From f58469897fbe8274dde127a5c71f4e58e83c0488 Mon Sep 17 00:00:00 2001 From: jlanson Date: Fri, 31 Jan 2025 09:42:14 -0500 Subject: [PATCH] chore: bump plugin versions in Hipcheck confs and Hipcheck version --- Cargo.lock | 2 +- config/Hipcheck.kdl | 24 +++++++++++------------ dist/Containerfile | 2 +- hipcheck/Cargo.toml | 2 +- hipcheck/src/config.rs | 6 +++--- hipcheck/src/policy/config_to_policy.rs | 25 +++++++++++------------- hipcheck/src/policy/test_example.kdl | 26 ++++++++++++------------- site/config.toml | 2 +- site/static/dl/install.ps1 | 2 +- site/static/dl/install.sh | 2 +- 10 files changed, 45 insertions(+), 48 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bfdbff0c..4857ebb1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2114,7 +2114,7 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "hipcheck" -version = "3.9.1" +version = "3.10.0" dependencies = [ "anyhow", "async-stream", diff --git a/config/Hipcheck.kdl b/config/Hipcheck.kdl index 299aa49c..312dc2a2 100644 --- a/config/Hipcheck.kdl +++ b/config/Hipcheck.kdl @@ -1,12 +1,12 @@ plugins { - plugin "mitre/activity" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/activity.kdl" - plugin "mitre/affiliation" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/affiliation.kdl" - plugin "mitre/binary" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/binary.kdl" - plugin "mitre/churn" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/churn.kdl" - plugin "mitre/entropy" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/entropy.kdl" - plugin "mitre/fuzz" version="0.1.1" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/fuzz.kdl" - plugin "mitre/review" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/review.kdl" - plugin "mitre/typo" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/typo.kdl" + plugin "mitre/activity" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/activity.kdl" + plugin "mitre/affiliation" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/affiliation.kdl" + plugin "mitre/binary" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/binary.kdl" + plugin "mitre/churn" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/churn.kdl" + plugin "mitre/entropy" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/entropy.kdl" + plugin "mitre/fuzz" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/fuzz.kdl" + plugin "mitre/review" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/review.kdl" + plugin "mitre/typo" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/typo.kdl" } patch { @@ -22,7 +22,7 @@ analyze { category "practices" { analysis "mitre/activity" policy="(lte $ P52w)" weight=3 analysis "mitre/binary" { - binary-file #rel("Binary.toml") + binary-file #rel("Binary.kdl") binary-file-threshold 0 } analysis "mitre/fuzz" policy="(eq #t $)" @@ -31,7 +31,7 @@ analyze { category "attacks" { analysis "mitre/typo" { - typo-file #rel("Typos.toml") + typo-file #rel("Typos.kdl") count-threshold 0 } @@ -42,12 +42,12 @@ analyze { } analysis "mitre/entropy" policy="(eq 0 (count (filter (gt 8.0) $)))" { - langs-file #rel("Langs.toml") + langs-file #rel("Langs.kdl") entropy-threshold 10.0 commit-percentage 0.0 } analysis "mitre/churn" policy="(lte (divz (count (filter (gt 3) $)) (count $)) 0.02)" { - langs-file #rel("Langs.toml") + langs-file #rel("Langs.kdl") } } } diff --git a/dist/Containerfile b/dist/Containerfile index f62a775a..15f3a543 100644 --- a/dist/Containerfile +++ b/dist/Containerfile @@ -2,7 +2,7 @@ FROM node:bookworm-slim -ARG HC_VERSION="3.9.1" +ARG HC_VERSION="3.10.0" WORKDIR /app diff --git a/hipcheck/Cargo.toml b/hipcheck/Cargo.toml index e12bffcb..5383a087 100644 --- a/hipcheck/Cargo.toml +++ b/hipcheck/Cargo.toml @@ -6,7 +6,7 @@ Automatically assess and score software packages for supply chain risk. keywords = ["security", "sbom"] categories = ["command-line-utilities", "development-tools"] readme = "../README.md" -version = "3.9.1" +version = "3.10.0" edition = "2021" license = "Apache-2.0" homepage = "https://hipcheck.mitre.org" diff --git a/hipcheck/src/config.rs b/hipcheck/src/config.rs index 2ec8c0f4..0cdfd709 100644 --- a/hipcheck/src/config.rs +++ b/hipcheck/src/config.rs @@ -214,7 +214,7 @@ pub struct AffiliationConfig { #[serde(default)] pub struct BinaryConfig { /// Binary file extension configuration file. - #[default = "Binary.toml"] + #[default = "Binary.kdl"] pub binary_config_file: String, /// Whether the analysis is active. @@ -369,7 +369,7 @@ pub struct TypoConfig { pub count_threshold: u64, /// Path to a "typos file" containing necessary information for typo detection. - #[default = "Typos.toml"] + #[default = "Typos.kdl"] pub typo_file: String, } @@ -378,7 +378,7 @@ pub struct TypoConfig { #[serde(default)] pub struct LanguagesConfig { /// The file to pull language information from. - #[default = "Langs.toml"] + #[default = "Langs.kdl"] pub langs_file: String, } diff --git a/hipcheck/src/policy/config_to_policy.rs b/hipcheck/src/policy/config_to_policy.rs index 39811d6a..78fc1570 100644 --- a/hipcheck/src/policy/config_to_policy.rs +++ b/hipcheck/src/policy/config_to_policy.rs @@ -24,9 +24,6 @@ use std::{ }; use url::Url; -const PLUGIN_VERSION: &str = "0.1.0"; -const FUZZ_PLUGIN_VERSION: &str = "0.1.1"; - struct Context { path: PathBuf, } @@ -164,7 +161,7 @@ fn parse_activity( // Add the plugin let plugin = PolicyPlugin::new( PolicyPluginName::new("mitre/activity").unwrap(), - PluginVersion::new("0.2.0".to_string()), + PluginVersion::new("0.3.0".to_string()), Some(ManifestLocation::Url( Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/activity.kdl").unwrap(), )), @@ -213,7 +210,7 @@ fn parse_binary( // Add the plugin let plugin = PolicyPlugin::new( PolicyPluginName::new("mitre/binary").unwrap(), - PluginVersion::new(PLUGIN_VERSION.to_string()), + PluginVersion::new("0.2.0".to_string()), Some(ManifestLocation::Url( Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/binary.kdl").unwrap(), )), @@ -247,7 +244,7 @@ fn parse_fuzz( // Add the plugin let plugin = PolicyPlugin::new( PolicyPluginName::new("mitre/fuzz").unwrap(), - PluginVersion::new(FUZZ_PLUGIN_VERSION.to_string()), + PluginVersion::new("0.2.0".to_string()), Some(ManifestLocation::Url( Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/fuzz.kdl").unwrap(), )), @@ -285,7 +282,7 @@ fn parse_identity( // Add the plugin let plugin = PolicyPlugin::new( PolicyPluginName::new("mitre/identity").unwrap(), - PluginVersion::new("0.2.0".to_string()), + PluginVersion::new("0.3.0".to_string()), Some(ManifestLocation::Url( Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/identity.kdl").unwrap(), )), @@ -323,7 +320,7 @@ fn parse_review( // Add the plugin let plugin = PolicyPlugin::new( PolicyPluginName::new("mitre/review").unwrap(), - PluginVersion::new(PLUGIN_VERSION.to_string()), + PluginVersion::new("0.2.0".to_string()), Some(ManifestLocation::Url( Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/review.kdl").unwrap(), )), @@ -367,7 +364,7 @@ fn parse_typo( // Add the plugin let plugin = PolicyPlugin::new( PolicyPluginName::new("mitre/typo").unwrap(), - PluginVersion::new(PLUGIN_VERSION.to_string()), + PluginVersion::new("0.2.0".to_string()), Some(ManifestLocation::Url( Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/typo.kdl").unwrap(), )), @@ -411,7 +408,7 @@ fn parse_affiliation( // Add the plugin let plugin = PolicyPlugin::new( PolicyPluginName::new("mitre/affiliation").unwrap(), - PluginVersion::new("0.2.0".to_string()), + PluginVersion::new("0.3.0".to_string()), Some(ManifestLocation::Url( Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/affiliation.kdl").unwrap(), )), @@ -447,7 +444,7 @@ fn parse_churn( value_threshold, percent_threshold, ); let mut config = PolicyConfig::new(); - let langs_path = pathbuf![&context.path, "Langs.toml"]; + let langs_path = pathbuf![&context.path, "Langs.kdl"]; config .insert( "langs-file".to_string(), @@ -458,7 +455,7 @@ fn parse_churn( // Add the plugin let plugin = PolicyPlugin::new( PolicyPluginName::new("mitre/churn").unwrap(), - PluginVersion::new("0.2.0".to_string()), + PluginVersion::new("0.3.0".to_string()), Some(ManifestLocation::Url( Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/churn.kdl").unwrap(), )), @@ -494,7 +491,7 @@ fn parse_entropy( value_threshold, percent_threshold ); let mut config = PolicyConfig::new(); - let langs_path = pathbuf![&context.path, "Langs.toml"]; + let langs_path = pathbuf![&context.path, "Langs.kdl"]; config .insert( "langs-file".to_string(), @@ -505,7 +502,7 @@ fn parse_entropy( // Add the plugin let plugin = PolicyPlugin::new( PolicyPluginName::new("mitre/entropy").unwrap(), - PluginVersion::new("0.2.0".to_string()), + PluginVersion::new("0.3.0".to_string()), Some(ManifestLocation::Url( Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/entropy.kdl").unwrap(), )), diff --git a/hipcheck/src/policy/test_example.kdl b/hipcheck/src/policy/test_example.kdl index 18bb124e..ab10f1a7 100644 --- a/hipcheck/src/policy/test_example.kdl +++ b/hipcheck/src/policy/test_example.kdl @@ -1,13 +1,13 @@ plugins { - plugin "mitre/activity" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/activity.kdl" - plugin "mitre/binary" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/binary.kdl" - plugin "mitre/fuzz" version="0.1.1" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/fuzz.kdl" - plugin "mitre/identity" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/identity.kdl" - plugin "mitre/review" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/review.kdl" - plugin "mitre/typo" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/typo.kdl" - plugin "mitre/affiliation" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/affiliation.kdl" - plugin "mitre/churn" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/churn.kdl" - plugin "mitre/entropy" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/entropy.kdl" + plugin "mitre/activity" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/activity.kdl" + plugin "mitre/binary" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/binary.kdl" + plugin "mitre/fuzz" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/fuzz.kdl" + plugin "mitre/identity" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/identity.kdl" + plugin "mitre/review" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/review.kdl" + plugin "mitre/typo" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/typo.kdl" + plugin "mitre/affiliation" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/affiliation.kdl" + plugin "mitre/churn" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/churn.kdl" + plugin "mitre/entropy" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/entropy.kdl" } patch { plugin "mitre/github" { @@ -20,7 +20,7 @@ analyze { category "practices" weight=1 { analysis "mitre/activity" policy="(lte $ P71w)" weight=1 analysis "mitre/binary" policy="(lte $ 0)" weight=1 { - binary-file "./config/Binary.toml" + binary-file "./config/Binary.kdl" } analysis "mitre/fuzz" policy="(eq #t $)" weight=1 analysis "mitre/identity" policy="(lte (divz (count (filter (eq #t) $)) (count $)) 0.2)" weight=1 @@ -29,7 +29,7 @@ analyze { category "attacks" weight=1 { analysis "mitre/typo" policy="(lte (count (filter (eq #t) $)) 0)" weight=1 { - typo-file "./config/Typos.toml" + typo-file "./config/Typos.kdl" } category "commit" weight=1 { @@ -38,10 +38,10 @@ analyze { } analysis "mitre/churn" policy="(lte (divz (count (filter (gt 3) $)) (count $)) 0.02)" weight=1 { - langs-file "./config/Langs.toml" + langs-file "./config/Langs.kdl" } analysis "mitre/entropy" policy="(lte (divz (count (filter (gt 10) $)) (count $)) 0)" weight=1 { - langs-file "./config/Langs.toml" + langs-file "./config/Langs.kdl" } } } diff --git a/site/config.toml b/site/config.toml index 9c8802b0..c674ae63 100644 --- a/site/config.toml +++ b/site/config.toml @@ -59,7 +59,7 @@ footer = [ { name = "Release Notes", url = "https://github.com/mitre/hipcheck/releases", external = true }, { name = "Changelog", url = "https://github.com/mitre/hipcheck/blob/main/CHANGELOG.md", external = true }, { name = "Packages", title = true }, - { name = "Hipcheck", url = "https://github.com/mitre/hipcheck/releases/tag/hipcheck-v3.9.1", external = true }, + { name = "Hipcheck", url = "https://github.com/mitre/hipcheck/releases/tag/hipcheck-v3.10.0", external = true }, { name = "Rust Plugin SDK", url = "https://crates.io/crates/hipcheck-sdk", external = true }, ], [ diff --git a/site/static/dl/install.ps1 b/site/static/dl/install.ps1 index 13d40701..72656076 100755 --- a/site/static/dl/install.ps1 +++ b/site/static/dl/install.ps1 @@ -2,7 +2,7 @@ # This installer delegates to the "real" installer included with each new # release of Hipcheck. -$hc_version = "3.9.1" +$hc_version = "3.10.0" $repo = "https://github.com/mitre/hipcheck" $installer = "$repo/releases/download/hipcheck-v${hc_version}/hipcheck-installer.ps1" diff --git a/site/static/dl/install.sh b/site/static/dl/install.sh index d9268a55..c08d0946 100755 --- a/site/static/dl/install.sh +++ b/site/static/dl/install.sh @@ -3,7 +3,7 @@ # This installer delegates to the "real" installer included with each new # release of Hipcheck. -HC_VERSION="3.9.1" +HC_VERSION="3.10.0" REPO="https://github.com/mitre/hipcheck" INSTALLER="$REPO/releases/download/hipcheck-v$HC_VERSION/hipcheck-installer.sh"