sastbox_sdk 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +32 -0
- data/lib/sastbox-sdk/codebase.rb +1 -5
- data/lib/sastbox-sdk/printer.rb +0 -1
- data/lib/sastbox-sdk/reporter_sarif.rb +1 -2
- data/lib/sastbox-sdk/runner.rb +1 -8
- data/lib/sastbox-sdk/scanner.rb +3 -5
- data/lib/sastbox-sdk/severity_calculator.rb +0 -4
- data/lib/sastbox-sdk/snippet.rb +0 -4
- data/lib/sastbox-sdk.rb +0 -2
- data/spec/sastbox-sdk/runner_spec.rb +1 -1
- data/spec/sastbox-sdk_spec.rb +0 -1
- metadata +10 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e0ae8320863a0187e3236895eed8f2a0a82175ac7cf7e7f9f9cde6e397817576
|
4
|
+
data.tar.gz: d3650fecd3a1ba3c5edee1f8512c2179b7d90809e4fde48614cbf97b2a46a38c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 328720b6e1635ef12fbcb9a9216ae1885f44c0235ea5ff57dd1f5a61d61c143fb9d329106b8c9ddf973906a060d5a5c5a2a0a388647d9d05ca2062fd26b4e00b
|
7
|
+
data.tar.gz: 3437d3de2e982b5619b65ea16612c5a1e5241dace1fcb7a87b768dd118a15c0e31d5b10ff52dbd70e9a2f0b74c13f89fb50937f284291035d010e871d6c11037
|
data/README.md
CHANGED
@@ -0,0 +1,32 @@
|
|
1
|
+
<p align="center">
|
2
|
+
<h3 align="center">SASTBox SDK</h3>
|
3
|
+
<p align="center">SDK to construct SAST scanners</p>
|
4
|
+
<p align="center">
|
5
|
+
<a href="https://github.com/convisoappsec/sastbox-sdk/blob/master/LICENSE.md">
|
6
|
+
<img src="https://img.shields.io/badge/license-MIT-blue.svg">
|
7
|
+
</a>
|
8
|
+
<a href="https://github.com/convisoappsec/sastbox-sdk/releases">
|
9
|
+
<img src="https://img.shields.io/badge/version-0.0.1-blue.svg">
|
10
|
+
</a>
|
11
|
+
</p>
|
12
|
+
</p>
|
13
|
+
|
14
|
+
---
|
15
|
+
|
16
|
+
### Summary
|
17
|
+
|
18
|
+
If you dont have expirience developemnt your own gems: https://guides.rubygems.org/make-your-own-gem/#your-first-gem
|
19
|
+
|
20
|
+
|
21
|
+
Public GEM: https://rubygems.org/gems/sastbox_sdk
|
22
|
+
|
23
|
+
|
24
|
+
```
|
25
|
+
bundle install
|
26
|
+
```
|
27
|
+
|
28
|
+
---
|
29
|
+
|
30
|
+
### References
|
31
|
+
|
32
|
+
1. https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry
|
data/lib/sastbox-sdk/codebase.rb
CHANGED
data/lib/sastbox-sdk/printer.rb
CHANGED
@@ -92,7 +92,7 @@ module SastBox
|
|
92
92
|
}
|
93
93
|
}],
|
94
94
|
partialFingerprints: {
|
95
|
-
hashIssueV1: issue[:hash_issue],
|
95
|
+
hashIssueV1: issue[:hash_issue],
|
96
96
|
hashIssueV2: issue[:hash_issue_v2],
|
97
97
|
snippetHashLine: snippet[:evidence_line][:hash],
|
98
98
|
snippetHashFull: snippet[:evidence_full][:hash]
|
@@ -109,4 +109,3 @@ module SastBox
|
|
109
109
|
end
|
110
110
|
end
|
111
111
|
end
|
112
|
-
|
data/lib/sastbox-sdk/runner.rb
CHANGED
@@ -2,8 +2,7 @@ require 'timeout'
|
|
2
2
|
|
3
3
|
module SastBox
|
4
4
|
module Runner
|
5
|
-
|
6
|
-
# TODO: find a better way to do this
|
5
|
+
|
7
6
|
def command?(name)
|
8
7
|
`which #{name}`
|
9
8
|
$?.success?
