%global _empty_manifest_terminate_build 0 Name: python-njsscan Version: 0.3.4 Release: 1 Summary: njsscan is a SAST tool that can find insecure code patterns in your Node.js applications. License: GNU Lesser General Public License v3 or later (LGPLv3+) URL: https://github.com/ajinabraham/njsscan Source0: https://mirrors.nju.edu.cn/pypi/web/packages/14/94/7071b5f3a6620651602d0d71e2b5706abeb4039e1ea446d7e9d090bf52ef/njsscan-0.3.4.tar.gz BuildArch: noarch Requires: python3-colorama Requires: python3-libsast Requires: python3-sarif-om Requires: python3-jschema-to-python Requires: python3-tabulate %description - nodejs-extensions: - .js template-extensions: - .new - .hbs - '' ignore-filenames: - skip.js ignore-paths: - __MACOSX - skip_dir - node_modules ignore-extensions: - .jsx ignore-rules: - regex_injection_dos - pug_jade_template severity-filter: - WARNING - ERROR ``` ## Suppress Findings You can suppress findings from javascript source files by adding the comment `// njsscan-ignore: rule_id1, rule_id2` to the line that trigger the findings. Example: ```javascript app.get('/some/redirect', function (req, res) { var target = req.param("target"); res.redirect(target); // njsscan-ignore: express_open_redirect }); ``` ## CI/CD Integrations You can enable njsscan in your CI/CD or DevSecOps pipelines. #### Github Action Add the following to the file `.github/workflows/njsscan.yml`. ```yaml name: njsscan on: push: branches: [ master, main ] pull_request: branches: [ master, main ] jobs: njsscan: runs-on: ubuntu-latest name: njsscan check steps: - name: Checkout the code uses: actions/checkout@v2 - name: nodejsscan scan id: njsscan uses: ajinabraham/njsscan-action@master with: args: '.' ``` Example: [dvna with njsscan github action](https://github.com/ajinabraham/dvna/actions?query=workflow%3Anjsscan) #### Github Code Scanning Integration Add the following to the file `.github/workflows/njsscan_sarif.yml`. ```yaml name: njsscan sarif on: push: branches: [ master, main ] pull_request: branches: [ master, main ] jobs: njsscan: runs-on: ubuntu-latest name: njsscan code scanning steps: - name: Checkout the code uses: actions/checkout@v2 - name: nodejsscan scan id: njsscan uses: ajinabraham/njsscan-action@master with: args: '. --sarif --output results.sarif || true' - name: Upload njsscan report uses: github/codeql-action/upload-sarif@v1 with: sarif_file: results.sarif ``` ![nodejsscan web ui](https://user-images.githubusercontent.com/4301109/99230041-cfe29500-27bc-11eb-8baa-d5b30e21348d.png) #### Gitlab CI/CD Add the following to the file `.gitlab-ci.yml`. ```yaml stages: - test njsscan: image: python before_script: - pip3 install --upgrade njsscan script: - njsscan . ``` Example: [dvna with njsscan gitlab](https://gitlab.com/ajinabraham/dvna/-/jobs/602110439) #### Travis CI Add the following to the file `.travis.yml`. ```yaml language: python install: - pip3 install --upgrade njsscan script: - njsscan . ``` #### Circle CI Add the following to the file `.circleci/config.yaml` ```yaml version: 2.1 jobs: njsscan: docker: - image: cimg/python:3.9.6 steps: - checkout - run: name: Install njsscan command: pip install --upgrade njsscan - run: name: njsscan check command: njsscan . ``` ## Docker ### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/njsscan) ```bash docker pull opensecurity/njsscan docker run -v /path-to-source-dir:/src opensecurity/njsscan /src ``` ### Build Locally ``` docker build -t njsscan . docker run -v /path-to-source-dir:/src njsscan /src ``` %package -n python3-njsscan Summary: njsscan is a SAST tool that can find insecure code patterns in your Node.js applications. Provides: python-njsscan BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-njsscan - nodejs-extensions: - .js template-extensions: - .new - .hbs - '' ignore-filenames: - skip.js ignore-paths: - __MACOSX - skip_dir - node_modules ignore-extensions: - .jsx ignore-rules: - regex_injection_dos - pug_jade_template severity-filter: - WARNING - ERROR ``` ## Suppress Findings You can suppress findings from javascript source files by adding the comment `// njsscan-ignore: rule_id1, rule_id2` to the line that trigger the findings. Example: ```javascript app.get('/some/redirect', function (req, res) { var target = req.param("target"); res.redirect(target); // njsscan-ignore: express_open_redirect }); ``` ## CI/CD Integrations You can enable njsscan in your CI/CD or DevSecOps pipelines. #### Github Action Add the following to the file `.github/workflows/njsscan.yml`. ```yaml name: njsscan on: push: branches: [ master, main ] pull_request: branches: [ master, main ] jobs: njsscan: runs-on: ubuntu-latest name: njsscan check steps: - name: Checkout the code uses: actions/checkout@v2 - name: nodejsscan scan id: njsscan uses: ajinabraham/njsscan-action@master with: args: '.' ``` Example: [dvna with njsscan github action](https://github.com/ajinabraham/dvna/actions?query=workflow%3Anjsscan) #### Github Code Scanning Integration Add the following to the file `.github/workflows/njsscan_sarif.yml`. ```yaml name: njsscan sarif on: push: branches: [ master, main ] pull_request: branches: [ master, main ] jobs: njsscan: runs-on: ubuntu-latest name: njsscan code scanning steps: - name: Checkout the code uses: actions/checkout@v2 - name: nodejsscan scan id: njsscan uses: ajinabraham/njsscan-action@master with: args: '. --sarif --output results.sarif || true' - name: Upload njsscan report uses: github/codeql-action/upload-sarif@v1 with: sarif_file: results.sarif ``` ![nodejsscan web ui](https://user-images.githubusercontent.com/4301109/99230041-cfe29500-27bc-11eb-8baa-d5b30e21348d.png) #### Gitlab CI/CD Add the following to the file `.gitlab-ci.yml`. ```yaml stages: - test njsscan: image: python before_script: - pip3 install --upgrade njsscan script: - njsscan . ``` Example: [dvna with njsscan gitlab](https://gitlab.com/ajinabraham/dvna/-/jobs/602110439) #### Travis CI Add the following to the file `.travis.yml`. ```yaml language: python install: - pip3 install --upgrade njsscan script: - njsscan . ``` #### Circle CI Add the following to the file `.circleci/config.yaml` ```yaml version: 2.1 jobs: njsscan: docker: - image: cimg/python:3.9.6 steps: - checkout - run: name: Install njsscan command: pip install --upgrade njsscan - run: name: njsscan check command: njsscan . ``` ## Docker ### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/njsscan) ```bash docker pull opensecurity/njsscan docker run -v /path-to-source-dir:/src opensecurity/njsscan /src ``` ### Build Locally ``` docker build -t njsscan . docker run -v /path-to-source-dir:/src njsscan /src ``` %package help Summary: Development documents and examples for njsscan Provides: python3-njsscan-doc %description help - nodejs-extensions: - .js template-extensions: - .new - .hbs - '' ignore-filenames: - skip.js ignore-paths: - __MACOSX - skip_dir - node_modules ignore-extensions: - .jsx ignore-rules: - regex_injection_dos - pug_jade_template severity-filter: - WARNING - ERROR ``` ## Suppress Findings You can suppress findings from javascript source files by adding the comment `// njsscan-ignore: rule_id1, rule_id2` to the line that trigger the findings. Example: ```javascript app.get('/some/redirect', function (req, res) { var target = req.param("target"); res.redirect(target); // njsscan-ignore: express_open_redirect }); ``` ## CI/CD Integrations You can enable njsscan in your CI/CD or DevSecOps pipelines. #### Github Action Add the following to the file `.github/workflows/njsscan.yml`. ```yaml name: njsscan on: push: branches: [ master, main ] pull_request: branches: [ master, main ] jobs: njsscan: runs-on: ubuntu-latest name: njsscan check steps: - name: Checkout the code uses: actions/checkout@v2 - name: nodejsscan scan id: njsscan uses: ajinabraham/njsscan-action@master with: args: '.' ``` Example: [dvna with njsscan github action](https://github.com/ajinabraham/dvna/actions?query=workflow%3Anjsscan) #### Github Code Scanning Integration Add the following to the file `.github/workflows/njsscan_sarif.yml`. ```yaml name: njsscan sarif on: push: branches: [ master, main ] pull_request: branches: [ master, main ] jobs: njsscan: runs-on: ubuntu-latest name: njsscan code scanning steps: - name: Checkout the code uses: actions/checkout@v2 - name: nodejsscan scan id: njsscan uses: ajinabraham/njsscan-action@master with: args: '. --sarif --output results.sarif || true' - name: Upload njsscan report uses: github/codeql-action/upload-sarif@v1 with: sarif_file: results.sarif ``` ![nodejsscan web ui](https://user-images.githubusercontent.com/4301109/99230041-cfe29500-27bc-11eb-8baa-d5b30e21348d.png) #### Gitlab CI/CD Add the following to the file `.gitlab-ci.yml`. ```yaml stages: - test njsscan: image: python before_script: - pip3 install --upgrade njsscan script: - njsscan . ``` Example: [dvna with njsscan gitlab](https://gitlab.com/ajinabraham/dvna/-/jobs/602110439) #### Travis CI Add the following to the file `.travis.yml`. ```yaml language: python install: - pip3 install --upgrade njsscan script: - njsscan . ``` #### Circle CI Add the following to the file `.circleci/config.yaml` ```yaml version: 2.1 jobs: njsscan: docker: - image: cimg/python:3.9.6 steps: - checkout - run: name: Install njsscan command: pip install --upgrade njsscan - run: name: njsscan check command: njsscan . ``` ## Docker ### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/njsscan) ```bash docker pull opensecurity/njsscan docker run -v /path-to-source-dir:/src opensecurity/njsscan /src ``` ### Build Locally ``` docker build -t njsscan . docker run -v /path-to-source-dir:/src njsscan /src ``` %prep %autosetup -n njsscan-0.3.4 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-njsscan -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Sun Apr 23 2023 Python_Bot - 0.3.4-1 - Package Spec generated