sastbox_sdk 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9b33ef5c1d3c97a2991c9dcb76b13a3c414df8f545ff3f085b3ebed0f9d7f496
4
- data.tar.gz: d4c5e354f401f469062f5310cd449980b8e1394bf26931696d0a0e2cf053c9f4
3
+ metadata.gz: e0ae8320863a0187e3236895eed8f2a0a82175ac7cf7e7f9f9cde6e397817576
4
+ data.tar.gz: d3650fecd3a1ba3c5edee1f8512c2179b7d90809e4fde48614cbf97b2a46a38c
5
5
  SHA512:
6
- metadata.gz: 8784202c7700c39863d9bd94a7d59cac86a16d6a6ebcdba1574f148ed909520743c48c431abb8d9f3fac0eda27dc67a42aeffa3d93653940e1a04939289b3a59
7
- data.tar.gz: 94c3e307ce99bd94c381db15f6c278dd816f638c4a9cdbf37962777289535b38d7b0abef9a803feb1af2a59ce18b9dc5b6b734493b9057bb46ea184c5359fc0d
6
+ metadata.gz: 328720b6e1635ef12fbcb9a9216ae1885f44c0235ea5ff57dd1f5a61d61c143fb9d329106b8c9ddf973906a060d5a5c5a2a0a388647d9d05ca2062fd26b4e00b
7
+ data.tar.gz: 3437d3de2e982b5619b65ea16612c5a1e5241dace1fcb7a87b768dd118a15c0e31d5b10ff52dbd70e9a2f0b74c13f89fb50937f284291035d010e871d6c11037
data/README.md CHANGED
@@ -0,0 +1,32 @@
1
+ <p align="center">
2
+ <h3 align="center">SASTBox SDK</h3>
3
+ <p align="center">SDK to construct SAST scanners</p>
4
+ <p align="center">
5
+ <a href="https://github.com/convisoappsec/sastbox-sdk/blob/master/LICENSE.md">
6
+ <img src="https://img.shields.io/badge/license-MIT-blue.svg">
7
+ </a>
8
+ <a href="https://github.com/convisoappsec/sastbox-sdk/releases">
9
+ <img src="https://img.shields.io/badge/version-0.0.1-blue.svg">
10
+ </a>
11
+ </p>
12
+ </p>
13
+
14
+ ---
15
+
16
+ ### Summary
17
+
18
+ If you dont have expirience developemnt your own gems: https://guides.rubygems.org/make-your-own-gem/#your-first-gem
19
+
20
+
21
+ Public GEM: https://rubygems.org/gems/sastbox_sdk
22
+
23
+
24
+ ```
25
+ bundle install
26
+ ```
27
+
28
+ ---
29
+
30
+ ### References
31
+
32
+ 1. https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry
@@ -2,8 +2,4 @@ module SastBox
2
2
  module Codebase
3
3
 
4
4
  end
5
- end
6
-
7
-
8
-
9
-
5
+ end
@@ -79,7 +79,6 @@ module SastBox
79
79
  end
80
80
 
81
81
  def self.included(base)
82
- #base.instance_variable_set(:@color, true)
83
82
  end
84
83
 
85
84
  end
@@ -92,7 +92,7 @@ module SastBox
92
92
  }
93
93
  }],
94
94
  partialFingerprints: {
95
- hashIssueV1: issue[:hash_issue], # compatible with sastbox v1
95
+ hashIssueV1: issue[:hash_issue],
96
96
  hashIssueV2: issue[:hash_issue_v2],
97
97
  snippetHashLine: snippet[:evidence_line][:hash],
98
98
  snippetHashFull: snippet[:evidence_full][:hash]
@@ -109,4 +109,3 @@ module SastBox
109
109
  end
110
110
  end
111
111
  end
112
-
@@ -2,8 +2,7 @@ require 'timeout'
2
2
 
3
3
  module SastBox
4
4
  module Runner
5
-
6
- # TODO: find a better way to do this
5
+
7
6
  def command?(name)
8
7
  `which #{name}`
9
8
  $?.success?
@@ -23,7 +22,6 @@ module SastBox
23
22
  out_reader = ''
24
23
  err_reader = ''
25
24
  Open3.popen3(*cmd) do |stdin, stdout, stderr, wait_thr|
26
- # https://stackoverflow.com/questions/8952043/how-to-fix-hanging-popen3-in-ruby
27
25
  stdin.close_write
28
26
  output, pid = [], wait_thr.pid
29
27
  begin
@@ -35,7 +33,6 @@ module SastBox
35
33
 
36
34
  out_reader = stdout.read
37
35
 
38
- #output = [stdout.read, stderr.read]
39
36
  Process.wait(pid)
40
37
  end
41
38
  rescue Errno::ECHILD
@@ -49,7 +46,3 @@ module SastBox
49
46
  end
50
47
  end
51
48
  end
52
-
53
-
54
-
55
-
@@ -32,9 +32,9 @@ module SastBox
32
32
  }
33
33
  end
34
34
 