|
@@ -23,7 +22,6 @@ module SastBox
|
|
23
22
|
out_reader = ''
|
24
23
|
err_reader = ''
|
25
24
|
Open3.popen3(*cmd) do |stdin, stdout, stderr, wait_thr|
|
26
|
-
# https://stackoverflow.com/questions/8952043/how-to-fix-hanging-popen3-in-ruby
|
27
25
|
stdin.close_write
|
28
26
|
output, pid = [], wait_thr.pid
|
29
27
|
begin
|
@@ -35,7 +33,6 @@ module SastBox
|
|
35
33
|
|
36
34
|
out_reader = stdout.read
|
37
35
|
|
38
|
-
#output = [stdout.read, stderr.read]
|
39
36
|
Process.wait(pid)
|
40
37
|
end
|
41
38
|
rescue Errno::ECHILD
|
@@ -49,7 +46,3 @@ module SastBox
|
|
49
46
|
end
|
50
47
|
end
|
51
48
|
end
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
data/lib/sastbox-sdk/scanner.rb
CHANGED
@@ -32,9 +32,9 @@ module SastBox
|
|
32
32
|
}
|
33
33
|
end
|
34
34
|
|
35
|
-
def add_hash_issue_v1(issue)
|
35
|
+
def add_hash_issue_v1(issue)
|
36
36
|
issue[:hash_issue] = ''
|
37
|
-
return if got_line_range?(issue)
|
37
|
+
return if got_line_range?(issue)
|
38
38
|
|
39
39
|
scanner_name = @name_alias
|
40
40
|
short_filename = issue[:filename].sub(@opts.codebase, '')
|
@@ -79,7 +79,7 @@ module SastBox
|
|
79
79
|
def skip_issue?(issue)
|
80
80
|
return true if issue[:filename].include?('/.git/')
|
81
81
|
return true if issue[:snippet][:read_success] == false
|
82
|
-
return false
|
82
|
+
return false
|
83
83
|
end
|
84
84
|
|
85
85
|
def validate_opts
|
@@ -105,7 +105,6 @@ module SastBox
|
|
105
105
|
|
106
106
|
print_title("Running #{@name}")
|
107
107
|
run
|
108
|
-
#finish_scan
|
109
108
|
end
|
110
109
|
|
111
110
|
def finish_scan
|
@@ -149,4 +148,3 @@ module SastBox
|
|
149
148
|
|
150
149
|
end
|
151
150
|
end
|
152
|
-
|
data/lib/sastbox-sdk/snippet.rb
CHANGED
@@ -4,7 +4,6 @@ module SastBox
|
|
4
4
|
module Snippet
|
5
5
|
|
6
6
|
def filename_relative(filename)
|
7
|
-
#filename.sub(@opts.codebase, '') if filename.start_with?(@opts.codebase)
|
8
7
|
filename_path = File.expand_path(filename)
|
9
8
|
codebase_path = File.expand_path(@opts.codebase)
|
10
9
|
|
@@ -13,7 +12,6 @@ module SastBox
|
|
13
12
|
filename_path = filename_path[1..-1] if filename_path.start_with?('/')
|
14
13
|
return filename_path
|
15
14
|
else
|
16
|
-
#print_warning("Filename outside codebase => #{filename_path}")
|
17
15
|
return nil
|
18
16
|
end
|
19
17
|
end
|
@@ -52,8 +50,6 @@ module SastBox
|
|
52
50
|
snippet[:evidence_full][:content] << lines[pos - 1].force_encoding('ISO-8859-1').encode('UTF-8')
|
53
51
|
end
|
54
52
|
snippet_calculate_hashes(snippet)
|
55
|
-
#snippet[:evidence_line][:hash] = Digest::SHA256.hexdigest(snippet[:evidence_line][:content])
|
56
|
-
#snippet[:evidence_full][:hash] = Digest::SHA256.hexdigest(snippet[:evidence_full][:content])
|
57
53
|
end
|
58
54
|
|
59
55
|
snippet
|
data/lib/sastbox-sdk.rb
CHANGED
data/spec/sastbox-sdk_spec.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sastbox_sdk
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
-
|
8
|
-
autorequire:
|
7
|
+
- Conviso Engineering Team
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-02-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: colored
|
@@ -30,16 +30,16 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 2.
|
33
|
+
version: 2.6.3
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 2.
|
40
|
+
version: 2.6.3
|
41
41
|
description: SDK to construct SAST scanners
|
42
|
-
email:
|
42
|
+
email: product-development@convisoappsec.com
|
43
43
|
executables: []
|
44
44
|
extensions: []
|
45
45
|
extra_rdoc_files: []
|
@@ -74,7 +74,7 @@ homepage: ''
|
|
74
74
|
licenses:
|
75
75
|
- MIT
|
76
76
|
metadata: {}
|
77
|
-
post_install_message:
|
77
|
+
post_install_message:
|
78
78
|
rdoc_options: []
|
79
79
|
require_paths:
|
80
80
|
- lib
|
@@ -89,8 +89,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
89
89
|
- !ruby/object:Gem::Version
|
90
90
|
version: '0'
|
91
91
|
requirements: []
|
92
|
-
rubygems_version: 3.
|
93
|
-
signing_key:
|
92
|
+
rubygems_version: 3.4.22
|
93
|
+
signing_key:
|
94
94
|
specification_version: 4
|
95
95
|
summary: SastBox SDK
|
96
96
|
test_files: []
|