semgrep-changes 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.github/workflows/ci.yml +23 -0
- data/.gitignore +15 -0
- data/.rspec +3 -0
- data/.rubocop.yml +27 -0
- data/.semgrep.yml +6 -0
- data/CODE_OF_CONDUCT.md +74 -0
- data/Gemfile +4 -0
- data/Gemfile.lock +39 -0
- data/LICENSE +21 -0
- data/LICENSE.txt +21 -0
- data/README.md +53 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/exe/semgrep-changes +16 -0
- data/lib/semgrep/changes/check.rb +41 -0
- data/lib/semgrep/changes/checker.rb +108 -0
- data/lib/semgrep/changes/options.rb +80 -0
- data/lib/semgrep/changes/shell.rb +11 -0
- data/lib/semgrep/changes/version.rb +7 -0
- data/lib/semgrep/changes.rb +8 -0
- data/semgrep-changes.gemspec +45 -0
- metadata +143 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 0aa83eaad5bc8a14618a813f8170a85c424ec4a815302c32c35d74301360f7c3
|
4
|
+
data.tar.gz: 3d9049a86bca5cef1f24d7d6f0c613997fb80b13fcb1c0350c269a17637ca942
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: a2a5b7f7a90083cd15e26b0c54dfa64dd6aa9a0cfb892a4eb4f2fccbf65b489af60f517331202f410a6af77af34e3c446c6e2e13e0686e6636780e296e40dad8
|
7
|
+
data.tar.gz: 236536504073966d8de3dd0172dbe7469d9b4c739f0e33618b66aae4a9e71ba81f8071d0a22faf2b3ec72be752b97e22ae0a7eb9b2605d8219b816a19c7363f5
|
@@ -0,0 +1,23 @@
|
|
1
|
+
name: CI
|
2
|
+
|
3
|
+
on: [push, pull_request]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
test:
|
7
|
+
|
8
|
+
runs-on: ubuntu-latest
|
9
|
+
|
10
|
+
strategy:
|
11
|
+
fail-fast: false
|
12
|
+
matrix:
|
13
|
+
ruby: ["2.5", "2.6", "2.7", "3.0", "3.1", ruby-head]
|
14
|
+
|
15
|
+
steps:
|
16
|
+
- uses: actions/checkout@v2
|
17
|
+
- name: Set up Ruby
|
18
|
+
uses: ruby/setup-ruby@v1
|
19
|
+
with:
|
20
|
+
bundler-cache: true # 'bundle install' and cache gems
|
21
|
+
ruby-version: ${{ matrix.ruby }}
|
22
|
+
- name: Run tests
|
23
|
+
run: bundle exec rake
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.rubocop.yml
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
AllCops:
|
2
|
+
TargetRubyVersion: 2.5
|
3
|
+
NewCops: disable
|
4
|
+
|
5
|
+
Lint/RaiseException:
|
6
|
+
Enabled: false
|
7
|
+
|
8
|
+
Lint/StructNewOverride:
|
9
|
+
Enabled: false
|
10
|
+
|
11
|
+
Style/HashEachMethods:
|
12
|
+
Enabled: false
|
13
|
+
|
14
|
+
Style/HashTransformKeys:
|
15
|
+
Enabled: false
|
16
|
+
|
17
|
+
Style/HashTransformValues:
|
18
|
+
Enabled: false
|
19
|
+
|
20
|
+
Style/Documentation:
|
21
|
+
Enabled: false
|
22
|
+
|
23
|
+
Style/FrozenStringLiteralComment:
|
24
|
+
Enabled: false
|
25
|
+
|
26
|
+
Layout/LineLength:
|
27
|
+
Max: 120
|
data/.semgrep.yml
ADDED
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# Contributor Covenant Code of Conduct
|
2
|
+
|
3
|
+
## Our Pledge
|
4
|
+
|
5
|
+
In the interest of fostering an open and welcoming environment, we as
|
6
|
+
contributors and maintainers pledge to making participation in our project and
|
7
|
+
our community a harassment-free experience for everyone, regardless of age, body
|
8
|
+
size, disability, ethnicity, gender identity and expression, level of experience,
|
9
|
+
nationality, personal appearance, race, religion, or sexual identity and
|
10
|
+
orientation.
