Merge pull request #6 from codeclimate/gd-content

gdiggs · gdiggs · commit 0f8e0fa75f3d · 2015-08-27T11:58:36.000-04:00
Add content for issues
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -0,0 +1,41 @@
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/LineLength:
+  Enabled: false
+
+Rails/TimeZone:
+  Enabled: false
+
+SignalException:
+  Enabled: false
+
+Style/StringLiterals:
+  Enabled: false
+
+Style/Documentation:
+  Enabled: false
+
+Style/TrailingComma:
+  Enabled: false
+
+Style/ClassAndModuleChildren:
+  Exclude:
+    - 'spec/**/*'
+
+Style/IfUnlessModifier:
+  Enabled: false
+
+Style/DotPosition:
+  Enabled: false
+
+Style/GuardClause:
+  Enabled: false
+
+Style/StringLiteralsInInterpolation:
+  Enabled: false
+
+Style/PercentLiteralDelimiters:
+  PreferredDelimiters:
+    '%w': []
+    '%W': []
diff --git a/lib/cc/engine/bundler_audit.rb b/lib/cc/engine/bundler_audit.rb
@@ -65,6 +65,9 @@ def issue_from_raw(raw_issue)
               begin: line_number,
               end: line_number
             }
+          },
+          content: {
+            body: content_body(raw_issue_hash)
           }
         }
       end
@@ -95,6 +98,12 @@ def remediation_points(current_version, raw_solution)
           500_000_000 # No upgrade of gem possible
         end
       end
+
+      def content_body(raw_issue_hash)
+        %w[Advisory Criticality URL Solution].map do |key|
+          "**#{key}**: #{raw_issue_hash[key]}"
+        end.join("\n\n")
+      end
     end
   end
 end
diff --git a/spec/cc/engine/bundler_audit_spec.rb b/spec/cc/engine/bundler_audit_spec.rb
@@ -15,6 +15,48 @@ module CC::Engine
           expect(io.string).to match(%{{"type":"warning","description":"No Gemfile.lock file found"}})
         end
       end
+
+      it "emits issues for Gemfile.lock problems" do
+        bundle_audit_output = <<-EOF
+Name: actionpack
+Version: 3.2.10
+Advisory: OSVDB-91452
+Criticality: Medium
+URL: http://www.osvdb.org/show/osvdb/91452
+Title: XSS vulnerability in sanitize_css in Action Pack
+Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
+        EOF
+        result = {
+          type: "Issue",
+          check_name: "Insecure Dependency",
+          description: "XSS vulnerability in sanitize_css in Action Pack",
+          categories: ["Security"],
+          remediation_points: 500_000,
+          location: {
+            path: "Gemfile.lock",
+            lines: { begin: nil, end: nil }
+          },
+          content: {
+            body: "**Advisory**: OSVDB-91452\n\n**Criticality**: Medium\n\n**URL**: http://www.osvdb.org/show/osvdb/91452\n\n**Solution**: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13"
+          },
+        }.to_json
+        io = StringIO.new
+        directory = "/c"
+        config = {}
+
+        FakeFS do
+          FileUtils.mkdir_p(directory)
+          FileUtils.touch("/c/Gemfile.lock")
+
+          audit = BundlerAudit.new(directory: directory, io: io, engine_config: config)
+
+          allow(audit).to receive(:`).and_return(bundle_audit_output)
+
+          audit.run
+        end
+
+        expect(io.string).to match("#{result}\0")
+      end
     end
   end
 end
