claws-scan 0.7.5 → 0.7.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '088da1fb246e5843261993812e1b89125eba56e5892628516969d496048fef7e'
-  data.tar.gz: 82c7a7674fa590a5feda1511f4b3f43970401ec5b2c9898f7c7c859e0805d0df
+  metadata.gz: e35f096c235fba21325d4385fd83ac9c7ca2466ca1e82e72311f3079dcd02276
+  data.tar.gz: c5a5f8206a0f047bf0b49b31ba9976a8c41ad5c3476c8167683140298efcc4a6
 SHA512:
-  metadata.gz: 6385a23ac3b074ded87e7b761e4fdd25a7b19770b63b460ee1192664972b9da20dfabc8f6e80e94f327e3b2a6016bce5d996c02dcefae8831ae9bd43d4d10abd
-  data.tar.gz: 46adc628c3b02d052d601540d9421e01c70f343a41982593795c149b448ecffdde64c6fc704a6526a5c014237047b5518d72373cc0e05d5197e67d53b0682776
+  metadata.gz: 8f58f8c09db0ccb0b3c1df00f09710bad07bcc691cb4b41681d5d6e2ff62e157c45742505aa9469d2e6b81d35b6a8ce020863019be057f7b36a780ddf314e65a
+  data.tar.gz: 0161dad252e79ee9e79d85eb7af21d2eccf1ce5ae6b82d415fcd4a6d060989e5245c57593ca82ad2b7401716ecf5edbd89b3cb9d02bde036e72dcec3d5339ee7

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    claws-scan (0.7.5)
+    claws-scan (0.7.6)
       equation (~> 0.6)
       pry
       slop (~> 4.9)

data/lib/claws/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Claws
-  VERSION = "0.7.5"
+  VERSION = "0.7.6"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: claws-scan
 version: !ruby/object:Gem::Version
-  version: 0.7.5
+  version: 0.7.6
 platform: ruby
 authors:
 - Omar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-05-07 00:00:00.000000000 Z
+date: 2025-05-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: equation
@@ -85,21 +85,6 @@ files:
 - Rakefile
 - bin/analyze
 - config.yml
-- corpus/automerge_via_action.yml
-- corpus/automerge_via_cli.yml
-- corpus/build-docker-image-run-drc-for-cell-gds-using-magic.yml
-- corpus/cmd.yml
-- corpus/container.yml
-- corpus/container_docker.yml
-- corpus/dispatch_command_injection.yml
-- corpus/inherit_secrets.yml
-- corpus/nameless.yml
-- corpus/permissions.yml
-- corpus/ruby.yml
-- corpus/shellcheck.yml
-- corpus/unsafe_checkout_code_execution.yml
-- corpus/unsafe_checkout_token_leak.yml
-- corpus/unscoped_secrets.yml
 - github_action.yml
 - lib/claws.rb
 - lib/claws/application.rb

data/corpus/automerge_via_action.yml

@@ -1,28 +0,0 @@
-name: Automerge via Github Action
-
-on:
-  pull_request:
-    types:
-      - labeled
-      - unlabeled
-      - synchronize
-      - opened
-      - edited
-      - ready_for_review
-      - reopened
-      - unlocked
-  pull_request_review:
-    types:
-      - submitted
-  check_suite:
-    types:
-      - completed
-  status: {}
-
-jobs:
-  automerge:
-    runs-on: ubuntu-latest
-    steps:
-      - id: automerge
-        name: automerge
-        uses: "pascalgn/automerge-action@v0.15.5"

data/corpus/automerge_via_cli.yml

@@ -1,14 +0,0 @@
-name: Automerge Non-code Changes
-on:
-  push:
-    paths: ['**.txt']
-
-permissions:
-  contents: read
-
-jobs:
-  merge:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Merge pull request
-        run: gh pr merge ${{ steps.create_pull_request.outputs.pull-request-number }} --squash --auto --delete-branch

