sastbox_sdk 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9b33ef5c1d3c97a2991c9dcb76b13a3c414df8f545ff3f085b3ebed0f9d7f496
-  data.tar.gz: d4c5e354f401f469062f5310cd449980b8e1394bf26931696d0a0e2cf053c9f4
+  metadata.gz: e0ae8320863a0187e3236895eed8f2a0a82175ac7cf7e7f9f9cde6e397817576
+  data.tar.gz: d3650fecd3a1ba3c5edee1f8512c2179b7d90809e4fde48614cbf97b2a46a38c
 SHA512:
-  metadata.gz: 8784202c7700c39863d9bd94a7d59cac86a16d6a6ebcdba1574f148ed909520743c48c431abb8d9f3fac0eda27dc67a42aeffa3d93653940e1a04939289b3a59
-  data.tar.gz: 94c3e307ce99bd94c381db15f6c278dd816f638c4a9cdbf37962777289535b38d7b0abef9a803feb1af2a59ce18b9dc5b6b734493b9057bb46ea184c5359fc0d
+  metadata.gz: 328720b6e1635ef12fbcb9a9216ae1885f44c0235ea5ff57dd1f5a61d61c143fb9d329106b8c9ddf973906a060d5a5c5a2a0a388647d9d05ca2062fd26b4e00b
+  data.tar.gz: 3437d3de2e982b5619b65ea16612c5a1e5241dace1fcb7a87b768dd118a15c0e31d5b10ff52dbd70e9a2f0b74c13f89fb50937f284291035d010e871d6c11037

data/README.md

@@ -0,0 +1,32 @@
+<p align="center">
+  <h3 align="center">SASTBox SDK</h3>
+  <p align="center">SDK to construct SAST scanners</p>
+  <p align="center">
+    <a href="https://github.com/convisoappsec/sastbox-sdk/blob/master/LICENSE.md">
+      <img src="https://img.shields.io/badge/license-MIT-blue.svg">
+    </a>
+    <a href="https://github.com/convisoappsec/sastbox-sdk/releases">
+      <img src="https://img.shields.io/badge/version-0.0.1-blue.svg">
+    </a>
+  </p>
+</p>
+
+---
+
+### Summary
+
+If you dont have expirience developemnt your own gems: https://guides.rubygems.org/make-your-own-gem/#your-first-gem
+
+
+Public GEM: https://rubygems.org/gems/sastbox_sdk
+
+
+```
+bundle install
+```
+
+---
+
+### References
+
+1. https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry

data/lib/sastbox-sdk/codebase.rb

@@ -2,8 +2,4 @@ module SastBox
   module Codebase
 
   end
-end
-
-
-
-
+end

data/lib/sastbox-sdk/printer.rb

@@ -79,7 +79,6 @@ module SastBox
     end
 
     def self.included(base)
-      #base.instance_variable_set(:@color, true)
     end
 
   end

data/lib/sastbox-sdk/reporter_sarif.rb

@@ -92,7 +92,7 @@ module SastBox
             }
           }],
           partialFingerprints: {
-            hashIssueV1:      issue[:hash_issue],       # compatible with sastbox v1
+            hashIssueV1:      issue[:hash_issue],   
             hashIssueV2:      issue[:hash_issue_v2],
             snippetHashLine:  snippet[:evidence_line][:hash],
             snippetHashFull:  snippet[:evidence_full][:hash]
@@ -109,4 +109,3 @@ module SastBox
     end
   end
 end
-

data/lib/sastbox-sdk/runner.rb

@@ -2,8 +2,7 @@ require 'timeout'
 
 module SastBox
   module Runner
-
-    # TODO: find a better way to do this
+    
     def command?(name)
       `which #{name}`
       $?.success?
@@ -23,7 +22,6 @@ module SastBox
       out_reader = ''
       err_reader = ''
       Open3.popen3(*cmd) do |stdin, stdout, stderr, wait_thr|
-        # https://stackoverflow.com/questions/8952043/how-to-fix-hanging-popen3-in-ruby
         stdin.close_write
         output, pid = [], wait_thr.pid
         begin
@@ -35,7 +33,6 @@ module SastBox
 
