fastlane-plugin-dependency_check_ios_analyzer 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 660f1ed90d6f3f6f65d75491077ff0163590226fc0cf71dc00604af2565ac317
-  data.tar.gz: 8a02db2fb5c3d921e60b9fd4dbdb8aa879f923baa7ef22127c4853b36fade699
+  metadata.gz: bf7e84c41d0957bf58d0109b283977bcb4b439541e916dd2b6835ec45e378d1b
+  data.tar.gz: 5a8b9429290bbeaa42422708adbd119c7968b3d9d0c63f0c29eda52e7c860ff6
 SHA512:
-  metadata.gz: 9d2afdd951f732aa69b4f39c9d7b4b7e4921912ae877e9828d8ec8351fb74713c4cefcd4a4cec0aa8be9ba6b2f1c91001aac4dd86e8816cbf3bb5477c5cd260b
-  data.tar.gz: 10ea8e5bfb61ad113dd578f8b1eb33f511469db0e69a4cc17aa4fc5785cda3c2a7fa851b09394aaf14d899cf2dbfa7565ec6399b4a9383d9182390bca49a55e0
+  metadata.gz: 7eca0a1937dc598c2600d7e8d48cd438dffb2929842d904bc400bde7515c8128c6c4c47a4262ce932429c8828bb8609fe675d8075f4371fd5c196dad1c4ef16f
+  data.tar.gz: f535298d2316688ce33e7557efe3565c20210c867619443b7090f0123cdd487bc290e021e8e389f17684471752dad32b2292f4e94556cf706f7b6d898d9492b0

data/README.md

@@ -10,17 +10,18 @@ This analyzer is considered experimental. While it may be useful and provide val
 
