scabox_sdk 1.0.0 → 1.0.1.pre.rc.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a8c80dcf7f5f6a7347e69ce67fed3e010384b30eae97bf1dc4be4c3c10e799bf
-  data.tar.gz: 506708f0c1f04c91f4d629cfbfc7bdc5cf08581cec840bcd8ef9e32e2067728f
+  metadata.gz: a5290735bdf05ded68ae369b9599e308390a6fdca9defd8f0fb03618dc3b3bb9
+  data.tar.gz: 99f6c2594b03415cdf1f44c688d00bbfc81d5b4d576fd9c06ae898ffdcd8004c
 SHA512:
-  metadata.gz: e8452b4ea6ee804868721b994219fc51910359ef9c91c98579ab62737c2278e4d74ac5d09f6d48041c777a0dce8e8696cad65d5695d81e621d17b49b8c1cd085
-  data.tar.gz: 53e2726f1f657d862c417fcc460937854cb3d5dee97483240730ade740a04f2e73c2ed5ac4a6a6ce32ed8226b3e43d467167271204b9f37ae65ebf755183400f
+  metadata.gz: 35e54954d882951c9dae143b096ed1ae0e5112326bb21913da6a581da5d52d9188dfd88446cea01450a4ae07750c01dacde6cc6541383c7c5b7b92e61b0e2896
+  data.tar.gz: 1d5e9dd00638ad27164c72343df57edb77373066646ba6bcc324f02b47a99c65110f14ec52fc4e2e454db556720873de61782ec0d779d833649cfccb53b4dc33

data/lib/scabox_sdk/codebase.rb

@@ -29,6 +29,7 @@ module ScaBox
       @opts.verbose     = false
       @opts.info        = false
       @opts.color       = true
+      @opts.output_stdout = false
 
       opt_parser = OptionParser.new do |opts|
         opts.on('-c', '--codebase=CODEBASE', 'Codebase to be scanned') do |codebase|
@@ -43,6 +44,10 @@ module ScaBox
           @opts.output = output
         end
 
+        opts.on('--output-stdout', 'Print result to stdout') do
+          @opts.output_stdout = true
+        end
+
         opts.on("-v", '--[no-]verbose', 'Run verbosely') do |v|
           @opts.verbose = v
         end

data/lib/scabox_sdk/container.rb

@@ -31,6 +31,8 @@ module ScaBox
       @opts.verbose     = false
       @opts.info        = false
       @opts.color       = true
+      @opts.output_stdout = false
+
 
       opt_parser = OptionParser.new do |opts|
         opts.on('-n', '--image-name=IMAGE_NAME', 'Name of image to be scanned') do |image_name|
@@ -49,6 +51,10 @@ module ScaBox
           @opts.output = output
         end
 
+        opts.on('--output-stdout', 'Print result to stdout') do
+          @opts.output_stdout = true
+        end
+
         opts.on("-v", '--[no-]verbose', 'Run verbosely') do |v|
           @opts.verbose = v
         end

data/lib/scabox_sdk/printer.rb

@@ -8,7 +8,12 @@ module ScaBox
       @color = flag
     end
 
+    def suppress_output?
+      @opts.output_stdout
+    end
+
     def print_title(s, level = 0)
+      return if suppress_output?
       pad = " " * (level * 4)
       out_s = "#{pad}[*] #{s}"
       if @color
@@ -20,6 +25,7 @@ module ScaBox
     end
 
     def print_normal(s, level = 0)
+      return if suppress_output?
       pad = " " * (level * 4)
       out_s = "#{pad}#{s}"
       puts out_s
@@ -27,6 +33,7 @@ module ScaBox
     end
 
     def print_success(s, level = 0)
+      return if suppress_output?
       pad = " " * (level * 4)
       out_s = "#{pad}[SUCCESS] #{s}"
       if @color
@@ -38,6 +45,7 @@ module ScaBox
     end
 
     def print_error(s, level = 0)
+      return if suppress_output?
       pad = " " * (level * 4)
       out_s = "#{pad}[ ERROR ] #{s}"
       if @color
@@ -49,6 +57,7 @@ module ScaBox
     end
 