             out_reader = stdout.read
 
-            #output = [stdout.read, stderr.read]
             Process.wait(pid)
           end
         rescue Errno::ECHILD
@@ -49,7 +46,3 @@ module SastBox
     end
   end
 end
-
-
-
-

data/lib/sastbox-sdk/scanner.rb

@@ -32,9 +32,9 @@ module SastBox
       }
     end
 
-    def add_hash_issue_v1(issue) # compatibility with sastbox v1
+    def add_hash_issue_v1(issue) 
       issue[:hash_issue] = ''
-      return if got_line_range?(issue) # hash v1 not needed for scanners which report start/end line
+      return if got_line_range?(issue)
 
       scanner_name = @name_alias
       short_filename = issue[:filename].sub(@opts.codebase, '')
@@ -79,7 +79,7 @@ module SastBox
     def skip_issue?(issue)
       return true if issue[:filename].include?('/.git/')
       return true if issue[:snippet][:read_success] == false
-      return false # valid issue
+      return false 
     end
 
     def validate_opts
@@ -105,7 +105,6 @@ module SastBox
 
       print_title("Running #{@name}")
       run
-      #finish_scan
     end
 
     def finish_scan
@@ -149,4 +148,3 @@ module SastBox
 
   end
 end
-

data/lib/sastbox-sdk/severity_calculator.rb

@@ -76,7 +76,3 @@ module SastBox
     end
   end
 end
-
-
-
-

data/lib/sastbox-sdk/snippet.rb

@@ -4,7 +4,6 @@ module SastBox
   module Snippet
 
     def filename_relative(filename)
-      #filename.sub(@opts.codebase, '') if filename.start_with?(@opts.codebase)
       filename_path = File.expand_path(filename)
       codebase_path = File.expand_path(@opts.codebase)
 
@@ -13,7 +12,6 @@ module SastBox
         filename_path = filename_path[1..-1] if filename_path.start_with?('/')
         return filename_path
       else
-        #print_warning("Filename outside codebase => #{filename_path}")
         return nil
       end
     end
@@ -52,8 +50,6 @@ module SastBox
           snippet[:evidence_full][:content] << lines[pos - 1].force_encoding('ISO-8859-1').encode('UTF-8')
         end
         snippet_calculate_hashes(snippet)
-        #snippet[:evidence_line][:hash] = Digest::SHA256.hexdigest(snippet[:evidence_line][:content])
-        #snippet[:evidence_full][:hash] = Digest::SHA256.hexdigest(snippet[:evidence_full][:content])
       end
 
       snippet

data/lib/sastbox-sdk.rb

@@ -18,9 +18,7 @@ require_relative 'sastbox-sdk/runner'
 require_relative 'sastbox-sdk/severity_calculator'
 require_relative 'sastbox-sdk/scanner'
 
-
 module SastBox
   VERSION = '2.0.0'
   SDK_VERSION = '0.0.1'
 end
-

data/spec/sastbox-sdk/runner_spec.rb

@@ -26,7 +26,7 @@ RSpec.describe 'Runner' do
 
   before do
     scanner.parse_opts([])
-    scanner_timeout_60_sec.parse_opts(['-t', '1']) # 60 secs
+    scanner_timeout_60_sec.parse_opts(['-t', '1']) 
 
     Thread.report_on_exception = false
   end

data/spec/sastbox-sdk_spec.rb

@@ -5,4 +5,3 @@ require_relative '../lib/sastbox-sdk'
 RSpec.describe 'Sastbox-sdk' do
 
 end
-

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sastbox_sdk
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
-- rd
-autorequire: 
+- Conviso Engineering Team
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-10-28 00:00:00.000000000 Z
+date: 2023-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colored
@@ -30,16 +30,16 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.0
+        version: 2.6.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.0
+        version: 2.6.3
 description: SDK to construct SAST scanners
-email: rd@convisoappsec.com
+email: product-development@convisoappsec.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -74,7 +74,7 @@ homepage: ''
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -89,8 +89,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.4.22
+signing_key:
 specification_version: 4
 summary: SastBox SDK
 test_files: []