foreman_cve_scanner 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +10 -5
- data/Rakefile +2 -3
- data/app/lib/actions/{cve_scanner_job.rb → foreman_cve_scanner/cve_scanner_job.rb} +10 -11
- data/app/services/foreman_cve_scanner/cve_report_scanner.rb +45 -48
- data/app/views/foreman_cve_scanner/job_templates/install_cve_scanners.erb +47 -9
- data/app/views/foreman_cve_scanner/job_templates/run_cve_scanner.erb +1 -1
- data/lib/foreman_cve_scanner/engine.rb +9 -8
- data/lib/foreman_cve_scanner/version.rb +1 -1
- data/lib/tasks/foreman_cve_scanner_tasks.rake +16 -0
- data/test/fixtures/grype.json +2970 -0
- data/test/fixtures/trivy.json +1765 -0
- data/test/services/foreman_cve_scanner/cve_report_scanner_test.rb +43 -0
- metadata +25 -44
- data/test/factories/foreman_cve_scanner_factories.rb +0 -5
- data/test/unit/foreman_cve_scanner_test.rb +0 -11
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
require 'test_plugin_helper'
|
|
2
|
+
|
|
3
|
+
module ForemanCveScanner
|
|
4
|
+
class CveReportScannerTest < ActiveSupport::TestCase
|
|
5
|
+
test 'should identify as cve scan' do
|
|
6
|
+
raw = {
|
|
7
|
+
'reporter' => 'cve_scan',
|
|
8
|
+
'scan' => JSON.parse(File.read(File.join(ForemanCveScanner::Engine.root, 'test/fixtures/grype.json')))
|
|
9
|
+
}
|
|
10
|
+
assert_equal ForemanCveScanner::CveReportScanner.identify_origin(raw), 'CveScanner'
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
test 'should raise an exception if invalid report' do
|
|
14
|
+
assert_raise Foreman::Exception do
|
|
15
|
+
@scanner = ForemanCveScanner::CveReportScanner.new({})
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
test 'trivy scan has valid data' do
|
|
20
|
+
data = JSON.parse(File.read(File.join(ForemanCveScanner::Engine.root, 'test/fixtures/trivy.json')))
|
|
21
|
+
raw = {
|
|
22
|
+
'reporter' => 'cve_scan',
|
|
23
|
+
'scan' => data
|
|
24
|
+
}
|
|
25
|
+
ForemanCveScanner::CveReportScanner.add_reporter_data(nil, raw)
|
|
26
|
+
assert_equal raw['logs'].count, 10
|
|
27
|
+
assert_equal raw['logs'][0]['log']['level'], 'info'
|
|
28
|
+
assert_equal raw['logs'][0]['log']['messages']['message'], 'CVE-2020-12762: json-c, libfastjson: integer overflow and out-of-bounds write via a large JSON file # url: https://avd.aquasec.com/nvd/cve-2020-12762'
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
test 'grype scan has valid data' do
|
|
32
|
+
data = JSON.parse(File.read(File.join(ForemanCveScanner::Engine.root, 'test/fixtures/grype.json')))
|
|
33
|
+
raw = {
|
|
34
|
+
'reporter' => 'cve_scan',
|
|
35
|
+
'scan' => data
|
|
36
|
+
}
|
|
37
|
+
ForemanCveScanner::CveReportScanner.add_reporter_data(nil, raw)
|
|
38
|
+
assert_equal raw['logs'].count, 18
|
|
39
|
+
assert_equal raw['logs'][0]['log']['level'], 'info'
|
|
40
|
+
assert_equal raw['logs'][0]['log']['messages']['message'], 'CVE-2007-0086: The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. # url: https://nvd.nist.gov/vuln/detail/CVE-2007-0086'
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
metadata
CHANGED
|
@@ -1,59 +1,36 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: foreman_cve_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Bernhard Suttner
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 2025-07-31 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
13
|
+
name: foreman_remote_execution
|
|
15
14
|
requirement: !ruby/object:Gem::Requirement
|
|
16
15
|
requirements:
|
|
17
16
|
- - ">="
|
|
18
17
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0'
|
|
20
|
-
|
|
21
|
-
prerelease: false
|
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
-
requirements:
|
|
24
|
-
- - ">="
|
|
18
|
+
version: '9.0'
|
|
19
|
+
- - "<"
|
|
25
20
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
27
|
-
|
|
28
|
-
name: rubocop
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - ">="
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: '0'
|
|
34
|
-
type: :development
|
|
21
|
+
version: '15'
|
|
22
|
+
type: :runtime
|
|
35
23
|
prerelease: false
|
|
36
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
25
|
requirements:
|
|
38
26
|
- - ">="
|
|
39
27
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '0'
|
|
41
|
-
-
|
|
42
|
-
name: rubocop-minitest
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - ">="
|
|
28
|
+
version: '9.0'
|
|
29
|
+
- - "<"
|
|
46
30
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '
|
|
48
|
-
type: :development
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - ">="
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '0'
|
|
31
|
+
version: '15'
|
|
55
32
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
33
|
+
name: rake
|
|
57
34
|
requirement: !ruby/object:Gem::Requirement
|
|
58
35
|
requirements:
|
|
59
36
|
- - ">="
|
|
@@ -67,7 +44,7 @@ dependencies:
|
|
|
67
44
|
- !ruby/object:Gem::Version
|
|
68
45
|
version: '0'
|
|
69
46
|
- !ruby/object:Gem::Dependency
|
|
70
|
-
name:
|
|
47
|
+
name: rdoc
|
|
71
48
|
requirement: !ruby/object:Gem::Requirement
|
|
72
49
|
requirements:
|
|
73
50
|
- - ">="
|
|
@@ -90,22 +67,23 @@ files:
|
|
|
90
67
|
- LICENSE
|
|
91
68
|
- README.md
|
|
92
69
|
- Rakefile
|
|
93
|
-
- app/lib/actions/cve_scanner_job.rb
|
|
70
|
+
- app/lib/actions/foreman_cve_scanner/cve_scanner_job.rb
|
|
94
71
|
- app/services/foreman_cve_scanner/cve_report_scanner.rb
|
|
95
72
|
- app/views/foreman_cve_scanner/job_templates/install_cve_scanners.erb
|
|
96
73
|
- app/views/foreman_cve_scanner/job_templates/run_cve_scanner.erb
|
|
97
74
|
- lib/foreman_cve_scanner.rb
|
|
98
75
|
- lib/foreman_cve_scanner/engine.rb
|
|
99
76
|
- lib/foreman_cve_scanner/version.rb
|
|
100
|
-
-
|
|
77
|
+
- lib/tasks/foreman_cve_scanner_tasks.rake
|
|
78
|
+
- test/fixtures/grype.json
|
|
79
|
+
- test/fixtures/trivy.json
|
|
80
|
+
- test/services/foreman_cve_scanner/cve_report_scanner_test.rb
|
|
101
81
|
- test/test_plugin_helper.rb
|
|
102
|
-
|
|
103
|
-
homepage: https://atix.de
|
|
82
|
+
homepage: https://github.com/ATIX-AG/foreman_cve_scanner
|
|
104
83
|
licenses:
|
|
105
84
|
- GPL-3.0
|
|
106
85
|
metadata:
|
|
107
86
|
is_foreman_plugin: 'true'
|
|
108
|
-
post_install_message:
|
|
109
87
|
rdoc_options: []
|
|
110
88
|
require_paths:
|
|
111
89
|
- lib
|
|
@@ -114,17 +92,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
114
92
|
- - ">="
|
|
115
93
|
- !ruby/object:Gem::Version
|
|
116
94
|
version: '2.7'
|
|
95
|
+
- - "<"
|
|
96
|
+
- !ruby/object:Gem::Version
|
|
97
|
+
version: '4'
|
|
117
98
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
118
99
|
requirements:
|
|
119
100
|
- - ">="
|
|
120
101
|
- !ruby/object:Gem::Version
|
|
121
102
|
version: '0'
|
|
122
103
|
requirements: []
|
|
123
|
-
rubygems_version: 3.
|
|
124
|
-
signing_key:
|
|
104
|
+
rubygems_version: 3.6.9
|
|
125
105
|
specification_version: 4
|
|
126
106
|
summary: Run CVE scan on host and collect report
|
|
127
107
|
test_files:
|
|
128
|
-
- test/
|
|
108
|
+
- test/fixtures/grype.json
|
|
109
|
+
- test/fixtures/trivy.json
|
|
110
|
+
- test/services/foreman_cve_scanner/cve_report_scanner_test.rb
|
|
129
111
|
- test/test_plugin_helper.rb
|
|
130
|
-
- test/unit/foreman_cve_scanner_test.rb
|