test/handler/test_brakeman_handler.vader


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

Before:
  call ale#test#SetDirectory('/testplugin/test/handler')

  runtime ale_linters/ruby/brakeman.vim

After:
  call ale#test#RestoreDirectory()
  call ale#linter#Reset()

Execute(The brakeman handler should parse JSON correctly):
  call ale#test#SetFilename('../test-files/ruby/valid_rails_app/app/models/thing.rb')

  AssertEqual
  \  [
  \      {
  \          'filename': expand('%:p'),
  \          'lnum': 84,
  \          'text': 'SQL Injection Possible SQL injection (Medium)',
  \          'type': 'W',
  \      },
  \      {
  \          'filename': expand('%:p'),
  \          'lnum': 1,
  \          'text': 'Mass Assignment Potentially dangerous attribute available for mass assignment (Weak)',
  \          'type': 'W',
  \      }
  \  ],
  \  ale_linters#ruby#brakeman#Handle(bufnr(''), [
  \  '{',
  \    '"warnings": [',
  \      '{',
  \        '"warning_type": "SQL Injection",',
  \        '"warning_code": 0,',
  \        '"fingerprint": "1234",',
  \        '"check_name": "SQL",',
  \        '"message": "Possible SQL injection",',
  \        '"file": "' . substitute(ale#path#Simplify('app/models/thing.rb'), '\\', '\\\\', 'g') . '",',
  \        '"line": 84,',
  \        '"link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",',
  \        '"code": "Thing.connection.execute(params[:data])",',
  \        '"render_path": null,',
  \        '"location": {',
  \          '"type": "method",',
  \          '"class": "Thing",',
  \          '"method": "run_raw_sql_from_internet"',
  \        '},',
  \        '"user_input": "whatever",',
  \        '"confidence": "Medium"',
  \      '},',
  \      '{',
  \        '"warning_type": "Mass Assignment",',
  \        '"warning_code": 60,',
  \        '"fingerprint": "1235",',
  \        '"check_name": "ModelAttrAccessible",',
  \        '"message": "Potentially dangerous attribute available for mass assignment",',
  \        '"file": "' .  substitute(ale#path#Simplify('app/models/thing.rb'), '\\', '\\\\', 'g') . '",',
  \        '"line": null,',
  \        '"link": "http://brakemanscanner.org/docs/warning_types/mass_assignment/",',
  \        '"code": ":name",',
  \        '"render_path": null,',
  \        '"location": {',
  \          '"type": "model",',
  \          '"model": "Thing"',
  \        '},',
  \        '"user_input": null,',
  \        '"confidence": "Weak"',
  \      '}',
  \    ']',
  \  '}'
  \  ])

Execute(The brakeman handler should parse JSON correctly when there is no output from brakeman):
  AssertEqual
  \ [],
  \ ale_linters#ruby#brakeman#Handle(347, [
  \ ])

Execute(The brakeman handler should handle garbage output):
  AssertEqual
  \ [],
  \ ale_linters#ruby#brakeman#Handle(347, [
  \   'No such command in 2.4.1 of ruby',
  \ ])