owasp-pipeline 0.8.6 → 0.8.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/pipeline.rb +17 -1
- data/lib/pipeline/options.rb +4 -0
- data/lib/pipeline/reporters.rb +2 -2
- data/lib/pipeline/tasks/bundle-audit.rb +1 -1
- data/lib/pipeline/tasks/findsecbugs.rb +3 -3
- data/lib/pipeline/tasks/npm.rb +2 -2
- data/lib/pipeline/tasks/nsp.rb +2 -1
- data/lib/pipeline/tasks/pmd.rb +1 -1
- data/lib/pipeline/tasks/retirejs.rb +6 -3
- data/lib/pipeline/util.rb +10 -13
- data/lib/pipeline/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 98d9b83c7bf2a41446cb2cae6ec1af341d92a3d0
|
4
|
+
data.tar.gz: db61e28ed85f2d35b6d6ec1aa707d22ee080d6c9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 355dfc5f3fb2932485dc3a8a5565ce868a3db3e2cd1a361158b13e4378da0c8e47e2f2fd611fa712113361829987ec66c49f258103da3921a61677d181a93aea
|
7
|
+
data.tar.gz: 03185283ea2a3151c2b4311091663ac4f806bdca2f08192264155487100c8c39734db9b4e264d29da38724e4cfbd924d4ef736e29216228114cfc0dbb5aec597
|
data/lib/pipeline.rb
CHANGED
@@ -34,7 +34,19 @@ module Pipeline
|
|
34
34
|
options[:report_progress] = false
|
35
35
|
end
|
36
36
|
|
37
|
-
|
37
|
+
unless options[:logfile].nil?
|
38
|
+
if options[:logfile].is_a? File
|
39
|
+
$logfile = options[:logfile]
|
40
|
+
else
|
41
|
+
$logfile = File.open(options[:logfile], 'a')
|
42
|
+
end
|
43
|
+
|
44
|
+
begin
|
45
|
+
scan options
|
46
|
+
ensure
|
47
|
+
$logfile.close unless options[:logfile].is_a? File
|
48
|
+
end
|
49
|
+
end
|
38
50
|
end
|
39
51
|
|
40
52
|
#Sets up options for run, checks given application path
|
@@ -262,18 +274,22 @@ module Pipeline
|
|
262
274
|
|
263
275
|
def self.error message
|
264
276
|
$stderr.puts message
|
277
|
+
$logfile.puts "[#{Time.now}] #{message}" if $logfile
|
265
278
|
end
|
266
279
|
|
267
280
|
def self.warn message
|
268
281
|
$stderr.puts message unless @quiet
|
282
|
+
$logfile.puts "[#{Time.now}] #{message}" if $logfile
|
269
283
|
end
|
270
284
|
|
271
285
|
def self.notify message
|
272
286
|
$stderr.puts message #unless @debug
|
287
|
+
$logfile.puts "[#{Time.now}] #{message}" if $logfile
|
273
288
|
end
|
274
289
|
|
275
290
|
def self.debug message
|
276
291
|
$stderr.puts message if @debug
|
292
|
+
$logfile.puts "[#{Time.now}] #{message}" if $logfile
|
277
293
|
end
|
278
294
|
|
279
295
|
def self.load_pipeline_dependency name
|
data/lib/pipeline/options.rb
CHANGED
@@ -140,6 +140,10 @@ module Pipeline::Options
|
|
140
140
|
options[:summary_only] = true
|
141
141
|
end
|
142
142
|
|
143
|
+
opts.on "-L LOGFILE", "--logfile LOGFILE", "Write full pipeline log to LOGFILE" do |file|
|
144
|
+
options[:logfile] = file
|
145
|
+
end
|
146
|
+
|
143
147
|
opts.separator ""
|
144
148
|
opts.separator "JIRA options:"
|
145
149
|
|
data/lib/pipeline/reporters.rb
CHANGED
@@ -25,14 +25,14 @@ class Pipeline::Reporters
|
|
25
25
|
#Returns a new instance of tasks with the results.
|
26
26
|
def self.run_report(tracker)
|
27
27
|
@reporters.each do |c|
|
28
|
-
reporter = c.new()
|
28
|
+
reporter = c.new()
|
29
29
|
if tracker.options[:output_format].first == reporter.format
|
30
30
|
begin
|
31
31
|
output = reporter.run_report(tracker)
|
32
32
|
if tracker.options[:output_file]
|
33
33
|
file = File.open(tracker.options[:output_file], 'w'){ |f| f.write(output)}
|
34
34
|
else
|
35
|
-
Pipeline.notify output
|
35
|
+
Pipeline.notify output unless tracker.options[:quiet]
|
36
36
|
end
|
37
37
|
rescue => e
|
38
38
|
Pipeline.error e.message
|
@@ -36,7 +36,7 @@ class Pipeline::BundleAudit < Pipeline::BaseTask
|
|
36
36
|
end
|
37
37
|
|
38
38
|
def supported?
