sastbox_sdk 1.0.3 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b6a870a540be23040d971ae4e97d9ae06d21cf811ff5ba6266fcb9aeb04124c
-  data.tar.gz: 39b1073ea02969adb33e8e73611e907e85e653c221d3730d93b9fc9da923fb6b
+  metadata.gz: 19cc1d63d7f0232726451fe4cbed6055e88e683e02f246700be8ab4e3aa30ded
+  data.tar.gz: 4403d75cabb70ee91a9b8fe599f9ef9aab343adbcdbd117c99c776414bed0d25
 SHA512:
-  metadata.gz: 86179d12beba2c216f02c7ab18a89a003b6eb6f81a05ee2ece9a8bbc2ad9c9f7f4a761b4ece6339a96af5ebfa72f8e4b473a2589917d97282e7545119a86b32e
-  data.tar.gz: 854a7bd81b24277b24ae387530962ae8fe79d3207b8f345bb4656bd4ee3624abae75bbb2b95003757f4799e4e12c70654736c5bf23efc16bf26688c02d88ce2a
+  metadata.gz: 5b8f1ae8184edb46dfd75d919f61a2af12cdb95275247c968776e78d696d3615822a7ceb823b11e1c21feb017bafeff8064e370484ba0c231eac0a4cfbaf728b
+  data.tar.gz: 11afdd66315f6d79e217d828fa997c19e1a2730b2cde93e856f725bcdcb46fd9e4087e7c1b11544eac849d4545635739346c578b8ec33077b8d096f5b249bfba

data/lib/sastbox-sdk/codebase.rb

@@ -1,5 +1,4 @@
 module SastBox
   module Codebase
-
   end
-end
+end

data/lib/sastbox-sdk/cwe_detector.rb

@@ -2,7 +2,6 @@ require 'set'
 
 module SastBox
   module Cwe
-
     def cwe_found?(issue, patterns, cwe)
       patterns.each do |pattern|
         @alternative_titles.each do |title|
@@ -12,7 +11,7 @@ module SastBox
           end
         end
       end
-      return false
+      false
     end
 
     def detected_sql_injection?(issue)
@@ -185,8 +184,8 @@ module SastBox
 
       @alternative_titles << @alternative_titles.first.split('_').join(' ')
       @alternative_titles << @alternative_titles.first.split('-').join(' ')
-      @alternative_titles << @alternative_titles.first.gsub("hard coded", "hard-coded")
-      @alternative_titles << @alternative_titles.first.gsub("hardcoded", "hard-coded")
+      @alternative_titles << @alternative_titles.first.gsub('hard coded', 'hard-coded')
+      @alternative_titles << @alternative_titles.first.gsub('hardcoded', 'hard-coded')
       @alternative_titles
     end
 
@@ -197,6 +196,5 @@ module SastBox
         cwe_start_heuristics(issue)
       end
     end
-
   end
-end
+end

data/lib/sastbox-sdk/opt_parser.rb

@@ -5,12 +5,12 @@ module SastBox
   module OptParser
     def parse_opts(args)
       @opts = OpenStruct.new
-      @opts.verbose     = false
-      @opts.info        = false
-      @opts.color       = true
-      @opts.diff_hashes = []
-      @opts.diff_quick  = false
-      @opts.timeout     = 200 * 60
+      @opts.verbose      = false
+      @opts.info         = false
+      @opts.color        = true
+      @opts.diff_hashes  = []
+      @opts.diff_quick   = false
+      @opts.timeout      = 200 * 60
 
       opt_parser = OptionParser.new do |opts|
         opts.on('-c', '--codebase=CODEBASE', 'Codebase to be scanned') do |codebase|

data/lib/sastbox-sdk/printer.rb

@@ -3,7 +3,6 @@ require 'date'
 
 module SastBox
   module Printer
-
     def enable_color(flag = true)
       @color = flag
     end
@@ -80,6 +79,5 @@ module SastBox
 
     def self.included(base)
     end
-
   end
-end
+end

data/lib/sastbox-sdk/reporter_sarif.rb

@@ -3,7 +3,6 @@ require 'digest'
 module SastBox
   module Reporter
     module Sarif
-
       def generate_sarif_report
         new_sarif_log
         @issues.each do |issue|
@@ -92,7 +91,7 @@ module SastBox
             }
           }],
           partialFingerprints: {
-            hashIssueV1:      issue[:hash_issue],   
+            hashIssueV1:      issue[:hash_issue],
             hashIssueV2:      issue[:hash_issue_v2],
             snippetHashLine:  snippet[:evidence_line][:hash],
             snippetHashFull:  snippet[:evidence_full][:hash]
@@ -101,11 +100,12 @@ module SastBox
             cweId: issue[:cwe_id].to_i,
             tags: issue[:tags],
             issueSeverity: issue[:severity],
+            solution: issue[:solution]
           }
         }
+
         sarif_result
       end
-
     end
   end
 end

data/lib/sastbox-sdk/runner.rb

@@ -2,7 +2,6 @@ require 'timeout'
 
 module SastBox
   module Runner
-
     def command?(name)
       `which #{name}`
       $?.success?

