (@groups | [Enum::Group::DEFAULT])).any?
66
+ end
65
67
  end
68
+
66
69
  ignored_pkgs
67
70
  end
68
71
  end
data/lib/package/audit/services/risk_calculator.rb CHANGED
@@ -76,8 +76,8 @@ module Package
76
76
  end
77
77
 
78
78
  def production_dependency?
79
- @pkg.groups.none? || (@pkg.groups & [Enum::Environment::DEFAULT,
80
- Enum::Environment::PRODUCTION]).any?
79
+ @pkg.groups.none? || (@pkg.groups & [Enum::Group::DEFAULT,
80
+ Enum::Group::PRODUCTION]).any?
81
81
  end
82
82
  end
83
83
  end
data/lib/package/audit/util/summary_printer.rb CHANGED
@@ -84,7 +84,7 @@ module Package
84
84
  puts
85
85
 
86
86
  puts Util::BashColor.blue('5. Check whether the package is used in production or not.')
87
- puts ' If a package is limited to a non-production environment:'
87
+ puts ' If a package is limited to a non-production group:'
88
88
  puts " - cap risk severity to\t -> #{Util::BashColor.yellow('low')} risk"
89
89
  end
90
90
  end
data/lib/package/audit/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Package
2
2
  module Audit
3
- VERSION = '0.5.0'
3
+ VERSION = '0.5.1'
4
4
  end
5
5
  end
data/sig/package/audit/enum/{environment.rbs → group.rbs} RENAMED
@@ -1,7 +1,7 @@
1
1
  module Package
2
2
  module Audit
3
3
  module Enum
4
- module Environment
4
+ module Group
5
5
  DEFAULT: String
6
6
  DEV: String
7
7
  PRODUCTION: String
data/sig/package/audit/enum/option.rbs CHANGED
@@ -5,7 +5,7 @@ module Package
5
5
  CONFIG: String
6
6
  CSV: String
7
7
  CSV_EXCLUDE_HEADERS: String
8
- ENVIRONMENT: String
8
+ GROUP: String
9
9
  INCLUDE_IGNORED: String
10
10
  TECHNOLOGY: String
11
11
  end
data/sig/package/audit/services/command_parser.rbs CHANGED
@@ -3,7 +3,7 @@ module Package
3
3
  class CommandParser
4
4
  @config: Hash[String, untyped]?
5
5
  @dir: String
6
- @environments: Array[String]
6
+ @groups: Array[String]
7
7
  @spinner: Util::Spinner
8
8
  @options: Hash[String, untyped]
9
9
  @report: Symbol
@@ -19,8 +19,6 @@ module Package
19
19
 
20
20
  def parse_config_file: -> Hash[String, untyped]?
21
21
 
22
- def parse_environments: -> Array[String]
23
-
24
22
  def parse_technologies: -> Array[String]
25
23
 
26
24
  def print_disclaimer: (String) -> void
data/sig/package/audit/services/package_finder.rbs CHANGED
@@ -4,7 +4,7 @@ module Package
4
4
  @config: Hash[String, untyped]?
5
5
  @dir: String
6
6
  @report: Symbol
7
- @environments: Array[String]
7
+ @groups: Array[String]
8
8
 
9
9
  def initialize: (Hash[String, untyped]?, String, Symbol, Array[String]) -> void
10
10
 
@@ -14,7 +14,7 @@ module Package
14
14
 
15
15
  def filter_pkgs_based_on_config: (Array[Package]) -> Array[Package]
16
16
 
17
- def filter_pkgs_based_on_environment: (Array[Package]) -> Array[Package]
17
+ def filter_pkgs_based_on_group: (Array[Package]) -> Array[Package]
18
18
 
19
19
  def find_by_technology: (String) -> Array[Package]
20
20
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: package-audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tactica Communications Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-11-16 00:00:00.000000000 Z
11
+ date: 2023-11-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-audit
@@ -54,7 +54,7 @@ files:
54
54
  - lib/package/audit/const/file.rb
55
55
  - lib/package/audit/const/time.rb
56
56
  - lib/package/audit/const/yaml.rb
57
- - lib/package/audit/enum/environment.rb
57
+ - lib/package/audit/enum/group.rb
58
58
  - lib/package/audit/enum/option.rb
59
59
  - lib/package/audit/enum/report.rb
60
60
  - lib/package/audit/enum/risk_explanation.rb
@@ -94,7 +94,7 @@ files:
94
94
  - sig/package/audit/const/file.rbs
95
95
  - sig/package/audit/const/time.rbs
96
96
  - sig/package/audit/const/yaml.rbs
97
- - sig/package/audit/enum/environment.rbs
97
+ - sig/package/audit/enum/group.rbs
98
98
  - sig/package/audit/enum/option.rbs
99
99
  - sig/package/audit/enum/report.rbs
100
100
  - sig/package/audit/enum/risk_explanation.rbs
@@ -150,7 +150,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
150
150
  - !ruby/object:Gem::Version
151
151
  version: '0'
152
152
  requirements: []
153
- rubygems_version: 3.4.22
153
+ rubygems_version: 3.4.21
154
154
  signing_key:
155
155
  specification_version: 4
156
156
  summary: A helper tool to find outdated, deprecated and vulnerable dependencies.