shield_ast 1.3.0 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/shield_ast/sast.rb +21 -7
  3. data/lib/shield_ast/sca.rb +5 -6
  4. data/lib/shield_ast/version.rb +1 -1
  5. data/lib/shield_ast.rb +9 -7
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e1d0d992a06ba8323c653c415034bf1a8675927313eed774e0df9604d68ac0d4
4
- data.tar.gz: dde5863c280c005ff476e9155dd079ef61718ada91d858fdce39139d9d921c67
3
+ metadata.gz: e6870b036c8e6c03944486d5adca05dc81bb77095bcc6aab783700595d690cde
4
+ data.tar.gz: a2e2aa9d83892699d7d32febd1cbd07355765cac9fb5c0b8cb09740a9d66e7f8
5
5
  SHA512:
6
- metadata.gz: 504a5fd50aa71a6785546e6a5a437f5b6d4dcb864f1006344f656d93135ca63dddd30de2105362a5382afd0fe19a87b5830ee5fd3344a302a14509f494319f20
7
- data.tar.gz: bd83dbcc8eb058cf581a4466c94edea750c7ada17bcbd9ac150ad905c51d65859d02a3cea1d65adb4c0a9ebd4ca8f77fbd655b1a14cf74bb3cfa2f2f0b0f206c
6
+ metadata.gz: 30e55a4658b59e53255625c872ad040faa7d9ce9c8363b500c6e31db9d477fdca36582049e5a3d9e94b3066f418c72a9f677a56581350a45ee918d921e74a469
7
+ data.tar.gz: c772d1c33fc1e608a98b48b6c3c8ba73c78bd3f4afa70d4a6b66cae3c647eead279e9102e4b7c2672a87d55021bc90b80d1f66fde8df1bd3aa054b1600625781
data/lib/shield_ast/sast.rb CHANGED
@@ -7,21 +7,35 @@ require "open3"
7
7
  module ShieldAst
8
8
  # Wraps the logic for running SAST scan using Semgrep.
9
9
  class SAST
10
+ EXCLUDE_PATTERNS = %w[**/spec/ **/test/ **/tests/ **/features/ **/__tests__/ **/vendor/
11
+ **/node_modules/ **/*_spec.rb **/*_test.rb **/*.spec.js **/*.test.js
12
+ **/*.spec.ts **/*.test.ts **/*_test.py **/test_*.py **/*_test.go].freeze
13
+
10
14
  def self.scan(path)
11
- cmd = [
12
- "semgrep", "scan", "--config", "p/r2c-ci", "--config", "p/secrets", "--json", "--disable-version-check", path
13
- ]
15
+ cmd = build_command(path)
14
16
  stdout, stderr, status = Open3.capture3(*cmd)
15
17
 
16
18
  if status.success?
17
19
  JSON.parse(stdout)
18
20
  else
19
- warn "Semgrep SAST scan failed! Error: #{stderr}"
20
- []
21
+ warn "Semgrep SAST scan failed! Exit Code: #{status.exitstatus}\nError: #{stderr}"
22
+ { "results" => [] }
21
23
  end
22
24
  rescue JSON::ParserError => e
23
- warn "Failed to parse Semgrep output: #{e.message}"
24
- []
25
+ warn "Failed to parse Semgrep SAST output: #{e.message}"
26
+ { "results" => [] }
27
+ end
28
+
29
+ def self.build_command(path)
30
+ base_cmd = %w[semgrep scan --json --disable-version-check]
31
+
32
+ EXCLUDE_PATTERNS.each do |pattern|
33
+ base_cmd.push("--exclude", pattern)
34
+ end
35
+
36
+ base_cmd.push(path)
37
+
38
+ base_cmd
25
39
  end
26
40
  end
27
41
  end
data/lib/shield_ast/sca.rb CHANGED
@@ -21,7 +21,7 @@ module ShieldAst
21
21
  puts "Executing command: #{cmd}" if ENV["DEBUG"]
22
22
 
23
23
  output = `#{cmd} 2>&1`
24
- exit_code = $?.exitstatus
24
+ exit_code = $CHILD_STATUS.exitstatus
25
25
 
26
26
  puts "Exit code: #{exit_code}" if ENV["DEBUG"]
27
27
  puts "Output: #{output}" if ENV["DEBUG"]
@@ -49,7 +49,7 @@ module ShieldAst
49
49
  puts "OSV Scanner non-result error (exit code: #{exit_code})"
50
50
  { "results" => [] }
51
51
  end
52
- rescue => e
52
+ rescue StandardError => e
53
53
  puts "Error running OSV Scanner: #{e.message}"
54
54
  { "results" => [] }
55
55
  end
@@ -132,12 +132,11 @@ module ShieldAst
132
132
  end
133
133
 
134
134
  def self.extract_fixed_version(vuln)
135
- if vuln["affected"] && vuln["affected"].is_a?(Array)
135
+ if vuln["affected"].is_a?(Array)
136
136
  vuln["affected"].each do |affected|
137
- if affected["ranges"] && affected["ranges"].is_a?(Array)
137
+ if affected["ranges"].is_a?(Array)
138
138
  affected["ranges"].each do |range|
139
- if range["events"] && range["events"].is_a?(Array)
140
- # Look for "fixed" events
139
+ if range["events"].is_a?(Array)
141
140
  fixed_event = range["events"].find { |event| event["fixed"] }
142
141
  return fixed_event["fixed"] if fixed_event
143
142
  end
data/lib/shield_ast/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ShieldAst
4
- VERSION = "1.3.0"
4
+ VERSION = "1.3.2"
5
5
  end
data/lib/shield_ast.rb CHANGED
@@ -171,7 +171,7 @@ module ShieldAst
171
171
  puts "PDF report generated at: #{REPORT_PDF_FILE}"
172
172
  rescue StandardError => e
173
173
  puts "Error: Failed to generate PDF: #{e.message}"
174
- puts "Error: Backtrace: #{e.backtrace.join("\n")}"
174
+ puts "Error: Backtrace: #{e.backtrace&.join("\n")}"
175
175
  end
176
176
  end
177
177
 
@@ -413,14 +413,16 @@ module ShieldAst
413
413
  end
414
414
 
415
415
  def self.banner
416
- yellow = "\e[33m"
416
+ gray = "\e[90m"
417
+ white = "\e[97m"
418
+ bold = "\e[1m"
417
419
  reset = "\e[0m"
418
- version_string = "Shield AST - v#{ShieldAst::VERSION}"
419
- line_length = 42
420
420
 
421
- puts "#{yellow}┌" + "─" * line_length + "┐#{reset}"
422
- puts "#{yellow}│#{reset} #{version_string.ljust(line_length - 1)}#{yellow}│#{reset}"
423
- puts "#{yellow}└" + "─" * line_length + "┘#{reset}"
421
+ title = "Shield AST v#{ShieldAst::VERSION}"
422
+ line_char = "─"
423
+ line_segment = line_char * 10
424
+
425
+ puts "#{gray}#{line_segment}┤#{reset} #{bold}#{white}#{title}#{reset} #{gray}├#{line_segment}#{reset}"
424
426
  puts ""
425
427
  end
426
428
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shield_ast
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.3.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jose Augusto