shield_ast 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/shield_ast/sca.rb +5 -23
  3. data/lib/shield_ast/version.rb +1 -1
  4. data/lib/shield_ast.rb +25 -4
  5. metadata +1 -7
  6. data/.idea/.gitignore +0 -8
  7. data/.idea/dictionaries/project.xml +0 -7
  8. data/.idea/misc.xml +0 -4
  9. data/.idea/modules.xml +0 -8
  10. data/.idea/shield_ast.iml +0 -48
  11. data/.idea/vcs.xml +0 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: baa8585d940103a2ffa3e2b7ccd47166dd75d3caebd58b16031d814c1f9a9af1
4
- data.tar.gz: 794fb75bf613ea453cc5628cddb7d37d43751f43d215619053958bec757069bf
3
+ metadata.gz: a77305dda091e360bba15b732a2be430928247be5cbe55429b65c1ce36f3d9e1
4
+ data.tar.gz: 37464197fbb6178695cabf80c41999f4e37945896aa2bc09d2dd304526b0b792
5
5
  SHA512:
6
- metadata.gz: b9ca658a73fc85de6ef32f09a4525e8945e558ea52a00362b714ce26dc22162f81ecabd5684bf6e9aea92a51b70f6a0b1bcbad035d977d0eb467940a7339f7b8
7
- data.tar.gz: fa30e723c35d87b199e79d7fad982dcb47ac868b04133e85216d6eb3023e902f9a6c2648cef2653118b58ff7b94ff84c55b05692030907a90b92ca58c1e1ae98
6
+ metadata.gz: 599e294ddccdfc257639fdba95b49f302e51b7856fb932c39aa70c06fa632ec6949881079eca7d4e76ceeaa6b76ffd4926991303caf7abe7fdfa7eee496b3382
7
+ data.tar.gz: 4d877292385699d548a2776e21d65dd762b19d59eaa7c8934340345c42d7e3e3d9a7c185f6dff8049f3d3950537f08c344c5b4f73410ce2337dbc5b442b5fd8e
data/lib/shield_ast/sca.rb CHANGED
@@ -25,25 +25,15 @@ module ShieldAst
25
25
  puts "Exit code: #{exit_code}" if ENV["DEBUG"]
26
26
  puts "Output: #{output}" if ENV["DEBUG"]
27
27
 
28
- # OSV Scanner exit codes:
29
- # 0: No vulnerabilities found
30
- # 1: Vulnerabilities found
31
- # 1-126: Vulnerability result related errors
32
- # 127: General error
33
- # 128: No packages found
34
- # 129-255: Non result related errors
35
-
36
28
  case exit_code
37
29
  when 0
38
- { "results" => [] } # No vulnerabilities
30
+ { "results" => [] }
39
31
  when 1
40
- { "results" => parse_json_output(output) } # Vulnerabilities found
32
+ { "results" => parse_json_output(output) }
41
33
  when 1..126
42
- # Vulnerability related errors, but try to parse results anyway
43
34
  puts "OSV Scanner vulnerability error (exit code: #{exit_code})" if ENV["DEBUG"]
44
35
  { "results" => parse_json_output(output) }
45
36
  when 127
46
- # General error, but if we have JSON output, use it
47
37
  if output.include?('{"results"')
48
38
  puts "OSV Scanner completed with general error but has results" if ENV["DEBUG"]
49
39
  { "results" => parse_json_output(output) }
@@ -111,7 +101,6 @@ module ShieldAst
111
101
  severity = determine_severity(vuln, package_data)
112
102
  file_path = determine_file_path(ecosystem)
113
103
 
114
- # Extract fixed version info
115
104
  fixed_version = extract_fixed_version(vuln)
116
105
 
117
106
  {
@@ -142,7 +131,6 @@ module ShieldAst
142
131
  end
143
132
 
144
133
  def self.extract_fixed_version(vuln)
145
- # Try to find fixed version in affected ranges
146
134
  if vuln["affected"] && vuln["affected"].is_a?(Array)
147
135
  vuln["affected"].each do |affected|
148
136
  if affected["ranges"] && affected["ranges"].is_a?(Array)
@@ -155,14 +143,12 @@ module ShieldAst
155
143
  end
156
144
  end
157
145
 
