newrelic_security 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.github/ISSUE_TEMPLATE/bug_report.md +38 -0
- data/.github/ISSUE_TEMPLATE/enhancement.md +27 -0
- data/.github/actions/simplecov-report/LICENSE +22 -0
- data/.github/actions/simplecov-report/README.md +36 -0
- data/.github/actions/simplecov-report/__tests__/.keep +0 -0
- data/.github/actions/simplecov-report/__tests__/main.test.ts +3 -0
- data/.github/actions/simplecov-report/action.yml +25 -0
- data/.github/actions/simplecov-report/dist/index.js +10238 -0
- data/.github/actions/simplecov-report/dummy_coverage/.last_run.json +5 -0
- data/.github/actions/simplecov-report/jest.config.js +11 -0
- data/.github/actions/simplecov-report/package.json +51 -0
- data/.github/actions/simplecov-report/src/main.ts +54 -0
- data/.github/actions/simplecov-report/src/report.ts +28 -0
- data/.github/actions/simplecov-report/tsconfig.json +12 -0
- data/.github/workflows/pr_ci.yml +77 -0
- data/.github/workflows/release.yml +51 -0
- data/.github/workflows/repolinter.yml +31 -0
- data/.github/workflows/rubocop.yml +17 -0
- data/.github/workflows/scripts/rubygems-authenticate.py +13 -0
- data/.github/workflows/scripts/rubygems-publish.rb +33 -0
- data/.gitignore +72 -0
- data/.rubocop.yml +9 -0
- data/.rubocop_todo.yml +1414 -0
- data/.simplecov +16 -0
- data/CHANGELOG.md +69 -0
- data/CONTRIBUTING.md +22 -0
- data/Gemfile +6 -0
- data/Gemfile_test +58 -0
- data/LICENSE +43 -0
- data/README.md +133 -0
- data/README_agent.md +44 -0
- data/Rakefile +28 -0
- data/THIRD_PARTY_NOTICES.md +36 -0
- data/lib/newrelic_security/agent/agent.rb +109 -0
- data/lib/newrelic_security/agent/configuration/default_source.rb +8 -0
- data/lib/newrelic_security/agent/configuration/environment_source.rb +8 -0
- data/lib/newrelic_security/agent/configuration/manager.rb +178 -0
- data/lib/newrelic_security/agent/configuration/manual_source.rb +8 -0
- data/lib/newrelic_security/agent/configuration/server_source.rb +8 -0
- data/lib/newrelic_security/agent/configuration/yaml_source.rb +8 -0
- data/lib/newrelic_security/agent/control/app_info.rb +132 -0
- data/lib/newrelic_security/agent/control/application_url_mappings.rb +66 -0
- data/lib/newrelic_security/agent/control/collector.rb +117 -0
- data/lib/newrelic_security/agent/control/control_command.rb +117 -0
- data/lib/newrelic_security/agent/control/critical_message.rb +58 -0
- data/lib/newrelic_security/agent/control/event.rb +149 -0
- data/lib/newrelic_security/agent/control/event_counter.rb +28 -0
- data/lib/newrelic_security/agent/control/event_processor.rb +134 -0
- data/lib/newrelic_security/agent/control/event_stats.rb +26 -0
- data/lib/newrelic_security/agent/control/event_subscriber.rb +28 -0
- data/lib/newrelic_security/agent/control/exit_event.rb +38 -0
- data/lib/newrelic_security/agent/control/fuzz_request.rb +18 -0
- data/lib/newrelic_security/agent/control/grpc_context.rb +57 -0
- data/lib/newrelic_security/agent/control/health_check.rb +136 -0
- data/lib/newrelic_security/agent/control/http_context.rb +73 -0
- data/lib/newrelic_security/agent/control/iast_client.rb +151 -0
- data/lib/newrelic_security/agent/control/iast_data_transfer_request.rb +32 -0
- data/lib/newrelic_security/agent/control/reflected_xss.rb +258 -0
- data/lib/newrelic_security/agent/control/websocket_client.rb +131 -0
- data/lib/newrelic_security/agent/logging/init_logger.rb +91 -0
- data/lib/newrelic_security/agent/logging/logger.rb +92 -0
- data/lib/newrelic_security/agent/logging/null_logger.rb +21 -0
- data/lib/newrelic_security/agent/resources/cert.pem +50 -0
- data/lib/newrelic_security/agent/utils/agent_utils.rb +219 -0
- data/lib/newrelic_security/agent.rb +57 -0
- data/lib/newrelic_security/constants.rb +67 -0
- data/lib/newrelic_security/instrumentation-security/active_record/mysql2_adapter/chain.rb +70 -0
- data/lib/newrelic_security/instrumentation-security/active_record/mysql2_adapter/instrumentation.rb +187 -0
- data/lib/newrelic_security/instrumentation-security/active_record/mysql2_adapter/prepend.rb +54 -0
- data/lib/newrelic_security/instrumentation-security/active_record/postgresql_adapter/chain.rb +60 -0
