paraxial 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a679f1421bdbb16b511672a5f45ada85ac38811d657a4eebe3c2f25805fa7bc9
-  data.tar.gz: 24fc51622351b5fee13c9108bea3f4276857a73bd87f4ea0f6ca33dcccc4474d
+  metadata.gz: 8fc606825a60ae6e756bf7fda0fb6d3434e88075e8afe0ba1be0ab64c62304af
+  data.tar.gz: 5e4daf86eb7f58a60abe6e3f3497381c9e4e4c70a289a230ec25a72a1427e7ad
 SHA512:
-  metadata.gz: fffaca550500aa79a5df9761f87a493eb94d35461c1e3cdb0d4b03fbfac00bc8289948a051adcab4237a5088f82c34e93b6be5178622096c2378d73773b15fd5
-  data.tar.gz: 1f8b328b62b810db88d7d1f496325d98f4f8fe05a627cf6f371d52ffb6aed5cedb13905b4fa0567014bf36d5a530977e5b2bfccaab5380157acf8b46c551cec5
+  metadata.gz: a8e809b4362e4182f23c1a997fb20dd3c05ec6dea16ae6e41d6f6b276a82334543abb223f5634bb5560dcc725059d7306f50a153ea373368f8be9cdab18eb521
+  data.tar.gz: 1228d5f5ada089b496fe408fb6f4725733966adeb700948947195942ef7a13da8adda0c39e32575ac1d08632f594d72ac6fe374f6d88cca7a3cfd8d6338cb6d1

data/lib/paraxial/cli.rb

@@ -20,13 +20,23 @@ module Paraxial
 
     def scan
       puts "[Paraxial] v#{Paraxial::VERSION} Scan starting..."
-      if check_rubocop_configuration
-        puts '[Paraxial] .rubocop.yml is valid.'
-      else
-        puts '[Paraxial] .rubocop.yml is missing rubocop-erb. To scan embedded Ruby files for security problems, add:'
-        puts '.rubocop.yml'
+
+      case check_rubocop_configuration
+      when :does_not_exist
+        puts '[Paraxial] .paraxial-rubocop.yml does not exist. This file is required for the scan to run, add:'
+        puts '.paraxial-rubocop.yml'
         puts 'require:'
         puts '- rubocop-erb'
+        puts ''
+        exit(1)
+      when :found_no_erb
+        puts '[Paraxial] .paraxial-rubocop.yml is missing rubocop-erb. To scan embedded Ruby files for security problems, add:'
+        puts '.paraxial-rubocop.yml'
+        puts 'require:'
+        puts '- rubocop-erb'
+        puts ''
+      when :found_with_erb
+        puts '[Paraxial] .paraxial-rubocop.yml is valid, .erb files will be scanned.'
       end
 
       if Paraxial::Helpers.get_api_key.nil?
@@ -40,13 +50,14 @@ module Paraxial
         exit_code = options[:exit_code]
 
         cops = 'Paraxial,Security/Eval,Security/IoMethods,Security/JSONLoad,Security/MarshalLoad,Security/Open,Security/YAMLLoad'
+        rubo_config = '--config .paraxial-rubocop.yml'
         if options[:debug_rubocop]
           puts '[Paraxial] rubocop debug enabled'
-          rubocop = `rubocop --require paraxial --only #{cops} --disable-pending-cops --format json 2>/dev/null`
-          debug_rubocop = `rubocop -d --require paraxial --only #{cops} --disable-pending-cops 2>&1`
+          rubocop = `rubocop --require paraxial --only #{cops} --disable-pending-cops --format json #{rubo_config} 2>/dev/null`
+          debug_rubocop = `rubocop --debug --require paraxial --only #{cops} --disable-pending-cops #{rubo_config} 2>&1`
           puts debug_rubocop
         else
-          rubocop = `rubocop --require paraxial --only #{cops} --disable-pending-cops --format json`
+          rubocop = `rubocop --require paraxial --only #{cops} --disable-pending-cops --format json #{rubo_config}`
         end
         lockfile = File.read('./Gemfile.lock')
         api_key = ENV['PARAXIAL_API_KEY']
@@ -56,6 +67,12 @@ module Paraxial
         body = { rubocop: rubocop, lockfile: lockfile, api_key: api_key, timestamp: Paraxial.get_timestamp }
         response = Net::HTTP.post(uri, body.to_json, headers)
         m = JSON.parse(response.body)
+
+        if m['ok'].nil?
+          puts "[Paraxial] Upload failed, check if PARAXIAL_API_KEY is valid"
+          exit(1)
+        end
+
         findings = m['ok']['findings']
         puts
         puts "[Paraxial] Scan count: #{findings.length}"
@@ -114,17 +131,20 @@ module Paraxial
     private
 
     def check_rubocop_configuration
-      rubocop_file = File.join(Dir.pwd, '.rubocop.yml')
+      # return values:
+      # :does_not_exist, :found_no_erb, :found_with_erb
+
+      rubocop_file = File.join(Dir.pwd, '.paraxial-rubocop.yml')
 
-      return false unless File.exist?(rubocop_file)
+      return :does_not_exist unless File.exist?(rubocop_file)
 
       config = YAML.load_file(rubocop_file)
       required_key = 'require'
 
-      if config.is_a?(Hash) && config[required_key].is_a?(Array)
-        config[required_key].include?('rubocop-erb')
+      if config.is_a?(Hash) && config[required_key].is_a?(Array) && config[required_key].include?('rubocop-erb')
+        :found_with_erb
       else
-        false
+        :found_no_erb
       end
     end
   end

data/lib/paraxial/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Paraxial
-  VERSION = '1.0.1'
+  VERSION = '1.1.0'
 end

data/lib/rubocop/cop/paraxial/sql.rb

@@ -86,6 +86,10 @@ module RuboCop
           where
         ].freeze
 
+        def_node_matcher :object_manipulation?, <<~'PATTERN'
+          (send _ _ (send ...)) # Matches object methods (send node within a send)
+        PATTERN
+
         def_node_matcher :non_literal_condition?, <<~'PATTERN'
           (
             send _ _                             # Match `where` and `Model.find_by`
@@ -100,6 +104,8 @@ module RuboCop
         end
 
         def on_send(node)
+          return if object_manipulation?(node)
+
           return unless non_literal_condition?(node)
 
           add_offense(node)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: paraxial
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Michael Lubas
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-10-16 00:00:00.000000000 Z
+date: 2024-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -133,7 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.5.11
 signing_key:
 specification_version: 4
 summary: Paraxial.io Ruby Agent