omamori 0.1.0

data/lib/omamori/report_generator/report_template.erb

@@ -0,0 +1,104 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Omamori Security Report</title>
+<style>
+  body { font-family: sans-serif; line-height: 1.6; margin: 20px; }
+  h1 { color: #333; }
+  .risk { border: 1px solid #ccc; padding: 15px; margin-bottom: 15px; border-radius: 5px; }
+  .risk h2 { margin-top: 0; }
+  .severity-critical { color: red; font-weight: bold; }
+  .severity-high { color: red; font-weight: bold; }
+  .severity-medium { color: orange; }
+  .severity-low { color: blue; }
+  .severity-info { color: green; }
+  pre { background-color: #f4f4f4; padding: 10px; overflow-x: auto; }
+</style>
+</head>
+<body>
+  <h1>Omamori Security Report</h1>
+
+  <h2>AI Analysis Results</h2>
+  <% if @ai_risks.empty? %>
+    <p>No AI-detected security risks.</p>
+  <% else %>
+    <% @ai_risks.each do |risk| %>
+      <div class="risk">
+        <h3 class="severity-<%= risk['severity'].downcase %>"><%= risk['type'] %></h3>
+        <p><strong>Severity:</strong> <span class="severity-<%= risk['severity'].downcase %>"><%= risk['severity'] %></span></p>
+        <p><strong>Location:</strong> <%= risk['location'] %></p>
+        <p><strong>Details:</strong> <%= risk['details'] %></p>
+        <p><strong>Code Snippet:</strong></p>
+        <pre><%= risk['code_snippet'] %></pre>
+      </div>
+    <% end %>
+  <% end %>
+
+  <h2>Static Analysis Results</h2>
+  <% if @static_results.empty? %>
+    <p>No static analysis results available.</p>
+  <% else %>
+    <h3>Brakeman</h3>
+    <% brakeman_result = @static_results['brakeman'] %>
+    <% if brakeman_result && brakeman_result['warnings'] && !brakeman_result['warnings'].empty? %>
+      <% brakeman_result['warnings'].each do |warning| %>
+        <div class="risk">
+          <h4 class="severity-<%= warning['confidence'].downcase %>">Brakeman Warning: <%= warning['warning_type'] %></h4>
+          <p><strong>Confidence:</strong> <span class="severity-<%= warning['confidence'].downcase %>"><%= warning['confidence'] %></span></p>
+          <p><strong>Message:</strong> <%= warning['message'] %></p>
+          <p><strong>File:</strong> <%= warning['file'] %></p>
+          <p><strong>Line:</strong> <%= warning['line'] %></p>
+          <p><strong>Code:</strong> <%= warning['code'] %></p>
+          <p><strong>Link:</strong> <a href="<%= warning['link'] %>" target="_blank"><%= warning['link'] %></a></p>
+        </div>
+      <% end %>
+    <% else %>
+      <p>No Brakeman warnings found.</p>
+    <% end %>
+
+    <h3>Bundler-Audit</h3>
+    <% bundler_audit_result = @static_results['bundler_audit'] %>
+    <% if bundler_audit_result && bundler_audit_result['scan'] %>
+      <% scan_results = bundler_audit_result['scan'] %>
+      <% if scan_results['vulnerabilities'] && !scan_results['vulnerabilities'].empty? %>
+        <h4>Vulnerabilities</h4>
+        <ul>
+          <% scan_results['vulnerabilities'].each do |vulnerability| %>
+            <li>
+              <strong>ID:</strong> <span class="severity-<%= vulnerability['criticality'].downcase %>"><%= vulnerability['id'] %></span><br>
+              <strong>Gem:</strong> <%= vulnerability['gem'] %><br>
+              <strong>Title:</strong> <%= vulnerability['title'] %><br>
+              <strong>URL:</strong> <a href="<%= vulnerability['url'] %>" target="_blank"><%= vulnerability['url'] %></a><br>
+              <strong>Criticality:</strong> <span class="severity-<%= vulnerability['criticality'].downcase %>"><%= vulnerability['criticality'] %></span><br>
+              <strong>Description:</strong> <%= vulnerability['description'] %><br>
+              <strong>Introduced In:</strong> <%= vulnerability['introduced_in'] %><br>
+              <strong>Patched Versions:</strong> <%= vulnerability['patched_versions'].join(', ') %><br>
+              <strong>Advisory Date:</strong> <%= vulnerability['advisory_date'] %>
+            </li>
+          <% end %>
+        </ul>
+      <% else %>
+        <p>No vulnerabilities found.</p>
+      <% end %>
+
+      <% if scan_results['unpatched_gems'] && !scan_results['unpatched_gems'].empty? %>
+        <h4>Unpatched Gems</h4>
+        <ul>
+          <% scan_results['unpatched_gems'].each do |gem| %>
+            <li>
+              <strong>Name:</strong> <%= gem['name'] %><br>
+              <strong>Version:</strong> <%= gem['version'] %>
+            </li>
+          <% end %>
+        </ul>
+      <% else %>
+        <p>No unpatched gems found.</p>
+      <% end %>
+
+    <% else %>
+      <p>Bundler-Audit results not available or in unexpected format.</p>
+    <% end %>
+  <% end %>
+
+</body>
+</html>

data/lib/omamori/static_analysers/brakeman_runner.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Omamori
+  module StaticAnalysers
+    class BrakemanRunner
+      def initialize(options = {})
+        @options = options
+      end
+
+      def run
+        puts "Running Brakeman..."
+        # Determine Brakeman command based on options
+        # Use --force to run scan even if it's not a Rails application
+        # Use -f json for JSON output
+        # Include options passed during initialization
+        # Convert options hash to command line arguments string
+        options_string = @options.map do |key, value|
+          if value.is_a?(TrueClass)
+            key.to_s
+          elsif value.is_a?(FalseClass)
+            "" # Don't include false flags
+          else
+            "#{key} #{value}"
+          end
+        end.join(" ").strip
+
+        brakeman_command = "brakeman -f json . --force #{options_string}".strip # strip again in case options_string is empty
+
+        begin
+          # Execute the Brakeman command and capture output
+          brakeman_output = `#{brakeman_command}`
+
+          # Parse the JSON output
+          # Note: JSON.parse is called here. If the test expects it to be called only once,
+          # the test setup might be causing it to be called multiple times or the mock is misconfigured.
+          JSON.parse(brakeman_output)
+        rescue Errno::ENOENT
+          puts "Error: Brakeman command not found. Is Brakeman installed?"
+          nil
+        rescue JSON::ParserError
+          puts "Error: Failed to parse Brakeman JSON output."
+          puts "Raw output:\n#{brakeman_output}"
+          nil
+        rescue => e
+          puts "An error occurred during Brakeman execution: #{e.message}"
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/omamori/static_analysers/bundler_audit_runner.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'json' # Bundler-Audit can output JSON
+
+module Omamori
+  module StaticAnalysers
+    class BundlerAuditRunner
+      def initialize(options = {})
+        @options = options
+      end
+
+      def run
+        # TODO: Determine Bundler-Audit command based on options
+        # Example: bundle audit --format json
+        # Include options passed during initialization
+        # Build options string from the options hash
+        options_string = @options.map { |key, value| "--#{key.to_s.gsub('_', '-')}" + (value == true ? "" : " #{value}") }.join(" ")
+        bundler_audit_command = "bundle audit --format json#{options_string.empty? ? '' : " #{options_string}"}"
+
+        begin
+          # Execute the Bundler-Audit command and capture output
+          # Note: bundle audit exits with non-zero status if vulnerabilities are found
+          # We need to capture stdout and stderr regardless of exit status
+          bundler_audit_output = `#{bundler_audit_command} 2>&1`
+
+          # Parse the JSON output
+          # Bundler-Audit JSON output structure might vary, need to confirm
+          # Assuming it returns a JSON object with vulnerability information
+          parsed_output = JSON.parse(bundler_audit_output)
+          # Validate the parsed output structure
+          if parsed_output.is_a?(Hash) && parsed_output.key?('results')
+            # Return the entire parsed output hash
+            parsed_output
+          else
+            puts "Error: Unexpected Bundler-Audit JSON output structure."
+            puts "Raw output:\n#{bundler_audit_output}"
+            nil # Return nil if the structure is unexpected
+          end
+        rescue Errno::ENOENT
+          puts "Error: bundle command not found. Is Bundler installed?"
+          nil
+        rescue JSON::ParserError
+          puts "Error: Failed to parse Bundler-Audit JSON output."
+          puts "Raw output:\n#{bundler_audit_output}"
+          nil
+        rescue => e
+          puts "An error occurred during Bundler-Audit execution: #{e.message}"
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/omamori/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Omamori
+  VERSION = "0.1.0"
+end

data/lib/omamori.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require_relative "omamori/version"
+require_relative "omamori/core_runner"
+require_relative "omamori/ai_analysis_engine/gemini_client"
+require_relative "omamori/ai_analysis_engine/prompt_manager"
+require_relative "omamori/ai_analysis_engine/diff_splitter"
+require_relative "omamori/report_generator/console_formatter"
+require_relative "omamori/report_generator/html_formatter"
+require_relative "omamori/report_generator/json_formatter"
+require_relative "omamori/static_analysers/brakeman_runner"
+require_relative "omamori/static_analysers/bundler_audit_runner"
+
+module Omamori
+  # Your code goes here...
+end

metadata

@@ -0,0 +1,172 @@
+--- !ruby/object:Gem::Specification
+name: omamori
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- rira100000000
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2025-04-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: ruby-gemini-api
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+description: omamori scans Ruby code and diffs using AI (Google Gemini) to detect
+  security vulnerabilities often missed by traditional tools.
+email:
+- 101010hayakawa@gmail
+executables:
+- omamori
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- README_ja.md
+- demo/ai_analysis_vulnerability.rb
+- demo/csrf_vulnerability.rb
+- demo/eval_vulnerability.rb
+- demo/idor_vulnerability.rb
+- demo/insecure_cookie_vulnerability.rb
+- demo/open_redirect_vulnerability.rb
+- demo/static_analysis_vulnerability.rb
+- demo/xss_vulnerability.rb
+- exe/omamori
+- lib/omamori.rb
+- lib/omamori/ai_analysis_engine/diff_splitter.rb
+- lib/omamori/ai_analysis_engine/gemini_client.rb
+- lib/omamori/ai_analysis_engine/prompt_manager.rb
+- lib/omamori/config.rb
+- lib/omamori/core_runner.rb
+- lib/omamori/report_generator/console_formatter.rb
+- lib/omamori/report_generator/html_formatter.rb
+- lib/omamori/report_generator/json_formatter.rb
+- lib/omamori/report_generator/report_template.erb
+- lib/omamori/static_analysers/brakeman_runner.rb
+- lib/omamori/static_analysers/bundler_audit_runner.rb
+- lib/omamori/version.rb
+homepage: https://github.com/rira100000000/omamori
+licenses: []
+metadata:
+  homepage_uri: https://github.com/rira100000000/omamori
+  source_code_uri: https://github.com/rira100000000/omamori
+  changelog_uri: https://github.com/rira100000000/omamori/blob/main/CHANGELOG.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.11
+signing_key: 
+specification_version: 4
+summary: AI-powered security vulnerability scanner for Ruby projects.
+test_files: []