- data/lib/newrelic_security/instrumentation-security/active_record/postgresql_adapter/instrumentation.rb +143 -0
- data/lib/newrelic_security/instrumentation-security/active_record/postgresql_adapter/prepend.rb +48 -0
- data/lib/newrelic_security/instrumentation-security/active_record/sqlite3_adapter/chain.rb +72 -0
- data/lib/newrelic_security/instrumentation-security/active_record/sqlite3_adapter/instrumentation.rb +187 -0
- data/lib/newrelic_security/instrumentation-security/active_record/sqlite3_adapter/prepend.rb +54 -0
- data/lib/newrelic_security/instrumentation-security/async-http/chain.rb +21 -0
- data/lib/newrelic_security/instrumentation-security/async-http/instrumentation.rb +46 -0
- data/lib/newrelic_security/instrumentation-security/async-http/prepend.rb +16 -0
- data/lib/newrelic_security/instrumentation-security/curb/chain.rb +26 -0
- data/lib/newrelic_security/instrumentation-security/curb/instrumentation.rb +52 -0
- data/lib/newrelic_security/instrumentation-security/curb/prepend.rb +18 -0
- data/lib/newrelic_security/instrumentation-security/dir/chain.rb +42 -0
- data/lib/newrelic_security/instrumentation-security/dir/instrumentation.rb +102 -0
- data/lib/newrelic_security/instrumentation-security/dir/prepend.rb +28 -0
- data/lib/newrelic_security/instrumentation-security/ethon/chain.rb +53 -0
- data/lib/newrelic_security/instrumentation-security/ethon/instrumentation.rb +122 -0
- data/lib/newrelic_security/instrumentation-security/ethon/prepend.rb +39 -0
- data/lib/newrelic_security/instrumentation-security/excon/chain.rb +23 -0
- data/lib/newrelic_security/instrumentation-security/excon/instrumentation.rb +44 -0
- data/lib/newrelic_security/instrumentation-security/excon/prepend.rb +17 -0
- data/lib/newrelic_security/instrumentation-security/file/chain.rb +34 -0
- data/lib/newrelic_security/instrumentation-security/file/instrumentation.rb +62 -0
- data/lib/newrelic_security/instrumentation-security/file/prepend.rb +22 -0
- data/lib/newrelic_security/instrumentation-security/grape/chain.rb +42 -0
- data/lib/newrelic_security/instrumentation-security/grape/instrumentation.rb +56 -0
- data/lib/newrelic_security/instrumentation-security/grape/prepend.rb +30 -0
- data/lib/newrelic_security/instrumentation-security/grpc/client/chain.rb +47 -0
- data/lib/newrelic_security/instrumentation-security/grpc/client/instrumentation.rb +37 -0
- data/lib/newrelic_security/instrumentation-security/grpc/client/prepend.rb +36 -0
- data/lib/newrelic_security/instrumentation-security/grpc/server/chain.rb +62 -0
- data/lib/newrelic_security/instrumentation-security/grpc/server/instrumentation.rb +65 -0
- data/lib/newrelic_security/instrumentation-security/grpc/server/prepend.rb +46 -0
- data/lib/newrelic_security/instrumentation-security/httpclient/chain.rb +30 -0
- data/lib/newrelic_security/instrumentation-security/httpclient/instrumentation.rb +82 -0
- data/lib/newrelic_security/instrumentation-security/httpclient/prepend.rb +22 -0
- data/lib/newrelic_security/instrumentation-security/httprb/chain.rb +21 -0
- data/lib/newrelic_security/instrumentation-security/httprb/instrumentation.rb +44 -0
- data/lib/newrelic_security/instrumentation-security/httprb/prepend.rb +16 -0
- data/lib/newrelic_security/instrumentation-security/httpx/chain.rb +23 -0
- data/lib/newrelic_security/instrumentation-security/httpx/instrumentation.rb +51 -0
- data/lib/newrelic_security/instrumentation-security/httpx/prepend.rb +18 -0
- data/lib/newrelic_security/instrumentation-security/instrumentation_loader.rb +50 -0
- data/lib/newrelic_security/instrumentation-security/instrumentation_utils.rb +165 -0
- data/lib/newrelic_security/instrumentation-security/io/chain.rb +113 -0
- data/lib/newrelic_security/instrumentation-security/io/instrumentation.rb +300 -0
- data/lib/newrelic_security/instrumentation-security/io/prepend.rb +86 -0
- data/lib/newrelic_security/instrumentation-security/kernel/chain.rb +65 -0
- data/lib/newrelic_security/instrumentation-security/kernel/instrumentation.rb +167 -0
- data/lib/newrelic_security/instrumentation-security/kernel/prepend.rb +50 -0
- data/lib/newrelic_security/instrumentation-security/mongo/chain.rb +106 -0
- data/lib/newrelic_security/instrumentation-security/mongo/instrumentation.rb +273 -0
- data/lib/newrelic_security/instrumentation-security/mongo/prepend.rb +77 -0
- data/lib/newrelic_security/instrumentation-security/mysql2/chain.rb +53 -0
- data/lib/newrelic_security/instrumentation-security/mysql2/instrumentation.rb +84 -0
- data/lib/newrelic_security/instrumentation-security/mysql2/prepend.rb +37 -0
- data/lib/newrelic_security/instrumentation-security/net_http/chain.rb +21 -0
- data/lib/newrelic_security/instrumentation-security/net_http/instrumentation.rb +60 -0
- data/lib/newrelic_security/instrumentation-security/net_http/prepend.rb +16 -0
- data/lib/newrelic_security/instrumentation-security/net_ldap/chain.rb +21 -0
- data/lib/newrelic_security/instrumentation-security/net_ldap/instrumentation.rb +42 -0
- data/lib/newrelic_security/instrumentation-security/net_ldap/prepend.rb +16 -0
- data/lib/newrelic_security/instrumentation-security/nokogiri/chain.rb +46 -0
- data/lib/newrelic_security/instrumentation-security/nokogiri/instrumentation.rb +36 -0
- data/lib/newrelic_security/instrumentation-security/nokogiri/prepend.rb +31 -0
- data/lib/newrelic_security/instrumentation-security/padrino/chain.rb +26 -0
- data/lib/newrelic_security/instrumentation-security/padrino/instrumentation.rb +42 -0
- data/lib/newrelic_security/instrumentation-security/padrino/prepend.rb +20 -0
- data/lib/newrelic_security/instrumentation-security/patron/chain.rb +23 -0
- data/lib/newrelic_security/instrumentation-security/patron/instrumentation.rb +50 -0
- data/lib/newrelic_security/instrumentation-security/patron/prepend.rb +18 -0
- data/lib/newrelic_security/instrumentation-security/pg/chain.rb +49 -0
- data/lib/newrelic_security/instrumentation-security/pg/instrumentation.rb +102 -0
- data/lib/newrelic_security/instrumentation-security/pg/prepend.rb +36 -0
- data/lib/newrelic_security/instrumentation-security/pty/chain.rb +31 -0
- data/lib/newrelic_security/instrumentation-security/pty/instrumentation.rb +52 -0
- data/lib/newrelic_security/instrumentation-security/pty/prepend.rb +22 -0
- data/lib/newrelic_security/instrumentation-security/rails/chain.rb +46 -0
- data/lib/newrelic_security/instrumentation-security/rails/instrumentation.rb +67 -0
- data/lib/newrelic_security/instrumentation-security/rails/prepend.rb +33 -0
- data/lib/newrelic_security/instrumentation-security/roda/chain.rb +22 -0
- data/lib/newrelic_security/instrumentation-security/roda/instrumentation.rb +41 -0
- data/lib/newrelic_security/instrumentation-security/roda/prepend.rb +16 -0
- data/lib/newrelic_security/instrumentation-security/sinatra/chain.rb +29 -0
- data/lib/newrelic_security/instrumentation-security/sinatra/instrumentation.rb +49 -0
- data/lib/newrelic_security/instrumentation-security/sinatra/prepend.rb +21 -0
- data/lib/newrelic_security/instrumentation-security/sqlite3/chain.rb +79 -0
- data/lib/newrelic_security/instrumentation-security/sqlite3/instrumentation.rb +164 -0
- data/lib/newrelic_security/instrumentation-security/sqlite3/prepend.rb +56 -0
- data/lib/newrelic_security/newrelic-security-api/api.rb +72 -0
- data/lib/newrelic_security/version.rb +5 -0
- data/lib/newrelic_security/websocket-client-simple/client.rb +128 -0
- data/lib/newrelic_security/websocket-client-simple/event_emitter.rb +72 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/error.rb +129 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/exception_handler.rb +32 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/base.rb +62 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/data.rb +49 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/base.rb +41 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/handler03.rb +224 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/handler04.rb +18 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/handler05.rb +15 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/handler07.rb +78 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/handler75.rb +78 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler.rb +15 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/incoming/client.rb +17 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/incoming/server.rb +17 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/incoming.rb +52 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/outgoing/client.rb +17 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/outgoing/server.rb +17 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/outgoing.rb +35 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame.rb +11 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/base.rb +142 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/client.rb +130 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/base.rb +49 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/client.rb +32 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/client01.rb +20 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/client04.rb +63 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/client11.rb +22 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/client75.rb +39 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/client76.rb +105 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/server.rb +10 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/server04.rb +56 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/server75.rb +40 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/server76.rb +75 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler.rb +21 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/server.rb +179 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake.rb +10 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/nice_inspect.rb +12 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/version.rb +5 -0
- data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket.rb +50 -0
- data/lib/newrelic_security.rb +6 -0
- data/lib/tasks/all.rb +8 -0
- data/lib/tasks/coverage_report.rake +27 -0
- data/newrelic_security.gemspec +51 -0
- metadata +342 -0
@@ -0,0 +1,51 @@
|
|
1
|
+
{
|
2
|
+
"name": "simplecov-report",
|
3
|
+
"version": "1.4.1",
|
4
|
+
"private": true,
|
5
|
+
"description": "SimpleCov Report",
|
6
|
+
"main": "lib/main.js",
|
7
|
+
"scripts": {
|
8
|
+
"build": "tsc --allowSyntheticDefaultImports",
|
9
|
+
"format": "prettier --write **/*.ts",
|
10
|
+
"format-check": "prettier --check **/*.ts",
|
11
|
+
"lint": "eslint src/**/*.ts",
|
12
|
+
"pack": "ncc build",
|
13
|
+
"test": "jest",
|
14
|
+
"all": "npm run build && npm run format && npm run lint && npm run pack && npm test",
|
15
|
+
"build_pack": "npm run build && npm run pack"
|
16
|
+
},
|
17
|
+
"repository": {
|
18
|
+
"type": "git",
|
19
|
+
"url": "git+https://github.com/actions/typescript-action.git"
|
20
|
+
},
|
21
|
+
"keywords": [
|
22
|
+
"actions",
|
23
|
+
"node",
|
24
|
+
"setup"
|
25
|
+
],
|
26
|
+
"author": "aki77",
|
27
|
+
"license": "MIT",
|
28
|
+
"dependencies": {
|
29
|
+
"@actions/core": "^1.9.0",
|
30
|
+
"@actions/github": "^5.0.0",
|
31
|
+
"@aki77/actions-replace-comment": "^0.5.0",
|
32
|
+
"markdown-table": "^3.0.0"
|
33
|
+
},
|
34
|
+
"devDependencies": {
|
35
|
+
"@types/jest": "^27.0.2",
|
36
|
+
"@types/markdown-table": "^3.0.0",
|
37
|
+
"@types/node": "^12.12.38",
|
38
|
+
"@typescript-eslint/parser": "^5.16.0",
|
39
|
+
"@zeit/ncc": "^0.22.3",
|
40
|
+
"eslint": "^8.12.0",
|
41
|
+
"eslint-plugin-github": "^4.1.1",
|
42
|
+
"eslint-plugin-jest": "^26.1.3",
|
43
|
+
"eslint-plugin-prettier": "^4.0.0",
|
44
|
+
"jest": "^27.2.2",
|
45
|
+
"jest-circus": "^27.2.2",
|
46
|
+
"js-yaml": "^4.1.0",
|
47
|
+
"prettier": "^2.1.2",
|
48
|
+
"ts-jest": "^27.0.5",
|
49
|
+
"typescript": "^4.0.3"
|
50
|
+
}
|
51
|
+
}
|
@@ -0,0 +1,54 @@
|
|
1
|
+
import path from 'path'
|
2
|
+
import * as core from '@actions/core'
|
3
|
+
import * as github from '@actions/github'
|
4
|
+
import {report} from './report'
|
5
|
+
|
6
|
+
interface Result {
|
7
|
+
result: {
|
8
|
+
covered_percent?: number // NOTE: simplecov < 0.21.0
|
9
|
+
line?: number
|
10
|
+
branch?: number | undefined
|
11
|
+
}
|
12
|
+
}
|
13
|
+
|
14
|
+
async function run(): Promise<void> {
|
15
|
+
try {
|
16
|
+
if (!github.context.issue.number) {
|
17
|
+
core.warning('Cannot find the PR id.')
|
18
|
+
return
|
19
|
+
}
|
20
|
+
|
21
|
+
const failedThreshold: number = Number.parseInt(core.getInput('failedThreshold'), 10)
|
22
|
+
core.debug(`failedThreshold ${failedThreshold}`)
|
23
|
+
|
24
|
+
const failedThresholdBranch: number = Number.parseInt(core.getInput('failedThresholdBranch'), 10)
|
25
|
+
core.debug(`failedThresholdBranch ${failedThresholdBranch}`)
|
26
|
+
|
27
|
+
const resultPath: string = core.getInput('resultPath')
|
28
|
+
core.debug(`resultPath ${resultPath}`)
|
29
|
+
|
30
|
+
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion, @typescript-eslint/no-require-imports, @typescript-eslint/no-var-requires
|
31
|
+
const json = require(path.resolve(process.env.GITHUB_WORKSPACE!, resultPath)) as Result
|
32
|
+
const coveredPercent = json.result.covered_percent ?? json.result.line
|
33
|
+
const coveredPercentBranch = json.result.branch
|
34
|
+
|
35
|
+
if (coveredPercent === undefined) {
|
36
|
+
throw new Error('Coverage is undefined!')
|
37
|
+
}
|
38
|
+
|
39
|
+
await report(coveredPercent, failedThreshold, coveredPercentBranch, failedThresholdBranch)
|
40
|
+
|
41
|
+
if (coveredPercent < failedThreshold) {
|
42
|
+
throw new Error(`Line coverage is less than ${failedThreshold}%. (${coveredPercent}%)`)
|
43
|
+
}
|
44
|
+
if ((coveredPercentBranch !== undefined) && (coveredPercentBranch < failedThresholdBranch)) {
|
45
|
+
throw new Error(`Branch coverage is less than ${failedThresholdBranch}%. (${coveredPercentBranch}%)`)
|
46
|
+
}
|
47
|
+
} catch (error) {
|
48
|
+
if (error instanceof Error) {
|
49
|
+
core.setFailed(error.message)
|
50
|
+
}
|
51
|
+
}
|
52
|
+
}
|
53
|
+
|
54
|
+
run()
|
@@ -0,0 +1,28 @@
|
|
1
|
+
import * as core from '@actions/core'
|
2
|
+
import * as github from '@actions/github'
|
3
|
+
import replaceComment from '@aki77/actions-replace-comment'
|
4
|
+
import {markdownTable} from 'markdown-table'
|
5
|
+
|
6
|
+
export async function report(coveredPercent: number, failedThreshold: number, coveredPercentBranch: number | undefined, failedThresholdBranch: number): Promise<void> {
|
7
|
+
let results: string[][] = [['','Coverage', 'Threshold'],
|
8
|
+
['Line', `${coveredPercent}%`, `${failedThreshold}%`]]
|
9
|
+
if (coveredPercentBranch){
|
10
|
+
results.push(['Branch',`${coveredPercentBranch}%`,`${failedThresholdBranch}%`])
|
11
|
+
}
|
12
|
+
const summaryTable = markdownTable(results)
|
13
|
+
|
14
|
+
const pullRequestId = github.context.issue.number
|
15
|
+
if (!pullRequestId) {
|
16
|
+
throw new Error('Cannot find the PR id.')
|
17
|
+
}
|
18
|
+
|
19
|
+
await replaceComment({
|
20
|
+
token: core.getInput('token', {required: true}),
|
21
|
+
owner: github.context.repo.owner,
|
22
|
+
repo: github.context.repo.repo,
|
23
|
+
issue_number: pullRequestId,
|
24
|
+
body: `## SimpleCov Report
|
25
|
+
${summaryTable}
|
26
|
+
`
|
27
|
+
})
|
28
|
+
}
|
@@ -0,0 +1,12 @@
|
|
1
|
+
{
|
2
|
+
"compilerOptions": {
|
3
|
+
"target": "es6", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */
|
4
|
+
"module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */
|
5
|
+
"outDir": "./lib", /* Redirect output structure to the directory. */
|
6
|
+
"rootDir": "./src", /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
|
7
|
+
"strict": true, /* Enable all strict type-checking options. */
|
8
|
+
"noImplicitAny": true, /* Raise error on expressions and declarations with an implied 'any' type. */
|
9
|
+
"esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
|
10
|
+
},
|
11
|
+
"exclude": ["node_modules", "**/*.test.ts"]
|
12
|
+
}
|
@@ -0,0 +1,77 @@
|
|
1
|
+
name: PR Continuous Integration
|
2
|
+
on:
|
3
|
+
pull_request:
|
4
|
+
workflow_dispatch:
|
5
|
+
|
6
|
+
jobs:
|
7
|
+
unit_tests:
|
8
|
+
runs-on: ubuntu-22.04
|
9
|
+
strategy:
|
10
|
+
fail-fast: false
|
11
|
+
matrix:
|
12
|
+
ruby-version: [2.4.10, 2.5.9, 2.6.10, 2.7.8, 3.0.7, 3.1.5, 3.2.4, 3.3.1, jruby-9.4.5.0]
|
13
|
+
instrumentation-method: ['prepend', 'chain']
|
14
|
+
steps:
|
15
|
+
- name: Configure git
|
16
|
+
run: 'git config --global init.defaultBranch main'
|
17
|
+
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # tag v4.1.2
|
18
|
+
|
19
|
+
# - curl is needed for Curb
|
20
|
+
# - xslt is needed for older Nokogiris, RUBY_VERSION < 2.5
|
21
|
+
- name: Install OS packages
|
22
|
+
run: sudo apt-get update; sudo apt-get install -y --no-install-recommends libcurl4-nss-dev libxslt1-dev libc6-dev openjdk-11-jdk
|
23
|
+
|
24
|
+
- name: Install Ruby ${{ matrix.ruby-version }}
|
25
|
+
uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # tag v1.176.0
|
26
|
+
with:
|
27
|
+
ruby-version: ${{ matrix.ruby-version }}
|
28
|
+
|
29
|
+
- name: Bundle test environment
|
30
|
+
run: BUNDLE_GEMFILE=Gemfile_test rake test_bundle
|
31
|
+
|
32
|
+
- name: Run Unit Tests
|
33
|
+
run: bundle exec rake test
|
34
|
+
env:
|
35
|
+
VERBOSE_TEST_OUTPUT: true
|
36
|
+
BUNDLE_GEMFILE: 'Gemfile_test'
|
37
|
+
NR_CSEC_INSTRUMENTATION_METHOD: '${{ matrix.instrumentation-method }}'
|
38
|
+
|
39
|
+
- name: Save coverage results
|
40
|
+
uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # tag v4.3.2
|
41
|
+
with:
|
42
|
+
name: coverage-report-unit-tests-${{ matrix.ruby-version }}-${{ matrix.instrumentation-method }}
|
43
|
+
path: lib/coverage_*/.resultset.json
|
44
|
+
|
45
|
+
simplecov:
|
46
|
+
needs: unit_tests
|
47
|
+
runs-on: ubuntu-22.04
|
48
|
+
if: github.event.pull_request.head.repo.full_name == github.repository
|
49
|
+
permissions:
|
50
|
+
pull-requests: write
|
51
|
+
contents: read
|
52
|
+
steps:
|
53
|
+
- name: Configure git
|
54
|
+
run: 'git config --global init.defaultBranch main'
|
55
|
+
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # tag v4.1.2
|
56
|
+
- uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # tag v1.176.0
|
57
|
+
with:
|
58
|
+
ruby-version: '3.1'
|
59
|
+
- run: bundle
|
60
|
+
- name: Download all workflow run artifacts
|
61
|
+
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # tag v4.1.6
|
62
|
+
- name: Collate Coverage Results
|
63
|
+
run: bundle exec rake coverage:report
|
64
|
+
- name: Upload coverage results
|
65
|
+
uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # tag v4.3.2
|
66
|
+
with:
|
67
|
+
name: coverage-report-combined
|
68
|
+
path: lib/coverage_results
|
69
|
+
retention-days: 2
|
70
|
+
- name: Simplecov Report
|
71
|
+
uses: ./.github/actions/simplecov-report
|
72
|
+
with:
|
73
|
+
token: ${{ secrets.GITHUB_TOKEN }}
|
74
|
+
resultPath: lib/coverage_results/.last_run.json
|
75
|
+
failedThreshold: 70
|
76
|
+
failedThresholdBranch: 33
|
77
|
+
|
@@ -0,0 +1,51 @@
|
|
1
|
+
name: Release
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches:
|
6
|
+
- main
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
release:
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
permissions:
|
12
|
+
contents: write
|
13
|
+
repository-projects: write
|
14
|
+
steps:
|
15
|
+
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # tag v4.1.2
|
16
|
+
with:
|
17
|
+
fetch-depth: 0
|
18
|
+
|
19
|
+
- uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # tag v1.176.0
|
20
|
+
with:
|
21
|
+
ruby-version: 3.2
|
22
|
+
|
23
|
+
- name: Install onetimepass
|
24
|
+
run: pip install onetimepass==1.0.1
|
25
|
+
|
26
|
+
- name: Configure gem credentials
|
27
|
+
run: |
|
28
|
+
echo "GEM_HOST_API_KEY=${{ secrets.RUBYGEMS_API_KEY }}" >> $GITHUB_ENV
|
29
|
+
echo "RUBYGEMS_MFA_KEY=${{ secrets.RUBYGEMS_MFA_KEY }}" >> $GITHUB_ENV
|
30
|
+
|
31
|
+
- name: Build newrelic_security gem
|
32
|
+
run: gem build newrelic_security.gemspec
|
33
|
+
|
34
|
+
- name: Determine version
|
35
|
+
run: |
|
36
|
+
echo "VERSION=$(ls newrelic_security-*.gem | ruby -pe 'sub(/newrelic_security\-(.*).gem/, "\\1")')" >> $GITHUB_ENV
|
37
|
+
|
38
|
+
- name: Create github release
|
39
|
+
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # tag v0.1.15
|
40
|
+
if: $(git tag -l ${{ env.VERSION }}) == false
|
41
|
+
with:
|
42
|
+
tag_name: ${{ env.VERSION }}
|
43
|
+
env:
|
44
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
45
|
+
|
46
|
+
- name: Obtain OTP to publish newrelic_security to rubygems.org
|
47
|
+
run: echo "RUBYGEMS_OTP=$(python ./.github/workflows/scripts/rubygems-authenticate.py RUBYGEMS_MFA_KEY)" >> $GITHUB_ENV
|
48
|
+
|
49
|
+
- name: Publish newrelic_security to rubygems.org
|
50
|
+
run: ruby ./.github/workflows/scripts/rubygems-publish.rb newrelic_security
|
51
|
+
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# NOTE: This file should always be named `repolinter.yml` to allow
|
2
|
+
# workflow_dispatch to work properly
|
3
|
+
name: Repolinter Action
|
4
|
+
|
5
|
+
# NOTE: This workflow will ONLY check the default branch!
|
6
|
+
# Currently there is no elegant way to specify the default
|
7
|
+
# branch in the event filtering, so branches are instead
|
8
|
+
# filtered in the "Test Default Branch" step.
|
9
|
+
on: [push, workflow_dispatch]
|
10
|
+
|
11
|
+
jobs:
|
12
|
+
repolint:
|
13
|
+
name: Run Repolinter
|
14
|
+
runs-on: ubuntu-latest
|
15
|
+
steps:
|
16
|
+
- name: Test Default Branch
|
17
|
+
id: default-branch
|
18
|
+
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # tag v7.0.1
|
19
|
+
with:
|
20
|
+
script: |
|
21
|
+
const data = await github.rest.repos.get(context.repo)
|
22
|
+
return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0]
|
23
|
+
- name: Checkout Self
|
24
|
+
if: ${{ steps.default-branch.outputs.result == 'true' }}
|
25
|
+
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # tag v4.1.2
|
26
|
+
- name: Run Repolinter
|
27
|
+
if: ${{ steps.default-branch.outputs.result == 'true' }}
|
28
|
+
uses: newrelic/repolinter-action@3f4448f855c351e9695b24524a4111c7847b84cb # tag v1.7.0
|
29
|
+
with:
|
30
|
+
config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-project.yml
|
31
|
+
output_type: issue
|
@@ -0,0 +1,17 @@
|
|
1
|
+
name: PR Rubocop
|
2
|
+
on:
|
3
|
+
pull_request:
|
4
|
+
workflow_dispatch:
|
5
|
+
|
6
|
+
jobs:
|
7
|
+
run_rubocop:
|
8
|
+
runs-on: ubuntu-22.04
|
9
|
+
steps:
|
10
|
+
- name: Configure git
|
11
|
+
run: 'git config --global init.defaultBranch main'
|
12
|
+
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # tag v4.1.2
|
13
|
+
- uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # tag v1.176.0
|
14
|
+
with:
|
15
|
+
ruby-version: '3.3'
|
16
|
+
- run: bundle
|
17
|
+
- run: rubocop
|
@@ -0,0 +1,13 @@
|
|
1
|
+
import os
|
2
|
+
|
3
|
+
import argparse
|
4
|
+
import onetimepass
|
5
|
+
|
6
|
+
if __name__ == '__main__':
|
7
|
+
|
8
|
+
parser = argparse.ArgumentParser(
|
9
|
+
description='Generate a one-time password from a key'
|
10
|
+
)
|
11
|
+
parser.add_argument('env_var', type=str, help='The name of the environment variable from which to load the MFA key from the service')
|
12
|
+
args = parser.parse_args()
|
13
|
+
print(onetimepass.get_totp(os.getenv(args.env_var)))
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
gem_name = ARGV[0]
|
3
|
+
raise "gem name sans version must be supplied" if gem_name.to_s == ""
|
4
|
+
|
5
|
+
api_key = ENV["GEM_HOST_API_KEY"]
|
6
|
+
raise "GEM_HOST_API_KEY must be set" if api_key.to_s == ""
|
7
|
+
|
8
|
+
version = ENV["VERSION"]
|
9
|
+
raise "VERSION environment must be set" if version.to_s == ""
|
10
|
+
|
11
|
+
gem_filename = "#{gem_name}-#{version}.gem"
|
12
|
+
raise "#{gem_filename} is missing!" unless File.exist?(gem_filename)
|
13
|
+
|
14
|
+
otp = ENV["RUBYGEMS_OTP"]
|
15
|
+
raise "RUBYGEMS_OTP environment must be set" if otp.to_s == ""
|
16
|
+
|
17
|
+
puts "Publishing the #{gem_filename} file..."