|
11
|
+
|
12
|
+
## Our Standards
|
13
|
+
|
14
|
+
Examples of behavior that contributes to creating a positive environment
|
15
|
+
include:
|
16
|
+
|
17
|
+
* Using welcoming and inclusive language
|
18
|
+
* Being respectful of differing viewpoints and experiences
|
19
|
+
* Gracefully accepting constructive criticism
|
20
|
+
* Focusing on what is best for the community
|
21
|
+
* Showing empathy towards other community members
|
22
|
+
|
23
|
+
Examples of unacceptable behavior by participants include:
|
24
|
+
|
25
|
+
* The use of sexualized language or imagery and unwelcome sexual attention or
|
26
|
+
advances
|
27
|
+
* Trolling, insulting/derogatory comments, and personal or political attacks
|
28
|
+
* Public or private harassment
|
29
|
+
* Publishing others' private information, such as a physical or electronic
|
30
|
+
address, without explicit permission
|
31
|
+
* Other conduct which could reasonably be considered inappropriate in a
|
32
|
+
professional setting
|
33
|
+
|
34
|
+
## Our Responsibilities
|
35
|
+
|
36
|
+
Project maintainers are responsible for clarifying the standards of acceptable
|
37
|
+
behavior and are expected to take appropriate and fair corrective action in
|
38
|
+
response to any instances of unacceptable behavior.
|
39
|
+
|
40
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
41
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
42
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
43
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
44
|
+
threatening, offensive, or harmful.
|
45
|
+
|
46
|
+
## Scope
|
47
|
+
|
48
|
+
This Code of Conduct applies both within project spaces and in public spaces
|
49
|
+
when an individual is representing the project or its community. Examples of
|
50
|
+
representing a project or community include using an official project e-mail
|
51
|
+
address, posting via an official social media account, or acting as an appointed
|
52
|
+
representative at an online or offline event. Representation of a project may be
|
53
|
+
further defined and clarified by project maintainers.
|
54
|
+
|
55
|
+
## Enforcement
|
56
|
+
|
57
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
58
|
+
reported by contacting the project team at fcsonline@gmail.com. All
|
59
|
+
complaints will be reviewed and investigated and will result in a response that
|
60
|
+
is deemed necessary and appropriate to the circumstances. The project team is
|
61
|
+
obligated to maintain confidentiality with regard to the reporter of an incident.
|
62
|
+
Further details of specific enforcement policies may be posted separately.
|
63
|
+
|
64
|
+
Project maintainers who do not follow or enforce the Code of Conduct in good
|
65
|
+
faith may face temporary or permanent repercussions as determined by other
|
66
|
+
members of the project's leadership.
|
67
|
+
|
68
|
+
## Attribution
|
69
|
+
|
70
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
|
71
|
+
available at [http://contributor-covenant.org/version/1/4][version]
|
72
|
+
|
73
|
+
[homepage]: http://contributor-covenant.org
|
74
|
+
[version]: http://contributor-covenant.org/version/1/4/
|
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
semgrep-changes (0.1.0)
|
5
|
+
git_diff_parser (~> 3.2)
|
6
|
+
|
7
|
+
GEM
|
8
|
+
remote: https://rubygems.org/
|
9
|
+
specs:
|
10
|
+
byebug (10.0.2)
|
11
|
+
diff-lcs (1.3)
|
12
|
+
git_diff_parser (3.2.0)
|
13
|
+
rake (13.0.3)
|
14
|
+
rspec (3.9.0)
|
15
|
+
rspec-core (~> 3.9.0)
|
16
|
+
rspec-expectations (~> 3.9.0)
|
17
|
+
rspec-mocks (~> 3.9.0)
|
18
|
+
rspec-core (3.9.0)
|
19
|
+
rspec-support (~> 3.9.0)
|
20
|
+
rspec-expectations (3.9.0)
|
21
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
22
|
+
rspec-support (~> 3.9.0)
|
23
|
+
rspec-mocks (3.9.0)
|
24
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
25
|
+
rspec-support (~> 3.9.0)
|
26
|
+
rspec-support (3.9.0)
|
27
|
+
|
28
|
+
PLATFORMS
|
29
|
+
ruby
|
30
|
+
|
31
|
+
DEPENDENCIES
|
32
|
+
bundler (~> 2.0)
|
33
|
+
byebug (~> 10.0)
|
34
|
+
rake (~> 13.0)
|
35
|
+
rspec (~> 3.0)
|
36
|
+
semgrep-changes!
