neetob 0.5.28 → 0.5.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/neetob/cli/monthly_audit/databases/uuid_primary_key.rb +6 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/dns_entry_has_proxy_status.rb +8 -2
- data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/auto_scaling_enabled.rb +4 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/scheduled_exports_enabled.rb +11 -1
- data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/ssl_certificates_over_thirty_days_from_expiry.rb +4 -2
- data/lib/neetob/cli/monthly_audit/security/code/bundle_audit.rb +6 -0
- data/lib/neetob/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 60a560c06d296ab7f0c5654305fe6925319b7165cf0748645537c7f548676ec9
|
|
4
|
+
data.tar.gz: 4934ce04f1a4dcd547e5b4887095d549fd798c5c4447b0106760938f5d4bf413
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f5ef8c07638328dc5115efac10a03d09fb331e9137566eca0b553975c4d82835fffa6874f6d46cac9db67334e8a741187d7f099898adbb98f7e4121f0cffc97c
|
|
7
|
+
data.tar.gz: 35f7b37bd40f1064f874ab1afa3977449fc3ecd7a79ddda9a7b7250573249c57dc492e907ab908a6e7fe85ec4ef96bf36542c8b7c80e791c42feda4e0523623b
|
data/Gemfile.lock
CHANGED
|
@@ -17,6 +17,7 @@ module Neetob
|
|
|
17
17
|
"Audit Passed"
|
|
18
18
|
]
|
|
19
19
|
]
|
|
20
|
+
last_comment = nil
|
|
20
21
|
NeetoCompliance::NeetoRepos.products.keys.each do |repo|
|
|
21
22
|
ui.info "Checking #{repo}...", print_to_audit_log: false
|
|
22
23
|
code_audit_result = Neetob::CLI::Code::Audit.new([repo]).run[0]
|
|
@@ -34,6 +35,11 @@ module Neetob
|
|
|
34
35
|
all_tables_have_uuid_primary_keys = tables_without_uuid.empty? ? "Yes" : "No"
|
|
35
36
|
audit_passed = all_tables_have_uuid_primary_keys == "Yes" ? "Yes" : "No"
|
|
36
37
|
comments = tables_without_uuid.empty? ? nil : "Tables without UUID primary keys: #{tables_without_uuid.join(', ')}"
|
|
38
|
+
same_as_last_comment = audit_passed == "No" && comments == last_comment
|
|
39
|
+
last_comment = comments
|
|
40
|
+
if same_as_last_comment
|
|
41
|
+
comments = "''"
|
|
42
|
+
end
|
|
37
43
|
repo_data << [repo, all_tables_have_uuid_primary_keys, comments, audit_passed]
|
|
38
44
|
end
|
|
39
45
|
ui.print_table(repo_data)
|
data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/dns_entry_has_proxy_status.rb
CHANGED
|
@@ -20,6 +20,7 @@ module Neetob
|
|
|
20
20
|
|
|
21
21
|
domains_data = [["Domain", "DNS proxy status", "Audit Passed"]]
|
|
22
22
|
ui.info("\n", print_to_audit_log: false)
|
|
23
|
+
last_dns_proxy_status = nil
|
|
23
24
|
Neetob::CLI::Cloudflare::Base::ZONE_IDS.keys.select { |domain|
|
|
24
25
|
domain.to_s.include?(".com") }.map do |domain|
|
|
25
26
|
ui.info("Checking proxy status for DNS entries for #{domain}", print_to_audit_log: false)
|
|
@@ -35,8 +36,13 @@ module Neetob
|
|
|
35
36
|
"Ignored" :
|
|
36
37
|
(is_wildcard_subdomain_proxied ? "Yes" : "No")
|
|
37
38
|
proxy_status = is_wildcard_subdomain_proxied ? "on" : "off"
|
|
38
|
-
|
|
39
|
-
|
|
39
|
+
dns_proxy_status = "* record has proxying turned #{proxy_status}"
|
|
40
|
+
same_as_last_dns_proxy_status = dns_proxy_status == last_dns_proxy_status
|
|
41
|
+
last_dns_proxy_status = dns_proxy_status
|
|
42
|
+
if same_as_last_dns_proxy_status
|
|
43
|
+
dns_proxy_status = "''"
|
|
44
|
+
end
|
|
45
|
+
domains_data << [domain, dns_proxy_status, audit_passed]
|
|
40
46
|
end
|
|
41
47
|
end
|
|
42
48
|
ui.print_table(domains_data)
|
|
@@ -15,6 +15,7 @@ module Neetob
|
|
|
15
15
|
|
|
16
16
|
apps_data = [["App", "Autoscaling config", "Comments", "Audit Passed"]]
|
|
17
17
|
ui.info("\n", print_to_audit_log: false)
|
|
18
|
+
last_comment = nil
|
|
18
19
|
Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app|
|
|
19
20
|
ui.info("Checking auto_scaling config for #{app}", print_to_audit_log: false)
|
|
20
21
|
autoscaling_config_result = Neetob::CLI::NeetoDeploy::AutoscalingConfig.new(app).run
|
|
@@ -32,6 +33,9 @@ module Neetob
|
|
|
32
33
|
audit_passed = autoscaling_turned_on_for_web && autoscaling_turned_on_for_worker ? "Yes" : "No"
|
|
33
34
|
if audit_passed == "No"
|
|
34
35
|
comments = "Auto-scaling is not enabled for web and/or worker dynos."
