yavdb 0.5.4 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +8 -8
  3. data/Gemfile.lock +38 -36
  4. data/README.md +1 -0
  5. data/lib/yavdb/constants.rb +1 -1
  6. data/lib/yavdb/crawler.rb +1 -1
  7. data/lib/yavdb/sources/npmjs.rb +1 -1
  8. data/lib/yavdb/sources/snyk_io.rb +5 -4
  9. data/lib/yavdb/version.rb +1 -1
  10. data/yavdb.gemspec +3 -3
  11. metadata +14 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 579f19a0f075cfd1f37b9f35301e339630644378c9cac5b3491b327b833b5563
4
- data.tar.gz: f4a50061c122eb3436a68fe14d0134d363a218c7b51c96f66402e9dea6e7e852
3
+ metadata.gz: 5bd83226987ff17616cf7fc728a9804295402491da0254c04f09e83b162070fd
4
+ data.tar.gz: '0629122cc39f6740a833aa61cb3da32acfcd9205ad1ed0658ac17380d2373874'
5
5
  SHA512:
6
- metadata.gz: 2e96b1a8eb461ab36192a544dcb382b092d019955182c3b465ce011259b5eb94c0632239b4e5a23795d4d7c90a18d6c4620ac07184c930f495fc679aa9a43dda
7
- data.tar.gz: 65a3d00c830c77818fb16195ea5f3148390d37812a9b479e56ecc82df0779c6156933414e343e8fd5b647c02a26c035b045e2ab46edfb95dee754125d26afd87
6
+ metadata.gz: 14f2363effd7b653ad4eb9ca71a54236304d7b5e42d224ff3dfbc554dcef8fa8c76d0a19f8a7c5fed5b795199fde239cee6b7296e716494055f504ab0edb2520
7
+ data.tar.gz: 1a0ba50cbdf9c1b4fff512465886924458de19195e5e6fc03b1dbc5620c4e9ce2728bc7864d2830473748c68cc1225ef5669358a0c21da78f17e0ff12993071b
data/.rubocop.yml CHANGED
@@ -100,18 +100,18 @@ Layout/EmptyLinesAroundModuleBody:
100
100
  Layout/ExtraSpacing:
101
101
  Enabled: true
102
102
 
103
- Layout/IndentFirstArgument:
103
+ Layout/FirstArgumentIndentation:
104
104
  Enabled: true
105
105
  EnforcedStyle: consistent
106
106
  IndentationWidth: 2
107
107
 
108
- Layout/IndentFirstArrayElement:
108
+ Layout/FirstArrayElementIndentation:
109
109
  Enabled: true
110
110
 
111
- Layout/IndentAssignment:
111
+ Layout/AssignmentIndentation:
112
112
  Enabled: true
113
113
 
114
- Layout/IndentFirstHashElement:
114
+ Layout/FirstHashElementIndentation:
115
115
  Enabled: true
116
116
 
117
117
  Layout/MultilineHashBraceLayout:
@@ -128,7 +128,7 @@ Layout/MultilineOperationIndentation:
128
128
  Layout/SpaceAfterComma:
129
129
  Enabled: true
130
130
 
131
- Layout/AlignParameters:
131
+ Layout/ParameterAlignment:
132
132
  Enabled: true
133
133
  EnforcedStyle: with_fixed_indentation
134
134
 
@@ -161,7 +161,7 @@ Lint/UselessAccessModifier:
161
161
  Lint/UselessAssignment:
162
162
  Enabled: true
163
163
 
164
- Lint/HandleExceptions:
164
+ Lint/SuppressedException:
165
165
  Enabled: true
166
166
  Exclude:
167
167
  - "lib/yavdb/sources/snyk_io.rb"
@@ -338,10 +338,10 @@ Style/TrailingCommaInHashLiteral:
338
338
  Enabled: true
339
339
  EnforcedStyleForMultiline: no_comma
340
340
 
341
- Style/UnneededInterpolation:
341
+ Style/RedundantInterpolation:
342
342
  Enabled: true
343
343
 
344
- Style/UnneededPercentQ:
344
+ Style/RedundantPercentQ:
345
345
  Enabled: true
346
346
 