data/corpus/build-docker-image-run-drc-for-cell-gds-using-magic.yml

@@ -1,170 +0,0 @@
-# Copyright 2021 SkyWater PDK Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache 2.0
-
-name: Build Docker Image for Run DRC for cell GDS (using Magic) Action
-
-on:
-  workflow_dispatch:
-  push:
-  pull_request_target:
-
-
-permissions:
-  contents: read
-
-
-jobs:
-
-  # FIXME: Remove once GitHub Container Registry is working.
-  # docker.pkg.github.com doesn't support buildx built packages, use
-  # docker/build-push-action instead.
-  build-github-package:
-    name: "Building Docker GitHub Package."
-
-    runs-on: ubuntu-latest
-
-    permissions:
-      packages: write # ${{ github.event_name == "push" || github.event_name == "workflow_dispatch" }}
-
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v2
-      with:
-        # Always clone the full depth so git-describe works.
-        fetch-depth: 0
-        submodules: true
-
-    - name: Set Action Name
-      run: echo "ACTION_NAME=run-drc-for-cell-gds-using-magic" >> $GITHUB_ENV
-
-    - name: Build container image
-      uses: docker/build-push-action@v1
-      with:
-        registry: docker.pkg.github.com
-        username: ${{ github.repository_owner }}
-        password: ${{ github.token }}
-        repository: ${{ github.repository }}/${{ env.ACTION_NAME }}
-        path: ${{ env.ACTION_NAME }}
-        tag_with_ref: true
-        tag_with_sha: true
-        add_git_labels: true
-        push: ${{ startsWith(github.ref, 'refs/heads/') }}
-
-
-  build-docker-image:
-    name: "Building image."
-
-    runs-on: ubuntu-latest
-
-    # Run a local registry
-    services:
-      registry:
-        image: registry:2
-        ports:
-          - 5000:5000
-
-    steps:
-
-    - name: Dump context
-      uses: crazy-max/ghaction-dump-context@v1
-
-    - name: Checkout code
-      uses: actions/checkout@v2
-      with:
-        # Always clone the full depth so git-describe works.
-        fetch-depth: 0
-        submodules: true
-
-    - name: Set Action Name
-      run: echo "ACTION_NAME=run-drc-for-cell-gds-using-magic" >> $GITHUB_ENV
-
-    - name: Detect Push To Config
-      id: push_to
-      shell: python
-      env:
-        HAS_GCR_JSON_KEY: ${{ !!(secrets.GCR_JSON_KEY) }}
-      run: |
-        import os
-        gh_event = os.environ['GITHUB_EVENT_NAME']
-
-        i = []
-        print("Adding local service.")
-        i.append("localhost:5000/${{ env.ACTION_NAME }}")
-
-        if "${{ env.HAS_GCR_JSON_KEY }}":
-            print("Adding Google Container Repository (gcr.io)")
-            i.append("gcr.io/skywater-pdk/actions/${{ env.ACTION_NAME }}")
-
-        #print("Adding GitHub Container Repository (ghcr.io)")
-        #i.append("ghcr.io/${{ github.repository }}/${{ env.ACTION_NAME }}")
-
-        l = ",".join(i)
-        print("Final locations:", repr(l))
-        print("::set-output name=images::{}".format(l))
-
-    - name: Docker meta
-      id: docker_meta
-      uses: docker/metadata-action@v3
-      with:
-        images: ${{ steps.push_to.outputs.images }}
-        tags: |
-          type=ref,event=tag
-          type=ref,event=pr
-          type=ref,event=branch
-          type=sha
-          type=sha,format=long
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v1
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-      with:
-        driver-opts: network=host
-
-    - name: Login to Google Container Registry
-      if: ${{ contains(steps.push_to.outputs.images, 'gcr.io') }}
-      uses: docker/login-action@v1
-      with:
-        registry: gcr.io
-        username: _json_key
-        password: ${{ secrets.GCR_JSON_KEY }}
-
-    - name: Login to GitHub Container Registry
-      if: ${{ contains(steps.push_to.outputs.images, 'ghcr.io') }}
-      uses: docker/login-action@v1
-      with:
-        username: ${{ github.repository_owner }}
-        password: ${{ github.token }}
-        registry: ghcr.io
-
-    - name: Build and push
-      uses: docker/build-push-action@v2
-      id: docker_build
-      with:
-        context: ${{ env.ACTION_NAME }}
-        file: ${{ env.ACTION_NAME }}/Dockerfile
-        push: true
-        tags: |
-          ${{ steps.docker_meta.outputs.tags }}
-          localhost:5000/${{ env.ACTION_NAME }}:latest
-        labels: ${{ steps.docker_meta.outputs.labels }}
-
-    - name: Inspect
-      run: docker buildx imagetools inspect localhost:5000/${{ env.ACTION_NAME }}:latest
-
-    - name: Image digest
-      run: echo ${{ steps.docker_build.outputs.digest }}

data/corpus/cmd.yml

@@ -1,14 +0,0 @@
-# INSECURE
-
-on: issue_comment
-name: IssueOps - Demo
-jobs:
-  act-on-issue:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v1
-      - name: Reset demo if a demo or reset issue was opened
-        run: ./scripts/reset-demo.sh "${{ github.event.issue.body }}" "${{ github.event.issue.number }}"
-        env:
-          GITHUB_COM_TOKEN: ${{ secrets.GITHUB_TOKEN }}

