neetob 0.5.28 → 0.5.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/neetob/cli/heroku/autoscaling_config.rb +10 -35
- data/lib/neetob/cli/heroku/certs.rb +39 -0
- data/lib/neetob/cli/heroku/commands.rb +7 -0
- data/lib/neetob/cli/heroku/config_vars/list.rb +13 -4
- data/lib/neetob/cli/monthly_audit/databases/uuid_primary_key.rb +6 -0
- data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/dns_entry_has_proxy_status.rb +8 -2
- data/lib/neetob/cli/monthly_audit/instances_and_addons/main.rb +3 -3
- data/lib/neetob/cli/monthly_audit/instances_and_addons/{neeto_deploy → neeto_deploy_or_heroku}/auto_scaling_enabled.rb +16 -1
- data/lib/neetob/cli/monthly_audit/instances_and_addons/{neeto_deploy → neeto_deploy_or_heroku}/cloudfront_cdn_enabled.rb +18 -1
- data/lib/neetob/cli/monthly_audit/instances_and_addons/{neeto_deploy → neeto_deploy_or_heroku}/essential_environment_variables_set.rb +11 -1
- data/lib/neetob/cli/monthly_audit/instances_and_addons/{neeto_deploy → neeto_deploy_or_heroku}/main.rb +1 -1
- data/lib/neetob/cli/monthly_audit/instances_and_addons/{neeto_deploy → neeto_deploy_or_heroku}/scheduled_exports_enabled.rb +12 -2
- data/lib/neetob/cli/monthly_audit/instances_and_addons/{neeto_deploy → neeto_deploy_or_heroku}/ssl_certificates_over_thirty_days_from_expiry.rb +20 -3
- data/lib/neetob/cli/monthly_audit/security/code/bundle_audit.rb +6 -0
- data/lib/neetob/version.rb +1 -1
- metadata +9 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b1ba5707c65bd2809d097f8bdb271cb6806faa0d99268c15f30791d041859210
|
|
4
|
+
data.tar.gz: 78ea06fa08c637a614c6f50707a3d6b0d1abf1e245a23fa3d73705341741ba3e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: abfe56f066722258be83bff6e71c1298d596203b5e30cf40a4b583a56d5c39294facebc6df13f18adace740d46069b81382f4481d59359c26fd85d759eff0fab
|
|
7
|
+
data.tar.gz: 04ce3f56cef72e25587fe957cd71d5a5361bfc9be3c89f363c4775e96c99f3288e2882c8ec73c3c762fb2a42bd96e2f8c84e206dd0416ae58eb662f73f9dcf73
|
data/Gemfile.lock
CHANGED
|
@@ -17,47 +17,22 @@ module Neetob
|
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
def run
|
|
20
|
-
|
|
20
|
+
addons_list_heroku_output = `heroku addons -a #{app}`
|
|
21
21
|
|
|
22
|
-
|
|
23
|
-
response = get(url)
|
|
24
|
-
if response.any? { |addon| addon[:addon_service][:name] == "judoscale" }
|
|
25
|
-
ui.success("Judoscale addon is #{print_success('enabled')} for #{app}")
|
|
26
|
-
else
|
|
27
|
-
ui.error("Judoscale #{print_failure('not present')} for #{app}")
|
|
28
|
-
end
|
|
29
|
-
end
|
|
22
|
+
judoscale_addon = addons_list_heroku_output.lines.select { |line| line.include?("judoscale") }.first
|
|
30
23
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
def create_url(app)
|
|
34
|
-
"https://api.heroku.com/apps/#{app}/addons"
|
|
35
|
-
end
|
|
24
|
+
judoscale_addon_enabled = judoscale_addon && judoscale_addon.include?("created")
|
|
36
25
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
response = Zlib::GzipReader.new(compressed_string).read
|
|
42
|
-
JSON.parse(response, symbolize_names: true)
|
|
43
|
-
else
|
|
44
|
-
error_message = JSON.parse(http_result.body)["message"]