|
|
36
|
+
same_as_last_comment = comments == last_comment
|
|
37
|
+
last_comment = comments
|
|
38
|
+
comments = "''" if same_as_last_comment
|
|
35
39
|
end
|
|
36
40
|
end
|
|
37
41
|
apps_data << [app, autoscaling_config, comments, audit_passed]
|
data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy/scheduled_exports_enabled.rb
CHANGED
|
@@ -15,6 +15,7 @@ module Neetob
|
|
|
15
15
|
|
|
16
16
|
apps_data = [["App", "Scheduled exports config", "Comments", "Audit Passed"]]
|
|
17
17
|
ui.info("\n", print_to_audit_log: false)
|
|
18
|
+
last_scheduled_exports_config = nil
|
|
18
19
|
Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app|
|
|
19
20
|
ui.info("Checking Scheduled exports config for #{app}", print_to_audit_log: false)
|
|
20
21
|
scheduled_exports_result = Neetob::CLI::NeetoDeploy::ScheduledExports.new(app).run
|
|
@@ -25,11 +26,20 @@ module Neetob
|
|
|
25
26
|
audit_passed = "No"
|
|
26
27
|
comments = "You do not have permission to access the config for this app."
|
|
27
28
|
else
|
|
28
|
-
scheduled_exports_config = scheduled_exports_result
|
|
29
|
+
scheduled_exports_config = scheduled_exports_result
|
|
30
|
+
.gsub("\e[32m", "")
|
|
31
|
+
.gsub("\e[0m", "")
|
|
32
|
+
.gsub("#{app}'s", "")
|
|
33
|
+
.strip
|
|
29
34
|
audit_passed = scheduled_exports_config.include?("turned on") ? "Yes" : "No"
|
|
30
35
|
if audit_passed == "No"
|
|
31
36
|
comments = scheduled_exports_config
|
|
32
37
|
end
|
|
38
|
+
same_as_last_scheduled_export_config = scheduled_exports_config == last_scheduled_exports_config
|
|
39
|
+
last_scheduled_exports_config = scheduled_exports_config
|
|
40
|
+
if same_as_last_scheduled_export_config
|
|
41
|
+
scheduled_exports_config = "''"
|
|
42
|
+
end
|
|
33
43
|
end
|
|
34
44
|
apps_data << [app, scheduled_exports_config, comments, audit_passed]
|
|
35
45
|
end
|
|
@@ -12,24 +12,26 @@ module Neetob
|
|
|
12
12
|
|
|
13
13
|
def run
|
|
14
14
|
ui.success "### 3.1.1. Checking whether SSL certificates are over 30 days from expiry"
|
|
15
|
-
apps_data = [["App", "Certificates
|
|
15
|
+
apps_data = [["App", "Certificates expiring before 30 days present?", "Comments", "Audit Passed"]]
|
|
16
16
|
ui.info("\n", print_to_audit_log: false)
|
|
17
17
|
Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app|
|
|
18
18
|
ui.info("Checking Certificates status for #{app}", print_to_audit_log: false)
|
|
19
19
|
certificates_status = Neetob::CLI::NeetoDeploy::Certificates.new(app).run
|
|
20
20
|
audit_passed = nil
|
|
21
21
|
comments = nil
|
|
22
|
+
certificates_expiring_in_less_than_30_days = "No"
|
|
22
23
|
if certificates_status.is_a?(Hash) && certificates_status["error"] == "Forbidden"
|
|
23
24
|
audit_passed = "No"
|
|
24
25
|
comments = "You do not have permission to access the certificates for this app."
|
|
25
26
|
else
|
|
26
27
|
audit_passed = certificates_status.any? { |certificate| certificate["expires_before_30_days"] } ? "No" : "Yes"
|
|
28
|
+
certificates_expiring_in_less_than_30_days = "Yes" if audit_passed == "No"
|
|
27
29
|
if audit_passed == "No"
|
|
28
30
|
certificates_failing_audit = certificates_status.select { |certificate| certificate["expires_before_30_days"] }.map { |certificate| certificate["name"] }
|
|
29
31
|
comments = "Certificates #{certificates_failing_audit.join(", ")} are expiring in less than 30 days."
|
|
30
32
|
end
|
|
31
33
|
end
|
|
32
|
-
apps_data << [app,
|
|
34
|
+
apps_data << [app, certificates_expiring_in_less_than_30_days, comments, audit_passed]
|
|
33
35
|
end
|
|
34
36
|
ui.print_table(apps_data)
|
|
35
37
|
end
|
|
@@ -16,6 +16,7 @@ module Neetob
|
|
|
16
16
|
ui.success("### 1.1.1. Checking whether running `bundle-audit check` throws any vulnerabilities")
|
|
17
17
|
repo_data = [["Repository", "Vulnerabilities Found", "Comments", "Audit Passed"]]
|
|
18
18
|
ui.info "\n"
|
|
19
|
+
last_comment = nil
|
|
19
20
|
NeetoCompliance::NeetoRepos.products.keys.each do |repo|
|
|
20
21
|
ui.info("Checking bundle audit run results for #{repo}", print_to_audit_log: false)
|
|
21
22
|
bundle_audit_result = Neetob::CLI::Github::BundleAudit.new([repo]).run
|
|
@@ -27,6 +28,11 @@ module Neetob
|
|
|
27
28
|
else
|
|
28
29
|
vulnerabilities_found = "Yes"
|
|
29
30
|
comments = bundle_audit_result.gsub("\n", "<br>")
|
|
31
|
+
same_as_last_vulnerabilities = comments == last_comment
|
|
32
|
+
last_comment = comments
|
|
33
|
+
if same_as_last_vulnerabilities
|
|
34
|
+
comments = "''"
|
|
35
|
+
end
|
|
30
36
|
end
|
|
31
37
|
repo_data << [repo, vulnerabilities_found, comments, audit_passed]
|
|
32
38
|
end
|
data/lib/neetob/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: neetob
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.29
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Udai Gupta
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-01-
|
|
11
|
+
date: 2025-01-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|