yavdb 0.5.2 → 0.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e8af50e09446ce3b10fc4ab040d61051d822580e08b4c115ac070a88e67cdfab
-  data.tar.gz: fdffb83c5bbd1f1aa8f4ae78e8c181d16ba11c76f40ac6d5665f379bc54c7741
+  metadata.gz: ff43836b6a4618939c8acc53519a9cbc49157a4a0af5767ea10b75173f1208b9
+  data.tar.gz: a44416d1a831f5eeb760bb8f28bd51f3a37c0dc0da494d512a097676f0a88011
 SHA512:
-  metadata.gz: bef0e177ea672587d23ea447324d33c783bd0467976406b596b088a5356698874af77d196ccadbd564aa5faa0b5dad649622cd0f52d1fdb85fa1e9796cefd4f2
-  data.tar.gz: f17925ffe91e7ef516d79798ebd54e6a6cfd725a0758b32f253af2a000e909c69d6711d7fd2125a0a9b7a5d3950f03a8f1cf587df6ad89d1a4c9f006743c7d8b
+  metadata.gz: de6a6753b1ab427ecd5265f6d813f0d94e2f14bfa80f9b06863ffe2a265afd1531a38aa81b266b319792bd14cc13c5c8dbf55c8efad8600c19cda5e0e43e02c9
+  data.tar.gz: 636de41a1dc02772fe0aabfec7fe1cd32849a3fb1fa7e801a3d2a5796657a6bcf8d97d72be7f6886688d841359526cfe71f1468b9a6d05d5156f2b5e775c6be4

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,32 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. Windows, Linux, Mac]
+ - Ruby Version [e.g. 2.5.5]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

data/CONTRIBUTING.md

@@ -0,0 +1,60 @@
+## How to contribute to yavdb
+
+### Main rules
+
+* Before you open a ticket or send a pull request, [search](https://github.com/rtfpessoa/yavdb/issues) for previous discussions about the same feature or issue. Add to the earlier ticket if you find one.
+
+* If you're proposing a new feature, make sure you create an issue to let other contributors know what you are working on.
+
+* Before sending a pull request make sure your code is tested.
+
+* Before sending a pull request for a feature, be sure to run tests.
+
+* Use the same coding style as the rest of the codebase.
+
+* Use `git rebase` (not `git merge`) to sync your work from time to time with the master branch.
+
+* After creating your pull request make sure the build is passing on [CircleCI](https://circleci.com/gh/rtfpessoa/yavdb)
+and that [Codacy](https://www.codacy.com/app/rtfpessoa/yavdb) is also confident in the code quality.
+
+### Commit Style
+
+Writing good commit logs is important. A commit log should describe what changed and why.
+Follow these guidelines when writing one:
+
+1. The first line should be 50 characters or less and contain a short
+   description of the change prefixed with the name of the changed
+   subsystem (e.g. "net: add localAddress and localPort to Socket").
+2. Keep the second line blank.
+3. Wrap all other lines at 72 columns.
+
+A good commit log can look something like this:
+
+```
+subsystem: explaining the commit in one line
+
+Body of commit message is a few lines of text, explaining things
+in more detail, possibly giving some background about the issue
+being fixed, etc. etc.
+
+The body of the commit message can be several paragraphs, and
+please do proper word-wrap and keep columns shorter than about
+72 characters or so. That way `git log` will show things
+nicely even when it is indented.
+```
+
+### Developer's Certificate of Origin 1.0
+
+By making a contribution to this project, I certify that:
+
+* (a) The contribution was created in whole or in part by me and I
+  have the right to submit it under the open source license indicated
+  in the file; or
+* (b) The contribution is based upon previous work that, to the best
+  of my knowledge, is covered under an appropriate open source license
+  and I have the right under that license to submit that work with
+  modifications, whether created in whole or in part by me, under the
+  same open source license (unless I am permitted to submit under a
+  different license), as indicated in the file; or
+* (c) The contribution was provided directly to me by some other
+  person who certified (a), (b) or (c) and I have not modified it.

