lib/paraxial/cli.rb in paraxial-0.1.0 vs lib/paraxial/cli.rb in paraxial-0.2.0
- old
+ new
@@ -5,30 +5,75 @@
require 'json'
require 'time'
module Paraxial
class CLI < Thor
- desc "scan", "Run scan"
+ desc 'scan', 'Run scan'
+ option :github_app, type: :boolean, default: false, desc: 'Use GitHub app'
+ option :install_id, type: :numeric, desc: 'GitHub App installation ID'
+ option :repo_owner, type: :string, desc: 'Repository owner'
+ option :repo_name, type: :string, desc: 'Repository name'
+ option :pr_number, type: :numeric, desc: 'Pull request number'
+
def scan
- puts "[Paraxial] Scan NOW"
- cops = "Paraxial,Security/Eval,Security/IoMethods,Security/JSONLoad,Security/MarshalLoad,Security/Open,Security/YAMLLoad"
- rubocop = `rubocop --only #{cops} --format json`
- lockfile = File.read("./Gemfile.lock")
- api_key = ENV['PARAXIAL_API_KEY']
- uri = URI.parse(ENV['PARAXIAL_URL'] + "/api/ruby_scan")
- headers = { 'Content-Type': 'application/json' }
+ puts '[Paraxial] Scan starting...'
- body = { rubocop: rubocop, lockfile: lockfile, api_key: api_key, timestamp: Paraxial.get_timestamp() }
- response = Net::HTTP.post(uri, body.to_json, headers)
- puts response.body
-
- if ENV['PARAXIAL_API_KEY'] == nil
- puts "[Paraxial] Environment variable PARAXIAL_API_KEY not found, set with: "
- puts "[Paraxial] export PARAXIAL_API_KEY=your_site_api_key_here"
- puts "[Paraxial] Exiting"
- exit()
+ if ENV['PARAXIAL_API_KEY'].nil?
+ puts '[Paraxial] Environment variable PARAXIAL_API_KEY not found'
else
- puts "[Paraxial] Scan result here"
+ github_app = options[:github_app]
+ install_id = options[:install_id]
+ repo_owner = options[:repo_owner]
+ repo_name = options[:repo_name]
+ pr_number = options[:pr_number]
+
+ cops = 'Paraxial,Security/Eval,Security/IoMethods,Security/JSONLoad,Security/MarshalLoad,Security/Open,Security/YAMLLoad'
+ rubocop = `rubocop --only #{cops} --format json`
+ lockfile = File.read('./Gemfile.lock')
+ api_key = ENV['PARAXIAL_API_KEY']
+ uri = URI.parse(ENV['PARAXIAL_URL'] + '/api/ruby_scan')
+ headers = { 'Content-Type': 'application/json' }
+
+ body = { rubocop:, lockfile:, api_key:, timestamp: Paraxial.get_timestamp }
+ response = Net::HTTP.post(uri, body.to_json, headers)
+ puts "[Paraxial] scan result: #{response.body}"
+ github_valid = (!!github_app and !!install_id and !!repo_owner and !!repo_name and !!pr_number)
+
+ if github_app and github_valid == false
+ puts '[Paraxial] --github_app missing arguments'
+ puts '[Paraxial] Required: --github_app, --install_id, --repo_owner, --repo_name, --pr_number'
+ elsif github_app and github_valid
+ uuid_regex = /UUID\s+(\S+)/
+ match = response.body.match(uuid_regex)
+ uuid = match[1] if match
+ if uuid
+ final_uuid = uuid.chomp('.')
+ censored_backend_map = {
+ 'installation_id' => install_id,
+ 'repository_owner' => repo_owner,
+ 'repository_name' => repo_name,
+ 'pull_request_number' => pr_number,
+ 'scan_uuid' => final_uuid,
+ 'api_key' => 'REDACTED'
+ }
+ cbms = JSON.pretty_generate(censored_backend_map)
+ puts "[Paraxial] GitHub hash: #{cbms}"
+
+ censored_backend_map['api_key'] = api_key
+ backend_map = censored_backend_map
+ parax_uri = URI.parse(ENV['PARAXIAL_URL'] + '/api/github_app')
+ github_pr_url = "https://github.com/#{repo_owner}/#{repo_name}/pull/#{pr_number}"
+
+ rr = Net::HTTP.post(parax_uri, backend_map.to_json, headers)
+ puts "[Paraxial] parax_uri response: #{rr.body}"
+ puts "[Paraxial] #{github_pr_url}"
+ else
+ puts '[Paraxial] No scan UUID found'
+ end
+
+ else
+ :ok
+ end
end
end
end
end