stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: Add Promotion-Time Attestations for Stella Ops

Browse Source 
- Introduced a new document for promotion-time attestations, detailing the purpose, predicate schema, producer workflow, verification flow, APIs, and security considerations.
- Implemented the `stella.ops/promotion@v1` predicate schema to capture promotion evidence including image digest, SBOM/VEX artifacts, and Rekor proof.
- Defined producer responsibilities and workflows for CLI orchestration, signer responsibilities, and Export Center integration.
- Added verification steps for auditors to validate promotion attestations offline.

feat: Create Symbol Manifest v1 Specification

- Developed a specification for Symbol Manifest v1 to provide a deterministic format for publishing debug symbols and source maps.
- Defined the manifest structure, including schema, entries, source maps, toolchain, and provenance.
- Outlined upload and verification processes, resolve APIs, runtime proxy, caching, and offline bundle generation.
- Included security considerations and related tasks for implementation.

chore: Add Ruby Analyzer with Git Sources

- Created a Gemfile and Gemfile.lock for Ruby analyzer with dependencies on git-gem, httparty, and path-gem.
- Implemented main application logic to utilize the defined gems and output their versions.
- Added expected JSON output for the Ruby analyzer to validate the integration of the new gems and their functionalities.
- Developed internal observation classes for Ruby packages, runtime edges, and capabilities, including serialization logic for observations.

test: Add tests for Ruby Analyzer

- Created test fixtures for Ruby analyzer, including Gemfile, Gemfile.lock, main application, and expected JSON output.
- Ensured that the tests validate the correct integration and functionality of the Ruby analyzer with the specified gems.
This commit is contained in:
master
2025-11-11 15:30:22 +02:00
parent 56c687253f
commit c2c6b58b41
56 changed files with 2305 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/Internal/Observations/RubyObservationBuilder.cs Normal file
View File

@@ -0,0 +1,83 @@
using System.Collections.Immutable;
namespace StellaOps.Scanner.Analyzers.Lang.Ruby.Internal.Observations;
internal static class RubyObservationBuilder
{
public static RubyObservationDocument Build(
IReadOnlyList<RubyPackage> packages,
RubyRuntimeGraph runtimeGraph,
RubyCapabilities capabilities)
{
ArgumentNullException.ThrowIfNull(packages);
ArgumentNullException.ThrowIfNull(runtimeGraph);
ArgumentNullException.ThrowIfNull(capabilities);
var packageItems = packages
.OrderBy(static package => package.Name, StringComparer.OrdinalIgnoreCase)
.ThenBy(static package => package.Version, StringComparer.OrdinalIgnoreCase)
.Select(CreatePackage)
.ToImmutableArray();
var runtimeItems = packages
.Select(package => CreateRuntimeEdge(package, runtimeGraph))
.Where(static edge => edge is not null)
.Select(static edge => edge!)
.OrderBy(static edge => edge.Package, StringComparer.OrdinalIgnoreCase)
.ToImmutableArray();
var capabilitySummary = new RubyObservationCapabilitySummary(
capabilities.UsesExec,
capabilities.UsesNetwork,
capabilities.UsesSerialization,
capabilities.JobSchedulers
.OrderBy(static scheduler => scheduler, StringComparer.OrdinalIgnoreCase)
.ToImmutableArray());
return new RubyObservationDocument(packageItems, runtimeItems, capabilitySummary);
}
private static RubyObservationPackage CreatePackage(RubyPackage package)
{
var groups = package.Groups
.OrderBy(static group => group, StringComparer.OrdinalIgnoreCase)
.ToImmutableArray();
return new RubyObservationPackage(
package.Name,
package.Version,
package.Source,
package.Platform,
package.DeclaredOnly,
package.LockfileLocator,
package.ArtifactLocator,
groups);
}
private static RubyObservationRuntimeEdge? CreateRuntimeEdge(RubyPackage package, RubyRuntimeGraph runtimeGraph)
{
if (!runtimeGraph.TryGetUsage(package, out var usage) || usage is null || !usage.HasFiles)
{
return null;
}
var files = usage.ReferencingFiles
.OrderBy(static file => file, StringComparer.OrdinalIgnoreCase)
.ToImmutableArray();
var entrypoints = usage.Entrypoints
.OrderBy(static file => file, StringComparer.OrdinalIgnoreCase)
.ToImmutableArray();
var reasons = usage.Reasons
.OrderBy(static reason => reason, StringComparer.OrdinalIgnoreCase)
.ToImmutableArray();
return new RubyObservationRuntimeEdge(
package.Name,
usage.UsedByEntrypoint,
files,
entrypoints,
reasons);
}
}

31
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/Internal/Observations/RubyObservationDocument.cs Normal file
View File

@@ -0,0 +1,31 @@
using System.Collections.Immutable;
namespace StellaOps.Scanner.Analyzers.Lang.Ruby.Internal.Observations;
internal sealed record RubyObservationDocument(
ImmutableArray<RubyObservationPackage> Packages,
ImmutableArray<RubyObservationRuntimeEdge> RuntimeEdges,
RubyObservationCapabilitySummary Capabilities);
internal sealed record RubyObservationPackage(
string Name,
string Version,
string Source,
string? Platform,
bool DeclaredOnly,
string? Lockfile,
string? Artifact,
ImmutableArray<string> Groups);
internal sealed record RubyObservationRuntimeEdge(
string Package,
bool UsedByEntrypoint,
ImmutableArray<string> Files,
ImmutableArray<string> Entrypoints,
ImmutableArray<string> Reasons);
internal sealed record RubyObservationCapabilitySummary(
bool UsesExec,
bool UsesNetwork,
bool UsesSerialization,
ImmutableArray<string> JobSchedulers);

114
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/Internal/Observations/RubyObservationSerializer.cs Normal file
View File

@@ -0,0 +1,114 @@
using System.Buffers;
using System.Collections.Immutable;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
namespace StellaOps.Scanner.Analyzers.Lang.Ruby.Internal.Observations;
internal static class RubyObservationSerializer
{
public static string Serialize(RubyObservationDocument document)
{
ArgumentNullException.ThrowIfNull(document);
var buffer = new ArrayBufferWriter<byte>();
using (var writer = new Utf8JsonWriter(buffer, new JsonWriterOptions { Indented = false }))
{
writer.WriteStartObject();
WritePackages(writer, document.Packages);
WriteRuntimeEdges(writer, document.RuntimeEdges);
WriteCapabilities(writer, document.Capabilities);
writer.WriteEndObject();
writer.Flush();
}
return Encoding.UTF8.GetString(buffer.WrittenSpan);
}
public static string ComputeSha256(string value)
{
ArgumentNullException.ThrowIfNull(value);
var bytes = Encoding.UTF8.GetBytes(value);
var hash = SHA256.HashData(bytes);
return $"sha256:{Convert.ToHexString(hash).ToLowerInvariant()}";
}
private static void WritePackages(Utf8JsonWriter writer, ImmutableArray<RubyObservationPackage> packages)
{
writer.WritePropertyName("packages");
writer.WriteStartArray();
foreach (var package in packages)
{
writer.WriteStartObject();
writer.WriteString("name", package.Name);
writer.WriteString("version", package.Version);
writer.WriteString("source", package.Source);
if (!string.IsNullOrWhiteSpace(package.Platform))
{
writer.WriteString("platform", package.Platform);
}
writer.WriteBoolean("declaredOnly", package.DeclaredOnly);
if (!string.IsNullOrWhiteSpace(package.Lockfile))
{
writer.WriteString("lockfile", package.Lockfile);
}
if (!string.IsNullOrWhiteSpace(package.Artifact))
{
writer.WriteString("artifact", package.Artifact);
}
WriteStringArray(writer, "groups", package.Groups);
writer.WriteEndObject();
}
writer.WriteEndArray();
}
private static void WriteRuntimeEdges(Utf8JsonWriter writer, ImmutableArray<RubyObservationRuntimeEdge> runtimeEdges)
{
writer.WritePropertyName("runtimeEdges");
writer.WriteStartArray();
foreach (var edge in runtimeEdges)
{
writer.WriteStartObject();
writer.WriteString("package", edge.Package);
writer.WriteBoolean("usedByEntrypoint", edge.UsedByEntrypoint);
WriteStringArray(writer, "files", edge.Files);
WriteStringArray(writer, "entrypoints", edge.Entrypoints);
WriteStringArray(writer, "reasons", edge.Reasons);
writer.WriteEndObject();
}
writer.WriteEndArray();
}
private static void WriteCapabilities(Utf8JsonWriter writer, RubyObservationCapabilitySummary summary)
{
writer.WritePropertyName("capabilities");
writer.WriteStartObject();
writer.WriteBoolean("usesExec", summary.UsesExec);
writer.WriteBoolean("usesNetwork", summary.UsesNetwork);
writer.WriteBoolean("usesSerialization", summary.UsesSerialization);
WriteStringArray(writer, "jobSchedulers", summary.JobSchedulers);
writer.WriteEndObject();
}
private static void WriteStringArray(Utf8JsonWriter writer, string propertyName, ImmutableArray<string> values)
{
writer.WritePropertyName(propertyName);
writer.WriteStartArray();
foreach (var value in values)
{
writer.WriteStringValue(value);
}
writer.WriteEndArray();
}
}

