RubyGems - fastlane-plugin-seclane - Versions diffs - 1.0.0 → 1.0.1 - Mend

fastlane-plugin-seclane 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/fastlane/plugin/seclane/actions/seclane_scan_action.rb +135 -65
data/lib/fastlane/plugin/seclane/version.rb +1 -1
metadata +1 -15

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 784dd68429a97b3d8e10a7a2641850c3061d9fd15c5519f2f8b284f3cd6c3911
-  data.tar.gz: 16e2bf24282d861bf7b68453a41223d493aaff3098affdd9bcc06fa1cee4adff
+  metadata.gz: 115fb009ca9775fe981b9e4d60963a747a9ae061314c890bbb54a250b1d19e66
+  data.tar.gz: 384da5ee580f34b77121d56821afd5924cfedf388aa6b169e75db88f62d61799
 SHA512:
-  metadata.gz: 4e27c5fd15088c5fab4159eb4da6bab220dd67129ce2fbace7e7070ab315d89e59b65590c45709a2963c2951f4f1bbbde926e872df3d5c50455821294bbac54e
-  data.tar.gz: 63c04aff74bdd23d9291c346f1574339420798f61e0b6b0d2e25ccb779d5fdf8bd9e4f21128a75bfe94036541310764ebd9e5f00aa7334a086a9903935dee4ff
+  metadata.gz: 27da8ab0bc8d46f630f8a7dca0bea3d3424266f4b3958b02e9ef38575983bdbe8d7429e96fa8163b9432f6f9eaf953b7dbcf429342eff9ee5c49a716f4010d99
+  data.tar.gz: e966b7846584da5c34b17d29963d7c7da9236cd518957ba0a28cf9c750353646738dc132b67c0f9dd7bdeed15386602ad2b5abcdb79c6485a0cee3d912deeab2

