ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable rules removal: do not validate deleted rules

Browse Source
This commit is contained in:
Arseniy Zaostrovnykh 2022-03-08 04:26:53 -08:00 committed by GitHub
parent 02cae0ceb0
commit f7353489fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ci/validate_metadata.sh
View File

@ -7,10 +7,16 @@ base="$(git merge-base FETCH_HEAD HEAD)"
echo "Comparing against the merge-base: ${base}"
if ! git diff --name-only --exit-code "${base}" -- rspec-tools/
then
# Revalidate all rules
basename --multiple rules/* | mapfile -t affected_rules
echo "Change in the tools, revalidating all rules"
else
git diff --name-only "${base}" -- rules/ | sed -Ee 's#rules/(S[0-9]+)/.*#\1#' | sort -u | mapfile -t affected_rules
git diff --name-only "${base}" -- rules/ | # Get all the changes in rules
sed -Ee 's#(rules/S[0-9]+)/.*#\1#' | # extract the rule directories
sort -u | # deduplicate
while IFS= read -r rule; do [[ -d "$rule" ]] && echo "$rule" || true; done | # filter non-deleted rules
sed 's#rules/##' | # get rule ids
mapfile -t affected_rules # store them in the `affected_rules` array
echo "Validating ${affected_rules[@]}"
fi
# Validate metadata
@ -19,4 +25,6 @@ then
cd rspec-tools
pipenv install
pipenv run rspec-tools validate-rules-metadata "${affected_rules[@]}"
else
echo "No rule changed or added"
fi

6
rspec-tools/rspec_tools/errors.py
View File

@ -13,3 +13,9 @@ class RuleValidationError(ClickException):
def __init__(self, message):
super().__init__(message)
class RuleNotFoundError(ClickException):
'''Exception raised when a rule does not exist in the repository.'''
def __init__(self, message):
super().__init__(message)

6
rspec-tools/rspec_tools/rules.py
View File

@ -3,6 +3,7 @@ import json
from pathlib import Path
from typing import Final, Generator, Iterable, Optional
from bs4 import BeautifulSoup
from rspec_tools.errors import RuleNotFoundError
METADATA_FILE_NAME: Final[str] = 'metadata.json'
@ -89,4 +90,7 @@ class RulesRepository:
return (GenericRule(child) for child in self.rules_path.glob('S*') if child.is_dir())
def get_rule(self, ruleid: str):
return GenericRule(self.rules_path.joinpath(ruleid))
rulepath = self.rules_path.joinpath(ruleid)
if not rulepath.is_dir():
raise RuleNotFoundError('Cannot find rule ' + ruleid + ' in ' + str(self.rules_path))
return GenericRule(rulepath)

8
rspec-tools/tests/test_rules_repository.py
View File

@ -1,6 +1,8 @@
from pathlib import Path
import pytest
from rspec_tools.rules import RulesRepository
from rspec_tools.errors import RuleNotFoundError
def test_list_rules(mockrules: Path):
'''Check that rules are all listed.'''
@ -22,3 +24,9 @@ def test_get_metadata(mockrules: Path):
assert plsql.metadata['sqKey'] == 'PlSql.PackageNaming'
java = rule.get_language('java')
assert java.metadata['sqKey'] == 'S120'
def test_nonexisting_rule(mockrules: Path):
'''Check that a nonexisting rule is reported.'''
with pytest.raises(RuleNotFoundError, match=fr'^Cannot find rule S200'):
RulesRepository(rules_path=mockrules).get_rule('S200')

2
rspec-tools/tests/validation/test_metadata_validation.py
View File

@ -127,4 +127,4 @@ def test_rule_with_complete_list_of_security_standard_passes_validation(rule_lan
metadata['securityStandards'] = {'ASVS 4': [], 'OWASP': [], "OWASP Top 10 2021": []}
with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:
mock.return_value = metadata
validate_rule_specialization_metadata(rule_language)
validate_rule_specialization_metadata(rule_language)