neetob 0.5.56 → 0.5.57

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a6d0f5f14328fd58d78796801b804ecb554c8e5137742b4c3a359d7ac4abca8
-  data.tar.gz: 3edc72355b7c37b83440f5688ca35fb22cd402797c1a07a04e8873bd9a341a63
+  metadata.gz: 3821951c5318dd72f074db7e8eb6fe1361bda15654b920074adbaf70555e0a01
+  data.tar.gz: 5fde35a1fe499c6023d3804be70f0c2ab839e8ebd05a46bf7ff8b7cf2367f3bd
 SHA512:
-  metadata.gz: 0bf8a602943256423a313aa3571bd3b38a6d5782b583308adb77619bbdec342ed7b329600019bdd6d6f8f99db1823168cf18c4469bdff41eb5bdb4c4d38d0dbe
-  data.tar.gz: 79fff223b0850291dedb17617ba02a962238bdcbd387a1e92832e34b1e25c09de122ee302eade527900dc1ea457781c2700094a38c1515eb904c12898629ed1b
+  metadata.gz: af3dc2565387e07251580b4e13e91f2c6c249bee01a96d6fcec61a5001a492c98ff0d55c754a8e464aef017d07a576ac45742de17e2eff91e7dc0ade3da595d2
+  data.tar.gz: ec9229722dc0af2ec1ec25bb95b0639ca4ea7e76fb55849b21eef7d9a91c8a6a00b0e874ac8343e84e4b67d49c5f082c81aec915bdac4a87544abaa8104892eb

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    neetob (0.5.56)
+    neetob (0.5.57)
       actionview
       activesupport
       brakeman (~> 5.0)

data/lib/neetob/cli/github/unused_assets_audit.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+require_relative "./make_pr/base"
+module Neetob
+  class CLI
+    module Github
+      class UnusedAssetsAudit < MakePr::Base
+        DESCRIPTION = "Fix security vulnerabilities reported by unused assets audit"
+        attr_accessor :repos, :sandbox
+
+        def initialize(repos, sandbox = false)
+          super()
+          @repos = repos
+          @sandbox = sandbox
+        end
+
+        def run
+          matching_repos = find_all_matching_apps_or_repos(repos, :github, sandbox)
+          report = nil
+          matching_repos.each do |repo|
+            begin
+              ui.info("\nWorking on repo #{repo}", print_to_audit_log: false)
+              clone_repo_in_tmp_dir(repo)
+              image_dir = "/tmp/neetob/#{repo_name_without_org_suffix(repo)}/app/assets/images"
+              src_dir = "/tmp/neetob/#{repo_name_without_org_suffix(repo)}/app/javascript/src"
+              views_dir = "/tmp/neetob/#{repo_name_without_org_suffix(repo)}/app/views"
+              report = find_unused_images(image_dir, src_dir, views_dir)
+              ui.success("Successfully executed unused assets audit for #{repo}", print_to_audit_log: false)
+            rescue StandardError => e
+              ExceptionHandler.new(e).process
+            end
+          end
+          `rm -rf /tmp/neetob` unless Thread.current[:audit_mode]
+          if Thread.current[:audit_mode]
+            report
+          end
+        end
+
+        private
+
+          def list_image_files(dir_path)
+            Dir.glob("#{dir_path}/**/*").select { |file| File.file?(file) }
+          end
+
+          def find_unused_images(image_dir, src_dir, views_dir)
+            images = Set.new(list_image_files(image_dir))
+            images = filter_used_images(src_dir, images)
+            images = filter_used_images(views_dir, images, true)
+            images.to_a
+          end
+
+          def filter_used_images(dir, images, is_views_path = false)
+            new_images_set = Set.new(images)
+            Dir.glob("#{dir}/**/*") do |file|
+              next unless File.file?(file)
+
+              File.open(file, "r") do |file_content|
+                new_images_set.each do |image_file_path|
+                  destructured_image_path = split_image_path(is_views_path, image_file_path)
+                  if image_file_imported(file_content.read, destructured_image_path, is_views_path)
+                    new_images_set.delete(image_file_path)
+                  end
+                  file_content.rewind
+                end
+              end
+            end
+            new_images_set
+          end
+
+          def image_file_imported(file, image_path, is_views_path)
+            regex = is_views_path ? /"#{image_path}"/ : /import .* from "#{image_path}";/
+            file.match(regex)
+          end
+
+          def split_image_path(is_views_path, image_file_path)
+            if is_views_path
+              image_file_path.split("images/").last
+            else
+              image_file_path[image_file_path.index("images")..image_file_path.rindex(".") - 1]
+            end
+          end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/code/checks_for_unused_assets.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require_relative "../../../github/unused_assets_audit"
+
+module Neetob
+  class CLI
+    module MonthlyAudit
+      module Security
+        module Code
+          class ChecksForUnusedAssets < CLI::Base
+            def initialize
+              super()
+            end
+
+            def run
+              ui.success("### 1.1.5. Checking whether running `unused assets audit` throws any vulnerabilities")
+              repo_data = [["Repository", "Unused Assets Found", "Comments", "Audit Passed"]]
+              ui.info "\n"
+
+              NeetoCompliance::NeetoRepos.products.keys.each do |repo|
+                ui.info("Checking unused assets for #{repo}", print_to_audit_log: false)
+                unused_files = Neetob::CLI::Github::UnusedAssetsAudit.new([repo]).run
+                if unused_files && unused_files.any?
+                  unused_assets_found = "Yes"
+                  audit_passed = "No"
+                  comments = unused_files.join("<br>")
+                else
+                  unused_assets_found = "No"
+                  audit_passed = "Yes"
+                  comments = nil
+                end
+
+                repo_data << [repo, unused_assets_found, comments, audit_passed]
+              end
+
+              ui.print_table(repo_data)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/neetob/cli/monthly_audit/security/code/main.rb

