[chore] init hsec-cabal project

- move to more declarative flake setup to avoid complexity
- init the hsec-cabal cabal project
- move the cabal.project file to `code`

.gitignore

@@ -1,5 +1,6 @@
 *~
 dist-newstyle/
-result
+result*
 .direnv
 .env
+.pre-commit-config.yaml

code/.envrc

@@ -0,0 +1 @@
+use flake .. -Lv 

code/cabal.project

@@ -0,0 +1,6 @@
+packages:
+    ./hsec-core
+    ./hsec-tools
+    ./hsec-cabal
+    ./cvss
+    ./osv

code/cvss/cvss.cabal

@@ -10,7 +10,8 @@ author:          Tristan de Cacqueray
 maintainer:      tdecacqu@redhat.com
 category:        Data
 extra-doc-files: CHANGELOG.md
-tested-with:     GHC ==8.10.7 || ==9.0.2 || ==9.2.8 || ==9.4.8 || ==9.6.3 || ==9.8.1
+tested-with:
+  GHC ==8.10.7 || ==9.0.2 || ==9.2.8 || ==9.4.8 || ==9.6.3 || ==9.8.1
 
 library
   exposed-modules:  Security.CVSS

code/hsec-cabal/app/Main.hs

@@ -0,0 +1,6 @@
+module Main (main) where
+
+import Distribution.Audit (auditMain)
+
+main :: IO ()
+main = auditMain

code/hsec-cabal/fourmolu.yaml

@@ -0,0 +1,12 @@
+indentation: 2
+function-arrows: leading
+comma-style: leading
+import-export-style: leading
+indent-wheres: false
+record-brace-space: true
+newlines-between-decls: 1
+haddock-style: single-line
+let-style: inline
+in-style: right-align
+respectful: false
+single-constraint-parens: never

code/hsec-cabal/hsec-cabal.cabal

@@ -0,0 +1,73 @@
+cabal-version:      2.4
+name:               hsec-cabal
+version:            0.1.0.0
+
+-- A short (one-line) description of the package.
+synopsis:           Checking a cabal project for security advisories
+
+-- A longer description of the package.
+description:
+  Tools for querying the haskell security advisories database against cabal projects.
+
+-- A URL where users can report bugs.
+-- bug-reports:
+
+-- The license under which the package is released.
+license:            BSD-3-Clause
+author:             @MangoIV
+maintainer:         contact@mangoiv.com
+
+-- A copyright notice.
+-- copyright:
+category:           Data
+extra-doc-files:    CHANGELOG.md
+extra-source-files:
+tested-with:
+  GHC ==8.10.7 || ==9.0.2 || ==9.2.8 || ==9.4.8 || ==9.6.3 || ==9.8.1
+
+common common-all
+  ghc-options:
+    -Wall -Wcompat -Widentities -Wincomplete-record-updates
+    -Wincomplete-uni-patterns -Wpartial-fields -Wredundant-constraints
+
+  default-extensions:
+    BlockArguments
+    DeriveGeneric
+    DerivingStrategies
+
+library
+  import:           common-all
+  exposed-modules:
+    Distribution.Audit
+    Distribution.Audit.Option
+    Security.Advisories.Cabal
+
+  build-depends:
+    , base                  <5
+    , cabal-install
+    , Cabal-syntax
+    , hsec-core
+    , optparse-applicative
+
+  hs-source-dirs:   src
+  default-language: Haskell2010
+
+executable cabal-audit
+  import:           common-all
+  hs-source-dirs:   app
+  main-is:          Main.hs
+  other-modules:
+  build-depends:
+    , base        <5
+    , hsec-cabal
+
+  default-language: Haskell2010
+
+test-suite spec
+  import:           common-all
+  type:             exitcode-stdio-1.0
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  other-modules:
+  build-depends:    base <5
+  default-language: Haskell2010

code/hsec-cabal/src/Distribution/Audit.hs

@@ -0,0 +1,5 @@
+module Distribution.Audit (auditMain) where
+
+auditMain :: IO ()
+auditMain = do
+  putStrLn "unimplemented"

code/hsec-cabal/src/Distribution/Audit/Option.hs

@@ -0,0 +1,18 @@
+-- TODO(mangoiv): implement a proper parser as well as proper options to
+-- - use constraints from a cabal file
+-- - use a cabal.freeze file
+-- - solve and then use cabal.freeze obtained
+module Distribution.Audit.Option
+  ( CabalAuditOptions (..)
+  , cabalAuditParser
+  )
+where
+
+import GHC.Generics (Generic)
+import Options.Applicative (Parser)
+
+data CabalAuditOptions = MkCabalAuditOptions {}
+  deriving stock (Eq, Ord, Show, Generic)
+
+cabalAuditParser :: Parser CabalAuditOptions
+cabalAuditParser = pure MkCabalAuditOptions

