Allow to configure severity threshold. (#12)

* Allow to configure severity threshold * Add severity-threshold option to check minimum severity to check. * Apply a red color based on threshold only for text STDOUT. * Updated the yavdb gem to make use of the SEVERITIES constant * definition. * Merged the formatter and style code for the text formatter.
rtfpessoa · Oct 28, 2018 · 6464db4 · 6464db4
1 parent 6d22ffc
commit 6464db4
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 9 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -3,6 +3,7 @@ PATH
   specs:
     dependency_spy (0.2.2)
       bibliothecary (~> 6.3)
+      colorize (~> 0.8.1)
       semantic_range (~> 2.1)
       thor (~> 0.20)
       yavdb (~> 0.4)
@@ -23,6 +24,7 @@ GEM
     citrus (3.0.2)
     codacy-coverage (2.1.0)
       simplecov
+    colorize (0.8.1)
     commander (4.4.7)
       highline (~> 2.0.0)
     deb_control (0.0.1)

diff --git a/dependency_spy.gemspec b/dependency_spy.gemspec
@@ -36,6 +36,7 @@ Gem::Specification.new do |spec|
 
   # Runtime
   spec.add_runtime_dependency 'bibliothecary', ['~> 6.3']
+  spec.add_runtime_dependency 'colorize', ['~> 0.8.1']
   spec.add_runtime_dependency 'semantic_range', ['~> 2.1']
   spec.add_runtime_dependency 'thor', ['~> 0.20']
   spec.add_runtime_dependency 'yavdb', ['~> 0.4']

diff --git a/lib/dependency_spy/cli.rb b/lib/dependency_spy/cli.rb
@@ -23,6 +23,7 @@
 require_relative 'formatters/yaml'
 require_relative 'outputs/stdout'
 require_relative 'outputs/file'
+require_relative 'helper/helper'
 
 module DependencySpy
   class CLI < Thor
@@ -46,14 +47,18 @@ class CLI < Thor
     method_option('output-path', :aliases => :o, :type => :string)
     method_option('database-path', :type => :string, :aliases => :p, :default => YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH)
     method_option('offline', :type => :boolean, :default => false)
-
+    method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES, :default => 'low')
+    method_option('with-color', :type => :boolean, :default => true)
     def check
       manifests = API.check(options['path'], options['files'], options['platform'], options['database-path'], options['offline'])
 
-      formatted_output =
-        FORMATTERS
-          .find { |f| f.name.split('::').last.downcase == options['formatter'] }
-          .format(manifests)
+      formatted_output = if (options['formatter'] == 'text') && !options['output-path'] && options['with-color']
+                           DependencySpy::Formatters::Text.format(manifests, options['severity-threshold'])
+                         else
+                           FORMATTERS
+                             .find { |f| f.name.split('::').last.downcase == options['formatter'] }
+                             .format(manifests)
+                         end
 
       if options['output-path']
         DependencySpy::Outputs::FileSystem.write(options['output-path'], formatted_output)
@@ -62,7 +67,13 @@ def check
       end
 
       has_vulnerabilities =
-        manifests.any? { |manifest| manifest[:dependencies]&.any? { |dependency| dependency[:vulnerabilities]&.any? } }
+        manifests.any? do |manifest|
+          manifest[:dependencies]&.any? do |dependency|
+            dependency[:vulnerabilities]&.any? do |vuln|
+              DependencySpy::Helper.severity_above_threshold?(vuln.severity, options['severity-threshold'])
+            end
+          end
+        end
 
       exit(1) if has_vulnerabilities
     end

diff --git a/lib/dependency_spy/formatters/text.rb b/lib/dependency_spy/formatters/text.rb
@@ -13,12 +13,14 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+require 'colorize'
+require_relative '../helper/helper'
 
 module DependencySpy
   class Formatters
     class Text
 
-      def self.format(manifests)
+      def self.format(manifests, severity_threshold = nil)
         manifests_text = manifests.map do |manifest|
           manifest_header = "#{manifest.platform}: #{manifest.kind} ~> #{manifest.path} "
           manifest_body = manifest.dependencies.map do |package|
@@ -29,8 +31,11 @@ def self.format(manifests)
               first = "        Title: #{vuln.title}\n"
               second = "        Severity: #{(vuln.severity || 'unknown').capitalize}\n"
               third = "        Source: #{vuln.source_url}\n\n"
-
-              "#{first}#{second}#{third}"
+              if severity_threshold && DependencySpy::Helper.severity_above_threshold?(vuln.severity, severity_threshold)
+                "#{first}#{second}#{third}".red
+              else
+                "#{first}#{second}#{third}"
+              end
             end
 
             "#{package_header}\n#{package_body.join("\n")}"

diff --git a/lib/dependency_spy/helper/helper.rb b/lib/dependency_spy/helper/helper.rb
@@ -0,0 +1,13 @@
+module DependencySpy
+  class Helper
+
+    def self.severity_above_threshold?(severity = 'unknown', severity_threshold)
+      return true if severity_threshold == 'low' || severity == 'unknown'
+      return ['medium', 'high'].include? severity if severity_threshold == 'medium'
+      return severity == 'high' if severity_threshold == 'high'
+
+      false
+    end
+
+  end
+end