12
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/Internal/RubyBundlerConfig.cs
View File

@@ -21,7 +21,7 @@ internal sealed class RubyBundlerConfig
return Empty;
}
var configPath = Path.Combine(rootPath, \".bundle\", \"config\");
var configPath = Path.Combine(rootPath, ".bundle", "config");
if (!File.Exists(configPath))
{
return Empty;
@@ -35,7 +35,9 @@ internal sealed class RubyBundlerConfig
foreach (var rawLine in File.ReadAllLines(configPath))
{
var line = rawLine.Trim();
if (line.Length == 0 || line.StartsWith(\"#\", StringComparison.Ordinal) || line.StartsWith(\"---\", StringComparison.Ordinal))
if (line.Length == 0
|| line.StartsWith("#", StringComparison.Ordinal)
|| line.StartsWith("---", StringComparison.Ordinal))
{
continue;
}
@@ -53,13 +55,13 @@ internal sealed class RubyBundlerConfig
continue;
}
value = value.Trim('\"', '\'');
value = value.Trim('"', '\'');
if (key.Equals(\"BUNDLE_GEMFILE\", StringComparison.OrdinalIgnoreCase))
if (key.Equals("BUNDLE_GEMFILE", StringComparison.OrdinalIgnoreCase))
{
AddPath(gemfiles, rootPath, value);
}
else if (key.Equals(\"BUNDLE_PATH\", StringComparison.OrdinalIgnoreCase))
else if (key.Equals("BUNDLE_PATH", StringComparison.OrdinalIgnoreCase))
{
AddPath(bundlePaths, rootPath, value);
}

17
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/Internal/RubyLockParser.cs
View File

@@ -103,19 +103,19 @@ internal static class RubyLockParser
if (line.StartsWith(" revision:", StringComparison.OrdinalIgnoreCase))
{
currentRevision = line[10..].Trim();
currentRevision = ExtractValue(line);
return;
}
if (line.StartsWith(" ref:", StringComparison.OrdinalIgnoreCase) && currentRevision is null)
{
currentRevision = line[6..].Trim();
currentRevision = ExtractValue(line);
return;
}
if (line.StartsWith(" path:", StringComparison.OrdinalIgnoreCase))
{
currentPath = line[6..].Trim();
currentPath = ExtractValue(line);
return;
}
@@ -200,6 +200,17 @@ internal static class RubyLockParser
_ => "rubygems",
};
}
private static string ExtractValue(string line)
{
var separatorIndex = line.IndexOf(':');
if (separatorIndex < 0 || separatorIndex + 1 >= line.Length)
{
return line.Trim();
}
return line[(separatorIndex + 1)..].Trim();
}
}
internal sealed record RubyLockParserEntry(string Name, string Version, string Source, string? Platform);

2
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/Internal/RubyPackageCollector.cs
View File

@@ -112,7 +112,7 @@ internal sealed class RubyPackageBuilder
.OrderBy(static value => value, StringComparer.OrdinalIgnoreCase)
.ToArray();
var source = _lockSource ?? _artifactSource ?? "unknown";
var source = _artifactSource ?? _lockSource ?? "unknown";
var evidenceSource = _hasVendor
? _artifactEvidenceSource ?? "vendor"
: _lockEvidenceSource ?? "Gemfile.lock";

31
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/Internal/RubyVendorArtifactCollector.cs
View File

@@ -219,12 +219,37 @@ internal static class RubyVendorArtifactCollector
{
var normalized = relativePath.Replace('\\', '/');
var segments = normalized.Split('/', StringSplitOptions.RemoveEmptyEntries);
if (segments.Length == 0)
if (segments.Length >= 2)
{
return normalized;
if (MatchesPrefix(segments, "vendor", "cache"))
{
return "vendor-cache";
}
if (MatchesPrefix(segments, "vendor", "bundle"))
{
return "vendor-bundle";
}
if (MatchesPrefix(segments, ".bundle", "cache"))
{
return "bundle-cache";
}
}
return segments[0];
if (segments.Length > 0)
{
return segments[0];
}
return normalized;
}
private static bool MatchesPrefix(IReadOnlyList<string> segments, string first, string second)
{
return segments.Count >= 2
&& segments[0].Equals(first, StringComparison.OrdinalIgnoreCase)
&& segments[1].Equals(second, StringComparison.OrdinalIgnoreCase);
}
private static string EnsureTrailingSeparator(string path)

119
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/RubyLanguageAnalyzer.cs
View File

