0.3.1

README.md

@@ -39,15 +39,19 @@ Optional settings that can be added to your project's gleam.toml
 
 ```toml
 [go-over]
-# disables caching (default: true)
+# disables caching if false (default: true)
 cache = true
 
 [go-over.ignore]
-# list of package names to skip when checking for advisories & warnings (default: [])
+# list of package names to skip when checking for advisories & warnings
+# default: []
 packages = ["example_package"]
-# list of warning severities to skip when checking for advisories & warnings (case insensitive) (default: [])
+# list of warning severities to skip when checking for advisories & warnings
+# default: []
+# (case insensitive)
 severity = ["example_moderate"]
-# list of advisory IDs to skip when checking for advisories & warnings (default: [])
+# list of advisory IDs to skip when checking for advisories & warnings
+# default: []
 ids = ["GHSA-xxxx-yyyy-zzzz"]
 ```
 

gleam.toml

@@ -1,15 +1,16 @@
 name = "go_over"
-version = "0.3.0"
+version = "0.3.1"
 licences = ["MIT"]
 repository = { type = "github", user = "bwireman", repo = "go-over" }
 description = "A tool to audit Erlang & Elixir dependency advisories as well as retired hex packages, to make sure your gleam projects really sparkle! ✨"
 gleam = ">= 0.34.1"
+links = [{ title = "AdvisoriesSource", href = "https://github.com/mirego/elixir-security-advisories" }]
 
 internal_modules = [
   "go_over/*",
 ]
 
-# links = [{ title = "Website", href = "https://gleam.run" }]
+extra_applications = ["yamerl"]
 
 [dependencies]
 gleam_stdlib = ">= 0.34.0 and < 2.0.0"
@@ -18,7 +19,6 @@ simplifile = ">= 1.7.0 and < 2.0.0"
 filepath = ">= 1.0.0 and < 2.0.0"
 tom = ">= 1.0.0 and < 2.0.0"
 yamerl = ">= 0.10.0 and < 1.0.0"
-gleam_erlang = ">= 0.25.0 and < 1.0.0"
 gleam_hexpm = ">= 1.0.0 and < 2.0.0"
 gleam_hackney = ">= 1.2.0 and < 2.0.0"
 gleam_http = ">= 3.6.0 and < 4.0.0"
@@ -35,4 +35,4 @@ cache = true
 [go-over.ignore]
 packages = []
 severity = []
-ids = []
+ids = []

manifest.toml

@@ -5,7 +5,6 @@ packages = [
   { name = "birl", version = "1.7.0", build_tools = ["gleam"], requirements = ["gleam_stdlib", "ranger"], otp_app = "birl", source = "hex", outer_checksum = "B1FA529E7BE3FF12CADF32814AB8EC7294E74CEDEE8CC734505707B929A98985" },
   { name = "certifi", version = "2.12.0", build_tools = ["rebar3"], requirements = [], otp_app = "certifi", source = "hex", outer_checksum = "EE68D85DF22E554040CDB4BE100F33873AC6051387BAF6A8F6CE82272340FF1C" },
   { name = "filepath", version = "1.0.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "filepath", source = "hex", outer_checksum = "EFB6FF65C98B2A16378ABC3EE2B14124168C0CE5201553DE652E2644DCFDB594" },
-  { name = "gleam_erlang", version = "0.25.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "gleam_erlang", source = "hex", outer_checksum = "054D571A7092D2A9727B3E5D183B7507DAB0DA41556EC9133606F09C15497373" },
   { name = "gleam_hackney", version = "1.2.0", build_tools = ["gleam"], requirements = ["gleam_http", "gleam_stdlib", "hackney"], otp_app = "gleam_hackney", source = "hex", outer_checksum = "066B1A55D37DBD61CC72A1C4EDE43C6015B1797FAF3818C16FE476534C7B6505" },
   { name = "gleam_hexpm", version = "1.0.0", build_tools = ["gleam"], requirements = ["birl", "gleam_stdlib"], otp_app = "gleam_hexpm", source = "hex", outer_checksum = "A5DF5D32BFDE84003B2C2183700D98E106A969C6C6EDE0363A50BB421AFF50B7" },
   { name = "gleam_http", version = "3.6.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "gleam_http", source = "hex", outer_checksum = "8C07DF9DF8CC7F054C650839A51C30A7D3C26482AC241C899C1CEA86B22DBE51" },
@@ -31,7 +30,6 @@ packages = [
 [requirements]
 birl = { version = ">= 1.7.0 and < 2.0.0" }
 filepath = { version = ">= 1.0.0 and < 2.0.0" }
-gleam_erlang = { version = ">= 0.25.0 and < 1.0.0" }
 gleam_hackney = { version = ">= 1.2.0 and < 2.0.0" }
 gleam_hexpm = { version = ">= 1.0.0 and < 2.0.0" }
 gleam_http = { version = ">= 3.6.0 and < 4.0.0" }

scripts/test.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+cd "$(dirname $0)/.."
+
+gleam update
+gleam format
+gleam test
+rm -rf .go-over/
+gleam run
+gleam run -- --skip --force 
+gleam run -- --fake
+gleam run

src/go_over.gleam

@@ -11,7 +11,6 @@ import go_over/print
 import go_over/retired
 import go_over/util.{iffnil, throwaway}
 import go_over/warning.{type Warning, Warning}
-import go_over/yaml
 import shellout
 import simplifile
 
@@ -20,7 +19,6 @@ type Flags {
 }
 
 fn spin_up() -> Flags {
-  let assert Ok(_) = yaml.start()
   let args = shellout.arguments()
   let flags =
     Flags(
@@ -98,9 +96,15 @@ fn print_warnings(vulns: List(Warning)) -> Nil {
 pub fn main() {
   let flags = spin_up()
   let conf = config.read_config("./gleam.toml")
+  iffnil(!conf.cache && flags.skip, fn() {
+    print.warning("Cannot specify both `--skip` & `cache=false`")
+    shellout.exit(1)
+  })
+
   throwaway(flags.force || !conf.cache, fn() {
     simplifile.delete(constants.go_over_path())
   })
+
   let pkgs =
     packages.read_manifest("./manifest.toml")
     |> config.filter_packages(conf, _)

src/go_over/advisories.gleam

@@ -80,7 +80,11 @@ fn is_vulnerable(p: packages.Package, advs: List(Advisory)) -> List(Advisory) {
   |> option.values
 }
 
-fn clone() -> Nil {
+fn delete_and_clone() -> Nil {
+  // ? File may or may not exist
+  let p = path()
+
+  let _ = simplifile.delete(p)
   print.progress("Cloning: " <> constants.advisories_repo <> "...")
 
   let assert Ok(Nil) =
@@ -99,18 +103,12 @@ fn clone() -> Nil {
       opt: [],
     )
 
-  Nil
-}
-
-fn delete_and_clone() -> Nil {
-  // ? File may or may not exist
-  let p = path()
-
-  let _ = simplifile.delete(p)
-  clone()
-  let assert Ok(Nil) = simplifile.delete(filepath.join(p, ".git"))
-
-  Nil
+  [
+    ".git", ".gitignore", ".github", "config", "lib", ".formatter.exs",
+    ".credo.exs", "Makefile", "mix.exs", "mix.lock",
+  ]
+  |> list.map(filepath.join(p, _))
+  |> list.each(simplifile.delete)
 }
 
 pub fn check_for_advisories(

src/go_over/config.gleam

@@ -1,6 +1,7 @@
 import gleam/dict
 import gleam/list
 import gleam/result.{unwrap}
+import gleam/string
 import go_over/advisories.{type Advisory}
 import go_over/packages.{type Package}
 import go_over/warning.{type Warning}
@@ -29,7 +30,6 @@ pub fn read_config(path: String) -> Config {
   let ignore =
     tom.get_table(go_over, ["ignore"])
     |> unwrap(dict.new())
-
   let packages =
     tom.get_array(ignore, ["packages"])
     |> unwrap([])
@@ -58,7 +58,7 @@ pub fn filter_advisory_ids(conf: Config, advs: List(Advisory)) -> List(Advisory)
 
 pub fn filter_severity(conf: Config, warnings: List(Warning)) -> List(Warning) {
   list.filter(warnings, fn(w) {
-    !list.contains(conf.ignore_severity, w.severity)
+    !list.contains(conf.ignore_severity, string.lowercase(w.severity))
   })
 }
 

src/go_over/yaml.gleam

@@ -1,12 +1,6 @@
-import gleam/erlang.{type EnsureAllStartedError}
-import gleam/erlang/atom.{type Atom}
 import gleam/list
 import gleam/string
 
-pub fn start() -> Result(List(Atom), EnsureAllStartedError) {
-  erlang.ensure_all_started(atom.create_from_string("yamerl"))
-}
-
 @external(erlang, "yamll", "parse")
 fn read(
   path: String,

test/config_test.gleam

@@ -59,10 +59,19 @@ pub fn filter_severity_test() {
   let a = Warning("", "", "", warning.Vulnerable, "a", warning.Direct)
   let b = Warning("", "", "", warning.Vulnerable, "b", warning.Direct)
   let c = Warning("", "", "", warning.Vulnerable, "c", warning.Direct)
+  let aa = Warning("", "", "", warning.Vulnerable, "A", warning.Direct)
+  let bb = Warning("", "", "", warning.Vulnerable, "B", warning.Direct)
+  let cc = Warning("", "", "", warning.Vulnerable, "C", warning.Direct)
 
   should.equal(filter_severity(full, []), [])
   should.equal(filter_severity(full, [a]), [])
   should.equal(filter_severity(full, [a, b]), [])
   should.equal(filter_severity(full, [b, c]), [c])
   should.equal(filter_severity(full, [a, b, c]), [c])
+
+  should.equal(filter_severity(full, []), [])
+  should.equal(filter_severity(full, [aa]), [])
+  should.equal(filter_severity(full, [aa, bb]), [])
+  should.equal(filter_severity(full, [bb, cc]), [cc])
+  should.equal(filter_severity(full, [aa, bb, cc]), [cc])
 }