158
- # Also check database_specific for fixed version
159
146
  if affected["database_specific"] && affected["database_specific"]["last_affected"]
160
- return ">" + affected["database_specific"]["last_affected"]
147
+ return "> #{affected["database_specific"]["last_affected"]}"
161
148
  end
162
149
  end
163
150
  end
164
151
 
165
- # Fallback: check database_specific at root level
166
152
  if vuln["database_specific"]
167
153
  return vuln["database_specific"]["fixed_version"] if vuln["database_specific"]["fixed_version"]
168
154
  end
@@ -171,17 +157,13 @@ module ShieldAst
171
157
  end
172
158
 
173
159
  def self.determine_severity(vuln, package_data)
174
- # Check database_specific severity first
175
- if vuln.dig("database_specific", "severity")
176
- return map_severity(vuln["database_specific"]["severity"])
177
- end
160
+ return map_severity(vuln["database_specific"]["severity"]) if vuln.dig("database_specific", "severity")
178
161
 
179
- # Check groups max_severity
180
162
  groups = package_data&.dig("groups") || []
181
163
  max_severity = groups.first&.dig("max_severity")
182
164
  return cvss_to_severity(max_severity.to_f) if max_severity
183
165
 
184
- "WARNING" # Default
166
+ "WARNING" # Default severity
185
167
  end
186
168
 
187
169
  def self.determine_file_path(ecosystem)
data/lib/shield_ast/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ShieldAst
4
- VERSION = "1.0.0"
4
+ VERSION = "1.1.0"
5
5
  end
data/lib/shield_ast.rb CHANGED
@@ -66,10 +66,19 @@ module ShieldAst
66
66
 
67
67
  next if results.empty?
68
68
 
69
- puts "\n#{get_scan_icon(type)} #{type.to_s.upcase} (#{results.length} #{results.length == 1 ? "issue" : "issues"})"
69
+ # Order by severity showing top 5 only
70
+ sorted_results = sort_by_severity(results)
71
+ top_results = sorted_results.first(5)
72
+ remaining_count = results.length - top_results.length
73
+
74
+ puts "\n#{get_scan_icon(type)} #{type.to_s.upcase} (#{results.length} #{results.length == 1 ? "issue" : "issues"}#{remaining_count.positive? ? ", showing top 5" : ""})"
70
75
  puts "-" * 60
71
76
 
72
- format_report(results, type)
77
+ format_report(top_results, type)
78
+
79
+ if remaining_count.positive?
80
+ puts " ... and #{remaining_count} more #{remaining_count == 1 ? "issue" : "issues"} (run with --verbose to see all)"
81
+ end
73
82
  end
74
83
 
75
84
  puts "\n✅ Scan finished in: #{format_duration(execution_time)}"
@@ -82,6 +91,16 @@ module ShieldAst
82
91
  end
83
92
  end
84
93
 
94
+ # Order by severity (ERROR > WARNING > INFO)
95
+ private_class_method def self.sort_by_severity(results)
96
+ severity_order = { "ERROR" => 0, "WARNING" => 1, "INFO" => 2 }
97
+
98
+ results.sort_by do |result|
99
+ severity = result["severity"] || result.dig("extra", "severity") || "INFO"
100
+ severity_order[severity.upcase] || 3
101
+ end
102
+ end
103
+
85
104
  private_class_method def self.format_report(results, scan_type)
86
105
  results.each_with_index do |result, index|
87
106
  if scan_type == :sca && has_sca_format?(result)
@@ -113,7 +132,8 @@ module ShieldAst
113
132
  end
114
133
 
115
134
  private_class_method def self.extract_short_description(result)
116
- description = result["extra"]["message"].gsub("\n", " ").strip
135
+ message = result["extra"]["message"] || "No description available"
136
+ description = message.gsub("\n", " ").strip
117
137
  if description.length > 80
118
138
  "#{description[0..80]}..."
119
139
  else
@@ -170,7 +190,8 @@ module ShieldAst
170
190
 
171
191
  private_class_method def self.format_default_result(result)
172
192
  severity_icon = get_severity_icon(result["extra"]["severity"])
173
- title = result["extra"]["message"].split(".")[0].strip
193
+ message = result["extra"]["message"] || "Unknown issue"
194
+ title = message.split(".")[0].strip
174
195
  file_info = "#{File.basename(result["path"])}:#{result["start"]["line"]}"
175
196
 
176
197
  puts " #{severity_icon} #{title}"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shield_ast
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jose Augusto
@@ -20,12 +20,6 @@ executables:
20
20
  extensions: []
21
21
  extra_rdoc_files: []
22
22
  files:
23
- - ".idea/.gitignore"
24
- - ".idea/dictionaries/project.xml"
25
- - ".idea/misc.xml"
26
- - ".idea/modules.xml"
27
- - ".idea/shield_ast.iml"
28
- - ".idea/vcs.xml"
29
23
  - CHANGELOG.md
30
24
  - CODE_OF_CONDUCT.md
31
25
  - LICENSE.txt
data/.idea/.gitignore DELETED
@@ -1,8 +0,0 @@
1
- # Default ignored files
2
- /shelf/
3
- /workspace.xml
4
- # Editor-based HTTP Client requests
5
- /httpRequests/
6
- # Datasource local storage ignored files
7
- /dataSources/
8
- /dataSources.local.xml
data/.idea/dictionaries/project.xml DELETED
@@ -1,7 +0,0 @@
1
- <component name="ProjectDictionaryState">
2
- <dictionary name="project">
3
- <words>
4
- <w>sast</w>
5
- </words>
6
- </dictionary>
7
- </component>
data/.idea/misc.xml DELETED
@@ -1,4 +0,0 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
2
- <project version="4">
3
- <component name="ProjectRootManager" version="2" project-jdk-name="rbenv: 3.4.5" project-jdk-type="RUBY_SDK" />
4
- </project>
data/.idea/modules.xml DELETED
@@ -1,8 +0,0 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
2
- <project version="4">
3
- <component name="ProjectModuleManager">
4
- <modules>
5
- <module fileurl="file://$PROJECT_DIR$/.idea/shield_ast.iml" filepath="$PROJECT_DIR$/.idea/shield_ast.iml" />
6
- </modules>
7
- </component>
8
- </project>
data/.idea/shield_ast.iml DELETED
@@ -1,48 +0,0 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
2
- <module type="RUBY_MODULE" version="4">
3
- <component name="ModuleRunConfigurationManager">
4
- <shared />
5
- </component>
6
- <component name="NewModuleRootManager">
7
- <content url="file://$MODULE_DIR$">
8
- <sourceFolder url="file://$MODULE_DIR$/features" isTestSource="true" />
9
- <sourceFolder url="file://$MODULE_DIR$/spec" isTestSource="true" />
10
- <sourceFolder url="file://$MODULE_DIR$/test" isTestSource="true" />
11
- </content>
12
- <orderEntry type="inheritedJdk" />
13
- <orderEntry type="sourceFolder" forTests="false" />
14
- <orderEntry type="library" scope="PROVIDED" name="ast (v2.4.3, rbenv: 3.4.5) [gem]" level="application" />
15
- <orderEntry type="library" scope="PROVIDED" name="bundler (v2.7.1, rbenv: 3.4.5) [gem]" level="application" />
16
- <orderEntry type="library" scope="PROVIDED" name="date (v3.4.1, rbenv: 3.4.5) [gem]" level="application" />
17
- <orderEntry type="library" scope="PROVIDED" name="diff-lcs (v1.6.2, rbenv: 3.4.5) [gem]" level="application" />
18
- <orderEntry type="library" scope="PROVIDED" name="erb (v5.0.2, rbenv: 3.4.5) [gem]" level="application" />
19
- <orderEntry type="library" scope="PROVIDED" name="io-console (v0.8.1, rbenv: 3.4.5) [gem]" level="application" />
20
- <orderEntry type="library" scope="PROVIDED" name="irb (v1.15.2, rbenv: 3.4.5) [gem]" level="application" />
21
- <orderEntry type="library" scope="PROVIDED" name="json (v2.13.2, rbenv: 3.4.5) [gem]" level="application" />
22
- <orderEntry type="library" scope="PROVIDED" name="language_server-protocol (v3.17.0.5, rbenv: 3.4.5) [gem]" level="application" />
23
- <orderEntry type="library" scope="PROVIDED" name="lint_roller (v1.1.0, rbenv: 3.4.5) [gem]" level="application" />
24
- <orderEntry type="library" scope="PROVIDED" name="parallel (v1.27.0, rbenv: 3.4.5) [gem]" level="application" />
25
- <orderEntry type="library" scope="PROVIDED" name="parser (v3.3.9.0, rbenv: 3.4.5) [gem]" level="application" />
26
- <orderEntry type="library" scope="PROVIDED" name="pp (v0.6.2, rbenv: 3.4.5) [gem]" level="application" />
27
- <orderEntry type="library" scope="PROVIDED" name="prettyprint (v0.2.0, rbenv: 3.4.5) [gem]" level="application" />
28
- <orderEntry type="library" scope="PROVIDED" name="prism (v1.4.0, rbenv: 3.4.5) [gem]" level="application" />
29
- <orderEntry type="library" scope="PROVIDED" name="psych (v5.2.6, rbenv: 3.4.5) [gem]" level="application" />
30
- <orderEntry type="library" scope="PROVIDED" name="racc (v1.8.1, rbenv: 3.4.5) [gem]" level="application" />
31
- <orderEntry type="library" scope="PROVIDED" name="rainbow (v3.1.1, rbenv: 3.4.5) [gem]" level="application" />
32
- <orderEntry type="library" scope="PROVIDED" name="rake (v13.3.0, rbenv: 3.4.5) [gem]" level="application" />
33
- <orderEntry type="library" scope="PROVIDED" name="rdoc (v6.14.2, rbenv: 3.4.5) [gem]" level="application" />
34
- <orderEntry type="library" scope="PROVIDED" name="regexp_parser (v2.11.0, rbenv: 3.4.5) [gem]" level="application" />
35
- <orderEntry type="library" scope="PROVIDED" name="reline (v0.6.2, rbenv: 3.4.5) [gem]" level="application" />
36
- <orderEntry type="library" scope="PROVIDED" name="rspec (v3.13.1, rbenv: 3.4.5) [gem]" level="application" />
37
- <orderEntry type="library" scope="PROVIDED" name="rspec-core (v3.13.5, rbenv: 3.4.5) [gem]" level="application" />
38
- <orderEntry type="library" scope="PROVIDED" name="rspec-expectations (v3.13.5, rbenv: 3.4.5) [gem]" level="application" />
39
- <orderEntry type="library" scope="PROVIDED" name="rspec-mocks (v3.13.5, rbenv: 3.4.5) [gem]" level="application" />
40
- <orderEntry type="library" scope="PROVIDED" name="rspec-support (v3.13.4, rbenv: 3.4.5) [gem]" level="application" />
41
- <orderEntry type="library" scope="PROVIDED" name="rubocop (v1.79.1, rbenv: 3.4.5) [gem]" level="application" />
42
- <orderEntry type="library" scope="PROVIDED" name="rubocop-ast (v1.46.0, rbenv: 3.4.5) [gem]" level="application" />
43
- <orderEntry type="library" scope="PROVIDED" name="ruby-progressbar (v1.13.0, rbenv: 3.4.5) [gem]" level="application" />
44
- <orderEntry type="library" scope="PROVIDED" name="stringio (v3.1.7, rbenv: 3.4.5) [gem]" level="application" />
45
- <orderEntry type="library" scope="PROVIDED" name="unicode-display_width (v3.1.4, rbenv: 3.4.5) [gem]" level="application" />
46
- <orderEntry type="library" scope="PROVIDED" name="unicode-emoji (v4.0.4, rbenv: 3.4.5) [gem]" level="application" />
47
- </component>
48
- </module>
data/.idea/vcs.xml DELETED
@@ -1,6 +0,0 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
2
- <project version="4">
3
- <component name="VcsDirectoryMappings">
4
- <mapping directory="" vcs="Git" />
5
- </component>
6
- </project>