Improve deps.get formatting

Author: maennchen

lib/hex/remote_converger.ex

@@ -494,54 +494,35 @@ defmodule Hex.RemoteConverger do
     end)
   end
 
-  defp print_status(nil, advisories, mod, name, previous_version, version, warning) do
-    case mod do
-      :new ->
-        Hex.Shell.info(Hex.Shell.format([:green, "  #{name} #{version}", :red, "#{warning}"]))
-
-      :eq ->
-        Hex.Shell.info("  #{name} #{version}")
-
-      :lt ->
-        Hex.Shell.info(
-          Hex.Shell.format([
-            :yellow,
-            "  #{name} #{previous_version} => #{version}",
-            :red,
-            "#{warning}"
-          ])
-        )
-
-      :gt ->
-        Hex.Shell.info(
-          Hex.Shell.format([
-            :green,
-            "  #{name} #{previous_version} => #{version}",
-            :red,
-            "#{warning}"
-          ])
-        )
-    end
-
-    print_advisories(version_string(mod, name, previous_version, version), advisories)
-  end
-
-  defp print_status(retired, advisories, mod, name, previous_version, version, _warning) do
-    version_string = version_string(mod, name, previous_version, version)
+  defp print_status(retired, advisories, mod, name, previous_version, version, warning) do
+    version_str = version_string(mod, name, previous_version, version)
+    version_color = if mod in [:new, :gt], do: :green, else: if(mod == :lt, do: :yellow, else: [])
+
+    line =
+      [version_color, version_str, :reset]
+      |> then(fn
+        acc when is_nil(retired) -> acc
+        acc -> [acc, :yellow, " RETIRED!", :reset]
+      end)
+      |> then(fn
+        acc when advisories == [] -> acc
+        acc -> [acc, :red, " VULNERABLE!", :reset]
+      end)
+      |> then(fn
+        acc when is_nil(warning) -> acc
+        acc -> [acc, :red, warning, :reset]
+      end)
 
-    Hex.Shell.warn("#{version_string} RETIRED!")
-    Hex.Shell.warn("    #{Hex.Utils.package_retirement_message(retired)}")
+    Hex.Shell.info(Hex.Shell.format(line))
 
-    print_advisories(version_string, advisories)
-  end
+    if retired do
+      Hex.Shell.warn("    #{Hex.Utils.package_retirement_message(retired)}")
+    end
 
-  defp print_advisories(version_string, advisories) do
     Enum.each(advisories, fn advisory ->
       Hex.Shell.info(
-        Hex.Shell.format([:yellow, "#{version_string} has a security advisory!", :reset])
+        Hex.Shell.format(["    " | Hex.Utils.format_advisory_ansi(advisory, "    ")])
       )
-
-      Hex.Shell.info(Hex.Shell.format(["    " | Hex.Utils.format_advisory_ansi(advisory)]))
     end)
   end
 

lib/hex/utils.ex

@@ -273,31 +273,43 @@ defmodule Hex.Utils do
   def advisory_severity_color(:SEVERITY_CRITICAL), do: [:bright, :red]
   def advisory_severity_color(_), do: :normal
 
-  def format_advisory(%{summary: summary, severity: severity, html_url: url}) do
-    "(#{advisory_severity(severity)}) #{summary} - #{url}"
-  end
-
-  def format_advisory(%{summary: summary, html_url: url}) do
-    "#{summary} - #{url}"
-  end
-
-  def format_advisory(%{summary: summary, severity: severity}) do
-    "(#{advisory_severity(severity)}) #{summary}"
+  def format_advisory(%{id: id, summary: summary} = advisory) do
+    id
+    |> then(fn acc ->
+      case advisory do
+        %{severity: s} -> "#{acc} (#{advisory_severity(s)})"
+        _ -> acc
+      end
+    end)
+    |> then(&"#{&1}: #{summary}")
+    |> then(fn acc ->
+      case advisory do
+        %{html_url: url} -> "#{acc} - #{url}"
+        _ -> acc
+      end
+    end)
   end
 