     def print_with_label(s, label, level = 0)
+      return if suppress_output?
       pad = " " * (level * 4)
       out_s = "#{pad}[#{label}] #{s}"
       puts out_s
@@ -56,6 +65,7 @@ module ScaBox
     end
 
     def print_debug(s, level = 0)
+      return if suppress_output?
       pad = " " * (level * 4)
       now = DateTime.now.strftime('%d/%m/%Y %H:%M:%S.%3N')
       out_s = "#{pad}DEBUG|#{now}| #{s}"

data/lib/scabox_sdk/scanner.rb

@@ -32,8 +32,8 @@ module ScaBox
     end
 
     def check_output_flag
-      if @opts.output.nil?
-        print_error("Output -o not passed")
+      if @opts.output.nil? and @opts.output_stdout == false
+        print_error("Neither -o nor --output-stdout passed")
         exit 1
       end
     end
@@ -98,16 +98,51 @@ module ScaBox
       title
     end
 
+    def get_code_version
+      code_version = []
+      Dir.chdir @opts.codebase do
+        # git show-ref --head --heads --tags | grep $(git rev-parse HEAD)
+        stdout_str, stderr_str, status = Open3.capture3('/usr/bin/git', 'rev-parse', 'HEAD')
+        return code_version if stderr_str.include? 'fatal' || status != 0
+
+        head_hash = stdout_str.chomp
+
+        stdout_str, status = Open3.capture2('/usr/bin/git', 'show-ref', '--head', '--heads', '--tags')
+        return code_version if status != 0
+
+        stdout_str.each_line do |line|
+          line = line.chomp
+
+          if line.include? head_hash
+            code_version << line
+          end
+        end
+      end
+      code_version
+    end
+
     def save_results
       print_normal("Issues found: #{@issues.length}")
       unless @issues.empty?
         if @opts.format == :json
-          output = JSON.pretty_generate(@issues)
+          code_version = []
+          code_version = get_code_version unless @opts.codebase.nil?
+
+          json_output = {'type': 'sca', 'code_version': code_version, 'issues': @issues}
+          output = JSON.pretty_generate(json_output)
         else
           output = txt_output
         end
-        File.open(@opts.output, 'wb') {|file| file.write(output) }
-        print_normal("Output saved: #{@opts.output}")
+
+        if (!@opts.output.nil?)
+          File.open(@opts.output, 'wb') {|file| file.write(output) }
+          print_normal("Output saved: #{@opts.output}")
+        end
+
+        if (@opts.output_stdout)
+          puts output
+        end
+
       end
     end
 

data/spec/scabox_sdk/codebase_spec.rb

@@ -0,0 +1,74 @@
+require_relative '../spec_helper'
+require_relative '../../lib/scabox_sdk'
+
+RSpec.describe 'Codebase' do
+  describe 'parse_opts' do
+    context 'should parse all the provided options' do
+      let(:scanner) { ScaBox::CodebaseScanner.new(name: 'test', description: 'test', support: []) }
+      subject { scanner.parse_opts(['-c', 'codebase', '-f', 'json', '-o', 'outputfile', '-v']) }
+
+      it 'codebase - is expected to eq "codebase"' do
+        expect(subject.codebase).to eq 'codebase'
+      end
+
+      it "format - is expected to eq :json" do
+        expect(subject.format).to eq :json
+      end
+
+      it "output - is expected to eq outputfile" do
+        expect(subject.output).to eq 'outputfile'
+      end
+
+      it "verbose - is expected to equal true" do
+        expect(subject.verbose).to be true
+      end
+
+      it "info - is expected to eq false" do
+        expect(subject.info).to be false
+      end
+
+      it "color - is expected to equal true" do
+        expect(subject.color).to be true
+      end
+    end
+  end
+
+  describe 'run' do
+    context 'should fail when codebase is not provided' do
+      let(:scanner) { ScaBox::CodebaseScanner.new(name: 'test', description: 'test', support: []) }
+      before do
+        scanner.parse_opts([])
+      end
+
+      it do
+        expect { scanner.run }.to raise_error(SystemExit) do |error|
+          expect( error.status ).to eq(1)
+        end
+      end
+      it do
+        expect { scanner.run }.to raise_error(SystemExit) do |error|
+          expect( error.message ).to eq('exit')
+        end
+      end
+    end
+
+    context 'should raise name error for prepare_command method when correct options are provided' do
+      let(:scanner) { ScaBox::CodebaseScanner.new(name: 'test', description: 'test', support: []) }
+      let(:report) { '/tmp/codebasescanner_output.json' }
+
+      before do
+        File.delete(report) if File.exist?(report)
+
+        $VERBOSE = nil
+        ARGV = ['-c', 'codebase', '-f', 'json', '-o', report, '-v']
+      end
+
+      it "should raise name error for prepare_command method when correct options are provided" do
+        expect { scanner.run }.to raise_error(NameError) do |error| # #<NameError: undefined local variable or method `prepare_command' for #<ScaBox::CodebaseScanner:0x00005616ee3fab00>>
+          expect( error.message ).to match(/undefined.*prepare_command/)
+        end
+      end
+    end
+  end
+
+end

data/spec/scabox_sdk/container_spec.rb

@@ -0,0 +1,79 @@
+require_relative '../spec_helper'
+require_relative '../../lib/scabox_sdk'
+
+RSpec.describe 'Container' do
+  describe 'parse_opts' do
+    context 'should parse all the provided options' do
+      let(:scanner) { ScaBox::ContainerScanner.new(name: 'test', description: 'test', support: []) }
+      subject { scanner.parse_opts(['-n', 'imagename', '-p', 'imagefile', '-f', 'json', '-o', 'outputfile', '-v']) }
+
+      it "image_name - is expected to equal imagename" do
+        expect(subject.image_name).to eq 'imagename'
+      end
+
+      it "image_file - is expected to equal imagefile" do
+        expect(subject.image_file).to eq 'imagefile'
+      end
+
+      it "format - is expected to eq :json" do
+        expect(subject.format).to eq :json
+      end
+
+      it "output - is expected to eq outputfile" do
+        expect(subject.output).to eq 'outputfile'
+      end
+
+      it "verbose - is expected to equal true" do
+        expect(subject.verbose).to be true
+      end
+
+      it "info - is expected to eq false" do
+        expect(subject.info).to be false
+      end
+
+      it "color - is expected to equal true" do
+        expect(subject.color).to be true
+      end
+    end
+  end
+
+  describe 'run' do
+    context 'should fail when image name and image file are not provided' do
+      let(:scanner) { ScaBox::ContainerScanner.new(name: 'test', description: 'test', support: []) }
+
+      before do
+        scanner.parse_opts([])
+      end
+
+      it do
+        expect { scanner.run }.to raise_error(SystemExit) do |error|
+          expect( error.status ).to eq(1)
+        end
+      end
+      it do
+        expect { scanner.run }.to raise_error(SystemExit) do |error|
+          expect( error.message ).to eq('exit')
+        end
+      end
+    end
+
+    context 'should raise name error for prepare_command method when correct options are provided' do
+      let(:scanner) { ScaBox::ContainerScanner.new(name: 'test', description: 'test', support: []) }
+      let(:report) { '/tmp/containerscanner_output.json' }
+
+      before do
+        File.delete(report) if File.exist?(report)
+
+        $VERBOSE = nil
+        ARGV = ['-n', 'python:3.4-alpine', '-f', 'json', '-o', report, '-v']
+      end
+
+      it "should raise name error for prepare_command method when correct options are provided" do
+        expect { scanner.run }.to raise_error(NameError) do |error| # #<NameError: undefined local variable or method `prepare_command' for #<ScaBox::ContainerScanner:0x00005616ee3fab00>>
+          expect( error.message ).to match(/undefined.*prepare_command/)
+        end
+      end
+    end
+  end
+
+end

