gitlab-security_report_schemas 0.1.2.min15.0.0.max15.2.0 → 0.1.3.min15.0.0.max15.2.1

data/supported_versions

@@ -11,3 +11,4 @@
 15.1.3
 15.1.4
 15.2.0
+15.2.1

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-security_report_schemas
 version: !ruby/object:Gem::Version
-  version: 0.1.2.min15.0.0.max15.2.0
+  version: 0.1.3.min15.0.0.max15.2.1
 platform: ruby
 authors:
 - GitLab
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-08-15 00:00:00.000000000 Z
+date: 2025-03-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -44,6 +44,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: mutex_m
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
 description:
 email:
 - gitlab_rubygems@gitlab.com
@@ -73,12 +87,6 @@ files:
 - lib/gitlab/security_report_schemas/cli/schema_downloader.rb
 - lib/gitlab/security_report_schemas/cli/validator.rb
 - lib/gitlab/security_report_schemas/configuration.rb
-- lib/gitlab/security_report_schemas/release/bundler.rb
-- lib/gitlab/security_report_schemas/release/gemfile.rb
-- lib/gitlab/security_report_schemas/release/issue.rb
-- lib/gitlab/security_report_schemas/release/merge_request.rb
-- lib/gitlab/security_report_schemas/release/templates/issue_description.erb
-- lib/gitlab/security_report_schemas/release/workflow.rb
 - lib/gitlab/security_report_schemas/schema.rb
 - lib/gitlab/security_report_schemas/schema_ver.rb
 - lib/gitlab/security_report_schemas/utils/string_refinements.rb
@@ -177,6 +185,13 @@ files:
 - schemas/15.2.0/dependency-scanning-report-format.json
 - schemas/15.2.0/sast-report-format.json
 - schemas/15.2.0/secret-detection-report-format.json
+- schemas/15.2.1/cluster-image-scanning-report-format.json
+- schemas/15.2.1/container-scanning-report-format.json
+- schemas/15.2.1/coverage-fuzzing-report-format.json
+- schemas/15.2.1/dast-report-format.json
+- schemas/15.2.1/dependency-scanning-report-format.json
+- schemas/15.2.1/sast-report-format.json
+- schemas/15.2.1/secret-detection-report-format.json
 - supported_versions
 homepage: https://gitlab.com/gitlab-org/ruby/gems/gitlab-security_report_schemas
 licenses:

data/lib/gitlab/security_report_schemas/release/bundler.rb

@@ -1,34 +0,0 @@
-# frozen_string_literal: true
-
-module Gitlab
-  module SecurityReportSchemas
-    module Release
-      # Wrapper around bundle(1).
-      module Bundler
-        extend self
-
-        def install!
-          run("bundle install")
-        end
-
-        def checksum!
-          run("bundle exec bundler-checksum init")
-        end
-
-        def verify_checksum!
-          run("bundle exec bundler-checksum verify")
-        end
-
-        private
-
-        def run(command)
-          # Bundler modifies RUBYOPT and RUBYLIB which makes bundle(1) attempt
-          # to load from our gem environment instead of from the GitLab environment.
-          ::Bundler.with_unbundled_env do
-            system(command) || raise("non-zero exit code: `#{command}`")
-          end
-        end
-      end
-    end
-  end
-end

data/lib/gitlab/security_report_schemas/release/gemfile.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-require "tempfile"
-
-module Gitlab
-  module SecurityReportSchemas
-    module Release
-      # Changes or adds a dependency version to a Gemfile.
-      class Gemfile
-        SUBSTITUTION_REGEX_TEMPLATE = %{gem ['"]%s['"], ['"](.*)['"]}
-        FEATURE_CATEGORY = :vulnerability_management
-
-        def self.update!(workflow)
-          File.open(workflow.gemfile_path, "r+").tap do |file|
-            new(file).rewrite!(workflow.class::DEPENDENCY, workflow.gem_version)
-          end
-        end
-
-        attr_reader :file
-
-        def initialize(file)
-          @file = file
-        end
-
-        private_class_method :new
-
-        def rewrite!(dependency, version)
-          contents = file.read
-
-          file.seek(0)
-          file.truncate(0)
-          file.puts(substituted_content(contents, dependency, version))
-        end
-
-        private
-
-        def substituted_content(contents, dependency, version)
-          regex = Regexp.new(SUBSTITUTION_REGEX_TEMPLATE % dependency)
-          dep = "gem '#{dependency}', '#{version}'"
-
-          return contents.gsub!(regex, dep) if contents.match(regex)
-
-          contents.concat("#{dep}, feature_category: #{FEATURE_CATEGORY.inspect}")
-          contents.concat("\n") unless contents.end_with?("\n")
-        end
-      end
-    end
-  end
-end

data/lib/gitlab/security_report_schemas/release/issue.rb

@@ -1,77 +0,0 @@
-# frozen_string_literal: true
-
-module Gitlab
-  module SecurityReportSchemas
-    module Release
-      # GitLab Issue creation.
-      class Issue
-        API_ROOT = "https://gitlab.com/api/v4"
-        DESCRIPTION_TEMPLATE = "issue_description.erb"
-
-        def self.create!(workflow)
-          new(workflow).execute!
-        end
-
-        attr_reader :workflow
-
-        def initialize(workflow)
-          @workflow = workflow
-        end
-
-        def execute!
-          http = Net::HTTP.new(uri.host, uri.port)
-          http.use_ssl = true
-
-          case response = http.request(request)
-          when Net::HTTPSuccess then extract_url(JSON.parse(response.body))
-          else raise "Failed to create issue: #{response.code} -- #{response.message}"
-          end
-        end
-
-        def uri
-          URI(File.join(API_ROOT, "projects", workflow.target_project_id.to_s, "issues"))
-        end
-
-        def body
-          {
-            title: workflow.commit_message,
-            description: description
-          }
-        end
-
-        def headers
-          {
-            "Content-Type" => "application/json",
-            "Authorization" => "Bearer #{workflow.access_token}"
-          }
-        end
-
-        def description
-          description_template.result_with_hash(gem_version: workflow.gem_version, patch: workflow.patch)
-        end
-
-        private
-
-        def request
-          Net::HTTP::Post.new(uri, headers).tap do |req|
-            req.body = body.to_json
-          end
-        end
-
-        def extract_url(body)
-          body["web_url"]
-        end
-
-        def description_template
-          ERB.new(File.read(description_template_path))
-        end
-
-        def description_template_path
-          Gitlab::SecurityReportSchemas.root_path.join(
-            "lib", "gitlab", "security_report_schemas", "release", "templates", DESCRIPTION_TEMPLATE
-          )
-        end
-      end
-    end
-  end
-end

data/lib/gitlab/security_report_schemas/release/merge_request.rb

@@ -1,84 +0,0 @@
-# frozen_string_literal: true
-
-require "net/http"
-require "uri"
-require "erb"
-require "json"
-
-module Gitlab
-  module SecurityReportSchemas
-    module Release
-      # GitLab merge request creation.
-      class MergeRequest
-        API_ROOT = "https://gitlab.com/api/v4"
-        DESCRIPTION_TEMPLATE = "mr_description.erb"
-
-        def self.create!(workflow)
-          new(workflow).execute!
-        end
-
-        attr_reader :workflow
-
-        def initialize(workflow)
-          @workflow = workflow
-        end
-
-        def execute!
-          http = Net::HTTP.new(uri.host, uri.port)
-          http.use_ssl = true
-
-          case response = http.request(request)
-          when Net::HTTPSuccess then extract_url(JSON.parse(response.body))
-          else raise "Failed to create merge request: #{response.code} -- #{response.message}"
-          end
-        end
-
-        def uri
-          URI(File.join(API_ROOT, "projects", workflow.target_project_id.to_s, "merge_requests"))
-        end
-
-        def body
-          {
-            source_branch: workflow.branch_name,
-            target_branch: workflow.class::TARGET_BRANCH,
-            title: workflow.commit_message,
-            description: description
-          }
-        end
-
-        def headers
-          {
-            "Content-Type" => "application/json",
-            "Authorization" => "Bearer #{workflow.access_token}"
-          }
-        end
-
-        def description
-          description_template.result_with_hash(gem_version: workflow.gem_version)
-        end
-
-        private
-
-        def request
-          Net::HTTP::Post.new(uri, headers).tap do |req|
-            req.body = body.to_json
-          end
-        end
-
-        def extract_url(body)
-          body["web_url"]
-        end
-
-        def description_template
-          ERB.new(File.read(description_template_path))
-        end
-
-        def description_template_path
-          Gitlab::SecurityReportSchemas.root_path.join(
-            "lib", "gitlab", "security_report_schemas", "release", "templates", DESCRIPTION_TEMPLATE
-          )
-        end
-      end
-    end
-  end
-end

