Merge pull request #47 from PavelBansky/master

Master

Author: PavelBansky

src/Microsoft.DevSkim/Microsoft.DevSkim.CLI.Tests/AnalyzeTest.cs

@@ -3,10 +3,10 @@
 namespace Microsoft.DevSkim.CLI.Tests
 {
     [TestClass]
-    public class UnitTest1
+    public class AnalyzeTest
     {
         [TestMethod]
-        public void TestMethod1()
+        public void AnalyzeGoodRunTest()
         {
         }
     }

src/Microsoft.DevSkim/Microsoft.DevSkim.CLI/Commands/AnalyzeCommand.cs

@@ -45,6 +45,10 @@ public static void Configure(CommandLineApplication command)
                                               "Ignore rules bundled with DevSkim",
                                               CommandOptionType.NoValue);
 
+            var errorOption = command.Option("-e|--suppress-standard-error",
+                                              "Suppress output to standard error",
+                                              CommandOptionType.NoValue);
+
             command.ExtendedHelpText = "\nOutput format options:\n%F\tfile path\n%L\tstart line number\n" +
                 "%C\tstart column\n%l\tend line number\n%c\tend column\n%I\tlocation inside file\n" +
                 "%i\tmatch length\n%m\tmatch\n%R\trule id\n%N\trule name\n%S\tseverity\n%D\tissue description\n%T\ttags(comma-separated)";
@@ -56,7 +60,8 @@ public static void Configure(CommandLineApplication command)
                                  outputTextFormat.Value(),
                                  severityOption.Values,
                                  rulesOption.Values,
-                                 ignoreOption.HasValue())).Run();                
+                                 ignoreOption.HasValue(),
+                                 errorOption.HasValue())).Run();                
             });
         }
 
@@ -66,7 +71,8 @@ public AnalyzeCommand(string path,
                               string outputTextFormat,
                               List<string> severities,
                               List<string> rules,
-                              bool ignoreDefault)
+                              bool ignoreDefault,
+                              bool suppressError)
         {
             _path = path;            
             _outputFile = output;
@@ -75,10 +81,16 @@ public AnalyzeCommand(string path,
             _severities = severities.ToArray();
             _rulespath = rules.ToArray();
             _ignoreDefaultRules = ignoreDefault;
+            _suppressError = suppressError;
         }
 
         public int Run()
         {
+            if (_suppressError)
+            {
+                Console.SetError(StreamWriter.Null);
+            }
+
             if (!Directory.Exists(_path) && !File.Exists(_path))
             {
                 Console.Error.WriteLine("Error: Not a valid file or directory {0}", _path);
@@ -150,8 +162,19 @@ public int Run()
             int filesAffected = 0;
             int issuesCount = 0;
 
+            // We can pass either a file or a directory; if it's a file, make an IEnumerable out of it.
+            IEnumerable <string> fileListing;
+            if (!Directory.Exists(_path))
+            {
+                fileListing = new List<string>() { _path };
+            }
+            else
+            {
+                fileListing = Directory.EnumerateFiles(_path, "*.*", SearchOption.AllDirectories);
+            }
+
             // Iterate through all files
-            foreach (string filename in Directory.EnumerateFiles(_path, "*.*", SearchOption.AllDirectories))
+            foreach (string filename in fileListing)
             {
                 string language = Language.FromFileName(filename);
 