347
347
  Style/WhileUntilDo:
data/Gemfile.lock CHANGED
@@ -1,11 +1,11 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- yavdb (0.5.4)
4
+ yavdb (0.6.0)
5
5
  execjs (~> 2.7)
6
6
  json (~> 2.2)
7
- kramdown (~> 2.1)
8
- oga (~> 2.15)
7
+ kramdown (~> 2.3)
8
+ oga (>= 2.15, < 4.0)
9
9
  semantic_interval (~> 0.1)
10
10
  therubyracer (~> 0.12)
11
11
  thor (~> 0.20)
@@ -16,7 +16,7 @@ GEM
16
16
  specs:
17
17
  ansi (1.5.0)
18
18
  ast (2.4.0)
19
- bibliothecary (6.8.1)
19
+ bibliothecary (6.8.5)
20
20
  commander
21
21
  deb_control
22
22
  librariesio-gem-parser
@@ -27,13 +27,13 @@ GEM
27
27
  toml-rb (~> 1.0)
28
28
  typhoeus
29
29
  citrus (3.0.2)
30
- codacy-coverage (2.1.0)
30
+ codacy-coverage (2.2.0)
31
31
  simplecov
32
32
  colorize (0.8.1)
33
33
  commander (4.4.7)
34
34
  highline (~> 2.0.0)
35
35
  deb_control (0.0.1)
36
- dependency_spy (0.5.0)
36
+ dependency_spy (0.6.0)
37
37
  bibliothecary (~> 6.6)
38
38
  colorize (= 0.8.1)
39
39
  semantic_range (~> 2.2)
@@ -44,48 +44,50 @@ GEM
44
44
  ethon (0.12.0)
45
45
  ffi (>= 1.3.0)
46
46
  execjs (2.7.0)
47
- ffi (1.11.1)
48
- highline (2.0.2)
49
- jaro_winkler (1.5.3)
50
- json (2.2.0)
51
- kramdown (2.1.0)
47
+ ffi (1.11.3)
48
+ highline (2.0.3)
49
+ jaro_winkler (1.5.4)
50
+ json (2.3.0)
51
+ kramdown (2.3.0)
52
+ rexml
52
53
  librariesio-gem-parser (1.0.0)
53
54
  libv8 (3.16.14.19-x86_64-linux)
54
- oga (2.15)
55
+ oga (3.3)
55
56
  ast
56
57
  ruby-ll (~> 2.1)
57
- ox (2.11.0)
58
- parallel (1.18.0)
59
- parser (2.6.5.0)
58
+ ox (2.12.0)
59
+ parallel (1.19.1)
60
+ parser (2.7.0.2)
60
61
  ast (~> 2.4.0)
61
62
  rainbow (3.0.0)
62
- rake (12.3.3)
63
+ rake (13.0.1)
63
64
  ref (2.0.0)
64
- rspec (3.8.0)
65
- rspec-core (~> 3.8.0)
66
- rspec-expectations (~> 3.8.0)
67
- rspec-mocks (~> 3.8.0)
68
- rspec-core (3.8.2)
69
- rspec-support (~> 3.8.0)
70
- rspec-expectations (3.8.4)
65
+ rexml (3.2.4)
66
+ rspec (3.9.0)
67
+ rspec-core (~> 3.9.0)
68
+ rspec-expectations (~> 3.9.0)
69
+ rspec-mocks (~> 3.9.0)
70
+ rspec-core (3.9.1)
71
+ rspec-support (~> 3.9.1)
72
+ rspec-expectations (3.9.0)
71
73
  diff-lcs (>= 1.2.0, < 2.0)
72
- rspec-support (~> 3.8.0)
73
- rspec-mocks (3.8.1)
74
+ rspec-support (~> 3.9.0)
75
+ rspec-mocks (3.9.1)
74
76
  diff-lcs (>= 1.2.0, < 2.0)
75
- rspec-support (~> 3.8.0)
76
- rspec-support (3.8.2)
77
+ rspec-support (~> 3.9.0)
78
+ rspec-support (3.9.2)
77
79
  rspec_junit_formatter (0.4.1)
78
80
  rspec-core (>= 2, < 4, != 2.12.0)
79
- rubocop (0.75.0)
81
+ rubocop (0.79.0)
80
82
  jaro_winkler (~> 1.5.1)
81
83
  parallel (~> 1.10)
82
- parser (>= 2.6)
84
+ parser (>= 2.7.0.1)
83
85
  rainbow (>= 2.2.2, < 4.0)
84
86
  ruby-progressbar (~> 1.7)
85
87
  unicode-display_width (>= 1.4.0, < 1.7)
86
- rubocop-performance (1.5.0)
88
+ rubocop-performance (1.5.2)
87
89
  rubocop (>= 0.71.0)
88
- rubocop-rspec (1.36.0)
90
+ rubocop-rspec (1.37.1)
89
91
  rubocop (>= 0.68.1)
90
92
  ruby-ll (2.1.2)
91
93
  ansi
@@ -94,16 +96,16 @@ GEM
94
96
  sdl4r (0.9.11)
95
97
  semantic_interval (0.1.0)
96
98
  semantic_range (2.2.1)
97
- simplecov (0.17.0)
99
+ simplecov (0.17.1)
98
100
  docile (~> 1.1)
99
101
  json (>= 1.8, < 3)
100
102
  simplecov-html (~> 0.10.0)
101
103
  simplecov-html (0.10.2)
102
- strings (0.1.6)
104
+ strings (0.1.8)
103
105
  strings-ansi (~> 0.1)
104
106
  unicode-display_width (~> 1.5)
105
107
  unicode_utils (~> 1.4)
106
- strings-ansi (0.1.0)
108
+ strings-ansi (0.2.0)
107
109
  therubyracer (0.12.3)
108
110
  libv8 (~> 3.16.14.15)
109
111
  ref
@@ -121,7 +123,7 @@ PLATFORMS
121
123
  DEPENDENCIES
122
124
  codacy-coverage
123
125
  dependency_spy
124
- rake (~> 12.3)
126
+ rake (~> 13.0)
125
127
  rspec (~> 3.8)
126
128
  rspec_junit_formatter (~> 0.4)
127
129
  rubocop (~> 0.75)
@@ -131,4 +133,4 @@ DEPENDENCIES
131
133
  yavdb!
132
134
 
