danger-warnings 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 1700e0b2ada290034b7845b68d581e81c73997f235d038f46903ec00526a3074
+  data.tar.gz: 482a5cd7478ce44da357b53f9932d06f64eac91adfab014ba205942434319dd2
+SHA512:
+  metadata.gz: 682d89cec48fff79bb526b88fec0e0c628db4a88b7f52dcc39a2603913d4e09b1798ffbf33beb9cf31697d56ce8a94ffd73159bdbc159ae313f44698f3f34ccb
+  data.tar.gz: cddb903ba7cfd7b8532360adb1c598f49eaa64d4c5a770c0c83a73088c16f89425a166bd200e4e8a153832829f8d487d2400eec64d20b47711874ce05e8ab388

data/.gitignore

@@ -0,0 +1,8 @@
+.DS_Store
+pkg
+.idea/
+.yardoc
+Gemfile.lock
+coverage
+rubocop-result.json
+*.gem

data/.rubocop.yml

@@ -0,0 +1,45 @@
+# Defaults can be found here: https://github.com/bbatsov/rubocop/blob/master/config/default.yml
+
+AllCops:
+  TargetRubyVersion: 2.2
+
+# kind_of? is a good way to check a type
+Style/ClassCheck:
+  EnforcedStyle: kind_of?
+
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 350
+
+# Configuration parameters: AllowURI, URISchemes.
+Metrics/LineLength:
+  Max: 200
+  Exclude:
+    - "**/*_spec.rb"
+
+Metrics/ModuleLength:
+  Exclude:
+    - "**/*_spec.rb"
+
+Metrics/MethodLength:
+  Max: 60
+
+Layout/MultilineMethodCallIndentation:
+  EnforcedStyle: indented
+
+Metrics/BlockLength:
+  Max: 345
+  Exclude:
+    - "**/*_spec.rb"
+
+PercentLiteralDelimiters:
+  PreferredDelimiters:
+    "%":  ()
+    "%i": ()
+    "%q": ()
+    "%Q": ()
+    "%r": "{}"
+    "%s": ()
+    "%w": ()
+    "%W": ()
+    "%x": ()

data/.travis.yml

@@ -0,0 +1,27 @@
+language: ruby
+
+rvm:
+  - 2.2
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
+
+addons:
+  sonarcloud:
+    organization: "kyaak-github"
+    token:
+      secure: "W3BNwC9uNk85qCO6MN74gYEpZ1J63iQ/1bDS7TE69QZzuvwzcyt4tRB5rH2YXXrDgxX+f+pNEKyordR3C92PKZDcUXTiLJH5eWWBJNKf37yv38dw7hrz48hoCzOXYkIuEO9nU9+SUmQUDTshy3h05cfJOKRQihvaRzucP7OJzb8vXX8UEY2V71Yf6xyxkAzvqogBxyr21yIh90WuSE7MCwFqu05bQIIXao7oILUAWRqh1zHZaIPEWSS8rdldbh9BXSWLHkCgYo6kajZHKo+fG5tol9MLkann5TiqVHoLkTjh76V6zDgWGa5EpMjnSxUKp8KkshVtF8u3QHKkFcFRV51s1t6XRYPKfDRtgOQ3+Yq2+F93L3MNtkgfmrgoKXsZ4Sdf9y2cwSGp+GH0YSjsaTcmC/K2irZuKEOtr44Ye3jfcDzMpZRiGgpvx2+cXXvGWvJoMaOWgyIjJbkjIBKAM4/Tq15uWnv7W5ajaQnxHH/gSaC3OwI3aebPjeJV5/RaBpOGK/MaYS8AohGY8HAlvM+UWRhcI2rZ9sMvMl/jQxjF3BiZwE2KpsNiyoQ8s/wDMJeC27uMFmljyiUXu77OWeWGRV3hWWeaWJLbRbWVJRzoIAsJ/PyZX0LudS5k5lJZePutHHxcf/rAHUyT/eMqbnFtIOOxyH0nR/esvPghz90="
+
+script:
+  - bundle exec rake spec
+  - sonar-scanner
+
+deploy:
+  provider: rubygems
+  api_key:
+    secure: "Ce11z+EqDjKfZWe587qw024tfsjkyAhMVvLFGMHbtmXwXLGkJyWZl65t0jLdAyuD41kl7kzImz3ZckMpdFaAR/4m3Lh4iRkeXParv5mr/lE+veMFuAT3hI4pU+ha/Z0nqfPnBOpsqie884G3VD5U2FVtG6fSJ0Ht7wjmGJBy7V8ccmnpVvZnJu4mUVDAMszBRRRc3OoEik3xM+w6cAwh1rdwqKwiOGjrih84GIJd4YCzmZ9GK2hSzXaycVLO5M5155b81IiciTMlVBMHpHJtICQ6Qafm25pW5j0d1L1/YXK5OfA03vHOVCcw9u4kWjjJuMQKhSAdCFEBEMccDBjtwEPZwzpJtjNbQPs2oWuiHiWfSaumVQLHgjnaqjUjIjEQ/r1FOtziH65393AGVwleqjWXlG/0keSvXymP5yBMcwoj5gTpRN4Bsir14WE+QzVmX0wb2tXzqMFrCY8Z6MYJscoNLtbyFbqPvNuft4qjT75M9DUv3g2djbD/0CcjQT5QQgUR+o6Lt6jtMPM4Lyq76eWpn6wDCJmirf8eYg3ocVCc4rYLIUPMr+SgSk/PE2t3s4NCMWHVkTucfIqQ/70I+39dy4m+GkVJS8l8ZF2rHzA537isY7P7UX5J2D2mWYbY2IK8/iVQm4IX6cDxAZRdGlnUvbIC4iD6AMZVn/ve+bo="
+  gem: danger-warnings
+  on:
+    branch: master
+    rvm: 2.6

