This repository has been archived by the owner on Jan 12, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 117
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
116 changed files
with
714 additions
and
246 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
# app | ||
from .controllers import * # noQA | ||
from .converters import * # noQA | ||
from .models import * # noQA | ||
from .__version__ import * # noQA | ||
from .controllers import * # noQA | ||
from .converters import * # noQA | ||
from .models import * # noQA |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,7 @@ | ||
# built-in | ||
from collections import defaultdict | ||
|
||
# external | ||
from jinja2 import Environment, PackageLoader | ||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,7 @@ | ||
# built-in | ||
from logging import getLogger | ||
|
||
# app | ||
from ..config import Config | ||
from ..converters import CONVERTERS | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# built-in | ||
from typing import List | ||
|
||
# app | ||
from ..controllers import Resolver | ||
from ..converters import PIPConverter | ||
from ..models import Dependency | ||
|
||
|
||
def get_packages(req: str) -> List[Dependency]: | ||
root = PIPConverter(lock=False).loads(req) | ||
return root.dependencies | ||
|
||
|
||
def get_package(req: str) -> Dependency: | ||
return get_packages(req=req)[0] | ||
|
||
|
||
def get_resolver(req: str) -> Resolver: | ||
return PIPConverter(lock=False).loads_resolver(req) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,3 @@ | ||
|
||
NUMBERS = [ | ||
(1000, 'M'), | ||
(900, 'CM'), | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
# built-in | ||
from argparse import REMAINDER, ArgumentParser | ||
|
||
# app | ||
from ..actions import get_packages, get_python_env, make_json | ||
from ..config import builders | ||
from ..controllers import Safety, Snyk | ||
from ..converters import CONVERTERS, InstalledConverter | ||
from .base import BaseCommand | ||
|
||
|
||
class DepsAuditCommand(BaseCommand): | ||
"""Show known vulnerabilities for project dependencies. | ||
https://dephell.readthedocs.io/en/latest/cmd-deps-audit.html | ||
""" | ||
@classmethod | ||
def get_parser(cls) -> ArgumentParser: | ||
parser = ArgumentParser( | ||
prog='dephell deps audit', | ||
description=cls.__doc__, | ||
) | ||
builders.build_config(parser) | ||
builders.build_to(parser) | ||
builders.build_output(parser) | ||
builders.build_api(parser) | ||
builders.build_other(parser) | ||
parser.add_argument('name', nargs=REMAINDER, help='package name and version') | ||
return parser | ||
|
||
def __call__(self) -> bool: | ||
packages = None | ||
|
||
# get packages from CLI | ||
if self.args.name: | ||
packages = get_packages(req=' '.join(self.args.name)) | ||
for dep in packages: | ||
if not str(dep.constraint).startswith('=='): | ||
self.logger.error('please, specify version for package', extra=dict( | ||
package=dep.name, | ||
constraint=str(dep.constraint), | ||
)) | ||
return False | ||
|
||
# get packages from lockfile | ||
if packages is None: | ||
loader_config = self.config.get('to') or self.config.get('from') | ||
if loader_config is not None: | ||
loader = CONVERTERS[loader_config['format']] | ||
if loader.lock: | ||
self.logger.info('get dependencies from lockfile', extra=dict( | ||
format=loader_config['format'], | ||
path=loader_config['path'], | ||
)) | ||
root = loader.load(path=loader_config['path']) | ||
packages = root.dependencies | ||
|
||
# get installed packages | ||
if packages is None: | ||
# get executable | ||
python = get_python_env(config=self.config) | ||
self.logger.debug('choosen python', extra=dict(path=str(python.path))) | ||
root = InstalledConverter().load(paths=python.lib_paths) | ||
packages = root.dependencies | ||
|
||
safety = Safety() | ||
snyk = Snyk() | ||
|
||
data = [] | ||
for dep in packages: | ||
versions = str(dep.constraint).replace('=', '').split(' || ') | ||
for version in versions: | ||
vulns = safety.get(name=dep.name, version=version) | ||
vulns += snyk.get(name=dep.name, version=version) | ||
if not vulns: | ||
continue | ||
releases = dep.repo.get_releases(dep) | ||
for vuln in vulns: | ||
data.append(dict( | ||
# local info | ||
name=dep.name, | ||
current=version, | ||
# pypi info | ||
latest=str(releases[0].version), | ||
updated=str(releases[0].time.date()), | ||
# vuln info | ||
description=vuln.description, | ||
links=vuln.links, | ||
vulnerable=str(vuln.specifier), | ||
)) | ||
|
||
if data: | ||
print(make_json(data=data, key=self.config.get('filter'))) | ||
return False | ||
|
||
self.logger.info('dependencies has no known vulnerabilities (yet)') | ||
return True |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.