133
135
  BUNDLED WITH
134
- 2.0.2
136
+ 2.1.2
data/README.md CHANGED
@@ -42,6 +42,7 @@ gem install yavdb
42
42
 
43
43
  #### Features/Improvements
44
44
 
45
+ - [ ] Support non semver versions
45
46
  - [ ] Merge duplicates
46
47
  - [ ] Scrape [NVD](https://nvd.nist.gov/) for other package manager vulnerabilities
47
48
  - [ ] Find more sources
data/lib/yavdb/constants.rb CHANGED
@@ -28,7 +28,7 @@ module YAVDB
28
28
  DEFAULT_YAVDB_DATABASE_PATH = File.expand_path(File.join(DEFAULT_YAVDB_PATH, 'database')).freeze
29
29
  DEFAULT_CACHE_PATH = File.expand_path(File.join(ENV['HOME'], '.yavdb', 'cache')).freeze
30
30
 
31
- POSSIBLE_PACKAGE_MANAGERS = ['npm', 'rubygems', 'maven', 'nuget', 'packagist', 'pypi', 'go', 'cargo'].freeze
31
+ POSSIBLE_PACKAGE_MANAGERS = ['npm', 'rubygems', 'maven', 'nuget', 'packagist', 'pypi', 'go', 'cargo', 'cocoapods'].freeze
32
32
 
33
33
  SEVERITIES = ['low', 'medium', 'high'].freeze
34
34
 
data/lib/yavdb/crawler.rb CHANGED
@@ -14,7 +14,7 @@
14
14
  # You should have received a copy of the GNU Affero General Public License
15
15
  # along with this program. If not, see <http://www.gnu.org/licenses/>.
16
16
 
17
- Dir[File.expand_path('sources/*.rb', __dir__)].each do |file|
17
+ Dir[File.expand_path('sources/*.rb', __dir__)].sort.each do |file|
18
18
  require file
19
19
  end
20
20
 
data/lib/yavdb/sources/npmjs.rb CHANGED
@@ -103,7 +103,7 @@ module YAVDB
103
103
  end
104
104
 
105
105
  def get_page_url(page)
106
- "#{API_URL}/advisories?page=#{page}&perPage=300&order=-id"
106
+ "#{API_URL}/advisories?page=#{page}&perPage=100&order=-id"
107
107
  end
108
108
 
109
109
  def parse_severity(severity)
data/lib/yavdb/sources/snyk_io.rb CHANGED
@@ -30,7 +30,7 @@ module YAVDB
30
30
  BASE_VULN_URL = "#{BASE_URL}/vuln"
31
31
  INFO_SEP = '#=#'
32
32
 
33
- PACKAGE_MANAGERS = ['composer', 'golang', 'maven', 'npm', 'nuget', 'pip', 'rubygems'].freeze
33
+ PACKAGE_MANAGERS = ['composer', 'golang', 'maven', 'npm', 'nuget', 'pip', 'rubygems', 'cocoapods'].freeze
34
34
 
