owasp-pipeline 0.8.6 → 0.8.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e0a8269dc146b2c043c1f82f86a181b69e1bf35e
4
- data.tar.gz: e1f15cfe853e2d53b8e894033a9b665f4813ff26
3
+ metadata.gz: 98d9b83c7bf2a41446cb2cae6ec1af341d92a3d0
4
+ data.tar.gz: db61e28ed85f2d35b6d6ec1aa707d22ee080d6c9
5
5
  SHA512:
6
- metadata.gz: c6ff7447583d96ca3b88da5d54f0c85663879017c3e6d4cc4119e5d1969bfd36e356ab5db1e5aaea5bda4df181a95f39f826acac174d72bd53226058b609c741
7
- data.tar.gz: 7d811611176d44b8f9d7c3a7955c049430142907f1fb453771724c102617a6a2b49bb9589e6d40e5ba2b880abe08dca874f0039aaadb7ed169fd5e0032ea21a8
6
+ metadata.gz: 355dfc5f3fb2932485dc3a8a5565ce868a3db3e2cd1a361158b13e4378da0c8e47e2f2fd611fa712113361829987ec66c49f258103da3921a61677d181a93aea
7
+ data.tar.gz: 03185283ea2a3151c2b4311091663ac4f806bdca2f08192264155487100c8c39734db9b4e264d29da38724e4cfbd924d4ef736e29216228114cfc0dbb5aec597
data/lib/pipeline.rb CHANGED
@@ -34,7 +34,19 @@ module Pipeline
34
34
  options[:report_progress] = false
35
35
  end
36
36
 
37
- scan options
37
+ unless options[:logfile].nil?
38
+ if options[:logfile].is_a? File
39
+ $logfile = options[:logfile]
40
+ else
41
+ $logfile = File.open(options[:logfile], 'a')
42
+ end
43
+
44
+ begin
45
+ scan options
46
+ ensure
47
+ $logfile.close unless options[:logfile].is_a? File
48
+ end
49
+ end
38
50
  end
39
51
 
40
52
  #Sets up options for run, checks given application path
@@ -262,18 +274,22 @@ module Pipeline
262
274
 
263
275
  def self.error message
264
276
  $stderr.puts message
277
+ $logfile.puts "[#{Time.now}] #{message}" if $logfile
265
278
  end
266
279
 
267
280
  def self.warn message
268
281
  $stderr.puts message unless @quiet
282
+ $logfile.puts "[#{Time.now}] #{message}" if $logfile
269
283
  end
270
284
 
271
285
  def self.notify message
272
286
  $stderr.puts message #unless @debug
287
+ $logfile.puts "[#{Time.now}] #{message}" if $logfile
273
288
  end
274
289
 
275
290
  def self.debug message
276
291
  $stderr.puts message if @debug
292
+ $logfile.puts "[#{Time.now}] #{message}" if $logfile
277
293
  end
278
294
 
279
295
  def self.load_pipeline_dependency name
@@ -140,6 +140,10 @@ module Pipeline::Options
140
140
  options[:summary_only] = true
141
141
  end
142
142
 
143
+ opts.on "-L LOGFILE", "--logfile LOGFILE", "Write full pipeline log to LOGFILE" do |file|
144
+ options[:logfile] = file
145
+ end
146
+
143
147
  opts.separator ""
144
148
  opts.separator "JIRA options:"
145
149
 
@@ -25,14 +25,14 @@ class Pipeline::Reporters
25
25
  #Returns a new instance of tasks with the results.
26
26
  def self.run_report(tracker)
27
27
  @reporters.each do |c|
28
- reporter = c.new()
28
+ reporter = c.new()
29
29
  if tracker.options[:output_format].first == reporter.format
30
30
  begin
31
31
  output = reporter.run_report(tracker)
32
32
  if tracker.options[:output_file]
33
33
  file = File.open(tracker.options[:output_file], 'w'){ |f| f.write(output)}
34
34
  else
35
- Pipeline.notify output
35
+ Pipeline.notify output unless tracker.options[:quiet]
36
36
  end
37
37
  rescue => e
38
38
  Pipeline.error e.message
@@ -36,7 +36,7 @@ class Pipeline::BundleAudit < Pipeline::BaseTask
36
36
  end
37
37
 
38
38
  def supported?
39
- supported=runsystem(true, "bundle-audit", "update")
39
+ supported=runsystem(false, "bundle-audit", "update")
40
40
  if supported =~ /command not found/
41
41
  Pipeline.notify "Run: gem install bundler-audit"
42
42
  return false
@@ -24,9 +24,9 @@ class Pipeline::FindSecurityBugs < Pipeline::BaseTask
24
24
 
25
25
  unless File.exist?("#{@trigger.path}/.git/config")
26
26
  Dir.chdir(@trigger.path) do
27
- system("git", "init")
28
- system("git", "add", "*")
29
- system("git", "commit", "-am", "fake commit for mvn compile")
27
+ runsystem(true, "git", "init")
28
+ runsystem(true, "git", "add", "*")
29
+ runsystem(true, "git", "commit", "-am", "fake commit for mvn compile")
30
30
  end
31
31
  end
32
32
 
@@ -28,8 +28,8 @@ class Pipeline::Npm < Pipeline::BaseTask
28
28
  else
29
29
  registry = nil
30
30
  end
31
- @command = "npm install --ignore-scripts #{registry}"
32
- @results << system(@command)
31
+ @command = "npm install -q --ignore-scripts #{registry}"
32
+ @results << runsystem(true, @command)
33
33
  end
34
34
  end
35
35
  end
@@ -21,7 +21,8 @@ class Pipeline::NodeSecurityProject < Pipeline::BaseTask
21
21
  directories_with?('package.json', exclude_dirs).each do |dir|
22
22
  Pipeline.notify "#{@name} scanning: #{dir}"
23
23
  Dir.chdir(dir) do
24
- @results << JSON.parse(`nsp check --output json 2>&1`)
24
+ res = runsystem(true, "nsp", "check", "--output", "json")
25
+ @results << JSON.parse(res)
25
26
  end
26
27
  end
27
28
  end
@@ -19,7 +19,7 @@ class Pipeline::PMD < Pipeline::BaseTask
19
19
  def run
20
20
  @tracker.options[:pmd_checks] ||= "java-basic,java-sunsecure"
21
21
  Dir.chdir @tracker.options[:pmd_path] do
22
- @results = Nokogiri::XML(`bin/run.sh pmd -d #{@trigger.path} -f xml -R #{@tracker.options[:pmd_checks]}`).xpath('//file')
22
+ @results = Nokogiri::XML(runsystem(true,'bin/run.sh', 'pmd', '-d', "#{@trigger.path}", '-f', 'xml', '-R', "#{@tracker.options[:pmd_checks]}")).xpath('//file')
23
23
  end
24
24
  end
25
25
 
@@ -24,19 +24,22 @@ class Pipeline::RetireJS < Pipeline::BaseTask
24
24
  exclude_dirs = exclude_dirs.concat(@tracker.options[:exclude_dirs]).uniq if @tracker.options[:exclude_dirs]
25
25
  directories_with?('package.json', exclude_dirs).each do |dir|
26
26
  Pipeline.notify "#{@name} scanning: #{dir}"
27
- @results << `retire -c --outputformat json --path #{dir} 2>&1`
27
+ @results << runsystem(false, 'retire', '-c', '--outputformat', 'json', '--path', "#{dir}")
28
28
  end
29
29
  end
30
30
 
31
31
  def analyze
32
32
  begin
33
33
  @results.each do |result|
34
- vulnerabilities = parse_retire_json(JSON.parse(result))
34
+ parsed_json = JSON.parse(result)
35
+ vulnerabilities = parse_retire_json(parsed_json) if parsed_json
35
36
 
36
37
  vulnerabilities.each do |vuln|
37
38
  report "Package #{vuln[:package]} has known security issues", vuln[:detail], vuln[:source], vuln[:severity], fingerprint("#{vuln[:package]}#{vuln[:source]}#{vuln[:severity]}")
38
39
  end
39
40
  end
41
+ rescue JSON::ParserError => e
42
+ Pipeline.debug e.message
40
43
  rescue Exception => e
41
44
  Pipeline.warn e.message
42
45
  Pipeline.warn e.backtrace
@@ -92,7 +95,7 @@ class Pipeline::RetireJS < Pipeline::BaseTask
92
95
  end
93
96
 
94
97
  def supported?
95
- supported=runsystem(true, "retire", "--help")
98
+ supported=runsystem(false, "retire", "--help")
96
99
  if supported =~ /command not found/
97
100
  Pipeline.notify "Install RetireJS"
98
101
  return false
data/lib/pipeline/util.rb CHANGED
@@ -1,25 +1,22 @@
1
1
  require 'open3'
2
2
  require 'pathname'
3
3
  require 'digest'
4
+ require 'pry'
4
5
 
5
6
  module Pipeline::Util
6
7
 
7
- def runsystem(report,*splat)
8
+ def runsystem(report, *splat)
8
9
  Open3.popen3(*splat) do |stdin, stdout, stderr, wait_thr|
9
- #puts *splat
10
- pid = wait_thr.pid
11
- res = stdout.read
12
- error = stderr.read
13
- exit = wait_thr.value
14
10
 
15
- if wait_thr.value != 0 && report
16
- # Weird. wait_thr value is non-0 for bundler-audit
17
- # but not brakeman. Comment to keep output cleaner...
18
- # puts res
19
- puts error
20
- #puts *splat
11
+ Thread.new do
12
+ if $logfile and report
13
+ while line = stderr.gets do
14
+ $logfile.puts line
15
+ end
16
+ end
21
17
  end
22
- return res
18
+
19
+ return stdout.read.chomp
23
20
  end
24
21
  end
25
22
 
@@ -1,3 +1,3 @@
1
1
  module Pipeline
2
- Version = "0.8.6"
2
+ Version = "0.8.7"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: owasp-pipeline
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.6
4
+ version: 0.8.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matt Konda
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2016-04-20 00:00:00.000000000 Z
13
+ date: 2016-06-02 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: terminal-table