35
- def add_hash_issue_v1(issue) # compatibility with sastbox v1
35
+ def add_hash_issue_v1(issue)
36
36
  issue[:hash_issue] = ''
37
- return if got_line_range?(issue) # hash v1 not needed for scanners which report start/end line
37
+ return if got_line_range?(issue)
38
38
 
39
39
  scanner_name = @name_alias
40
40
  short_filename = issue[:filename].sub(@opts.codebase, '')
@@ -79,7 +79,7 @@ module SastBox
79
79
  def skip_issue?(issue)
80
80
  return true if issue[:filename].include?('/.git/')
81
81
  return true if issue[:snippet][:read_success] == false
82
- return false # valid issue
82
+ return false
83
83
  end
84
84
 
85
85
  def validate_opts
@@ -105,7 +105,6 @@ module SastBox
105
105
 
106
106
  print_title("Running #{@name}")
107
107
  run
108
- #finish_scan
109
108
  end
110
109
 
111
110
  def finish_scan
@@ -149,4 +148,3 @@ module SastBox
149
148
 
150
149
  end
151
150
  end
152
-
@@ -76,7 +76,3 @@ module SastBox
76
76
  end
77
77
  end
78
78
  end
79
-
80
-
81
-
82
-
@@ -4,7 +4,6 @@ module SastBox
4
4
  module Snippet
5
5
 
6
6
  def filename_relative(filename)
7
- #filename.sub(@opts.codebase, '') if filename.start_with?(@opts.codebase)
8
7
  filename_path = File.expand_path(filename)
9
8
  codebase_path = File.expand_path(@opts.codebase)
10
9
 
@@ -13,7 +12,6 @@ module SastBox
13
12
  filename_path = filename_path[1..-1] if filename_path.start_with?('/')
14
13
  return filename_path
15
14
  else
16
- #print_warning("Filename outside codebase => #{filename_path}")
17
15
  return nil
18
16
  end
19
17
  end
@@ -52,8 +50,6 @@ module SastBox
52
50
  snippet[:evidence_full][:content] << lines[pos - 1].force_encoding('ISO-8859-1').encode('UTF-8')
53
51
  end
54
52
  snippet_calculate_hashes(snippet)
55
- #snippet[:evidence_line][:hash] = Digest::SHA256.hexdigest(snippet[:evidence_line][:content])
56
- #snippet[:evidence_full][:hash] = Digest::SHA256.hexdigest(snippet[:evidence_full][:content])
57
53
  end
58
54
 
59
55
  snippet
data/lib/sastbox-sdk.rb CHANGED
@@ -18,9 +18,7 @@ require_relative 'sastbox-sdk/runner'
18
18
  require_relative 'sastbox-sdk/severity_calculator'
19
19
  require_relative 'sastbox-sdk/scanner'
20
20
 
21
-
22
21
  module SastBox
23
22
  VERSION = '2.0.0'
24
23
  SDK_VERSION = '0.0.1'
25
24
  end
26
-
@@ -26,7 +26,7 @@ RSpec.describe 'Runner' do
26
26
 
27
27
  before do
28
28
  scanner.parse_opts([])
29
- scanner_timeout_60_sec.parse_opts(['-t', '1']) # 60 secs
29
+ scanner_timeout_60_sec.parse_opts(['-t', '1'])
30
30
 
31
31
  Thread.report_on_exception = false
32
32
  end
@@ -5,4 +5,3 @@ require_relative '../lib/sastbox-sdk'
5
5
  RSpec.describe 'Sastbox-sdk' do
6
6
 
7
7
  end
8
-
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sastbox_sdk
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
- - rd
8
- autorequire:
7
+ - Conviso Engineering Team
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-28 00:00:00.000000000 Z
11
+ date: 2023-02-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colored
@@ -30,16 +30,16 @@ dependencies:
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 2.2.0
33
+ version: 2.6.3
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 2.2.0
40
+ version: 2.6.3
41
41
  description: SDK to construct SAST scanners
42
- email: rd@convisoappsec.com
42
+ email: product-development@convisoappsec.com
43
43
  executables: []
44
44
  extensions: []
45
45
  extra_rdoc_files: []
@@ -74,7 +74,7 @@ homepage: ''
74
74
  licenses:
75
75
  - MIT
76
76
  metadata: {}
77
- post_install_message:
77
+ post_install_message:
78
78
  rdoc_options: []
79
79
  require_paths:
80
80
  - lib
@@ -89,8 +89,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
89
89
  - !ruby/object:Gem::Version
90
90
  version: '0'
91
91
  requirements: []
92
- rubygems_version: 3.1.2
93
- signing_key:
92
+ rubygems_version: 3.4.22
93
+ signing_key:
94
94
  specification_version: 4
95
95
  summary: SastBox SDK
96
96
  test_files: []