|
37
|
+
|
38
|
+
BUNDLED WITH
|
39
|
+
2.3.12
|
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2022 Ferran Basora
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2019 Ferran Basora
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
# Semgrep::Changes
|
2
|
+
|
3
|
+
[![Gem Version](https://img.shields.io/gem/v/semgrep-changes)](https://rubygems.org/gems/semgrep-changes)
|
4
|
+
[![Build Status](https://github.com/fcsonline/semgrep-changes/actions/workflows/ci.yml/badge.svg)](https://github.com/fcsonline/semgrep-changes/actions/workflows/ci.yml)
|
5
|
+
|
6
|
+
`semgrep-changes` shows only the offenses you introduced since the fork point
|
7
|
+
of your git branch. Will not complain about existing offenses in your main
|
8
|
+
branch.
|
9
|
+
|
10
|
+
This is useful for CI checks for your pull requests but it could be useful too
|
11
|
+
for you daily work, to know new offenses created by you.
|
12
|
+
|
13
|
+
Internally `semgrep-changes` reads the `json` output from `semgrep` and a `git
|
14
|
+
diff` and does the intersection of line numbers to know the new offenses you
|
15
|
+
are introducing to you main branch.
|
16
|
+
|
17
|
+
## Installation
|
18
|
+
|
19
|
+
Add this line to your application's Gemfile:
|
20
|
+
|
21
|
+
```ruby
|
22
|
+
gem 'semgrep-changes'
|
23
|
+
```
|
24
|
+
|
25
|
+
And then execute:
|
26
|
+
|
27
|
+
$ bundle
|
28
|
+
|
29
|
+
Or install it yourself as:
|
30
|
+
|
31
|
+
$ gem install semgrep-changes
|
32
|
+
|
33
|
+
## Usage
|
34
|
+
|
35
|
+
$ bundle exec semgrep-changes
|
36
|
+
|
37
|
+
## Development
|
38
|
+
|
39
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
40
|
+
|
41
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
42
|
+
|
43
|
+
## Contributing
|
44
|
+
|
45
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/fcsonline/semgrep-changes. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
46
|
+
|
47
|
+
## License
|
48
|
+
|
49
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
50
|
+
|
51
|
+
## Code of Conduct
|
52
|
+
|
53
|
+
Everyone interacting in the Semgrep::Changes project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/fcsonline/semgrep-changes/blob/master/CODE_OF_CONDUCT.md).
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'bundler/setup'
|
4
|
+
require 'semgrep/changes'
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require 'irb'
|
14
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
data/exe/semgrep-changes
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'semgrep/changes/checker'
|
5
|
+
require 'semgrep/changes/options'
|
6
|
+
|
7
|
+
args = Semgrep::Changes::Options.new.parse!
