eclipse-steady · Naramsim · Oct 28, 2019
diff --git a/plugin-setuptools/.gitignore b/plugin-setuptools/.gitignore
@@ -0,0 +1,92 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# IPython Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# dotenv
+.env
+
+# virtualenv
+venv/
+ENV/
+
+# Spyder project settings
+.spyderproject
+
+# Rope project settings
+.ropeproject
+
+# PyCharm
+.idea/
diff --git a/plugin-setuptools/README.md b/plugin-setuptools/README.md
@@ -0,0 +1,35 @@
+# plugin-setuptools
+
+The vulnerability-assessment-tool plugin for Python allows to scan a Python application developed with setuptools.
+
+Notes:
+
+* The plugin is in beta, use with care and provide us feedback
+
+## Install the vulnerability-assessment-tool plugin
+
+Until the plugin is available in PyPI, it has to be installed from the sources. Clone this repo and run the following:
+
+```
+cd plugin-setuptools
+python setup.py install
+```
+
+## Scan your application
+
+Until now, only the `app`` goal is supported, the other vulnerability-assessment-tool goals will be added step-by-step.
+Feel free to volunteer :)
+
+### Create a method-level BOM
+
+Create a file `vulas-python.cfg` in the project's root folder. It must contain the following information, further configuration settings can be added if necessary.
+
+```ini
+vulas.shared.backend.serviceUrl = http:/localhost:8033/backend
+```
+
+Then run the following command:
+
+```sh
+python setup.py app
+```
diff --git a/plugin-setuptools/setup.cfg b/plugin-setuptools/setup.cfg
@@ -0,0 +1,2 @@
+[bdist_wheel]
+universal = 1
diff --git a/plugin-setuptools/setup.py b/plugin-setuptools/setup.py
@@ -0,0 +1,40 @@
+from setuptools import setup, find_packages
+import os
+import sys
+
+# 'setup.py publish' shortcut.
+if sys.argv[-1] == 'publish':
+    os.system('rm dist/*')
+    os.system('python setup.py bdist_wheel')
+    os.system('twine upload -r pypi dist/*')
+    sys.exit()
+
+setup(
+    name="vulnerability-assessment-tool-plugin-setuptools",
+    version="3.1.7",
+    packages=find_packages(),
+
+    # Make sure to include the vulnerability-assessment-tool java CLI
+    package_data={
+        # If any package contains *.txt or *.rst files, include them:
+        '': ['*.jar', '*.rst', '*.txt']
+    },
+
+    # Starts the wrapper
+    entry_points={
+        'console_scripts': [
+            'vulas = vulas.wrapper:main'
+        ],
+        "distutils.commands": [
+            "clean = vulas.clean_command:clean",
+            "cleanSpace = vulas.cleanSpace_command:cleanSpace",
+            "app = vulas.bom_command:bom",
+            "report = vulas.report_command:report"
+        ],
+         "distutils.setup_keywords": [
+             "debug = vulas.bom_command:assert_bool"
+        ],
+    },
+
+    test_suite="vulas.tests.test_all"
+)
diff --git a/plugin-setuptools/vulas/__init__.py b/plugin-setuptools/vulas/__init__.py
diff --git a/plugin-setuptools/vulas/bom_command.py b/plugin-setuptools/vulas/bom_command.py
@@ -0,0 +1,75 @@
+from distutils.core import Command
+from vulas import cli_wrapper
+import os
+
+class bom(Command):
+
+    description = 'Runs the vulnerability-assessment-tool goal APP'
+
+    user_options = [('debug', 'd', "call the Java CLI in debug mode")]
+
+    boolean_options = ['debug']
+
+    app = {}
+    file = {}
+
+
+    def initialize_options(self):
+        self.debug = False
+
+    def finalize_options(self):
+        assert self.debug in (None, True, False), 'True/False'
+
+    def assert_bool(dist, attr, value):
+        """Verify that value is True, False, 0, or 1"""
+        if bool(value) != value:
+            raise DistutilsSetupError(
+                "%r must be a boolean value (got %r)" % (attr, value)
+            )
+
+    def run(self):
+        print("Starting vulnerability-assessment-tool goal: APP")
+
+        # Collect all arguments
+        args = {}
+
+        # App identifier
+        for key in self.get_vulas_app().keys():
+            args[key] = self.get_vulas_app()[key]
+
+        # vulas-python.cfg
+        path = cli_wrapper.read_vulas_configuration_path()
+        conf = cli_wrapper.read_vulas_configuration(path)
+        for key in conf.keys():
+            args[key] = conf[key]
+
+        # Other
+        # src_dir = ''
+        # for p in self.distribution.packages:
+        #     if not src_dir == '':
+        #         src_dir += ','
+        #     src_dir += os.path.join(os.getcwd(), p)
+
+        args['vulas.core.app.sourceDir'] = os.getcwd()
+
+        # To prevent an exception in the JavaBomTask
+        args['vulas.core.app.appPrefixes'] = 'com.sap'
+
+        print("Arguments:")
+        for key in args:
+            print("    " + key + " = " + args[key])
+
+        # Run the CLI
+        rc = cli_wrapper.run(args, "app", self.debug)
+
+        if rc != True:
+            raise RuntimeError("Command line interface returned status code 1")
+
+    def get_vulas_app(self):
+        if not self.app:
+            self.app =  {