@@ -1,4 +1,8 @@
using System.Globalization;
using System.Text;
using StellaOps.Scanner.Analyzers.Lang.Ruby.Internal;
using StellaOps.Scanner.Analyzers.Lang.Ruby.Internal.Observations;
using StellaOps.Scanner.Core.Contracts;
using StellaOps.Scanner.Surface.Env;
using StellaOps.Scanner.Surface.Validation;
@@ -43,6 +47,11 @@ public sealed class RubyLanguageAnalyzer : ILanguageAnalyzer
evidence: package.CreateEvidence(),
usedByEntrypoint: runtimeUsage?.UsedByEntrypoint ?? false);
}
if (packages.Count > 0)
{
EmitObservation(context, writer, packages, runtimeGraph, capabilities);
}
}
private static async ValueTask EnsureSurfaceValidationAsync(LanguageAnalyzerContext context, CancellationToken cancellationToken)
@@ -60,16 +69,120 @@ public sealed class RubyLanguageAnalyzer : ILanguageAnalyzer
var properties = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
{
["analyzerId"] = \"ruby\",
[\"rootPath\"] = context.RootPath
["analyzerId"] = "ruby",
["rootPath"] = context.RootPath
};
var validationContext = SurfaceValidationContext.Create(
context.Services,
\"StellaOps.Scanner.Analyzers.Lang.Ruby\",
"StellaOps.Scanner.Analyzers.Lang.Ruby",
environment.Settings,
properties);
await validatorRunner.EnsureAsync(validationContext, cancellationToken).ConfigureAwait(false);
}
private void EmitObservation(
LanguageAnalyzerContext context,
LanguageComponentWriter writer,
IReadOnlyList<RubyPackage> packages,
RubyRuntimeGraph runtimeGraph,
RubyCapabilities capabilities)
{
ArgumentNullException.ThrowIfNull(context);
ArgumentNullException.ThrowIfNull(writer);
ArgumentNullException.ThrowIfNull(packages);
ArgumentNullException.ThrowIfNull(runtimeGraph);
ArgumentNullException.ThrowIfNull(capabilities);
var observationDocument = RubyObservationBuilder.Build(packages, runtimeGraph, capabilities);
var observationJson = RubyObservationSerializer.Serialize(observationDocument);
var observationHash = RubyObservationSerializer.ComputeSha256(observationJson);
var observationBytes = Encoding.UTF8.GetBytes(observationJson);
var observationMetadata = BuildObservationMetadata(
packages.Count,
observationDocument.RuntimeEdges.Length,
observationDocument.Capabilities);
TryPersistObservation(Id, context, observationBytes, observationMetadata);
var observationEvidence = new[]
{
new LanguageComponentEvidence(
LanguageEvidenceKind.Derived,
"ruby.observation",
"document",
observationJson,
observationHash)
};
writer.AddFromExplicitKey(
analyzerId: Id,
componentKey: "observation::ruby",
purl: null,
name: "Ruby Observation Summary",
version: null,
type: "ruby-observation",
metadata: observationMetadata,
evidence: observationEvidence);
}
private static IEnumerable<KeyValuePair<string, string?>> BuildObservationMetadata(
int packageCount,
int runtimeEdgeCount,
RubyObservationCapabilitySummary capabilities)
{
yield return new KeyValuePair<string, string?>("ruby.observation.packages", packageCount.ToString(CultureInfo.InvariantCulture));
yield return new KeyValuePair<string, string?>("ruby.observation.runtime_edges", runtimeEdgeCount.ToString(CultureInfo.InvariantCulture));
yield return new KeyValuePair<string, string?>("ruby.observation.capability.exec", capabilities.UsesExec ? "true" : "false");
yield return new KeyValuePair<string, string?>("ruby.observation.capability.net", capabilities.UsesNetwork ? "true" : "false");
yield return new KeyValuePair<string, string?>("ruby.observation.capability.serialization", capabilities.UsesSerialization ? "true" : "false");
yield return new KeyValuePair<string, string?>("ruby.observation.capability.schedulers", capabilities.JobSchedulers.Length.ToString(CultureInfo.InvariantCulture));
}
private static void TryPersistObservation(
string analyzerId,
LanguageAnalyzerContext context,
byte[] observationBytes,
IEnumerable<KeyValuePair<string, string?>> metadata)
{
if (string.IsNullOrWhiteSpace(analyzerId))
{
throw new ArgumentException("Analyzer id is required", nameof(analyzerId));
}
if (context.AnalysisStore is not { } analysisStore)
{
return;
}
var metadataDictionary = CreateMetadata(metadata);
var payload = new AnalyzerObservationPayload(
analyzerId: analyzerId,
kind: "ruby.observation",
mediaType: "application/json",
content: observationBytes,
metadata: metadataDictionary,
view: "observations");
analysisStore.Set(ScanAnalysisKeys.RubyObservationPayload, payload);
}
private static IReadOnlyDictionary<string, string?>? CreateMetadata(IEnumerable<KeyValuePair<string, string?>> metadata)
{
Dictionary<string, string?>? dictionary = null;
foreach (var pair in metadata ?? Array.Empty<KeyValuePair<string, string?>>())
{
if (string.IsNullOrWhiteSpace(pair.Key) || string.IsNullOrWhiteSpace(pair.Value))
{
continue;
}
dictionary ??= new Dictionary<string, string?>(StringComparer.OrdinalIgnoreCase);
dictionary[pair.Key] = pair.Value;
}
return dictionary;
}
}

1
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/StellaOps.Scanner.Analyzers.Lang.Ruby.csproj
View File

@@ -16,5 +16,6 @@
<ItemGroup>
<ProjectReference Include="..\StellaOps.Scanner.Analyzers.Lang\StellaOps.Scanner.Analyzers.Lang.csproj" />
<ProjectReference Include="..\StellaOps.Scanner.Surface.Validation\StellaOps.Scanner.Surface.Validation.csproj" />
</ItemGroup>
</Project>

2
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md
View File

@@ -2,6 +2,6 @@
| Task ID | State | Notes |
| --- | --- | --- |
| `SCANNER-ENG-0016` | DOING (2025-11-10) | Building RubyLockCollector + multi-source vendor ingestion per design §4.14.3 (Codex agent). |
| `SCANNER-ENG-0016` | DONE (2025-11-10) | RubyLockCollector merged with vendor cache ingestion; workspace overrides, bundler groups, git/path fixture, and offline-kit mirror updated. |
| `SCANNER-ENG-0017` | DONE (2025-11-09) | Build runtime require/autoload graph builder with tree-sitter Ruby per design §4.4, feed EntryTrace hints. |
| `SCANNER-ENG-0018` | DONE (2025-11-09) | Emit Ruby capability + framework surface signals, align with design §4.5 / Sprint 138. |

2
src/Scanner/__Libraries/StellaOps.Scanner.Core/Contracts/ScanAnalysisKeys.cs
View File

@@ -21,4 +21,6 @@ public static class ScanAnalysisKeys
public const string RegistryCredentials = "analysis.registry.credentials";
public const string DenoObservationPayload = "analysis.lang.deno.observation";
public const string RubyObservationPayload = "analysis.lang.ruby.observation";
}

34
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/basic/expected.json
View File

@@ -1,4 +1,28 @@
[
{
"analyzerId": "ruby",
"componentKey": "observation::ruby",
"name": "Ruby Observation Summary",
"type": "ruby-observation",
"usedByEntrypoint": false,
"metadata": {
"ruby.observation.capability.exec": "true",
"ruby.observation.capability.net": "true",
"ruby.observation.capability.schedulers": "4",
"ruby.observation.capability.serialization": "true",
"ruby.observation.packages": "3",
"ruby.observation.runtime_edges": "3"
},
"evidence": [
{
"kind": "derived",
"source": "ruby.observation",
"locator": "document",
"value": "{\u0022packages\u0022:[{\u0022name\u0022:\u0022custom-gem\u0022,\u0022version\u0022:\u00221.0.0\u0022,\u0022source\u0022:\u0022vendor-cache\u0022,\u0022declaredOnly\u0022:false,\u0022artifact\u0022:\u0022vendor/cache/custom-gem-1.0.0.gem\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022puma\u0022,\u0022version\u0022:\u00226.4.2\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022rake\u0022,\u0022version\u0022:\u002213.1.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]}],\u0022runtimeEdges\u0022:[{\u0022package\u0022:\u0022custom-gem\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022puma\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022rake\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]}],\u0022capabilities\u0022:{\u0022usesExec\u0022:true,\u0022usesNetwork\u0022:true,\u0022usesSerialization\u0022:true,\u0022jobSchedulers\u0022:[\u0022activejob\u0022,\u0022clockwork\u0022,\u0022resque\u0022,\u0022sidekiq\u0022]}}",
"sha256": "sha256:3818fd050909977a44167565a419a307777bc38998ad49d6a41c054982c6f46e"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/custom-gem@1.0.0",
@@ -8,6 +32,7 @@
"type": "gem",
"usedByEntrypoint": true,
"metadata": {
"artifact": "vendor/cache/custom-gem-1.0.0.gem",
"capability.exec": "true",
"capability.net": "true",
"capability.scheduler": "activejob;clockwork;resque;sidekiq",
@@ -16,7 +41,8 @@
"capability.scheduler.resque": "true",
"capability.scheduler.sidekiq": "true",
"capability.serialization": "true",
"declaredOnly": "true",
"declaredOnly": "false",
"groups": "default",
"lockfile": "vendor/cache/custom-gem-1.0.0.gem",
"runtime.entrypoints": "app/main.rb",
"runtime.files": "app/main.rb",
@@ -27,7 +53,7 @@
"evidence": [
{
"kind": "file",
"source": "Gemfile.lock",
"source": "custom-gem-1.0.0.gem",
"locator": "vendor/cache/custom-gem-1.0.0.gem"
}
]
@@ -50,6 +76,7 @@
"capability.scheduler.sidekiq": "true",
"capability.serialization": "true",
"declaredOnly": "true",
"groups": "default",
"lockfile": "Gemfile.lock",
"runtime.entrypoints": "app/main.rb",
"runtime.files": "app/main.rb",
@@ -83,6 +110,7 @@
"capability.scheduler.sidekiq": "true",
"capability.serialization": "true",
"declaredOnly": "true",
"groups": "default",
"lockfile": "Gemfile.lock",
"runtime.entrypoints": "app/main.rb",
"runtime.files": "app/main.rb",
@@ -98,4 +126,4 @@
}
]
}
]
]

12
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/git-sources/Gemfile Normal file
View File

@@ -0,0 +1,12 @@
source "https://rubygems.org"
git "https://github.com/example/git-gem.git", branch: "main" do
gem "git-gem"
end
gem "httparty", "~> 0.21.0"
path "vendor/plugins/path-gem" do
gem "path-gem", "~> 2.1"
end

31
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/git-sources/Gemfile.lock Normal file
View File

@@ -0,0 +1,31 @@
GIT
remote: https://github.com/example/git-gem.git
revision: 0123456789abcdef0123456789abcdef01234567
branch: main
specs:
git-gem (0.5.0)
PATH
remote: vendor/plugins/path-gem
specs:
path-gem (2.1.3)
rake (~> 13.0)
GEM
remote: https://rubygems.org/
specs:
httparty (0.21.0)
multi_xml (~> 0.5)
multi_xml (0.6.0)
rake (13.1.0)
PLATFORMS
ruby
DEPENDENCIES
git-gem!
httparty (~> 0.21.0)
path-gem (~> 2.1)!
BUNDLED WITH
2.5.10

7
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/git-sources/app/main.rb Normal file
View File

@@ -0,0 +1,7 @@
require "git-gem"
require "path-gem"
require "httparty"
puts GitGem.version
puts PathGem::Runner.new.perform
puts HTTParty.get("https://example.invalid")

154
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/git-sources/expected.json Normal file
View File

