Merge branch 'master' of https://github.com/sundus-y/dependency_spy i…

…nto sundus-y-master

lib/dependency_spy.rb

@@ -28,7 +28,14 @@
 module DependencySpy
   class API
 
-    def self.check(path = Dir.pwd, files = nil, platform = nil, database_path = YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH, offline = false)
+    def self.check(options)
+      path = options[:path] || Dir.pwd
+      files = options[:files]
+      platform = options[:platform]
+      database_path = options[:database_path] || YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH
+      offline = options[:offline] || false
+      ignore = options[:ignore] || []
+
       if !File.exist?(database_path) && offline
         puts 'No local database found. Cannot obtain database since offline mode is enabled.'
         exit(10)
@@ -64,8 +71,9 @@ def self.check(path = Dir.pwd, files = nil, platform = nil, database_path = YAVD
             vulnerable = vuln.vulnerable_versions ? vuln.vulnerable_versions.any? { |vv| DependencySpy::SemVer.intersects(vv, version) } : false
             unaffected = vuln.unaffected_versions ? vuln.unaffected_versions.any? { |vu| DependencySpy::SemVer.intersects(vu, version) } : false
             patched    = vuln.patched_versions ? vuln.patched_versions.any? { |vp| DependencySpy::SemVer.intersects(vp, version) } : false
+            ignored    = ignore.include?(vuln.id)
 
-            if unaffected || patched
+            if unaffected || patched || ignored
               false
             else
               vulnerable

lib/dependency_spy/cli.rb

@@ -49,8 +49,9 @@ class CLI < Thor
     method_option('offline', :type => :boolean, :default => false)
     method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES, :default => 'low')
     method_option('with-color', :type => :boolean, :default => true)
+    method_option('ignore', :aliases => :i, :type => :array, :default => [])
     def check
-      manifests = API.check(options['path'], options['files'], options['platform'], options['database-path'], options['offline'])
+      manifests = API.check(options)
 
       formatted_output = if (options['formatter'] == 'text') && !options['output-path'] && options['with-color']
                            DependencySpy::Formatters::Text.format(manifests, options['severity-threshold'])

spec/dependency_spy_spec.rb

@@ -18,7 +18,7 @@
 
 RSpec.describe DependencySpy::API do
   describe 'check' do
-    detected_manifests = DependencySpy::API.check('examples')
+    detected_manifests = DependencySpy::API.check(:path => 'examples')
 
     it 'can read all manifests inside examples' do
       expect(detected_manifests).to have(5).items
@@ -49,5 +49,20 @@
       vulnerabilities = dependencies.map(&:vulnerabilities).flatten
       expect(vulnerabilities).to have(3).items
     end
+
+    it 'can ignore vulnerabilities by id' do
+      manifests       = detected_manifests.select { |m| m.platform == 'rubygems' }
+      dependencies    = manifests.map(&:dependencies).flatten
+      vulnerabilities = dependencies.map(&:vulnerabilities).flatten
+      select_count = vulnerabilities.select { |v| v.id == 'snykio:rubygems:rubocop:CVE-2017-8418' }.count
+      expect(select_count).to be(1)
+
+      filtered_detected_manifests = DependencySpy::API.check(:path => 'examples', :ignore => ['snykio:rubygems:rubocop:CVE-2017-8418'])
+      manifests       = filtered_detected_manifests.select { |m| m.platform == 'rubygems' }
+      dependencies    = manifests.map(&:dependencies).flatten
+      vulnerabilities = dependencies.map(&:vulnerabilities).flatten
+      select_count = vulnerabilities.select { |v| v.id == 'snykio:rubygems:rubocop:CVE-2017-8418' }.count
+      expect(select_count).to be(0)
+    end
   end
 end