class SastBox::Scanner
Attributes
issues[RW]
Public Class Methods
new(params)
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 14 def initialize(params) @name = params[:name] @name_alias = params[:name_alias] || @name @description = params[:description] @support = params[:support] @version = params[:version] @tool = params[:tool] @issues = [] end
Public Instance Methods
add_hash_issue_v1(issue)
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 35 def add_hash_issue_v1(issue) # compatibility with sastbox v1 issue[:hash_issue] = '' return if got_line_range?(issue) # hash v1 not needed for scanners which report start/end line scanner_name = @name_alias short_filename = issue[:filename].sub(@opts.codebase, '') data = [ scanner_name, issue[:title], issue[:description], short_filename, issue[:line].to_s, (issue[:snippet][:evidence_line][:hash] || ''), ] issue[:hash_issue] = Digest::SHA256.hexdigest(data.join(':')) end
add_hash_issue_v2(issue)
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 52 def add_hash_issue_v2(issue) filename_path = filename_relative(issue[:filename]) filename_path = '' if filename_path.nil? data = [ issue[:title], issue[:description], filename_path, got_line_range?(issue) ? "#{issue[:start_line].to_s}-#{issue[:end_line].to_s}" : issue[:line].to_s, (issue[:snippet][:evidence_line][:hash]|| ''), ] issue[:hash_issue_v2] = Digest::SHA256.hexdigest(data.join(':')) end
add_issue(issue)
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 69 def add_issue(issue) return if skip_issue?(issue) issue[:tags] = [] unless issue.key? :tags add_severity(issue) add_hash_issue_v1(issue) add_hash_issue_v2(issue) guess_cwe(issue) @issues << issue end
finish_scan()
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 111 def finish_scan status = 0 status = 1 unless @issues.empty? print_title("Finished #{@name}") exit status end
gen_random_tmp_filename(suffix = '')
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 123 def gen_random_tmp_filename(suffix = '') File.join(Dir.tmpdir, "#{SecureRandom.urlsafe_base64}#{suffix}") end
gen_random_tmp_filename_json()
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 127 def gen_random_tmp_filename_json gen_random_tmp_filename('.json') end
got_line_range?(issue)
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 65 def got_line_range?(issue) issue.key?(:start_line) && issue.key?(:end_line) end
info()
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 25 def info { name: @name, description: @description, support: @support, version: @version, sdk_version: SastBox::SDK_VERSION } end
parse_json_from_file(filename)
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 142 def parse_json_from_file(filename) content = nil if File.exist?(filename) content = parse_json_from_str(File.read(filename)) end content end
parse_json_from_str(s)
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 131 def parse_json_from_str(s) content = nil unless s.nil? begin content = JSON.parse(s) rescue JSON::ParserError end end content end
save_scan_output()
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 118 def save_scan_output File.open(@opts.output, "wb") { |file| file.write(generate_sarif_report) } print_normal("Sarif result saved to #{@opts.output}", 1) end
skip_issue?(issue)
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 79 def skip_issue?(issue) return true if issue[:filename].include?('/.git/') return true if issue[:snippet][:read_success] == false return false # valid issue end
start_scan()
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 103 def start_scan validate_opts print_title("Running #{@name}") run #finish_scan end
validate_opts()
click to toggle source
# File lib/sastbox-sdk/scanner.rb, line 85 def validate_opts enable_color(@opts.color) if @opts.info puts JSON.pretty_generate(info) exit 0 end if @opts.output.nil? print_error('output (-o) not passed') exit 0 end if @opts.codebase.nil? print_error('codebase (-c) not passed') exit 0 end end