-  def format_advisory(%{summary: summary}) do
-    summary
-  end
+  def format_advisory_ansi(advisory, line_prefix \\ "")
 
-  def format_advisory_ansi(%{severity: severity} = advisory) do
-    color = advisory_severity_color(severity)
-    label = "(#{advisory_severity(severity)})"
-    rest = " " <> format_advisory(Map.delete(advisory, :severity))
-    List.flatten([color, label, :reset, rest])
-  end
+  def format_advisory_ansi(%{id: id, summary: summary} = advisory, line_prefix) do
+    [:red, id]
+    |> then(fn acc ->
+      case advisory do
+        %{severity: s} ->
+          [acc, " ", advisory_severity_color(s), "(#{advisory_severity(s)})", :red]
 
-  def format_advisory_ansi(advisory) do
-    [format_advisory(advisory)]
+        _ ->
+          acc
+      end
+    end)
+    |> then(&[&1, ": #{summary}"])
+    |> then(fn acc ->
+      case advisory do
+        %{html_url: url} -> [acc, :reset, "\n", line_prefix, "  ", url]
+        _ -> [acc, :reset]
+      end
+    end)
   end
 
   # From https://github.com/fishcakez/dialyze/blob/6698ae582c77940ee10b4babe4adeff22f1b7779/lib/mix/tasks/dialyze.ex#L168

test/hex/remote_converger_test.exs

@@ -254,11 +254,12 @@ defmodule Hex.RemoteConvergerTest do
         info_messages = collect_info_messages([])
 
         assert Enum.any?(info_messages, fn msg ->
-                 msg =~ "rc_advisory_package 0.1.0 has a security advisory!"
+                 msg =~ "rc_advisory_package 0.1.0" and msg =~ "VULNERABLE!"
                end)
 
         assert Enum.any?(info_messages, fn msg ->
-                 msg =~ "(HIGH) Remote code execution via crafted input"
+                 msg =~ "GHSA-rc-0001" and msg =~ "(HIGH)" and
+                   msg =~ "Remote code execution via crafted input"
                end)
       end)
     end)

test/hex/utils_test.exs

@@ -24,23 +24,23 @@ defmodule Hex.UtilsTest do
   end
 
   describe "format_advisory/1" do
-    test "includes severity and url" do
+    test "includes id, severity and url" do
       assert Hex.Utils.format_advisory(@advisory) ==
-               "(HIGH) Remote code execution via crafted input - https://github.com/advisories/GHSA-test-0001"
+               "GHSA-test-0001 (HIGH): Remote code execution via crafted input - https://github.com/advisories/GHSA-test-0001"
     end
 
-    test "without severity omits severity prefix" do
+    test "without severity omits severity" do
       advisory = Map.delete(@advisory, :severity)
 
       assert Hex.Utils.format_advisory(advisory) ==
-               "Remote code execution via crafted input - https://github.com/advisories/GHSA-test-0001"
+               "GHSA-test-0001: Remote code execution via crafted input - https://github.com/advisories/GHSA-test-0001"
     end
 
-    test "without url omits url suffix" do
+    test "without url omits url" do
       advisory = Map.delete(@advisory, :html_url)
 
       assert Hex.Utils.format_advisory(advisory) ==
-               "(HIGH) Remote code execution via crafted input"
+               "GHSA-test-0001 (HIGH): Remote code execution via crafted input"
     end
   end
 end

test/mix/tasks/hex.audit_test.exs

@@ -57,7 +57,7 @@ defmodule Mix.Tasks.Hex.AuditTest do
       assert catch_throw(Mix.Task.run("hex.audit")) == {:exit_code, 1}
 
       expected =
-        "(HIGH) Remote code execution via crafted input - https://github.com/advisories/GHSA-test-0001"
+        "GHSA-test-0001 (HIGH): Remote code execution via crafted input - https://github.com/advisories/GHSA-test-0001"
 
       assert_advisory_output_row(@package_name, "1.1.0", expected)
       assert_received {:mix_shell, :error, ["Found packages with security advisories"]}