@@ -0,0 +1,154 @@
[
{
"analyzerId": "ruby",
"componentKey": "observation::ruby",
"name": "Ruby Observation Summary",
"type": "ruby-observation",
"usedByEntrypoint": false,
"metadata": {
"ruby.observation.capability.exec": "false",
"ruby.observation.capability.net": "true",
"ruby.observation.capability.schedulers": "0",
"ruby.observation.capability.serialization": "false",
"ruby.observation.packages": "5",
"ruby.observation.runtime_edges": "3"
},
"evidence": [
{
"kind": "derived",
"source": "ruby.observation",
"locator": "document",
"value": "{\u0022packages\u0022:[{\u0022name\u0022:\u0022git-gem\u0022,\u0022version\u0022:\u00220.5.0\u0022,\u0022source\u0022:\u0022git:https://github.com/example/git-gem.git@0123456789abcdef0123456789abcdef01234567\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022httparty\u0022,\u0022version\u0022:\u00220.21.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022multi_xml\u0022,\u0022version\u0022:\u00220.6.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022path-gem\u0022,\u0022version\u0022:\u00222.1.3\u0022,\u0022source\u0022:\u0022vendor-cache\u0022,\u0022declaredOnly\u0022:false,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022artifact\u0022:\u0022vendor/cache/path-gem-2.1.3.gem\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022rake\u0022,\u0022version\u0022:\u002213.1.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]}],\u0022runtimeEdges\u0022:[{\u0022package\u0022:\u0022git-gem\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022httparty\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022path-gem\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]}],\u0022capabilities\u0022:{\u0022usesExec\u0022:false,\u0022usesNetwork\u0022:true,\u0022usesSerialization\u0022:false,\u0022jobSchedulers\u0022:[]}}",
"sha256": "sha256:1cd5eb20a226916b9d1acbfc7182845a3ebca8284c7f558b23b7e87395e0a2c2"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/git-gem@0.5.0",
"purl": "pkg:gem/git-gem@0.5.0",
"name": "git-gem",
"version": "0.5.0",
"type": "gem",
"usedByEntrypoint": true,
"metadata": {
"capability.net": "true",
"declaredOnly": "true",
"groups": "default",
"lockfile": "Gemfile.lock",
"runtime.entrypoints": "app/main.rb",
"runtime.files": "app/main.rb",
"runtime.reasons": "require-static",
"runtime.used": "true",
"source": "git:https://github.com/example/git-gem.git@0123456789abcdef0123456789abcdef01234567"
},
"evidence": [
{
"kind": "file",
"source": "Gemfile.lock",
"locator": "Gemfile.lock"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/httparty@0.21.0",
"purl": "pkg:gem/httparty@0.21.0",
"name": "httparty",
"version": "0.21.0",
"type": "gem",
"usedByEntrypoint": true,
"metadata": {
"capability.net": "true",
"declaredOnly": "true",
"groups": "default",
"lockfile": "Gemfile.lock",
"runtime.entrypoints": "app/main.rb",
"runtime.files": "app/main.rb",
"runtime.reasons": "require-static",
"runtime.used": "true",
"source": "https://rubygems.org/"
},
"evidence": [
{
"kind": "file",
"source": "Gemfile.lock",
"locator": "Gemfile.lock"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/multi_xml@0.6.0",
"purl": "pkg:gem/multi_xml@0.6.0",
"name": "multi_xml",
"version": "0.6.0",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"capability.net": "true",
"declaredOnly": "true",
"groups": "default",
"lockfile": "Gemfile.lock",
"source": "https://rubygems.org/"
},
"evidence": [
{
"kind": "file",
"source": "Gemfile.lock",
"locator": "Gemfile.lock"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/path-gem@2.1.3",
"purl": "pkg:gem/path-gem@2.1.3",
"name": "path-gem",
"version": "2.1.3",
"type": "gem",
"usedByEntrypoint": true,
"metadata": {
"artifact": "vendor/cache/path-gem-2.1.3.gem",
"capability.net": "true",
"declaredOnly": "false",
"groups": "default",
"lockfile": "Gemfile.lock",
"runtime.entrypoints": "app/main.rb",
"runtime.files": "app/main.rb",
"runtime.reasons": "require-static",
"runtime.used": "true",
"source": "vendor-cache"
},
"evidence": [
{
"kind": "file",
"source": "path-gem-2.1.3.gem",
"locator": "vendor/cache/path-gem-2.1.3.gem"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/rake@13.1.0",
"purl": "pkg:gem/rake@13.1.0",
"name": "rake",
"version": "13.1.0",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"capability.net": "true",
"declaredOnly": "true",
"groups": "default",
"lockfile": "Gemfile.lock",
"source": "https://rubygems.org/"
},
"evidence": [
{
"kind": "file",
"source": "Gemfile.lock",
"locator": "Gemfile.lock"
}
]
}
]

0
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/git-sources/vendor/cache/path-gem-2.1.3.gem vendored Normal file
View File

194
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/workspace/expected.json
View File

@@ -1 +1,193 @@
[]
[
{
"analyzerId": "ruby",
"componentKey": "observation::ruby",
"name": "Ruby Observation Summary",
"type": "ruby-observation",
"usedByEntrypoint": false,
"metadata": {
"ruby.observation.capability.exec": "false",
"ruby.observation.capability.net": "false",
"ruby.observation.capability.schedulers": "0",
"ruby.observation.capability.serialization": "false",
"ruby.observation.packages": "7",
"ruby.observation.runtime_edges": "4"
},
"evidence": [
{
"kind": "derived",
"source": "ruby.observation",
"locator": "document",
"value": "{\u0022packages\u0022:[{\u0022name\u0022:\u0022api-gem\u0022,\u0022version\u0022:\u00220.1.0\u0022,\u0022source\u0022:\u0022apps\u0022,\u0022declaredOnly\u0022:false,\u0022artifact\u0022:\u0022apps/api/vendor/bundle/ruby/3.1.0/gems/api-gem-0.1.0\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022bootsnap\u0022,\u0022version\u0022:\u00221.18.4\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022apps/api/Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022pry\u0022,\u0022version\u0022:\u00221.0.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022development\u0022,\u0022test\u0022]},{\u0022name\u0022:\u0022puma\u0022,\u0022version\u0022:\u00226.4.2\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022console\u0022,\u0022production\u0022]},{\u0022name\u0022:\u0022rails\u0022,\u0022version\u0022:\u00227.1.3\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022rubocop\u0022,\u0022version\u0022:\u00221.60.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022development\u0022,\u0022test\u0022]},{\u0022name\u0022:\u0022sidekiq\u0022,\u0022version\u0022:\u00227.2.4\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022apps/api/Gemfile.lock\u0022,\u0022groups\u0022:[\u0022jobs\u0022]}],\u0022runtimeEdges\u0022:[{\u0022package\u0022:\u0022bootsnap\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022puma\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022rails\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022sidekiq\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]}],\u0022capabilities\u0022:{\u0022usesExec\u0022:false,\u0022usesNetwork\u0022:false,\u0022usesSerialization\u0022:false,\u0022jobSchedulers\u0022:[]}}",
"sha256": "sha256:6f9996b97be3dbbf3a18c2cb91624d45ddd16b2a374dd4a7f48049f5192114e2"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/api-gem@0.1.0",
"purl": "pkg:gem/api-gem@0.1.0",
"name": "api-gem",
"version": "0.1.0",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"artifact": "apps/api/vendor/bundle/ruby/3.1.0/gems/api-gem-0.1.0",
"declaredOnly": "false",
"groups": "default",
"lockfile": "apps/api/vendor/bundle/ruby/3.1.0/gems/api-gem-0.1.0",
"source": "apps"
},
"evidence": [
{
"kind": "file",
"source": "api-gem-0.1.0",
"locator": "apps/api/vendor/bundle/ruby/3.1.0/gems/api-gem-0.1.0"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/bootsnap@1.18.4",
"purl": "pkg:gem/bootsnap@1.18.4",
"name": "bootsnap",
"version": "1.18.4",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"declaredOnly": "true",
"groups": "default",
"lockfile": "apps/api/Gemfile.lock",
"runtime.files": "app/main.rb",
"runtime.reasons": "require-static",
"runtime.used": "true",
"source": "https://rubygems.org/"
},
"evidence": [
{
"kind": "file",
"source": "Gemfile.lock",
"locator": "apps/api/Gemfile.lock"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/pry@1.0.0",
"purl": "pkg:gem/pry@1.0.0",
"name": "pry",
"version": "1.0.0",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"declaredOnly": "true",
"groups": "development;test",
"lockfile": "Gemfile.lock",
"source": "https://rubygems.org/"
},
"evidence": [
{
"kind": "file",
"source": "Gemfile.lock",
"locator": "Gemfile.lock"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/puma@6.4.2",
"purl": "pkg:gem/puma@6.4.2",
"name": "puma",
"version": "6.4.2",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"declaredOnly": "true",
"groups": "console;production",
"lockfile": "Gemfile.lock",
"runtime.files": "app/main.rb",
"runtime.reasons": "require-static",
"runtime.used": "true",
"source": "https://rubygems.org/"
},
"evidence": [
{
"kind": "file",
"source": "Gemfile.lock",
"locator": "Gemfile.lock"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/rails@7.1.3",
"purl": "pkg:gem/rails@7.1.3",
"name": "rails",
"version": "7.1.3",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"declaredOnly": "true",
"groups": "default",
"lockfile": "Gemfile.lock",
"runtime.files": "app/main.rb",
"runtime.reasons": "require-static",
"runtime.used": "true",
"source": "https://rubygems.org/"
},
"evidence": [
{
"kind": "file",
"source": "Gemfile.lock",
"locator": "Gemfile.lock"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/rubocop@1.60.0",
"purl": "pkg:gem/rubocop@1.60.0",
"name": "rubocop",
"version": "1.60.0",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"declaredOnly": "true",
"groups": "development;test",
"lockfile": "Gemfile.lock",
"source": "https://rubygems.org/"
},
"evidence": [
{
"kind": "file",
"source": "Gemfile.lock",
"locator": "Gemfile.lock"
}
]
},
{
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/sidekiq@7.2.4",
"purl": "pkg:gem/sidekiq@7.2.4",
"name": "sidekiq",
"version": "7.2.4",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"declaredOnly": "true",
"groups": "jobs",
"lockfile": "apps/api/Gemfile.lock",
"runtime.files": "app/main.rb",
"runtime.reasons": "require-static",
"runtime.used": "true",
"source": "https://rubygems.org/"
},
"evidence": [
{
"kind": "file",
"source": "Gemfile.lock",
"locator": "apps/api/Gemfile.lock"
}
]
}
]

15
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Lang/Ruby/RubyLanguageAnalyzerTests.cs
View File

@@ -34,4 +34,19 @@ public sealed class RubyLanguageAnalyzerTests
new ILanguageAnalyzer[] { new RubyLanguageAnalyzer() },
cancellationToken: TestContext.Current.CancellationToken);
}
[Fact]
public async Task GitAndPathSourcesAsync()
{
var fixture = TestPaths.ResolveFixture("lang", "ruby", "git-sources");
var golden = Path.Combine(fixture, "expected.json");
var usageHints = new LanguageUsageHints(new[] { Path.Combine(fixture, "app", "main.rb") });
await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
fixture,
golden,
new ILanguageAnalyzer[] { new RubyLanguageAnalyzer() },
cancellationToken: TestContext.Current.CancellationToken,
usageHints: usageHints);
}
}