summaryrefslogtreecommitdiff
path: root/test/handler/test_brakeman_handler.vader
blob: 6a577bebfd5832ebf76bb88e56f94b643326a886 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
Before:
    " Switch to the test rails directory.
    let b:path = getcwd()
    silent! cd /testplugin/test/handler
    cd ../ruby_fixtures/valid_rails_app/app/models

    runtime ale_linters/ruby/brakeman.vim
    call setbufvar(0, 'ruby_brakeman_rails_root_cached', '')

After:
    " Switch back to whatever directory it was that we started on.
    silent! 'cd ' . fnameescape(b:path)
    unlet! b:path

    call ale#linter#Reset()

Execute(The brakeman handler should parse JSON correctly):
  silent file! thing.rb

  AssertEqual
  \  [
  \      {
  \          'lnum': 84,
  \          'text': 'SQL Injection Possible SQL injection (Medium)',
  \          'type': 'W',
  \      },
  \      {
  \          'lnum': 1,
  \          'text': 'Mass Assignment Potentially dangerous attribute available for mass assignment (Weak)',
  \          'type': 'W',
  \      }
  \  ],
  \  ale_linters#ruby#brakeman#Handle(bufnr(''), [
  \  '{',
  \    '"warnings": [',
  \      '{',
  \        '"warning_type": "SQL Injection",',
  \        '"warning_code": 0,',
  \        '"fingerprint": "1234",',
  \        '"check_name": "SQL",',
  \        '"message": "Possible SQL injection",',
  \        '"file": "app/models/thing.rb",',
  \        '"line": 84,',
  \        '"link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",',
  \        '"code": "Thing.connection.execute(params[:data])",',
  \        '"render_path": null,',
  \        '"location": {',
  \          '"type": "method",',
  \          '"class": "Thing",',
  \          '"method": "run_raw_sql_from_internet"',
  \        '},',
  \        '"user_input": "whatever",',
  \        '"confidence": "Medium"',
  \      '},',
  \      '{',
  \        '"warning_type": "Mass Assignment",',
  \        '"warning_code": 60,',
  \        '"fingerprint": "1235",',
  \        '"check_name": "ModelAttrAccessible",',
  \        '"message": "Potentially dangerous attribute available for mass assignment",',
  \        '"file": "app/models/thing.rb",',
  \        '"line": null,',
  \        '"link": "http://brakemanscanner.org/docs/warning_types/mass_assignment/",',
  \        '"code": ":name",',
  \        '"render_path": null,',
  \        '"location": {',
  \          '"type": "model",',
  \          '"model": "Thing"',
  \        '},',
  \        '"user_input": null,',
  \        '"confidence": "Weak"',
  \      '}',
  \    ']',
  \  '}'
  \  ])

Execute(The brakeman handler should parse JSON correctly when there is no output from brakeman):
  AssertEqual
  \ [],
  \ ale_linters#ruby#brakeman#Handle(347, [
  \ ])