POL-1386 Dangerfile Improvements (#2753)

* update * fix * update * fix * update * fix * update * update * update * update * update * update * update * update
flexera-public · Oct 14, 2024 · 78d9786 · 78d9786
1 parent 641c3f7
commit 78d9786
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 6 deletions.
diff --git a/.dangerfile/policy_tests.rb b/.dangerfile/policy_tests.rb
@@ -1277,12 +1277,24 @@ def policy_bad_comma_spacing?(file, file_lines)
   file_lines.each_with_index do |line, index|
     line_number = index + 1
     line = line.strip
-    if line.include?(",") && !line.include?("allowed_pattern") && !line.include?('= ","') && !line.include?("(',')") && !line.include?('(",")') && !line.include?("jq(") && !line.include?("/,/")
-      if line.match(/,\s{2,}/) || line.match(/\s,/) || line.match(/,[^\s]/) && !(line.match(/\',\'/) || line.match(/\",\"/) || line.match(/\`,\`/))
-        if fail_message.empty?
-          fail_message += "\n\n"
-        end
-        fail_message += "Line #{line_number.to_s}: `"+line+"`\n\n"
+    test_line = line
+    parts = []
+
+    # Look for stuff quotations and remove those
+    # This is to reduce false positives
+    parts = line.split("\"") if line.include?("\"") && !line.include?("'")
+    parts = line.split("'") if !line.include?("\"") && line.include?("'")
+
+    if parts.length > 2 && parts.length % 2 == 1
+      test_parts = []
+      parts.each_with_index { |part, index| test_parts << part if index % 2 == 0 }
+      test_line = test_parts.join("'")
+    end
+
+    if test_line.include?(",") && !test_line.include?("allowed_pattern") && !test_line.include?('= ","') && !test_line.include?("(',')") && !test_line.include?('(",")') && !test_line.include?("jq(") && !test_line.include?("/,/")
+      if test_line.match(/,\s{2,}/) || test_line.match(/\s,/) || test_line.match(/,[^\s]/) && !(test_line.match(/\',\'/) || test_line.match(/\",\"/) || test_line.match(/\`,\`/))
+        fail_message += "\n\n" if fail_message.empty?
+        fail_message += "Line #{line_number.to_s}: `" + line + "`\n\n"
       end
     end
   end
@@ -1460,3 +1472,22 @@ def policy_console_log?(file, file_lines)
   return fail_message.strip if !fail_message.empty?
   return false
 end
+
+### verb "GET" test
+# Return false if a datasource never specifies "GET" as a verb value
+def policy_verb_get?(file, file_lines)
+  puts Time.now.strftime("%H:%M:%S.%L") + " *** Testing whether Policy Template file datasources have any verb \"GET\" statements..."
+
+  # Message to return of test fails
+  fail_message = ""
+
+  file_lines.each_with_index do |line, index|
+    line_number = index + 1
+    fail_message += "Line #{line_number.to_s}\n" if line.strip.start_with?("verb \"GET\"") || line.strip.start_with?("verb: \"GET\"") || line.strip.start_with?("verb 'GET'") || line.strip.start_with?("verb: 'GET'")
+  end
+
+  fail_message = "Policy Template has verb \"GET\" statements. The verb field defaults to this value and should only be specified for other values, such as PATCH or POST:\n\n" + fail_message if !fail_message.empty?
+
+  return fail_message.strip if !fail_message.empty?
+  return false
+end
diff --git a/Dangerfile b/Dangerfile
@@ -537,6 +537,9 @@ changed_pt_files.each do |file|
 
     # Raise error if policy has console.log() statements
     test = policy_console_log?(file, file_lines); failures << test if test
+
+    # Raise error if policy has verb "GET" statements
+    test = policy_verb_get?(file, file_lines); failures << test if test
   end
 
   # Output final list of failures and warnings