Skip to content

Commit

Permalink
Spec fixes, rubocop
Browse files Browse the repository at this point in the history
  • Loading branch information
joshuaostrom-cb committed May 18, 2023
1 parent 4ddcc7a commit a9bce16
Show file tree
Hide file tree
Showing 11 changed files with 29 additions and 16 deletions.
5 changes: 3 additions & 2 deletions lib/salus/plugin_manager.rb
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,11 @@ def register_listener(listener)
end

def apply_filter(filter_family, filter_method, *data)
result = data&.first
@@filters[filter_family]&.each do |f|
data = f.__send__(filter_method, *data) if f.respond_to?(filter_method)
result = f.__send__(filter_method, *data) if f.respond_to?(filter_method)
end
data
result
end

def send_event(event_name, *data)
Expand Down
5 changes: 3 additions & 2 deletions lib/salus/report.rb
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ def apply_report_hash_filters(report_hash)
Salus::PluginManager.apply_filter(:salus_report, :filter_report_hash, report_hash)
end

def apply_report_sarif_filters(sarif_json, config)
def apply_report_sarif_filters(sarif_json, config = nil)
Salus::PluginManager.apply_filter(:salus_report, :filter_report_sarif, sarif_json, config)
end

Expand Down Expand Up @@ -210,6 +210,7 @@ def to_sarif(config = {})
sarif_json = JSON.pretty_generate(sorted_sarif)
Sarif::SarifReport.validate_sarif(apply_report_sarif_filters(sarif_json, config))
rescue StandardError => e
puts "Failure in validing SARIF"
bugsnag_notify(e.class.to_s + " " + e.message + "\nBuild Info:" + @builds.to_s)
end

Expand Down Expand Up @@ -410,7 +411,7 @@ def report_body_hash(config, data)
return body_hash unless config['post']['salus_report_param_name']

compress_sarif = config.dig('post', 'salus_report_options', 'gzip-base64')
data = compress(data) if compress_sarif
data = compress(JSON.pretty_generate(data)) if ["true", true].include?(compress_sarif)

body_hash[config['post']['salus_report_param_name']] = data
body_hash
Expand Down
1 change: 1 addition & 0 deletions lib/salus/scanners/brakeman.rb
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ def ignore_list
return [] unless user_supplied_ignore?

return [] unless File.exist?(@config['ignore'])

data = JSON.parse(File.read(@config['ignore']))
return [] unless data.key?('ignored_warnings')

Expand Down
4 changes: 2 additions & 2 deletions lib/sarif/base_sarif.rb
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ def build_runs_object(supported)
def remap_rule_ids(run)
rules = run['tool'][:driver]['rules']
run['results'].each do |r|
r['ruleIndex'] = rules.index { |rule| rule[:id] == r[:ruleId] }
r[:ruleIndex] = rules.index { |rule| rule[:id] == r[:ruleId] }
end
run
end
Expand Down Expand Up @@ -324,4 +324,4 @@ def self.snippet_possibly_in_diff?(snippet, scanner, lines_added)
adapter_cls.snippet_possibly_in_git_diff?(snippet, lines_added)
end
end
end
end
12 changes: 11 additions & 1 deletion spec/fixtures/npm_audit/success_with_exceptions/salus-sarif.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,14 @@ scanner_configs:
advisory_id: "1091018",
changed_by: "joshua.ostrom",
notes: "See https://www.npmjs.com/advisories/48. We're not vulnerable to this because this is a regex dos and we have nothing that puts user input into it. The impact is also minimal.",
}
}
- {
advisory_id: "1091686",
changed_by: "joshua.ostrom",
notes: "WAGMI",
}
- {
advisory_id: "1091710",
changed_by: "joshua.ostrom",
notes: "BTC $26.5K",
}
4 changes: 2 additions & 2 deletions spec/fixtures/sorted_results/sorted_sarif.json
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
"text": "Useless equality test.. Pattern 1 == $X is required but not found."
},
"ruleId": "Required Pattern Not Found",
"ruleIndex": 1
"ruleIndex": 0
},
{
"level": "error",
Expand All @@ -53,7 +53,7 @@
"text": "Syntax error at line /home/spec/fixtures/semgrep/invalid/unparsable_py.py:3:\n `print(\"foo\"` was unexpected"
},
"ruleId": "SAL002",
"ruleIndex": 0
"ruleIndex": 1
}
],
"tool": {
Expand Down
2 changes: 1 addition & 1 deletion spec/lib/sarif/brakeman_sarif_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@

# Check result info
expect(result['ruleId']).to eq('13')
expect(result['ruleIndex']).to eq(0)
expect(result['ruleIndex']).to eq(2)
expect(result['level']).to eq('error')
expect(result['locations'][0]['physicalLocation']['region']['startLine']).to eq(3)
snippet = result['locations'][0]['physicalLocation']['region']['snippet']['text'].to_s
Expand Down
2 changes: 1 addition & 1 deletion spec/lib/sarif/osv/maven_osv_sarif_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ def stub_req_with_valid_response
"severity" => "HIGH"
},
"ruleId" => "CVE-2018-15756",
"ruleIndex" => 5
"ruleIndex" => 0
}
)

Expand Down
2 changes: 1 addition & 1 deletion spec/lib/sarif/pattern_search_sarif_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
expect(results).to include(
{
"ruleId": "Forbidden Pattern Found",
"ruleIndex": 0,
"ruleIndex": 1,
"level": "error",
"message": {
"text": "not important string. Pattern Nerv is forbidden."
Expand Down
2 changes: 1 addition & 1 deletion spec/lib/sarif/semgrep_sarif_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@
expect(result).to include(
{
"ruleId" => "Required Pattern Not Found",
"ruleIndex" => 1,
"ruleIndex" => 0,
"level" => "error",
"message" => {
"text" => "Useless equality test.. Pattern 1 == $X is required but not found."
Expand Down
6 changes: 3 additions & 3 deletions spec/lib/sarif/trufflehog_sarif_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
} }],
"message" => { "text" => "Leaked credential detected" },
"properties" => { "severity" => "high" },
"ruleId" => "FlatIO-PLAIN", "ruleIndex" => 1 }
"ruleId" => "FlatIO-PLAIN", "ruleIndex" => 0 }
expected_vul1 = { "level" => "error",
"locations" => [{ "physicalLocation" => {
"artifactLocation" => { "uri" => "url.txt",
Expand All @@ -40,7 +40,7 @@
} }],
"message" => { "text" => "Leaked credential detected" },
"properties" => { "severity" => "high" },
"ruleId" => "JDBC-PLAIN", "ruleIndex" => 0 }
"ruleId" => "JDBC-PLAIN", "ruleIndex" => 1 }
expected_vul2 = { "level" => "error",
"locations" => [{ "physicalLocation" => {
"artifactLocation" => { "uri" => "url.txt",
Expand All @@ -53,7 +53,7 @@
} }],
"message" => { "text" => "Leaked credential detected" },
"properties" => { "severity" => "high" },
"ruleId" => "JDBC-PLAIN", "ruleIndex" => 0 }
"ruleId" => "JDBC-PLAIN", "ruleIndex" => 1 }
expect(result.size).to eq(3)
[expected_vul0, expected_vul1, expected_vul2].each { |v| expect(result).to include(v) }
end
Expand Down

0 comments on commit a9bce16

Please sign in to comment.