data/lib/gitlab/security_report_schemas/release/templates/issue_description.erb

@@ -1,13 +0,0 @@
-This is an automatically generated Issue to update the version of [`gitlab-security_report_schemas`](https://gitlab.com/gitlab-org/ruby/gems/gitlab-security_report_schemas/) to <%= gem_version %>.
-
-### Patch
-
-```diff
-<%= patch %>
-```
-
-### Background
-
-GitLab Secure schemas are used as part of [Security scanner integration](https://docs.gitlab.com/ee/development/integrations/secure.html) to ensure that reports produced by analyzers are able to be parsed successfully by GitLab. Each JSON report indicates which version of the Secure schema it conforms to. When the report is parsed, the file is validated using the appropriate schema and will be rejected if it does not succeed.
-
-/label ~section::sec

data/lib/gitlab/security_report_schemas/release/workflow.rb

@@ -1,108 +0,0 @@
-# frozen_string_literal: true
-
-require "git"
-
-module Gitlab
-  module SecurityReportSchemas
-    module Release
-      # The release workflow that updates a GitLab repository's Gemfile
-      # dependency on this gem to an existing version published on rubygems.org
-      # and creates a merge request for the change.
-      class Workflow
-        DEPENDENCY = "gitlab-security_report_schemas"
-        COMMIT_MESSAGE = "Bump `#{DEPENDENCY}' to v%s"
-        BRANCH_NAME = "#{DEPENDENCY}-v%s"
-        TARGET_BRANCH = "master"
-
-        def self.execute(configuration = Gitlab::SecurityReportSchemas.configuration)
-          new(configuration).execute
-        end
-
-        attr_reader :configuration
-
-        def initialize(configuration)
-          @configuration = configuration
-        end
-
-        def execute
-          gitlab_repository # ensure repository is cloned
-
-          update_gemfile!
-          install_dependencies!
-
-          issue_url = create_issue!
-
-          puts "Successfully created Issue: #{issue_url}"
-        end
-
-        def patch
-          gitlab_repository.diff.patch
-        end
-
-        def gemfile_path
-          gitlab_repository_path.join("Gemfile")
-        end
-
-        def gem_version
-          File.read(gem_version_file).strip
-        end
-
-        def branch_name
-          BRANCH_NAME % gem_version
-        end
-
-        def commit_message
-          COMMIT_MESSAGE % gem_version
-        end
-
-        def target_project_id
-          configuration.issue_target_project_id
-        end
-
-        def access_token
-          configuration.gitlab_issue_access_token
-        end
-
-        private
-
-        def gitlab_repository
-          @gitlab_repository ||= if File.exist?(gitlab_repository_path)
-                                   Git.open(gitlab_repository_path)
-                                 else
-                                   Git.clone(configuration.gitlab_repository, gitlab_repository_path, depth: 1)
-                                 end
-        end
-
-        def update_gemfile!
-          Gitlab::SecurityReportSchemas::Release::Gemfile.update!(self)
-        end
-
-        def install_dependencies!
-          bundle do
-            install!
-            checksum!
-            verify_checksum!
-          end
-        end
-
-        def bundle(&block)
-          Dir.chdir(gitlab_repository_path) do
-            Gitlab::SecurityReportSchemas::Release::Bundler.module_eval(&block)
-          end
-        end
-
-        def create_issue!
-          Gitlab::SecurityReportSchemas::Release::Issue.create!(self)
-        end
-
-        def gitlab_repository_path
-          Gitlab::SecurityReportSchemas.root_path.join("tmp", "gitlab")
-        end
-
-        def gem_version_file
-          Gitlab::SecurityReportSchemas.root_path.join("gem_version")
-        end
-      end
-    end
-  end
-end