Class: Pipeline::NodeSecurityProject

Inherits:
BaseTask
  • Object
show all
Includes:
Util
Defined in:
lib/pipeline/tasks/nsp.rb

Instance Attribute Summary

Attributes inherited from BaseTask

#appname, #description, #findings, #labels, #name, #stage, #trigger, #warnings

Instance Method Summary collapse

Methods included from Util

#fingerprint, #relative_path, #runsystem, #strip_archive_path

Methods inherited from BaseTask

#directories_with?, #report, #severity, #warn

Constructor Details

#initialize(trigger, tracker) ⇒ NodeSecurityProject

Returns a new instance of NodeSecurityProject.



9
10
11
12
13
14
15
16
 
# File 'lib/pipeline/tasks/nsp.rb', line 9

def initialize(trigger, tracker)
  super(trigger, tracker)
  @name = "NodeSecurityProject"
  @description = "Node Security Project"
  @stage = :code
  @labels << "code"
  @results = []
end

Instance Method Details

#analyzeObject 



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/pipeline/tasks/nsp.rb', line 30

def analyze
  begin
    @results.each do |dir_result|
      # This block iterates through each package name found and selects the unique nsp advisories
      # regardless of version, and builds a pipeline finding hash for each unique package/advisory combo.
      dir_result.uniq {|finding| finding['module']}.each do |package|
        dir_result.select {|f| f['module'] == package['module']}.uniq {|m| m['advisory']}.each do |unique_finding|
          description = "#{unique_finding['module']} - #{unique_finding['title']}"
          detail = "Upgrade to versions: #{unique_finding['patched_versions']}\n#{unique_finding['advisory']}"
          source = {
            :scanner => 'NodeSecurityProject',
            :file => "#{unique_finding['module']} - #{unique_finding['vulnerable_versions']}",
            :line => nil,
            :code => nil
          }
          report description, detail, source, 'medium', fingerprint("#{description}#{detail}#{source}")
        end
      end
    end
  rescue Exception => e
    Pipeline.warn e.message
    Pipeline.warn e.backtrace
  end
end

#runObject 



18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/pipeline/tasks/nsp.rb', line 18

def run
  exclude_dirs = ['node_modules','bower_components']
  exclude_dirs = exclude_dirs.concat(@tracker.options[:exclude_dirs]).uniq if @tracker.options[:exclude_dirs]
  directories_with?('package.json', exclude_dirs).each do |dir|
    Pipeline.notify "#{@name} scanning: #{dir}"
    Dir.chdir(dir) do
      res = runsystem(true, "nsp", "check", "--output", "json")
      @results << JSON.parse(res)
    end
  end
end

#supported?Boolean

Returns:

  • (Boolean) 


55
56
57
58
59
60
61
62
63
 
# File 'lib/pipeline/tasks/nsp.rb', line 55

def supported?
  supported=runsystem(true, "nsp", "--version")
  if supported =~ /command not found/
    Pipeline.notify "Install nodesecurity: 'npm install -g nsp'"
    return false
  else
    return true
  end
end