bundler:fix - correctly parse output error (#921)

Previously when a project path does not have a Gemfile.lock file, the Bundler return an error `Could not find "Gemfile.lock"` that was being interpreted as a vulnerability. This was happening because the commit rubysec/bundler-audit@021f85f change the error message from a generic error like "Errno::ENOENT" and "No such file or directory" to a more detailed error `Could not find "Gemfile.lock"`. Fixes #919 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br> (cherry picked from commit 9245d7d)
ZupIT · Jan 10, 2022 · 2534b54 · 2534b54
1 parent e13775b
commit 2534b54
Showing 1 changed file with 11 additions and 6 deletions.
diff --git a/internal/services/formatters/ruby/bundler/formatter.go b/internal/services/formatters/ruby/bundler/formatter.go
@@ -37,10 +37,12 @@ import (
 	vulnhash "github.com/ZupIT/horusec/internal/utils/vuln_hash"
 )
 
-// ErrGemLockNotFound occurs when bundles does not find gemfile.lock.
+// ErrGemLockNotFound occurs when project path does not have the Gemfile.lock file.
 //
-// nolint: lll
-var ErrGemLockNotFound = errors.New("project doesn't have a gemfile.lock file, it would be a good idea to commit it so horusec can check for vulnerabilities")
+// nolint: stylecheck
+// We actually want that this error message be capitalized since the file name that was
+// not found is capitalized.
+var ErrGemLockNotFound = errors.New("Gemfile.lock file is required to execute Bundler analysis")
 
 type Formatter struct {
 	formatters.IService
@@ -80,16 +82,19 @@ func (f *Formatter) startBundlerAudit(projectSubPath string) (string, error) {
 
 func (f *Formatter) getDockerConfig(projectSubPath string) *dockerEntities.AnalysisData {
 	analysisData := &dockerEntities.AnalysisData{
-		CMD: f.AddWorkDirInCmd(CMD, file.GetSubPathByExtension(
-			f.GetConfigProjectPath(), projectSubPath, "Gemfile.lock"), tools.SecurityCodeScan),
+		CMD: f.AddWorkDirInCmd(
+			CMD,
+			file.GetSubPathByExtension(f.GetConfigProjectPath(), projectSubPath, "Gemfile.lock"),
+			tools.SecurityCodeScan,
+		),
 		Language: languages.Ruby,
 	}
 
 	return analysisData.SetImage(f.GetCustomImageByLanguage(languages.Ruby), images.Ruby)
 }
 
 func (f *Formatter) verifyGemLockError(output string) error {
-	if strings.Contains(output, "No such file or directory") && strings.Contains(output, "Errno::ENOENT") {
+	if strings.Contains(output, `Could not find "Gemfile.lock"`) {
 		return ErrGemLockNotFound
 	}