code/hsec-cabal/src/Security/Advisories/Cabal.hs

@@ -0,0 +1 @@
+module Security.Advisories.Cabal where

code/hsec-cabal/test/Main.hs

@@ -0,0 +1,4 @@
+module Main where
+
+main :: IO ()
+main = pure ()

code/hsec-cabal/test/assets/test-a/src/MyLib.hs

@@ -0,0 +1,4 @@
+module MyLib (someFunc) where
+
+someFunc :: IO ()
+someFunc = putStrLn "someFunc"

code/hsec-cabal/test/assets/test-a/test-a.cabal

@@ -0,0 +1,25 @@
+cabal-version:   3.0
+name:            test-a
+version:         0.1.0.0
+license:         MIT
+license-file:    LICENSE
+author:          mangoiv
+maintainer:      mail@mangoiv.com
+category:        Codec
+build-type:      Simple
+extra-doc-files: CHANGELOG.md
+
+common warnings
+  ghc-options: -Wall
+
+library
+  import:           warnings
+  exposed-modules:  MyLib
+
+  -- hakyll depends on pandoc which has a security report
+  build-depends:
+    , base
+    , hakyll
+
+  hs-source-dirs:   src
+  default-language: Haskell2010

code/hsec-core/hsec-core.cabal

@@ -1,26 +1,25 @@
-cabal-version:      2.4
-name:               hsec-core
-version:            0.1.0.0
+cabal-version:   2.4
+name:            hsec-core
+version:         0.1.0.0
 
 -- A short (one-line) description of the package.
-synopsis:           Core package representing Haskell advisories
+synopsis:        Core package representing Haskell advisories
 
 -- A longer description of the package.
-description:        Core package representing Haskell advisories.
+description:     Core package representing Haskell advisories.
 
 -- A URL where users can report bugs.
 -- bug-reports:
 
 -- The license under which the package is released.
-license:            BSD-3-Clause
-author:             David Christiansen
-maintainer:         david@davidchristiansen.dk
+license:         BSD-3-Clause
+author:          David Christiansen
+maintainer:      david@davidchristiansen.dk
 
 -- A copyright notice.
 -- copyright:
-category:           Data
-extra-doc-files:    CHANGELOG.md
-
+category:        Data
+extra-doc-files: CHANGELOG.md
 tested-with:
   GHC ==8.10.7 || ==9.0.2 || ==9.2.8 || ==9.4.8 || ==9.6.3 || ==9.8.1
 

code/osv/osv.cabal

@@ -1,41 +1,36 @@
-cabal-version:      2.4
-name:               osv
-version:            0.1.0.0
+cabal-version:   2.4
+name:            osv
+version:         0.1.0.0
 
 -- A short (one-line) description of the package.
-synopsis:
-  Open Source Vulnerability format
+synopsis:        Open Source Vulnerability format
 
 -- A longer description of the package.
-description:
-  Open Source Vulnerability format.
+description:     Open Source Vulnerability format.
 
 -- A URL where users can report bugs.
 -- bug-reports:
 
 -- The license under which the package is released.
-license:            BSD-3-Clause
-author:             David Christiansen
-maintainer:         david@davidchristiansen.dk
+license:         BSD-3-Clause
+author:          David Christiansen
+maintainer:      david@davidchristiansen.dk
 
 -- A copyright notice.
 -- copyright:
-category:           Data
-extra-doc-files:    CHANGELOG.md
-
+category:        Data
+extra-doc-files: CHANGELOG.md
 tested-with:
   GHC ==8.10.7 || ==9.0.2 || ==9.2.8 || ==9.4.8 || ==9.6.3 || ==9.8.1
 
 library
-  exposed-modules:
-    Security.OSV
-
+  exposed-modules:  Security.OSV
   build-depends:
-    , aeson                 >=2.0.1.0  && <3
-    , base                  >=4.14     && <4.20
+    , aeson  >=2.0.1.0 && <3
+    , base   >=4.14    && <4.20
     , cvss
-    , text                  >=1.2      && <3
-    , time                  >=1.9      && <1.14
+    , text   >=1.2     && <3
+    , time   >=1.9     && <1.14
 
   hs-source-dirs:   src
   default-language: Haskell2010
@@ -48,10 +43,10 @@ test-suite spec
   hs-source-dirs:   test
   main-is:          Spec.hs
   build-depends:
-    , base           <5
+    , base         <5
     , osv
-    , tasty          <1.5
-    , tasty-hunit    <0.11
+    , tasty        <1.5
+    , tasty-hunit  <0.11
 
   default-language: Haskell2010
   ghc-options: