RubyGems - gitlab-bundler-audit-parser - Versions diffs - 1.0.0 - Mend

gitlab-bundler-audit-parser 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +7 -0
data/bin/gitlab-bundler-audit-parser +4 -0
data/lib/gitlab-bundler-audit-parser.rb +3 -0
data/lib/gitlab_bundler_audit_parser/scan_section.rb +32 -0
data/lib/gitlab_bundler_audit_parser/vulnerabilities_section.rb +101 -0
data/lib/gitlab_bundler_audit_parser.rb +41 -0
metadata +49 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 307ad98172f0c765c3aee802dadf86dddc58806b414036682ebcc04a43286c42
+  data.tar.gz: 02753ac8597da6598f1016c4e3135464590926127d91b94a317e2da8e10bce62
+SHA512:
+  metadata.gz: 0e268112f37475ffa75c880777eac1a0a365acfe11a5aece58eced387c689f968fd2a65a660e728967325f0fe0f6ef2803f309bc590bcf0c03dfca494cbcd692
+  data.tar.gz: 86d47cc9daff5217c85cdd07ead0812c6ff89c3f4529545243aaba58333d7a903e7677bb8000ccf27d85ad6e26f12da7f91b00e7f0e716f9a585109608757371

data/bin/gitlab-bundler-audit-parser ADDED Viewed

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require 'gitlab-bundler-audit-parser'
+GitlabBundlerAuditParser::Parser.run outfile: ARGV[0]

data/lib/gitlab-bundler-audit-parser.rb ADDED Viewed

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+require "#{File.dirname(__FILE__)}/gitlab_bundler_audit_parser"

data/lib/gitlab_bundler_audit_parser/scan_section.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+require 'time'
+module GitlabBundlerAuditParser
+  module ScanSection
+    private
+    def create_scan_section(audit)
+      {
+        scan: {
+          scanner: {
+            id: 'bundler-audit',
+            name: 'BundlerAudit',
+            url: 'https://github.com/rubysec/bundler-audit',
+            vendor: {
+              name: 'rubysec'
+            },
+            version: audit['version']
+          },
+          type: 'dependency_scanning',
+          start_time: parse_time(audit['created_at']),
+          end_time: parse_time(audit['created_at']),
+          status: 'success'
+        }
+      }
+    end
+    def parse_time(time)
+      Time.parse(time).strftime('%FT%T%:z')
+    end
+  end
+end

data/lib/gitlab_bundler_audit_parser/vulnerabilities_section.rb ADDED Viewed

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+module GitlabBundlerAuditParser
+  module VulnerabilitiesSection
+    private
+    def create_vulnerabilities_section(audit)
+      {
+        vulnerabilities: parse_vulnerabilities(audit)
+      }
+    end
+    def parse_vulnerabilities(audit)
+      vulnerabilities = []
+      audit['results'].each do |result|
+        vulnerabilities << parse_vulnerability(result)
+      end
+      vulnerabilities
+    end
+    def parse_vulnerability(result)
+      vulnerability = {
+        id: result['advisory']['id'],
+        category: 'dependency_scanning',
+        name: result['advisory']['title'],
+        message: result['advisory']['title'],
+        description: result['advisory']['description'],
+        cve: result['advisory']['cve'],
+        severity: result['advisory']['criticality'],
+        solution: solution(result)
+      }
+      vulnerability.merge! scanner
+      vulnerability.merge! location(result)
+      vulnerability.merge! identifiers(result)
+      vulnerability.merge! links(result)
+      vulnerability.merge! details(result)
+    end
+    def solution(result)
+      "Upgrade to #{result['advisory']['patched_versions'].join(', ')}"
+    end
+    def scanner
+      {
+        scanner: {
+          id: 'bundler-audit',
+          name: 'BundlerAudit'
+        }
+      }
+    end
+    def location(result)
+      {
+        location: {
+          file: 'Gemfile.lock',
+          dependency: {
+            package: {
+              name: result['gem']['name']
+            },
+            version: result['gem']['version']
+          }
+        }
+      }
+    end
+    def identifiers(result)
+      {
+        identifiers: [
+          {
+            type: 'cve',
+            name: "CVE-#{result['advisory']['cve']}",
+            value: "CVE-#{result['advisory']['cve']}",
+            url: result['advisory']['url']
+          }
+        ]
+      }
+    end
+    def links(result)
+      {
+        links: [
+          {
+            url: result['advisory']['url']
+          }
+        ]
+      }
+    end
+    def details(result)
+      {
+        details: {
+          vulnerable_package: {
+            name: 'Vulnerable Package',
+            type: 'text',
+            value: "#{result['gem']['name']}:#{result['gem']['version']}"
+          }
+        }
+      }
+    end
+  end
+end

data/lib/gitlab_bundler_audit_parser.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+require 'json'
+require 'gitlab_bundler_audit_parser/scan_section'
+require 'gitlab_bundler_audit_parser/vulnerabilities_section'
+module GitlabBundlerAuditParser
+  class Parser
+    include ScanSection
+    include VulnerabilitiesSection
+    def initialize(outfile: nil)
+      @outfile = outfile || 'gl-dependency-scanning-report.json'
+    end
+    def self.run(outfile: nil)
+      parser = new outfile: outfile
+      parser.parse
+      parser.create_audit
+      parser.ouput_audit
+    end
+    def parse
+      input = $stdin.read
+      @parsed_audit = JSON.parse(input)
+    end
+    def create_audit
+      @audit = {
+        version: @parsed_audit['version']
+      }
+      @audit.merge! create_vulnerabilities_section(@parsed_audit)
+      @audit.merge! create_scan_section(@parsed_audit)
+    end
+    def ouput_audit
+      encoded = JSON.generate(@audit)
+      File.write(@outfile, encoded)
+    end
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,49 @@
+--- !ruby/object:Gem::Specification
+name: gitlab-bundler-audit-parser
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Mathieu Clement
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-06-29 00:00:00.000000000 Z
+dependencies: []
+description:
+email: mcfly1893@gmail.com
+executables:
+- gitlab-bundler-audit-parser
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/gitlab-bundler-audit-parser
+- lib/gitlab-bundler-audit-parser.rb
+- lib/gitlab_bundler_audit_parser.rb
+- lib/gitlab_bundler_audit_parser/scan_section.rb
+- lib/gitlab_bundler_audit_parser/vulnerabilities_section.rb
+homepage: https://github.com/mclement18/gitlab-bundler-audit-parser
+licenses:
+- MIT
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.22
+signing_key:
+specification_version: 4
+summary: GitLab parser for bundler-audit gem output
+test_files: []