adapter for brakeman

.dockerignore

@@ -0,0 +1,5 @@
+spec
+Gemfile
+Gemfile.lock
+LICENSE
+README.md

Dockerfile

@@ -1,18 +1,15 @@
 FROM ruby:2.6.5-alpine
 
-RUN apk add --update build-base git
-
-LABEL "com.github.actions.name"="Rubocop Linter"
-LABEL "com.github.actions.description"="A GitHub Action that lints your Ruby code with Rubocop!"
+LABEL "com.github.actions.name"="Brakeman linter"
+LABEL "com.github.actions.description"="A GitHub Action that lints your Ruby code with Brakeman!"
 LABEL "com.github.actions.icon"="code"
 LABEL "com.github.actions.color"="red"
-
-LABEL "repository"="https://github.com/andrewmcodes/rubocop-linter-action"
-LABEL "maintainer"="Andrew Mason <[email protected]>"
+LABEL "repository"="https://github.com/devmasx/brakeman-linter-action"
+LABEL "maintainer"="Miguel Savignano <[email protected]>"
 LABEL "version"="1.0.0"
 
+RUN gem install brakeman
 
 COPY lib /action/lib
-RUN gem install bundler
 
-ENTRYPOINT ["/action/lib/entrypoint.sh"]
+CMD ["ruby", "/action/lib/index.rb"]

lib/action.json

@@ -1,8 +1,8 @@
 {
   "repository": {
     "owner": {
-      "login": "andrewmcodes"
-    }
-    ,"name": "rubocop-linter"
+      "login": "devmasx"
+    },
+    "name": "brakeman-linter"
   }
 }

lib/github_check_run_service.rb

@@ -7,7 +7,7 @@ def initialize(report, github_data, report_adapter)
     @report = report
     @github_data = github_data
     @report_adapter = report_adapter
-    @client = GithubClient.new(@github_data[:token], user_agent: 'rubocop-action')
+    @client = GithubClient.new(@github_data[:token], user_agent: 'brakeman-action')
   end
 
   def run

lib/index.rb

@@ -23,7 +23,7 @@ def read_json(path)
   if ENV['REPORT_PATH']
     read_json(ENV['REPORT_PATH'])
   else
-    Dir.chdir(ENV['GITHUB_WORKSPACE']) { JSON.parse(`rubocop -f json`) }
+    Dir.chdir(ENV['GITHUB_WORKSPACE']) { JSON.parse(`brakeman -f json`) }
   end
 
 GithubCheckRunService.new(@report, @github_data, ReportAdapter).run

lib/report_adapter.rb

@@ -1,54 +1,38 @@
 # frozen_string_literal: true
 
+# https://developer.github.com/v3/checks/runs/#output-object
 class ReportAdapter
   class << self
     CONCLUSION_TYPES = { failure: 'failure', success: 'success' }.freeze
-    ANNOTATION_LEVELS = {
-      'refactor' => 'failure',
-      'convention' => 'failure',
-      'warning' => 'warning',
-      'error' => 'failure',
-      'fatal' => 'failure'
-    }.freeze
+    ANNOTATION_LEVEL = { notice: 'notice', warning: 'warning', failure: 'failure' }.freeze
 
     def conslusion(report)
-      return CONCLUSION_TYPES[:failure] if total_offenses(report).positive?
+      return CONCLUSION_TYPES[:failure] if security_warnings(report).positive?
 
       CONCLUSION_TYPES[:success]
     end
 
     def summary(report)
-      "#{total_offenses(report)} offense(s) found"
+      "**Brakeman Report**: \n - #{security_warnings(report)} security warnings"
     end
 
     def annotations(report)
-      annotation_list = []
-      count = 0
-      report['files'].each do |file|
-        file['offenses'].each do |offense|
-          count += 1
-          return annotation_list if count == 48
-
-          location = offense['location']
-          annotation_list.push(
-            'path' => file['path'],
-            'start_line' => location['start_line'],
-            'end_line' => location['last_line'],
-            'annotation_level' => annotation_level(offense['severity']),
-            'message' => offense['message']
-          )
-        end
+      report['warnings'].map do |error|
+        {
+          'path' => error['file'],
+          'start_line' => error['line'],
+          'end_line' => error['line'],
+          'annotation_level' => ANNOTATION_LEVEL[:warning],
+          'title' => "#{error['confidence']} - #{error['check_name']}",
+          'message' => error['message']
+        }
       end
     end
 
