set up sobelow for backend
This commit is contained in:
parent
da40e52ba5
commit
4a87c49baf
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -1,10 +1,11 @@
|
|||
*.csv
|
||||
.idea/
|
||||
*.gexf
|
||||
backend/whitelist.txt
|
||||
data/
|
||||
.vscode/
|
||||
|
||||
backend/.sobelow
|
||||
|
||||
# Environments
|
||||
.env
|
||||
.env*
|
||||
|
|
|
@ -16,8 +16,31 @@ test-frontend:
|
|||
only:
|
||||
changes:
|
||||
- frontend/*
|
||||
|
||||
backend-sobelow:
|
||||
stage: test
|
||||
image: elixir:1.9
|
||||
only:
|
||||
changes:
|
||||
- backend/*
|
||||
before_script:
|
||||
- cd backend
|
||||
script:
|
||||
- mix local.hex --force
|
||||
- mix local.rebar --force
|
||||
- mix deps.get
|
||||
- mix deps.compile
|
||||
- mix sobelow --config
|
||||
cache:
|
||||
paths:
|
||||
- backend/deps/
|
||||
- backend/_build/
|
||||
|
||||
deploy-backend-develop:
|
||||
stage: deploy
|
||||
environment:
|
||||
name: develop
|
||||
url: https://phoenix.api-develop.fediverse.space
|
||||
image: ilyasemenov/gitlab-ci-git-push
|
||||
only:
|
||||
refs:
|
||||
|
@ -26,9 +49,12 @@ deploy-backend-develop:
|
|||
- backend/*
|
||||
script:
|
||||
- git-push ssh://dokku@api-develop.fediverse.space:phoenix
|
||||
|
||||
deploy-gephi-develop:
|
||||
stage: deploy
|
||||
image: ilyasemenov/gitlab-ci-git-push
|
||||
environment:
|
||||
name: develop
|
||||
only:
|
||||
refs:
|
||||
- develop
|
||||
|
|
12
backend/.sobelow-conf
Normal file
12
backend/.sobelow-conf
Normal file
|
@ -0,0 +1,12 @@
|
|||
[
|
||||
verbose: false,
|
||||
private: false,
|
||||
skip: true,
|
||||
router: "",
|
||||
exit: "false",
|
||||
format: "txt",
|
||||
out: "",
|
||||
threshold: "low",
|
||||
ignore: ["Config.HTTPS"],
|
||||
ignore_files: [""]
|
||||
]
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
- This project requires Elixir >= 1.9.
|
||||
- Run with `SKIP_CRAWL=true` to just run the server (useful for working on the API without also crawling)
|
||||
- This project is automatically scanned for potential vulnerabilities with [Sobelow](https://sobelow.io/).
|
||||
|
||||
## Deployment
|
||||
|
||||
|
|
|
@ -15,6 +15,7 @@ defmodule Backend.Crawler.Crawlers.Mastodon do
|
|||
end
|
||||
|
||||
@impl ApiCrawler
|
||||
# sobelow_skip ["DOS.StringToAtom"]
|
||||
def crawl(domain) do
|
||||
instance = Jason.decode!(get!("https://#{domain}/api/v1/instance").body)
|
||||
|
||||
|
@ -33,6 +34,7 @@ defmodule Backend.Crawler.Crawlers.Mastodon do
|
|||
end
|
||||
|
||||
@spec crawl_large_instance(String.t(), any()) :: ApiCrawler.t()
|
||||
# sobelow_skip ["DOS.StringToAtom"]
|
||||
defp crawl_large_instance(domain, instance) do
|
||||
# servers may not publish peers
|
||||
peers =
|
||||
|
|
|
@ -45,7 +45,8 @@ defmodule Backend.MixProject do
|
|||
{:timex, "~> 3.5"},
|
||||
{:honeydew, "~> 1.4.3"},
|
||||
{:quantum, "~> 2.3"},
|
||||
{:corsica, "~> 1.1.2"}
|
||||
{:corsica, "~> 1.1.2"},
|
||||
{:sobelow, "~> 0.8", only: :dev}
|
||||
]
|
||||
end
|
||||
|
||||
|
|
|
@ -34,6 +34,7 @@
|
|||
"postgrex": {:hex, :postgrex, "0.14.3", "5754dee2fdf6e9e508cbf49ab138df964278700b764177e8f3871e658b345a1e", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.0", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm"},
|
||||
"quantum": {:hex, :quantum, "2.3.4", "72a0e8855e2adc101459eac8454787cb74ab4169de6ca50f670e72142d4960e9", [:mix], [{:calendar, "~> 0.17", [hex: :calendar, repo: "hexpm", optional: true]}, {:crontab, "~> 1.1", [hex: :crontab, repo: "hexpm", optional: false]}, {:gen_stage, "~> 0.12", [hex: :gen_stage, repo: "hexpm", optional: false]}, {:swarm, "~> 3.3", [hex: :swarm, repo: "hexpm", optional: false]}, {:timex, "~> 3.1", [hex: :timex, repo: "hexpm", optional: true]}], "hexpm"},
|
||||
"ranch": {:hex, :ranch, "1.7.1", "6b1fab51b49196860b733a49c07604465a47bdb78aa10c1c16a3d199f7f8c881", [:rebar3], [], "hexpm"},
|
||||
"sobelow": {:hex, :sobelow, "0.8.0", "a3ec73e546dfde19f14818e5000c418e3f305d9edb070e79dd391de0ae1cd1ea", [:mix], [], "hexpm"},
|
||||
"ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.4", "f0eafff810d2041e93f915ef59899c923f4568f4585904d010387ed74988e77b", [:make, :mix, :rebar3], [], "hexpm"},
|
||||
"swarm": {:hex, :swarm, "3.4.0", "64f8b30055d74640d2186c66354b33b999438692a91be275bb89cdc7e401f448", [:mix], [{:gen_state_machine, "~> 2.0", [hex: :gen_state_machine, repo: "hexpm", optional: false]}, {:libring, "~> 1.0", [hex: :libring, repo: "hexpm", optional: false]}], "hexpm"},
|
||||
"telemetry": {:hex, :telemetry, "0.4.0", "8339bee3fa8b91cb84d14c2935f8ecf399ccd87301ad6da6b71c09553834b2ab", [:rebar3], [], "hexpm"},
|
||||
|
|
|
@ -67,6 +67,7 @@
|
|||
"husky": "^3.0.0",
|
||||
"lint-staged": "^9.2.0",
|
||||
"tslint": "^5.18.0",
|
||||
"tslint-config-security": "^1.16.0",
|
||||
"tslint-eslint-rules": "^5.4.0",
|
||||
"typescript": "^3.5.3"
|
||||
},
|
||||
|
|
|
@ -4,9 +4,8 @@
|
|||
"tslint-eslint-rules",
|
||||
"tslint-react",
|
||||
"@blueprintjs/tslint-config/blueprint-rules",
|
||||
"tslint-config-prettier"
|
||||
"tslint-config-prettier",
|
||||
"tslint-config-security"
|
||||
],
|
||||
"exclude": [
|
||||
"**/*.css"
|
||||
]
|
||||
"exclude": ["**/*.css"]
|
||||
}
|
||||
|
|
|
@ -10449,6 +10449,13 @@ tslint-config-prettier@^1.17.0:
|
|||
resolved "https://registry.yarnpkg.com/tslint-config-prettier/-/tslint-config-prettier-1.18.0.tgz#75f140bde947d35d8f0d238e0ebf809d64592c37"
|
||||
integrity sha512-xPw9PgNPLG3iKRxmK7DWr+Ea/SzrvfHtjFt5LBl61gk2UBG/DB9kCXRjv+xyIU1rUtnayLeMUVJBcMX8Z17nDg==
|
||||
|
||||
tslint-config-security@^1.16.0:
|
||||
version "1.16.0"
|
||||
resolved "https://registry.yarnpkg.com/tslint-config-security/-/tslint-config-security-1.16.0.tgz#a561fdf1fccc3986f78c2a12f1c1f5e0b50f6476"
|
||||
integrity sha512-wwM+COg4FX1Gl6VnvaTV9zqcUY6cs4XkiP6T3qhc6s20Xy4J9irui6+fkP07yVkrwfcNFneji3YcIwiMvKSQPQ==
|
||||
dependencies:
|
||||
safe-regex "^1.1.0"
|
||||
|
||||
tslint-eslint-rules@^5.4.0:
|
||||
version "5.4.0"
|
||||
resolved "https://registry.yarnpkg.com/tslint-eslint-rules/-/tslint-eslint-rules-5.4.0.tgz#e488cc9181bf193fe5cd7bfca213a7695f1737b5"
|
||||
|
|
Loading…
Reference in a new issue