+                'vulas.core.appContext.group':self.distribution.get_name(),
+                'vulas.core.appContext.artifact':self.distribution.get_name(),
+                'vulas.core.appContext.version':self.distribution.get_version()
+            }
+        return self.app
diff --git a/plugin-setuptools/vulas/cleanSpace_command.py b/plugin-setuptools/vulas/cleanSpace_command.py
@@ -0,0 +1,71 @@
+from distutils.core import Command
+from vulas import cli_wrapper
+import os
+
+class cleanSpace(Command):
+
+    description = 'Runs the vulnerability-assessment-tool goal CLEANSPACE'
+
+    user_options = [('debug', 'd', "call the Java CLI in debug mode")]
+
+    boolean_options = ['debug']
+
+    app = {}
+    file = {}
+
+    def initialize_options(self):
+        self.debug = False
+
+    def finalize_options(self):
+        assert self.debug in (None, True, False), 'True/False'
+
+    def assert_bool(dist, attr, value):
+        """Verify that value is True, False, 0, or 1"""
+        if bool(value) != value:
+            raise DistutilsSetupError(
+                "%r must be a boolean value (got %r)" % (attr, value)
+            )
+
+    def run(self):
+        print("Starting vulnerability-assessment-tool goal: CLEANSPACE")
+
+        # Collect all arguments
+        args = {}
+
+        # App identifier
+        for key in self.get_vulas_app().keys():
+            args[key] = self.get_vulas_app()[key]
+
+        # vulas-python.cfg
+        path = cli_wrapper.read_vulas_configuration_path()
+        conf = cli_wrapper.read_vulas_configuration(path)
+        for key in conf.keys():
+            args[key] = conf[key]
+
+        # Other
+        # src_dir = ''
+        # for p in self.distribution.packages:
+        #     if not src_dir == '':
+        #         src_dir += ','
+        #     src_dir += os.path.join(os.getcwd(), p)
+
+        args['vulas.core.app.sourceDir'] = os.getcwd()
+
+        print("Arguments:")
+        for key in args:
+            print("    " + key + " = " + args[key])
+
+        # Run the CLI
+        rc = cli_wrapper.run(args, "cleanSpace", self.debug)
+
+        if rc != True:
+            raise RuntimeError("Command line interface returned status code 1")
+
+    def get_vulas_app(self):
+        if not self.app:
+            self.app =  {
+                'vulas.core.appContext.group':self.distribution.get_name(),
+                'vulas.core.appContext.artifact':self.distribution.get_name(),
+                'vulas.core.appContext.version':self.distribution.get_version()
+            }
+        return self.app
diff --git a/plugin-setuptools/vulas/clean_command.py b/plugin-setuptools/vulas/clean_command.py
@@ -0,0 +1,71 @@
+from distutils.core import Command
+from vulas import cli_wrapper
+import os
+
+class clean(Command):
+
+    description = 'Runs the vulnerability-assessment-tool goal CLEAN'
+
+    user_options = [('debug', 'd', "call the Java CLI in debug mode")]
+
+    boolean_options = ['debug']
+
+    app = {}
+    file = {}
+
+    def initialize_options(self):
+        self.debug = False
+
+    def finalize_options(self):
+        assert self.debug in (None, True, False), 'True/False'
+
+    def assert_bool(dist, attr, value):
+        """Verify that value is True, False, 0, or 1"""
+        if bool(value) != value:
+            raise DistutilsSetupError(
+                "%r must be a boolean value (got %r)" % (attr, value)
+            )
+
+    def run(self):
+        print("Starting vulnerability-assessment-tool goal: CLEAN")
+
+        # Collect all arguments
+        args = {}
+
+        # App identifier
+        for key in self.get_vulas_app().keys():
+            args[key] = self.get_vulas_app()[key]
+
+        # vulas-python.cfg
+        path = cli_wrapper.read_vulas_configuration_path()
+        conf = cli_wrapper.read_vulas_configuration(path)
+        for key in conf.keys():
+            args[key] = conf[key]
+
+        # Other
+        # src_dir = ''
+        # for p in self.distribution.packages:
+        #     if not src_dir == '':
+        #         src_dir += ','
+        #     src_dir += os.path.join(os.getcwd(), p)
+
+        args['vulas.core.app.sourceDir'] = os.getcwd()
+
+        print("Arguments:")
+        for key in args:
+            print("    " + key + " = " + args[key])
+
+        # Run the CLI
+        rc = cli_wrapper.run(args, "clean", self.debug)
+
+        if rc != True:
+            raise RuntimeError("Command line interface returned status code 1")
+
+    def get_vulas_app(self):
+        if not self.app:
+            self.app =  {
+                'vulas.core.appContext.group':self.distribution.get_name(),
+                'vulas.core.appContext.artifact':self.distribution.get_name(),
+                'vulas.core.appContext.version':self.distribution.get_version()
+            }
+        return self.app
diff --git a/plugin-setuptools/vulas/cli-scanner-latest-jar-with-dependencies.jar b/plugin-setuptools/vulas/cli-scanner-latest-jar-with-dependencies.jar