|
18
|
+
cmd = "gem push --otp #{otp} #{gem_filename}"
|
19
|
+
puts "executing: #{cmd}"
|
20
|
+
|
21
|
+
result = `#{cmd}`
|
22
|
+
if $?.to_i.zero?
|
23
|
+
puts "#{gem_filename} successfully pushed to rubygems.org!"
|
24
|
+
else
|
25
|
+
if result.include?('Repushing of gem versions is not allowed')
|
26
|
+
puts "Pushing #{gem_filename} skipped because this version is already published to rubygems.org!"
|
27
|
+
exit 0
|
28
|
+
else
|
29
|
+
puts "#{gem_filename} failed to push to rubygems.org!"
|
30
|
+
puts result
|
31
|
+
exit 1
|
32
|
+
end
|
33
|
+
end
|
data/.gitignore
ADDED
@@ -0,0 +1,72 @@
|
|
1
|
+
*.gem
|
2
|
+
*.rbc
|
3
|
+
/.config
|
4
|
+
/coverage/
|
5
|
+
/InstalledFiles
|
6
|
+
/pkg/
|
7
|
+
/spec/reports/
|
8
|
+
/spec/examples.txt
|
9
|
+
/test/tmp/
|
10
|
+
/test/version_tmp/
|
11
|
+
/tmp/
|
12
|
+
**/.DS_Store
|
13
|
+
|
14
|
+
# Used by dotenv library to load environment variables.
|
15
|
+
# .env
|
16
|
+
|
17
|
+
# Ignore Byebug command history file.
|
18
|
+
.byebug_history
|
19
|
+
|
20
|
+
## Specific to RubyMotion:
|
21
|
+
.dat*
|
22
|
+
.repl_history
|
23
|
+
build/
|
24
|
+
*.bridgesupport
|
25
|
+
build-iPhoneOS/
|
26
|
+
build-iPhoneSimulator/
|
27
|
+
|
28
|
+
## Specific to RubyMotion (use of CocoaPods):
|
29
|
+
#
|
30
|
+
# We recommend against adding the Pods directory to your .gitignore. However
|
31
|
+
# you should judge for yourself, the pros and cons are mentioned at:
|
32
|
+
# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
|
33
|
+
#
|
34
|
+
# vendor/Pods/
|
35
|
+
|
36
|
+
## Documentation cache and generated files:
|
37
|
+
/.yardoc/
|
38
|
+
/_yardoc/
|
39
|
+
/doc/
|
40
|
+
/rdoc/
|
41
|
+
|
42
|
+
## Environment normalization:
|
43
|
+
/.bundle/
|
44
|
+
/vendor/bundle
|
45
|
+
/lib/bundler/man/
|
46
|
+
|
47
|
+
# for a library or gem, you might want to ignore these files since the code is
|
48
|
+
# intended to run in multiple environments; otherwise, check them in:
|
49
|
+
# Gemfile.lock
|
50
|
+
.ruby-version
|
51
|
+
# .ruby-gemset
|
52
|
+
|
53
|
+
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
54
|
+
.rvmrc
|
55
|
+
|
56
|
+
# Used by RuboCop. Remote config files pulled in from inherit_from directive.
|
57
|
+
# .rubocop-https?--*
|
58
|
+
.vscode/settings.json
|
59
|
+
|
60
|
+
# only the gemspec gets checked in, ignore machine/developer specific lock files
|
61
|
+
Gemfile.lock
|
62
|
+
|
63
|
+
# bundle the test gems on each machine
|
64
|
+
Gemfile_test.lock
|
65
|
+
|
66
|
+
# don't commit the home dir
|
67
|
+
nr-security-home/
|
68
|
+
|
69
|
+
# temp files
|
70
|
+
test/resources/tmp.txt
|
71
|
+
**/test.db
|
72
|
+
**/log/
|