Class: Yarn::Audit::Wrap::Main
- Inherits:
-
Object
- Object
- Yarn::Audit::Wrap::Main
- Defined in:
- lib/yarn/audit/wrap.rb
Instance Method Summary collapse
- #err(str) ⇒ Object
- #handle_advisories(advisories:, summary:, opts:) ⇒ Object
-
#initialize(args) ⇒ Main
constructor
Initialize the main loop.
- #process(audit_output:, config:, opts:) ⇒ Object
- #run ⇒ Object
-
#use_advisory?(advisory:, config:) ⇒ Boolean
advisory is a single line from yarn audit –json output config is a set of all the ignore directives.
- #warn(str) ⇒ Object
Constructor Details
#initialize(args) ⇒ Main
Initialize the main loop
In that case, the defaults will be used.
46 47 48 49 50 51 52 |
# File 'lib/yarn/audit/wrap.rb', line 46 def initialize args @opts = OptParser.new(args) rescue FileNotFoundError err "File not found" rescue MissingOptionValueError err "Missing value for option #{$!}" end |
Instance Method Details
#err(str) ⇒ Object
31 32 33 34 35 |
# File 'lib/yarn/audit/wrap.rb', line 31 def err str # While I like the idea of standardrb, its recommendation in this case is absolute garbage. # Errors should always go to stderr, not warn. $stderr.send(:puts, str) end |
#handle_advisories(advisories:, summary:, opts:) ⇒ Object
90 91 92 93 94 95 96 97 98 99 100 |
# File 'lib/yarn/audit/wrap.rb', line 90 def handle_advisories(advisories:, summary:, opts:) # print if any, return proper exit code if advisories && advisories.size > 0 warn "yarn-audit: #{advisories.size} flagged packages" exit 1 else warn "yarn-audit: No advisories flagged." warn summary.inspect exit 0 end end |
#process(audit_output:, config:, opts:) ⇒ Object
74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
# File 'lib/yarn/audit/wrap.rb', line 74 def process(audit_output:, config:, opts:) levels = opts[:audit_levels] used = [] audit_output.select do |item| if levels.include?(item["data"]["advisory"]["severity"]) && use_advisory?(advisory: item, config: config) used << item else audit_output.add_ignored type: item["data"]["advisory"]["severity"], val: item end end used end |
#run ⇒ Object
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
# File 'lib/yarn/audit/wrap.rb', line 54 def run # generates a tmp/yarn-audit.json by default. Change @opts to rename/move output file. cmd = YarnCommand.new(opts: @opts) unless @opts[:skip_audit_gen] raise YarnAuditRuntimeError if !cmd cmd.run # parse output of yarn audit and store audit_output = AuditParser.new(opts: @opts) # load config, such as ignorelists config = Config.new(opts: @opts) # check and return results rv = process audit_output: audit_output, config: config, opts: @opts audit_output.print_summary rv.size # number of vulnerabilities. 0 is shell for success, non-zero is failure! end |
#use_advisory?(advisory:, config:) ⇒ Boolean
advisory is a single line from yarn audit –json output config is a set of all the ignore directives. Find if the advisory is included in the ignore list, and if so see if the values match and if the optional until: date is set. If the Date is present and past, use the advisory, otherwise ignore it until the date is past.
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
# File 'lib/yarn/audit/wrap.rb', line 106 def use_advisory?(advisory:, config:) config.ignores.detect do |ignore_item| found = (ignore_item.keys - [:until]).all? do |key| (advisory["data"]["advisory"][key] == ignore_item[key]) end if found record = advisory["data"]["advisory"] if ignore_item[:until]&.past? warn "Found expired vulnerability. Using advisory \"#{record["title"]}\"" else warn "Actively ignoring. \"#{record["title"]}\"" return false end else warn "not found" return true end end true end |
#warn(str) ⇒ Object
37 38 39 |
# File 'lib/yarn/audit/wrap.rb', line 37 def warn str $stdout.puts str end |