owasp-pipeline 0.8.3

data/lib/pipeline/tracker.rb

@@ -0,0 +1,47 @@
+require 'json'
+
+class Pipeline::Tracker
+  attr_reader :options
+  attr_reader :warnings
+  attr_reader :errors
+  attr_reader :findings
+
+  # Pass in the options.
+  # Let the Tracker be the one thing that gets passed around
+  # with options and collecting output.
+  def initialize options
+    @options = options
+    @warnings = []
+    @errors = []
+    @findings = []
+  end
+
+  #Process events that
+  def process event
+
+  end
+
+  def error error
+    @errors << error
+  end
+
+  def warn warning
+    @warnings << warning
+  end
+
+  def report finding
+    @findings << finding
+  end  
+
+  def to_json
+    s = "{ \"findings\": [ "
+    @findings.each do |finding|
+      s << finding.to_json
+      s << ","
+    end
+    s = s.slice(0,s.length-1) # One easy way to remove the last ,
+    s << "] }"
+    s
+
+  end
+end

data/lib/pipeline/util.rb

@@ -0,0 +1,39 @@
+require 'open3'
+require 'pathname'
+require 'digest'
+
+module Pipeline::Util
+
+  def runsystem(report,*splat)
+    Open3.popen3(*splat) do |stdin, stdout, stderr, wait_thr|
+      #puts *splat
+      pid   = wait_thr.pid
+      res = stdout.read
+      error = stderr.read
+      exit  = wait_thr.value
+
+      if wait_thr.value != 0 && report
+        # Weird. wait_thr value is non-0 for bundler-audit
+        # but not brakeman. Comment to keep output cleaner...
+        # puts res
+        puts error
+        #puts *splat
+      end
+      return res
+    end
+  end
+
+  def fingerprint text
+    Digest::SHA2.new(256).update(text).to_s
+  end
+
+  def strip_archive_path path, delimeter
+    path.split(delimeter).last.split('/')[1..-1].join('/')
+  end
+
+  def relative_path path, pwd
+    pathname = Pathname.new(path)
+    return path if pathname.relative?
+    pathname.relative_path_from(Pathname.new pwd)
+  end
+end

data/lib/pipeline/version.rb

@@ -0,0 +1,3 @@
+module Pipeline
+  Version = "0.8.3"
+end

metadata

@@ -0,0 +1,205 @@
+--- !ruby/object:Gem::Specification
+name: owasp-pipeline
+version: !ruby/object:Gem::Version
+  version: 0.8.3
+platform: ruby
+authors:
+- Matt Konda
+- Alex Lock
+- Rafa Perez
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-02-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: fastercsv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.20
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.20
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: bundler-audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+- !ruby/object:Gem::Dependency
+  name: brakeman
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.5
+- !ruby/object:Gem::Dependency
+  name: curb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.8
+- !ruby/object:Gem::Dependency
+  name: jsonpath
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.5.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.5.7
+description: Pipeline detects security vulnerabilities in code.
+email: matt.konda@owasp.org
+executables:
+- pipeline
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGES
+- FEATURES
+- README.md
+- bin/pipeline
+- lib/pipeline.rb
+- lib/pipeline/event.rb
+- lib/pipeline/filters.rb
+- lib/pipeline/filters/base_filter.rb
+- lib/pipeline/filters/jira_one_time_filter.rb
+- lib/pipeline/filters/remove_all_filter.rb
+- lib/pipeline/finding.rb
+- lib/pipeline/mounters.rb
+- lib/pipeline/mounters/base_mounter.rb
+- lib/pipeline/mounters/docker_mounter.rb
+- lib/pipeline/mounters/filesystem_mounter.rb
+- lib/pipeline/mounters/git_mounter.rb
+- lib/pipeline/mounters/iso_mounter.rb
+- lib/pipeline/mounters/url_mounter.rb
+- lib/pipeline/options.rb
+- lib/pipeline/reporters.rb
+- lib/pipeline/reporters/base_reporter.rb
+- lib/pipeline/reporters/csv_reporter.rb
+- lib/pipeline/reporters/jira_reporter.rb
+- lib/pipeline/reporters/json_reporter.rb
+- lib/pipeline/reporters/text_reporter.rb
+- lib/pipeline/scanner.rb
+- lib/pipeline/tasks.rb
+- lib/pipeline/tasks/av.rb
+- lib/pipeline/tasks/base_task.rb
+- lib/pipeline/tasks/brakeman.rb
+- lib/pipeline/tasks/bundle-audit.rb
+- lib/pipeline/tasks/checkmarx.rb
+- lib/pipeline/tasks/eslint.rb
+- lib/pipeline/tasks/fim.rb
+- lib/pipeline/tasks/nsp.rb
+- lib/pipeline/tasks/owasp-dep-check.rb
+- lib/pipeline/tasks/patterns.json
+- lib/pipeline/tasks/retirejs.rb
+- lib/pipeline/tasks/scanjs-eslintrc
+- lib/pipeline/tasks/scanjs.rb
+- lib/pipeline/tasks/sfl.rb
+- lib/pipeline/tasks/test.rb
+- lib/pipeline/tasks/zap.rb
+- lib/pipeline/tracker.rb
+- lib/pipeline/util.rb
+- lib/pipeline/version.rb
+- lib/zapjson.json
+homepage: http://github.com/OWASP/pipeline
+licenses:
+- Apache 2
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.7
+signing_key: 
+specification_version: 4
+summary: Security toolchain for software build automation.
+test_files: []