fastlane-plugin-dependency_check_ios_analyzer 1.1.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -2
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/actions/dependency_check_ios_analyzer_action.rb +0 -7
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/helper/configuration_helper.rb +1 -25
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7558dd5b5b9ea0f549e3db5b52b55b7e92f2a09f416c0c8d887af72fbf8ca957
|
|
4
|
+
data.tar.gz: 3dc1036d2ac5c6aaeb6190e4b2d9f15fd747ff3e716e21248aba0228e30d3ff4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: af7f6ea2260834ae295d95263fae7735daafd909592fc78d561f1cf79f544d7e1f700bec73d781a9d1285f1abc16c123554a5d5824e3ee9a4aa68c54b5e3c9b7
|
|
7
|
+
data.tar.gz: 1000a9c5781c6a19d25f0c1d86f82d0cd9f2b7464d1c7813cbc3d78e9b588686abcb4ccebfb29e01cc55b006a48d47e91db1cbb86d4baa552bcd882dca916a8a
|
data/README.md
CHANGED
|
@@ -20,8 +20,7 @@ This analyzer is considered experimental. While it may be useful and provide val
|
|
|
20
20
|
| `project_name` | The project's name | `DependencyCheck` |
|
|
21
21
|
| `output_directory` | The directory in which all reports will be stored | `dependency-check` |
|
|
22
22
|
| `output_types` | Comma separated list of the output types (e.g. `html`, `xml`, `csv`, `json`, `junit`, `sarif`, `all`) | `sarif` |
|
|
23
|
-
| `cli_version` | Overwrite the version of `DependencyCheck` analyzer | `6.
|
|
24
|
-
| `verify_integrity` | Verify the cryptographic integrity of the tool before starting an analysis | `false` |
|
|
23
|
+
| `cli_version` | Overwrite the version of `DependencyCheck` analyzer | `6.2.2` |
|
|
25
24
|
| `verbose` | The file path to write verbose logging information | |
|
|
26
25
|
| `fail_on_cvss` | Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail | `11` |
|
|
27
26
|
| `junit_fail_on_cvss` | Specifies the CVSS score that is considered a failure when generating the junit report | `0` |
|
|
@@ -114,13 +114,6 @@ module Fastlane
|
|
|
114
114
|
is_string: true,
|
|
115
115
|
type: String
|
|
116
116
|
),
|
|
117
|
-
FastlaneCore::ConfigItem.new(
|
|
118
|
-
key: :verify_integrity,
|
|
119
|
-
description: 'Verify the cryptographic integrity of the tool before starting an analysis',
|
|
120
|
-
optional: true,
|
|
121
|
-
is_string: false,
|
|
122
|
-
type: Boolean
|
|
123
|
-
),
|
|
124
117
|
FastlaneCore::ConfigItem.new(
|
|
125
118
|
key: :verbose,
|
|
126
119
|
description: 'The file path to write verbose logging information',
|
|
@@ -10,7 +10,7 @@ module Fastlane
|
|
|
10
10
|
def self.install(params)
|
|
11
11
|
repo = 'https://github.com/jeremylong/DependencyCheck'
|
|
12
12
|
name = 'dependency-check'
|
|
13
|
-
version = params[:cli_version] ? params[:cli_version] : '6.
|
|
13
|
+
version = params[:cli_version] ? params[:cli_version] : '6.2.2'
|
|
14
14
|
base_url = "#{repo}/releases/download/v#{version}/#{name}-#{version}-release"
|
|
15
15
|
bin_path = "#{params[:output_directory]}/#{name}/bin/#{name}.sh"
|
|
16
16
|
zip_path = "#{params[:output_directory]}/#{name}.zip"
|
|
@@ -25,10 +25,6 @@ module Fastlane
|
|
|
25
25
|
File.open(zip_path, 'w+') { |f| f.write(curl.body_str) }
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
if params[:verify_integrity]
|
|
29
|
-
verify_cryptographic_integrity(zip_path: zip_path, base_url: base_url)
|
|
30
|
-
end
|
|
31
|
-
|
|
32
28
|
unzip(file: zip_path, params: params)
|
|
33
29
|
|
|
34
30
|
FileUtils.rm_rf(zip_path)
|
|
@@ -63,26 +59,6 @@ module Fastlane
|
|
|
63
59
|
end
|
|
64
60
|
end
|
|
65
61
|
end
|
|
66
|
-
|
|
67
|
-
def self.verify_cryptographic_integrity(zip_path:, base_url:)
|
|
68
|
-
asc_url = "#{base_url}.zip.asc"
|
|
69
|
-
UI.message("🚀 Downloading associated GPG signature file: #{asc_url}")
|
|
70
|
-
curl = Curl.get(asc_url) { |curl| curl.follow_location = true }
|
|
71
|
-
|
|
72
|
-
asc_path = "#{zip_path}.asc"
|
|
73
|
-
File.open(asc_path, 'w+') { |f| f.write(curl.body_str) }
|
|
74
|
-
|
|
75
|
-
# https://jeremylong.github.io/DependencyCheck/dependency-check-cli/
|
|
76
|
-
gpg_key = 'F9514E84AE3708288374BBBE097586CFEA37F9A6'
|
|
77
|
-
|
|
78
|
-
UI.message("🕵️ Verifying the cryptographic integrity")
|
|
79
|
-
# Import the GPG key used to sign all DependencyCheck releases
|
|
80
|
-
Actions.sh("gpg --keyserver hkp://keys.gnupg.net --recv-keys #{gpg_key}")
|
|
81
|
-
# Verify the cryptographic integrity
|
|
82
|
-
Actions.sh("gpg --verify #{asc_path}")
|
|
83
|
-
|
|
84
|
-
FileUtils.rm_rf(asc_path)
|
|
85
|
-
end
|
|
86
62
|
end
|
|
87
63
|
end
|
|
88
64
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fastlane-plugin-dependency_check_ios_analyzer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexey Alter-Pesotskiy
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-07-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: curb
|