class SastBox::Scanner

Attributes

issues[RW]

Public Class Methods

new(params) click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 14
def initialize(params)
  @name = params[:name]
  @name_alias = params[:name_alias] || @name
  @description = params[:description]
  @support = params[:support]
  @version = params[:version]
  @tool = params[:tool]

  @issues = []
end

Public Instance Methods

add_hash_issue_v1(issue) click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 35
def add_hash_issue_v1(issue) # compatibility with sastbox v1
  issue[:hash_issue] = ''
  return if got_line_range?(issue) # hash v1 not needed for scanners which report start/end line

  scanner_name = @name_alias
  short_filename = issue[:filename].sub(@opts.codebase, '')
  data = [
    scanner_name,
    issue[:title],
    issue[:description],
    short_filename,
    issue[:line].to_s,
    (issue[:snippet][:evidence_line][:hash] || ''),
  ]
  issue[:hash_issue] = Digest::SHA256.hexdigest(data.join(':'))
end
add_hash_issue_v2(issue) click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 52
def add_hash_issue_v2(issue)
  filename_path = filename_relative(issue[:filename])
  filename_path = '' if filename_path.nil?
  data = [
    issue[:title],
    issue[:description],
    filename_path,
    got_line_range?(issue) ? "#{issue[:start_line].to_s}-#{issue[:end_line].to_s}" : issue[:line].to_s,
    (issue[:snippet][:evidence_line][:hash]|| ''),
  ]
  issue[:hash_issue_v2] = Digest::SHA256.hexdigest(data.join(':'))
end
add_issue(issue) click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 69
def add_issue(issue)
  return if skip_issue?(issue)
  issue[:tags] = [] unless issue.key? :tags
  add_severity(issue)
  add_hash_issue_v1(issue)
  add_hash_issue_v2(issue)
  guess_cwe(issue)
  @issues << issue
end
finish_scan() click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 111
def finish_scan
  status = 0
  status = 1 unless @issues.empty?
  print_title("Finished #{@name}")
  exit status
end
gen_random_tmp_filename(suffix = '') click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 123
def gen_random_tmp_filename(suffix = '')
  File.join(Dir.tmpdir, "#{SecureRandom.urlsafe_base64}#{suffix}")
end
gen_random_tmp_filename_json() click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 127
def gen_random_tmp_filename_json
  gen_random_tmp_filename('.json')
end
got_line_range?(issue) click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 65
def got_line_range?(issue)
  issue.key?(:start_line) && issue.key?(:end_line)
end
info() click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 25
def info
  {
    name: @name,
    description: @description,
    support: @support,
    version: @version,
    sdk_version: SastBox::SDK_VERSION
  }
end
parse_json_from_file(filename) click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 142
def parse_json_from_file(filename)
  content = nil
  if File.exist?(filename)
    content = parse_json_from_str(File.read(filename))
  end
  content
end
parse_json_from_str(s) click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 131
def parse_json_from_str(s)
  content = nil
  unless s.nil?
    begin
      content = JSON.parse(s)
    rescue JSON::ParserError
    end
  end
  content
end
save_scan_output() click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 118
def save_scan_output
  File.open(@opts.output, "wb") { |file| file.write(generate_sarif_report) }
  print_normal("Sarif result saved to #{@opts.output}", 1)
end
skip_issue?(issue) click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 79
def skip_issue?(issue)
  return true if issue[:filename].include?('/.git/')
  return true if issue[:snippet][:read_success] == false
  return false # valid issue
end
start_scan() click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 103
def start_scan
  validate_opts

  print_title("Running #{@name}")
  run
  #finish_scan
end
validate_opts() click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 85
def validate_opts
  enable_color(@opts.color)
  if @opts.info
    puts JSON.pretty_generate(info)
    exit 0
  end

  if @opts.output.nil?
    print_error('output (-o) not passed')
    exit 0
  end

  if @opts.codebase.nil?
    print_error('codebase (-c) not passed')
    exit 0
  end
end