lib/paraxial/cli.rb in paraxial-1.0.2 vs lib/paraxial/cli.rb in paraxial-1.1.0
- old
+ new
@@ -18,17 +18,27 @@
option :exit_code, type: :boolean, default: false, desc: 'Non-zero exit code if findings > 0'
option :debug_rubocop, type: :boolean, default: false, desc: "Run rubocop in debug mode"
def scan
puts "[Paraxial] v#{Paraxial::VERSION} Scan starting..."
- if check_rubocop_configuration
- puts '[Paraxial] .rubocop.yml is valid.'
- else
- puts '[Paraxial] .rubocop.yml is missing rubocop-erb. To scan embedded Ruby files for security problems, add:'
- puts '.rubocop.yml'
+
+ case check_rubocop_configuration
+ when :does_not_exist
+ puts '[Paraxial] .paraxial-rubocop.yml does not exist. This file is required for the scan to run, add:'
+ puts '.paraxial-rubocop.yml'
puts 'require:'
puts '- rubocop-erb'
+ puts ''
+ exit(1)
+ when :found_no_erb
+ puts '[Paraxial] .paraxial-rubocop.yml is missing rubocop-erb. To scan embedded Ruby files for security problems, add:'
+ puts '.paraxial-rubocop.yml'
+ puts 'require:'
+ puts '- rubocop-erb'
+ puts ''
+ when :found_with_erb
+ puts '[Paraxial] .paraxial-rubocop.yml is valid, .erb files will be scanned.'
end
if Paraxial::Helpers.get_api_key.nil?
puts '[Paraxial] Environment variable PARAXIAL_API_KEY not found'
else
@@ -38,26 +48,33 @@
repo_name = options[:repo_name]
pr_number = options[:pr_number]
exit_code = options[:exit_code]
cops = 'Paraxial,Security/Eval,Security/IoMethods,Security/JSONLoad,Security/MarshalLoad,Security/Open,Security/YAMLLoad'
+ rubo_config = '--config .paraxial-rubocop.yml'
if options[:debug_rubocop]
puts '[Paraxial] rubocop debug enabled'
- rubocop = `rubocop --require paraxial --only #{cops} --disable-pending-cops --format json 2>/dev/null`
- debug_rubocop = `rubocop -d --require paraxial --only #{cops} --disable-pending-cops 2>&1`
+ rubocop = `rubocop --require paraxial --only #{cops} --disable-pending-cops --format json #{rubo_config} 2>/dev/null`
+ debug_rubocop = `rubocop --debug --require paraxial --only #{cops} --disable-pending-cops #{rubo_config} 2>&1`
puts debug_rubocop
else
- rubocop = `rubocop --require paraxial --only #{cops} --disable-pending-cops --format json`
+ rubocop = `rubocop --require paraxial --only #{cops} --disable-pending-cops --format json #{rubo_config}`
end
lockfile = File.read('./Gemfile.lock')
api_key = ENV['PARAXIAL_API_KEY']
uri = URI.parse(Paraxial::Helpers.get_paraxial_url + '/api/ruby_scan')
headers = { 'Content-Type': 'application/json' }
body = { rubocop: rubocop, lockfile: lockfile, api_key: api_key, timestamp: Paraxial.get_timestamp }
response = Net::HTTP.post(uri, body.to_json, headers)
m = JSON.parse(response.body)
+
+ if m['ok'].nil?
+ puts "[Paraxial] Upload failed, check if PARAXIAL_API_KEY is valid"
+ exit(1)
+ end
+
findings = m['ok']['findings']
puts
puts "[Paraxial] Scan count: #{findings.length}"
puts
findings.each do |finding|
@@ -112,20 +129,23 @@
end
private
def check_rubocop_configuration
- rubocop_file = File.join(Dir.pwd, '.rubocop.yml')
+ # return values:
+ # :does_not_exist, :found_no_erb, :found_with_erb
- return false unless File.exist?(rubocop_file)
+ rubocop_file = File.join(Dir.pwd, '.paraxial-rubocop.yml')
+ return :does_not_exist unless File.exist?(rubocop_file)
+
config = YAML.load_file(rubocop_file)
required_key = 'require'
- if config.is_a?(Hash) && config[required_key].is_a?(Array)
- config[required_key].include?('rubocop-erb')
+ if config.is_a?(Hash) && config[required_key].is_a?(Array) && config[required_key].include?('rubocop-erb')
+ :found_with_erb
else
- false
+ :found_no_erb
end
end
end
end