 ## Parameters
 
-| *Key* | *Description* | *Default* |
+| **Key** | **Description** | **Default** |
 | ------|-------------- | --------- |
-| `skip_spm_analysis` | Skip analysis of SPM dependencies | `false` |
-| `skip_pods_analysis` | Skip analysis of Cocoapods dependencies | `false` |
+| `skip_spm_analysis` | Skip analysis of `SPM` dependencies | `false` |
+| `skip_pods_analysis` | Skip analysis of `CocoaPods` dependencies | `false` |
 | `spm_checkouts_path` | Path to Swift Packages, if they are resolved | |
-| `pod_file_lock_path` | Path to the `Podfile.lock` file | |
-| `project_name` | The project's name | DependencyCheck |
+| `pod_file_lock_path` | Path to the `Podfile.lock` file. **Not implemented** | |
+| `project_path` | Path to the directory that contains an Xcode project, workspace or package. Defaults to the `root` | |
+| `project_name` | The project's name | `DependencyCheck` |
 | `output_directory` | The directory in which all reports will be stored | dependency-check |
 | `output_types` | Comma separated list of the output types (e.g. `html`, `xml`, `csv`, `json`, `junit`, `sarif`, `all`) | `sarif` |
-| `cli_version` | Specify the required version of DependencyCheck analyzer. *Not recommended* | |
-| `rsa_key` | Specify the RSA_KEY of DependencyCheck analyzer download. *Not recommended* | |
+| `cli_version` | Specify the required version of DependencyCheck analyzer. **Not recommended** | |
+| `rsa_key` | Specify the RSA_KEY of DependencyCheck analyzer download. **Not recommended** | |
 | `verbose` | The file path to write verbose logging information | |
 | `fail_on_cvss` | Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail | |
 | `junit_fail_on_cvss` | Specifies the CVSS score that is considered a failure when generating the junit report | |
@@ -47,3 +48,7 @@ vulnerabilities_count = dependency_check_ios_analyzer(
   fail_on_cvss: 7
 )
 ```
+
+## How to read the reports
+
+* [Docs](https://jeremylong.github.io/DependencyCheck/general/thereport.html)

data/lib/fastlane/plugin/dependency_check_ios_analyzer/actions/dependency_check_ios_analyzer_action.rb

@@ -11,7 +11,7 @@ module Fastlane
         params[:output_types] = Helper::AnalyzerHelper.parse_output_types(params[:output_types])
         bin_path = Helper::AnalyzerHelper.install(params)
         @success = Helper::SpmHelper.analize(bin_path: bin_path, params: params)
-        @vulnerabilities = Helper::AnalyzerHelper.parse_report("#{params[:output_directory]}/SPM/*.sarif")
+        @vulnerabilities = Helper::AnalyzerHelper.parse_report("#{params[:output_directory]}/SPM/report/*.sarif")
         on_exit(params)
       end
 
@@ -37,9 +37,9 @@ module Fastlane
       def self.example_code
         [
           vulnerabilities_count = dependency_check_ios_analyzer(
-            project_name: 'MyProject',
+            project_name: 'SampleProject',
             skip_pods_analysis: true,
-            output_types: 'HTML, JUNIT',
+            output_types: 'html, junit',
             fail_on_cvss: 7
           )
         ]
@@ -61,7 +61,7 @@ module Fastlane
           ),
           FastlaneCore::ConfigItem.new(
             key: :skip_pods_analysis,
-            description: 'Skip analysis of Cocoapods dependencies',
+            description: 'Skip analysis of CocoaPods dependencies',
             optional: true,
             default_value: false,
             is_string: false,
@@ -81,6 +81,13 @@ module Fastlane
             is_string: true,
             type: String
           ),
+          FastlaneCore::ConfigItem.new(
+            key: :project_path,
+            description: 'Path to the directory that contains an Xcode project, workspace or package. Defaults to root',
+            optional: true,
+            is_string: true,
+            type: String
+          ),
           FastlaneCore::ConfigItem.new(
             key: :project_name,
             description: "The project's name",

data/lib/fastlane/plugin/dependency_check_ios_analyzer/helper/spm_helper.rb

@@ -29,7 +29,7 @@ module Fastlane
               " --disableBundleAudit" \
               " --prettyPrint" \
               " --project #{params[:project_name]}" \
-              " --out #{params[:output_directory]}/SPM" \
+              " --out #{params[:output_directory]}/SPM/report" \
               " --failOnCVSS #{params[:fail_on_cvss]}" \
               " --scan #{checkouts_path}" \
               "#{params[:output_types]}" \
@@ -48,7 +48,16 @@ module Fastlane
         return params[:spm_checkouts_path] if params[:spm_checkouts_path]
 
         checkouts_path = "#{params[:output_directory]}/SPM/SourcePackages"
-        Actions.sh("set -o pipefail && xcodebuild -resolvePackageDependencies -clonedSourcePackagesDirPath #{checkouts_path}")
+        checkouts_path = "#{Dir.pwd}/#{checkouts_path}" unless params[:output_directory].include?(Dir.pwd)
+
+        if params[:project_path]
+          Actions.sh("cd #{params[:project_path]} && " \
+                     "set -o pipefail && " \
+                     "xcodebuild -resolvePackageDependencies -clonedSourcePackagesDirPath #{checkouts_path}")
+        else
+          Actions.sh("set -o pipefail && " \
+                     "xcodebuild -resolvePackageDependencies -clonedSourcePackagesDirPath #{checkouts_path}")
+        end
 
         UI.message("🎉 SPM checkouts path: #{checkouts_path}")
         checkouts_path

data/lib/fastlane/plugin/dependency_check_ios_analyzer/version.rb

@@ -1,5 +1,5 @@
 module Fastlane
   module DependencyCheckIosAnalyzer
-    VERSION = '0.1.0'
+    VERSION = '0.2.0'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fastlane-plugin-dependency_check_ios_analyzer
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Alexey Alter-Pesotskiy
@@ -108,6 +108,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: fasterer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.8.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.8.3
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement