gergich 0.1.7 → 0.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c38af223553a1be7a59333cfe4ce0a770f9b0c98
-  data.tar.gz: 423428f965055f10cb76f90b3784c9a49a2b33c5
+  metadata.gz: 5e91d3e160dc26c60885d5a592ab9eef51391b70
+  data.tar.gz: 40f9cebef25b558687f6d53f4a2e7494184bb006
 SHA512:
-  metadata.gz: 6b37e574c51108d6028f291aa401303235ee649156e8d85a3f417ba371d3e0b30e9bc54073aeb691f1c7319d8c57b1916d178a556d473dee5e99dad214e03989
-  data.tar.gz: e2fa437864953c6097ffb742ff94b29b4de5247f5f64fbf9362b4fe9ededbaa576809cfa0cab20e24f809a447db7b64b942701a3935b07e3f55b2e1a4f815cac
+  metadata.gz: c67f46bb7276417ca22c799436a5dc01f009a182d42ec687ad354749dc0ed96c3eb56c480334538efbb2e7124b6096b7b932181888429d0ad92a7ce2be9b07d8
+  data.tar.gz: e671d7cfdee7698b2738aa0ff5c4bc4dba82b8dbf405d7852a509e0e4c4d3e5cd6e9c781063ad98d738e6913bb769d31f3e67d5a4a4005fee5931da2fe29619c

data/README.md

@@ -99,6 +99,7 @@ do `gergich comment` calls so you don't have to wire it up yourself.
 
 `<format>` - One of the following:
 
+* `brakeman`
 * `rubocop`
 * `eslint`
 * `i18nliner`

data/lib/gergich.rb

@@ -135,15 +135,15 @@ module Gergich
       puts "Cover Message:"
       puts review_info[:cover_message]
 
-      unless review_info[:comments].empty?
-        puts
-        puts "Inline Comments:"
-        puts
+      return if review_info[:comments].empty?
 
-        review_info[:comments].each do |file, comments|
-          comments.each do |comment|
-            puts "#{file}:#{comment[:line] || comment[:range]['start_line']}\n#{comment[:message]}"
-          end
+      puts
+      puts "Inline Comments:"
+      puts
+
+      review_info[:comments].each do |file, comments|
+        comments.each do |comment|
+          puts "#{file}:#{comment[:line] || comment[:range]['start_line']}\n#{comment[:message]}"
         end
       end
     end
@@ -362,10 +362,10 @@ module Gergich
     POSITION_KEYS = %w[end_character end_line start_character start_line].freeze
     def valid_position?(position)
       (
-        position.is_a?(Fixnum) && position >= 0
+        position.is_a?(Integer) && position >= 0
       ) || (
         position.is_a?(Hash) && position.keys.sort == POSITION_KEYS &&
-        position.values.all? { |v| v.is_a?(Fixnum) && v >= 0 }
+        position.values.all? { |v| v.is_a?(Integer) && v >= 0 }
       )
     end
 
@@ -407,7 +407,7 @@ module Gergich
     end
 
     def min_comment_score
-      all_comments.inject(0) { |a, e| [a, e.min_score].min }
+      all_comments.inject(0) { |acc, elem| [acc, elem.min_score].min }
     end
 
     def changed_files
@@ -441,7 +441,7 @@ module Gergich
       other_comments.each do |file|
         file.comments.each do |position, comments|
           comments.each do |comment|
-            line = position.is_a?(Fixnum) ? position : position["start_line"]
+            line = position.is_a?(Integer) ? position : position["start_line"]
             message << "\n\n#{file.path}:#{line}: #{comment}"
           end
         end
@@ -482,8 +482,8 @@ module Gergich
     def to_a
       comments.map do |position, position_comments|
         comment = position_comments.join("\n\n")
-        position_key = position.is_a?(Fixnum) ? :line : :range
-        position = JSON.parse(position) unless position.is_a?(Fixnum)
+        position_key = position.is_a?(Integer) ? :line : :range
+        position = JSON.parse(position) unless position.is_a?(Integer)
         {
           :message => comment,
           position_key => position

data/lib/gergich/capture/brakeman_capture.rb

@@ -0,0 +1,29 @@
+module Gergich
+  module Capture
+    class BrakemanCapture < BaseCapture
+      # Map Brakeman "confidence level" to severity.
+      # http://brakemanscanner.org/docs/confidence/
+      SEVERITY_MAP = {
+        "Weak"   => "warn",
+        "Medium" => "warn",
+        "High"   => "error"
+      }.freeze
+
+      def run(output)
+        # See brakeman_example.json for sample output.
+        JSON.parse(output)["warnings"].map { |warning|
+          message = "[brakeman] #{warning['warning_type']}: #{warning['message']}"
+          message += "\n  Code: #{warning['code']}" if warning["code"]
+          message += "\n  User Input: #{warning['user_input']}" if warning["user_input"]
+          message += "\n  See: #{warning['link']}" if warning["link"]
+          {
+            path: warning["file"],
+            position: warning["line"] || 0,
+            message: message,
+            severity: SEVERITY_MAP[warning["confidence"]]
+          }
+        }.compact
+      end
+    end
+  end
+end

data/lib/gergich/capture/rubocop_capture.rb

@@ -22,8 +22,12 @@ module Gergich
 
         output.scan(pattern).map { |file, line, severity, error, context|
           context = "\n\n" + context.gsub(/^/, " ") if context
-          { path: file, message: "[rubocop] #{error}#{context}",
-            position: line.to_i, severity: SEVERITY_MAP[severity] }
+          {
+            path: file,
+            position: line.to_i,
+            message: "[rubocop] #{error}#{context}",
+            severity: SEVERITY_MAP[severity]
+          }
         }.compact
       end
     end

data/lib/gergich/cli/gergich.rb

@@ -201,6 +201,7 @@ For common linting formats, `gergich capture` can be used to automatically
 do `gergich comment` calls so you don't have to wire it up yourself.
 
 <format>        - One of the following:
+                  * brakeman
                   * rubocop
                   * eslint
                   * i18nliner

data/spec/gergich/capture/brakeman_capture_spec.rb

@@ -0,0 +1,89 @@
+require_relative "../../support/capture_shared_examples"
+
+RSpec.describe Gergich::Capture::BrakemanCapture do
+  let(:output) do
+    File.read(
+      File.expand_path(File.dirname(__FILE__) + "/brakeman_example.json")
+    )
+  end
+
+  let(:comments) do
+    [
+      {
+        path:     "app/models/custom_data.rb",
+        position: 36,
+        message:  <<-MESSAGE.strip,
+[brakeman] Attribute Restriction: attr_accessible is recommended over attr_protected
+  See: http://brakemanscanner.org/docs/warning_types/attribute_restriction/
+                  MESSAGE
+        severity: "warn"
+      },
+      {
+        path:     "app/models/submission_comment.rb",
+        position: 0,
+        message:  <<-MESSAGE.strip,
+[brakeman] Mass Assignment: Potentially dangerous attribute available for mass assignment
+  Code: :context_id
+  See: http://brakemanscanner.org/docs/warning_types/mass_assignment/
+                  MESSAGE
+        severity: "warn"
+      },
+      {
+        path:     "app/controllers/context_controller.rb",
+        position: 60,
+        message:  <<-MESSAGE.strip,
+[brakeman] Redirect: Possible unprotected redirect
+  Code: redirect_to(CanvasKaltura::ClientV3.new.assetSwfUrl(params[:id]))
+  User Input: params[:id]
+  See: http://brakemanscanner.org/docs/warning_types/redirect/
+                  MESSAGE
+        severity: "warn"
+      },
+      {
+        path:     "app/views/context/object_snippet.html.erb",
+        position: 6,
+        message:  <<-MESSAGE.strip,
+[brakeman] Cross Site Scripting: Unescaped parameter value
+  Code: Base64.decode64((params[:object_data] or ""))
+  User Input: params[:object_data]
+  See: http://brakemanscanner.org/docs/warning_types/cross_site_scripting
+        MESSAGE
+        severity: "warn"
+      },
+      {
+        path:     "app/models/account.rb",
+        position: 795,
+        message:  <<-MESSAGE.strip,
+[brakeman] SQL Injection: Possible SQL injection
+  Code: Account.find_by_sql(Account.sub_account_ids_recursive_sql(parent_account_id))
+  User Input: Account.sub_account_ids_recursive_sql(parent_account_id)
+  See: http://brakemanscanner.org/docs/warning_types/sql_injection/
+        MESSAGE
+        severity: "error"
+      },
+      {
+        path:     "lib/cc/importer/blti_converter.rb",
+        position: 145,
+        message:  <<-MESSAGE.strip,
+[brakeman] SSL Verification Bypass: SSL certificate verification was bypassed
+  Code: Net::HTTP.new(URI.parse(url).host, URI.parse(url).port).verify_mode = OpenSSL::SSL::VERIFY_NONE
+  See: http://brakemanscanner.org/docs/warning_types/ssl_verification_bypass/
+        MESSAGE
+        severity: "error"
+      },
+      {
+        path:     "lib/cc/importer/canvas/quiz_converter.rb",
+        position: 44,
+        message:  <<-MESSAGE.strip,
+[brakeman] Command Injection: Possible command injection
+  Code: `\#{Qti.get_conversion_command(File.join(qti_folder, "qti_2_1"), qti_folder)}`
+  User Input: Qti.get_conversion_command(File.join(qti_folder, "qti_2_1"), qti_folder)
+  See: http://brakemanscanner.org/docs/warning_types/command_injection/
+        MESSAGE
+        severity: "warn"
+      }
+    ]
+  end
+
+  it_behaves_like "a captor"
+end

data/spec/gergich/capture/rubocop_capture_spec.rb

@@ -23,10 +23,10 @@ lib/gergich.rb:22:55: W: Line is too long. [55/54]
         path: "lib/gergich.rb",
         position: 22,
         message: <<-OUTPUT,
-        [rubocop] Line is too long. [55/54]
+[rubocop] Line is too long. [55/54]
 
-             def initialize(ref = "HEAD", revision_number = nil)
-                                                              ^^
+     def initialize(ref = "HEAD", revision_number = nil)
+                                                      ^^
         OUTPUT
         severity: "warn"
       }

data/spec/support/capture_shared_examples.rb

@@ -11,7 +11,7 @@ RSpec.shared_examples_for "a captor" do
   end
 
   it "catches errors" do
-    comments = subject.run(output)
-    expect(comments).to match_array(comments)
+    parsed_comments = subject.run(output)
+    expect(parsed_comments).to match_array(comments)
   end
 end

metadata

@@ -1,43 +1,99 @@
 --- !ruby/object:Gem::Specification
 name: gergich
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.1.8
 platform: ruby
 authors:
 - Jon Jensen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-26 00:00:00.000000000 Z
+date: 2016-12-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Gergich is a little command-line tool for wiring up linters to Gerrit
   so you can get nice inline comments right on the review
 email: jon@instructure.com
@@ -56,6 +112,7 @@ files:
 - lib/gergich.rb
 - lib/gergich/capture.rb
 - lib/gergich/capture/androidlint_capture.rb
+- lib/gergich/capture/brakeman_capture.rb
 - lib/gergich/capture/eslint_capture.rb
 - lib/gergich/capture/flake8_capture.rb
 - lib/gergich/capture/i18nliner_capture.rb
@@ -66,6 +123,7 @@ files:
 - lib/gergich/cli/gergich.rb
 - lib/gergich/cli/master_bouncer.rb
 - spec/gergich/capture/androidlint_capture_spec.rb
+- spec/gergich/capture/brakeman_capture_spec.rb
 - spec/gergich/capture/custom_capture_spec.rb
 - spec/gergich/capture/eslint_capture_spec.rb
 - spec/gergich/capture/flake8_capture_spec.rb
@@ -87,19 +145,18 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.5
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: Command-line tool for adding Gerrit comments
 test_files: []
-has_rdoc: