Merge pull request #1621 from eliblock/eb/fix-1588

fix(sarifOutput): nil-safe render_message
presidentbeef · Jul 16, 2021 · 0448534 · 0448534
2 parents d46a0d6 + ffb7f65
commit 0448534
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/lib/brakeman/report/report_sarif.rb b/lib/brakeman/report/report_sarif.rb
@@ -111,6 +111,8 @@ def render_id warning
   end
 
   def render_message message
+    return message if message.nil?
+
     # Ensure message ends with a period
     if message.end_with? "."
       message

diff --git a/test/tests/sarif_output.rb b/test/tests/sarif_output.rb
@@ -2,11 +2,23 @@
 require 'json'
 
 class SARIFOutputTests < Minitest::Test
+
+  def tracker_3_2
+    @@tracker_3_2 ||= Brakeman.run("#{TEST_PATH}/apps/rails3.2") # has no brakeman.ignore
+  end
+
   def setup
-    @@sarif ||= JSON.parse(Brakeman.run(File.join(TEST_PATH, 'apps', 'rails3.2')).report.to_sarif) # has no brakeman.ignore
+    @@sarif ||= JSON.parse(tracker_3_2.report.to_sarif)
     @@sarif_with_ignore ||= JSON.parse(Brakeman.run(File.join(TEST_PATH, 'apps', 'rails4')).report.to_sarif) # has ignored warnings
   end
 
+  def test_render_message
+    report = Brakeman::Report::SARIF.new tracker_3_2
+    assert_nil report.render_message(nil)
+    assert_equal 'Very serious sentence.', report.render_message('Very serious sentence')
+    assert_equal 'Nothing to see here.', report.render_message('Nothing to see here.')
+  end
+
   def test_log_shape
     assert_equal '2.1.0', @@sarif['version']
     assert_equal 'https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json', @@sarif['$schema']