     private
 
-    def annotation_level(severity)
-      ANNOTATION_LEVELS[severity]
-    end
-
-    def total_offenses(report)
-      report.dig('summary', 'offense_count')
+    def security_warnings(report)
+      report['scan_info']['security_warnings']
     end
   end
 end

spec/fixtures/event.json

@@ -0,0 +1,171 @@
+{
+  "after": "6668752dba6d4f1b1e72e88f7355889cc039176c",
+  "base_ref": null,
+  "before": "64bf02a0916fab1a4f5e91a7cd44068302cd31f7",
+  "commits": [
+    {
+      "author": {
+        "email": "[email protected]",
+        "name": "Miguel Savignano",
+        "username": "MiguelSavignano"
+      },
+      "committer": {
+        "email": "[email protected]",
+        "name": "Miguel Savignano",
+        "username": "MiguelSavignano"
+      },
+      "distinct": true,
+      "id": "6668752dba6d4f1b1e72e88f7355889cc039176c",
+      "message": ".",
+      "timestamp": "2019-10-24T01:13:19+02:00",
+      "tree_id": "b99d954a0de55070aec5999d530dd7438210f594",
+      "url": "https://github.com/MiguelSavignano/dockerize-rails/commit/6668752dba6d4f1b1e72e88f7355889cc039176c"
+    }
+  ],
+  "compare": "https://github.com/MiguelSavignano/dockerize-rails/compare/64bf02a0916f...6668752dba6d",
+  "created": false,
+  "deleted": false,
+  "forced": false,
+  "head_commit": {
+    "author": {
+      "email": "[email protected]",
+      "name": "Miguel Savignano",
+      "username": "MiguelSavignano"
+    },
+    "committer": {
+      "email": "[email protected]",
+      "name": "Miguel Savignano",
+      "username": "MiguelSavignano"
+    },
+    "distinct": true,
+    "id": "6668752dba6d4f1b1e72e88f7355889cc039176c",
+    "message": ".",
+    "timestamp": "2019-10-24T01:13:19+02:00",
+    "tree_id": "b99d954a0de55070aec5999d530dd7438210f594",
+    "url": "https://github.com/MiguelSavignano/dockerize-rails/commit/6668752dba6d4f1b1e72e88f7355889cc039176c"
+  },
+  "pusher": {
+    "email": "[email protected]",
+    "name": "MiguelSavignano"
+  },
+  "ref": "refs/heads/test-brakeman-errros",
+  "repository": {
+    "archive_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/{archive_format}{/ref}",
+    "archived": false,
+    "assignees_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/assignees{/user}",
+    "blobs_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/git/blobs{/sha}",
+    "branches_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/branches{/branch}",
+    "clone_url": "https://github.com/MiguelSavignano/dockerize-rails.git",
+    "collaborators_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/collaborators{/collaborator}",
+    "comments_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/comments{/number}",
+    "commits_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/commits{/sha}",
+    "compare_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/compare/{base}...{head}",
+    "contents_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/contents/{+path}",
+    "contributors_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/contributors",
+    "created_at": 1546466490,
+    "default_branch": "master",
+    "deployments_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/deployments",
+    "description": "Example rails with docker, docker-compose and minikube. Use worker with sidekiq and nginx web server.",
+    "disabled": false,
+    "downloads_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/downloads",
+    "events_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/events",
+    "fork": false,
+    "forks": 1,
+    "forks_count": 1,
+    "forks_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/forks",
+    "full_name": "MiguelSavignano/dockerize-rails",
+    "git_commits_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/git/commits{/sha}",
+    "git_refs_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/git/refs{/sha}",
+    "git_tags_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/git/tags{/sha}",
+    "git_url": "git://github.com/MiguelSavignano/dockerize-rails.git",
+    "has_downloads": true,
+    "has_issues": true,
+    "has_pages": false,
+    "has_projects": true,
+    "has_wiki": true,
+    "homepage": null,
+    "hooks_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/hooks",
+    "html_url": "https://github.com/MiguelSavignano/dockerize-rails",
+    "id": 163894157,
+    "issue_comment_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/issues/comments{/number}",