data/corpus/container.yml

@@ -1,19 +0,0 @@
-name: CI
-on:
-  push:
-    branches: [ main ]
-jobs:
-  container-test-job:
-    runs-on: ubuntu-latest
-    container:
-      image: node:14.16
-      env:
-        NODE_ENV: development
-      ports:
-        - 80
-      volumes:
-        - my_docker_volume:/volume_mount
-      options: --cpus 1
-    steps:
-      - name: Check for dockerenv file
-        run: (ls /.dockerenv && echo Found dockerenv) || (echo No dockerenv)

data/corpus/container_docker.yml

@@ -1,9 +0,0 @@
-name: CI
-on:
-  push:
-    branches: [ main ]
-jobs:
-  use_image:
-    steps:
-      - name: My first step
-        uses: docker://alpine:3.8

data/corpus/dispatch_command_injection.yml

@@ -1,17 +0,0 @@
-name: Dispatch Me
-on:
-  workflow_dispatch:
-    inputs:
-      name:
-        description: 'Who I should say hello to'
-        required: true
-
-jobs:
-  greet:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v1
-      - name: Reset demo if a demo or reset issue was opened
-        run: ./scripts/greet.sh "${{ github.event.inputs.name }}"
-

data/corpus/inherit_secrets.yml

@@ -1,20 +0,0 @@
-on: [workflow_call]
-name: yea
-jobs:
-  rake:
-    runs-on: ubuntu-latest
-    secrets: inherit
-    steps:
-      - name: Checkout
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      # ignore: CommandInjection
-      - name: test
-        run: /bin/ls ${{ github.event.test }}
-      - name: Build
-        run: rake
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          YOINK: ${{ secrets.FLAG }}
-

data/corpus/nameless.yml

@@ -1,11 +0,0 @@
-on: [push, pull_request, pull_request_target]
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: '3.0' # Not needed with a .ruby-version file
-        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-    - run: bundle exec rake

data/corpus/permissions.yml

@@ -1,19 +0,0 @@
-name: Deploy
-
-on:
-  push:
-    branches:
-    - main
-
-permissions:
-  packages: write
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-    steps:
-      - uses: action/checkout@v3
-      - name: push
-        run: rake release

data/corpus/ruby.yml

@@ -1,12 +0,0 @@
-name: My workflow
-on: [push, pull_request, pull_request_target]
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: '3.0' # Not needed with a .ruby-version file
-        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-    - run: bundle exec rake

data/corpus/shellcheck.yml

@@ -1,12 +0,0 @@
-on: [push, pull_request, pull_request_target]
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - uses: ruby/setup-ruby@v1
-    - run: |
-        x=$(ls -lah)
-        if [[ $x == 2 ]]; then
-          echo $x
-        fi

data/corpus/unsafe_checkout_code_execution.yml

@@ -1,21 +0,0 @@
-name: Unsafe Checkout that Leads to RCE
-
-on: [pull_request_target]
-
-jobs:
-  build:
-    name: Build
-    runs-on: ubuntu-latest
-    steps:
-    # check out the attacker controlled branch with their code
-    - uses: actions/checkout@v2
-      with:
-        ref: ${{ github.event.pull_request.head.sha }}
-
-    # set up the environment and run specs
-    # because Rakefile comes from the attacker's branch
-    # we end up executing their code, even though they don't
-    # control the command here
-    - run: |
-        rake setup
-        rake spec

data/corpus/unsafe_checkout_token_leak.yml

@@ -1,33 +0,0 @@
-name: Unsafe Checkout that can Leak Tokens
-
-on: pull_request_target
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-    # check out the attacker controlled branch
-    - name: Checkout (depth 0)
-      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
-      with:
-        ref: ${{ github.event.pull_request.head.sha }}
-
-    # grab the version number from the VERSION file
-    # however... because we're getting the contents of the file
-    # from the attacker's branch, and because git allows symlinks
-    # the attacker can symlink VERSION to any other file on the system
-    # to leak its contents.
-    - name: Get PR Version
-      id: version_number
-      run: echo "::set-output name=version::$(cat VERSION)"
-
-    # Dump the version number into a Github comment for everyone to see
-    - name: Comment the new version
-      uses: peter-evans/create-or-update-comment@v2
-      with:
-        issue-number: ${{ github.event.pull_request.number }}
-        comment-author: 'github-actions[bot]'
-        body: |
-          Version was updated to
-          ```${{ steps.version_number.outputs.version }}```
-          bye now...

data/corpus/unscoped_secrets.yml

@@ -1,16 +0,0 @@
-on: [pull_request]
-name: yea
-jobs:
-  rake:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Build
-        run: rake
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          YOINK: ${{ secrets.API_KEY }}
-