|
8
|
+
|
9
|
+
offenses = Semgrep::Changes::Checker.new(
|
10
|
+
report: args.report,
|
11
|
+
quiet: args.quiet,
|
12
|
+
commit: args.commit,
|
13
|
+
base_branch: args.base_branch
|
14
|
+
).run
|
15
|
+
|
16
|
+
exit offenses.positive? ? 1 : 0
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Semgrep
|
4
|
+
module Changes
|
5
|
+
class Check
|
6
|
+
def initialize(path, analysis, patch)
|
7
|
+
@path = path
|
8
|
+
@analysis = analysis
|
9
|
+
@patch = patch
|
10
|
+
end
|
11
|
+
|
12
|
+
def offenses
|
13
|
+
analysis.select do |offense|
|
14
|
+
line_numbers.include?(line(offense))
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
attr_reader :path, :analysis, :patch
|
19
|
+
|
20
|
+
private
|
21
|
+
|
22
|
+
def line_numbers
|
23
|
+
lines_from_diff & lines_from_semgrep
|
24
|
+
end
|
25
|
+
|
26
|
+
def lines_from_diff
|
27
|
+
patch.changed_line_numbers
|
28
|
+
end
|
29
|
+
|
30
|
+
def lines_from_semgrep
|
31
|
+
analysis
|
32
|
+
.map(&method(:line)) # Change me
|
33
|
+
.uniq
|
34
|
+
end
|
35
|
+
|
36
|
+
def line(offense)
|
37
|
+
offense.start.line
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,108 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'git_diff_parser'
|
4
|
+
require 'json'
|
5
|
+
|
6
|
+
require 'semgrep/changes/check'
|
7
|
+
require 'semgrep/changes/shell'
|
8
|
+
|
9
|
+
module Semgrep
|
10
|
+
module Changes
|
11
|
+
class UnknownForkPointError < StandardError; end
|
12
|
+
|
13
|
+
class Checker
|
14
|
+
def initialize(report:, quiet:, commit:, base_branch:)
|
15
|
+
@report = report
|
16
|
+
@quiet = quiet
|
17
|
+
@commit = commit
|
18
|
+
@base_branch = base_branch
|
19
|
+
end
|
20
|
+
|
21
|
+
def run
|
22
|
+
raise UnknownForkPointError if fork_point.empty?
|
23
|
+
|
24
|
+
print_offenses! unless quiet
|
25
|
+
|
26
|
+
total_offenses
|
27
|
+
end
|
28
|
+
|
29
|
+
private
|
30
|
+
|
31
|
+
attr_reader :report, :format, :quiet, :commit
|
32
|
+
|
33
|
+
def fork_point
|
34
|
+
@fork_point ||= Shell.run(command)
|
35
|
+
end
|
36
|
+
|
37
|
+
def command
|
38
|
+
return "git merge-base HEAD origin/#{@base_branch}" unless commit
|
39
|
+
|
40
|
+
"git log -n 1 --pretty=format:\"%h\" #{commit}"
|
41
|
+
end
|
42
|
+
|
43
|
+
def diff
|
44
|
+
Shell.run("git diff #{fork_point}")
|
45
|
+
end
|
46
|
+
|
47
|
+
def patches
|
48
|
+
@patches ||= GitDiffParser.parse(diff)
|
49
|
+
end
|
50
|
+
|
51
|
+
def changed_files
|
52
|
+
patches.map(&:file)
|
53
|
+
end
|
54
|
+
|
55
|
+
def semgrep_json
|
56
|
+
@semgrep_json ||= JSON.parse(File.read(report), object_class: OpenStruct)
|
57
|
+
end
|
58
|
+
|
59
|
+
def checks
|
60
|
+
@checks ||= changed_files.map do |file|
|
61
|
+
analysis = semgrep_json.results.select { |item| item.path == file }
|
62
|
+
patch = patches.find { |item| item.file == file }
|
63
|
+
|
64
|
+
next unless analysis
|
65
|
+
|
66
|
+
Check.new(file, analysis, patch)
|
67
|
+
end.compact
|
68
|
+
end
|
69
|
+
|
70
|
+
def total_offenses
|
71
|
+
checks.map { |check| check.offenses.size }.inject(0, :+)
|
72
|
+
end
|
73
|
+
|
74
|
+
def print_offenses!
|
75
|
+
msg "Findings:"
|
76
|
+
msg ""
|
77
|
+
|
78
|
+
checks.each do |check|
|
79
|
+
print_offenses_for_check(check)
|
80
|
+
end
|
81
|
+
|
82
|
+
msg "Some files were skipped."
|
83
|
+
msg " Scan was limited to files tracked by git."
|
84
|
+
msg ""
|
85
|
+
msg "Ran 1 rule on 11 files: #{total_offenses} finding."
|
86
|
+
end
|
87
|
+
|
88
|
+
def print_offenses_for_check(check)
|
89
|
+
return unless check.offenses.length > 0
|
90
|
+
|
91
|
+
msg " #{check.path}"
|
92
|
+
check.offenses.map do |offense|
|
93
|
+
msg " #{offense.check_id}"
|
94
|
+
msg " #{offense.extra.message}"
|
95
|
+
msg ""
|
96
|
+
msg " #{offense.start.line}┆ #{offense.extra.lines&.strip}"
|
97
|
+
msg ""
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
def msg(message)
|
102
|
+
return if ENV['RACK_ENV'] == 'test'
|
103
|
+
|
104
|
+
puts message
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'optparse'
|
4
|
+
|
5
|
+
module Semgrep
|
6
|
+
module Changes
|
7
|
+
class Options
|
8
|
+
Options = Struct.new(:report, :quiet, :commit, :base_branch)
|
9
|
+
|
10
|
+
def initialize
|
11
|
+
@args = Options.new(nil, false, nil, 'main') # Defaults
|
12
|
+
end
|
13
|
+
|
14
|
+
def parse!
|
15
|
+
OptionParser.new do |opts|
|
16
|
+
opts.banner = 'Usage: semgrep-changes [options]'
|
17
|
+
|
18
|
+
parse_report!(opts)
|
19
|
+
parse_commit!(opts)
|
20
|
+
parse_quiet!(opts)
|
21
|
+
parse_help!(opts)
|
22
|
+
parse_version!(opts)
|
23
|
+
parse_base_branch!(opts)
|
24
|
+
end.parse!
|
25
|
+
|
26
|
+
args
|
27
|
+
end
|
28
|
+
|
29
|
+
private
|
30
|
+
|
31
|
+
attr_reader :args
|
32
|
+
|
33
|
+
def parse_report!(opts)
|
34
|
+
opts.on(
|
35
|
+
'-r',
|
36
|
+
'--report [REPORT]',
|
37
|
+
"Specify the semgrep report in json format"
|
38
|
+
) do |r|
|
39
|
+
args.report = r
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def parse_commit!(opts)
|
44
|
+
opts.on(
|
45
|
+
'-c',
|
46
|
+
'--commit [COMMIT_ID]',
|
47
|
+
'Compare from some specific point on git history'
|
48
|
+
) do |c|
|
49
|
+
args.commit = c
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def parse_quiet!(opts)
|
54
|
+
opts.on('-q', '--quiet', 'Be quiet') do |v|
|
55
|
+
args.quiet = v
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
def parse_base_branch!(opts)
|
60
|
+
opts.on('-b', '--base_branch [BRANCH]', 'Base branch to compare') do |v|
|
61
|
+
args.base_branch = v
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def parse_help!(opts)
|
66
|
+
opts.on('-h', '--help', 'Prints this help') do
|
67
|
+
puts opts
|
68
|
+
exit
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
def parse_version!(opts)
|
73
|
+
opts.on('--version', 'Display version') do
|
74
|
+
puts Semgrep::Changes::VERSION
|
75
|
+
exit 0
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
lib = File.expand_path('lib', __dir__)
|
2
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
+
require 'semgrep/changes/version'
|
4
|
+
|
5
|
+
Gem::Specification.new do |spec|
|
6
|
+
spec.name = 'semgrep-changes'
|
7
|
+
spec.version = Semgrep::Changes::VERSION
|
8
|
+
spec.platform = Gem::Platform::RUBY
|
9
|
+
spec.required_ruby_version = '>= 2.5.0'
|
10
|
+
spec.authors = ['Ferran Basora']
|
11
|
+
spec.email = ['fcsonline@gmail.com']
|
12
|
+
|
13
|
+
spec.summary = 'Semgrep on changed lines from git fork point'
|
14
|
+
spec.description = <<-DESCRIPTION
|
15
|
+
semgrep-changes will run semgrep on changed lines from forked point in your main branch.
|
16
|
+
It will not complain about existing offenses in master branch on your git prioject.
|
17
|
+
This gem is perfect as a Continuous Integration tool
|
18
|
+
DESCRIPTION
|
19
|
+
|
20
|
+
spec.homepage = 'https://rubygems.org/gems/semgrep-changes'
|
21
|
+
spec.license = 'MIT'
|
22
|
+
|
23
|
+
spec.metadata = {
|
24
|
+
'source_code_uri' => 'https://github.com/fcsonline/semgrep-changes',
|
25
|
+
'bug_tracker_uri' => 'https://github.com/fcsonline/semgrep-changes/issues'
|
26
|
+
}
|
27
|
+
|
28
|
+
# Specify which files should be added to the gem when it is released.
|
29
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added
|
30
|
+
# into git.
|
31
|
+
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
32
|
+
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
33
|
+
end
|
34
|
+
spec.bindir = 'exe'
|
35
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
36
|
+
spec.extra_rdoc_files = ['LICENSE.txt', 'README.md']
|
37
|
+
spec.require_paths = ['lib']
|
38
|
+
|
39
|
+
spec.add_runtime_dependency 'git_diff_parser', '~> 3.2'
|
40
|
+
|
41
|
+
spec.add_development_dependency 'bundler', '~> 2.0'
|
42
|
+
spec.add_development_dependency 'byebug', '~> 10.0'
|
43
|
+
spec.add_development_dependency 'rake', '~> 13.0'
|
44
|
+
spec.add_development_dependency 'rspec', '~> 3.0'
|
45
|
+
end
|
metadata
ADDED
@@ -0,0 +1,143 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: semgrep-changes
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Ferran Basora
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2022-05-02 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: git_diff_parser
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '3.2'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '3.2'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '2.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '2.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: byebug
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '10.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '10.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '13.0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '13.0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rspec
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '3.0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '3.0'
|
83
|
+
description: |2
|
84
|
+
semgrep-changes will run semgrep on changed lines from forked point in your main branch.
|
85
|
+
It will not complain about existing offenses in master branch on your git prioject.
|
86
|
+
This gem is perfect as a Continuous Integration tool
|
87
|
+
email:
|
88
|
+
- fcsonline@gmail.com
|
89
|
+
executables:
|
90
|
+
- semgrep-changes
|
91
|
+
extensions: []
|
92
|
+
extra_rdoc_files:
|
93
|
+
- LICENSE.txt
|
94
|
+
- README.md
|
95
|
+
files:
|
96
|
+
- ".github/workflows/ci.yml"
|
97
|
+
- ".gitignore"
|
98
|
+
- ".rspec"
|
99
|
+
- ".rubocop.yml"
|
100
|
+
- ".semgrep.yml"
|
101
|
+
- CODE_OF_CONDUCT.md
|
102
|
+
- Gemfile
|
103
|
+
- Gemfile.lock
|
104
|
+
- LICENSE
|
105
|
+
- LICENSE.txt
|
106
|
+
- README.md
|
107
|
+
- Rakefile
|
108
|
+
- bin/console
|
109
|
+
- bin/setup
|
110
|
+
- exe/semgrep-changes
|
111
|
+
- lib/semgrep/changes.rb
|
112
|
+
- lib/semgrep/changes/check.rb
|
113
|
+
- lib/semgrep/changes/checker.rb
|
114
|
+
- lib/semgrep/changes/options.rb
|
115
|
+
- lib/semgrep/changes/shell.rb
|
116
|
+
- lib/semgrep/changes/version.rb
|
117
|
+
- semgrep-changes.gemspec
|
118
|
+
homepage: https://rubygems.org/gems/semgrep-changes
|
119
|
+
licenses:
|
120
|
+
- MIT
|
121
|
+
metadata:
|
122
|
+
source_code_uri: https://github.com/fcsonline/semgrep-changes
|
123
|
+
bug_tracker_uri: https://github.com/fcsonline/semgrep-changes/issues
|
124
|
+
post_install_message:
|
125
|
+
rdoc_options: []
|
126
|
+
require_paths:
|
127
|
+
- lib
|
128
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
129
|
+
requirements:
|
130
|
+
- - ">="
|
131
|
+
- !ruby/object:Gem::Version
|
132
|
+
version: 2.5.0
|
133
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
134
|
+
requirements:
|
135
|
+
- - ">="
|
136
|
+
- !ruby/object:Gem::Version
|
137
|
+
version: '0'
|
138
|
+
requirements: []
|
139
|
+
rubygems_version: 3.1.2
|
140
|
+
signing_key:
|
141
|
+
specification_version: 4
|
142
|
+
summary: Semgrep on changed lines from git fork point
|
143
|
+
test_files: []
|