# frozen_string_literal: true require_relative "./make_pr/base" module Neetob class CLI module Github class Brakeman < MakePr::Base DESCRIPTION = "Fix security vulnerabilities reported by brakeman" attr_accessor :repos, :sandbox def initialize(repos, sandbox = false) super() @repos = repos @sandbox = sandbox end def run matching_repos = find_all_matching_apps_or_repos(repos, :github, sandbox) matching_repos.each do |repo| begin ui.info("\nWorking on repo #{repo}") clone_repo_in_tmp_dir(repo) bundle_install!(repo) report = run_brakeman(repo) ui.success("Successfully executed brakeman for #{repo}") warnings = report.split("\n\n== Warnings ==\n\n").last&.split("\n\n") if !report.include?("No warnings found") && !report.blank? issue = client.create_issue(repo, DESCRIPTION, parse_description(warnings)) ui.success("Issue created at #{issue.html_url}") end rescue StandardError => e ExceptionHandler.new(e).process end end `rm -rf /tmp/neetob` end private def run_brakeman(repo) `#{cd_to_repo(repo)} && brakeman` end def parse_description(warnings) warning_descriptions = warnings.map do |warning| code_line = warning.scan(/Code: (.*)\n/).flatten.first warning.gsub!(code_line, "`#{code_line}`") if !code_line.nil? "```bash #{warning} \n```" end warning_descriptions.join("\n") end end end end end