def check(key, db, full_report, stdin, files, cache):
if files and stdin:
click.secho(
"Can't read from --stdin and --file at the same time, exiting",
fg="red")
sys.exit(-1)
if files:
packages = itertools.chain.from_iterable(
read_requirements(f, resolve=True) for f in files)
elif stdin:
packages = read_requirements(sys.stdin)
else:
packages = pip.get_installed_distributions()
try:
vulns = safety.check(packages=packages,
key=key,
db_mirror=db,
cached=cache)
click.secho(report(vulns=vulns, full=full_report))
sys.exit(-1 if vulns else 0)
except InvalidKeyError:
click.secho("Your API Key is invalid", fg="red")
sys.exit(-1)
except DatabaseFileNotFoundError:
click.secho(
"Unable to load vulnerability database from {db}".format(db=db),
fg="red")
sys.exit(-1)
except DatabaseFetchError:
click.secho("Unable to load vulnerability database", fg="red")
sys.exit(-1)
def check(key, db, json, full_report, bare, stdin, files, pipfile, cache, ignore, output, proxyprotocol, proxyhost, proxyport):
if (files or pipfile) and stdin:
click.secho("Can't read from --stdin and --file at the same time, exiting", fg="red", file=sys.stderr)
sys.exit(-1)
if files:
packages = list(itertools.chain.from_iterable(read_requirements(f, resolve=True) for f in files))
elif pipfile:
packages = list(read_pipfile(pipfile))
elif stdin:
packages = list(read_requirements(sys.stdin))
else:
import pkg_resources
packages = [
d for d in pkg_resources.working_set
if d.key not in {"python", "wsgiref", "argparse"}
]
proxy_dictionary = {}
if proxyhost is not None:
if proxyprotocol in ["http", "https"]:
proxy_dictionary = {proxyprotocol: "{0}://{1}:{2}".format(proxyprotocol, proxyhost, str(proxyport))}
else:
click.secho("Proxy Protocol should be http or https only.", fg="red")
sys.exit(-1)
try:
vulns = safety.check(packages=packages, key=key, db_mirror=db, cached=cache, ignore_ids=ignore, proxy=proxy_dictionary)
output_report = report(vulns=vulns,
full=full_report,
json_report=json,
bare_report=bare,
checked_packages=len(packages),
db=db,
key=key)
if output:
with open(output, 'w+') as output_file:
output_file.write(output_report)
else:
click.secho(output_report, nl=False if bare and not vulns else True)
sys.exit(-1 if vulns else 0)
except InvalidKeyError:
click.secho("Your API Key '{key}' is invalid. See {link}".format(
key=key, link='https://goo.gl/O7Y1rS'),
fg="red",
file=sys.stderr)
sys.exit(-1)
except DatabaseFileNotFoundError:
click.secho("Unable to load vulnerability database from {db}".format(db=db), fg="red", file=sys.stderr)
sys.exit(-1)
except DatabaseFetchError:
click.secho("Unable to load vulnerability database", fg="red", file=sys.stderr)
sys.exit(-1)
def safety(): # noqa: WPS430
packages = list(read_requirements(StringIO(requirements)))
vulns = safety_check(packages=packages,
ignore_ids="",
key="",
db_mirror="",
cached=False,
proxy={})
output_report = report(vulns=vulns,
full=True,
checked_packages=len(packages))
if vulns:
print(output_report)
def review(full_report, bare, file):
if full_report and bare:
click.secho("Can't choose both --bare and --full-report/--short-report", fg="red")
sys.exit(-1)
try:
input_vulns = read_vulnerabilities(file)
except JSONDecodeError:
click.secho("Not a valid JSON file", fg="red")
sys.exit(-1)
vulns = safety.review(input_vulns)
output_report = report(vulns=vulns, full=full_report, bare_report=bare)
click.secho(output_report, nl=False if bare and not vulns else True)
def check_vulns():
packages = list(read_requirements(StringIO(requirements)))
vulns = safety.check(packages=packages,
ignore_ids="41002",
key="",
db_mirror="",
cached=False,
proxy={})
output_report = report(vulns=vulns,
full=True,
checked_packages=len(packages))
print(vulns)
if vulns:
print(output_report)
def check(key, db, json, full_report, bare, stdin, files, cache, ignore):
if files and stdin:
click.secho(
"Can't read from --stdin and --file at the same time, exiting",
fg="red")
sys.exit(-1)
if files:
packages = list(
itertools.chain.from_iterable(
read_requirements(f, resolve=True) for f in files))
elif stdin:
packages = list(read_requirements(sys.stdin))
else:
packages = get_installed_distributions()
try:
vulns = safety.check(packages=packages,
key=key,
db_mirror=db,
cached=cache,
ignore_ids=ignore)
click.secho(
report(vulns=vulns,
full=full_report,
json_report=json,
bare_report=bare,
checked_packages=len(packages),
db=db,
key=key))
sys.exit(-1 if vulns else 0)
except InvalidKeyError:
click.secho("Your API Key '{key}' is invalid. See {link}".format(
key=key, link='https://goo.gl/O7Y1rS'),
fg="red")
sys.exit(-1)
except DatabaseFileNotFoundError:
click.secho(
"Unable to load vulnerability database from {db}".format(db=db),
fg="red")
sys.exit(-1)
except DatabaseFetchError:
click.secho("Unable to load vulnerability database", fg="red")
sys.exit(-1)
def check(full_report, stdin, files):
if files and stdin:
click.secho(
"Can't read from --stdin and --file at the same time, exiting",
fg="red")
sys.exit(-1)
if files:
packages = itertools.chain.from_iterable(
read_requirements(f, resolve=True) for f in files)
elif stdin:
packages = read_requirements(sys.stdin)
else:
packages = pip.get_installed_distributions()
vulns = safety.check(packages=packages)
click.secho(report(vulns=vulns, full=full_report))
sys.exit(-1 if vulns else 0)
def check(key, db, json, full_report, bare, stdin, files, cache, ignore):
if files and stdin:
click.secho("Can't read from --stdin and --file at the same time, exiting", fg="red")
sys.exit(-1)
if files:
packages = list(itertools.chain.from_iterable(read_requirements(f, resolve=True) for f in files))
elif stdin:
packages = list(read_requirements(sys.stdin))
else:
packages = get_installed_distributions()
try:
vulns = safety.check(packages=packages, key=key, db_mirror=db, cached=cache, ignore_ids=ignore)
click.secho(report(
vulns=vulns,
full=full_report,
json_report=json,
bare_report=bare,
checked_packages=len(packages),
db=db,
key=key
)
)
sys.exit(-1 if vulns else 0)
except InvalidKeyError:
click.secho("Your API Key '{key}' is invalid. See {link}".format(
key=key, link='https://goo.gl/O7Y1rS'),
fg="red")
sys.exit(-1)
except DatabaseFileNotFoundError:
click.secho("Unable to load vulnerability database from {db}".format(db=db), fg="red")
sys.exit(-1)
except DatabaseFetchError:
click.secho("Unable to load vulnerability database", fg="red")
sys.exit(-1)
def test_report_xml(self):
vulns = [
safety.Vulnerability(
name='libfoo',
spec='<2.0.0',
version='1.9.3',
advisory='libfoo prior to version 2.0.0 had a vulnerability' +
' blah' * 15 + '.\r\n\r\n' +
'All users are urged to upgrade please.\r\n',
vuln_id=1234,
),
]
xml_report = formatter.report(vulns,
full=False,
xml_report=True,
checked_packages=2)
schema_root = etree.parse("tests/junit.xsd")
schema = etree.XMLSchema(schema_root)
parser = etree.XMLParser(schema=schema)
root = etree.fromstring(xml_report, parser)
assert root.attrib["tests"] == str(2)
assert root.attrib["failures"] == str(1)
assert len(root) == 1
def test_report_json(self):
test_arr = [['libfoo'], ['libbar']]
json_report = formatter.report(test_arr, full=False, json_report=True)
assert json.loads(json_report) == test_arr
def check(full_report):
vulns = safety.check()
click.secho(report(vulns=vulns, full=full_report))
sys.exit(-1 if vulns else 0)
