Add content for issues

gdiggs · gdiggs · commit c2c51ed40860 · 2015-08-27T11:34:57.000-04:00
diff --git a/lib/cc/engine/bundler_audit.rb b/lib/cc/engine/bundler_audit.rb
@@ -65,6 +65,9 @@ def issue_from_raw(raw_issue)
               begin: line_number,
               end: line_number
             }
+          },
+          content: {
+            body: content_body(raw_issue_hash)
           }
         }
       end
@@ -95,6 +98,12 @@ def remediation_points(current_version, raw_solution)
           500_000_000 # No upgrade of gem possible
         end
       end
+
+      def content_body(raw_issue_hash)
+        %w[Advisory Criticality URL Solution].map do |key|
+          "#{key}: #{raw_issue_hash[key]}"
+        end.join("\n\n")
+      end
     end
   end
 end
diff --git a/spec/cc/engine/bundler_audit_spec.rb b/spec/cc/engine/bundler_audit_spec.rb
@@ -15,6 +15,48 @@ module CC::Engine
           expect(io.string).to match(%{{"type":"warning","description":"No Gemfile.lock file found"}})
         end
       end
+
+      it "emits issues for Gemfile.lock problems" do
+        bundle_audit_output = <<-EOF
+Name: actionpack
+Version: 3.2.10
+Advisory: OSVDB-91452
+Criticality: Medium
+URL: http://www.osvdb.org/show/osvdb/91452
+Title: XSS vulnerability in sanitize_css in Action Pack
+Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
+        EOF
+        result = {
+          type: "Issue",
+          check_name: "Insecure Dependency",
+          description: "XSS vulnerability in sanitize_css in Action Pack",
+          categories: ["Security"],
+          remediation_points: 500000,
+          location: {
+            path: "Gemfile.lock",
+            lines: { begin: nil, end: nil }
+          },
+          content: {
+            body: "Advisory: OSVDB-91452\n\nCriticality: Medium\n\nURL: http://www.osvdb.org/show/osvdb/91452\n\nSolution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13"
+          },
+        }.to_json
+        io = StringIO.new
+        directory = "/c"
+        config = {}
+
+        FakeFS do
+          FileUtils.mkdir_p(directory)
+          FileUtils.touch("/c/Gemfile.lock")
+
+          audit = BundlerAudit.new(directory: directory, io: io, engine_config: config)
+
+          allow(audit).to receive(:`).and_return(bundle_audit_output)
+
+          audit.run
+        end
+
+        expect(io.string).to match("#{result}\0")
+      end
     end
   end
 end
