From 7c56148223e4a5b3f9e3039894ac45a6018cbe4d Mon Sep 17 00:00:00 2001 From: Matheus Alcantara Date: Thu, 10 Mar 2022 09:21:40 -0300 Subject: [PATCH] formatters:chore - normalize not found files warn message Previously the warning messages of files that was not found to execute an analysis was different between formatters, and also the prefix {HORUSEC_CLI} was being added on the middle of the message and not the start. This commit normalize these messages to have the same content for all formatters and the {HORUSEC_CLI} prefix was fixed by adding on the start of the message like all other log messages. A strings.ReplaceAll was also added to remove the `;` suffix on these warning messages since the commit 345c7487 change these messages from errors to warnings ( strings.ReplaceAll already exists to remove `;`from error messages). The warn message of gemfile.lock file not found was removed since it was not being used by any formatter. Signed-off-by: Matheus Alcantara --- internal/controllers/analyzer/analyzer.go | 5 ++--- internal/helpers/messages/error.go | 22 ++++++------------- .../formatters/go/gosec/formatter_test.go | 2 +- .../javascript/npmaudit/formatter.go | 2 +- internal/services/formatters/service.go | 4 ++-- internal/services/formatters/service_test.go | 2 +- 6 files changed, 14 insertions(+), 23 deletions(-) diff --git a/internal/controllers/analyzer/analyzer.go b/internal/controllers/analyzer/analyzer.go index 2ef7291c5..f1998134f 100644 --- a/internal/controllers/analyzer/analyzer.go +++ b/internal/controllers/analyzer/analyzer.go @@ -438,7 +438,7 @@ func (a *Analyzer) removeWarningsFromErrors() { for _, err := range strings.SplitAfter(a.analysis.Errors, ";") { if a.isWarning(err) { - a.analysis.AddWarning(err) + a.analysis.AddWarning(strings.ReplaceAll(err, ";", "")) } else { errors += err } @@ -449,9 +449,8 @@ func (a *Analyzer) removeWarningsFromErrors() { // isWarning workaround to check if the message it's form a warning until the formatters are refactored func (a *Analyzer) isWarning(err string) bool { - return strings.Contains(err, messages.MsgErrorPacketJSONNotFound) || + return strings.Contains(err, messages.MsgErrorPackageLockJSONNotFound) || strings.Contains(err, messages.MsgErrorYarnLockNotFound) || - strings.Contains(err, messages.MsgErrorGemLockNotFound) || strings.Contains(err, messages.MsgErrorNotFoundRequirementsTxt) || strings.Contains(err, messages.MsgWarnPathIsInvalidGitRepository) } diff --git a/internal/helpers/messages/error.go b/internal/helpers/messages/error.go index 1972a175d..386c42750 100644 --- a/internal/helpers/messages/error.go +++ b/internal/helpers/messages/error.go @@ -26,21 +26,13 @@ const ( MsgVulnerabilityTypeToShowInvalid = "{HORUSEC_CLI} Error on validate vulnerability type is wrong type: " MsgErrorRunToolInDocker = "{HORUSEC_CLI} Error to execute tool %s | analysisID -> %s | output -> %s" MsgErrorInvalidWorkDir = "{HORUSEC_CLI} Workdir is nil! Check the configuration and try again" - MsgErrorParseStringToToolsConfig = "{HORUSEC_CLI} Error when try parse tools config string to entity. " + - "Returning default values" - MsgErrorNotFoundRequirementsTxt = "{HORUSEC_CLI} Error The file requirements.txt not found in python project to " + - "start analysis. It would be a good idea to commit it so horusec can check for vulnerabilities" - MsgErrorPacketJSONNotFound = "{HORUSEC_CLI} Error It looks like your project doesn't have a package-lock.json " + - "file. If you use NPM to handle your dependencies, it would be a good idea to commit it so horusec can check " + - "for vulnerabilities" - MsgErrorYarnLockNotFound = "{HORUSEC_CLI} Error It looks like your project doesn't have a yarn.lock file. " + - "If you use Yarn to handle your dependencies, it would be a good idea to commit it so horusec " + - "can check for vulnerabilities" - MsgErrorYarnProcess = "{HORUSEC_CLI} Error Yarn returned an error: " - MsgErrorGemLockNotFound = "{HORUSEC_CLI} Error It looks like your project doesn't have a gemfile.lock file, " + - "it would be a good idea to commit it so horusec can check for vulnerabilities" - MsgErrorGetFilenameByExt = "Could not get filename by extension: " - MsgErrorNancyRateLimit = `{HORUSEC_CLI} Nancy tool failed to query the GitHub API for updates. + MsgErrorParseStringToToolsConfig = "{HORUSEC_CLI} Error when try parse tools config string to entity. Returning default values" + MsgErrorNotFoundRequirementsTxt = "file requirements.txt was not found in your Python project. It would be a good idea to commit it so Horusec can check for vulnerabilities" + MsgErrorPackageLockJSONNotFound = "file package-lock.json was not found in your Javascript project. If you use NPM to handle your dependencies, it would be a good idea to commit it so Horusec can check for vulnerabilities" + MsgErrorYarnLockNotFound = "file yarn.lock file was not found in your Javascript project. If you use Yarn to handle your dependencies, it would be a good idea to commit it so Horusec can check for vulnerabilities" + MsgErrorYarnProcess = "{HORUSEC_CLI} Yarn returned an error: " + MsgErrorGetFilenameByExt = "Could not get filename by extension: " + MsgErrorNancyRateLimit = `{HORUSEC_CLI} Nancy tool failed to query the GitHub API for updates. This is most likely due to GitHub rate-limiting on unauthenticated requests. To make authenticated requests please: 1. Generate a token at https://github.com/settings/tokens diff --git a/internal/services/formatters/go/gosec/formatter_test.go b/internal/services/formatters/go/gosec/formatter_test.go index a701f113d..e4ea28a17 100644 --- a/internal/services/formatters/go/gosec/formatter_test.go +++ b/internal/services/formatters/go/gosec/formatter_test.go @@ -76,7 +76,7 @@ func TestGosecStartAnalysis(t *testing.T) { gosec.StartAnalysis("") assert.True(t, entity.HasErrors(), "Expected errors for analysis") - assert.Equal(t, "Error while running tool GoSec: some error", entity.Errors) + assert.Equal(t, "{HORUSEC_CLI} Error while running tool GoSec: some error", entity.Errors) }) t.Run("Should run analysis and return error for an invalid output", func(t *testing.T) { diff --git a/internal/services/formatters/javascript/npmaudit/formatter.go b/internal/services/formatters/javascript/npmaudit/formatter.go index 6f68d974a..34140c9e3 100644 --- a/internal/services/formatters/javascript/npmaudit/formatter.go +++ b/internal/services/formatters/javascript/npmaudit/formatter.go @@ -93,7 +93,7 @@ func (f *Formatter) parseOutput(containerOutput, projectSubPath string) error { func (f *Formatter) IsNotFoundError(containerOutput string) error { if strings.Contains(containerOutput, "ERROR_PACKAGE_LOCK_NOT_FOUND") { - return errors.New(messages.MsgErrorPacketJSONNotFound) + return errors.New(messages.MsgErrorPackageLockJSONNotFound) } return nil diff --git a/internal/services/formatters/service.go b/internal/services/formatters/service.go index e59f3edaa..0b8c453b3 100644 --- a/internal/services/formatters/service.go +++ b/internal/services/formatters/service.go @@ -126,9 +126,9 @@ func (s *Service) addAnalysisError(tool tools.Tool, err error) { if err != nil { buf := bytes.NewBufferString("") if len(s.analysis.Errors) > 0 { - fmt.Fprintf(buf, "; ") + fmt.Fprintf(buf, ";") } - fmt.Fprintf(buf, "Error while running tool %s: %v", tool, err) + fmt.Fprintf(buf, "{HORUSEC_CLI} Error while running tool %s: %v", tool, err) s.analysis.Errors += buf.String() } } diff --git a/internal/services/formatters/service_test.go b/internal/services/formatters/service_test.go index 72992bb9e..fd1d19609 100644 --- a/internal/services/formatters/service_test.go +++ b/internal/services/formatters/service_test.go @@ -108,7 +108,7 @@ func TestSetAnalysisError(t *testing.T) { svc.SetAnalysisError(errors.New("some error"), tools.HorusecEngine, "testing", "") svc.SetAnalysisError(errors.New("other error"), tools.HorusecEngine, "testing 2", "") - expectedErrors := "Error while running tool HorusecEngine: some error; Error while running tool HorusecEngine: other error" + expectedErrors := "{HORUSEC_CLI} Error while running tool HorusecEngine: some error;{HORUSEC_CLI} Error while running tool HorusecEngine: other error" assert.Equal(t, expectedErrors, analysis.Errors) }