@@ -4,6 +4,7 @@ require_relative "bundle_audit"
 require_relative "yarn_audit"
 require_relative "brakeman"
 require_relative "active_record_doctor"
+require_relative "checks_for_unused_assets"
 
 module Neetob
   class CLI
@@ -23,6 +24,8 @@ module Neetob
               Brakeman.new.run
               ui.info "\n"
               ActiveRecordDoctor.new.run
+              ui.info "\n"
+              ChecksForUnusedAssets.new.run
             end
           end
         end

data/lib/neetob/cli/ui.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-4# frozen_string_literal: true
+# frozen_string_literal: true
 
 require "thor"
 

data/lib/neetob/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Neetob
-  VERSION = "0.5.56"
+  VERSION = "0.5.57"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: neetob
 version: !ruby/object:Gem::Version
-  version: 0.5.56
+  version: 0.5.57
 platform: ruby
 authors:
 - Udai Gupta
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-05-02 00:00:00.000000000 Z
+date: 2025-05-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -261,6 +261,7 @@ files:
 - lib/neetob/cli/github/repositories/get_security_details.rb
 - lib/neetob/cli/github/repositories/pull_requests.rb
 - lib/neetob/cli/github/search.rb
+- lib/neetob/cli/github/unused_assets_audit.rb
 - lib/neetob/cli/github/yarn_audit.rb
 - lib/neetob/cli/heroku/access/add.rb
 - lib/neetob/cli/heroku/access/commands.rb
@@ -313,6 +314,7 @@ files:
 - lib/neetob/cli/monthly_audit/security/code/active_record_doctor.rb
 - lib/neetob/cli/monthly_audit/security/code/brakeman.rb
 - lib/neetob/cli/monthly_audit/security/code/bundle_audit.rb
+- lib/neetob/cli/monthly_audit/security/code/checks_for_unused_assets.rb
 - lib/neetob/cli/monthly_audit/security/code/main.rb
 - lib/neetob/cli/monthly_audit/security/code/yarn_audit.rb
 - lib/neetob/cli/monthly_audit/security/github/dependabot_prs_merged.rb