data/lib/sastbox-sdk/scanner.rb

@@ -1,6 +1,5 @@
 module SastBox
   class Scanner
-
     include SastBox::OptParser
     include SastBox::Printer
     include SastBox::Runner
@@ -79,7 +78,8 @@ module SastBox
     def skip_issue?(issue)
       return true if issue[:filename].include?('/.git/')
       return true if issue[:snippet][:read_success] == false
-      return false 
+
+      false
     end
 
     def validate_opts
@@ -115,7 +115,7 @@ module SastBox
     end
 
     def save_scan_output
-      File.open(@opts.output, "wb") { |file| file.write(generate_sarif_report) }
+      File.open(@opts.output, 'wb') { |file| file.write(generate_sarif_report) }
       print_normal("Sarif result saved to #{@opts.output}", 1)
     end
 
@@ -143,8 +143,8 @@ module SastBox
       if File.exist?(filename)
         content = parse_json_from_str(File.read(filename))
       end
+
       content
     end
-
   end
 end

data/lib/sastbox-sdk/severity_calculator.rb

@@ -1,6 +1,5 @@
 module SastBox
   module SeverityCalculator
-
     def add_severity(issue)
       accepted_levels =  [:info, :low, :medium, :high, :critical]
 
@@ -13,7 +12,6 @@ module SastBox
       else
         issue[:severity] = attempt_to_determine_severity(issue)
       end
-
     end
 
     def severity_pattern_found?(patterns, text)
@@ -51,7 +49,6 @@ module SastBox
 
       info = []
 
-
       if level == :undefined
         level = :critical if severity_pattern_found?(critical, text)
       end

data/lib/sastbox-sdk/snippet.rb

@@ -2,7 +2,6 @@ require 'digest'
 
 module SastBox
   module Snippet
-
     def filename_relative(filename)
       filename_path = File.expand_path(filename)
       codebase_path = File.expand_path(@opts.codebase)
@@ -10,9 +9,10 @@ module SastBox
       if filename_path.start_with?(codebase_path)
         filename_path.sub!(codebase_path, '')
         filename_path = filename_path[1..-1] if filename_path.start_with?('/')
-        return filename_path
+
+        filename_path
       else
-        return nil
+        nil
       end
     end
 

data/spec/sastbox-sdk/codebase_spec.rb

@@ -4,4 +4,3 @@ require_relative '../../lib/sastbox-sdk'
 
 RSpec.describe 'Codebase' do
 end
-

data/spec/sastbox-sdk/cwe_constants_spec.rb

@@ -4,4 +4,3 @@ require_relative '../../lib/sastbox-sdk'
 
 RSpec.describe 'Cwe_constants' do
 end
-

data/spec/sastbox-sdk/cwe_detector_spec.rb

@@ -209,8 +209,5 @@ RSpec.describe 'Cwe_detector' do
         expect(issue[:cwe_id]).to eq SastBox::Cwe::UNRESTRICTED_UPLOAD_OF_FILE_WITH_DANGEROUS_TYPE
       end
     end
-
-
   end
-
 end

data/spec/sastbox-sdk/opt_parser_spec.rb

@@ -16,7 +16,7 @@ RSpec.describe 'Opt_parser' do
 
   describe 'parse_opts' do
     context 'should parse all the provided options' do
-      subject { scanner.parse_opts(['-c', 'codebase', '-o', 'outputfile', '-v', '-t', '2', '-n']) }
+      subject { scanner.parse_opts(%w[-c codebase -o outputfile -v -t 2 -n]) }
 
       it 'codebase - is expected to eq "codebase"' do
         expect(subject.codebase).to eq 'codebase'
@@ -44,4 +44,3 @@ RSpec.describe 'Opt_parser' do
     end
   end
 end
-

data/spec/sastbox-sdk/printer_spec.rb

@@ -56,4 +56,3 @@ RSpec.describe 'Printer' do
     end
   end
 end
-

data/spec/sastbox-sdk/reporter_sarif_spec.rb

@@ -29,7 +29,7 @@ RSpec.describe 'Reporter_sarif' do
   end
 
   before do
-    scanner.parse_opts(['-c', 'xxx'])
+    scanner.parse_opts(%w[-c xxx])
 
     scanner.add_issue(
       title: 'title',
@@ -46,7 +46,7 @@ RSpec.describe 'Reporter_sarif' do
 
   describe 'generate_sarif_report' do
     context 'should generate valid SARIF' do
-      subject {scanner.generate_sarif_report() }
+      subject {scanner.generate_sarif_report }
 
       it {expect(subject).to be_a(String)}
 

data/spec/sastbox-sdk/runner_spec.rb

@@ -46,9 +46,9 @@ RSpec.describe 'Runner' do
       subject { scanner.run_cmd(['uname']) }
 
       it { expect(subject).to be_an(Array) }
-      it { expect(subject.length).to be(2) }
+      it { expect(subject.length).to be(3) }
       it { expect(subject[0]).to eq "Linux\n" }
-      it { expect(subject[1]).to eq(nil).or be_an(Process::Status) }
+      it { expect(subject[1]).to eq("").or be_an(Process::Status) }
     end
 
     context 'should exit with an invalid command' do
@@ -70,9 +70,9 @@ RSpec.describe 'Runner' do
       subject { scanner_timeout_60_sec.run_cmd_with_timeout(['uname']) }
 
       it { expect(subject).to be_an(Array) }
-      it { expect(subject.length).to be(2) }
+      it { expect(subject.length).to be(3) }
       it { expect(subject[0]).to eq "Linux\n" }
-      it { expect(subject[1]).to eq(nil).or be_an(Process::Status) }
+      it { expect(subject[1]).to eq("").or be_an(Process::Status) }
     end
 
     context 'should fail when exceeded timeout' do
@@ -89,4 +89,3 @@ RSpec.describe 'Runner' do
     end
   end
 end
-

data/spec/sastbox-sdk/scanner_spec.rb

@@ -16,7 +16,7 @@ RSpec.describe 'Scanner' do
   describe 'start_scan' do
     context 'should raise name error for run method when correct options are provided' do
       before do
-        scanner.parse_opts(['-o', 'xxx', '-c', 'aaa'])
+        scanner.parse_opts(%w[-o xxx -c aaa])
       end
 
       it "should raise name error for run method when correct options are provided" do
@@ -48,7 +48,7 @@ RSpec.describe 'Scanner' do
       end
 
       before do
-        scanner.parse_opts(['-o', 'xxx', '-c', 'aaa'])
+        scanner.parse_opts(%w[-o xxx -c aaa])
         scanner.add_issue(issue)
       end
 
@@ -69,7 +69,7 @@ RSpec.describe 'Scanner' do
       end
 
       before do
-        scanner.parse_opts(['-o', 'xxx', '-c', 'aaa'])
+        scanner.parse_opts(%w[-o xxx -c aaa])
       end
 
       it do
@@ -145,14 +145,14 @@ RSpec.describe 'Scanner' do
       end
 
       before do
-        scanner.parse_opts(['-c', '/abc/def/ghi'])
+        scanner.parse_opts(%w[-c /abc/def/ghi])
         @status = scanner.add_issue(issue)
       end
 
       #it { expect(@status).to be scanner.issues }
       it { expect(scanner.issues.length).to be 1}
       it "hash_issue_v1" do
-        expect(scanner.issues.first[:hash_issue]).to eq '220da2ef86cb34b97e4253f5b212b2a720c93d717e7fec8f243d851441774181'
+        expect(scanner.issues.first[:hash_issue]).to eq '4d89fbb4cc1e2beef276558ead0c4a66d1048668edda40b36efae7f8c6f30642'
       end
 
       it "hash_issue_v2" do
@@ -235,4 +235,3 @@ RSpec.describe 'Scanner' do
     end
   end
 end
-

data/spec/sastbox-sdk/severity_calculator_spec.rb

@@ -120,7 +120,4 @@ RSpec.describe 'SeverityCalculator' do
       it {expect( scanner.attempt_to_determine_severity(issue)).to eq :undefined}
     end
   end
-
-
 end
-

data/spec/sastbox-sdk/snippet_spec.rb

@@ -172,4 +172,3 @@ RSpec.describe 'snippet' do
     end
   end
 end
-

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: sastbox_sdk
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.5
 platform: ruby
 authors:
 - Conviso Engineering Team
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-10 00:00:00.000000000 Z
+date: 2024-12-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colored
@@ -30,14 +29,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.6.3
+        version: 2.9.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.6.3
+        version: 2.9.1
 description: SDK to construct SAST scanners
 email: product-development@convisoappsec.com
 executables: []
@@ -74,7 +73,6 @@ homepage: ''
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -89,8 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.7
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: SastBox SDK
 test_files: []