diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | python-njsscan.spec | 470 | ||||
| -rw-r--r-- | sources | 1 |
3 files changed, 472 insertions, 0 deletions
@@ -0,0 +1 @@ +/njsscan-0.3.4.tar.gz diff --git a/python-njsscan.spec b/python-njsscan.spec new file mode 100644 index 0000000..76c87be --- /dev/null +++ b/python-njsscan.spec @@ -0,0 +1,470 @@ +%global _empty_manifest_terminate_build 0 +Name: python-njsscan +Version: 0.3.4 +Release: 1 +Summary: njsscan is a SAST tool that can find insecure code patterns in your Node.js applications. +License: GNU Lesser General Public License v3 or later (LGPLv3+) +URL: https://github.com/ajinabraham/njsscan +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/14/94/7071b5f3a6620651602d0d71e2b5706abeb4039e1ea446d7e9d090bf52ef/njsscan-0.3.4.tar.gz +BuildArch: noarch + +Requires: python3-colorama +Requires: python3-libsast +Requires: python3-sarif-om +Requires: python3-jschema-to-python +Requires: python3-tabulate + +%description +- nodejs-extensions: + - .js + template-extensions: + - .new + - .hbs + - '' + ignore-filenames: + - skip.js + ignore-paths: + - __MACOSX + - skip_dir + - node_modules + ignore-extensions: + - .jsx + ignore-rules: + - regex_injection_dos + - pug_jade_template + severity-filter: + - WARNING + - ERROR +``` +## Suppress Findings +You can suppress findings from javascript source files by adding the comment `// njsscan-ignore: rule_id1, rule_id2` to the line that trigger the findings. +Example: +```javascript +app.get('/some/redirect', function (req, res) { + var target = req.param("target"); + res.redirect(target); // njsscan-ignore: express_open_redirect +}); +``` +## CI/CD Integrations +You can enable njsscan in your CI/CD or DevSecOps pipelines. +#### Github Action +Add the following to the file `.github/workflows/njsscan.yml`. +```yaml +name: njsscan +on: + push: + branches: [ master, main ] + pull_request: + branches: [ master, main ] +jobs: + njsscan: + runs-on: ubuntu-latest + name: njsscan check + steps: + - name: Checkout the code + uses: actions/checkout@v2 + - name: nodejsscan scan + id: njsscan + uses: ajinabraham/njsscan-action@master + with: + args: '.' +``` +Example: [dvna with njsscan github action](https://github.com/ajinabraham/dvna/actions?query=workflow%3Anjsscan) +#### Github Code Scanning Integration +Add the following to the file `.github/workflows/njsscan_sarif.yml`. +```yaml +name: njsscan sarif +on: + push: + branches: [ master, main ] + pull_request: + branches: [ master, main ] +jobs: + njsscan: + runs-on: ubuntu-latest + name: njsscan code scanning + steps: + - name: Checkout the code + uses: actions/checkout@v2 + - name: nodejsscan scan + id: njsscan + uses: ajinabraham/njsscan-action@master + with: + args: '. --sarif --output results.sarif || true' + - name: Upload njsscan report + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: results.sarif +``` + +#### Gitlab CI/CD +Add the following to the file `.gitlab-ci.yml`. +```yaml +stages: + - test +njsscan: + image: python + before_script: + - pip3 install --upgrade njsscan + script: + - njsscan . +``` +Example: [dvna with njsscan gitlab](https://gitlab.com/ajinabraham/dvna/-/jobs/602110439) +#### Travis CI +Add the following to the file `.travis.yml`. +```yaml +language: python +install: + - pip3 install --upgrade njsscan +script: + - njsscan . +``` +#### Circle CI +Add the following to the file `.circleci/config.yaml` +```yaml +version: 2.1 +jobs: + njsscan: + docker: + - image: cimg/python:3.9.6 + steps: + - checkout + - run: + name: Install njsscan + command: pip install --upgrade njsscan + - run: + name: njsscan check + command: njsscan . +``` +## Docker +### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/njsscan) +```bash +docker pull opensecurity/njsscan +docker run -v /path-to-source-dir:/src opensecurity/njsscan /src +``` +### Build Locally +``` +docker build -t njsscan . +docker run -v /path-to-source-dir:/src njsscan /src +``` + +%package -n python3-njsscan +Summary: njsscan is a SAST tool that can find insecure code patterns in your Node.js applications. +Provides: python-njsscan +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-njsscan +- nodejs-extensions: + - .js + template-extensions: + - .new + - .hbs + - '' + ignore-filenames: + - skip.js + ignore-paths: + - __MACOSX + - skip_dir + - node_modules + ignore-extensions: + - .jsx + ignore-rules: + - regex_injection_dos + - pug_jade_template + severity-filter: + - WARNING + - ERROR +``` +## Suppress Findings +You can suppress findings from javascript source files by adding the comment `// njsscan-ignore: rule_id1, rule_id2` to the line that trigger the findings. +Example: +```javascript +app.get('/some/redirect', function (req, res) { + var target = req.param("target"); + res.redirect(target); // njsscan-ignore: express_open_redirect +}); +``` +## CI/CD Integrations +You can enable njsscan in your CI/CD or DevSecOps pipelines. +#### Github Action +Add the following to the file `.github/workflows/njsscan.yml`. +```yaml +name: njsscan +on: + push: + branches: [ master, main ] + pull_request: + branches: [ master, main ] +jobs: + njsscan: + runs-on: ubuntu-latest + name: njsscan check + steps: + - name: Checkout the code + uses: actions/checkout@v2 + - name: nodejsscan