module PassiveRulesUpdater

Defined in:

utils/passive_rules_updater.cr

Constant Summary

DEFAULT_BUNDLED_RULES_PATH = "/opt/noir/passive_rules"

Default location for the image-baked ruleset. Resolves via .bundled_rules_path so specs (and adventurous packagers) can point at a different prefix with NOIR_BUNDLED_RULES_PATH.

REPO_URL = "https://github.com/owasp-noir/noir-passive-rules.git"

Class Method Summary

Class Method Detail

def self.bundled_rules_available? : Bool #

True when the image-baked ruleset is available and the user hasn't provided their own. Callers use this to skip the git-clone fallback (which costs network + a git binary the image doesn't ship).


[View source]
def self.bundled_rules_path : String #

Image-baked rules location. The official Docker image clones noir-passive-rules at build time and drops the result here so noir scan -P Just Works without network or git. Bare installs (homebrew / snap / source) won't have this path — .user_rules_path wins on those.


[View source]
def self.check_for_updates(logger : NoirLogger, auto_update : Bool = false) : Bool #

Check if the passive rules directory is a git repository and needs updates


[View source]
def self.effective_rules_path : String #

Where noir scan -P should actually read rules from. Preference order: user-managed path (so user-added rules and rules update both win) → bundled image path → user path (gives the clone fallback in .initialize_rules something concrete to populate).


[View source]
def self.initialize_rules(logger : NoirLogger) : Bool #

Initialize passive rules if they don't exist


[View source]
def self.user_rules_path : String #

The user-managed rules path: where noir rules update clones to, where noir rules path reports, and the canonical writable location an end-user owns. Kept out of .effective_rules_path so the CLI rules subcommand has a stable single answer.


[View source]