gitlab-bundler-audit-parser 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 307ad98172f0c765c3aee802dadf86dddc58806b414036682ebcc04a43286c42
4
+ data.tar.gz: 02753ac8597da6598f1016c4e3135464590926127d91b94a317e2da8e10bce62
5
+ SHA512:
6
+ metadata.gz: 0e268112f37475ffa75c880777eac1a0a365acfe11a5aece58eced387c689f968fd2a65a660e728967325f0fe0f6ef2803f309bc590bcf0c03dfca494cbcd692
7
+ data.tar.gz: 86d47cc9daff5217c85cdd07ead0812c6ff89c3f4529545243aaba58333d7a903e7677bb8000ccf27d85ad6e26f12da7f91b00e7f0e716f9a585109608757371
@@ -0,0 +1,4 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'gitlab-bundler-audit-parser'
4
+ GitlabBundlerAuditParser::Parser.run outfile: ARGV[0]
@@ -0,0 +1,3 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "#{File.dirname(__FILE__)}/gitlab_bundler_audit_parser"
@@ -0,0 +1,32 @@
1
+ # frozen_string_literal: true
2
+ require 'time'
3
+
4
+ module GitlabBundlerAuditParser
5
+ module ScanSection
6
+ private
7
+
8
+ def create_scan_section(audit)
9
+ {
10
+ scan: {
11
+ scanner: {
12
+ id: 'bundler-audit',
13
+ name: 'BundlerAudit',
14
+ url: 'https://github.com/rubysec/bundler-audit',
15
+ vendor: {
16
+ name: 'rubysec'
17
+ },
18
+ version: audit['version']
19
+ },
20
+ type: 'dependency_scanning',
21
+ start_time: parse_time(audit['created_at']),
22
+ end_time: parse_time(audit['created_at']),
23
+ status: 'success'
24
+ }
25
+ }
26
+ end
27
+
28
+ def parse_time(time)
29
+ Time.parse(time).strftime('%FT%T%:z')
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,101 @@
1
+ # frozen_string_literal: true
2
+
3
+ module GitlabBundlerAuditParser
4
+ module VulnerabilitiesSection
5
+ private
6
+
7
+ def create_vulnerabilities_section(audit)
8
+ {
9
+ vulnerabilities: parse_vulnerabilities(audit)
10
+ }
11
+ end
12
+
13
+ def parse_vulnerabilities(audit)
14
+ vulnerabilities = []
15
+ audit['results'].each do |result|
16
+ vulnerabilities << parse_vulnerability(result)
17
+ end
18
+ vulnerabilities
19
+ end
20
+
21
+ def parse_vulnerability(result)
22
+ vulnerability = {
23
+ id: result['advisory']['id'],
24
+ category: 'dependency_scanning',
25
+ name: result['advisory']['title'],
26
+ message: result['advisory']['title'],
27
+ description: result['advisory']['description'],
28
+ cve: result['advisory']['cve'],
29
+ severity: result['advisory']['criticality'],
30
+ solution: solution(result)
31
+ }
32
+ vulnerability.merge! scanner
33
+ vulnerability.merge! location(result)
34
+ vulnerability.merge! identifiers(result)
35
+ vulnerability.merge! links(result)
36
+ vulnerability.merge! details(result)
37
+ end
38
+
39
+ def solution(result)
40
+ "Upgrade to #{result['advisory']['patched_versions'].join(', ')}"
41
+ end
42
+
43
+ def scanner
44
+ {
45
+ scanner: {
46
+ id: 'bundler-audit',
47
+ name: 'BundlerAudit'
48
+ }
49
+ }
50
+ end
51
+
52
+ def location(result)
53
+ {
54
+ location: {
55
+ file: 'Gemfile.lock',
56
+ dependency: {
57
+ package: {
58
+ name: result['gem']['name']
59
+ },
60
+ version: result['gem']['version']
61
+ }
62
+ }
63