|
|
45
|
-
raise(StandardError, "Request failed with status code #{http_result.code}: #{error_message}")
|
|
46
|
-
end
|
|
26
|
+
if judoscale_addon_enabled
|
|
27
|
+
ui.success("Judoscale addon is enabled for #{app}.", print_to_audit_log: false)
|
|
28
|
+
else
|
|
29
|
+
ui.error("Judoscale addon is not enabled for #{app}.", print_to_audit_log: false)
|
|
47
30
|
end
|
|
48
31
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
uri = URI(url)
|
|
52
|
-
request = Net::HTTP::Get.new(uri)
|
|
53
|
-
headers.each { |key, value| request[key] = value }
|
|
54
|
-
|
|
55
|
-
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
|
|
56
|
-
http.request(request)
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
parse_response(response)
|
|
32
|
+
if Thread.current[:audit_mode]
|
|
33
|
+
{ judoscale_addon_enabled: }
|
|
60
34
|
end
|
|
35
|
+
end
|
|
61
36
|
end
|
|
62
37
|
end
|
|
63
38
|
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "../base"
|
|
4
|
+
|
|
5
|
+
module Neetob
|
|
6
|
+
class CLI
|
|
7
|
+
module Heroku
|
|
8
|
+
class Certs < Base
|
|
9
|
+
attr_accessor :app
|
|
10
|
+
|
|
11
|
+
def initialize(app)
|
|
12
|
+
super()
|
|
13
|
+
@app = app
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def run
|
|
17
|
+
certificates_list_heroku_output = `heroku certs -a #{app}`
|
|
18
|
+
ui.success("Certificates of #{app}", print_to_audit_log: false)
|
|
19
|
+
ui.info(certificates_list_heroku_output, print_to_audit_log: false)
|
|
20
|
+
|
|
21
|
+
if Thread.current[:audit_mode]
|
|
22
|
+
certificates_list_heroku_output.lines[2..].map do |line|
|
|
23
|
+
match = line.match(
|
|
24
|
+
/^\s*(\S+)\s+([^\d]+?)(?=\s+(\d{4}-\d{2}-\d{2} \d{2}:\d{2} UTC))/
|
|
25
|
+
)
|
|
26
|
+
next unless match
|
|
27
|
+
|
|
28
|
+
{
|
|
29
|
+
name: match[1],
|
|
30
|
+
common_names: match[2],
|
|
31
|
+
expires: match[3]
|
|
32
|
+
}
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -7,6 +7,7 @@ require_relative "execute"
|
|
|
7
7
|
require_relative "stack"
|
|
8
8
|
require_relative "autoscaling_config"
|
|
9
9
|
require_relative "maintenance_window"
|
|
10
|
+
require_relative "certs"
|
|
10
11
|
|
|
11
12
|
module Neetob
|
|
12
13
|
class CLI
|
|
@@ -43,6 +44,12 @@ module Neetob
|
|
|
43
44
|
def maintenance_window
|
|
44
45
|
MaintenanceWindow.new(options[:app]).process
|
|
45
46
|
end
|
|
47
|
+
|
|
48
|
+
desc "certs", "Check the certificates of the app on Heroku"
|
|
49
|
+
option :app, type: :string, aliases: "-a", required: "true", desc: "Name of your app in Heroku"
|
|
50
|
+
def certs
|
|
51
|
+
Certs.new(options[:app]).process
|
|
52
|
+
end
|
|
46
53
|
end
|
|
47
54
|
end
|
|
48
55
|
end
|
|
@@ -19,16 +19,25 @@ module Neetob
|
|
|
19
19
|
|
|
20
20
|
def run
|
|
21
21
|
matching_apps = find_all_matching_apps_or_repos(apps, :heroku, sandbox)
|
|
22
|
+
final_data = []
|
|
22
23
|
matching_apps.each do |app|
|
|
23
|
-
ui.info("\n Config of #{app}\n")
|
|
24
|
+
ui.info("\n Config of #{app}\n", print_to_audit_log: false)
|
|
24
25
|
config = `heroku config -a #{app} --json`
|
|
25
26
|
unless $?.success?
|
|
26
|
-
ui.error(
|
|
27
|
-
|
|
27
|
+
ui.error(
|
|
28
|
+
"There is a problem in accessing the app with name \"#{app}\" in your account.",
|
|
29
|
+
print_to_audit_log: false)
|
|
30
|
+
ui.error(
|
|
31
|
+
"Please check the specified app name and ensure you're authorized to view that app.",
|
|
32
|
+
print_to_audit_log: false)
|
|
28
33
|
next
|
|
29
34
|
end
|
|
30
35
|
table = Terminal::Table.new headings: table_columns, rows: filter_config(config)
|
|
31
|
-
ui.success(table)
|
|
36
|
+
ui.success(table, print_to_audit_log: false)
|
|
37
|
+
final_data << JSON.parse(config)
|
|
38
|
+
end
|
|
39
|
+
if Thread.current[:audit_mode]
|
|
40
|
+
final_data
|
|
32
41
|
end
|
|
33
42
|
end
|
|
34
43
|
|
|
@@ -17,6 +17,7 @@ module Neetob
|
|
|
17
17
|
"Audit Passed"
|
|
18
18
|
]
|
|
19
19
|
]
|
|
20
|
+
last_comment = nil
|
|
20
21
|
NeetoCompliance::NeetoRepos.products.keys.each do |repo|
|
|
21
22
|
ui.info "Checking #{repo}...", print_to_audit_log: false
|
|
22
23
|
code_audit_result = Neetob::CLI::Code::Audit.new([repo]).run[0]
|
|
@@ -34,6 +35,11 @@ module Neetob
|
|
|
34
35
|
all_tables_have_uuid_primary_keys = tables_without_uuid.empty? ? "Yes" : "No"
|
|
35
36
|
audit_passed = all_tables_have_uuid_primary_keys == "Yes" ? "Yes" : "No"
|
|
36
37
|
comments = tables_without_uuid.empty? ? nil : "Tables without UUID primary keys: #{tables_without_uuid.join(', ')}"
|
|
38
|
+
same_as_last_comment = audit_passed == "No" && comments == last_comment
|
|
39
|
+
last_comment = comments
|
|
40
|
+
if same_as_last_comment
|
|
41
|
+
comments = "''"
|
|
42
|
+
end
|
|
37
43
|
repo_data << [repo, all_tables_have_uuid_primary_keys, comments, audit_passed]
|
|
38
44
|
end
|
|
39
45
|
ui.print_table(repo_data)
|
data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/dns_entry_has_proxy_status.rb
CHANGED
|
@@ -20,6 +20,7 @@ module Neetob
|
|
|
20
20
|
|
|
21
21
|
domains_data = [["Domain", "DNS proxy status", "Audit Passed"]]
|
|
22
22
|
ui.info("\n", print_to_audit_log: false)
|
|
23
|
+
last_dns_proxy_status = nil
|
|
23
24
|
Neetob::CLI::Cloudflare::Base::ZONE_IDS.keys.select { |domain|
|
|
24
25
|
domain.to_s.include?(".com") }.map do |domain|
|
|
25
26
|
ui.info("Checking proxy status for DNS entries for #{domain}", print_to_audit_log: false)
|
|
@@ -35,8 +36,13 @@ module Neetob
|
|
|
35
36
|
"Ignored" :
|
|
36
37
|
(is_wildcard_subdomain_proxied ? "Yes" : "No")
|
|
37
38
|
proxy_status = is_wildcard_subdomain_proxied ? "on" : "off"
|
|
38
|
-
|
|
39
|
-
|
|
39
|
+
dns_proxy_status = "* record has proxying turned #{proxy_status}"
|
|
40
|
+
same_as_last_dns_proxy_status = dns_proxy_status == last_dns_proxy_status
|
|
41
|
+
last_dns_proxy_status = dns_proxy_status
|
|
42
|
+
if same_as_last_dns_proxy_status
|
|
43
|
+
dns_proxy_status = "''"
|
|
44
|
+
end
|
|
45
|
+
domains_data << [domain, dns_proxy_status, audit_passed]
|
|
40
46
|
end
|
|
41
47
|
end
|
|
42
48
|
ui.print_table(domains_data)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require_relative "
|
|
3
|
+
require_relative "neeto_deploy_or_heroku/main"
|
|
4
4
|
require_relative "cloudflare/main"
|
|
5
5
|
require_relative "cronitor/main"
|
|
6
6
|
require_relative "honeybadger/main"
|
|
@@ -17,9 +17,9 @@ module Neetob
|
|
|
17
17
|
def run
|
|
18
18
|
ui.success("# 3. Running audit for application instances and add-ons")
|
|
19
19
|
ui.info "\n"
|
|
20
|
-
ui.success("## 3.1. Checking NeetoDeploy related configurations")
|
|
20
|
+
ui.success("## 3.1. Checking NeetoDeploy/Heroku related configurations")
|
|
21
21
|
ui.info "\n"
|
|
22
|
-
|
|
22
|
+
NeetoDeployOrHeroku::Main.new.run
|
|
23
23
|
ui.info "\n"
|
|
24
24
|
ui.success("## 3.2. Checking Cloudflare related configurations")
|
|
25
25
|
ui.info "\n"
|
|
@@ -4,7 +4,7 @@ module Neetob
|
|
|
4
4
|
class CLI
|
|
5
5
|
module MonthlyAudit
|
|
6
6
|
module InstancesAndAddons
|
|
7
|
-
module
|
|
7
|
+
module NeetoDeployOrHeroku
|
|
8
8
|
class AutoScalingEnabled < CLI::Base
|
|
9
9
|
def initialize
|
|
10
10
|
super()
|
|
@@ -15,6 +15,7 @@ module Neetob
|
|
|
15
15
|
|
|
16
16
|
apps_data = [["App", "Autoscaling config", "Comments", "Audit Passed"]]
|
|
17
17
|
ui.info("\n", print_to_audit_log: false)
|
|
18
|
+
last_comment = nil
|
|
18
19
|
Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app|
|
|
19
20
|
ui.info("Checking auto_scaling config for #{app}", print_to_audit_log: false)
|
|
20
21
|
autoscaling_config_result = Neetob::CLI::NeetoDeploy::AutoscalingConfig.new(app).run
|
|
@@ -32,10 +33,24 @@ module Neetob
|
|
|
32
33
|
audit_passed = autoscaling_turned_on_for_web && autoscaling_turned_on_for_worker ? "Yes" : "No"
|
|
33
34
|
if audit_passed == "No"
|
|
34
35
|
comments = "Auto-scaling is not enabled for web and/or worker dynos."
|
|
36
|
+
same_as_last_comment = comments == last_comment
|
|
37
|
+
last_comment = comments
|
|
38
|
+
comments = "''" if same_as_last_comment
|
|
35
39
|
end
|
|
36
40
|
end
|
|
37
41
|
apps_data << [app, autoscaling_config, comments, audit_passed]
|
|
38
42
|
end
|
|
43
|
+
Neetob::CLI::Sre::Base::APPS_LIST[:heroku].select { |app| app.include?("production") }.each do |app|
|
|
44
|
+
ui.info("Checking auto_scaling config for #{app}", print_to_audit_log: false)
|
|
45
|
+
autoscaling_config_result = Neetob::CLI::Heroku::AutoscalingConfig.new(app).run
|
|
46
|
+
comments = nil
|
|
47
|
+
|
|
48
|
+
audit_passed = autoscaling_config_result[:judoscale_addon_enabled] ? "Yes" : "No"
|
|
49
|
+
if audit_passed == "No"
|
|
50
|
+
comments = "Judoscale addon is not enabled"
|
|
51
|
+
end
|
|
52
|
+
apps_data << [app, autoscaling_config_result, comments, audit_passed]
|
|
53
|
+
end
|
|
39
54
|
ui.print_table(apps_data)
|
|
40
55
|
end
|
|
41
56
|
end
|
|
@@ -4,7 +4,7 @@ module Neetob
|
|
|
4
4
|
class CLI
|
|
5
5
|
module MonthlyAudit
|
|
6
6
|
module InstancesAndAddons
|
|
7
|
-
module
|
|
7
|
+
module NeetoDeployOrHeroku
|
|
8
8
|
class CloudfrontCdnEnabled < CLI::Base
|
|
9
9
|
def initialize
|
|
10
10
|
super()
|
|
@@ -46,6 +46,23 @@ module Neetob
|
|
|
46
46
|
end
|
|
47
47
|
apps_data << [app, asset_host_value, comments, audit_passed]
|
|
48
48
|
end
|
|
49
|
+
Neetob::CLI::Sre::Base::APPS_LIST[:heroku].select { |app| app.include?("production") }.each do |app|
|
|
50
|
+
ui.info("Checking ASSET_HOST value for #{app}", print_to_audit_log: false)
|
|
51
|
+
config_vars_result = Neetob::CLI::Heroku::ConfigVars::List.new([app]).run[0]
|
|
52
|
+
asset_host_value = config_vars_result["ASSET_HOST"]
|
|
53
|
+
if asset_host_value.nil?
|
|
54
|
+
audit_passed = "No"
|
|
55
|
+
comments = "ASSET_HOST value not found."
|
|
56
|
+
else
|
|
57
|
+
is_direct_cloudfront_asset_host = asset_host_value.include?("cloudfront.net")
|
|
58
|
+
is_cdn_subdomain_asset_host = asset_host_value == "cdn.#{app.gsub("-web-production", "").gsub("-", "")}.com"
|
|
59
|
+
audit_passed = is_direct_cloudfront_asset_host || is_cdn_subdomain_asset_host ? "Yes" : "No"
|
|
60
|
+
if audit_passed == "No"
|
|
61
|
+
comments = "ASSET_HOST value is not a Cloudfront CDN URL or a CDN subdomain URL."
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
apps_data << [app, asset_host_value, comments, audit_passed]
|
|
65
|
+
end
|
|
49
66
|
ui.print_table(apps_data)
|
|
50
67
|
end
|
|
51
68
|
end
|
|
@@ -4,7 +4,7 @@ module Neetob
|
|
|
4
4
|
class CLI
|
|
5
5
|
module MonthlyAudit
|
|
6
6
|
module InstancesAndAddons
|
|
7
|
-
module
|
|
7
|
+
module NeetoDeployOrHeroku
|
|
8
8
|
class EssentialEnvironmentVariablesSet < CLI::Base
|
|
9
9
|
def initialize
|
|
10
10
|
super()
|
|
@@ -33,6 +33,16 @@ module Neetob
|
|
|
33
33
|
end
|
|
34
34
|
apps_data << [app, all_essential_env_variables_set, comments, audit_passed]
|
|
35
35
|
end
|
|
36
|
+
Neetob::CLI::Sre::Base::APPS_LIST[:heroku].select { |app| app.include?("production") }.each do |app|
|
|
37
|
+
ui.info("Checking essential env variables for #{app}", print_to_audit_log: false)
|
|
38
|
+
essential_env_variables_result = Neetob::CLI::Sre::CheckEssentialEnv.new(app).run
|
|
39
|
+
all_essential_env_variables_set = essential_env_variables_result[:all_keys_present]
|
|
40
|
+
audit_passed = all_essential_env_variables_set ? "Yes" : "No"
|
|
41
|
+
if audit_passed == "No"
|
|
42
|
+
comments = "Missing keys: #{essential_env_variables_result[:missing_keys].join(", ")}"
|
|
43
|
+
end
|
|
44
|
+
apps_data << [app, all_essential_env_variables_set, comments, audit_passed]
|
|
45
|
+
end
|
|
36
46
|
ui.print_table(apps_data)
|
|
37
47
|
end
|
|
38
48
|
end
|
|
@@ -4,7 +4,7 @@ module Neetob
|
|
|
4
4
|
class CLI
|
|
5
5
|
module MonthlyAudit
|
|
6
6
|
module InstancesAndAddons
|
|
7
|
-
module
|
|
7
|
+
module NeetoDeployOrHeroku
|
|
8
8
|
class ScheduledExportsEnabled < CLI::Base
|
|
9
9
|
def initialize
|
|
10
10
|
super()
|
|
@@ -15,6 +15,7 @@ module Neetob
|
|
|
15
15
|
|
|
16
16
|
apps_data = [["App", "Scheduled exports config", "Comments", "Audit Passed"]]
|
|
17
17
|
ui.info("\n", print_to_audit_log: false)
|
|
18
|
+
last_scheduled_exports_config = nil
|
|
18
19
|
Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app|
|
|
19
20
|
ui.info("Checking Scheduled exports config for #{app}", print_to_audit_log: false)
|
|
20
21
|
scheduled_exports_result = Neetob::CLI::NeetoDeploy::ScheduledExports.new(app).run
|
|
@@ -25,11 +26,20 @@ module Neetob
|
|
|
25
26
|
audit_passed = "No"
|
|
26
27
|
comments = "You do not have permission to access the config for this app."
|
|
27
28
|
else
|
|
28
|
-
scheduled_exports_config = scheduled_exports_result
|
|
29
|
+
scheduled_exports_config = scheduled_exports_result
|
|
30
|
+
.gsub("\e[32m", "")
|
|
31
|
+
.gsub("\e[0m", "")
|
|
32
|
+
.gsub("#{app}'s", "")
|
|
33
|
+
.strip
|
|
29
34
|
audit_passed = scheduled_exports_config.include?("turned on") ? "Yes" : "No"
|
|
30
35
|
if audit_passed == "No"
|
|
31
36
|
comments = scheduled_exports_config
|
|
32
37
|
end
|
|
38
|
+
same_as_last_scheduled_export_config = scheduled_exports_config == last_scheduled_exports_config
|
|
39
|
+
last_scheduled_exports_config = scheduled_exports_config
|
|
40
|
+
if same_as_last_scheduled_export_config
|
|
41
|
+
scheduled_exports_config = "''"
|
|
42
|
+
end
|
|
33
43
|
end
|
|
34
44
|
apps_data << [app, scheduled_exports_config, comments, audit_passed]
|
|
35
45
|
end
|
|
@@ -4,7 +4,7 @@ module Neetob
|
|
|
4
4
|
class CLI
|
|
5
5
|
module MonthlyAudit
|
|
6
6
|
module InstancesAndAddons
|
|
7
|
-
module
|
|
7
|
+
module NeetoDeployOrHeroku
|
|
8
8
|
class SslCertificatesOverThirtyDaysFromExpiry < CLI::Base
|
|
9
9
|
def initialize
|
|
10
10
|
super()
|
|
@@ -12,24 +12,41 @@ module Neetob
|
|
|
12
12
|
|
|
13
13
|
def run
|
|
14
14
|
ui.success "### 3.1.1. Checking whether SSL certificates are over 30 days from expiry"
|
|
15
|
-
apps_data = [["App", "Certificates
|
|
15
|
+
apps_data = [["App", "Certificates expiring before 30 days present?", "Comments", "Audit Passed"]]
|
|
16
16
|
ui.info("\n", print_to_audit_log: false)
|
|
17
17
|
Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app|
|
|
18
18
|
ui.info("Checking Certificates status for #{app}", print_to_audit_log: false)
|
|
19
19
|
certificates_status = Neetob::CLI::NeetoDeploy::Certificates.new(app).run
|
|
20
20
|
audit_passed = nil
|
|
21
21
|
comments = nil
|
|
22
|
+
certificates_expiring_in_less_than_30_days = "No"
|
|
22
23
|
if certificates_status.is_a?(Hash) && certificates_status["error"] == "Forbidden"
|
|
23
24
|
audit_passed = "No"
|
|
24
25
|
comments = "You do not have permission to access the certificates for this app."
|
|
25
26
|
else
|
|
26
27
|
audit_passed = certificates_status.any? { |certificate| certificate["expires_before_30_days"] } ? "No" : "Yes"
|
|
28
|
+
certificates_expiring_in_less_than_30_days = "Yes" if audit_passed == "No"
|
|
27
29
|
if audit_passed == "No"
|
|
28
30
|
certificates_failing_audit = certificates_status.select { |certificate| certificate["expires_before_30_days"] }.map { |certificate| certificate["name"] }
|
|
29
31
|
comments = "Certificates #{certificates_failing_audit.join(", ")} are expiring in less than 30 days."
|
|
30
32
|
end
|
|
31
33
|
end
|
|
32
|
-
apps_data << [app,
|
|
34
|
+
apps_data << [app, certificates_expiring_in_less_than_30_days, comments, audit_passed]
|
|
35
|
+
end
|
|
36
|
+
Neetob::CLI::Sre::Base::APPS_LIST[:heroku].select { |app| app.include?("production") }.each do |app|
|
|
37
|
+
ui.info("Checking Certificates status for #{app}", print_to_audit_log: false)
|
|
38
|
+
certificates_status = Neetob::CLI::Heroku::Certs.new(app).run
|
|
39
|
+
certificates_expiring_in_less_than_30_days = certificates_status.select { |certificate| DateTime.parse(certificate[:expires]) <= 32.days.from_now }
|
|
40
|
+
comments = nil
|
|
41
|
+
audit_passed = "No"
|
|
42
|
+
certificates_expiring_in_less_than_30_days_present = "No"
|
|
43
|
+
if certificates_expiring_in_less_than_30_days.empty?
|
|
44
|
+
audit_passed = "Yes"
|
|
45
|
+
else
|
|
46
|
+
comments = "Certificates #{certificates_expiring_in_less_than_30_days.map { |certificate| certificate[:name] }.join(", ")} are expiring in less than 30 days."
|
|
47
|
+
certificates_expiring_in_less_than_30_days_present = "Yes"
|
|
48
|
+
end
|
|
49
|
+
apps_data << [app, certificates_expiring_in_less_than_30_days_present, comments, audit_passed]
|
|
33
50
|
end
|
|
34
51
|
ui.print_table(apps_data)
|
|
35
52
|
end
|
|
@@ -16,6 +16,7 @@ module Neetob
|
|
|
16
16
|
ui.success("### 1.1.1. Checking whether running `bundle-audit check` throws any vulnerabilities")
|
|
17
17
|
repo_data = [["Repository", "Vulnerabilities Found", "Comments", "Audit Passed"]]
|
|
18
18
|
ui.info "\n"
|
|
19
|
+
last_comment = nil
|
|
19
20
|
NeetoCompliance::NeetoRepos.products.keys.each do |repo|
|
|
20
21
|
ui.info("Checking bundle audit run results for #{repo}", print_to_audit_log: false)
|
|
21
22
|
bundle_audit_result = Neetob::CLI::Github::BundleAudit.new([repo]).run
|
|
@@ -27,6 +28,11 @@ module Neetob
|
|
|
27
28
|
else
|
|
28
29
|
vulnerabilities_found = "Yes"
|
|
29
30
|
comments = bundle_audit_result.gsub("\n", "<br>")
|
|
31
|
+
same_as_last_vulnerabilities = comments == last_comment
|
|
32
|
+
last_comment = comments
|
|
33
|
+
if same_as_last_vulnerabilities
|
|
34
|
+
comments = "''"
|
|
35
|
+
end
|
|
30
36
|
end
|
|
31
37
|
repo_data << [repo, vulnerabilities_found, comments, audit_passed]
|
|
32
38
|
end
|
data/lib/neetob/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: neetob
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.30
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Udai Gupta
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-01-
|
|
11
|
+
date: 2025-01-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -218,6 +218,7 @@ files:
|
|
|
218
218
|
- lib/neetob/cli/heroku/access/remove.rb
|
|
219
219
|
- lib/neetob/cli/heroku/autoscaling_config.rb
|
|
220
220
|
- lib/neetob/cli/heroku/base.rb
|
|
221
|
+
- lib/neetob/cli/heroku/certs.rb
|
|
221
222
|
- lib/neetob/cli/heroku/commands.rb
|
|
222
223
|
- lib/neetob/cli/heroku/config_vars/audit.rb
|
|
223
224
|
- lib/neetob/cli/heroku/config_vars/base.rb
|
|
@@ -248,12 +249,12 @@ files:
|
|
|
248
249
|
- lib/neetob/cli/monthly_audit/instances_and_addons/honeybadger/main.rb
|
|
249
250
|
- lib/neetob/cli/monthly_audit/instances_and_addons/honeybadger/setup_correctly_for_apps.rb
|
|
250
251
|
- lib/neetob/cli/monthly_audit/instances_and_addons/main.rb
|
|
251
|
-
- lib/neetob/cli/monthly_audit/instances_and_addons/
|
|
252
|
-
- lib/neetob/cli/monthly_audit/instances_and_addons/
|
|
253
|
-
- lib/neetob/cli/monthly_audit/instances_and_addons/
|
|
254
|
-
- lib/neetob/cli/monthly_audit/instances_and_addons/
|
|
255
|
-
- lib/neetob/cli/monthly_audit/instances_and_addons/
|
|
256
|
-
- lib/neetob/cli/monthly_audit/instances_and_addons/
|
|
252
|
+
- lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy_or_heroku/auto_scaling_enabled.rb
|
|
253
|
+
- lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy_or_heroku/cloudfront_cdn_enabled.rb
|
|
254
|
+
- lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy_or_heroku/essential_environment_variables_set.rb
|
|
255
|
+
- lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy_or_heroku/main.rb
|
|
256
|
+
- lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy_or_heroku/scheduled_exports_enabled.rb
|
|
257
|
+
- lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy_or_heroku/ssl_certificates_over_thirty_days_from_expiry.rb
|
|
257
258
|
- lib/neetob/cli/monthly_audit/misc/main.rb
|
|
258
259
|
- lib/neetob/cli/monthly_audit/misc/redirections_working_correctly.rb
|
|
259
260
|
- lib/neetob/cli/monthly_audit/misc/sparkpost_sub_account_used_for_all_apps.rb
|