danger-logging_lint 0.0.1 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/deploy.yml +36 -0
- data/.github/workflows/test.yml +24 -0
- data/.gitignore +4 -0
- data/CHANGELOG.md +29 -0
- data/Gemfile.lock +19 -9
- data/README.md +6 -1
- data/codecov.yml +20 -0
- data/danger-logging_lint.gemspec +3 -2
- data/lib/logging_lint/gem_version.rb +1 -1
- data/lib/logging_lint/plugin.rb +20 -5
- data/spec/logging_lint_no_run_spec.rb +59 -0
- data/spec/logging_lint_spec.rb +33 -61
- data/spec/logging_lint_text_spec.rb +41 -0
- data/spec/spec_helper.rb +25 -0
- metadata +29 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a08e90afc0c447a3f28d9afe54ee806eff0c0f4b4baa203d006c850ee9f59f51
|
4
|
+
data.tar.gz: e4b1797375798f5e2c00bf6c51feec0292b343887d2f16719d238dc9bc0ded2c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 685a9d6243a365cc2098b5f9ad36aeb097d55ed06e08b0a546675f9e9393675e1f01e097c89bfdeebc66dfe11fad1570fe1847eea338fdd927dad385b0202720
|
7
|
+
data.tar.gz: e2b4e4e4883faf5436c814cc5d0b2672ef9d8db7b1202737279aeda490f8f79195882fb839847d1fed93ccae7cf15e32d1f686c999b838842acc261cc6b9f77f
|
@@ -0,0 +1,36 @@
|
|
1
|
+
name: Deploy
|
2
|
+
|
3
|
+
on:
|
4
|
+
workflow_dispatch:
|
5
|
+
branches: [ master ]
|
6
|
+
|
7
|
+
jobs:
|
8
|
+
test:
|
9
|
+
name: Publish gem
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
environment: production
|
12
|
+
steps:
|
13
|
+
- uses: actions/checkout@v2
|
14
|
+
- name: Set up Ruby
|
15
|
+
uses: ruby/setup-ruby@v1
|
16
|
+
with:
|
17
|
+
ruby-version: '3.0'
|
18
|
+
bundler-cache: true
|
19
|
+
- name: Run tests
|
20
|
+
run: bundle exec rake spec
|
21
|
+
- name: Publish gem
|
22
|
+
uses: dawidd6/action-publish-gem@v1
|
23
|
+
with:
|
24
|
+
api_key: ${{secrets.RUBYGEMS_API_KEY}}
|
25
|
+
- name: Create git tag
|
26
|
+
uses: duderman/gh-gem-tag-action@v1
|
27
|
+
id: release_info
|
28
|
+
with:
|
29
|
+
github_token: ${{ secrets.GITHUB_TOKEN }}
|
30
|
+
- uses: xresloader/upload-to-github-release@v1
|
31
|
+
env:
|
32
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
33
|
+
with:
|
34
|
+
tag_name: ${{ steps.release_info.outputs.tag }}
|
35
|
+
draft: false
|
36
|
+
file: '*.gem'
|
@@ -0,0 +1,24 @@
|
|
1
|
+
name: Test
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: [ master ]
|
6
|
+
pull_request:
|
7
|
+
branches: [ master ]
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
test:
|
11
|
+
name: Test with Ruby ${{ matrix.ruby }}
|
12
|
+
runs-on: ubuntu-latest
|
13
|
+
strategy:
|
14
|
+
matrix:
|
15
|
+
ruby: [ '2.5', '2.7', '3.0' ]
|
16
|
+
steps:
|
17
|
+
- uses: actions/checkout@v2
|
18
|
+
- name: Set up Ruby
|
19
|
+
uses: ruby/setup-ruby@v1
|
20
|
+
with:
|
21
|
+
ruby-version: ${{ matrix.ruby }}
|
22
|
+
bundler-cache: true
|
23
|
+
- name: Run tests
|
24
|
+
run: bundle exec rake spec
|
data/.gitignore
CHANGED
data/CHANGELOG.md
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
## Changelog
|
2
|
+
|
3
|
+
### Version 0.0.4 (2022-04-28)
|
4
|
+
|
5
|
+
- Fixed crash when changed file is a directory (filters them out).
|
6
|
+
- Fixed crash when opening missing file (filters them out).
|
7
|
+
- Split rspec into multiple files.
|
8
|
+
- Added tests for linter with all variables set using Danger file.
|
9
|
+
- Variables used in multiple tests are defined as constants in `spec_helper.rb`.
|
10
|
+
|
11
|
+
### Version 0.0.3 (2022-04-22)
|
12
|
+
|
13
|
+
- Added deploy and test yaml for github workflow.
|
14
|
+
- Added deployment to Readme.
|
15
|
+
- Added codecov connection and dependency.
|
16
|
+
- Added Readme badges.
|
17
|
+
- Remove "Check: " hardcoded ext from warning message.
|
18
|
+
- Fixed tests.
|
19
|
+
- Updated Gemfile.lock.
|
20
|
+
|
21
|
+
### Version 0.0.2 (2022-04-21)
|
22
|
+
|
23
|
+
- Updated `gemspec` (gem) documentation.
|
24
|
+
- Fixed warning call.
|
25
|
+
- Changed test checks to use `violation_report` instead of `status_report`.
|
26
|
+
|
27
|
+
### Version 0.0.1 (2022-04-20)
|
28
|
+
|
29
|
+
- Initial version of the library.
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
danger-logging_lint (0.0.
|
4
|
+
danger-logging_lint (0.0.4)
|
5
5
|
danger-plugin-api (~> 1.0)
|
6
6
|
|
7
7
|
GEM
|
@@ -15,11 +15,13 @@ GEM
|
|
15
15
|
cork
|
16
16
|
nap
|
17
17
|
open4 (~> 1.3)
|
18
|
+
codecov (0.5.2)
|
19
|
+
simplecov (>= 0.15, < 0.22)
|
18
20
|
coderay (1.1.3)
|
19
21
|
colored2 (3.1.2)
|
20
22
|
cork (0.3.0)
|
21
23
|
colored2 (~> 3.1)
|
22
|
-
danger (8.
|
24
|
+
danger (8.6.0)
|
23
25
|
claide (~> 1.0)
|
24
26
|
claide-plugins (>= 0.9.2)
|
25
27
|
colored2 (~> 3.1)
|
@@ -35,6 +37,7 @@ GEM
|
|
35
37
|
danger-plugin-api (1.0.0)
|
36
38
|
danger (> 2.0)
|
37
39
|
diff-lcs (1.5.0)
|
40
|
+
docile (1.4.0)
|
38
41
|
faraday (1.10.0)
|
39
42
|
faraday-em_http (~> 1.0)
|
40
43
|
faraday-em_synchrony (~> 1.0)
|
@@ -62,7 +65,7 @@ GEM
|
|
62
65
|
faraday-retry (1.0.3)
|
63
66
|
ffi (1.15.5)
|
64
67
|
formatador (1.1.0)
|
65
|
-
git (1.
|
68
|
+
git (1.11.0)
|
66
69
|
rchardet (~> 1.8)
|
67
70
|
guard (2.18.0)
|
68
71
|
formatador (>= 0.2.4)
|
@@ -99,14 +102,14 @@ GEM
|
|
99
102
|
sawyer (~> 0.8.0, >= 0.5.3)
|
100
103
|
open4 (1.3.4)
|
101
104
|
parallel (1.22.1)
|
102
|
-
parser (3.1.
|
105
|
+
parser (3.1.2.0)
|
103
106
|
ast (~> 2.4.1)
|
104
107
|
pry (0.14.1)
|
105
108
|
coderay (~> 1.1)
|
106
109
|
method_source (~> 1.0)
|
107
|
-
public_suffix (4.0.
|
110
|
+
public_suffix (4.0.7)
|
108
111
|
rainbow (3.1.1)
|
109
|
-
rake (
|
112
|
+
rake (13.0.6)
|
110
113
|
rb-fsevent (0.11.1)
|
111
114
|
rb-inotify (0.10.1)
|
112
115
|
ffi (~> 1.0)
|
@@ -126,13 +129,13 @@ GEM
|
|
126
129
|
diff-lcs (>= 1.2.0, < 2.0)
|
127
130
|
rspec-support (~> 3.11.0)
|
128
131
|
rspec-support (3.11.0)
|
129
|
-
rubocop (1.
|
132
|
+
rubocop (1.28.1)
|
130
133
|
parallel (~> 1.10)
|
131
134
|
parser (>= 3.1.0.0)
|
132
135
|
rainbow (>= 2.2.2, < 4.0)
|
133
136
|
regexp_parser (>= 1.8, < 3.0)
|
134
137
|
rexml
|
135
|
-
rubocop-ast (>= 1.
|
138
|
+
rubocop-ast (>= 1.17.0, < 2.0)
|
136
139
|
ruby-progressbar (~> 1.7)
|
137
140
|
unicode-display_width (>= 1.4.0, < 3.0)
|
138
141
|
rubocop-ast (1.17.0)
|
@@ -143,6 +146,12 @@ GEM
|
|
143
146
|
addressable (>= 2.3.5)
|
144
147
|
faraday (> 0.8, < 2.0)
|
145
148
|
shellany (0.0.1)
|
149
|
+
simplecov (0.21.2)
|
150
|
+
docile (~> 1.1)
|
151
|
+
simplecov-html (~> 0.11)
|
152
|
+
simplecov_json_formatter (~> 0.1)
|
153
|
+
simplecov-html (0.12.3)
|
154
|
+
simplecov_json_formatter (0.1.4)
|
146
155
|
terminal-table (3.0.2)
|
147
156
|
unicode-display_width (>= 1.1.1, < 3)
|
148
157
|
thor (1.2.1)
|
@@ -156,12 +165,13 @@ PLATFORMS
|
|
156
165
|
|
157
166
|
DEPENDENCIES
|
158
167
|
bundler (~> 2.0)
|
168
|
+
codecov (~> 0.5.1)
|
159
169
|
danger-logging_lint!