+    "issue_events_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/issues/events{/number}",
+    "issues_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/issues{/number}",
+    "keys_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/keys{/key_id}",
+    "labels_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/labels{/name}",
+    "language": "Ruby",
+    "languages_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/languages",
+    "license": null,
+    "master_branch": "master",
+    "merges_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/merges",
+    "milestones_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/milestones{/number}",
+    "mirror_url": null,
+    "name": "dockerize-rails",
+    "node_id": "MDEwOlJlcG9zaXRvcnkxNjM4OTQxNTc=",
+    "notifications_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/notifications{?since,all,participating}",
+    "open_issues": 0,
+    "open_issues_count": 0,
+    "owner": {
+      "avatar_url": "https://avatars3.githubusercontent.com/u/6641863?v=4",
+      "email": "[email protected]",
+      "events_url": "https://api.github.com/users/MiguelSavignano/events{/privacy}",
+      "followers_url": "https://api.github.com/users/MiguelSavignano/followers",
+      "following_url": "https://api.github.com/users/MiguelSavignano/following{/other_user}",
+      "gists_url": "https://api.github.com/users/MiguelSavignano/gists{/gist_id}",
+      "gravatar_id": "",
+      "html_url": "https://github.com/MiguelSavignano",
+      "id": 6641863,
+      "login": "MiguelSavignano",
+      "name": "MiguelSavignano",
+      "node_id": "MDQ6VXNlcjY2NDE4NjM=",
+      "organizations_url": "https://api.github.com/users/MiguelSavignano/orgs",
+      "received_events_url": "https://api.github.com/users/MiguelSavignano/received_events",
+      "repos_url": "https://api.github.com/users/MiguelSavignano/repos",
+      "site_admin": false,
+      "starred_url": "https://api.github.com/users/MiguelSavignano/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/MiguelSavignano/subscriptions",
+      "type": "User",
+      "url": "https://api.github.com/users/MiguelSavignano"
+    },
+    "private": false,
+
+    "pulls_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/pulls{/number}",
+    "pushed_at": 1571872407,
+    "releases_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/releases{/id}",
+    "size": 249,
+    "ssh_url": "[email protected]:MiguelSavignano/dockerize-rails.git",
+    "stargazers": 1,
+    "stargazers_count": 1,
+    "stargazers_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/stargazers",
+    "statuses_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/statuses/{sha}",
+    "subscribers_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/subscribers",
+    "subscription_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/subscription",
+    "svn_url": "https://github.com/MiguelSavignano/dockerize-rails",
+    "tags_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/tags",
+    "teams_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/teams",
+    "trees_url": "https://api.github.com/repos/MiguelSavignano/dockerize-rails/git/trees{/sha}",
+    "updated_at": "2019-04-10T17:03:40Z",
+    "url": "https://github.com/MiguelSavignano/dockerize-rails",
+    "watchers": 1,
+    "watchers_count": 1
+  },
+  "sender": {
+    "avatar_url": "https://avatars3.githubusercontent.com/u/6641863?v=4",
+    "events_url": "https://api.github.com/users/MiguelSavignano/events{/privacy}",
+    "followers_url": "https://api.github.com/users/MiguelSavignano/followers",
+    "following_url": "https://api.github.com/users/MiguelSavignano/following{/other_user}",
+    "gists_url": "https://api.github.com/users/MiguelSavignano/gists{/gist_id}",
+    "gravatar_id": "",
+    "html_url": "https://github.com/MiguelSavignano",
+    "id": 6641863,
+    "login": "MiguelSavignano",
+    "node_id": "MDQ6VXNlcjY2NDE4NjM=",
+    "organizations_url": "https://api.github.com/users/MiguelSavignano/orgs",
+    "received_events_url": "https://api.github.com/users/MiguelSavignano/received_events",
+    "repos_url": "https://api.github.com/users/MiguelSavignano/repos",
+    "site_admin": false,
+    "starred_url": "https://api.github.com/users/MiguelSavignano/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/MiguelSavignano/subscriptions",
+    "type": "User",
+    "url": "https://api.github.com/users/MiguelSavignano"
+  }
+}