shield_ast 1.3.0 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/shield_ast/sast.rb +21 -7
  3. data/lib/shield_ast/version.rb +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e1d0d992a06ba8323c653c415034bf1a8675927313eed774e0df9604d68ac0d4
4
- data.tar.gz: dde5863c280c005ff476e9155dd079ef61718ada91d858fdce39139d9d921c67
3
+ metadata.gz: 247e09e12b6a38c007410fc314f9f4582830b4efcdea6cf8517b626293943b4d
4
+ data.tar.gz: cb5cf723c2a68c549523a9aa80000f533936e71bb419a22ebbfaf19beb04a910
5
5
  SHA512:
6
- metadata.gz: 504a5fd50aa71a6785546e6a5a437f5b6d4dcb864f1006344f656d93135ca63dddd30de2105362a5382afd0fe19a87b5830ee5fd3344a302a14509f494319f20
7
- data.tar.gz: bd83dbcc8eb058cf581a4466c94edea750c7ada17bcbd9ac150ad905c51d65859d02a3cea1d65adb4c0a9ebd4ca8f77fbd655b1a14cf74bb3cfa2f2f0b0f206c
6
+ metadata.gz: 967142208a50c569075d39b36b5cc77284f5bd855efc5fc4ead3d266b67a0b4d0c73aeac57344900dba1f9bbe54543322302bf9f350588de0ccd7f8c72bdd6fb
7
+ data.tar.gz: 81e19d8e42c2baa7c01af184204def0971b608deadaa007c9b2737deb10f56e462d042e78bd2aa8869779d0210267f0051e65dc3f422092eee131cd4834c9c3e
data/lib/shield_ast/sast.rb CHANGED
@@ -7,21 +7,35 @@ require "open3"
7
7
  module ShieldAst
8
8
  # Wraps the logic for running SAST scan using Semgrep.
9
9
  class SAST
10
+ EXCLUDE_PATTERNS = %w[**/spec/ **/test/ **/tests/ **/features/ **/__tests__/ **/vendor/
11
+ **/node_modules/ **/*_spec.rb **/*_test.rb **/*.spec.js **/*.test.js
12
+ **/*.spec.ts **/*.test.ts **/*_test.py **/test_*.py **/*_test.go].freeze
13
+
10
14
  def self.scan(path)
11
- cmd = [
12
- "semgrep", "scan", "--config", "p/r2c-ci", "--config", "p/secrets", "--json", "--disable-version-check", path
13
- ]
15
+ cmd = build_command(path)
14
16
  stdout, stderr, status = Open3.capture3(*cmd)
15
17
 
16
18
  if status.success?
17
19
  JSON.parse(stdout)
18
20
  else
19
- warn "Semgrep SAST scan failed! Error: #{stderr}"
20
- []
21
+ warn "Semgrep SAST scan failed! Exit Code: #{status.exitstatus}\nError: #{stderr}"
22
+ { "results" => [] }
21
23
  end
22
24
  rescue JSON::ParserError => e
23
- warn "Failed to parse Semgrep output: #{e.message}"
24
- []
25
+ warn "Failed to parse Semgrep SAST output: #{e.message}"
26
+ { "results" => [] }
27
+ end
28
+
29
+ def self.build_command(path)
30
+ base_cmd = %w[semgrep scan --config p/r2c-ci --config p/secrets --json --disable-version-check]
31
+
32
+ EXCLUDE_PATTERNS.each do |pattern|
33
+ base_cmd.push("--exclude", pattern)
34
+ end
35
+
36
+ base_cmd.push(path)
37
+
38
+ base_cmd
25
39
  end
26
40
  end
27
41
  end
data/lib/shield_ast/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ShieldAst
4
- VERSION = "1.3.0"
4
+ VERSION = "1.3.1"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shield_ast
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jose Augusto