RubyGems - dccscr - Versions diffs - 0.1.0 → 0.2.3 - Mend

dccscr 0.1.0 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/.gitignore +4 -1
data/.rubocop.yml +3 -0
data/Gemfile.lock +1 -1
data/exe/update_allowlist_with_dccscr +74 -0
data/lib/dccscr/version.rb +1 -1
data/lib/dccscr/whitelist.rb +1 -1
metadata +3 -3
data/exe/dccscr_to_gitlab +0 -34

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 617eae30347338acd467d9b6e3fdbb39c98263657fa8e4caa57eca15890f81ad
-  data.tar.gz: '09ced8194847fe70669147f19a39d6897b5bf8629cffb4047ab9c89c63666f56'
+  metadata.gz: 261894021f66c455747ff0bf23dae30fa2a1e6f81c49eec8ca5259452c5ee394
+  data.tar.gz: fc290c6ac35dfd3f9448350b56af6483a29247b5d633b217e1e0d2af9c87f541
 SHA512:
-  metadata.gz: 5c109477378e93fc74be29651ef02b4ac5e0e26beda4a71c623d27c9b5522fdeb7d45075c14b0f3ae40cbba7eedacc8cfcd0ce72e9f0b70b5a321c28cbe8efa6
-  data.tar.gz: 0e8bf782254e2ae32263399f166209ebf551aa8bba9c97ad2ae8cf22f85b522f04d2b46d12a00dde978341fbcd6e5bb37685f1de1376f13a96c9509ed19cda2c
+  metadata.gz: 0064c33c1810b27a0221a833c9269c70eed53f60206a4ce1d0f9b25fbe0b15dda1532e6e73bb0e91628d8243ab500f48ad9899e3f61c5f788eebf12ee3c2977e
+  data.tar.gz: 30faf367d582d3ad191977cca89d8337df665fde843709af991b3e5eba408c6f71f9de396fe9d44f11b0fe074cdfa7989833371f092229b2c04c684ab3bb5bd6

data/.gitignore CHANGED Viewed

@@ -1,3 +1,7 @@
+/vulnerability-allowlist.yml
+/local-vulnerability-allowlist.yml
+/vendor/
 /.bundle/
 /.yardoc
 /_yardoc/
@@ -6,4 +10,3 @@
 /pkg/
 /spec/reports/
 /tmp/
-/vendor/

data/.rubocop.yml CHANGED Viewed

@@ -11,6 +11,9 @@ Metrics/MethodLength:
 Naming/InclusiveLanguage:
   Enabled: false
+Naming/MethodParameterName:
+  MinNameLength: 2
 Style/BlockDelimiters:
   Enabled: false

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    dccscr (0.1.0)
+    dccscr (0.2.3)
 GEM
   remote: https://rubygems.org/

data/exe/update_allowlist_with_dccscr ADDED Viewed

@@ -0,0 +1,74 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+require 'dccscr/whitelist'
+def load_dccscr_whitelist
+  DCCSCR::Whitelist.new.tap do |wl|
+    # load wl entries for args
+    # will load parents as well
+    ARGV.each { |arg| wl[arg] }
+  end
+end
+def load_gitlab_allowlist
+  if File.exist?('local-vulnerability-allowlist.yml')
+    warn 'Loading local-vulnerability-allowlist.yml'
+    YAML.safe_load(File.read('local-vulnerability-allowlist.yml'))
+  elsif File.exist?('vulnerability-allowlist.yml')
+    warn 'Loading and renaming vulnerability-allowlist.yml'
+    File.rename('vulnerability-allowlist.yml', 'local-vulnerability-allowlist.yml')
+    YAML.safe_load(File.read('local-vulnerability-allowlist.yml'))
+  else
+    warn 'No [local-]vulnerability-allowlist.yml'
+    {}
+  end
+end
+def allow_list_dccscr(wl)
+  warn 'Generating dccscr list in gitlab format'
+  {
+    'generalallowlist' => Hash[
+      wl.entries.map { |_, entry|
+        entry.value['whitelisted_vulnerabilities'].map { |v|
+          [v['vulnerability'], "dccscr-whitelists:\n#{v['justification']}"]
+        }.compact
+      }.flatten(1).sort
+    ]
+  }
+end
+def combined_list(dl, ll)
+  warn 'Merging dccscr and local lists'
+  dl.merge(ll) { |_, d, l|
+    case d
+    when Hash
+      d.merge(l)
+    else
+      l
+    end
+  }
+end
+def update_allow_list_file(cl)
+  warn 'Updating vulnerability-allowlist.yml'
+  File.open('vulnerability-allowlist.yml', 'w') do |f|
+    f << cl.to_yaml
+  end
+end
+def run
+  ll = load_gitlab_allowlist
+  wl = load_dccscr_whitelist
+  dl = allow_list_dccscr(wl)
+  cl = combined_list(dl, ll)
+  update_allow_list_file(cl)
+end
+run

data/lib/dccscr/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module DCCSCR
-  VERSION = '0.1.0'
+  VERSION = '0.2.3'
 end

data/lib/dccscr/whitelist.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module DCCSCR
       def initialize(whitelist:, subpath:, greylist: "#{File.basename(subpath)}.greylist")
         @value = JSON.parse(File.read(File.join(whitelist.path, subpath, greylist)))
-        whitelist[@parent] unless (@parent = @value['image_parent_name']).empty?
+        whitelist[@parent] unless (@parent = @value['image_parent_name'])&.empty?
       end
     end
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dccscr
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.3
 platform: ruby
 authors:
 - Frank J. Cameron
@@ -14,7 +14,7 @@ description:
 email:
 - fjc@fastmail.net
 executables:
-- dccscr_to_gitlab
+- update_allowlist_with_dccscr
 extensions: []
 extra_rdoc_files: []
 files:
@@ -30,7 +30,7 @@ files:
 - bin/console
 - bin/setup
 - dccscr.gemspec
-- exe/dccscr_to_gitlab
+- exe/update_allowlist_with_dccscr
 - lib/dccscr.rb
 - lib/dccscr/version.rb
 - lib/dccscr/whitelist.rb

data/exe/dccscr_to_gitlab DELETED Viewed

@@ -1,34 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-require 'dccscr/whitelist'
-wl = DCCSCR::Whitelist.new
-ARGV.each { |arg| wl[arg] }
-local_list = begin
-  YAML.safe_load(File.read('vulnerability-allowlist.yml'))
-rescue Errno::ENOENT
-  warn $!.message
-  {}
-end
-dccscr_list = {
-  'generalallowlist' => Hash[
-    wl.entries.map { |_, entry|
-      entry.value['whitelisted_vulnerabilities'].map { |v|
-        [v['vulnerability'], "dccscr-whitelists:\n#{v['justification']}"]
-      }
-    }.flatten(1).sort
-  ]
-}
-puts dccscr_list.merge(local_list) { |_, dl, ll|
-  case dl
-  when Hash
-    dl.merge(ll)
-  else
-    ll
-  end
-}.to_yaml