|
39
|
-
supported=runsystem(
|
39
|
+
supported=runsystem(false, "bundle-audit", "update")
|
40
40
|
if supported =~ /command not found/
|
41
41
|
Pipeline.notify "Run: gem install bundler-audit"
|
42
42
|
return false
|
@@ -24,9 +24,9 @@ class Pipeline::FindSecurityBugs < Pipeline::BaseTask
|
|
24
24
|
|
25
25
|
unless File.exist?("#{@trigger.path}/.git/config")
|
26
26
|
Dir.chdir(@trigger.path) do
|
27
|
-
|
28
|
-
|
29
|
-
|
27
|
+
runsystem(true, "git", "init")
|
28
|
+
runsystem(true, "git", "add", "*")
|
29
|
+
runsystem(true, "git", "commit", "-am", "fake commit for mvn compile")
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
data/lib/pipeline/tasks/npm.rb
CHANGED
@@ -28,8 +28,8 @@ class Pipeline::Npm < Pipeline::BaseTask
|
|
28
28
|
else
|
29
29
|
registry = nil
|
30
30
|
end
|
31
|
-
@command = "npm install --ignore-scripts #{registry}"
|
32
|
-
@results <<
|
31
|
+
@command = "npm install -q --ignore-scripts #{registry}"
|
32
|
+
@results << runsystem(true, @command)
|
33
33
|
end
|
34
34
|
end
|
35
35
|
end
|
data/lib/pipeline/tasks/nsp.rb
CHANGED
@@ -21,7 +21,8 @@ class Pipeline::NodeSecurityProject < Pipeline::BaseTask
|
|
21
21
|
directories_with?('package.json', exclude_dirs).each do |dir|
|
22
22
|
Pipeline.notify "#{@name} scanning: #{dir}"
|
23
23
|
Dir.chdir(dir) do
|
24
|
-
|
24
|
+
res = runsystem(true, "nsp", "check", "--output", "json")
|
25
|
+
@results << JSON.parse(res)
|
25
26
|
end
|
26
27
|
end
|
27
28
|
end
|
data/lib/pipeline/tasks/pmd.rb
CHANGED
@@ -19,7 +19,7 @@ class Pipeline::PMD < Pipeline::BaseTask
|
|
19
19
|
def run
|
20
20
|
@tracker.options[:pmd_checks] ||= "java-basic,java-sunsecure"
|
21
21
|
Dir.chdir @tracker.options[:pmd_path] do
|
22
|
-
@results = Nokogiri::XML(
|
22
|
+
@results = Nokogiri::XML(runsystem(true,'bin/run.sh', 'pmd', '-d', "#{@trigger.path}", '-f', 'xml', '-R', "#{@tracker.options[:pmd_checks]}")).xpath('//file')
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
@@ -24,19 +24,22 @@ class Pipeline::RetireJS < Pipeline::BaseTask
|
|
24
24
|
exclude_dirs = exclude_dirs.concat(@tracker.options[:exclude_dirs]).uniq if @tracker.options[:exclude_dirs]
|
25
25
|
directories_with?('package.json', exclude_dirs).each do |dir|
|
26
26
|
Pipeline.notify "#{@name} scanning: #{dir}"
|
27
|
-
@results <<
|
27
|
+
@results << runsystem(false, 'retire', '-c', '--outputformat', 'json', '--path', "#{dir}")
|
28
28
|
end
|
29
29
|
end
|
30
30
|
|
31
31
|
def analyze
|
32
32
|
begin
|
33
33
|
@results.each do |result|
|
34
|
-
|
34
|
+
parsed_json = JSON.parse(result)
|
35
|
+
vulnerabilities = parse_retire_json(parsed_json) if parsed_json
|
35
36
|
|
36
37
|
vulnerabilities.each do |vuln|
|
37
38
|
report "Package #{vuln[:package]} has known security issues", vuln[:detail], vuln[:source], vuln[:severity], fingerprint("#{vuln[:package]}#{vuln[:source]}#{vuln[:severity]}")
|
38
39
|
end
|
39
40
|
end
|
41
|
+
rescue JSON::ParserError => e
|
42
|
+
Pipeline.debug e.message
|
40
43
|
rescue Exception => e
|
41
44
|
Pipeline.warn e.message
|
42
45
|
Pipeline.warn e.backtrace
|
@@ -92,7 +95,7 @@ class Pipeline::RetireJS < Pipeline::BaseTask
|
|
92
95
|
end
|
93
96
|
|
94
97
|
def supported?
|
95
|
-
supported=runsystem(
|
98
|
+
supported=runsystem(false, "retire", "--help")
|
96
99
|
if supported =~ /command not found/
|
97
100
|
Pipeline.notify "Install RetireJS"
|
98
101
|
return false
|
data/lib/pipeline/util.rb
CHANGED
@@ -1,25 +1,22 @@
|
|
1
1
|
require 'open3'
|
2
2
|
require 'pathname'
|
3
3
|
require 'digest'
|
4
|
+
require 'pry'
|
4
5
|
|
5
6
|
module Pipeline::Util
|
6
7
|
|
7
|
-
def runsystem(report
|
8
|
+
def runsystem(report, *splat)
|
8
9
|
Open3.popen3(*splat) do |stdin, stdout, stderr, wait_thr|
|
9
|
-
#puts *splat
|
10
|
-
pid = wait_thr.pid
|
11
|
-
res = stdout.read
|
12
|
-
error = stderr.read
|
13
|
-
exit = wait_thr.value
|
14
10
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
11
|
+
Thread.new do
|
12
|
+
if $logfile and report
|
13
|
+
while line = stderr.gets do
|
14
|
+
$logfile.puts line
|
15
|
+
end
|
16
|
+
end
|
21
17
|
end
|
22
|
-
|
18
|
+
|
19
|
+
return stdout.read.chomp
|
23
20
|
end
|
24
21
|
end
|
25
22
|
|
data/lib/pipeline/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: owasp-pipeline
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Matt Konda
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2016-
|
13
|
+
date: 2016-06-02 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: terminal-table
|