class Pipeline::Snyk

Public Class Methods

new(trigger, tracker) click to toggle source
Calls superclass method Pipeline::BaseTask::new
# File lib/pipeline/tasks/snyk.rb, line 10
def initialize(trigger, tracker)
  super(trigger, tracker)
  @name = "Snyk"
  @description = "Snyk.io JS dependency checker"
  @stage = :code
  @labels << "code" << "javascript"
  @results = []
end

Public Instance Methods

analyze() click to toggle source
# File lib/pipeline/tasks/snyk.rb, line 30
def analyze
  begin
    markdown = Redcarpet::Markdown.new Redcarpet::Render::HTML.new(link_attributes: {target: "_blank"}), autolink: true, tables: true

    @results.each do |dir_result|
      # We build a single finding for each uniq result ID, adding the unique info (upgrade path and files) as a list
      dir_result.uniq {|r| r['id']}.each do |result|
        description = "#{result['name']}@#{result['version']} - #{result['title']}"

        # Use Redcarpet to render the Markdown details to something pretty for web display
        detail = markdown.render(result['description']).gsub('h2>','strong>').gsub('h3>', 'strong>')
        upgrade_paths = [ "Upgrade Path:\n" ]
        files = []

        # Pull the list of files and upgrade paths from all results matching this ID
        # This uses the same form as the retirejs task so it all looks nice together
        dir_result.select{|r| r['id'] == result['id']}.each do |res|
          res['upgradePath'].each_with_index do |upgrade, i|
            upgrade_paths << "#{res['from'][i]} -> #{upgrade}"
          end
          files << res['from'].join('->')
        end

        source = {
          :scanner => @name,
          :file => files.join('<br>'),
          :line => nil,
          :code => upgrade_paths.uniq.join("\n"),
        }
        sev = severity(result['severity'])
        fprint = fingerprint("#{description}#{detail}#{source}#{sev}")

        report description, detail, source, sev, fprint
      end
    end
  rescue Exception => e
    Pipeline.warn e.message
    Pipeline.warn e.backtrace
  end
end
run() click to toggle source
# File lib/pipeline/tasks/snyk.rb, line 19
def run
  exclude_dirs = ['node_modules','bower_components']
  exclude_dirs = exclude_dirs.concat(@tracker.options[:exclude_dirs]).uniq if @tracker.options[:exclude_dirs]
  directories_with?('package.json', exclude_dirs).each do |dir|
    Pipeline.notify "#{@name} scanning: #{dir}"
    Dir.chdir(dir) do
      @results << JSON.parse(runsystem(true, "snyk", "test", "--json"))["vulnerabilities"]
    end
  end
end
supported?() click to toggle source
# File lib/pipeline/tasks/snyk.rb, line 71
def supported?
  supported = find_executable0('snyk')
  unless supported
    Pipeline.notify "Install Snyk: 'npm install -g snyk'"
    return false
  else
    return true
  end
end