corgea-cli 1.2.4__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- corgea_cli-1.2.4/.github/workflows/release.yml +126 -0
- corgea_cli-1.2.4/.gitignore +5 -0
- corgea_cli-1.2.4/.legacy/cli.sh +138 -0
- corgea_cli-1.2.4/Cargo.lock +1452 -0
- corgea_cli-1.2.4/Cargo.toml +17 -0
- corgea_cli-1.2.4/PKG-INFO +37 -0
- corgea_cli-1.2.4/README.md +11 -0
- corgea_cli-1.2.4/_redirects +5 -0
- corgea_cli-1.2.4/build_release.sh +34 -0
- corgea_cli-1.2.4/pyproject.toml +37 -0
- corgea_cli-1.2.4/src/cicd.rs +26 -0
- corgea_cli-1.2.4/src/config.rs +85 -0
- corgea_cli-1.2.4/src/login.rs +19 -0
- corgea_cli-1.2.4/src/main.rs +106 -0
- corgea_cli-1.2.4/src/scan.rs +300 -0
|
@@ -0,0 +1,126 @@
|
|
|
1
|
+
# This file is autogenerated by maturin v1.5.1
|
|
2
|
+
# To update, run
|
|
3
|
+
#
|
|
4
|
+
# maturin generate-ci github
|
|
5
|
+
#
|
|
6
|
+
name: CI
|
|
7
|
+
|
|
8
|
+
on:
|
|
9
|
+
push:
|
|
10
|
+
branches:
|
|
11
|
+
- main
|
|
12
|
+
- master
|
|
13
|
+
tags:
|
|
14
|
+
- '*'
|
|
15
|
+
pull_request:
|
|
16
|
+
workflow_dispatch:
|
|
17
|
+
|
|
18
|
+
permissions:
|
|
19
|
+
contents: read
|
|
20
|
+
|
|
21
|
+
jobs:
|
|
22
|
+
linux-x86:
|
|
23
|
+
runs-on: ${{ matrix.platform.runner }}
|
|
24
|
+
strategy:
|
|
25
|
+
matrix:
|
|
26
|
+
platform:
|
|
27
|
+
- runner: ubuntu-latest
|
|
28
|
+
target: x86_64
|
|
29
|
+
- runner: ubuntu-latest
|
|
30
|
+
target: x86
|
|
31
|
+
|
|
32
|
+
steps:
|
|
33
|
+
- uses: actions/checkout@v4
|
|
34
|
+
- name: Build wheels
|
|
35
|
+
uses: PyO3/maturin-action@v1
|
|
36
|
+
with:
|
|
37
|
+
target: ${{ matrix.platform.target }}
|
|
38
|
+
args: --release --out dist
|
|
39
|
+
manylinux: auto
|
|
40
|
+
before-script-linux: |
|
|
41
|
+
# If we're running on rhel centos, install needed packages.
|
|
42
|
+
if command -v yum &> /dev/null; then
|
|
43
|
+
yum update -y && yum install -y perl-core openssl openssl-devel pkgconfig libatomic
|
|
44
|
+
else
|
|
45
|
+
# If we're running on debian-based system.
|
|
46
|
+
apt update -y && apt-get install -y libssl-dev openssl pkg-config musl-tools
|
|
47
|
+
fi
|
|
48
|
+
- name: Upload wheels
|
|
49
|
+
uses: actions/upload-artifact@v4
|
|
50
|
+
with:
|
|
51
|
+
name: wheels-linux-${{ matrix.platform.target }}
|
|
52
|
+
path: dist
|
|
53
|
+
|
|
54
|
+
windows:
|
|
55
|
+
runs-on: ${{ matrix.platform.runner }}
|
|
56
|
+
strategy:
|
|
57
|
+
matrix:
|
|
58
|
+
platform:
|
|
59
|
+
- runner: windows-latest
|
|
60
|
+
target: x64
|
|
61
|
+
- runner: windows-latest
|
|
62
|
+
target: x86
|
|
63
|
+
steps:
|
|
64
|
+
- uses: actions/checkout@v4
|
|
65
|
+
- name: Build wheels
|
|
66
|
+
uses: PyO3/maturin-action@v1
|
|
67
|
+
with:
|
|
68
|
+
target: ${{ matrix.platform.target }}
|
|
69
|
+
args: --release --out dist
|
|
70
|
+
- name: Upload wheels
|
|
71
|
+
uses: actions/upload-artifact@v4
|
|
72
|
+
with:
|
|
73
|
+
name: wheels-windows-${{ matrix.platform.target }}
|
|
74
|
+
path: dist
|
|
75
|
+
|
|
76
|
+
macos:
|
|
77
|
+
runs-on: ${{ matrix.platform.runner }}
|
|
78
|
+
strategy:
|
|
79
|
+
matrix:
|
|
80
|
+
platform:
|
|
81
|
+
- runner: macos-latest
|
|
82
|
+
target: x86_64
|
|
83
|
+
- runner: macos-14
|
|
84
|
+
target: aarch64
|
|
85
|
+
steps:
|
|
86
|
+
- uses: actions/checkout@v4
|
|
87
|
+
- name: Build wheels
|
|
88
|
+
uses: PyO3/maturin-action@v1
|
|
89
|
+
with:
|
|
90
|
+
target: ${{ matrix.platform.target }}
|
|
91
|
+
args: --release --out dist
|
|
92
|
+
- name: Upload wheels
|
|
93
|
+
uses: actions/upload-artifact@v4
|
|
94
|
+
with:
|
|
95
|
+
name: wheels-macos-${{ matrix.platform.target }}
|
|
96
|
+
path: dist
|
|
97
|
+
|
|
98
|
+
sdist:
|
|
99
|
+
runs-on: ubuntu-latest
|
|
100
|
+
steps:
|
|
101
|
+
- uses: actions/checkout@v4
|
|
102
|
+
- name: Build sdist
|
|
103
|
+
uses: PyO3/maturin-action@v1
|
|
104
|
+
with:
|
|
105
|
+
command: sdist
|
|
106
|
+
args: --out dist
|
|
107
|
+
- name: Upload sdist
|
|
108
|
+
uses: actions/upload-artifact@v4
|
|
109
|
+
with:
|
|
110
|
+
name: wheels-sdist
|
|
111
|
+
path: dist
|
|
112
|
+
|
|
113
|
+
release:
|
|
114
|
+
name: Release
|
|
115
|
+
runs-on: ubuntu-latest
|
|
116
|
+
if: "startsWith(github.ref, 'refs/tags/')"
|
|
117
|
+
needs: [linux-x86, windows, macos, sdist]
|
|
118
|
+
steps:
|
|
119
|
+
- uses: actions/download-artifact@v4
|
|
120
|
+
- name: Publish to PyPI
|
|
121
|
+
uses: PyO3/maturin-action@v1
|
|
122
|
+
env:
|
|
123
|
+
MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
|
|
124
|
+
with:
|
|
125
|
+
command: upload
|
|
126
|
+
args: --non-interactive --skip-existing wheels-*/*
|
|
@@ -0,0 +1,138 @@
|
|
|
1
|
+
#!/usr/bin/env bash
|
|
2
|
+
set -e
|
|
3
|
+
|
|
4
|
+
: ${CORGEA_URL:="https://www.corgea.app"}
|
|
5
|
+
CMD="$@"
|
|
6
|
+
CMD_BINARY=$(echo $CMD | awk '{print $1}')
|
|
7
|
+
VALID_BINARIES=(snyk semgrep)
|
|
8
|
+
RUN_ID=$(cat /dev/urandom | LC_ALL=C tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) || true
|
|
9
|
+
FILES_FOR_UPLOAD=()
|
|
10
|
+
CORGEA_REPORT_NAME="corgea_report_$RUN_ID.json"
|
|
11
|
+
PROJECT_NAME=$(basename $(pwd))
|
|
12
|
+
|
|
13
|
+
check_requirements() {
|
|
14
|
+
found=0
|
|
15
|
+
for i in "${VALID_BINARIES[@]}"; do
|
|
16
|
+
if [ "$i" == "$CMD_BINARY" ]; then
|
|
17
|
+
found=1
|
|
18
|
+
break
|
|
19
|
+
fi
|
|
20
|
+
done
|
|
21
|
+
|
|
22
|
+
if [ $found -eq 0 ]; then
|
|
23
|
+
echo "Invalid command provided. Supported SAST tools are snyk and semgrep currently."
|
|
24
|
+
exit
|
|
25
|
+
fi
|
|
26
|
+
|
|
27
|
+
if ! command -v $CMD_BINARY &> /dev/null
|
|
28
|
+
then
|
|
29
|
+
echo "$CMD_BINARY could not be found. Is it installed?"
|
|
30
|
+
exit
|
|
31
|
+
fi
|
|
32
|
+
|
|
33
|
+
if [ -z "$CMD" ]
|
|
34
|
+
then
|
|
35
|
+
echo "No command provided."
|
|
36
|
+
exit
|
|
37
|
+
fi
|
|
38
|
+
|
|
39
|
+
if [ -z "$CORGEA_TOKEN" ]
|
|
40
|
+
then
|
|
41
|
+
echo "CORGEA_TOKEN is not set."
|
|
42
|
+
exit
|
|
43
|
+
fi
|
|
44
|
+
|
|
45
|
+
VERIFY_TOKEN=$(curl -sS "$CORGEA_URL/api/cli/verify/$CORGEA_TOKEN")
|
|
46
|
+
|
|
47
|
+
if [[ $VERIFY_TOKEN == *"error"* ]]; then
|
|
48
|
+
echo "Invalid token provided."
|
|
49
|
+
exit
|
|
50
|
+
fi
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
parse_semgrep_report() {
|
|
54
|
+
if [[ $REPORT_ERROR == *"semgrep login"* ]]; then
|
|
55
|
+
echo "Please log into semgrep first. Run 'semgrep login' to get started."
|
|
56
|
+
exit
|
|
57
|
+
fi
|
|
58
|
+
|
|
59
|
+
FILES=$(cat $CORGEA_REPORT_NAME | tr "," "\n" | grep '"path": ' | uniq)
|
|
60
|
+
|
|
61
|
+
for i in $FILES
|
|
62
|
+
do
|
|
63
|
+
if [[ ! $i == *'"path"'* ]]; then
|
|
64
|
+
FILES_FOR_UPLOAD+=($(echo $i | tr -d "\""))
|
|
65
|
+
fi
|
|
66
|
+
done
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
parse_snyk_report() {
|
|
70
|
+
if [[ $REPORT == *"MissingApiTokenError"* ]]; then
|
|
71
|
+
echo "'snyk' requires an authenticated account. Please run 'snyk auth' and try again."
|
|
72
|
+
exit
|
|
73
|
+
fi
|
|
74
|
+
|
|
75
|
+
FILES=$(cat $CORGEA_REPORT_NAME | grep '"uri": ' | sed 's/ *$//g' | tr -d '[:blank:]' | uniq)
|
|
76
|
+
|
|
77
|
+
for i in $FILES
|
|
78
|
+
do
|
|
79
|
+
path=($(echo $i | sed 's/"uri"://g' | tr -d "\"" | tr -d ","))
|
|
80
|
+
found=0
|
|
81
|
+
|
|
82
|
+
for j in "${FILES_FOR_UPLOAD[@]}"; do
|
|
83
|
+
if [[ $j == $path ]]; then
|
|
84
|
+
found=1
|
|
85
|
+
break
|
|
86
|
+
fi
|
|
87
|
+
done
|
|
88
|
+
|
|
89
|
+
if [[ $found -eq 0 ]]; then
|
|
90
|
+
FILES_FOR_UPLOAD+=("$path")
|
|
91
|
+
fi
|
|
92
|
+
done
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
run_scan() {
|
|
96
|
+
echo "Starting Corgea run_id: $RUN_ID"
|
|
97
|
+
|
|
98
|
+
cmd_binary=$(echo $CMD | awk '{print $1}')
|
|
99
|
+
|
|
100
|
+
echo "Running scan with commmand '$CMD'"
|
|
101
|
+
$($CMD > $CORGEA_REPORT_NAME 2> corgea_report_error.log) || true
|
|
102
|
+
REPORT=$(cat $CORGEA_REPORT_NAME)
|
|
103
|
+
REPORT_ERROR=$(cat corgea_report_error.log)
|
|
104
|
+
|
|
105
|
+
if [[ $CMD_BINARY == "snyk" ]]; then
|
|
106
|
+
parse_snyk_report
|
|
107
|
+
elif [[ $CMD_BINARY == "semgrep" ]]; then
|
|
108
|
+
parse_semgrep_report
|
|
109
|
+
fi
|
|
110
|
+
|
|
111
|
+
echo "Finished running scan."
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
upload_results() {
|
|
115
|
+
echo "Uploading results to Corgea."
|
|
116
|
+
|
|
117
|
+
cat $CORGEA_REPORT_NAME | curl -sS -X POST -H "Content-Type: application/json" -d @- "$CORGEA_URL/api/cli/scan-upload?token=$CORGEA_TOKEN&run_id=$RUN_ID&engine=$CMD_BINARY&project=$PROJECT_NAME" > /dev/null
|
|
118
|
+
|
|
119
|
+
if [ -f .git/config ]; then
|
|
120
|
+
curl -sS -X POST -F "file=@.git/config" "$CORGEA_URL/api/cli/git-config-upload?token=$CORGEA_TOKEN&run_id=$RUN_ID" > /dev/null
|
|
121
|
+
fi
|
|
122
|
+
|
|
123
|
+
for f in "${FILES_FOR_UPLOAD[@]}"
|
|
124
|
+
do
|
|
125
|
+
curl -sS -X POST -F "file=@$f" "$CORGEA_URL/api/cli/code-upload?token=$CORGEA_TOKEN&run_id=$RUN_ID&path=$f" > /dev/null
|
|
126
|
+
done
|
|
127
|
+
|
|
128
|
+
echo "Scan upload finished."
|
|
129
|
+
echo "View results at: $CORGEA_URL"
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
run_corgea() {
|
|
133
|
+
check_requirements
|
|
134
|
+
run_scan
|
|
135
|
+
upload_results
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
run_corgea
|