data/lib/fastlane/plugin/seclane/actions/seclane_scan_action.rb CHANGED Viewed

@@ -1,39 +1,126 @@
-require "seclane"
+require "json"
+require "open-uri"
+require "fileutils"
 module Fastlane
   module Actions
     class SeclaneScanAction < Action
+      SECLANE_VERSION = "1.0.1"
       def self.run(params)
-        config = ::Seclane::Configuration.new(
-          platform: params[:platform],
-          scan_mode: params[:scan_mode],
-          base_branch: params[:base_branch],
-          severity_threshold: params[:severity_threshold],
-          fail_on_severity: params[:fail_on_severity],
-          fail_on_count: params[:fail_on_count],
-          custom_patterns: params[:custom_patterns],
-          exclude_patterns: params[:exclude_patterns],
-          disabled_rules: params[:disabled_rules],
-          disabled_categories: params[:disabled_categories],
-          output_format: params[:output_format],
-          config_file: params[:config_file]
-        )
-        scanner = ::Seclane::Scanner.new(config)
-        scanner.run
-        report = scanner.report
+        binary = ensure_binary(params[:version] || SECLANE_VERSION)
+        args = [
+          "scan",
+          "--platform", params[:platform],
+          "--scan-mode", params[:scan_mode],
+          "--base-branch", params[:base_branch],
+          "--severity-threshold", params[:severity_threshold],
+          "--fail-on-severity", params[:fail_on_severity],
+          "--fail-on-count", params[:fail_on_count].to_s,
+          "--output-format", params[:output_format],
+          "--config-file", params[:config_file],
+          "--json-stdout"
+        ]
+        if params[:custom_patterns] && !params[:custom_patterns].empty?
+          args += ["--custom-patterns", params[:custom_patterns].join(",")]
+        end
+        if params[:exclude_patterns] && !params[:exclude_patterns].empty?
+          args += ["--exclude-patterns", params[:exclude_patterns].join(",")]
+        end
+        if params[:disabled_rules] && !params[:disabled_rules].empty?
+          args += ["--disabled-rules", params[:disabled_rules].join(",")]
+        end
+        if params[:disabled_categories] && !params[:disabled_categories].empty?
+          args += ["--disabled-categories", params[:disabled_categories].join(",")]
+        end
+        report_file = File.join(Dir.tmpdir, "seclane-report.#{params[:output_format]}")
+        args += ["--output-file", report_file]
+        cmd = ([binary] + args).shelljoin
+        output = `#{cmd} 2>&1`
+        exit_code = $?.exitstatus
+        if exit_code == 2
+          UI.user_error!("Seclane configuration error: #{output}")
+        end
+        report = File.exist?(report_file) ? File.read(report_file) : output
         UI.message(report)
-        findings = scanner.filtered_findings
-        Actions.lane_context[SharedValues::SECLANE_FINDINGS_COUNT] = findings.length
+        findings_count = 0
+        begin
+          parsed = JSON.parse(output.strip.split("\n").last)
+          findings_count = parsed["findings_count"] || 0
+        rescue JSON::ParserError
+        end
+        Actions.lane_context[SharedValues::SECLANE_FINDINGS_COUNT] = findings_count
         Actions.lane_context[SharedValues::SECLANE_REPORT] = report
-        if scanner.failed?
-          UI.user_error!("Seclane found #{findings.length} secret(s) meeting the failure threshold")
+        if exit_code == 1
+          UI.user_error!("Seclane found #{findings_count} secret(s) meeting the failure threshold")
+        end
+        findings_count
+      end
+      def self.ensure_binary(version)
+        unless version.match?(/\A\d+\.\d+\.\d+\z/)
+          UI.user_error!("Invalid version format: #{version}. Must be X.Y.Z")
+        end
+        bin_dir = File.join(Dir.home, ".seclane", "bin")
+        FileUtils.mkdir_p(bin_dir)
+        os = RUBY_PLATFORM.include?("darwin") ? "darwin" : "linux"
+        if RUBY_PLATFORM =~ /mingw|mswin|cygwin/
+          UI.user_error!("Seclane does not support Windows. Supported platforms: Linux (amd64, arm64), macOS (amd64, arm64).")
+        end
+        arch = case RUBY_PLATFORM
+               when /arm64|aarch64/ then "arm64"
+               else "amd64"
+               end
+        binary = File.join(bin_dir, "seclane-#{version}")
+        unless File.executable?(binary)
+          base_url = "https://github.com/tsvetilian-ty/seclane/releases/download/v#{version}"
+          bin_url = "#{base_url}/seclane-#{os}-#{arch}"
+          checksums_url = "#{base_url}/checksums.txt"
+          UI.message("Downloading seclane v#{version}...")
+          URI.open(bin_url) do |remote|
+            File.open(binary, "wb") { |f| f.write(remote.read) }
+          end
+          require "digest"
+          actual_sha256 = Digest::SHA256.file(binary).hexdigest
+          begin
+            checksums_content = URI.open(checksums_url).read
+            expected_line = checksums_content.lines.find { |l| l.include?("seclane-#{os}-#{arch}") }
+            if expected_line
+              expected_sha256 = expected_line.strip.split(/\s+/).first
+              unless actual_sha256 == expected_sha256
+                File.delete(binary) if File.exist?(binary)
+                UI.user_error!("Checksum verification failed for seclane binary. Expected #{expected_sha256}, got #{actual_sha256}")
+              end
+            else
+              UI.important("Could not find checksum entry for seclane-#{os}-#{arch} in checksums.txt, skipping verification")
+            end
+          rescue OpenURI::HTTPError => e
+            UI.important("Could not download checksums.txt (#{e.message}), skipping verification")
+          end
+          FileUtils.chmod(0o755, binary)
