def check(key, db, full_report, stdin, files, cache): if files and stdin: click.secho( "Can't read from --stdin and --file at the same time, exiting", fg="red") sys.exit(-1) if files: packages = itertools.chain.from_iterable( read_requirements(f, resolve=True) for f in files) elif stdin: packages = read_requirements(sys.stdin) else: packages = pip.get_installed_distributions() try: vulns = safety.check(packages=packages, key=key, db_mirror=db, cached=cache) click.secho(report(vulns=vulns, full=full_report)) sys.exit(-1 if vulns else 0) except InvalidKeyError: click.secho("Your API Key is invalid", fg="red") sys.exit(-1) except DatabaseFileNotFoundError: click.secho( "Unable to load vulnerability database from {db}".format(db=db), fg="red") sys.exit(-1) except DatabaseFetchError: click.secho("Unable to load vulnerability database", fg="red") sys.exit(-1)
def check(key, db, json, full_report, bare, stdin, files, pipfile, cache, ignore, output, proxyprotocol, proxyhost, proxyport): if (files or pipfile) and stdin: click.secho("Can't read from --stdin and --file at the same time, exiting", fg="red", file=sys.stderr) sys.exit(-1) if files: packages = list(itertools.chain.from_iterable(read_requirements(f, resolve=True) for f in files)) elif pipfile: packages = list(read_pipfile(pipfile)) elif stdin: packages = list(read_requirements(sys.stdin)) else: import pkg_resources packages = [ d for d in pkg_resources.working_set if d.key not in {"python", "wsgiref", "argparse"} ] proxy_dictionary = {} if proxyhost is not None: if proxyprotocol in ["http", "https"]: proxy_dictionary = {proxyprotocol: "{0}://{1}:{2}".format(proxyprotocol, proxyhost, str(proxyport))} else: click.secho("Proxy Protocol should be http or https only.", fg="red") sys.exit(-1) try: vulns = safety.check(packages=packages, key=key, db_mirror=db, cached=cache, ignore_ids=ignore, proxy=proxy_dictionary) output_report = report(vulns=vulns, full=full_report, json_report=json, bare_report=bare, checked_packages=len(packages), db=db, key=key) if output: with open(output, 'w+') as output_file: output_file.write(output_report) else: click.secho(output_report, nl=False if bare and not vulns else True) sys.exit(-1 if vulns else 0) except InvalidKeyError: click.secho("Your API Key '{key}' is invalid. See {link}".format( key=key, link='https://goo.gl/O7Y1rS'), fg="red", file=sys.stderr) sys.exit(-1) except DatabaseFileNotFoundError: click.secho("Unable to load vulnerability database from {db}".format(db=db), fg="red", file=sys.stderr) sys.exit(-1) except DatabaseFetchError: click.secho("Unable to load vulnerability database", fg="red", file=sys.stderr) sys.exit(-1)
def safety(): # noqa: WPS430 packages = list(read_requirements(StringIO(requirements))) vulns = safety_check(packages=packages, ignore_ids="", key="", db_mirror="", cached=False, proxy={}) output_report = report(vulns=vulns, full=True, checked_packages=len(packages)) if vulns: print(output_report)
def review(full_report, bare, file): if full_report and bare: click.secho("Can't choose both --bare and --full-report/--short-report", fg="red") sys.exit(-1) try: input_vulns = read_vulnerabilities(file) except JSONDecodeError: click.secho("Not a valid JSON file", fg="red") sys.exit(-1) vulns = safety.review(input_vulns) output_report = report(vulns=vulns, full=full_report, bare_report=bare) click.secho(output_report, nl=False if bare and not vulns else True)
def check_vulns(): packages = list(read_requirements(StringIO(requirements))) vulns = safety.check(packages=packages, ignore_ids="41002", key="", db_mirror="", cached=False, proxy={}) output_report = report(vulns=vulns, full=True, checked_packages=len(packages)) print(vulns) if vulns: print(output_report)
def check(key, db, json, full_report, bare, stdin, files, cache, ignore): if files and stdin: click.secho( "Can't read from --stdin and --file at the same time, exiting", fg="red") sys.exit(-1) if files: packages = list( itertools.chain.from_iterable( read_requirements(f, resolve=True) for f in files)) elif stdin: packages = list(read_requirements(sys.stdin)) else: packages = get_installed_distributions() try: vulns = safety.check(packages=packages, key=key, db_mirror=db, cached=cache, ignore_ids=ignore) click.secho( report(vulns=vulns, full=full_report, json_report=json, bare_report=bare, checked_packages=len(packages), db=db, key=key)) sys.exit(-1 if vulns else 0) except InvalidKeyError: click.secho("Your API Key '{key}' is invalid. See {link}".format( key=key, link='https://goo.gl/O7Y1rS'), fg="red") sys.exit(-1) except DatabaseFileNotFoundError: click.secho( "Unable to load vulnerability database from {db}".format(db=db), fg="red") sys.exit(-1) except DatabaseFetchError: click.secho("Unable to load vulnerability database", fg="red") sys.exit(-1)
def check(full_report, stdin, files): if files and stdin: click.secho( "Can't read from --stdin and --file at the same time, exiting", fg="red") sys.exit(-1) if files: packages = itertools.chain.from_iterable( read_requirements(f, resolve=True) for f in files) elif stdin: packages = read_requirements(sys.stdin) else: packages = pip.get_installed_distributions() vulns = safety.check(packages=packages) click.secho(report(vulns=vulns, full=full_report)) sys.exit(-1 if vulns else 0)
def check(key, db, json, full_report, bare, stdin, files, cache, ignore): if files and stdin: click.secho("Can't read from --stdin and --file at the same time, exiting", fg="red") sys.exit(-1) if files: packages = list(itertools.chain.from_iterable(read_requirements(f, resolve=True) for f in files)) elif stdin: packages = list(read_requirements(sys.stdin)) else: packages = get_installed_distributions() try: vulns = safety.check(packages=packages, key=key, db_mirror=db, cached=cache, ignore_ids=ignore) click.secho(report( vulns=vulns, full=full_report, json_report=json, bare_report=bare, checked_packages=len(packages), db=db, key=key ) ) sys.exit(-1 if vulns else 0) except InvalidKeyError: click.secho("Your API Key '{key}' is invalid. See {link}".format( key=key, link='https://goo.gl/O7Y1rS'), fg="red") sys.exit(-1) except DatabaseFileNotFoundError: click.secho("Unable to load vulnerability database from {db}".format(db=db), fg="red") sys.exit(-1) except DatabaseFetchError: click.secho("Unable to load vulnerability database", fg="red") sys.exit(-1)
def test_report_xml(self): vulns = [ safety.Vulnerability( name='libfoo', spec='<2.0.0', version='1.9.3', advisory='libfoo prior to version 2.0.0 had a vulnerability' + ' blah' * 15 + '.\r\n\r\n' + 'All users are urged to upgrade please.\r\n', vuln_id=1234, ), ] xml_report = formatter.report(vulns, full=False, xml_report=True, checked_packages=2) schema_root = etree.parse("tests/junit.xsd") schema = etree.XMLSchema(schema_root) parser = etree.XMLParser(schema=schema) root = etree.fromstring(xml_report, parser) assert root.attrib["tests"] == str(2) assert root.attrib["failures"] == str(1) assert len(root) == 1
def test_report_json(self): test_arr = [['libfoo'], ['libbar']] json_report = formatter.report(test_arr, full=False, json_report=True) assert json.loads(json_report) == test_arr
def check(full_report): vulns = safety.check() click.secho(report(vulns=vulns, full=full_report)) sys.exit(-1 if vulns else 0)