shield_ast 1.3.1 → 1.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +5 -5
  3. data/lib/shield_ast/iac.rb +2 -2
  4. data/lib/shield_ast/sast.rb +4 -4
  5. data/lib/shield_ast/sca.rb +5 -6
  6. data/lib/shield_ast/version.rb +1 -1
  7. data/lib/shield_ast.rb +13 -11
  8. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 247e09e12b6a38c007410fc314f9f4582830b4efcdea6cf8517b626293943b4d
4
- data.tar.gz: cb5cf723c2a68c549523a9aa80000f533936e71bb419a22ebbfaf19beb04a910
3
+ metadata.gz: 10303d978bc4075c8520765a20e7c2567417ef3f57b34d09ce333087a79e642d
4
+ data.tar.gz: 07bbfc2ffadf258e3ef0c241b03d6041616f61d6ee4de98cbf2e81cc5c523ab3
5
5
  SHA512:
6
- metadata.gz: 967142208a50c569075d39b36b5cc77284f5bd855efc5fc4ead3d266b67a0b4d0c73aeac57344900dba1f9bbe54543322302bf9f350588de0ccd7f8c72bdd6fb
7
- data.tar.gz: 81e19d8e42c2baa7c01af184204def0971b608deadaa007c9b2737deb10f56e462d042e78bd2aa8869779d0210267f0051e65dc3f422092eee131cd4834c9c3e
6
+ metadata.gz: 15aa323250b887ab2fbc48e65b7121d6788c4231f9c30b014bdb6fa5fe648218b63f22d754ac051c8f9dce504a93a24268d984b7ec1dd9953abe9e7942eb60d9
7
+ data.tar.gz: 421a506dc42faabdbe31749e57fcf9ccd8cda1124f77060f1147e8029e51ee9ed0154beb064129dd2111878405f9786a2c23f7b2312b7f14cf444da564da020e
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # Shield AST - Application Security Testing CLI
1
+ # Shield AST - Application Security Testing
2
2
 
3
3
  [![Gem Version](https://badge.fury.io/rb/shield_ast.svg)](https://badge.fury.io/rb/shield_ast)
4
4
  [![Build Status](https://github.com/JAugusto42/shield_ast/actions/workflows/main.yml/badge.svg)](https://github.com/JAugusto42/shield_ast/actions)
@@ -41,9 +41,9 @@ ast [command] [options]
41
41
  - **`help`** – Displays this help message.
42
42
 
43
43
  ### Options
44
- - **`-s, --sast`** – Run SAST using [Semgrep](https://semgrep.dev).
44
+ - **`-s, --sast`** – Run SAST using [Opengrep](https://www.opengrep.dev/).
45
45
  - **`-c, --sca`** – Run SCA using [OSV Scanner](https://osv.dev).
46
- - **`-i, --iac`** – Run IaC analysis using [Semgrep](https://semgrep.dev) with infrastructure rules.
46
+ - **`-i, --iac`** – Run IaC analysis using [Opengrep](https://www.opengrep.dev/) with infrastructure rules.
47
47
  - **`-o, --output`** – Specify the output format (`json`, `sarif`, `console`).
48
48
  - **`-h, --help`** – Show this help message.
49
49
  - **`--version`** – Show the AST version.
@@ -99,9 +99,9 @@ ast report --output sarif
99
99
  ## 🛠 How It Works
100
100
 
101
101
  AST integrates well-known open-source scanners into a single CLI tool:
102
- - **SAST** – [Semgrep](https://semgrep.dev) for static code analysis
102
+ - **SAST** – [Opengrep](https://www.opengrep.dev/) for static code analysis
103
103
  - **SCA** – [OSV Scanner](https://osv.dev) for dependency vulnerability scanning
104
- - **IaC** – [Semgrep](https://semgrep.dev) rules for Infrastructure as Code
104
+ - **IaC** – [Opengrep](https://www.opengrep.dev/) rules for Infrastructure as Code
105
105
 
106
106
  This unified approach streamlines security testing, enabling developers to catch security issues earlier in the development process.
107
107
 
data/lib/shield_ast/iac.rb CHANGED
@@ -4,11 +4,11 @@ require "json"
4
4
  require "open3"
5
5
 
6
6
  module ShieldAst
7
- # Wraps the logic for running Infrastructure as Code (IaC) scans using Semgrep.
7
+ # Wraps the logic for running Infrastructure as Code (IaC) scans using Opengrep.
8
8
  class IaC
9
9
  def self.scan(path)
10
10
  cmd = [
11
- "semgrep", "scan",
11
+ "opengrep", "scan",
12
12
  "--config", "r/terraform",
13
13
  "--config", "r/kubernetes",
14
14
  "--config", "r/docker",
data/lib/shield_ast/sast.rb CHANGED
@@ -5,7 +5,7 @@ require "json"
5
5
  require "open3"
6
6
 
7
7
  module ShieldAst
8
- # Wraps the logic for running SAST scan using Semgrep.
8
+ # Wraps the logic for running SAST scan using Opengrep.
9
9
  class SAST
10
10
  EXCLUDE_PATTERNS = %w[**/spec/ **/test/ **/tests/ **/features/ **/__tests__/ **/vendor/
11
11
  **/node_modules/ **/*_spec.rb **/*_test.rb **/*.spec.js **/*.test.js
@@ -18,16 +18,16 @@ module ShieldAst
18
18
  if status.success?
19
19
  JSON.parse(stdout)
20
20
  else
21
- warn "Semgrep SAST scan failed! Exit Code: #{status.exitstatus}\nError: #{stderr}"
21
+ warn "Opengrep SAST scan failed! Exit Code: #{status.exitstatus}\nError: #{stderr}"
22
22
  { "results" => [] }
23
23
  end
24
24
  rescue JSON::ParserError => e
25
- warn "Failed to parse Semgrep SAST output: #{e.message}"
25
+ warn "Failed to parse Opengrep SAST output: #{e.message}"
26
26
  { "results" => [] }
27
27
  end
28
28
 