@@ -244,5 +267,6 @@ private bool ParseSeverity(string severityText, out Severity severity)
         private string[] _rulespath;
         private string[] _severities;
         private bool _ignoreDefaultRules;
+        private bool _suppressError;
     }
 }

src/Microsoft.DevSkim/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj

@@ -9,7 +9,7 @@
     <ApplicationIcon />
     <PackageId>Microsoft.DevSkim.CLI</PackageId>
     <Product>Microsoft DevSkim Command Line Interface</Product>
-    <Version>0.1.8</Version>
+    <Version>0.1.9</Version>
     <Authors>Microsoft</Authors>
     <Company>Microsoft</Company>
     <Copyright>(c) Microsoft Corporation. All rights reserved</Copyright>

src/Microsoft.DevSkim/Microsoft.DevSkim.Tests/SuppressorTest.cs

@@ -17,5 +17,62 @@ public void Constructor1FailTest()
         {
             Suppression sup = new Suppression(null);
         }
+
+        [TestMethod]
+        public void IsNotSuppressedTest()
+        {
+            // Is supressed test
+            string testString = "md5.new()";
+            Suppression sup = new Suppression(testString);
+            Assert.IsTrue(sup.Index < 0, "Suppression should not be flagged");
+        }
+
+        [TestMethod]
+        public void IsSuppressedTest()
+        {
+            // Is supressed test
+            string testString = "md5.new() #DevSkim: ignore DS196098";
+            Suppression sup = new Suppression(testString);
+            Assert.IsTrue(sup.GetIssues().Length == 1, "Suppression should be flagged");
+        }
+
+        public void SuppressedIndexTest()
+        {
+            // Is supressed test
+            string testString = "md5.new() #DevSkim: ignore DS196098";
+            Suppression sup = new Suppression(testString);
+            Assert.IsTrue(sup.Index == 12, "Suppression should start in ondex 12");
+        }
+
+        [TestMethod]
+        public void SuppresseedAll_Test()
+        {
+            string testString = "var hash=MD5.Create(); /*DevSkim: ignore all*/";
+            Suppression sup = new Suppression(testString);
+            // Suppress All test
+            Assert.IsTrue(sup.GetIssues().Length == 1, "Supress All failed");
+        }
+
+        [TestMethod]
+        public void GetSuppressedTest()
+        {
+            string testString = "MD5 hash = new MD5CryptoServiceProvider(); //DevSkim: ignore DS126858,DS168931";
+            Suppression sup = new Suppression(testString);
+            SuppressedIssue iss = sup.GetSuppressedIssue("DS126858");
+
+            Assert.IsNotNull(sup.GetSuppressedIssue("DS126858"), "Is suppressed DS126858 should be instance");
+            Assert.IsNotNull(sup.GetSuppressedIssue("DS168931"), "Is suppressed DS168931 should be instance");
+        }
+
+        [TestMethod]
+        public void GetNotSuppressedTest()
+        {
+            string testString = "MD5 hash = new MD5CryptoServiceProvider(); //DevSkim: ignore DS126858,DS168931 until 1980-07-15";
+            Suppression sup = new Suppression(testString);
+            SuppressedIssue iss = sup.GetSuppressedIssue("DS126858");
+
+            Assert.IsNull(sup.GetSuppressedIssue("DS126858"), "Is suppressed DS126858 should be Null");
+            Assert.IsNull(sup.GetSuppressedIssue("DS168931"), "Is suppressed DS168931 should be Null");
+        }
     }
 }

src/Microsoft.DevSkim/Microsoft.DevSkim.Tests/UseCaseTest.cs

@@ -250,7 +250,7 @@ public void UseCase_OnError_Test()
         }
 
         [TestMethod]
-        public void LangugeSelector_Test()
+        public void LangugeSelectorTest()
         {            
             RuleProcessor processor = new RuleProcessor(LoadRules(false));
             string testString = "<package id=\"Microsoft.IdentityModel.Tokens\" version=\"5.1.0\"";
@@ -270,7 +270,7 @@ public void LangugeSelector_Test()
         }
 
         [TestMethod]
-        public void Commenting_Test()
+        public void CommentingTest()
         { 
             string str = Language.GetCommentInline("python");
             Assert.AreEqual("#", str, "Python comment prefix doesn't match");
@@ -284,7 +284,7 @@ public void Commenting_Test()
         }
 
         [TestMethod]
-        public void Conditions1_Test()
+        public void Conditions1Test()
         {            
             RuleProcessor processor = new RuleProcessor(LoadRules(false))
             {
@@ -307,7 +307,7 @@ public void Conditions1_Test()
         }
 
         [TestMethod]
-        public void Conditions2_Test()
+        public void Conditions2Test()
         {
             RuleProcessor processor = new RuleProcessor(LoadRules(false))
             {
@@ -330,7 +330,7 @@ public void Conditions2_Test()
         }
 
         [TestMethod]
-        public void Scope_Test()
+        public void ScopeTest()
         {
             RuleProcessor processor = new RuleProcessor(LoadRules(false))
             {

src/Microsoft.DevSkim/Microsoft.DevSkim/Suppression.cs

@@ -39,7 +39,7 @@ public Suppression(string text)
         /// Test if given rule Id is being suppressed
         /// </summary>
         /// <param name="issueId">Rule ID</param>
-        /// <returns>True is rule is suppressed</returns>
+        /// <returns>True if rule is suppressed</returns>
         public SuppressedIssue GetSuppressedIssue(string issueId)
         {
             bool result = false;

src/flycheck/flycheck-devskim.el

@@ -0,0 +1,88 @@
+;;; flycheck-devskim.el --- Flycheck: DevSkim support  -*- lexical-binding: t; -*-
+
+;; Copyright (c) Microsoft Corporation
+
+;; Author: Michael Scovetta <[email protected]
+;; Keywords: security, tools
+;; Version: 0.1.0
+;; URL: https://github.com/Microsoft/DevSkim
+;; Package-Requires: ((emacs "25.3") (flycheck "31"))
+
+;; All rights reserved.
+;;
+;; MIT License
+;;
+;; Permission is hereby granted, free of charge, to any person obtaining a copy
+;; of this software and associated documentation files (the "Software"), to deal
+;; in the Software without restriction, including without limitation the rights
+;; to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+;; copies of the Software, and to permit persons to whom the Software is
+;; furnished to do so, subject to the following conditions:
+;;
+;;   The above copyright notice and this permission notice shall be included in;
+;; all copies or substantial portions of the Software.
+;;
+;;   THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+;; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+;; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+;; AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+;; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+;; OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+;; SOFTWARE.
+
+;;; Commentary:
+
+;; DevSkim is a code analysis tool for multiple programming languages, based on
+;; grep-style rules.
+;;
+; Usage:
+;;
+;; Load flycheck-devskim from wherever you placed it.
+;; (load "~/.emacs.d/flycheck-devskim") 
+
+;;; Code:
+
+(require 'flycheck)
+
+(defun flycheck-parse-devskim (output checker buffer)
+  "Parse DevSkim warnings.
+  CHECKER and BUFFER denote the CHECKER that returned OUTPUT and
+  the BUFFER that was checked."
+  (let ((errors nil))
+    (dolist (message (car (flycheck-parse-json output)))
+      (let-alist message
+        (push
+          (flycheck-error-new-at
+           .start_line
+           .start_column
+           (pcase .severity
+             (`"1" 'error)
+             (`"2" 'error)
+             (`"3" 'warning)
+             (`"4" 'warning)
+             (_    'info))
+          (concat .rule_name " " .recommendation)
+          :id .rule_id
+          :checker checker
+          :buffer buffer
+          :filename .filename)
+         errors)))
+    (nreverse errors)))
+
+(flycheck-define-checker devskim
+  "A DevSkim checker for Flycheck.
+  See URL `https://github.com/Microsoft/DevSkim'."
+  :command ("devskim.exe"
+   "analyze"
+   "-f"
+   "json"
+   source)
+  :error-parser flycheck-parse-devskim
+  :modes (c-mode c++-mode python-mode)
+  )
+
+(add-to-list 'flycheck-checkers 'devskim)
+
+(provide 'flycheck-devskim)
+
+;;; flycheck-devskim.el ends here