salus icon indicating copy to clipboard operation
salus copied to clipboard

Published 20 hours ago verified publisher icon coinbase

Add basic support for Sobelow

Open alex0112 opened this issue 2 years ago • 7 comments

With regards to #627

This PR is intended to be a minimum viable scanner. It will correctly detect and scan Phoenix applications. Instructions for omitting false positives are found in the doc for this scanner, but as a TODO I would like to add the complete list of options for the scanner to a config file in line with how the remainder of the application works.

alex0112 avatar Jul 01 '22 05:07 alex0112

Below should help pass the tests -

Adding "Sobelow" to this list - https://github.com/coinbase/salus/blob/5d6b2777632ae5d186ef947ac3d56851df1f30db/spec/fixtures/processor/local_uri/expected_report.json#L62

Adding JSON object

"Sobelow": {
        "pass_on_raise": false,
        "scanner_timeout_s": 0
      },

to https://github.com/coinbase/salus/blob/5d6b2777632ae5d186ef947ac3d56851df1f30db/spec/fixtures/processor/local_uri/expected_report.json#L103

maitrayshah-cb avatar Jul 04 '22 22:07 maitrayshah-cb

Similarly adding -

Adding "Sobelow" to this list - https://github.com/coinbase/salus/blob/5d6b2777632ae5d186ef947ac3d56851df1f30db/spec/fixtures/processor/remote_uri/expected_report.json#L62

Adding JSON object

"Sobelow": {
        "pass_on_raise": false,
        "scanner_timeout_s": 0
      },

to https://github.com/coinbase/salus/blob/5d6b2777632ae5d186ef947ac3d56851df1f30db/spec/fixtures/processor/remote_uri/expected_report.json#L103

maitrayshah-cb avatar Jul 04 '22 22:07 maitrayshah-cb

Thanks I’ll give it a try.

On Jul 4, 2022, at 4:09 PM, maitrayshah @.***> wrote:

 Similarly adding -

Adding "Sobelow" to this list - https://github.com/coinbase/salus/blob/5d6b2777632ae5d186ef947ac3d56851df1f30db/spec/fixtures/processor/remote_uri/expected_report.json#L62

Adding JSON object

"Sobelow": { "pass_on_raise": false, "scanner_timeout_s": 0 }, to https://github.com/coinbase/salus/blob/5d6b2777632ae5d186ef947ac3d56851df1f30db/spec/fixtures/processor/remote_uri/expected_report.json#L103

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.

alex0112 avatar Jul 05 '22 01:07 alex0112

@maitrayshah Thanks for the suggestions, looks like it's passing now. Let me know if you need anything else from me to get this merged.

alex0112 avatar Sep 13 '22 05:09 alex0112

@alex0112 Thanks for adding this, I'll take a look and if everything looks good will merge it in.

maitrayshah-cb avatar Sep 13 '22 06:09 maitrayshah-cb

@maitrayshah I'm not sure how to resolve this new error. Any pointers?

alex0112 avatar Sep 21 '22 18:09 alex0112

@alex0112 Yeah I think my bad, while resolving conflict I messed up the config file. Essentially just make sure it matches this block - https://github.com/coinbase/salus/blob/e732912847a39450e6d7f17dd7b3e715c30a5da5/spec/fixtures/processor/local_uri/expected_report.json#L54 and has an object for Sobelow too and that should fix it. Apologize for the issue.

maitrayshah-cb avatar Sep 21 '22 18:09 maitrayshah-cb