Skip to content

Commit

Permalink
bundler:fix - correctly parse output error
Browse files Browse the repository at this point in the history
Previously when a project path does not have a Gemfile.lock file, the
Bundler return an error `Could not find "Gemfile.lock"` that was being
interpreted as a vulnerability. This was happening because the commit
rubysec/bundler-audit@021f85f change the error
message from a generic error like "Errno::ENOENT" and "No such file or
directory" to a more detailed error `Could not find "Gemfile.lock"`.

Fixes #919

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
  • Loading branch information
matheusalcantarazup committed Jan 10, 2022
1 parent bcece9c commit b4457f6
Showing 1 changed file with 11 additions and 6 deletions.
17 changes: 11 additions & 6 deletions internal/services/formatters/ruby/bundler/formatter.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,12 @@ import (
vulnhash "github.com/ZupIT/horusec/internal/utils/vuln_hash"
)

// ErrGemLockNotFound occurs when bundles does not find gemfile.lock.
// ErrGemLockNotFound occurs when project path does not have the Gemfile.lock file.
//
// nolint: lll
var ErrGemLockNotFound = errors.New("project doesn't have a gemfile.lock file, it would be a good idea to commit it so horusec can check for vulnerabilities")
// nolint: stylecheck
// We actually want that this error message be capitalized since the file name that was
// not found is capitalized.
var ErrGemLockNotFound = errors.New("Gemfile.lock file is required to execute Bundler analysis")

type Formatter struct {
formatters.IService
Expand Down Expand Up @@ -80,16 +82,19 @@ func (f *Formatter) startBundlerAudit(projectSubPath string) (string, error) {

func (f *Formatter) getDockerConfig(projectSubPath string) *dockerEntities.AnalysisData {
analysisData := &dockerEntities.AnalysisData{
CMD: f.AddWorkDirInCmd(CMD, file.GetSubPathByExtension(
f.GetConfigProjectPath(), projectSubPath, "Gemfile.lock"), tools.SecurityCodeScan),
CMD: f.AddWorkDirInCmd(
CMD,
file.GetSubPathByExtension(f.GetConfigProjectPath(), projectSubPath, "Gemfile.lock"),
tools.SecurityCodeScan,
),
Language: languages.Ruby,
}

return analysisData.SetImage(f.GetCustomImageByLanguage(languages.Ruby), images.Ruby)
}

func (f *Formatter) verifyGemLockError(output string) error {
if strings.Contains(output, "No such file or directory") && strings.Contains(output, "Errno::ENOENT") {
if strings.Contains(output, `Could not find "Gemfile.lock"`) {
return ErrGemLockNotFound
}

Expand Down

0 comments on commit b4457f6

Please sign in to comment.