fastlane-plugin-dependency_check_ios_analyzer 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/actions/dependency_check_ios_analyzer_action.rb +4 -4
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/helper/configuration_helper.rb +16 -11
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9ef35dee5ad3ab22fd56bfaf812d32cd3583eafaa89774396d564a62f6631230
|
|
4
|
+
data.tar.gz: c44a3437fe94b288b9ea0cbf8dce854a5e12b7ee3c23a197a6288be659a81ab1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e9a8999284bec6d083ac6fc8bf2d77ac5b55b8edbf5cadfd6ce6a43b4ab6cd105c24d7820294bfc37ec768d364562095fa1e87ddbcc6a39aaf88133c0eb93050
|
|
7
|
+
data.tar.gz: 59dc152c71bc7fe5b6aa00687cfd60dd7fee57ee5370243d982ca5639dffa9e62f5877b9b213612632d748e2e4108c0ffcb3a02594fa750fab38f3e5e3fdee4c
|
data/README.md
CHANGED
|
@@ -21,7 +21,7 @@ This analyzer is considered experimental. While it may be useful and provide val
|
|
|
21
21
|
| `output_directory` | The directory in which all reports will be stored | `dependency-check` |
|
|
22
22
|
| `output_types` | Comma separated list of the output types (e.g. `html`, `xml`, `csv`, `json`, `junit`, `sarif`, `all`) | `sarif` |
|
|
23
23
|
| `cli_version` | Overwrite the version of `DependencyCheck` analyzer | `6.1.6` |
|
|
24
|
-
| `
|
|
24
|
+
| `verify_integrity` | Verify the cryptographic integrity of the tool before starting an analysis | `false` |
|
|
25
25
|
| `verbose` | The file path to write verbose logging information | |
|
|
26
26
|
| `fail_on_cvss` | Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail | `11` |
|
|
27
27
|
| `junit_fail_on_cvss` | Specifies the CVSS score that is considered a failure when generating the junit report | `0` |
|
|
@@ -115,11 +115,11 @@ module Fastlane
|
|
|
115
115
|
type: String
|
|
116
116
|
),
|
|
117
117
|
FastlaneCore::ConfigItem.new(
|
|
118
|
-
key: :
|
|
119
|
-
description: '
|
|
118
|
+
key: :verify_integrity,
|
|
119
|
+
description: 'Verify the cryptographic integrity of the tool before starting an analysis',
|
|
120
120
|
optional: true,
|
|
121
|
-
is_string:
|
|
122
|
-
type:
|
|
121
|
+
is_string: false,
|
|
122
|
+
type: Boolean
|
|
123
123
|
),
|
|
124
124
|
FastlaneCore::ConfigItem.new(
|
|
125
125
|
key: :verbose,
|
|
@@ -11,11 +11,9 @@ module Fastlane
|
|
|
11
11
|
repo = 'https://github.com/jeremylong/DependencyCheck'
|
|
12
12
|
name = 'dependency-check'
|
|
13
13
|
version = params[:cli_version] ? params[:cli_version] : '6.1.6'
|
|
14
|
-
gpg_key = params[:gpg_key] ? params[:gpg_key] : 'F9514E84AE3708288374BBBE097586CFEA37F9A6'
|
|
15
14
|
base_url = "#{repo}/releases/download/v#{version}/#{name}-#{version}-release"
|
|
16
15
|
bin_path = "#{params[:output_directory]}/#{name}/bin/#{name}.sh"
|
|
17
16
|
zip_path = "#{params[:output_directory]}/#{name}.zip"
|
|
18
|
-
asc_path = "#{zip_path}.asc"
|
|
19
17
|
|
|
20
18
|
unless File.exist?(bin_path)
|
|
21
19
|
FileUtils.mkdir_p(params[:output_directory])
|
|
@@ -27,17 +25,13 @@ module Fastlane
|
|
|
27
25
|
File.open(zip_path, 'w+') { |f| f.write(curl.body_str) }
|
|
28
26
|
end
|
|
29
27
|
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
File.open(asc_path, 'w+') { |f| f.write(curl.body_str) }
|
|
34
|
-
|
|
35
|
-
verify_cryptographic_integrity(asc_path: asc_path, gpg_key: gpg_key)
|
|
28
|
+
if params[:verify_integrity]
|
|
29
|
+
verify_cryptographic_integrity(zip_path: zip_path, base_url: base_url)
|
|
30
|
+
end
|
|
36
31
|
|
|
37
32
|
unzip(file: zip_path, params: params)
|
|
38
33
|
|
|
39
34
|
FileUtils.rm_rf(zip_path)
|
|
40
|
-
FileUtils.rm_rf(asc_path)
|
|
41
35
|
end
|
|
42
36
|
|
|
43
37
|
bin_path
|
|
@@ -70,13 +64,24 @@ module Fastlane
|
|
|
70
64
|
end
|
|
71
65
|
end
|
|
72
66
|
|
|
73
|
-
|
|
74
|
-
|
|
67
|
+
def self.verify_cryptographic_integrity(zip_path:, base_url:)
|
|
68
|
+
asc_url = "#{base_url}.zip.asc"
|
|
69
|
+
UI.message("🚀 Downloading associated GPG signature file: #{asc_url}")
|
|
70
|
+
curl = Curl.get(asc_url) { |curl| curl.follow_location = true }
|
|
71
|
+
|
|
72
|
+
asc_path = "#{zip_path}.asc"
|
|
73
|
+
File.open(asc_path, 'w+') { |f| f.write(curl.body_str) }
|
|
74
|
+
|
|
75
|
+
# https://jeremylong.github.io/DependencyCheck/dependency-check-cli/
|
|
76
|
+
gpg_key = 'F9514E84AE3708288374BBBE097586CFEA37F9A6'
|
|
77
|
+
|
|
75
78
|
UI.message("🕵️ Verifying the cryptographic integrity")
|
|
76
79
|
# Import the GPG key used to sign all DependencyCheck releases
|
|
77
80
|
Actions.sh("gpg --keyserver hkp://keys.gnupg.net --recv-keys #{gpg_key}")
|
|
78
81
|
# Verify the cryptographic integrity
|
|
79
82
|
Actions.sh("gpg --verify #{asc_path}")
|
|
83
|
+
|
|
84
|
+
FileUtils.rm_rf(asc_path)
|
|
80
85
|
end
|
|
81
86
|
end
|
|
82
87
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fastlane-plugin-dependency_check_ios_analyzer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexey Alter-Pesotskiy
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-05-
|
|
11
|
+
date: 2021-05-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: curb
|