35
35
  PACKAGE_MANAGER_ALIAS = Hash[
36
36
  'composer' => 'packagist',
@@ -39,7 +39,8 @@ module YAVDB
39
39
  'npm' => 'npm',
40
40
  'nuget' => 'nuget',
41
41
  'pip' => 'pypi',
42
- 'rubygems' => 'rubygems'
42
+ 'rubygems' => 'rubygems',
43
+ 'cocoapods' => 'cocoapods'
43
44
  ].freeze
44
45
 
45
46
  def self.advisories
@@ -47,7 +48,7 @@ module YAVDB
47
48
  urls.map do |advisory_url|
48
49
  advisory_page = get_page_html(advisory_url, true, 'snyk.io/advisories')
49
50
  create(advisory_url, advisory_page)
50
- end
51
+ end.reject(&:nil?)
51
52
  end
52
53
 
53
54
  class << self
@@ -92,7 +93,7 @@ module YAVDB
92
93
  severity = advisory_page.css('span.label__text').text.gsub(%r{(.*?) severity}, '\1')
93
94
 
94
95
  package_manager = advisory_page.css('.breadcrumbs__list-item')[1].text.gsub(%r{\s+}, '').downcase
95
- package_manager = PACKAGE_MANAGER_ALIAS[package_manager] || raise("Could not find alias for package manager #{package_manager}")
96
+ package_manager = PACKAGE_MANAGER_ALIAS[package_manager] || return
96
97
 
97
98
  title = utf8(advisory_page.css('h1.header__title span.header__title__text').text)
98
99
 
data/lib/yavdb/version.rb CHANGED
@@ -16,6 +16,6 @@
16
16
 
17
17
  module YAVDB
18
18
 
19
- VERSION = '0.5.4'
19
+ VERSION = '0.6.0'
20
20
 
21
21
  end
data/yavdb.gemspec CHANGED
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
25
25
 
26
26
  # Development
27
27
  spec.add_development_dependency 'codacy-coverage'
28
- spec.add_development_dependency 'rake', ['~> 12.3']
28
+ spec.add_development_dependency 'rake', '~> 13.0'
29
29
  spec.add_development_dependency 'rspec', ['~> 3.8']
30
30
  spec.add_development_dependency 'rspec_junit_formatter', ['~> 0.4']
31
31
  spec.add_development_dependency 'simplecov'
@@ -39,8 +39,8 @@ Gem::Specification.new do |spec|
39
39
  # Runtime
40
40
  spec.add_runtime_dependency 'execjs', ['~> 2.7']
41
41
  spec.add_runtime_dependency 'json', ['~> 2.2']
42
- spec.add_runtime_dependency 'kramdown', ['~> 2.1']
43
- spec.add_runtime_dependency 'oga', ['~> 2.15']
42
+ spec.add_runtime_dependency 'kramdown', ['~> 2.3']
43
+ spec.add_runtime_dependency 'oga', '>= 2.15', '< 4.0'
44
44
  spec.add_runtime_dependency 'semantic_interval', ['~> 0.1']
45
45
  spec.add_runtime_dependency 'therubyracer', ['~> 0.12']
46
46
  spec.add_runtime_dependency 'thor', ['~> 0.20']
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yavdb
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.4
4
+ version: 0.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rodrigo Fernandes
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-17 00:00:00.000000000 Z
11
+ date: 2020-10-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: codacy-coverage
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '12.3'
33
+ version: '13.0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '12.3'
40
+ version: '13.0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -170,28 +170,34 @@ dependencies:
170
170
  requirements:
171
171
  - - "~>"
172
172
  - !ruby/object:Gem::Version
173
- version: '2.1'
173
+ version: '2.3'
174
174
  type: :runtime
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
178
  - - "~>"
179
179
  - !ruby/object:Gem::Version
180
- version: '2.1'
180
+ version: '2.3'
181
181
  - !ruby/object:Gem::Dependency
182
182
  name: oga
183
183
  requirement: !ruby/object:Gem::Requirement
184
184
  requirements:
185
- - - "~>"
185
+ - - ">="
186
186
  - !ruby/object:Gem::Version
187
187
  version: '2.15'
188
+ - - "<"
189
+ - !ruby/object:Gem::Version
190
+ version: '4.0'
188
191
  type: :runtime
189
192
  prerelease: false
190
193
  version_requirements: !ruby/object:Gem::Requirement
191
194
  requirements:
192
- - - "~>"
195
+ - - ">="
193
196
  - !ruby/object:Gem::Version
194
197
  version: '2.15'
198
+ - - "<"
199
+ - !ruby/object:Gem::Version
200
+ version: '4.0'
195
201
  - !ruby/object:Gem::Dependency
196
202
  name: semantic_interval
197
203
  requirement: !ruby/object:Gem::Requirement