         end
-        findings.length
+        binary
       end
       def self.description
@@ -49,7 +136,7 @@ module Fastlane
       end
       def self.details
-        "Uses git diff to detect changed files and scans them for hardcoded secrets, API keys, tokens, private keys, and other sensitive data. Supports Android and iOS specific patterns."
+        "Uses git diff to detect changed files and scans them for hardcoded secrets, API keys, tokens, private keys, and other sensitive data. Supports Android, iOS, Flutter, and React Native."
       end
       def self.available_options
@@ -59,12 +146,7 @@ module Fastlane
             env_name: "SECLANE_PLATFORM",
             description: "Target platform: 'android', 'ios', 'flutter', 'react_native'",
             optional: false,
-            type: String,
-            verify_block: proc do |value|
-              unless %w[android ios flutter react_native].include?(value)
-                UI.user_error!("Invalid platform: #{value}. Must be 'android', 'ios', 'flutter', or 'react_native'")
-              end
-            end
+            type: String
           ),
           FastlaneCore::ConfigItem.new(
             key: :scan_mode,
@@ -72,12 +154,7 @@ module Fastlane
             description: "Scan mode: 'diff' for changed files only, 'full' for all files",
             default_value: "diff",
             optional: true,
-            type: String,
-            verify_block: proc do |value|
-              unless %w[diff full].include?(value)
-                UI.user_error!("Invalid scan_mode: #{value}. Must be 'diff' or 'full'")
-              end
-            end
+            type: String
           ),
           FastlaneCore::ConfigItem.new(
             key: :base_branch,
@@ -93,12 +170,7 @@ module Fastlane
             description: "Minimum severity to report: 'low', 'medium', 'high'",
             default_value: "low",
             optional: true,
-            type: String,
-            verify_block: proc do |value|
-              unless %w[low medium high].include?(value)
-                UI.user_error!("Invalid severity_threshold: #{value}")
-              end
-            end
+            type: String
           ),
           FastlaneCore::ConfigItem.new(
             key: :fail_on_severity,
@@ -106,17 +178,12 @@ module Fastlane
             description: "Fail the lane at this severity: 'low', 'medium', 'high', 'none'",
             default_value: "high",
             optional: true,
-            type: String,
-            verify_block: proc do |value|
-              unless %w[low medium high none].include?(value)
-                UI.user_error!("Invalid fail_on_severity: #{value}")
-              end
-            end
+            type: String
           ),
           FastlaneCore::ConfigItem.new(
             key: :fail_on_count,
             env_name: "SECLANE_FAIL_ON_COUNT",
-            description: "Number of findings at fail severity needed to fail the lane (default: 1)",
+            description: "Number of findings at fail severity needed to fail the lane",
             default_value: 1,
             optional: true,
             type: Integer
@@ -137,19 +204,6 @@ module Fastlane
             optional: true,
             type: Array
           ),
-          FastlaneCore::ConfigItem.new(
-            key: :output_format,
-            env_name: "SECLANE_OUTPUT_FORMAT",
-            description: "Output format: 'text', 'json', 'junit', 'markdown'",
-            default_value: "text",
-            optional: true,
-            type: String,
-            verify_block: proc do |value|
-              unless %w[text json junit markdown sonarqube].include?(value)
-                UI.user_error!("Invalid output_format: #{value}")
-              end
-            end
-          ),
           FastlaneCore::ConfigItem.new(
             key: :disabled_rules,
             env_name: "SECLANE_DISABLED_RULES",
@@ -161,11 +215,19 @@ module Fastlane
           FastlaneCore::ConfigItem.new(
             key: :disabled_categories,
             env_name: "SECLANE_DISABLED_CATEGORIES",
-            description: "List of rule categories to disable (e.g., 'ai_provider', 'saas_tokens')",
+            description: "List of rule categories to disable",
             default_value: [],
             optional: true,
             type: Array
           ),
+          FastlaneCore::ConfigItem.new(
+            key: :output_format,
+            env_name: "SECLANE_OUTPUT_FORMAT",
+            description: "Output format: 'text', 'json', 'junit', 'markdown', 'sonarqube'",
+            default_value: "text",
+            optional: true,
+            type: String
+          ),
           FastlaneCore::ConfigItem.new(
             key: :config_file,
             env_name: "SECLANE_CONFIG_FILE",
@@ -173,6 +235,14 @@ module Fastlane
             default_value: ".seclane.yml",
             optional: true,
             type: String
+          ),
+          FastlaneCore::ConfigItem.new(
+            key: :version,
+            env_name: "SECLANE_VERSION",
+            description: "Seclane CLI version to download",
+            default_value: SECLANE_VERSION,
+            optional: true,
+            type: String
           )
         ]
       end

data/lib/fastlane/plugin/seclane/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Fastlane
   module Seclane
-    VERSION = "1.0.0"
+    VERSION = "1.0.1"
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fastlane-plugin-seclane
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Seclane by Cluelane
@@ -10,20 +10,6 @@ bindir: bin
 cert_chain: []
 date: 2026-03-29 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: seclane-core
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement