webcraftmedia/coverage-check-action
Archived
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

refactor test annotations

Browse Source
This commit is contained in:
Miguel Savignano 2019-11-01 22:23:15 +01:00
parent 87c9d43dfb
commit 676c32372f
6 changed files with 219 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/report_adapter.rb
View File

@ -13,7 +13,7 @@ class ReportAdapter
end
def summary(report)
"**Brakeman Report**: \n - #{security_warnings(report)} security warnings\n #{check_table(report)}"
"**Brakeman Report**:\n#{security_warnings(report)} security warnings\n#{check_table(report)}"
end
def annotations(report)
@ -32,11 +32,11 @@ class ReportAdapter
private
def check_table(report)
uniq_checks(report).reduce('') { |memo, check| memo + " - [#{check[:check_name]}](#{check[:link]})" }
uniq_checks(report).reduce('') { |memo, check| memo + "- [#{check[:check_name]}](#{check[:link]})\n" }
end
def uniq_checks(report)
report['warnings'].map { |w| { check_name: w['check_name'], link: w['link'] } }.uniq { |w| w[:checkname] }
report['warnings'].map { |w| { check_name: w['check_name'], link: w['link'] } }.uniq { |w| w[:check_name] }
end
def security_warnings(report)

34
spec/fixtures/annotations.json vendored Normal file
View File

@ -0,0 +1,34 @@
[
{
"path": "app/controllers/posts_controller.rb",
"start_line": 29,
"end_line": 29,
"annotation_level": "warning",
"title": "High - Evaluation",
"message": "User input in eval"
},
{
"path": "app/controllers/posts_controller.rb",
"start_line": 18,
"end_line": 18,
"annotation_level": "warning",
"title": "High - MassAssignment",
"message": "Parameters should be whitelisted for mass assignment"
},
{
"path": "app/controllers/posts_controller.rb",
"start_line": 19,
"end_line": 19,
"annotation_level": "warning",
"title": "High - MassAssignment",
"message": "Parameters should be whitelisted for mass assignment"
},
{
"path": "app/controllers/posts_controller.rb",
"start_line": 13,
"end_line": 13,
"annotation_level": "warning",
"title": "Medium - SQL",
"message": "Possible SQL injection"
}
]

170
spec/fixtures/report.json vendored Normal file
View File

@ -0,0 +1,170 @@
{
"scan_info": {
"app_path": "/home/masx/developer/dockerize-rails",
"rails_version": "5.2.2",
"security_warnings": 4,
"start_time": "2019-11-01 22:07:50 +0100",
"end_time": "2019-11-01 22:07:50 +0100",
"duration": 0.166390277,
"checks_performed": [
"BasicAuth",
"BasicAuthTimingAttack",
"ContentTag",
"CookieSerialization",
"CreateWith",
"CrossSiteScripting",
"DefaultRoutes",
"Deserialize",
"DetailedExceptions",
"DigestDoS",
"DynamicFinders",
"EscapeFunction",
"Evaluation",
"Execute",
"FileAccess",
"FileDisclosure",
"FilterSkipping",
"ForgerySetting",
"HeaderDoS",
"I18nXSS",
"JRubyXML",
"JSONEncoding",
"JSONParsing",
"LinkTo",
"LinkToHref",
"MailTo",
"MassAssignment",
"MimeTypeDoS",
"ModelAttrAccessible",
"ModelAttributes",
"ModelSerialize",
"NestedAttributes",
"NestedAttributesBypass",
"NumberToCurrency",
"PermitAttributes",
"QuoteTableName",
"Redirect",
"RegexDoS",
"Render",
"RenderDoS",
"RenderInline",
"ResponseSplitting",
"RouteDoS",
"SQL",
"SQLCVEs",
"SSLVerify",
"SafeBufferManipulation",
"SanitizeMethods",
"SelectTag",
"SelectVulnerability",
"Send",
"SendFile",
"SessionManipulation",
"SessionSettings",
"SimpleFormat",
"SingleQuotes",
"SkipBeforeFilter",
"SprocketsPathTraversal",
"StripTags",
"SymbolDoSCVE",
"TranslateBug",
"UnsafeReflection",
"ValidationRegex",
"WithoutProtection",
"XMLDoS",
"YAMLParsing"
],
"number_of_controllers": 2,
"number_of_models": 2,
"number_of_templates": 7,
"ruby_version": "2.6.3",
"brakeman_version": "4.7.1"
},
"warnings": [
{
"warning_type": "Dangerous Eval",
"warning_code": 13,
"fingerprint": "490f917262d1384df60e24097536f6c9039e5f5ba11fe11bf0981109cd286fc5",
"check_name": "Evaluation",
"message": "User input in eval",
"file": "app/controllers/posts_controller.rb",
"line": 29,
"link": "https://brakemanscanner.org/docs/warning_types/dangerous_eval/",
"code": "eval(params)",
"render_path": null,
"location": {
"type": "method",
"class": "PostsController",
"method": "create"
},
"user_input": "params",
"confidence": "High"
},
{
"warning_type": "Mass Assignment",
"warning_code": 70,
"fingerprint": "5b486a498b14e1a12361c50863e2770c966799c9d5c6b6b9ab9bd8797c28a986",
"check_name": "MassAssignment",
"message": "Parameters should be whitelisted for mass assignment",
"file": "app/controllers/posts_controller.rb",
"line": 18,
"link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
"code": "params.permit!",
"render_path": null,
"location": {
"type": "method",
"class": "PostsController",
"method": "new"
},
"user_input": null,
"confidence": "High"
},
{
"warning_type": "Mass Assignment",
"warning_code": 70,
"fingerprint": "5b486a498b14e1a12361c50863e2770c966799c9d5c6b6b9ab9bd8797c28a986",
"check_name": "MassAssignment",
"message": "Parameters should be whitelisted for mass assignment",
"file": "app/controllers/posts_controller.rb",
"line": 19,
"link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
"code": "params.permit!",
"render_path": null,
"location": {
"type": "method",
"class": "PostsController",
"method": "new"
},
"user_input": null,
"confidence": "High"
},
{
"warning_type": "SQL Injection",
"warning_code": 0,
"fingerprint": "6e457f0a360661641a71555352f13a7cb2d983916b936007fce4e3826b837402",
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/controllers/posts_controller.rb",
"line": 13,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "User.where(\"#{params[:query]}\")",
"render_path": null,
"location": {
"type": "method",
"class": "PostsController",
"method": "show"
},
"user_input": "params[:query]",
"confidence": "Medium"
}
],
"ignored_warnings": [
],
"errors": [
],
"obsolete": [
]
}

5
spec/fixtures/summary.md vendored Normal file
View File

@ -0,0 +1,5 @@
**Brakeman Report**:
4 security warnings
- [Evaluation](https://brakemanscanner.org/docs/warning_types/dangerous_eval/)
- [MassAssignment](https://brakemanscanner.org/docs/warning_types/mass_assignment/)
- [SQL](https://brakemanscanner.org/docs/warning_types/sql_injection/)

2
spec/github_check_run_service_spec.rb
View File

@ -3,7 +3,7 @@
require './spec/spec_helper'
describe GithubCheckRunService do
let(:brakeman_report) { JSON(File.read('./spec/fixtures/input.json')) }
let(:brakeman_report) { JSON(File.read('./spec/fixtures/report.json')) }
let(:github_data) { { sha: 'sha', token: 'token', owner: 'owner', repo: 'repository_name' } }
let(:service) { GithubCheckRunService.new(brakeman_report, github_data, ReportAdapter) }

15
spec/report_adapter_spec.rb
View File

@ -4,7 +4,11 @@ require './spec/spec_helper'
describe ReportAdapter do
let(:brakeman_report) do
JSON(File.read('./spec/fixtures/input.json'))
JSON(File.read('./spec/fixtures/report.json'))
end
let(:spec_annotations) do
JSON(File.read('./spec/fixtures/annotations.json'))
end
let(:adapter) { ReportAdapter }
@ -21,13 +25,6 @@ describe ReportAdapter do
it '.annotations' do
result = adapter.annotations(brakeman_report)
expect(result).to eq([{
'path' => 'app/controllers/posts_controller.rb',
'start_line' => 17,
'annotation_level' => 'warning',
'end_line' => 17,
'title' => 'High - MassAssignment',
'message' => 'Parameters should be whitelisted for mass assignment'
}])
expect(result).to eq(spec_annotations)
end
end