class Pipeline::FindSecurityBugs

Public Class Methods

new(trigger, tracker) click to toggle source
Calls superclass method Pipeline::BaseTask::new
# File lib/pipeline/tasks/findsecbugs.rb, line 14
def initialize(trigger, tracker)
  super(trigger, tracker)
  @name = "FindSecurityBugs"
  @description = "FindSecurityBugs plugin for FindBugs"
  @stage = :code
  @labels << "code"
end

Public Instance Methods

analyze() click to toggle source
# File lib/pipeline/tasks/findsecbugs.rb, line 45
def analyze
  begin
    @results.each do |result|
      description = result.xpath('ShortMessage').text
      bug_type = result.attributes['type'].value
      detail = "Class: #{result.at_xpath('Method').attributes['classname'].value}, Method: #{result.at_xpath('Method').attributes['name'].value}\n#{result.xpath('LongMessage').text}\nhttps://find-sec-bugs.github.io/bugs.htm##{bug_type}"

      file = result.at_xpath('SourceLine').attributes['sourcepath'].value
      trigger_path = Pathname.new(@trigger.path)
      real_path = nil
      trigger_path.find {|path| real_path = path if path.fnmatch "*/#{file}"}
      file = real_path.relative_path_from(trigger_path).to_s unless real_path.nil?

      line = result.at_xpath('SourceLine[@primary="true"]').attributes['start'].value
      code = "#{result.at_xpath('String').attributes['value'].value}"
      source = {:scanner => @name, :file => file, :line => line, :code => code}
      sev = result.attributes['priority'].value
      fprint = fingerprint("#{description}#{detail}#{source}")

      report description, detail, source, sev, fprint
    end
  rescue Exception => e
    Pipeline.warn e.message
    Pipeline.warn e.backtrace
  ensure
    File.unlink @results_file
  end
end
run() click to toggle source
# File lib/pipeline/tasks/findsecbugs.rb, line 22
def run
  @results_file = Tempfile.new(['findsecbugs','xml'])

  unless File.exist?("#{@trigger.path}/.git/config")
    Dir.chdir(@trigger.path) do
      runsystem(true, "git", "init")
      runsystem(true, "git", "add", "*")
      runsystem(true, "git", "commit", "-am", "fake commit for mvn compile")
    end
  end

  directories_with?('pom.xml').each do |dir|
    Dir.chdir(dir) do
      runsystem(true, "mvn", "compile", "-fn")
    end
  end

  Dir.chdir(@tracker.options[:findsecbugs_path]) do
    runsystem(true, "/bin/sh", "#{@tracker.options[:findsecbugs_path]}/findsecbugs.sh", "-effort:max", "-quiet", "-xml:withMessages", "-output", "#{@results_file.path}", "#{@trigger.path}")
    @results = Nokogiri::XML(File.read(@results_file)).xpath '//BugInstance'
  end
end
supported?() click to toggle source
# File lib/pipeline/tasks/findsecbugs.rb, line 74
def supported?
  unless find_executable0('mvn') and File.exist?("#{@trigger.path}/pom.xml")
    Pipeline.notify "FindSecurityBugs support requires maven and pom.xml"
    Pipeline.notify "Please install maven somewhere in your PATH and include a valid pom.xml in the project root"
    return false
  end

  unless @tracker.options.has_key?(:findsecbugs_path) and File.exist?("#{@tracker.options[:findsecbugs_path]}/findsecbugs.sh")
    Pipeline.notify "#{@tracker.options[:findsecbugs_path]}"
    Pipeline.notify "Download and unpack the latest findsecbugs-cli release: https://github.com/find-sec-bugs/find-sec-bugs/releases"
    return false
  else
    return true
  end
end