data/spec/scabox_sdk/printer_spec.rb

@@ -0,0 +1,46 @@
+require_relative '../spec_helper'
+require_relative '../../lib/scabox_sdk'
+
+RSpec.describe 'Printer' do
+  let(:runner) { ScaBox::CodebaseScanner.new(name: 'test', description: 'test', support: []) }
+
+  before do
+    runner.parse_opts(['--no-color'])
+  end
+
+  describe 'print_title' do
+    context 'should print with title format' do
+      it {expect { runner.print_title('abc') }.to output("[*] abc\n").to_stdout }
+    end
+  end
+
+  describe 'print_normal' do
+    context 'should print with normal format' do
+      it {expect { runner.print_normal('abc') }.to output("abc\n").to_stdout }
+    end
+  end
+
+  describe 'print_success' do
+    context 'should print with success format' do
+      it {expect { runner.print_success('abc') }.to output("[SUCCESS] abc\n").to_stdout }
+    end
+  end
+
+  describe 'print_error' do
+    context 'should print with error format' do
+      it {expect { runner.print_error('abc') }.to output("[ ERROR ] abc\n").to_stdout }
+    end
+  end
+
+  describe 'print_with_label' do
+    context 'should print with label format' do
+      it {expect { runner.print_with_label('abc', 'def') }.to output("[def] abc\n").to_stdout }
+    end
+  end
+
+  describe 'print_debug' do
+    context 'should print with debug format' do
+      it {expect { runner.print_debug('abc') }.to output(/DEBUG\|.*\| abc/).to_stdout }
+    end
+  end
+end

data/spec/scabox_sdk/runner_spec.rb

@@ -0,0 +1,75 @@
+require_relative '../spec_helper'
+require_relative '../../lib/scabox_sdk'
+
+RSpec.describe 'Runner' do
+  let(:runner) { ScaBox::CodebaseScanner.new(name: 'test', description: 'test', support: []) }
+  let(:runner_timeout_10_sec) { ScaBox::CodebaseScanner.new(name: 'test', description: 'test', support: []) }
+
+  before do
+    runner.parse_opts([])
+
+    runner_timeout_10_sec.parse_opts([])
+    runner_timeout_10_sec.instance_variable_set(:@timeout, 10)
+
+    Thread.report_on_exception = false
+  end
+
+  describe '#command?' do
+    context 'should return true if binary exists' do
+      it { expect(runner.command?('ls')).to eq true }
+    end
+
+    context 'should return false if binary not exists' do
+      it { expect(runner.command?('xxx')).to eq false }
+    end
+  end
+
+  describe '#run_cmd' do
+    context 'should run a valid command and return results' do
+      subject { runner.run_cmd(['uname']) }
+
+      it { expect(subject).to be_an(Array) }
+      it { expect(subject.length).to be(2) }
+      it { expect(subject[0]).to eq "Linux\n" }
+      it { expect(subject[1]).to eq(nil).or be_an(Process::Status) }
+    end
+
+    context 'should exit with an invalid command' do
+      it do
+        expect { runner.run_cmd(['xxx'])}.to raise_error(SystemExit) do |error|
+          expect( error.status ).to eq(1)
+        end
+      end
+      it do
+        expect { runner.run_cmd(['xxx'])}.to raise_error(SystemExit) do |error|
+          expect( error.message ).to eq('exit')
+        end
+      end
+    end
+  end
+
+  describe '#run_cmd_with_timeout' do
+    context 'should not fail when not exceeded timeout' do
+      subject { runner_timeout_10_sec.run_cmd_with_timeout(['uname']) }
+
+      it { expect(subject).to be_an(Array) }
+      it { expect(subject.length).to be(2) }
+      it { expect(subject[0]).to eq "Linux\n" }
+      it { expect(subject[1]).to eq(nil).or be_an(Process::Status) }
+    end
+
+    context 'should fail when exceeded timeout' do
+      it do
+        expect { runner_timeout_10_sec.run_cmd_with_timeout(['sleep', '20'])}.to raise_error(SystemExit) do |error|
+          expect( error.status ).to eq(1)
+        end
+      end
+      it do
+        expect { runner_timeout_10_sec.run_cmd_with_timeout(['sleep', '20'])}.to raise_error(SystemExit) do |error|
+          expect( error.message ).to eq('exit')
+        end
+      end
+    end
+  end
+end
+