|
160
170
|
guard (~> 2.14)
|
161
171
|
guard-rspec (~> 4.7)
|
162
172
|
listen (= 3.0.7)
|
163
173
|
pry
|
164
|
-
rake (
|
174
|
+
rake (>= 12.3.3)
|
165
175
|
rspec (~> 3.4)
|
166
176
|
rubocop
|
167
177
|
yard
|
data/README.md
CHANGED
@@ -1,4 +1,5 @@
|
|
1
|
-
##
|
1
|
+
## Logging Lint
|
2
|
+
[![Gem Version](https://badge.fury.io/rb/danger-logging_lint.svg)](https://badge.fury.io/rb/danger-logging_lint) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://github.com/eManPrague/danger-logging_lint/blob/master/LICENSE.txt) [![Test](https://github.com/eManPrague/danger-logging_lint/actions/workflows/test.yml/badge.svg)](https://github.com/eManPrague/danger-logging_lint/actions/workflows/test.yml) [![codecov](https://codecov.io/gh/eManPrague/danger-logging_lint/branch/master/graph/badge.svg?token=Z2RZKYNBVI)](https://codecov.io/gh/eManPrague/danger-logging_lint)
|
2
3
|
|
3
4
|
This danger plugin can be used to check log lines in modified (added) files. It heavily relies on regex configuration which can be modified to search all kinds of parts of code in the files. Default configuration is set to support [Kotlin eMan Logger Library](https://github.com/eManPrague/logger-ktx). Ex: logInfo { "Info message $var" }.
|
4
5
|
|
@@ -72,3 +73,7 @@ If all of these checks pass then it will trigger linter on target files (filtere
|
|
72
73
|
3. Run `bundle exec rake spec` to run the tests.
|
73
74
|
4. Use `bundle exec guard` to automatically have tests run as you make changes.
|
74
75
|
5. Make your changes.
|
76
|
+
|
77
|
+
## Deployment
|
78
|
+
|
79
|
+
Gem is deployed manually from master branch using [Github Action](https://github.com/eManPrague/danger-logging_lint/actions/workflows/deploy.yml). Make sure you increased the gem version before triggering it.
|
data/codecov.yml
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
codecov:
|
2
|
+
require_ci_to_pass: yes
|
3
|
+
|
4
|
+
coverage:
|
5
|
+
precision: 2
|
6
|
+
round: down
|
7
|
+
range: '70...100'
|
8
|
+
|
9
|
+
parsers:
|
10
|
+
gcov:
|
11
|
+
branch_detection:
|
12
|
+
conditional: yes
|
13
|
+
loop: yes
|
14
|
+
method: no
|
15
|
+
macro: no
|
16
|
+
|
17
|
+
comment:
|
18
|
+
layout: 'reach,diff,flags,files,footer'
|
19
|
+
behavior: default
|
20
|
+
require_changes: no
|
data/danger-logging_lint.gemspec
CHANGED
@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
|
|
10
10
|
spec.authors = ["David Sucharda"]
|
11
11
|
spec.email = ["david.sucharda@eman.cz"]
|
12
12
|
spec.description = "Checks logging commands in code."
|
13
|
-
spec.summary = "
|
13
|
+
spec.summary = "Since logging can be a security issue in some cases (ex: usage in production) this linter checks for logs with variables and triggers warning for them using Danger."
|
14
14
|
spec.homepage = "https://github.com/eManPrague/danger-logging_lint"
|
15
15
|
spec.license = "MIT"
|
16
16
|
|
@@ -23,9 +23,10 @@ Gem::Specification.new do |spec|
|
|
23
23
|
|
24
24
|
# General ruby development
|
25
25
|
spec.add_development_dependency "bundler", "~> 2.0"
|
26
|
-
spec.add_development_dependency "rake", "
|
26
|
+
spec.add_development_dependency "rake", ">= 12.3.3"
|
27
27
|
|
28
28
|
# Testing support
|
29
|
+
spec.add_development_dependency 'codecov', '~> 0.5.1'
|
29
30
|
spec.add_development_dependency "rspec", "~> 3.4"
|
30
31
|
|
31
32
|
# Linting code and docs
|
data/lib/logging_lint/plugin.rb
CHANGED
@@ -191,28 +191,41 @@ module Danger
|
|
191
191
|
#
|
192
192
|
def log_lint
|
193
193
|
if log_functions.nil? || log_functions.size <= 0
|
194
|
-
self.fail("No log functions are defined. Please check your Danger file.")
|
194
|
+
self.fail("Logging lint: No log functions are defined. Please check your Danger file.")
|
195
195
|
return
|
196
196
|
end
|
197
197
|
|
198
198
|
if line_variable_regex.nil? || line_variable_regex.size <= 0
|
199
|
-
message("At least one variable index must be defined (using default). Please check your Danger file.")
|
199
|
+
message("Logging lint: At least one variable index must be defined (using default). Please check your Danger file.")
|
200
200
|
end
|
201
201
|
|
202
202
|
target_files = (git.modified_files - git.deleted_files) + git.added_files
|
203
|
+
target_files = target_files.reject { |filename| invalid_file?(filename) }
|
203
204
|
if !file_extensions.nil? && file_extensions.size >= 0
|
204
205
|
file_extensions_regex = "(.#{file_extensions.join('|.')})"
|
205
206
|
target_files = target_files.grep(/#{file_extensions_regex}/)
|
206
207
|
end
|
207
208
|
|
208
209
|
if target_files.empty?
|
209
|
-
message("No files to check.")
|
210
|
+
message("Logging lint: No files to check.")
|
210
211
|
return
|
211
212
|
end
|
212
213
|
|
213
214
|
check_files(target_files)
|
214
215
|
end
|
215
216
|
|
217
|
+
#
|
218
|
+
# Checks if file is not valid. It will not be valid in two cases:
|
219
|
+
# 1) Files is a directory.
|
220
|
+
# 2) Files does not exist.
|
221
|
+
# In both cases we cannot open it and lint it. There is also no reason to lint them.
|
222
|
+
#
|
223
|
+
# @return [Boolean] true if invalid file
|
224
|
+
#
|
225
|
+
def invalid_file?(filename)
|
226
|
+
File.directory?(filename) || !File.exist?(filename)
|
227
|
+
end
|
228
|
+
|
216
229
|
#
|
217
230
|
# Checks all files for log violations based on log regex and log function. Each log function id extended by log
|
218
231
|
# regex and searched for (format: #log_function#log_regex). Each of such found line is then checked if it contains a
|
@@ -224,13 +237,15 @@ module Danger
|
|
224
237
|
def check_files(files)
|
225
238
|
raw_file = ""
|
226
239
|
files.each do |filename|
|
240
|
+
next if invalid_file?(filename)
|
241
|
+
|
227
242
|
raw_file = File.read(filename)
|
228
243
|
log_functions.each do |log_function|
|
229
244
|
raw_file.scan(/#{log_function}#{log_regex}/m) do |c|
|
230
245
|
if contains_variable(c)
|
231
246
|
char_index = $~.offset(0)[0] + line_offset(c)
|
232
247
|
line_index = raw_file[0..char_index].lines.count
|
233
|
-
warn(compose_warning_text(warning_text),
|
248
|
+
warn(compose_warning_text(warning_text), file: filename, line: line_index)
|
234
249
|
end
|
235
250
|
end
|
236
251
|
end
|
@@ -291,7 +306,7 @@ module Danger
|
|
291
306
|
def compose_warning_text(warning_text)
|
292
307
|
return warning_text if warning_description.nil?
|
293
308
|
|
294
|
-
"#{warning_text}
|
309
|
+
"#{warning_text} #{warning_description}"
|
295
310
|
end
|
296
311
|
end
|
297
312
|
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require File.expand_path("spec_helper", __dir__)
|
4
|
+
|
5
|
+
#
|
6
|
+
# Tests for situations when the linter does not run because of either configuration or there are no files to check.
|
7
|
+
#
|
8
|
+
|
9
|
+
module Danger
|
10
|
+
describe Danger::DangerLoggingLint do
|
11
|
+
#
|
12
|
+
# Defines linter, danger file and other variables used by the linter.
|
13
|
+
#
|
14
|
+
describe "with Dangerfile" do
|
15
|
+
before do
|
16
|
+
@dangerfile = testing_dangerfile
|
17
|
+
@logging_lint = @dangerfile.logging_lint
|
18
|
+
|
19
|
+
mock_variables(@logging_lint)
|
20
|
+
end
|
21
|
+
|
22
|
+
#
|
23
|
+
# Test for logging lines in cases when linter does not run (either by config or file settings).
|
24
|
+
#
|
25
|
+
|
26
|
+
it "Error is printed when log functions are not configured" do
|
27
|
+
allow(@logging_lint).to receive(:log_functions).and_return([])
|
28
|
+
@logging_lint.log_lint
|
29
|
+
expect(@dangerfile.status_report[:errors]).to eq(["Logging lint: No log functions are defined. Please check your Danger file."])
|
30
|
+
end
|
31
|
+
|
32
|
+
it "Error is printed when log variable regex is not configured" do
|
33
|
+
allow(@logging_lint).to receive(:line_variable_regex).and_return([])
|
34
|
+
@logging_lint.log_lint
|
35
|
+
expect(@dangerfile.status_report[:messages][0]).to eq("Logging lint: At least one variable index must be defined (using default). Please check your Danger file.")
|
36
|
+
end
|
37
|
+
|
38
|
+
it "Nothing is printed when there are no files to check" do
|
39
|
+
@logging_lint.log_lint
|
40
|
+
expect(@dangerfile.status_report[:errors]).to eq([])
|
41
|
+
expect(@dangerfile.status_report[:messages][0]).to eq("Logging lint: No files to check.")
|
42
|
+
end
|
43
|
+
|
44
|
+
it "Nothing is printed when there are only folders to check" do
|
45
|
+
allow(@logging_lint).to receive(:file_extensions).and_return([])
|
46
|
+
allow(@logging_lint.git).to receive(:modified_files).and_return(%W(#{DIR_NAME}))
|
47
|
+
@logging_lint.log_lint
|
48
|
+
expect(@dangerfile.status_report[:errors]).to eq([])
|
49
|
+
end
|
50
|
+
|
51
|
+
it "Nothing is printed when there are no files to check (filtered by extensions)" do
|
52
|
+
allow(@logging_lint.git).to receive(:modified_files).and_return(MODIFIED_FILES)
|
53
|
+
allow(@logging_lint).to receive(:file_extensions).and_return(%w(unknownExtension))
|
54
|
+
@logging_lint.log_lint
|
55
|
+
expect(@dangerfile.status_report[:errors]).to eq([])
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
data/spec/logging_lint_spec.rb
CHANGED
@@ -8,11 +8,6 @@ module Danger
|
|
8
8
|
expect(Danger::DangerLoggingLint.new(nil)).to be_a Danger::Plugin
|
9
9
|
end
|
10
10
|
|
11
|
-
dir_name = File.dirname(__FILE__)
|
12
|
-
modified_files = %W(#{dir_name}/fixtures/ModifiedFile.kt #{dir_name}/fixtures/IgnoredModifiedFile.txt)
|
13
|
-
added_files = %W(#{dir_name}/fixtures/NewFile.kt)
|
14
|
-
warning_text = "Does this log comply with security rules?"
|
15
|
-
|
16
11
|
#
|
17
12
|
# Defines linter, danger file and other variables used by the linter.
|
18
13
|
#
|
@@ -25,48 +20,27 @@ module Danger
|
|
25
20
|
allow(@logging_lint.git).to receive(:added_files).and_return([])
|
26
21
|
allow(@logging_lint.git).to receive(:modified_files).and_return([])
|
27
22
|
allow(@logging_lint).to receive(:file_extensions).and_return(%w(kt))
|
23
|
+
allow(@logging_lint).to receive(:log_functions).and_call_original
|
24
|
+
allow(@logging_lint).to receive(:warning_text).and_call_original
|
25
|
+
allow(@logging_lint).to receive(:log_regex).and_call_original
|
26
|
+
allow(@logging_lint).to receive(:line_variable_regex).and_call_original
|
27
|
+
allow(@logging_lint).to receive(:line_remove_regex).and_call_original
|
28
28
|
end
|
29
29
|
|
30
30
|
#
|
31
|
-
# Test for logging lines in cases when linter does
|
31
|
+
# Test for logging lines in cases when linter does run.
|
32
32
|
#
|
33
33
|
|
34
|
-
it "
|
35
|
-
allow(@logging_lint).to receive(:
|
36
|
-
@logging_lint.
|
37
|
-
|
38
|
-
end
|
39
|
-
|
40
|
-
it "Error is printed when log variable regex is not configured" do
|
41
|
-
allow(@logging_lint).to receive(:line_variable_regex).and_return([])
|
42
|
-
@logging_lint.log_lint
|
43
|
-
expect(@dangerfile.status_report[:messages][0]).to eq("At least one variable index must be defined (using default). Please check your Danger file.")
|
44
|
-
end
|
45
|
-
|
46
|
-
it "Nothing is printed when there are no files to check" do
|
47
|
-
@logging_lint.log_lint
|
48
|
-
expect(@dangerfile.status_report[:errors]).to eq([])
|
49
|
-
end
|
50
|
-
|
51
|
-
it "Nothing is printed when there are no files to check (filtered by extensions)" do
|
52
|
-
allow(@logging_lint.git).to receive(:modified_files).and_return(modified_files)
|
53
|
-
allow(@logging_lint).to receive(:file_extensions).and_return(%w(unknownExtension))
|
54
|
-
@logging_lint.log_lint
|
55
|
-
expect(@dangerfile.status_report[:errors]).to eq([])
|
56
|
-
end
|
57
|
-
|
58
|
-
it "Nothing is printed when log levels are not present" do
|
59
|
-
allow(@logging_lint).to receive(:log_functions).and_return(%w(missingLogLevel))
|
34
|
+
it "Nothing is printed when log functions are not present in files" do
|
35
|
+
allow(@logging_lint.git).to receive(:modified_files).and_return(MODIFIED_FILES)
|
36
|
+
allow(@logging_lint.git).to receive(:added_files).and_return(ADDED_FILES)
|
37
|
+
allow(@logging_lint).to receive(:log_functions).and_return(%w(unknownLogLevel))
|
60
38
|
@logging_lint.log_lint
|
61
39
|
expect(@dangerfile.status_report[:warnings]).to eq([])
|
62
40
|
end
|
63
41
|
|
64
|
-
#
|
65
|
-
# Test for logging lines in cases when linter does run.
|
66
|
-
#
|
67
|
-
|
68
42
|
it "Log with variables is warned for modified files (end line index)" do
|
69
|
-
allow(@logging_lint.git).to receive(:modified_files).and_return(
|
43
|
+
allow(@logging_lint.git).to receive(:modified_files).and_return(MODIFIED_FILES)
|
70
44
|
allow(@logging_lint).to receive(:line_index_position).and_return("end")
|
71
45
|
@logging_lint.log_lint
|
72
46
|
violation_lines = [63, 64, 73, 76, 88, 92, 97, 98, 101, 106, 107, 110]
|
@@ -74,7 +48,7 @@ module Danger
|
|
74
48
|
end
|
75
49
|
|
76
50
|
it "Log with variables is warned for modified files (start line index)" do
|
77
|
-
allow(@logging_lint.git).to receive(:modified_files).and_return(
|
51
|
+
allow(@logging_lint.git).to receive(:modified_files).and_return(MODIFIED_FILES)
|
78
52
|
allow(@logging_lint).to receive(:line_index_position).and_return("start")
|
79
53
|
@logging_lint.log_lint
|
80
54
|
violation_lines = [63, 64, 71, 74, 85, 89, 93, 98, 99, 102, 107, 108]
|
@@ -82,49 +56,47 @@ module Danger
|
|
82
56
|
end
|
83
57
|
|
84
58
|
it "Log with variables is warned for modified files (middle line index)" do
|
85
|
-
allow(@logging_lint.git).to receive(:modified_files).and_return(
|
59
|
+
allow(@logging_lint.git).to receive(:modified_files).and_return(MODIFIED_FILES)
|
86
60
|
allow(@logging_lint).to receive(:line_index_position).and_return("middle")
|
87
61
|
@logging_lint.log_lint
|
88
62
|
violation_lines = [63, 64, 73, 76, 88, 92, 97, 98, 101, 106, 107, 110]
|
89
63
|
compare_warning_with_lines(violation_lines)
|
90
64
|
end
|
91
65
|
|
92
|
-
it "Log with variables is warned for
|
93
|
-
allow(@logging_lint.git).to receive(:
|
66
|
+
it "Log with variables is warned for modified files without crashing due to missing files" do
|
67
|
+
allow(@logging_lint.git).to receive(:modified_files).and_return(MODIFIED_FILES + %W(#{DIR_NAME}/fixtures/MissingFile.kt))
|
94
68
|
@logging_lint.log_lint
|
95
|
-
violation_lines = [
|
69
|
+
violation_lines = [63, 64, 73, 76, 88, 92, 97, 98, 101, 106, 107, 110]
|
96
70
|
compare_warning_with_lines(violation_lines)
|
97
71
|
end
|
98
72
|
|
99
|
-
|
100
|
-
|
101
|
-
#
|
102
|
-
|
103
|
-
it "Log with variables is warned with link address" do
|
104
|
-
warning_link = "http://error.io"
|
105
|
-
allow(@logging_lint.git).to receive(:added_files).and_return(added_files)
|
106
|
-
allow(@logging_lint).to receive(:warning_description).and_return(warning_link)
|
73
|
+
it "Log with variables is warned for new files" do
|
74
|
+
allow(@logging_lint.git).to receive(:added_files).and_return(ADDED_FILES)
|
107
75
|
@logging_lint.log_lint
|
108
|
-
|
76
|
+
violation_lines = [47, 48, 57, 60, 72, 76]
|
77
|
+
compare_warning_with_lines(violation_lines)
|
109
78
|
end
|
110
79
|
|
111
|
-
it "Log with variables is warned
|
112
|
-
|
80
|
+
it "Log with variables is warned for new files (with all params)" do
|
81
|
+
custom_warning_text = "Warning text"
|
82
|
+
allow(@logging_lint.git).to receive(:added_files).and_return(ADDED_FILES)
|
83
|
+
@logging_lint.log_functions = %w(logInfo)
|
84
|
+
@logging_lint.warning_text = custom_warning_text
|
85
|
+
@logging_lint.log_regex = '[ ]?[{(](?:\n?|.)["]?(?:\n?|.)["]?(?:\n?|.)+(?:[)}][ ]?\n)'
|
86
|
+
@logging_lint.line_variable_regex = ['[{(](\n| |\+)*([^\"]\w[^\"])+', '(\".*\$.*\")']
|
87
|
+
@logging_lint.line_remove_regex = ['(\+ )?\".*\"']
|
113
88
|
@logging_lint.log_lint
|
114
|
-
|
89
|
+
violation_lines = [47, 48, 57, 60, 72, 76]
|
90
|
+
compare_warning_with_lines(violation_lines)
|
91
|
+
expect(@dangerfile.violation_report[:warnings][0].message).to eq(custom_warning_text)
|
115
92
|
end
|
116
93
|
|
117
94
|
#
|
118
95
|
# Compares violation lines against danger warning lines. It expects them to be equal.
|
119
96
|
#
|
120
97
|
def compare_warning_with_lines(violation_lines)
|
121
|
-
warnings = @dangerfile.
|
122
|
-
warning_lines =
|
123
|
-
warnings.each_with_index do |value, index|
|
124
|
-
if index > 0 && (index + 1) % 4 == 0
|
125
|
-
warning_lines << value
|
126
|
-
end
|
127
|
-
end
|
98
|
+
warnings = @dangerfile.violation_report[:warnings]
|
99
|
+
warning_lines = warnings.map(&:line)
|
128
100
|
expect(warning_lines).to eq(violation_lines)
|
129
101
|
end
|
130
102
|
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require File.expand_path("spec_helper", __dir__)
|
4
|
+
|
5
|
+
#
|
6
|
+
# Tests for warning text creation. Text can contain description which can be defined in Danger file.
|
7
|
+
#
|
8
|
+
|
9
|
+
module Danger
|
10
|
+
describe Danger::DangerLoggingLint do
|
11
|
+
#
|
12
|
+
# Defines linter, danger file and other variables used by the linter.
|
13
|
+
#
|
14
|
+
describe "with Dangerfile" do
|
15
|
+
before do
|
16
|
+
@dangerfile = testing_dangerfile
|
17
|
+
@logging_lint = @dangerfile.logging_lint
|
18
|
+
|
19
|
+
mock_variables(@logging_lint)
|
20
|
+
end
|
21
|
+
|
22
|
+
#
|
23
|
+
# Test for waning text and description (optional).
|
24
|
+
#
|
25
|
+
|
26
|
+
it "Log with variables is warned description (link address)" do
|
27
|
+
warning_description = "http://error.io"
|
28
|
+
allow(@logging_lint.git).to receive(:added_files).and_return(ADDED_FILES)
|
29
|
+
allow(@logging_lint).to receive(:warning_description).and_return(warning_description)
|
30
|
+
@logging_lint.log_lint
|
31
|
+
expect(@dangerfile.status_report[:warnings][0]).to eq("#{WARNING_TEXT} #{warning_description}")
|
32
|
+
end
|
33
|
+
|
34
|
+
it "Log with variables is warned without warning description" do
|
35
|
+
allow(@logging_lint.git).to receive(:added_files).and_return(ADDED_FILES)
|
36
|
+
@logging_lint.log_lint
|
37
|
+
expect(@dangerfile.status_report[:warnings][0]).to eq(WARNING_TEXT)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,5 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "simplecov"
|
4
|
+
SimpleCov.start
|
5
|
+
|
6
|
+
require "codecov"
|
7
|
+
SimpleCov.formatter = SimpleCov::Formatter::Codecov
|
8
|
+
|
3
9
|
require "pathname"
|
4
10
|
ROOT = Pathname.new(File.expand_path("..", __dir__))
|
5
11
|
$:.unshift("#{ROOT}lib".to_s)
|
@@ -65,3 +71,22 @@ def testing_dangerfile
|
|
65
71
|
env = Danger::EnvironmentManager.new(testing_env)
|
66
72
|
Danger::Dangerfile.new(env, testing_ui)
|
67
73
|
end
|
74
|
+
|
75
|
+
# Mocks linter variables. Should be called in "before" block.
|
76
|
+
def mock_variables(logging_lint)
|
77
|
+
allow(logging_lint.git).to receive(:deleted_files).and_return([])
|
78
|
+
allow(logging_lint.git).to receive(:added_files).and_return([])
|
79
|
+
allow(logging_lint.git).to receive(:modified_files).and_return([])
|
80
|
+
allow(logging_lint).to receive(:file_extensions).and_return(%w(kt))
|
81
|
+
allow(logging_lint).to receive(:log_functions).and_call_original
|
82
|
+
allow(logging_lint).to receive(:warning_text).and_call_original
|
83
|
+
allow(logging_lint).to receive(:log_regex).and_call_original
|
84
|
+
allow(logging_lint).to receive(:line_variable_regex).and_call_original
|
85
|
+
allow(logging_lint).to receive(:line_remove_regex).and_call_original
|
86
|
+
end
|
87
|
+
|
88
|
+
# Defines test variables used in multiple text files.
|
89
|
+
DIR_NAME = File.dirname(__FILE__)
|
90
|
+
MODIFIED_FILES = %W(#{DIR_NAME}/fixtures/ModifiedFile.kt #{DIR_NAME}/fixtures/IgnoredModifiedFile.txt).freeze
|
91
|
+
ADDED_FILES = %W(#{DIR_NAME}/fixtures/NewFile.kt).freeze
|
92
|
+
WARNING_TEXT = "Does this log comply with security rules?"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: danger-logging_lint
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Sucharda
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-04-
|
11
|
+
date: 2022-04-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: danger-plugin-api
|
@@ -40,18 +40,32 @@ dependencies:
|
|
40
40
|
version: '2.0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 12.3.3
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 12.3.3
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: codecov
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
44
58
|
requirements:
|
45
59
|
- - "~>"
|
46
60
|
- !ruby/object:Gem::Version
|
47
|
-
version:
|
61
|
+
version: 0.5.1
|
48
62
|
type: :development
|
49
63
|
prerelease: false
|
50
64
|
version_requirements: !ruby/object:Gem::Requirement
|
51
65
|
requirements:
|
52
66
|
- - "~>"
|
53
67
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
68
|
+
version: 0.5.1
|
55
69
|
- !ruby/object:Gem::Dependency
|
56
70
|
name: rspec
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -157,15 +171,19 @@ executables: []
|
|
157
171
|
extensions: []
|
158
172
|
extra_rdoc_files: []
|
159
173
|
files:
|
174
|
+
- ".github/workflows/deploy.yml"
|
175
|
+
- ".github/workflows/test.yml"
|
160
176
|
- ".gitignore"
|
161
177
|
- ".rubocop.yml"
|
162
178
|
- ".travis.yml"
|
179
|
+
- CHANGELOG.md
|
163
180
|
- Gemfile
|
164
181
|
- Gemfile.lock
|
165
182
|
- Guardfile
|
166
183
|
- LICENSE.txt
|
167
184
|
- README.md
|
168
185
|
- Rakefile
|
186
|
+
- codecov.yml
|
169
187
|
- danger-logging_lint.gemspec
|
170
188
|
- lib/danger_logging_lint.rb
|
171
189
|
- lib/danger_plugin.rb
|
@@ -174,7 +192,9 @@ files:
|
|
174
192
|
- spec/fixtures/IgnoredModifiedFile.txt
|
175
193
|
- spec/fixtures/ModifiedFile.kt
|
176
194
|
- spec/fixtures/NewFile.kt
|
195
|
+
- spec/logging_lint_no_run_spec.rb
|
177
196
|
- spec/logging_lint_spec.rb
|
197
|
+
- spec/logging_lint_text_spec.rb
|
178
198
|
- spec/spec_helper.rb
|
179
199
|
homepage: https://github.com/eManPrague/danger-logging_lint
|
180
200
|
licenses:
|
@@ -195,15 +215,16 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
195
215
|
- !ruby/object:Gem::Version
|
196
216
|
version: '0'
|
197
217
|
requirements: []
|
198
|
-
rubygems_version: 3.
|
218
|
+
rubygems_version: 3.2.33
|
199
219
|
signing_key:
|
200
220
|
specification_version: 4
|
201
|
-
summary:
|
202
|
-
|
203
|
-
Danger.
|
221
|
+
summary: 'Since logging can be a security issue in some cases (ex: usage in production)
|
222
|
+
this linter checks for logs with variables and triggers warning for them using Danger.'
|
204
223
|
test_files:
|
205
224
|
- spec/fixtures/IgnoredModifiedFile.txt
|
206
225
|
- spec/fixtures/ModifiedFile.kt
|
207
226
|
- spec/fixtures/NewFile.kt
|
227
|
+
- spec/logging_lint_no_run_spec.rb
|
208
228
|
- spec/logging_lint_spec.rb
|
229
|
+
- spec/logging_lint_text_spec.rb
|
209
230
|
- spec/spec_helper.rb
|