scan + id: njsscan + uses: ajinabraham/njsscan-action@master + with: + args: '.' +``` +Example: [dvna with njsscan github action](https://github.com/ajinabraham/dvna/actions?query=workflow%3Anjsscan) +#### Github Code Scanning Integration +Add the following to the file `.github/workflows/njsscan_sarif.yml`. +```yaml +name: njsscan sarif +on: + push: + branches: [ master, main ] + pull_request: + branches: [ master, main ] +jobs: + njsscan: + runs-on: ubuntu-latest + name: njsscan code scanning + steps: + - name: Checkout the code + uses: actions/checkout@v2 + - name: nodejsscan scan + id: njsscan + uses: ajinabraham/njsscan-action@master + with: + args: '. --sarif --output results.sarif || true' + - name: Upload njsscan report + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: results.sarif +``` + +#### Gitlab CI/CD +Add the following to the file `.gitlab-ci.yml`. +```yaml +stages: + - test +njsscan: + image: python + before_script: + - pip3 install --upgrade njsscan + script: + - njsscan . +``` +Example: [dvna with njsscan gitlab](https://gitlab.com/ajinabraham/dvna/-/jobs/602110439) +#### Travis CI +Add the following to the file `.travis.yml`. +```yaml +language: python +install: + - pip3 install --upgrade njsscan +script: + - njsscan . +``` +#### Circle CI +Add the following to the file `.circleci/config.yaml` +```yaml +version: 2.1 +jobs: + njsscan: + docker: + - image: cimg/python:3.9.6 + steps: + - checkout + - run: + name: Install njsscan + command: pip install --upgrade njsscan + - run: + name: njsscan check + command: njsscan . +``` +## Docker +### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/njsscan) +```bash +docker pull opensecurity/njsscan +docker run -v /path-to-source-dir:/src opensecurity/njsscan /src +``` +### Build Locally +``` +docker build -t njsscan . +docker run -v /path-to-source-dir:/src njsscan /src +``` + +%package help +Summary: Development documents and examples for njsscan +Provides: python3-njsscan-doc +%description help +- nodejs-extensions: + - .js + template-extensions: + - .new + - .hbs + - '' + ignore-filenames: + - skip.js + ignore-paths: + - __MACOSX + - skip_dir + - node_modules + ignore-extensions: + - .jsx + ignore-rules: + - regex_injection_dos + - pug_jade_template + severity-filter: + - WARNING + - ERROR +``` +## Suppress Findings +You can suppress findings from javascript source files by adding the comment `// njsscan-ignore: rule_id1, rule_id2` to the line that trigger the findings. +Example: +```javascript +app.get('/some/redirect', function (req, res) { + var target = req.param("target"); + res.redirect(target); // njsscan-ignore: express_open_redirect +}); +``` +## CI/CD Integrations +You can enable njsscan in your CI/CD or DevSecOps pipelines. +#### Github Action +Add the following to the file `.github/workflows/njsscan.yml`. +```yaml +name: njsscan +on: + push: + branches: [ master, main ] + pull_request: + branches: [ master, main ] +jobs: + njsscan: + runs-on: ubuntu-latest + name: njsscan check + steps: + - name: Checkout the code + uses: actions/checkout@v2 + - name: nodejsscan scan + id: njsscan + uses: ajinabraham/njsscan-action@master + with: + args: '.' +``` +Example: [dvna with njsscan github action](https://github.com/ajinabraham/dvna/actions?query=workflow%3Anjsscan) +#### Github Code Scanning Integration +Add the following to the file `.github/workflows/njsscan_sarif.yml`. +```yaml +name: njsscan sarif +on: + push: + branches: [ master, main ] + pull_request: + branches: [ master, main ] +jobs: + njsscan: + runs-on: ubuntu-latest + name: njsscan code scanning + steps: + - name: Checkout the code + uses: actions/checkout@v2 + - name: nodejsscan scan + id: njsscan + uses: ajinabraham/njsscan-action@master + with: + args: '. --sarif --output results.sarif || true' + - name: Upload njsscan report + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: results.sarif +``` + +#### Gitlab CI/CD +Add the following to the file `.gitlab-ci.yml`. +```yaml +stages: + - test +njsscan: + image: python + before_script: + - pip3 install --upgrade njsscan + script: + - njsscan . +``` +Example: [dvna with njsscan gitlab](https://gitlab.com/ajinabraham/dvna/-/jobs/602110439) +#### Travis CI +Add the following to the file `.travis.yml`. +```yaml +language: python +install: + - pip3 install --upgrade njsscan +script: + - njsscan . +``` +#### Circle CI +Add the following to the file `.circleci/config.yaml` +```yaml +version: 2.1 +jobs: + njsscan: + docker: + - image: cimg/python:3.9.6 + steps: + - checkout + - run: + name: Install njsscan + command: pip install --upgrade njsscan + - run: + name: njsscan check + command: njsscan . +``` +## Docker +### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/njsscan) +```bash +docker pull opensecurity/njsscan +docker run -v /path-to-source-dir:/src opensecurity/njsscan /src +``` +### Build Locally +``` +docker build -t njsscan . +docker run -v /path-to-source-dir:/src njsscan /src +``` + +%prep +%autosetup -n njsscan-0.3.4 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-njsscan -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Tue Apr 11 2023 Python_Bot <Python_Bot@openeuler.org> - 0.3.4-1 +- Package Spec generated @@ -0,0 +1 @@ +e3330ac9d642571c9794b5b1625c9c64 njsscan-0.3.4.tar.gz |