29
29
  def self.build_command(path)
30
- base_cmd = %w[semgrep scan --config p/r2c-ci --config p/secrets --json --disable-version-check]
30
+ base_cmd = %w[opengrep scan --config p/r2c-ci --config p/secrets --json --disable-version-check]
31
31
 
32
32
  EXCLUDE_PATTERNS.each do |pattern|
33
33
  base_cmd.push("--exclude", pattern)
data/lib/shield_ast/sca.rb CHANGED
@@ -21,7 +21,7 @@ module ShieldAst
21
21
  puts "Executing command: #{cmd}" if ENV["DEBUG"]
22
22
 
23
23
  output = `#{cmd} 2>&1`
24
- exit_code = $?.exitstatus
24
+ exit_code = $CHILD_STATUS.exitstatus
25
25
 
26
26
  puts "Exit code: #{exit_code}" if ENV["DEBUG"]
27
27
  puts "Output: #{output}" if ENV["DEBUG"]
@@ -49,7 +49,7 @@ module ShieldAst
49
49
  puts "OSV Scanner non-result error (exit code: #{exit_code})"
50
50
  { "results" => [] }
51
51
  end
52
- rescue => e
52
+ rescue StandardError => e
53
53
  puts "Error running OSV Scanner: #{e.message}"
54
54
  { "results" => [] }
55
55
  end
@@ -132,12 +132,11 @@ module ShieldAst
132
132
  end
133
133
 
134
134
  def self.extract_fixed_version(vuln)
135
- if vuln["affected"] && vuln["affected"].is_a?(Array)
135
+ if vuln["affected"].is_a?(Array)
136
136
  vuln["affected"].each do |affected|
137
- if affected["ranges"] && affected["ranges"].is_a?(Array)
137
+ if affected["ranges"].is_a?(Array)
138
138
  affected["ranges"].each do |range|
139
- if range["events"] && range["events"].is_a?(Array)
140
- # Look for "fixed" events
139
+ if range["events"].is_a?(Array)
141
140
  fixed_event = range["events"].find { |event| event["fixed"] }
142
141
  return fixed_event["fixed"] if fixed_event
143
142
  end
data/lib/shield_ast/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ShieldAst
4
- VERSION = "1.3.1"
4
+ VERSION = "1.3.3"
5
5
  end
data/lib/shield_ast.rb CHANGED
@@ -25,9 +25,9 @@ module ShieldAst
25
25
  def self.call(args)
26
26
  banner
27
27
 
28
- unless scanner_exists?("osv-scanner") && scanner_exists?("semgrep")
28
+ unless scanner_exists?("osv-scanner") && scanner_exists?("opengrep")
29
29
  puts "\e[31m[!] ERROR:\e[0m Required tools not found."
30
- puts " Install: \e[33mosv-scanner\e[0m, \e[33msemgrep\e[0m"
30
+ puts " Install: \e[33mosv-scanner\e[0m, \e[33mopengrep\e[0m"
31
31
  exit 1
32
32
  end
33
33
 
@@ -171,7 +171,7 @@ module ShieldAst
171
171
  puts "PDF report generated at: #{REPORT_PDF_FILE}"
172
172
  rescue StandardError => e
173
173
  puts "Error: Failed to generate PDF: #{e.message}"
174
- puts "Error: Backtrace: #{e.backtrace.join("\n")}"
174
+ puts "Error: Backtrace: #{e.backtrace&.join("\n")}"
175
175
  end
176
176
  end
177
177
 
@@ -395,9 +395,9 @@ module ShieldAst
395
395
  report Generates a report from the last scan in JSON or PDF format.
396
396
  help Shows this help message.
397
397
  Options:
398
- -s, --sast Run Static Application Security Testing (SAST) with Semgrep.
398
+ -s, --sast Run Static Application Security Testing (SAST) with Opengrep.
399
399
  -c, --sca Run Software Composition Analysis (SCA) with OSV Scanner.
400
- -i, --iac Run Infrastructure as Code (IaC) analysis with Semgrep.
400
+ -i, --iac Run Infrastructure as Code (IaC) analysis with Opengrep.
401
401
  -o, --output Specify the output format for report (json or pdf, default: json).
402
402
  -h, --help Show this help message.
403
403
  --version Show the ast version.
@@ -413,14 +413,16 @@ module ShieldAst
413
413
  end
414
414
 
415
415
  def self.banner
416
- yellow = "\e[33m"
416
+ gray = "\e[90m"
417
+ white = "\e[97m"
418
+ bold = "\e[1m"
417
419
  reset = "\e[0m"
418
- version_string = "Shield AST - v#{ShieldAst::VERSION}"
419
- line_length = 42
420
420
 
421
- puts "#{yellow}┌" + "─" * line_length + "┐#{reset}"
422
- puts "#{yellow}│#{reset} #{version_string.ljust(line_length - 1)}#{yellow}│#{reset}"
423
- puts "#{yellow}└" + "─" * line_length + "┘#{reset}"
421
+ title = "Shield AST v#{ShieldAst::VERSION}"
422
+ line_char = "─"
423
+ line_segment = line_char * 10
424
+
425
+ puts "#{gray}#{line_segment}┤#{reset} #{bold}#{white}#{title}#{reset} #{gray}├#{line_segment}#{reset}"
424
426
  puts ""
425
427
  end
426
428
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shield_ast
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.1
4
+ version: 1.3.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jose Augusto