chelsea 0.0.19 → 0.0.24
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/circleci-readme.md +28 -0
- data/.gitignore +3 -0
- data/Jenkinsfile +2 -2
- data/README.md +36 -45
- data/bin/chelsea +2 -1
- data/lib/chelsea/cli.rb +2 -1
- data/lib/chelsea/iq_client.rb +3 -2
- data/lib/chelsea/version.rb +1 -1
- metadata +3 -4
- data/bin/setup +0 -24
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1f51bc9ebee4f9d00b5c0ddda4c45c692864946b5adde386871f1d5bdbd90782
|
4
|
+
data.tar.gz: ed391b804442208428439d285009b0344215d71789bc71d6e55685c08356bb5a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e1bbc05ec99c96ed359aa98a704338f7351780d170f74f09a8e1d4a3b61fb68fc7ba217534ebd8fc56ee05e194820add3601d13eed74cc42f2b6d4c90ba70cb7
|
7
|
+
data.tar.gz: c0c8025f8cc54425e31ff9cd703c743f8b4a7b3c10c023a3da04ad4d6d7b3b38092cf061dd8239e49410ba10ea8707bf28151ae9d52e23459146821838edc054
|
@@ -0,0 +1,28 @@
|
|
1
|
+
CI Debug Notes
|
2
|
+
================
|
3
|
+
To validate some circleci stuff, I was able to run a “build locally” using the steps below.
|
4
|
+
The local build runs in a docker container.
|
5
|
+
|
6
|
+
* (Once) Install circleci client (`brew install circleci`)
|
7
|
+
|
8
|
+
* Convert the “real” config.yml into a self contained (non-workspace) config via:
|
9
|
+
|
10
|
+
circleci config process .circleci/config.yml > .circleci/local-config.yml
|
11
|
+
|
12
|
+
* Run a local build with the following command:
|
13
|
+
|
14
|
+
circleci local execute -c .circleci/local-config.yml --job 'build'
|
15
|
+
|
16
|
+
Typically both commands are run together:
|
17
|
+
|
18
|
+
circleci config process .circleci/config.yml > .circleci/local-config.yml && circleci local execute -c .circleci/local-config.yml --job 'build'
|
19
|
+
|
20
|
+
With the above command, operations that cannot occur during a local build will show an error like this:
|
21
|
+
|
22
|
+
```
|
23
|
+
... Error: FAILED with error not supported
|
24
|
+
```
|
25
|
+
|
26
|
+
However, the build will proceed and can complete “successfully”, which allows you to verify scripts in your config, etc.
|
27
|
+
|
28
|
+
If the build does complete successfully, you should see a happy yellow `Success!` message.
|
data/.gitignore
CHANGED
data/Jenkinsfile
CHANGED
@@ -32,12 +32,12 @@ dockerizedBuildPipeline(
|
|
32
32
|
sh '''
|
33
33
|
gem build chelsea.gemspec
|
34
34
|
gem install ./chelsea-*.gem
|
35
|
-
chelsea --file Gemfile.lock -b -a chelsea -iu $IQ_USERNAME -it $IQ_PASSWORD -i https://policy.ci.sonatype.dev
|
35
|
+
chelsea --file Gemfile.lock -b -a chelsea -iu $IQ_USERNAME -it $IQ_PASSWORD -i https://policy.ci.sonatype.dev --stage stage-release
|
36
36
|
'''
|
37
37
|
}
|
38
38
|
})
|
39
39
|
},
|
40
|
-
testResults: [ '
|
40
|
+
testResults: [ 'test_results/rspec.xml' ],
|
41
41
|
onSuccess: {
|
42
42
|
githubStatusUpdate('success')
|
43
43
|
},
|
data/README.md
CHANGED
@@ -38,21 +38,10 @@ $ gem install chelsea
|
|
38
38
|
```
|
39
39
|
|
40
40
|
```
|
41
|
-
$ chelsea
|
42
|
-
|
43
|
-
/ __ \| | | |
|
44
|
-
| / \/| |__ ___ | | ___ ___ __ _
|
45
|
-
| | | '_ \ / _ \| |/ __| / _ \ / _` |
|
46
|
-
| \__/\| | | || __/| |\__ \| __/| (_| |
|
47
|
-
\____/|_| |_| \___||_||___/ \___| \__,_|
|
48
|
-
|
49
|
-
|
50
|
-
Version: 0.0.11
|
51
|
-
|
52
|
-
usage: chelsea [options] ...