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    yavdb (0.5.2)
+    yavdb (0.5.3)
       execjs (~> 2.7)
       json (~> 2.2)
       kramdown (~> 2.1)
@@ -16,12 +16,14 @@ GEM
   specs:
     ansi (1.5.0)
     ast (2.4.0)
-    bibliothecary (6.6.0)
+    bibliothecary (6.8.1)
       commander
       deb_control
       librariesio-gem-parser
       ox (>= 2.8.1)
       sdl4r
+      strings
+      strings-ansi
       toml-rb (~> 1.0)
       typhoeus
     citrus (3.0.2)
@@ -31,20 +33,20 @@ GEM
     commander (4.4.7)
       highline (~> 2.0.0)
     deb_control (0.0.1)
-    dependency_spy (0.4.1)
+    dependency_spy (0.5.0)
       bibliothecary (~> 6.6)
       colorize (= 0.8.1)
       semantic_range (~> 2.2)
       thor (~> 0.20)
       yavdb (~> 0.5)
     diff-lcs (1.3)
-    docile (1.3.1)
+    docile (1.3.2)
     ethon (0.12.0)
       ffi (>= 1.3.0)
     execjs (2.7.0)
-    ffi (1.11.0)
+    ffi (1.11.1)
     highline (2.0.2)
-    jaro_winkler (1.5.2)
+    jaro_winkler (1.5.3)
     json (2.2.0)
     kramdown (2.1.0)
     librariesio-gem-parser (1.0.0)
@@ -52,49 +54,54 @@ GEM
     oga (2.15)
       ast
       ruby-ll (~> 2.1)
-    ox (2.10.0)
+    ox (2.11.0)
     parallel (1.17.0)
-    parser (2.6.3.0)
+    parser (2.6.4.0)
       ast (~> 2.4.0)
     rainbow (3.0.0)
-    rake (12.3.2)
+    rake (12.3.3)
     ref (2.0.0)
     rspec (3.8.0)
       rspec-core (~> 3.8.0)
       rspec-expectations (~> 3.8.0)
       rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
+    rspec-core (3.8.2)
       rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.3)
+    rspec-expectations (3.8.4)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
+    rspec-mocks (3.8.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
+    rspec-support (3.8.2)
     rspec_junit_formatter (0.4.1)
       rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (0.69.0)
+    rubocop (0.74.0)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
       parser (>= 2.6)
       rainbow (>= 2.2.2, < 4.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 1.7)
-    rubocop-rspec (1.33.0)
+    rubocop-rspec (1.35.0)
       rubocop (>= 0.60.0)
     ruby-ll (2.1.2)
       ansi
       ast
-    ruby-progressbar (1.10.0)
+    ruby-progressbar (1.10.1)
     sdl4r (0.9.11)
     semantic_interval (0.1.0)
     semantic_range (2.2.1)
-    simplecov (0.16.1)
+    simplecov (0.17.0)
       docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
+    strings (0.1.6)
+      strings-ansi (~> 0.1)
+      unicode-display_width (~> 1.5)
+      unicode_utils (~> 1.4)
+    strings-ansi (0.1.0)
     therubyracer (0.12.3)
       libv8 (~> 3.16.14.15)
       ref
@@ -104,18 +111,19 @@ GEM
     typhoeus (1.3.1)
       ethon (>= 0.9.0)
     unicode-display_width (1.6.0)
+    unicode_utils (1.4.0)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   codacy-coverage
-  dependency_spy (~> 0.4)
+  dependency_spy
   rake (~> 12.3)
   rspec (~> 3.8)
   rspec_junit_formatter (~> 0.4)
-  rubocop (~> 0.69)
-  rubocop-rspec (~> 1.33)
+  rubocop (~> 0.74)
+  rubocop-rspec (~> 1.35)
   simplecov
   yavdb!
 

data/lib/yavdb/database.rb

@@ -43,7 +43,6 @@ module YAVDB
         vulns
           .group_by(&:package_manager)
           .map do |package_manager, vunerabilities_by_pm|
-
           puts "#{package_manager}: #{vunerabilities_by_pm.length}"
 
           vunerabilities_by_pm =

data/lib/yavdb/sources/npmjs.rb

@@ -40,13 +40,13 @@ module YAVDB
           def fetch_packages_recursive(page_number)
             page = get_page_html(get_page_url(page_number), false, 'npmjs/feed')
 
