danger-warnings 0.0.1

data/lib/warnings/severity.rb

@@ -0,0 +1,12 @@
+module Warnings
+  # Defines severity levels and provides helper methods.
+  class Severity
+    SEVERITIES = %i(low medium high).freeze
+
+    def self.valid?(value)
+      key = value
+      key = value.to_sym if value.method_exists?(:to_sym)
+      SEVERITIES.include?(key)
+    end
+  end
+end

data/sonar-project.properties

@@ -0,0 +1,9 @@
+sonar.projectKey=Kyaak_danger-warnings
+sonar.sources=lib
+sonar.tests=spec
+
+sonar.ruby.file.suffixes=rb,ruby
+sonar.ruby.coverage.reportPath=coverage/.resultset.json
+sonar.ruby.coverage.framework=RSpec
+sonar.ruby.rubocopConfig=.rubocop.yml
+sonar.ruby.rubocop.reportPath=rubocop-result.json

data/spec/assets/assets.rb

@@ -0,0 +1,8 @@
+module Warnings
+  module Assets
+    ASSETS_DIR = Pathname.new(File.expand_path('.', __dir__))
+    BANDIT_JSON = "#{ASSETS_DIR}/bandit.json".freeze
+    BANDIT_EMPTY = "#{ASSETS_DIR}/bandit_empty.json".freeze
+    BANDIT_MISSING_RESULTS = "#{ASSETS_DIR}/bandit_missing_results.json".freeze
+  end
+end

data/spec/assets/bandit.json

@@ -0,0 +1,74 @@
+{
+  "errors": [],
+  "generated_at": "2019-01-08T22:29:03Z",
+  "metrics": {
+    "_totals": {
+      "CONFIDENCE.HIGH": 46.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 34.0,
+      "SEVERITY.MEDIUM": 12.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 14685,
+      "nosec": 0
+    },
+    "example/CppHeaderParser.py": {
+      "CONFIDENCE.HIGH": 29.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 29.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 2282,
+      "nosec": 0
+    }
+  },
+  "results": [
+    {
+      "code": "2852         except ImportError:\n2853             import pickle\n2854         with open(filename, 'wb') as outf:\n",
+      "filename": "example/ply/yacc_1.py",
+      "issue_confidence": "HIGH",
+      "issue_severity": "LOW",
+      "issue_text": "Consider possible security implications associated with pickle module.",
+      "line_number": 2853,
+      "line_range": [
+        2853
+      ],
+      "more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b403-import-pickle",
+      "test_id": "B403",
+      "test_name": "blacklist"
+    },
+    {
+      "code": "3254                 pkgname = '.'.join(parts[:-1])\n3255                 exec('import %s' % pkgname)\n3256                 srcfile = getattr(sys.modules[pkgname], '__file__', '')\n",
+      "filename": "example/ply/yacc_2.py",
+      "issue_confidence": "HIGH",
+      "issue_severity": "MEDIUM",
+      "issue_text": "Use of exec detected.",
+      "line_number": 3255,
+      "line_range": [
+        3255
+      ],
+      "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b102_exec_used.html",
+      "test_id": "B102",
+      "test_name": "exec_used"
+    },
+    {
+      "code": "3254                 pkgname = '.'.join(parts[:-1])\n3255                 exec('import %s' % pkgname)\n3256                 srcfile = getattr(sys.modules[pkgname], '__file__', '')\n",
+      "filename": "example/ply/yacc_3.py",
+      "issue_confidence": "HIGH",
+      "issue_severity": "HIGH",
+      "issue_text": "Use of exec detected.",
+      "line_number": 3255,
+      "line_range": [
+        3255
+      ],
+      "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b102_exec_used.html",
+      "test_id": "B102",
+      "test_name": "exec_used"
+    }
+  ]
+}

data/spec/assets/bandit_empty.json

@@ -0,0 +1,20 @@
+{
+  "errors": [],
+  "generated_at": "2019-01-08T22:29:03Z",
+  "metrics": {
+    "_totals": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 12.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 1000,
+      "nosec": 0
+    }
+  },
+  "results": [
+  ]
+}

data/spec/assets/bandit_missing_results.json

@@ -0,0 +1,2 @@
+{
+}

data/spec/markdown_util_spec.rb

@@ -0,0 +1,65 @@
+require_relative 'spec_helper'
+require_relative '../lib/warnings/markdown_util'
+
+module Warnings
+  describe Warnings::MarkdownUtil do
+    MARKDOWN_TEST_REPORT_NAME = 'My Report Name'.freeze
+
+    context '#generate' do
+      context 'header' do
+        it 'adds header name at first line' do
+          result = MarkdownUtil.generate(MARKDOWN_TEST_REPORT_NAME, [])
+          header_name = result.split(MarkdownUtil::LINE_SEPARATOR).first
+          expect(header_name).to eq("# #{MARKDOWN_TEST_REPORT_NAME}")
+        end
+
+        it 'adds table header at second line' do
+          result = MarkdownUtil.generate(MARKDOWN_TEST_REPORT_NAME, [])
+          table_header = result.split(MarkdownUtil::LINE_SEPARATOR)[1]
+          expect(table_header).to eq(MarkdownUtil::TABLE_HEADER)
+        end
+
+        it 'adds table separator at third line' do
+          result = MarkdownUtil.generate(MARKDOWN_TEST_REPORT_NAME, [])
+          table_header = result.split(MarkdownUtil::LINE_SEPARATOR)[2]
+          expect(table_header).to eq(MarkdownUtil::TABLE_SEPARATOR)
+        end
+      end
+
+      context 'with issues' do
+        before do
+          @issue = Issue.new
+          @issue.severity = :low
+          @issue.name = 'blacklist'
+          @issue.file_name = 'hello/test.py'
+          @issue.message = 'Consider possible security implications associated with pickle module.'
+          @issue.line = 1234
+          @issue.id = 'B403'
+
+          result = MarkdownUtil.generate(MARKDOWN_TEST_REPORT_NAME, [@issue])
+          @issue_line = result.split(MarkdownUtil::LINE_SEPARATOR)[3]
+          @issue_columns = @issue_line.split(MarkdownUtil::COLUMN_SEPARATOR)
+        end
+
+        it 'first column contains severity upcase' do
+          text = @issue_columns[0]
+          expect(text).not_to be_nil
+          expect(text).to eq(@issue.severity.to_s.capitalize)
+        end
+
+        it 'second column contains filename:line' do
+          text = @issue_columns[1]
+          expect(text).not_to be_nil
+          expect(text).to eq("#{@issue.file_name}:#{@issue.line}")
+        end
+
+        it 'third column contains [id-name]' do
+          text = @issue_columns[2]
+          expect(text).not_to be_nil
+          match = text.match(/^\[#{@issue.id}-#{@issue.name}\]/)
+          expect(match).not_to be_nil
+        end
+      end
+    end
+  end
+end

data/spec/parser/bandit_parser_spec.rb

@@ -0,0 +1,102 @@
+require_relative '../spec_helper'
+require_relative '../../lib/warnings/parser/bandit_parser'
+
+module Warnings
+  describe BanditParser do
+    FIRST_ISSUE = {
+      code: "2852         except ImportError:\n2853             import pickle\n2854         with open(filename, 'wb') as outf:\n",
+      filename: 'example/ply/yacc_1.py',
+      issue_confidence: 'HIGH',
+      issue_severity: :low,
+      issue_text: 'Consider possible security implications associated with pickle module.',
+      line_number: 2853,
+      line_range: [
+        2853
+      ],
+      more_info: 'https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b403-import-pickle',
+      test_id: 'B403',
+      test_name: 'blacklist'
+    }.freeze
+
+    before do
+      @parser = BanditParser.new
+    end
+
+    context '#file_types' do
+      it 'include json' do
+        expect(@parser.file_types).to include(:json)
+      end
+    end
+
+    context '#parse' do
+      describe 'json' do
+        context 'filled results' do
+          before do
+            @parser.parse(Assets::BANDIT_JSON)
+            @issue = @parser.issues[0]
+            expect(@issue).not_to be_nil
+          end
+
+          it 'parses issues' do
+            expect(@parser.issues).not_to be_empty
+            expect(@parser.issues.count).to eq(3)
+          end
+
+          it 'maps name' do
+            expect(@issue.file_name).to eq(FIRST_ISSUE[:filename])
+          end
+
+          it 'maps id' do
+            expect(@issue.id).to eq(FIRST_ISSUE[:test_id])
+          end
+
+          it 'maps line' do
+            expect(@issue.line).to eq(FIRST_ISSUE[:line_number])
+          end
+
+          it 'maps severity' do
+            expect(@issue.severity).to eq(FIRST_ISSUE[:issue_severity])
+          end
+
+          it 'maps message' do
+            expect(@issue.message).to eq(FIRST_ISSUE[:issue_text])
+          end
+
+          it 'maps name' do
+            expect(@issue.name).to eq(FIRST_ISSUE[:test_name])
+          end
+        end
+
+        context 'empty results' do
+          it 'has no issues' do
+            @parser.parse(Assets::BANDIT_EMPTY)
+            expect(@parser.issues).to be_empty
+          end
+        end
+
+        context 'missing results' do
+          it 'raises error' do
+            expect { @parser.parse(Assets::BANDIT_MISSING_RESULTS) }.to raise_error(BanditParser::ERROR_MISSING_KEY)
+          end
+        end
+
+        context 'missing file' do
+          it 'raises error' do
+            file_name = 'invalid.json'
+            expect { @parser.parse(file_name) }.to raise_error(format(Parser::ERROR_FILE_NOT_EXIST, file_name))
+          end
+        end
+      end
+
+      describe 'unsupported type' do
+        it 'raises error' do
+          file_name = 'hello.txt'
+          ext = File.extname(file_name).delete('.')
+          expect { @parser.parse(file_name) }.to raise_error(format(Parser::ERROR_EXT_NOT_SUPPORTED,
+                                                                    ext,
+                                                                    @parser.class.name))
+        end
+      end
+    end
+  end
+end

data/spec/parser/parser_factory_spec.rb

@@ -0,0 +1,34 @@
+require_relative '../spec_helper'
+require_relative '../../lib/warnings/parser/parser_factory'
+
+module Warnings
+  describe ParserFactory do
+    context '#get' do
+      it 'unknown symbol' do
+        expect { ParserFactory.create(:unknown) }.to raise_error('Parser \'unknown\' not supported.')
+      end
+
+      it 'unknown int' do
+        expect { ParserFactory.create(123) }.to raise_error('Parser \'123\' not supported.')
+      end
+
+      it 'unknown string' do
+        expect { ParserFactory.create('unknown') }.to raise_error('Parser \'unknown\' not supported.')
+      end
+
+      context 'bandit' do
+        it 'symbol' do
+          result = ParserFactory.create(:bandit)
+          expect(result).not_to be_nil
+          expect(result).to be_a(BanditParser)
+        end
+
+        it 'string' do
+          result = ParserFactory.create('bandit')
+          expect(result).not_to be_nil
+          expect(result).to be_a(BanditParser)
+        end
+      end
+    end
+  end
+end

data/spec/reporter_spec.rb

@@ -0,0 +1,255 @@
+require_relative 'spec_helper'
+require_relative '../lib/warnings/reporter'
+require 'danger'
+
+module Warnings
+  describe Reporter do
+    BANDIT_FILE_1 = 'example/ply/yacc_1.py'.freeze
+
+    before do
+      @dangerfile = testing_dangerfile
+      @reporter = Reporter.new(@dangerfile)
+
+      @dangerfile.git.stubs(:modified_files).returns(%w())
+      @dangerfile.git.stubs(:added_files).returns(%w())
+    end
+
+    context '#name' do
+      it 'returns default' do
+        expect(@reporter.name).to eq(Reporter::DEFAULT_NAME)
+      end
+
+      context 'set' do
+        REPORTER_TEST_NAME = 'My Test Name Report'.freeze
+
+        before do
+          @reporter.name = REPORTER_TEST_NAME
+        end
+
+        it 'without parser' do
+          expect(@reporter.parser).to be_nil
+          expect(@reporter.name).to eq(REPORTER_TEST_NAME)
+        end
+
+        it 'with parser' do
+          @reporter.parser = :bandit
+          expect(@reporter.parser).not_to be_nil
+          expect(@reporter.parser_impl).not_to be_nil
+          expect(@reporter.name).to eq(REPORTER_TEST_NAME)
+        end
+      end
+
+      context 'not set' do
+        it 'without parser' do
+          expect(@reporter.parser).to be_nil
+          expect(@reporter.parser_impl).to be_nil
+          expect(@reporter.name).to eq(Reporter::DEFAULT_NAME)
+        end
+
+        it 'with parser' do
+          @reporter.parser = :bandit
+          expect(@reporter.parser).not_to be_nil
+          expect(@reporter.parser_impl).not_to be_nil
+          expect(@reporter.name).to eq("#{BanditParser::NAME} #{Reporter::DEFAULT_NAME}")
+        end
+      end
+    end
+
+    context '#parser' do
+      context 'valid name' do
+        it 'sets #parser and #parser_impl' do
+          @reporter.parser = :bandit
+          expect(@reporter.parser).to eq(:bandit)
+          expect(@reporter.parser_impl).not_to be_nil
+          expect(@reporter.parser_impl).to be_a(BanditParser)
+        end
+      end
+
+      context 'invalid name' do
+        it 'setter raises error' do
+          expect { @reporter.parser = :unknown }.to raise_error(format(ParserFactory::ERROR_NOT_SUPPORTED,
+                                                                       'unknown'))
+        end
+      end
+    end
+
+    context '#report' do
+      it 'raises if no parser' do
+        expect(@reporter.parser).to be_nil
+        expect { @reporter.report }.to raise_error(Reporter::ERROR_PARSER_NOT_SET)
+      end
+
+      it 'raises if no file' do
+        @reporter.parser = :bandit
+        expect(@reporter.file).to be_nil
+        expect { @reporter.report }.to raise_error(Reporter::ERROR_FILE_NOT_SET)
+      end
+
+      it 'does not report markdown if no issues' do
+        @reporter.parser = :bandit
+        @reporter.file = Assets::BANDIT_EMPTY
+        @reporter.report
+        @reporter.inline = false
+        expect(@dangerfile.status_report[:markdowns]).to be_empty
+        expect(@dangerfile.status_report[:warnings]).to be_empty
+        expect(@dangerfile.status_report[:messages]).to be_empty
+        expect(@dangerfile.status_report[:errors]).to be_empty
+      end
+
+      it 'does not report inline if no issues' do
+        @reporter.parser = :bandit
+        @reporter.file = Assets::BANDIT_EMPTY
+        @reporter.inline = true
+        @reporter.report
+        expect(@dangerfile.status_report[:markdowns]).to be_empty
+        expect(@dangerfile.status_report[:warnings]).to be_empty
+        expect(@dangerfile.status_report[:messages]).to be_empty
+        expect(@dangerfile.status_report[:errors]).to be_empty
+      end
+
+      context 'inline' do
+        before do
+          @reporter.parser = :bandit
+          @reporter.file = Assets::BANDIT_JSON
+          @reporter.filter = false
+        end
+
+        it 'defaults inline false' do
+          expect(@reporter.inline).not_to be_truthy
+        end
+
+        it 'inline false generates markdown' do
+          @reporter.inline = false
+
+          @reporter.report
+          expect(@dangerfile.status_report[:markdowns]).not_to be_empty
+          expect(@dangerfile.status_report[:warnings]).to be_empty
+          expect(@dangerfile.status_report[:messages]).to be_empty
+          expect(@dangerfile.status_report[:errors]).to be_empty
+        end
+
+        it 'inline true generates warnings for files' do
+          @reporter.inline = true
+
+          @reporter.report
+          expect(@dangerfile.status_report[:markdowns]).to be_empty
+          expect(@dangerfile.status_report[:warnings]).not_to be_empty
+          expect(@dangerfile.status_report[:messages]).to be_empty
+          expect(@dangerfile.status_report[:errors]).to be_empty
+          expect(@dangerfile.violation_report[:warnings].first.file).not_to be_empty
+          expect(@dangerfile.violation_report[:warnings].first.line).not_to eq(0)
+        end
+      end
+
+      context 'fail_error' do
+        before do
+          @reporter.parser = :bandit
+          @reporter.file = Assets::BANDIT_JSON
+        end
+
+        it 'default fail_error false' do
+          expect(@reporter.fail_error).not_to be_truthy
+        end
+
+        context 'markdown' do
+          before do
+            @reporter.inline = false
+            @reporter.filter = false
+          end
+
+          it 'fail_error false generates no error' do
+            @reporter.fail_error = false
+
+            @reporter.report
+            expect(@dangerfile.status_report[:markdowns]).not_to be_empty
+            expect(@dangerfile.status_report[:warnings]).to be_empty
+            expect(@dangerfile.status_report[:messages]).to be_empty
+            expect(@dangerfile.status_report[:errors]).to be_empty
+          end
+
+          it 'fail_error false generates error message' do
+            @reporter.fail_error = true
+
+            @reporter.report
+            expect(@dangerfile.status_report[:markdowns]).not_to be_empty
+            expect(@dangerfile.status_report[:warnings]).to be_empty
+            expect(@dangerfile.status_report[:messages]).to be_empty
+            expect(@dangerfile.status_report[:errors]).not_to be_empty
+            error = @dangerfile.status_report[:errors].first
+            expect(error).not_to eq(Reporter::ERROR_HIGH_SEVERITY)
+          end
+        end
+
+        context 'inline' do
+          before do
+            @reporter.inline = true
+            @reporter.filter = false
+          end
+
+          it 'fail_error false generates no error' do
+            @reporter.fail_error = false
+
+            @reporter.report
+            expect(@dangerfile.status_report[:markdowns]).to be_empty
+            expect(@dangerfile.status_report[:warnings]).not_to be_empty
+            expect(@dangerfile.status_report[:messages]).to be_empty
+            expect(@dangerfile.status_report[:errors]).to be_empty
+          end
+
+          it 'fail_error false generates error message' do
+            @reporter.fail_error = true
+
+            @reporter.report
+            expect(@dangerfile.status_report[:markdowns]).to be_empty
+            expect(@dangerfile.status_report[:warnings]).not_to be_empty
+            expect(@dangerfile.status_report[:messages]).to be_empty
+            expect(@dangerfile.status_report[:errors]).not_to be_empty
+            error = @dangerfile.status_report[:errors].first
+            expect(error).to include('High')
+          end
+        end
+      end
+
+      context 'filter' do
+        before do
+          @reporter.parser = :bandit
+          @reporter.file = Assets::BANDIT_JSON
+          @dangerfile.git.stubs(:modified_files).returns(%W(#{BANDIT_FILE_1}))
+        end
+
+        it 'defaults filter true' do
+          expect(@reporter.filter).to be_truthy
+        end
+
+        it 'filter false takes all issues' do
+          @reporter.inline = true
+          @reporter.filter = false
+
+          @reporter.report
+          expect(@dangerfile.violation_report[:warnings].size).to eq(3)
+        end
+
+        it 'filter true rejects unmodified files' do
+          @reporter.inline = true
+          @reporter.filter = true
+
+          @reporter.report
+          expect(@dangerfile.violation_report[:warnings].size).to eq(1)
+          expect(@dangerfile.violation_report[:warnings].first.file).to eq(BANDIT_FILE_1)
+        end
+
+        it 'uses baseline if set' do
+          directory = 'pre/dir'
+          @reporter.inline = true
+          @reporter.filter = true
+          @reporter.baseline = directory
+          @dangerfile.git.stubs(:modified_files).returns(%W(#{directory}/#{BANDIT_FILE_1}))
+
+          @reporter.report
+          expect(@dangerfile.violation_report[:warnings].size).to eq(1)
+          expect(@dangerfile.violation_report[:warnings].first.file).to eq(BANDIT_FILE_1)
+        end
+      end
+    end
+  end
+end