chore: bump plugin versions in Hipcheck confs and Hipcheck version

Signed-off-by: jlanson <[email protected]>

config/Hipcheck.kdl

@@ -1,12 +1,12 @@
 plugins {
-    plugin "mitre/activity" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/activity.kdl"
-    plugin "mitre/affiliation" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/affiliation.kdl"
-    plugin "mitre/binary" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/binary.kdl"
-    plugin "mitre/churn" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/churn.kdl"
-    plugin "mitre/entropy" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/entropy.kdl"
-    plugin "mitre/fuzz" version="0.1.1" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/fuzz.kdl"
-    plugin "mitre/review" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/review.kdl"
-    plugin "mitre/typo" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/typo.kdl"
+    plugin "mitre/activity" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/activity.kdl"
+    plugin "mitre/affiliation" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/affiliation.kdl"
+    plugin "mitre/binary" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/binary.kdl"
+    plugin "mitre/churn" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/churn.kdl"
+    plugin "mitre/entropy" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/entropy.kdl"
+    plugin "mitre/fuzz" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/fuzz.kdl"
+    plugin "mitre/review" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/review.kdl"
+    plugin "mitre/typo" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/typo.kdl"
 }
 
 patch {
@@ -22,7 +22,7 @@ analyze {
     category "practices" {
         analysis "mitre/activity" policy="(lte $ P52w)" weight=3
         analysis "mitre/binary" {
-			binary-file #rel("Binary.toml")
+			binary-file #rel("Binary.kdl")
 			binary-file-threshold 0
 		}
         analysis "mitre/fuzz" policy="(eq #t $)"
@@ -31,7 +31,7 @@ analyze {
 
     category "attacks" {
         analysis "mitre/typo" {
-            typo-file #rel("Typos.toml")
+            typo-file #rel("Typos.kdl")
             count-threshold 0
         }
 
@@ -42,12 +42,12 @@ analyze {
             }
 
             analysis "mitre/entropy" policy="(eq 0 (count (filter (gt 8.0) $)))" {
-				langs-file #rel("Langs.toml")
+				langs-file #rel("Langs.kdl")
 				entropy-threshold 10.0
 				commit-percentage 0.0
 	 		}
             analysis "mitre/churn" policy="(lte (divz (count (filter (gt 3) $)) (count $)) 0.02)" {
-				langs-file #rel("Langs.toml")
+				langs-file #rel("Langs.kdl")
 			}
         }
     }

dist/Containerfile

@@ -2,7 +2,7 @@
 
 FROM node:bookworm-slim
 
-ARG HC_VERSION="3.9.1"
+ARG HC_VERSION="3.10.0"
 
 WORKDIR /app
 

hipcheck/Cargo.toml

@@ -6,7 +6,7 @@ Automatically assess and score software packages for supply chain risk.
 keywords = ["security", "sbom"]
 categories = ["command-line-utilities", "development-tools"]
 readme = "../README.md"
-version = "3.9.1"
+version = "3.10.0"
 edition = "2021"
 license = "Apache-2.0"
 homepage = "https://hipcheck.mitre.org"

hipcheck/src/config.rs

@@ -214,7 +214,7 @@ pub struct AffiliationConfig {
 #[serde(default)]
 pub struct BinaryConfig {
 	/// Binary file extension configuration file.
-	#[default = "Binary.toml"]
+	#[default = "Binary.kdl"]
 	pub binary_config_file: String,
 
 	/// Whether the analysis is active.
@@ -369,7 +369,7 @@ pub struct TypoConfig {
 	pub count_threshold: u64,
 
 	/// Path to a "typos file" containing necessary information for typo detection.
-	#[default = "Typos.toml"]
+	#[default = "Typos.kdl"]
 	pub typo_file: String,
 }
 
@@ -378,7 +378,7 @@ pub struct TypoConfig {
 #[serde(default)]
 pub struct LanguagesConfig {
 	/// The file to pull language information from.
-	#[default = "Langs.toml"]
+	#[default = "Langs.kdl"]
 	pub langs_file: String,
 }
 

hipcheck/src/policy/config_to_policy.rs

@@ -24,9 +24,6 @@ use std::{
 };
 use url::Url;
 
-const PLUGIN_VERSION: &str = "0.1.0";
-const FUZZ_PLUGIN_VERSION: &str = "0.1.1";
-
 struct Context {
 	path: PathBuf,
 }
@@ -164,7 +161,7 @@ fn parse_activity(
 		// Add the plugin
 		let plugin = PolicyPlugin::new(
 			PolicyPluginName::new("mitre/activity").unwrap(),
-			PluginVersion::new("0.2.0".to_string()),
+			PluginVersion::new("0.3.0".to_string()),
 			Some(ManifestLocation::Url(
 				Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/activity.kdl").unwrap(),
 			)),
@@ -213,7 +210,7 @@ fn parse_binary(
 		// Add the plugin
 		let plugin = PolicyPlugin::new(
 			PolicyPluginName::new("mitre/binary").unwrap(),
-			PluginVersion::new(PLUGIN_VERSION.to_string()),
+			PluginVersion::new("0.2.0".to_string()),
 			Some(ManifestLocation::Url(
 				Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/binary.kdl").unwrap(),
 			)),
@@ -247,7 +244,7 @@ fn parse_fuzz(
 		// Add the plugin
 		let plugin = PolicyPlugin::new(
 			PolicyPluginName::new("mitre/fuzz").unwrap(),
-			PluginVersion::new(FUZZ_PLUGIN_VERSION.to_string()),
+			PluginVersion::new("0.2.0".to_string()),
 			Some(ManifestLocation::Url(
 				Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/fuzz.kdl").unwrap(),
 			)),
@@ -285,7 +282,7 @@ fn parse_identity(
 		// Add the plugin
 		let plugin = PolicyPlugin::new(
 			PolicyPluginName::new("mitre/identity").unwrap(),
-			PluginVersion::new("0.2.0".to_string()),
+			PluginVersion::new("0.3.0".to_string()),
 			Some(ManifestLocation::Url(
 				Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/identity.kdl").unwrap(),
 			)),
@@ -323,7 +320,7 @@ fn parse_review(
 		// Add the plugin
 		let plugin = PolicyPlugin::new(
 			PolicyPluginName::new("mitre/review").unwrap(),
-			PluginVersion::new(PLUGIN_VERSION.to_string()),
+			PluginVersion::new("0.2.0".to_string()),
 			Some(ManifestLocation::Url(
 				Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/review.kdl").unwrap(),
 			)),
@@ -367,7 +364,7 @@ fn parse_typo(
 		// Add the plugin
 		let plugin = PolicyPlugin::new(
 			PolicyPluginName::new("mitre/typo").unwrap(),
-			PluginVersion::new(PLUGIN_VERSION.to_string()),
+			PluginVersion::new("0.2.0".to_string()),
 			Some(ManifestLocation::Url(
 				Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/typo.kdl").unwrap(),
 			)),
@@ -411,7 +408,7 @@ fn parse_affiliation(
 		// Add the plugin
 		let plugin = PolicyPlugin::new(
 			PolicyPluginName::new("mitre/affiliation").unwrap(),
-			PluginVersion::new("0.2.0".to_string()),
+			PluginVersion::new("0.3.0".to_string()),
 			Some(ManifestLocation::Url(
 				Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/affiliation.kdl").unwrap(),
 			)),
@@ -447,7 +444,7 @@ fn parse_churn(
 			value_threshold, percent_threshold,
 		);
 		let mut config = PolicyConfig::new();
-		let langs_path = pathbuf![&context.path, "Langs.toml"];
+		let langs_path = pathbuf![&context.path, "Langs.kdl"];
 		config
 			.insert(
 				"langs-file".to_string(),
@@ -458,7 +455,7 @@ fn parse_churn(
 		// Add the plugin
 		let plugin = PolicyPlugin::new(
 			PolicyPluginName::new("mitre/churn").unwrap(),
-			PluginVersion::new("0.2.0".to_string()),
+			PluginVersion::new("0.3.0".to_string()),
 			Some(ManifestLocation::Url(
 				Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/churn.kdl").unwrap(),
 			)),
@@ -494,7 +491,7 @@ fn parse_entropy(
 			value_threshold, percent_threshold
 		);
 		let mut config = PolicyConfig::new();
-		let langs_path = pathbuf![&context.path, "Langs.toml"];
+		let langs_path = pathbuf![&context.path, "Langs.kdl"];
 		config
 			.insert(
 				"langs-file".to_string(),
@@ -505,7 +502,7 @@ fn parse_entropy(
 		// Add the plugin
 		let plugin = PolicyPlugin::new(
 			PolicyPluginName::new("mitre/entropy").unwrap(),
-			PluginVersion::new("0.2.0".to_string()),
+			PluginVersion::new("0.3.0".to_string()),
 			Some(ManifestLocation::Url(
 				Url::parse("https://hipcheck.mitre.org/dl/plugin/mitre/entropy.kdl").unwrap(),
 			)),

hipcheck/src/policy/test_example.kdl

@@ -1,13 +1,13 @@
 plugins {
-    plugin "mitre/activity" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/activity.kdl"
-    plugin "mitre/binary" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/binary.kdl"
-    plugin "mitre/fuzz" version="0.1.1" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/fuzz.kdl"
-    plugin "mitre/identity" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/identity.kdl"
-    plugin "mitre/review" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/review.kdl"
-    plugin "mitre/typo" version="0.1.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/typo.kdl"
-    plugin "mitre/affiliation" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/affiliation.kdl"
-    plugin "mitre/churn" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/churn.kdl"
-    plugin "mitre/entropy" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/entropy.kdl"
+    plugin "mitre/activity" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/activity.kdl"
+    plugin "mitre/binary" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/binary.kdl"
+    plugin "mitre/fuzz" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/fuzz.kdl"
+    plugin "mitre/identity" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/identity.kdl"
+    plugin "mitre/review" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/review.kdl"
+    plugin "mitre/typo" version="0.2.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/typo.kdl"
+    plugin "mitre/affiliation" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/affiliation.kdl"
+    plugin "mitre/churn" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/churn.kdl"
+    plugin "mitre/entropy" version="0.3.0" manifest="https://hipcheck.mitre.org/dl/plugin/mitre/entropy.kdl"
 }
 patch {
 	plugin "mitre/github" {
@@ -20,7 +20,7 @@ analyze {
     category "practices" weight=1 {
         analysis "mitre/activity" policy="(lte $ P71w)" weight=1
         analysis "mitre/binary" policy="(lte $ 0)" weight=1 {
-			binary-file "./config/Binary.toml"
+			binary-file "./config/Binary.kdl"
 		}
         analysis "mitre/fuzz" policy="(eq #t $)" weight=1
         analysis "mitre/identity" policy="(lte (divz (count (filter (eq #t) $)) (count $)) 0.2)" weight=1
@@ -29,7 +29,7 @@ analyze {
 
     category "attacks" weight=1 {
         analysis "mitre/typo" policy="(lte (count (filter (eq #t) $)) 0)" weight=1 {
-            typo-file "./config/Typos.toml"
+            typo-file "./config/Typos.kdl"
         }
 
         category "commit" weight=1 {
@@ -38,10 +38,10 @@ analyze {
             }
 
             analysis "mitre/churn" policy="(lte (divz (count (filter (gt 3) $)) (count $)) 0.02)" weight=1 {
-				langs-file "./config/Langs.toml"
+				langs-file "./config/Langs.kdl"
 			}
             analysis "mitre/entropy" policy="(lte (divz (count (filter (gt 10) $)) (count $)) 0)" weight=1 {
-				langs-file "./config/Langs.toml"
+				langs-file "./config/Langs.kdl"
 			}
         }
     }

site/config.toml

@@ -59,7 +59,7 @@ footer = [
         { name = "Release Notes", url = "https://github.com/mitre/hipcheck/releases", external = true },
         { name = "Changelog", url = "https://github.com/mitre/hipcheck/blob/main/CHANGELOG.md", external = true },
         { name = "Packages", title = true },
-        { name = "Hipcheck", url = "https://github.com/mitre/hipcheck/releases/tag/hipcheck-v3.9.1", external = true },
+        { name = "Hipcheck", url = "https://github.com/mitre/hipcheck/releases/tag/hipcheck-v3.10.0", external = true },
         { name = "Rust Plugin SDK", url = "https://crates.io/crates/hipcheck-sdk", external = true },
     ],
     [

site/static/dl/install.ps1

@@ -2,7 +2,7 @@
 # This installer delegates to the "real" installer included with each new
 # release of Hipcheck.
 
-$hc_version = "3.9.1"
+$hc_version = "3.10.0"
 $repo = "https://github.com/mitre/hipcheck"
 $installer = "$repo/releases/download/hipcheck-v${hc_version}/hipcheck-installer.ps1"
 

site/static/dl/install.sh

@@ -3,7 +3,7 @@
 # This installer delegates to the "real" installer included with each new
 # release of Hipcheck.
 
-HC_VERSION="3.9.1"
+HC_VERSION="3.10.0"
 REPO="https://github.com/mitre/hipcheck"
 INSTALLER="$REPO/releases/download/hipcheck-v$HC_VERSION/hipcheck-installer.sh"
 

site/static/dl/plugin/mitre/activity.kdl

@@ -54,3 +54,31 @@ plugin version="0.2.0" arch="x86_64-unknown-linux-gnu" {
     compress format="tar.xz"
     size bytes=1275548
 }
+
+plugin version="0.3.0" arch="aarch64-apple-darwin" {
+    url "https://github.com/mitre/hipcheck/releases/download/activity-v0.3.0/activity-aarch64-apple-darwin.tar.xz"
+    hash alg="SHA256" digest="ec1088d3f69dc1fe8a54bb30a77e0ccbe1199430dae066e0814571d5b915f38d"
+    compress format="tar.xz"
+    size bytes=1115204
+}
+
+plugin version="0.3.0" arch="x86_64-apple-darwin" {
+    url "https://github.com/mitre/hipcheck/releases/download/activity-v0.3.0/activity-x86_64-apple-darwin.tar.xz"
+    hash alg="SHA256" digest="322e08ded6494cf21ac19b1fbd445aadbc6c599b504fe40e8bdc5d127ac1e141"
+    compress format="tar.xz"
+    size bytes=1208332
+}
+
+plugin version="0.3.0" arch="x86_64-pc-windows-msvc" {
+    url "https://github.com/mitre/hipcheck/releases/download/activity-v0.3.0/activity-x86_64-pc-windows-msvc.zip"
+    hash alg="SHA256" digest="9b4e941f92993065df2f41b21cd2d3e6c65fa434e425e012b2f506e367632f94"
+    compress format="zip"
+    size bytes=4000443
+}
+
+plugin version="0.3.0" arch="x86_64-unknown-linux-gnu" {
+    url "https://github.com/mitre/hipcheck/releases/download/activity-v0.3.0/activity-x86_64-unknown-linux-gnu.tar.xz"
+    hash alg="SHA256" digest="43fc1445391fbf323dc6dd5c0675f95e3d7def0974336d955a3aa4ba64362591"
+    compress format="tar.xz"
+    size bytes=1289344
+}

site/static/dl/plugin/mitre/affiliation.kdl

@@ -54,3 +54,31 @@ plugin version="0.2.0" arch="x86_64-unknown-linux-gnu" {
     compress format="tar.xz"
     size bytes=1333288
 }
+
+plugin version="0.3.0" arch="aarch64-apple-darwin" {
+    url "https://github.com/mitre/hipcheck/releases/download/affiliation-v0.3.0/affiliation-aarch64-apple-darwin.tar.xz"
+    hash alg="SHA256" digest="d9b7f7e011bf06026c18f55912c1ea83dcaf2b4ebfbdf2c9e0164b133df5e993"
+    compress format="tar.xz"
+    size bytes=1156872
+}
+
+plugin version="0.3.0" arch="x86_64-apple-darwin" {
+    url "https://github.com/mitre/hipcheck/releases/download/affiliation-v0.3.0/affiliation-x86_64-apple-darwin.tar.xz"
+    hash alg="SHA256" digest="85882389b3cff006344af30903f71b74b65006fa3a15d51abda12c7e02d2c901"
+    compress format="tar.xz"
+    size bytes=1256044
+}
+
+plugin version="0.3.0" arch="x86_64-pc-windows-msvc" {
+    url "https://github.com/mitre/hipcheck/releases/download/affiliation-v0.3.0/affiliation-x86_64-pc-windows-msvc.zip"
+    hash alg="SHA256" digest="f06a5149255f9f9512c22f6cf213f0196f9191dd0b1c756c52748e8ce2b31d24"
+    compress format="zip"
+    size bytes=4104400
+}
+
+plugin version="0.3.0" arch="x86_64-unknown-linux-gnu" {
+    url "https://github.com/mitre/hipcheck/releases/download/affiliation-v0.3.0/affiliation-x86_64-unknown-linux-gnu.tar.xz"
+    hash alg="SHA256" digest="763c94c9ee2674f195f54f1f2c11bb6adfa1aca87b2b2bc8d3a720fda08c331b"
+    compress format="tar.xz"
+    size bytes=1338212
+}

site/static/dl/plugin/mitre/binary.kdl

@@ -26,3 +26,31 @@ plugin version="0.1.0" arch="x86_64-unknown-linux-gnu" {
     compress format="tar.xz"
     size bytes=1382112
 }
+
+plugin version="0.2.0" arch="aarch64-apple-darwin" {
+    url "https://github.com/mitre/hipcheck/releases/download/binary-v0.2.0/binary-aarch64-apple-darwin.tar.xz"
+    hash alg="SHA256" digest="c4285a08a829a18b68e5c678dff00333e1150c00a94c7326eba3970a4519b733"
+    compress format="tar.xz"
+    size bytes=1156136
+}
+
+plugin version="0.2.0" arch="x86_64-apple-darwin" {
+    url "https://github.com/mitre/hipcheck/releases/download/binary-v0.2.0/binary-x86_64-apple-darwin.tar.xz"
+    hash alg="SHA256" digest="0689448a70e0c01ac62428113760eeb717756ef2b74079c4092996ed2e5d9832"
+    compress format="tar.xz"
+    size bytes=1256796
+}
+
+plugin version="0.2.0" arch="x86_64-pc-windows-msvc" {
+    url "https://github.com/mitre/hipcheck/releases/download/binary-v0.2.0/binary-x86_64-pc-windows-msvc.zip"
+    hash alg="SHA256" digest="896ae92d03e6452fa25bcec8c54027431d533d41aaf7c0ef954cca0534fae14b"
+    compress format="zip"
+    size bytes=4103220
+}
+
+plugin version="0.2.0" arch="x86_64-unknown-linux-gnu" {
+    url "https://github.com/mitre/hipcheck/releases/download/binary-v0.2.0/binary-x86_64-unknown-linux-gnu.tar.xz"
+    hash alg="SHA256" digest="f3d74b2d66923413c69826a733e268509e00015044bb4c93a3dbcfbf281ff365"
+    compress format="tar.xz"
+    size bytes=1339456
+}