data/spec/scabox_sdk/scanner_spec.rb

@@ -0,0 +1,295 @@
+require_relative '../spec_helper'
+require_relative '../../lib/scabox_sdk'
+
+RSpec.describe 'Scanner' do
+  describe 'check_info_flag' do
+    context 'should print info and exit when info flag is true' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+
+      before do
+        scanner.instance_variable_set(:@opts, OpenStruct.new(info: true))
+      end
+
+      it do
+        expect { scanner.check_info_flag}.to raise_error(SystemExit) do |error|
+          expect( error.status ).to eq(0)
+        end
+      end
+
+      it do
+        expect { scanner.check_info_flag}.to raise_error(SystemExit) do |error|
+          expect( error.message ).to eq('exit')
+        end
+      end
+    end
+  end
+
+  describe 'check_output_flag' do
+    context 'should print error and exit when no output flag is provided' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+
+      before do
+        scanner.instance_variable_set(:@opts, OpenStruct.new(output_stdout: false))
+      end
+
+      it do
+        expect { scanner.check_output_flag }.to raise_error(SystemExit) do |error|
+          expect( error.status ).to eq(1)
+        end
+      end
+
+      it do
+        expect { scanner.check_output_flag}.to raise_error(SystemExit) do |error|
+          expect( error.message ).to eq('exit')
+        end
+      end
+    end
+  end
+
+  describe 'start_scan' do
+    context 'should raise name error for prepare_command method' do
+
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+
+      before do
+        scanner.instance_variable_set(:@opts, OpenStruct.new())
+      end
+
+      it "should raise name error for prepare_command" do
+        expect { scanner.run }.to raise_error(NameError) # #<NameError: undefined local variable or method `prepare_command' ...
+      end
+    end
+  end
+
+
+  describe 'add_issue' do
+    context 'should add issue to instance array @issues' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+
+      before do
+
+        scanner.add_issue(
+          cve:              'CVE-XXXX-YYYY',
+          references:       ['http://localhost'],
+          title:            'title',
+          discovery_method: 'discovery_method',
+          description:      'description',
+          severity:         'undefined',
+          solution:         'solution'
+        )
+      end
+
+      it "@issues.length == 1" do
+        expect(scanner.issues.length).to eq 1
+      end
+
+      it "@issues[0][:plugin] == 'test'" do
+        expect(scanner.issues[0][:plugin]).to eq 'test'
+      end
+
+      it "@issues[0][:cve] == 'CVE-XXXX-YYYY'" do
+        expect(scanner.issues[0][:cve][0]).to eq 'CVE-XXXX-YYYY'
+      end
+
+      it "@issues[0][:references].length == 1" do
+        expect(scanner.issues[0][:references].length).to eq 1
+      end
+
+      it "@issues[0][:title] == 'title'" do
+        expect(scanner.issues[0][:title]).to eq 'title'
+      end
+
+      it "@issues[0][:discovery_method] == 'discovery_method'" do
+        expect(scanner.issues[0][:discovery_method]).to eq 'discovery_method'
+      end
+
+      it "@issues[0][:description] == 'description'"  do
+        expect(scanner.issues[0][:description]).to eq 'description'
+      end
+
+      it "@issues[0][:severity] == 'undefined'"  do
+        expect(scanner.issues[0][:severity]).to eq 'undefined'
+      end
+
+      it "@issues[0][:solution] == 'solution'"  do
+        expect(scanner.issues[0][:solution]).to eq 'solution'
+      end
+
+      it "@issues[0][:hash] == 'e4634c7ab84ffe3a5ea189729f9b5a1763d527bf540d0512e87e5871045f7b4f'" do
+        expect(scanner.issues[0][:hash]).to eq 'e4634c7ab84ffe3a5ea189729f9b5a1763d527bf540d0512e87e5871045f7b4f'
+      end
+
+    end
+  end
+
+  describe 'build_title' do
+    context 'should build title without CVE IDs' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+
+      before do
+        scanner.instance_variable_set(:@opts, OpenStruct.new())
+      end
+
+      it "should build title without CVE IDs" do
+        expect(scanner.build_title(cve: []) ).to eq 'Vulnerability'
+      end
+    end
+
+    context 'should build title with CVE IDs' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+
+      before do
+        scanner.instance_variable_set(:@opts, OpenStruct.new())
+      end
+
+      it "should build title with CVE IDs" do
+        expect(scanner.build_title(cve: [4, 3, 2, 1]) ).to eq '1,2,3,4'
+      end
+    end
+  end
+
+  describe 'save_results' do
+    context 'should save results to file' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+      let(:report) { '/tmp/save_results.json' }
+
+      before do
+        File.delete(report) if File.exist?(report)
+
+        issue = {
+          cve:              ['CVE-XXXX-YYYY'],
+          references:       ['http://localhost'],
+          title:            'title',
+          discovery_method: 'discovery_method',
+          description:      'description',
+          severity:         'undefined',
+          solution:         'solution'
+        }
+
+        scanner.instance_variable_set(:@issues, [issue])
+        scanner.instance_variable_set(:@opts, OpenStruct.new(output: report))
+        scanner.save_results
+      end
+
+      it "should save results to file" do
+        expect(File.exist?(report)).to be true
+      end
+    end
+  end
+
+  describe 'txt_output' do
+    context 'should format issue for txt output' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+
+      before do
+        issue = {
+          hash:             'aaaaaaaaaaaaaaaaaaaaaa',
+          plugin:           'plugin',
+          path:             'lololol',
+          component:        'xxx',
+          version:          '123',
+          cve:              ['CVE-XXXX-YYYY'],
+          references:       ['http://localhost'],
+          title:            'title',
+          discovery_method: 'discovery_method',
+          description:      'description',
+          severity:         'undefined',
+          solution:         'solution'
+        }
+
+        scanner.instance_variable_set(:@issues, [issue])
+      end
+
+      it "should format issue for txt output" do
+        sep = "=" * 100
+        output = ''
+
+        output << "Hash:               aaaaaaaaaaaaaaaaaaaaaa\n"
+        output << "Plugin:             plugin\n"
+        output << "Path:               lololol\n"
+        output << "Component:          xxx\n"
+        output << "Version:            123\n"
+        output << "Discovery Method    discovery_method\n"
+        output << "Title:              title\n"
+        output << "Description:        description\n"
+        output << "Solution:           solution\n"
+        output << "Severity:           undefined\n"
+        output << "CVE:                CVE-XXXX-YYYY\n"
+        output << "References:\nhttp://localhost\n"
+        output << "#{sep}\n\n"
+
+        expect(scanner.txt_output ).to eq output
+      end
+    end
+  end
+
+  describe 'filename_for_plugin' do
+    context 'should format filename for plugin' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+
+      it "should format filename for plugin" do
+        expect(scanner.filename_for_plugin ).to match /test_.*\.json/
+      end
+    end
+  end
+
+  describe 'parse_json_from_str' do
+    context 'should parse json from string' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+
+      it "should parse json from string" do
+        expect(scanner.parse_json_from_str('{"abc": "123"}') ).to be_an Hash
+        expect(scanner.parse_json_from_str('{"abc": "123"}') ).to have_key("abc")
+        expect(scanner.parse_json_from_str('{"abc": "123"}')["abc"] ).to eq "123"
+      end
+
+      it "should return nil when json is invalid" do
+        expect(scanner.parse_json_from_str('xxxxx') ).to eq nil
+      end
+    end
+  end
+
+  describe 'parse_json_from_file' do
+    context 'should parse json from file' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+      let(:filename_valid) { '/tmp/json_input_valid_test.json' }
+      let(:filename_invalid) { '/tmp/json_input_invalid_test.json' }
+
+      before do
+        File.write(filename_valid, '{"abc": "123"}')
+        File.write(filename_invalid, 'xxxxx')
+      end
+
+      it "should parse json from file" do
+        expect(scanner.parse_json_from_file(filename_valid) ).to be_an Hash
+        expect(scanner.parse_json_from_file(filename_valid) ).to have_key("abc")
+        expect(scanner.parse_json_from_file(filename_valid)["abc"] ).to eq "123"
+      end
+
+      it "should return nil when json is invalid" do
+        expect(scanner.parse_json_from_file(filename_invalid) ).to eq nil
+      end
+    end
+  end
+
+  describe 'gen_random_tmp_filename' do
+    context 'should generate random filename' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+
+      it "should generate random filename" do
+        expect(scanner.gen_random_tmp_filename('.xxxyyy')).to match /\/tmp\/.*\.xxxyyy/
+      end
+    end
+  end
+
+  describe 'gen_random_tmp_filename_json' do
+    context 'should generate random json filename' do
+      let(:scanner) { ScaBox::Scanner.new(name: 'test', description: 'test', support: []) }
+
+      it "should generate random json filename" do
+        expect(scanner.gen_random_tmp_filename_json).to match /\/tmp\/.*\.json/
+      end
+    end
+  end
+
+end

data/spec/scabox_sdk_spec.rb

@@ -0,0 +1,8 @@
+require_relative 'spec_helper'
+require_relative '../lib/scabox_sdk'
+
+
+RSpec.describe 'Scabox_Sdk' do
+
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,108 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+require 'simplecov'
+SimpleCov.start
+
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.before(:each) do
+    allow($stdout).to receive(:puts)
+    allow($stdout).to receive(:write)
+  end
+
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  # This option will default to `:apply_to_host_groups` in RSpec 4 (and will
+  # have no way to turn it off -- the option exists only for backwards
+  # compatibility in RSpec 3). It causes shared context metadata to be
+  # inherited by the metadata hash of host groups and examples, rather than
+  # triggering implicit auto-inclusion in groups with matching metadata.
+  config.shared_context_metadata_behavior = :apply_to_host_groups
+
+# The settings below are suggested to provide a good initial experience
+# with RSpec, but feel free to customize to your heart's content.
+=begin
+  # This allows you to limit a spec run to individual examples or groups
+  # you care about by tagging them with `:focus` metadata. When nothing
+  # is tagged with `:focus`, all examples get run. RSpec also provides
+  # aliases for `it`, `describe`, and `context` that include `:focus`
+  # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
+  config.filter_run_when_matching :focus
+
+  # Allows RSpec to persist some state between runs in order to support
+  # the `--only-failures` and `--next-failure` CLI options. We recommend
+  # you configure your source control system to ignore this file.
+  config.example_status_persistence_file_path = "spec/examples.txt"
+
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  #   - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
+  #   - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
+  config.disable_monkey_patching!
+
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = "doc"
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+=end
+end

metadata

@@ -1,11 +1,11 @@
 --- !ruby/object:Gem::Specification
 name: scabox_sdk
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1.pre.rc.0
 platform: ruby
 authors:
 - rd
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
 date: 2020-09-16 00:00:00.000000000 Z
@@ -51,11 +51,18 @@ files:
 - lib/scabox_sdk/printer.rb
 - lib/scabox_sdk/runner.rb
 - lib/scabox_sdk/scanner.rb
+- spec/scabox_sdk/codebase_spec.rb
+- spec/scabox_sdk/container_spec.rb
+- spec/scabox_sdk/printer_spec.rb
+- spec/scabox_sdk/runner_spec.rb
+- spec/scabox_sdk/scanner_spec.rb
+- spec/scabox_sdk_spec.rb
+- spec/spec_helper.rb
 homepage: ''
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -66,12 +73,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.2.3
-signing_key:
+rubygems_version: 3.0.3
+signing_key: 
 specification_version: 4
 summary: SCABox SDK
 test_files: []