Merge pull request #11 from codeclimate/gd-severity

gdiggs · gdiggs · commit 7e20f8c937f3 · 2016-01-20T12:48:39.000-05:00
Add severity to issue output
diff --git a/lib/cc/engine/bundler_audit.rb b/lib/cc/engine/bundler_audit.rb
@@ -5,6 +5,11 @@ module CC
   module Engine
     class BundlerAudit
       GemfileLockNotFound = Class.new(StandardError)
+      SEVERITIES = {
+        "High" => "critical",
+        "Low" => "info",
+        "Medium" => "normal",
+      }
 
       def initialize(directory: , io: , engine_config: )
         @directory = directory
@@ -50,23 +55,24 @@ def issue_from_raw(raw_issue)
           end
         end
         {
-          type: 'Issue',
+          categories: ['Security'],
           check_name: "Insecure Dependency",
+          content: {
+            body: content_body(raw_issue_hash)
+          },
           description: raw_issue_hash['Title'],
-          categories: ['Security'],
-          remediation_points: remediation_points(
-            raw_issue_hash['Version'], raw_issue_hash['Solution']
-          ),
           location: {
             path: 'Gemfile.lock',
             lines: {
               begin: line_number,
               end: line_number
             }
           },
-          content: {
-            body: content_body(raw_issue_hash)
-          }
+          remediation_points: remediation_points(
+            raw_issue_hash['Version'], raw_issue_hash['Solution']
+          ),
+          severity: SEVERITIES[raw_issue_hash["Criticality"]],
+          type: 'Issue',
         }
       end
 
diff --git a/spec/cc/engine/bundler_audit_spec.rb b/spec/cc/engine/bundler_audit_spec.rb
@@ -26,18 +26,19 @@ module CC::Engine
 Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
         EOF
         result = {
-          type: "Issue",
+          categories: ["Security"],
           check_name: "Insecure Dependency",
+          content: {
+            body: "**Advisory**: OSVDB-91452\n\n**Criticality**: Medium\n\n**URL**: http://www.osvdb.org/show/osvdb/91452\n\n**Solution**: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13"
+          },
           description: "XSS vulnerability in sanitize_css in Action Pack",
-          categories: ["Security"],
-          remediation_points: 500_000,
           location: {
             path: "Gemfile.lock",
             lines: { begin: nil, end: nil }
           },
-          content: {
-            body: "**Advisory**: OSVDB-91452\n\n**Criticality**: Medium\n\n**URL**: http://www.osvdb.org/show/osvdb/91452\n\n**Solution**: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13"
-          },
+          remediation_points: 500_000,
+          severity: "normal",
+          type: "Issue",
         }.to_json
         io = StringIO.new
         directory = "/c"
@@ -54,7 +55,7 @@ module CC::Engine
           audit.run
         end
 
-        expect(io.string).to match("#{result}\0")
+        expect(io.string).to eq("#{result}\0")
       end
     end
   end
