Testing PR

.github/workflows/simplesecurity_pull_request.yml

@@ -0,0 +1,28 @@
+name: simplesecurity_pr
+
+on: pull_request
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install poetry
+        run: pipx install poetry
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+          cache: poetry
+      - name: Install dependencies
+        run: poetry install --no-root
+      - name: Install Trivy
+        run: |
+          /bin/bash install_trivy.sh
+          trivy -h
+      - name: run scans
+        run: > 
+          poetry run simplesecurity --send_to_git 
+          --github_repository ${{ github.event.repository.name }} 
+          --github_pr_number GITHUB_REF
+          --github_access_token ${{ secrets.GITHUB_TOKEN }} 
+          --scan_path .

.github/workflows/simplesecurity_push.yml

@@ -0,0 +1,25 @@
+name: simplesecurity_push
+
+on: push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install poetry
+        run: pipx install poetry
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+          cache: poetry
+      - name: Install dependencies
+        run: poetry install --no-root
+      - name: Install Trivy
+        run: |
+          /bin/bash install_trivy.sh
+          trivy -h
+      - name: run scans
+        run: > 
+          poetry run simplesecurity
+          --scan_path .

.github/workflows/sphinx.yml

@@ -0,0 +1,20 @@
+name: "Docs Check"
+on:
+- pull_request
+- push
+
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - uses: ammaraskar/sphinx-action@master
+      with:
+        pre-build-command: |
+          pip install -r docs/requirements.txt
+        build-command: "sphinx-build -b html . ../build/html"
+        docs-folder: "docs/source/"
+    - uses: actions/upload-artifact@v1
+      with:
+        name: DocumentationHTML
+        path: docs/build/html/

.gitignore

@@ -1,9 +1,3 @@
-
-README.rst
-
-# DepHell stuff
-poetry.lock
-
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
@@ -96,7 +90,7 @@ ipython_config.py
 # pipenv
 #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
 #   However, in case of collaboration, if having platform-specific dependencies or dependencies
-#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   having no cross-platform support.rst, pipenv may install dependencies that don't work, or not
 #   install all needed dependencies.
 #Pipfile.lock
 

docs/Makefile

@@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line, and also
+# from the environment for the first two.
+SPHINXOPTS    ?=
+SPHINXBUILD   ?= sphinx-build
+SOURCEDIR     = source
+BUILDDIR      = build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

docs/make.bat

@@ -0,0 +1,35 @@
+@ECHO OFF
+
+pushd %~dp0
+
+REM Command file for Sphinx documentation
+
+if "%SPHINXBUILD%" == "" (
+	set SPHINXBUILD=sphinx-build
+)
+set SOURCEDIR=source
+set BUILDDIR=build
+
+%SPHINXBUILD% >NUL 2>NUL
+if errorlevel 9009 (
+	echo.
+	echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
+	echo.installed, then set the SPHINXBUILD environment variable to point
+	echo.to the full path of the 'sphinx-build' executable. Alternatively you
+	echo.may add the Sphinx directory to PATH.
+	echo.
+	echo.If you don't have Sphinx installed, grab it from
+	echo.https://www.sphinx-doc.org/
+	exit /b 1
+)
+
+if "%1" == "" goto help
+
+%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
+goto end
+
+:help
+%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
+
+:end
+popd

docs/requirements.txt

@@ -0,0 +1,12 @@
+docutils==0.17
+sphinx-autodoc-typehints==1.19.5
+sphinx-mdinclude==0.5.3
+sphinx-rtd-theme==1.1.1
+sphinx==5.3.0
+sphinxcontrib-applehelp==1.0.2
+sphinxcontrib-devhelp==1.0.2
+sphinxcontrib-htmlhelp==2.0.0
+sphinxcontrib-jsmath==1.0.1
+sphinxcontrib-qthelp==1.0.3
+sphinxcontrib-serializinghtml==1.1.5
+pygithub >= 1.57

docs/source/changelog.rst

@@ -0,0 +1,4 @@
+Changelog
+=========
+
+See the `Changelog </CHANGELOG.md>`_ for more information.

docs/source/codeOfConduct.rst

@@ -0,0 +1,7 @@
+Code of Conduct
+===============
+
+Online communities include people from many backgrounds. The *Project*
+contributors are committed to providing a friendly, safe and welcoming
+environment for all. Please see the
+`Code of Conduct <https://github.com/FHPythonUtils/.github/blob/master/CODE_OF_CONDUCT.md>`_ for more information.

docs/source/conf.py

@@ -0,0 +1,77 @@
+# Configuration file for the Sphinx documentation builder.
+#
+# This file only contains a selection of the most common options. For a full
+# list see the documentation:
+# https://www.sphinx-doc.org/en/master/usage/configuration.html
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+import os
+import sys
+
+sys.path.insert(0, os.path.abspath("../.."))
+
+
+# -- Project information -----------------------------------------------------
+
+project = "SimpleSecurity"
+copyright = "2022, FredHappyface, Pieter Geelen"
+author = "FredHappyface, Pieter Geelen"
+
+# The full version, including alpha/beta/rc tags
+release = "2023.1.1"
+
+
+# -- General configuration ---------------------------------------------------
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+    "sphinx.ext.autodoc",
+    "sphinx_rtd_theme",
+    "sphinx_autodoc_typehints",
+    "sphinx_mdinclude",
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ["_templates"]
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = []
+
+
+# -- Options for HTML output -------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+html_theme = "sphinx_rtd_theme"
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ["_static"]
+
+html_theme_options = {
+    "logo_only": True,
+    "display_version": False,
+    "prev_next_buttons_location": "bottom",
+    "style_external_links": False,
+    "vcs_pageview_mode": "display_github",
+    # 'style_nav_header_background': 'blue',
+    # Toc options
+    "collapse_navigation": True,
+    "sticky_navigation": True,
+    "navigation_depth": 4,
+    "includehidden": True,
+    "titles_only": False,
+}
+
+html_logo = "../../readme-assets/icons/proj-icon.png"

docs/source/contribution.rst

@@ -0,0 +1,5 @@
+Contributing
+============
+
+Contributions are welcome, please see the
+`Contributing Guidelines <https://github.com/FHPythonUtils/.github/blob/master/CONTRIBUTING.md>`_ for more information.

docs/source/gettingstarted.rst

@@ -0,0 +1,78 @@
+Getting Started
+===============
+
+Install With PIP
+----------------
+A requirement for using SimpleSecurity is having a version of python 3.x installed.
+
+.. highlight:: bash
+.. code-block:: bash
+
+   pip install simplesecurity
+
+
+
+Head to https://pypi.org/project/SimpleSecurity/ for more info
+This program has been written for Python versions 3.7 - 3.10 and has been tested with both 3.7 and
+3.10
+
+Run CLI
+---------
+In order to run the CLI utility, you can run `simplesecurity` in this directory
+
+.. image:: ../../readme-assets/screenshots/sec.svg
+   :width: 500px
+   :alt: Screenshot
+
+Options in the CLI tool include:
+
+.. highlight:: bash
+.. code-block:: bash
+
+   usage: __main__.py [-h] [--format FORMAT] [--plugin PLUGIN] [--file FILE]
+                      [--level LEVEL] [--confidence CONFIDENCE]
+                      [--no-colour] [--high-contrast] [--fast] [--zero]
+
+   Combine multiple popular python security tools...
+
+   and generate reports or output into different formats.
+
+   optional arguments:
+     -h, --help            show this help message and exit
+     --format FORMAT, -f FORMAT
+                           Output format. One of ansi, json, markdown, csv. default=ansi
+     --plugin PLUGIN, -p PLUGIN
+                           Plugin to use. One of bandit, safety, dodgy, dlint, semgrep, all, default=all
+     --file FILE, -o FILE  Filename to write to (omit for stdout)
+     --level LEVEL, -l LEVEL
+                           Minimum level/ severity to show
+     --confidence CONFIDENCE, -c CONFIDENCE
+                           Minimum confidence to show
+     --no-colour, -z       No ANSI colours
+     --high-contrast, -Z   High contrast colours
+     --fast, --skip        Skip long running jobs. Will omit plugins with long run time (applies to -p all only)
+     --zero, -0            Return non zero exit code if any security vulnerabilities are found
+
+
+You can also import this into your own project and use any of the functions
+in the DOCS
+
+Configuring Semgrep
+-------------------
+The configuration of SemGrep is organized with a `yaml` file. A default config is already enclosed in this library. I
+you want to specify the config, you can follow the steps below:
+
+1. Clone https://github.com/returntocorp/semgrep-rules
+2. cd to `semgrep-rules/python`
+3. do
+
+.. highlight:: bash
+.. code-block:: bash
+
+   cat **/security/**/*.yaml >> semgrep_sec.yaml
+   cat **/security/*.yaml >> semgrep_sec.yaml
+
+
+4. Find and replace `rules:` with `` apart from the first instance
+5. Reformat with `ctrl+shift+i`
+6. replace simplesecurity/semgrep_sec.yaml with the new one