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.0.1] - 2019-01-21
+### Added
+- Initial release
+- Add [bandit](https://github.com/PyCQA/bandit) parser support

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in danger-warnings.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,19 @@
+# A guardfile for making Danger Plugins
+# For more info see https://github.com/guard/guard#readme
+
+# To run, use `bundle exec guard`.
+
+guard :rspec, cmd: 'bundle exec rspec' do
+  require 'guard/rspec/dsl'
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2019 Kyaak <kyaak.dev@gmail.com>
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,213 @@
+<h1 align="center">danger-warnings</h1>
+
+<div align="center">
+  <!-- Sonar Cloud -->
+  <a href="https://sonarcloud.io/dashboard?id=Kyaak_danger-warnings">
+    <img src="https://sonarcloud.io/images/project_badges/sonarcloud-white.svg"
+      alt="Sonar Cloud" />
+  </a>
+</div>
+
+</br>
+
+<div align="center">
+  <!-- Build Status -->
+  <a href="https://travis-ci.org/Kyaak/danger-warnings">
+    <img src="https://img.shields.io/travis/choojs/choo/master.svg"
+      alt="Build Status" />
+  </a>
+  <!-- Quality Gate -->
+  <a href="https://sonarcloud.io/dashboard?id=Kyaak_danger-warnings">
+    <img src="https://sonarcloud.io/api/project_badges/measure?project=Kyaak_danger-warnings&metric=alert_status"
+      alt="Quality Gate" />
+  </a>
+</div>
+
+<div align="center">
+  <!-- Reliability Rating -->
+  <a href="https://sonarcloud.io/dashboard?id=Kyaak_danger-warnings">
+    <img src="https://sonarcloud.io/api/project_badges/measure?project=Kyaak_danger-warnings&metric=reliability_rating"
+      alt="Reliability Rating" />
+  </a>
+  <!-- Security Rating -->
+  <a href="https://sonarcloud.io/dashboard?id=Kyaak_danger-warnings">
+    <img src="https://sonarcloud.io/api/project_badges/measure?project=Kyaak_danger-warnings&metric=security_rating"
+      alt="Security Rating" />
+  </a>
+  <!-- Maintainabiltiy -->
+  <a href="https://sonarcloud.io/dashboard?id=Kyaak_danger-warnings">
+    <img src="https://sonarcloud.io/api/project_badges/measure?project=Kyaak_danger-warnings&metric=sqale_rating"
+      alt="Maintainabiltiy" />
+  </a>
+</div>
+
+<div align="center">
+  <!-- Code Smells -->
+  <a href="https://sonarcloud.io/dashboard?id=Kyaak_danger-warnings">
+    <img src="https://sonarcloud.io/api/project_badges/measure?project=Kyaak_danger-warnings&metric=code_smells"
+      alt="Code Smells" />
+  </a>
+  <!-- Bugs -->
+  <a href="https://sonarcloud.io/dashboard?id=Kyaak_danger-warnings">
+    <img src="https://sonarcloud.io/api/project_badges/measure?project=Kyaak_danger-warnings&metric=bugs"
+      alt="Bugs" />
+  </a>
+  <!-- Vulnerabilities -->
+  <a href="https://sonarcloud.io/dashboard?id=Kyaak_danger-warnings">
+    <img src="https://sonarcloud.io/api/project_badges/measure?project=Kyaak_danger-warnings&metric=vulnerabilities"
+      alt="Vulnerabilities" />
+  </a>
+  <!-- Technical Dept -->
+  <a href="https://sonarcloud.io/dashboard?id=Kyaak_danger-warnings">
+    <img src="https://sonarcloud.io/api/project_badges/measure?project=Kyaak_danger-warnings&metric=sqale_index"
+      alt="Technical Dept" />
+  </a>
+</div>
+
+<div align="center">
+  <!-- Coverage -->
+  <a href="https://sonarcloud.io/dashboard?id=Kyaak_danger-warnings">
+    <img src="https://sonarcloud.io/api/project_badges/measure?project=Kyaak_danger-warnings&metric=coverage"
+      alt="Coverage" />
+  </a>
+  <!-- Docs -->
+  <a href="http://inch-ci.org/github/Kyaak/danger-warnings">
+    <img src="http://inch-ci.org/github/Kyaak/danger-warnings.svg?branch=master"
+      alt="Docs" />
+  </a>
+</div>
+
+</br>
+
+This [danger](https://github.com/danger/danger) plugin provides a uniform report format for various lint [tools](#parsers). <br>
+The purpose is a simple to use plugin regardless of the linter tool used to create the issues.
+
+## Table of Contents
+- [How it looks like](#how-does-it-look)
+- [Installation](#installation)
+- [Examples](#examples)
+- [Configuration](#configuration)
+- [Parsers](#parsers)
+
+## How it looks like
+
+### As markdown
+**Bandit Report**
+
+Severity|File|Message
+---|---|---
+Low|example/ply/yacc_1.py:2853|[B403-blacklist] Consider possible security implications associated with pickle module.
+Medium|example/ply/yacc_2.py:3255|[B102-exec_used] Use of exec detected.
+High|example/ply/yacc_3.py:3255|[B102-exec_used] Use of exec detected.
+
+### As inline comment
+```text
+Low
+[B403-blacklist]
+Consider possible security implications associated with pickle module.
+```
+
+## Installation
+
+```bash
+$ gem install danger-warnings
+``` 
+
+## Examples
+```text
+Methods and attributes from this plugin are available in 
+your `Dangerfile` under the `warnings` namespace.
+```
+
+#### Minimal example:
+```ruby
+# Create a bandit report with default settings.
+warnings.report(          
+  parser: :bandit,
+  file: 'reports/bandit.json'         
+)
+```
+
+#### Simple example: 
+```ruby
+# Create a bandit report with a custom name, fails if any high warning exists 
+# and evaluates all issues (not only the changed files) .
+warnings.report( 
+  name: 'My Bandit Report',            
+  parser: :bandit,
+  file: 'reports/bandit.json',
+  fail_error: true,
+  filter: false         
+)
+```
+
+#### Complex example:
+```ruby
+# Define base settings to be applied to all new reporter.
+warnings.inline = true
+warning.fail_error = true
+
+# Use custom names to separate the table reports in the danger comment. 
+warnings.report(
+  name: 'Report 1',          
+  parser: :bandit,
+  file: 'reports/bandit.json'
+  # Not necessary because already defined as default.   
+  # inline: true,
+  # fail_error: true      
+)
+
+warnings.report( 
+  name: 'Report 2',         
+  parser: :bandit,
+  file: 'reports/bandit.json'         
+  # Not necessary because already defined as default.   
+  # inline: true,
+  # fail_error: true      
+)
+
+warnings.report( 
+  name: 'Report 3',         
+  parser: :bandit,
+  file: 'reports/bandit.json',         
+  # Override the newly defined default settings only for this reporter.   
+  inline: false,
+  fail_error: false      
+)
+```
+
+## Configuration
+
+#### Override default settings
+These values apply to all reports. <br>
+It is possible to override the values in the `report` method.
+
+|Field|Default|Description|
+|---|---|---|
+|warnings.**inline**|`False`| Whether to comment as markdown report or do an inline comment on the file.
+|warnings.**filter**|`True`| Whether to filter and report only for changes (modified, created) files. If this is set to false, all issues of a report are included in the comment.
+|warnings.**fail_error**|`False`| Whether to fail if any `High` issue is reported.
+
+#### Create a report
+The method `warnings.report(*args)` is the main method of this plugin. <br>
+Configure the details of your report using the arguments passed by.
+
+|Parameter|Class|Description|
+|---|---|---|
+|name|`String`| A custom name for this report. If none is given, the parser name is used. Useful to separate different reports using the same common style (e.g. checkstyle).
+|parser|`Symbol`, `String`| Define the parser to evaluate the report file. Must be a key of the supported [parser](#parsers)
+|file|`String`| Path to the file to read and parse.
+|baseline|`String`| Define a baseline for your files. Useful if the report removes a path segment but is required to identify them in the repository. E.g. `/src/main/java`
+
+All [default](#override-default-settings) fields can be passed as parameters to `report`.
+- inline
+- filter
+- fail_error
+
+These will override the configuration for this report **only**.
+
+## Parsers
+
+|Number|Name|ID|File Format|
+|:---:|---|---|---|
+|1|[bandit](https://github.com/PyCQA/bandit)|bandit|json|

data/Rakefile

@@ -0,0 +1,26 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+RSpec::Core::RakeTask.new(:specs)
+
+task default: :specs
+
+task :spec do
+  Rake::Task['specs'].invoke
+  Rake::Task['rubocop'].invoke
+  Rake::Task['spec_docs'].invoke
+end
+
+desc 'Run RuboCop on the lib/specs directory'
+RuboCop::RakeTask.new(:rubocop) do |task|
+  task.patterns = %w(lib/**/*.rb spec/**/*.rb)
+  task.fail_on_error = false
+  task.formatters = %w(simple json)
+  task.options = %w(--out rubocop-result.json)
+end
+
+desc 'Ensure that the plugin passes `danger plugins lint`'
+task :spec_docs do
+  sh 'bundle exec danger plugins lint'
+end

data/danger-warnings.gemspec

@@ -0,0 +1,54 @@
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'warnings/gem_version.rb'
+
+Gem::Specification.new do |spec|
+  spec.name = 'danger-warnings'
+  spec.version = Warnings::VERSION
+  spec.authors = ['Kyaak']
+  spec.email = ['kyaak.dev@gmail.com']
+  spec.description = 'Report lint warnings'
+  spec.summary = 'Report lint warnings of different tools.'
+  spec.homepage = 'https://github.com/Kyaak/danger-warnings'
+  spec.license = 'MIT'
+
+  spec.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
+  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.required_ruby_version = '>=2.2.0'
+
+  spec.add_runtime_dependency 'abstract_method', '~> 1.2'
+  spec.add_runtime_dependency 'danger-plugin-api', '~> 1.0'
+
+  # General ruby development
+  spec.add_development_dependency 'bundler', '>= 1.3'
+  spec.add_development_dependency 'rake', '~> 10.0'
+
+  # Testing support
+  spec.add_development_dependency 'mocha', '~> 1.2'
+  spec.add_development_dependency 'rspec', '~> 3.4'
+  spec.add_development_dependency 'simplecov', '~> 0.16'
+  spec.add_development_dependency 'simplecov-console', '~> 0.4'
+
+  # Linting code and docs
+  spec.add_development_dependency 'rubocop', '~> 0.60'
+  spec.add_development_dependency 'yard', '~> 0.9'
+
+  # Makes testing easy via `bundle exec guard`
+  spec.add_development_dependency 'guard', '~> 2.14'
+  spec.add_development_dependency 'guard-rspec', '~> 4.7'
+
+  # If you want to work on older builds of ruby
+  spec.add_development_dependency 'listen', '3.0.7'
+
+  # This gives you the chance to run a REPL inside your tests
+  # via:
+  #
+  #    require 'pry'
+  #    binding.pry
+  #
+  # This will stop test execution and let you inspect the results
+  spec.add_development_dependency 'pry'
+end