+ }
64
+ end
65
+
66
+ def identifiers(result)
67
+ {
68
+ identifiers: [
69
+ {
70
+ type: 'cve',
71
+ name: "CVE-#{result['advisory']['cve']}",
72
+ value: "CVE-#{result['advisory']['cve']}",
73
+ url: result['advisory']['url']
74
+ }
75
+ ]
76
+ }
77
+ end
78
+
79
+ def links(result)
80
+ {
81
+ links: [
82
+ {
83
+ url: result['advisory']['url']
84
+ }
85
+ ]
86
+ }
87
+ end
88
+
89
+ def details(result)
90
+ {
91
+ details: {
92
+ vulnerable_package: {
93
+ name: 'Vulnerable Package',
94
+ type: 'text',
95
+ value: "#{result['gem']['name']}:#{result['gem']['version']}"
96
+ }
97
+ }
98
+ }
99
+ end
100
+ end
101
+ end
@@ -0,0 +1,41 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'json'
4
+ require 'gitlab_bundler_audit_parser/scan_section'
5
+ require 'gitlab_bundler_audit_parser/vulnerabilities_section'
6
+
7
+ module GitlabBundlerAuditParser
8
+ class Parser
9
+ include ScanSection
10
+ include VulnerabilitiesSection
11
+
12
+ def initialize(outfile: nil)
13
+ @outfile = outfile || 'gl-dependency-scanning-report.json'
14
+ end
15
+
16
+ def self.run(outfile: nil)
17
+ parser = new outfile: outfile
18
+ parser.parse
19
+ parser.create_audit
20
+ parser.ouput_audit
21
+ end
22
+
23
+ def parse
24
+ input = $stdin.read
25
+ @parsed_audit = JSON.parse(input)
26
+ end
27
+
28
+ def create_audit
29
+ @audit = {
30
+ version: @parsed_audit['version']
31
+ }
32
+ @audit.merge! create_vulnerabilities_section(@parsed_audit)
33
+ @audit.merge! create_scan_section(@parsed_audit)
34
+ end
35
+
36
+ def ouput_audit
37
+ encoded = JSON.generate(@audit)
38
+ File.write(@outfile, encoded)
39
+ end
40
+ end
41
+ end
metadata ADDED
@@ -0,0 +1,49 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: gitlab-bundler-audit-parser
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Mathieu Clement
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2022-06-29 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description:
14
+ email: mcfly1893@gmail.com
15
+ executables:
16
+ - gitlab-bundler-audit-parser
17
+ extensions: []
18
+ extra_rdoc_files: []
19
+ files:
20
+ - bin/gitlab-bundler-audit-parser
21
+ - lib/gitlab-bundler-audit-parser.rb
22
+ - lib/gitlab_bundler_audit_parser.rb
23
+ - lib/gitlab_bundler_audit_parser/scan_section.rb
24
+ - lib/gitlab_bundler_audit_parser/vulnerabilities_section.rb
25
+ homepage: https://github.com/mclement18/gitlab-bundler-audit-parser
26
+ licenses:
27
+ - MIT
28
+ metadata:
29
+ rubygems_mfa_required: 'true'
30
+ post_install_message:
31
+ rdoc_options: []
32
+ require_paths:
33
+ - lib
34
+ required_ruby_version: !ruby/object:Gem::Requirement
35
+ requirements:
36
+ - - ">="
37
+ - !ruby/object:Gem::Version
38
+ version: 3.0.2
39
+ required_rubygems_version: !ruby/object:Gem::Requirement
40
+ requirements:
41
+ - - ">="
42
+ - !ruby/object:Gem::Version
43
+ version: '0'
44
+ requirements: []
45
+ rubygems_version: 3.2.22
46
+ signing_key:
47
+ specification_version: 4
48
+ summary: GitLab parser for bundler-audit gem output
49
+ test_files: []