|
53
|
-
|
54
|
-
Options:
|
41
|
+
$ chelsea --help
|
42
|
+
usage: /usr/local/bin/chelsea [options]
|
55
43
|
-f, --file Path to your Gemfile.lock
|
44
|
+
-x, --clear Clear OSS Index cache
|
56
45
|
-c, --config Set persistent config for OSS Index
|
57
46
|
-u, --user Specify OSS Index Username
|
58
47
|
-p, --token Specify OSS Index API Token
|
@@ -61,9 +50,10 @@ Options:
|
|
61
50
|
-iu, --iquser Specify the IQ username
|
62
51
|
-it, --iqpass Specify the IQ auth token
|
63
52
|
-w, --whitelist Set path to vulnerability whitelist file
|
64
|
-
-
|
53
|
+
-v, --verbose For text format, list dependencies, their reverse dependencies (what brought them in to your project), and if they are vulnerable. (default: false)
|
65
54
|
-t, --format Choose what type of format you want your report in (default: text) (options: text, json, xml)
|
66
55
|
-b, --iq Use Nexus IQ Server to audit your project
|
56
|
+
-s, --stage Specify Nexus IQ Stage (default: build) (options: develop, build, stage-release, release, operate)
|
67
57
|
--version Print the version
|
68
58
|
-h, --help Show usage
|
69
59
|
```
|
@@ -96,35 +86,6 @@ Audit Results
|
|
96
86
|
|
97
87
|
Audit Results will show a list of your third party dependencies, their reverse dependencies (so what brought them in to your project), and if they are vulnerable or not.
|
98
88
|
|
99
|
-
### Quiet usage
|
100
|
-
|
101
|
-
Running with `--quiet` will only output any vulnerable dependencies found, similar to:
|
102
|
-
|
103
|
-
```
|
104
|
-
_____ _ _
|
105
|
-
/ __ \| | | |
|
106
|
-
| / \/| |__ ___ | | ___ ___ __ _
|
107
|
-
| | | '_ \ / _ \| |/ __| / _ \ / _` |
|
108
|
-
| \__/\| | | || __/| |\__ \| __/| (_| |
|
109
|
-
\____/|_| |_| \___||_||___/ \___| \__,_|
|
110
|
-
|
111
|
-
|
112
|
-
Version: 0.0.11
|
113
|
-
[15/31] - pkg:gem/rake@10.5.0 Vulnerable.
|
114
|
-
Required by: domain_name-0.5.20190701
|
115
|
-
Required by: equatable-0.6.1
|
116
|
-
Required by: pastel-0.7.3
|
117
|
-
Required by: public_suffix-4.0.3
|
118
|
-
Required by: rspec_junit_formatter-0.4.1
|
119
|
-
Required by: slop-4.8.1
|
120
|
-
Required by: slop-4.8.0
|
121
|
-
Required by: unf-0.1.4
|
122
|
-
Required by: unf_ext-0.0.7.7
|
123
|
-
Required by: unf_ext-0.0.7.6
|
124
|
-
```
|
125
|
-
|
126
|
-
This can be useful if you are only interested in seeing your vulnerable dependencies, and not the whole list.
|
127
|
-
|
128
89
|
### Usage with Formatters
|
129
90
|
|
130
91
|
Chelsea can be run with a number of different formatters:
|
@@ -174,7 +135,37 @@ Report URL: http://localhost:8070/ui/links/application/testapp/report/0e0f469269
|
|
174
135
|
|
175
136
|
## Development
|
176
137
|
|
177
|
-
|
138
|
+
We suggest using [rbenv](https://github.com/rbenv/rbenv) to setup a reliable ruby development environment.
|
139
|
+
|
140
|
+
Follow the [installation steps](https://github.com/rbenv/rbenv#installation).
|
141
|
+
For macos (10.15.7), there was a problem with step 2, with: `$ rbenv init`. The command
|
142
|
+
printed suggested editing `~/.bashrc`; however, this did not work in our case (even after an OS reboot),
|
143
|
+
and we had to instead edit `~/bash_profile`. To sanity check your installation, you should see the
|
144
|
+
`.rbenv` directory early in your PATH, e.g.:
|
145
|
+
```
|
146
|
+
$ echo $PATH
|
147
|
+
/Users/<username>/.rbenv/shims:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:...
|
148
|
+
```
|
149
|
+
|
150
|
+
We are using ruby version 2.6.6, but newer versions should also work.
|
151
|
+
```
|
152
|
+
rbenv install 2.6.6
|
153
|
+
```
|
154
|
+
|
155
|
+
Install `bundler`:
|
156
|
+
```
|
157
|
+
gem install bundler
|
158
|
+
```
|
159
|
+
|
160
|
+
Install dependencies:
|
161
|
+
```
|
162
|
+
bundle install
|
163
|
+
```
|
164
|
+
|
165
|
+
Run tests:
|
166
|
+
```
|
167
|
+
bundle exec rspec
|
168
|
+
```
|
178
169
|
|
179
170
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
180
171
|
|
data/bin/chelsea
CHANGED
@@ -31,9 +31,10 @@ opts =
|
|
31
31
|
o.string '-iu', '--iquser', 'Specify the IQ username', default: 'admin'
|
32
32
|
o.string '-it', '--iqpass', 'Specify the IQ auth token', default: 'admin123'
|
33
33
|
o.string '-w', '--whitelist', 'Set path to vulnerability whitelist file'
|
34
|
-
o.bool '-v', '--verbose', '
|
34
|
+
o.bool '-v', '--verbose', 'For text format, list dependencies, their reverse dependencies (what brought them in to your project), and if they are vulnerable. (default: false)', default: false
|
35
35
|
o.string '-t', '--format', 'Choose what type of format you want your report in (default: text) (options: text, json, xml)', default: 'text'
|
36
36
|
o.bool '-b', '--iq', 'Use Nexus IQ Server to audit your project'
|
37
|
+
o.string '-s', '--stage', 'Specify Nexus IQ Stage (default: build) (options: develop, build, stage-release, release, operate)', default: 'build'
|
37
38
|
o.on '--version', 'Print the version' do
|
38
39
|
puts Chelsea::VERSION
|
39
40
|
exit
|
data/lib/chelsea/cli.rb
CHANGED
@@ -63,7 +63,8 @@ module Chelsea
|
|
63
63
|
public_application_id: @opts[:application],
|
64
64
|
server_url: @opts[:server],
|
65
65
|
username: @opts[:iquser],
|
66
|
-
auth_token: @opts[:iqpass]
|
66
|
+
auth_token: @opts[:iqpass],
|
67
|
+
stage: @opts[:stage]
|
67
68
|
}
|
68
69
|
)
|
69
70
|
bom = Chelsea::Bom.new(gems.deps.dependencies).collect
|
data/lib/chelsea/iq_client.rb
CHANGED
@@ -28,7 +28,8 @@ module Chelsea
|
|
28
28
|
server_url: 'http://localhost:8070',
|
29
29
|
username: 'admin',
|
30
30
|
auth_token: 'admin123',
|
31
|
-
internal_application_id: ''
|
31
|
+
internal_application_id: '',
|
32
|
+
stage: 'build'
|
32
33
|
}
|
33
34
|
def initialize(options: DEFAULT_OPTIONS)
|
34
35
|
@options = options
|
@@ -149,7 +150,7 @@ module Chelsea
|
|
149
150
|
end
|
150
151
|
|
151
152
|
def _api_url
|
152
|
-
"#{@options[:server_url]}/api/v2/scan/applications/#{@internal_application_id}/sources/chelsea"
|
153
|
+
"#{@options[:server_url]}/api/v2/scan/applications/#{@internal_application_id}/sources/chelsea?stageId=#{@options[:stage]}"
|
153
154
|
end
|
154
155
|
|
155
156
|
def _internal_application_id_api_url
|
data/lib/chelsea/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chelsea
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.24
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Allister Beharry
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-10-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: tty-font
|
@@ -218,10 +218,10 @@ email:
|
|
218
218
|
executables:
|
219
219
|
- chelsea
|
220
220
|
- console
|
221
|
-
- setup
|
222
221
|
extensions: []
|
223
222
|
extra_rdoc_files: []
|
224
223
|
files:
|
224
|
+
- ".circleci/circleci-readme.md"
|
225
225
|
- ".circleci/config.yml"
|
226
226
|
- ".circleci/setup-rubygems.sh"
|
227
227
|
- ".github/CONTRIBUTING.md"
|
@@ -243,7 +243,6 @@ files:
|
|
243
243
|
- Rakefile
|
244
244
|
- bin/chelsea
|
245
245
|
- bin/console
|
246
|
-
- bin/setup
|
247
246
|
- chelsea
|
248
247
|
- chelsea.gemspec
|
249
248
|
- docs/images/chelsea.png
|
data/bin/setup
DELETED
@@ -1,24 +0,0 @@
|
|
1
|
-
#!/usr/bin/env bash
|
2
|
-
#
|
3
|
-
# Copyright 2019-Present Sonatype Inc.
|
4
|
-
#
|
5
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
-
# you may not use this file except in compliance with the License.
|
7
|
-
# You may obtain a copy of the License at
|
8
|
-
#
|
9
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
-
#
|
11
|
-
# Unless required by applicable law or agreed to in writing, software
|
12
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
-
# See the License for the specific language governing permissions and
|
15
|
-
# limitations under the License.
|
16
|
-
#
|
17
|
-
|
18
|
-
set -euo pipefail
|
19
|
-
IFS=$'\n\t'
|
20
|
-
set -vx
|
21
|
-
|
22
|
-
bundle install
|
23
|
-
|
24
|
-
# Do any other automated setup that you need to do here
|