-            script_tag = page.css('script').find { |script| script.text.include?('window.__context__') }.text
-            context = ExecJS.compile("var window = {};\n#{script_tag.force_encoding('utf-8')};")
+            script_tag    = page.css('script').find { |script| script.text.include?('window.__context__') }.text
+            context       = ExecJS.compile("var window = {};\n#{script_tag.force_encoding('utf-8')};")
             advisory_data = context.exec('return window.__context__.context.advisoriesData')
 
             packages = advisory_data['objects']
 
-            next_url = advisory_data['urls']['next']
+            next_url      = advisory_data['urls']['next']
             next_packages = if next_url && !next_url&.include?("page=#{page_number}")
                               fetch_packages_recursive(page_number + 1)
                             else
@@ -62,7 +62,7 @@ module YAVDB
 
           def create(package)
             published_date = Date.strptime(package['created'], '%s')
-            updated_date = Date.strptime(package['updated'], '%s')
+            updated_date   = Date.strptime(package['updated'], '%s')
 
             cves = package['cves'] || []
 
@@ -108,13 +108,13 @@ module YAVDB
 
           def parse_severity(severity)
             case severity
-              when 'low' then
+              when 'low'
                 'low'
-              when 'moderate' then
+              when 'moderate'
                 'medium'
-              when 'high' then
+              when 'high'
                 'high'
-              when 'critical' then
+              when 'critical'
                 'high'
               else
                 'high'

data/lib/yavdb/sources/ruby_advisory.rb

@@ -107,9 +107,9 @@ module YAVDB
 
           def severity_level(cvss_score)
             case cvss_score
-              when 0.0..3.3 then
+              when 0.0..3.3
                 'low'
-              when 3.3..6.6 then
+              when 3.3..6.6
                 'medium'
               else
                 'high'

data/lib/yavdb/sources/rustsec.rb

@@ -25,7 +25,7 @@ module YAVDB
     module RustSec
       class Client
 
-        REPOSITORY_URL = 'https://github.com/RustSec/advisory-db'.freeze
+        REPOSITORY_URL  = 'https://github.com/RustSec/advisory-db'.freeze
         PACKAGE_MANAGER = 'cargo'.freeze
 
         def self.advisories
@@ -44,9 +44,9 @@ module YAVDB
           private
 
           def create(advisory_hash)
-            date = Date.strptime(advisory_hash['date'].to_s, '%Y-%m-%d')
-            severity = 'high' # since no value is provided will use highest
-            cve = advisory_hash['aliases']&.select { |a| a.start_with?('CVE') }
+            date       = Date.strptime(advisory_hash['date'].to_s, '%Y-%m-%d')
+            severity   = 'high' # since no value is provided will use highest
+            cve        = advisory_hash['aliases']&.select { |a| a.start_with?('CVE') }
             references = advisory_hash['url'] && [advisory_hash['url']]
 
             vuln_id = "rustsec:cargo:#{advisory_hash['package']}:#{advisory_hash['id']}"

data/lib/yavdb/sources/snyk_io.rb

@@ -168,30 +168,22 @@ module YAVDB
               body   = section[:body]
 
               case header.text
-                when 'Overview' then
+                when %r{^(Overview|Details)$} then
                   overview_str = body
                                    .map(&:to_xml)
+                                   .map { |e| e.force_encoding('UTF-8') }
                                    .join("\n")
-                                   .force_encoding('UTF-8')
                   begin
-                    data[:description] += '\n' if data[:description]
-                    data[:description] = '' unless data[:description]
+                    if data[:description]
+                      data[:description] += '\n'
+                    else
+                      data[:description] = ''
+                    end
+
                     data[:description] += utf8(Kramdown::Document.new(overview_str, :html_to_native => true).to_kramdown)
                   rescue StandardError
                     # ignore
                   end
-                when 'Details' then
-                  details_str = body
-                                  .map(&:to_xml)
-                                  .join("\n")
-                                  .force_encoding('UTF-8')
-                  begin
-                    data[:description] += '\n' if data[:description]
-                    data[:description] = '' unless data[:description]
-                    data[:description] += utf8(Kramdown::Document.new(details_str, :html_to_native => true).to_kramdown)
-                  rescue StandardError
-                    # ignore
-                  end
                 when 'References' then
                   references = []
                   if body.any?
@@ -211,19 +203,19 @@ module YAVDB
 
             advisory_page.css('.l-col .card .card__content dl > *').each_slice(2).to_a.map do |key, value|
               case key.text
-                when 'Credit' then
+                when 'Credit'
                   data[:credit] = utf8(value.text.split(',').map { |str| str.strip.sub(%r{-\s*}, '') }.reject(&:empty?))
-                when 'CVE' then
+                when 'CVE'
                   data[:cve] = value.css('a').map { |a| a.text.strip.split(',') }.flatten.map(&:strip).reject(&:empty?)
-                when 'CWE' then
+                when 'CWE'
                   data[:cwe] = value.css('a').map { |a| a.text.strip.split(',') }.flatten.map(&:strip).reject(&:empty?)
-                when 'Snyk ID' then
+                when 'Snyk ID'
                   data[:id] = value.text.strip
-                when 'Disclosed' then
+                when 'Disclosed'
                   data[:disclosed_date] = value.text.strip
-                when 'Published' then
+                when 'Published'
                   data[:published_date] = value.text.strip
-                when 'Last modified' then
+                when 'Last modified'
                   data[:last_modified_date] = value.text.strip
               end
             end

data/lib/yavdb/sources/victims.rb

@@ -95,9 +95,9 @@ module YAVDB
 
           def severity(cvss_score)
             case cvss_score
-              when 0.0..3.3 then
+              when 0.0..3.3
                 'low'
-              when 3.3..6.6 then
+              when 3.3..6.6
                 'medium'
               else
                 'high'

data/lib/yavdb/utils/http.rb

@@ -45,9 +45,9 @@ module YAVDB
           begin
             response = Net::HTTP.get_response(url)
             case response
-              when Net::HTTPNotFound then
+              when Net::HTTPNotFound
                 raise ArgumentError, 'page not found'
-              when Net::HTTPTooManyRequests then
+              when Net::HTTPTooManyRequests
                 raise ArgumentError, 'too many requests'
               else
                 response.body.lines

data/lib/yavdb/version.rb

@@ -16,6 +16,6 @@
 
 module YAVDB
 
-  VERSION = '0.5.2'
+  VERSION = '0.5.3'
 
 end

data/yavdb.gemspec

@@ -31,9 +31,9 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'simplecov'
 
   # Linters
-  spec.add_development_dependency 'dependency_spy', ['~> 0.4']
-  spec.add_development_dependency 'rubocop', ['~> 0.69']
-  spec.add_development_dependency 'rubocop-rspec', ['~> 1.33']
+  spec.add_development_dependency 'dependency_spy'
+  spec.add_development_dependency 'rubocop', ['~> 0.74']
+  spec.add_development_dependency 'rubocop-rspec', ['~> 1.35']
 
   # Runtime
   spec.add_runtime_dependency 'execjs', ['~> 2.7']

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yavdb
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.5.3
 platform: ruby
 authors:
 - Rodrigo Fernandes
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-19 00:00:00.000000000 Z
+date: 2019-09-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: codacy-coverage
@@ -84,44 +84,44 @@ dependencies:
   name: dependency_spy
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.69'
+        version: '0.74'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.69'
+        version: '0.74'
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.33'
+        version: '1.35'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.33'
+        version: '1.35'
 - !ruby/object:Gem::Dependency
   name: execjs
   requirement: !ruby/object:Gem::Requirement
@@ -246,11 +246,14 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
+- ".github/ISSUE_TEMPLATE/bug_report.md"
+- ".github/ISSUE_TEMPLATE/feature_request.md"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - ".ruby-version"
 - CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
 - Gemfile
 - Gemfile.lock
 - LICENSE