From f216949564d29cf9a032056a6fd6d8a0bf6ef771 Mon Sep 17 00:00:00 2001
From: Gabriel Henriques <gabriel.henriques@g.globo>
Date: Tue, 16 Mar 2021 15:19:19 -0300
Subject: [PATCH 1/4] feat: adding brakeman.ignore support to huskyci

---
 api/config.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/api/config.yaml b/api/config.yaml
index edd7bc0b..9c8810e6 100644
--- a/api/config.yaml
+++ b/api/config.yaml
@@ -129,8 +129,13 @@ brakeman:
     GIT_TERMINAL_PROMPT=0 git clone -b %GIT_BRANCH% --single-branch %GIT_REPO% code --quiet 2> /tmp/errorGitCloneBrakeman
     if [ $? -eq 0 ]; then
       if [ -d /code/app ]; then
-        brakeman -q -o results.json /code
-        jq -j -M -c . results.json
+        if [ -f /code/brakeman.ignore ]; then
+          brakeman -q -i /code/brakeman.ignore -o results.json /code
+          jq -j -M -c . results.json
+        else
+          brakeman -q -o results.json /code
+          jq -j -M -c . results.json
+        fi
       else
         mv code app
         brakeman -q -o results.json .

From f01c627b7af06b9189be4453558df84022213e61 Mon Sep 17 00:00:00 2001
From: Gabriel Henriques <henriques.gabriel@outlook.com>
Date: Thu, 18 Mar 2021 20:10:29 -0300
Subject: [PATCH 2/4] refactor brakeman.ignore (duplicate command)

---
 api/config.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/api/config.yaml b/api/config.yaml
index 9c8810e6..c79a4734 100644
--- a/api/config.yaml
+++ b/api/config.yaml
@@ -131,11 +131,10 @@ brakeman:
       if [ -d /code/app ]; then
         if [ -f /code/brakeman.ignore ]; then
           brakeman -q -i /code/brakeman.ignore -o results.json /code
-          jq -j -M -c . results.json
         else
           brakeman -q -o results.json /code
-          jq -j -M -c . results.json
         fi
+        jq -j -M -c . results.json
       else
         mv code app
         brakeman -q -o results.json .

From 49a07f9afb41f84518002382b4508f5f214c9ae4 Mon Sep 17 00:00:00 2001
From: Gabriel Henriques <henriques.gabriel@outlook.comw>
Date: Sat, 20 Mar 2021 21:44:19 -0300
Subject: [PATCH 3/4] adding nosechusky output to ignored warnings

---
 api/config.yaml              |  5 ++++-
 api/securitytest/brakeman.go | 15 +++++++++++++++
 client/analysis/output.go    |  1 +
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/api/config.yaml b/api/config.yaml
index c79a4734..28a8a5ab 100644
--- a/api/config.yaml
+++ b/api/config.yaml
@@ -137,7 +137,10 @@ brakeman:
         jq -j -M -c . results.json
       else
         mv code app
-        brakeman -q -o results.json .
+        if [ -f /app/brakeman.ignore ]; then
+          brakeman -q -i /app/brakeman.ignore -o results.json .
+        else
+          brakeman -q -o results.json .
         jq -j -M -c . results.json
       fi
     else
diff --git a/api/securitytest/brakeman.go b/api/securitytest/brakeman.go
index a2afec02..a75f76c7 100644
--- a/api/securitytest/brakeman.go
+++ b/api/securitytest/brakeman.go
@@ -16,6 +16,7 @@ import (
 // BrakemanOutput is the struct that holds issues and stats found on a Brakeman scan.
 type BrakemanOutput struct {
 	Warnings []WarningItem `json:"warnings"`
+	IgnoredWarnings []WarningItem `json:"ignored_warnings"`
 }
 
 // WarningItem is the struct that holds all detailed information of a vulnerability found.
@@ -78,6 +79,20 @@ func (brakemanScan *SecTestScanInfo) prepareBrakemanVulns() {
 			huskyCIbrakemanResults.LowVulns = append(huskyCIbrakemanResults.LowVulns, brakemanVuln)
 		}
 	}
+	for _, ignoredWarning := range brakemanOutput.IgnoredWarnings {
+		brakemanVuln := types.HuskyCIVulnerability{}
+		brakemanVuln.Language = "Ruby"
+		brakemanVuln.SecurityTool = "Brakeman"
+		brakemanVuln.Confidence = ignoredWarning.Confidence
+		brakemanVuln.Title = fmt.Sprintf("Vulnerable Dependency: %s %s", ignoredWarning.Type, ignoredWarning.Message)
+		brakemanVuln.Severity = "NOSEC"
+		brakemanVuln.Details = ignoredWarning.Details
+		brakemanVuln.File = ignoredWarning.File
+		brakemanVuln.Line = strconv.Itoa(ignoredWarning.Line)
+		brakemanVuln.Code = ignoredWarning.Code
+		brakemanVuln.Type = ignoredWarning.Type
+		huskyCIbrakemanResults.NoSecVulns = append(huskyCIbrakemanResults.NoSecVulns, brakemanVuln)
+	}
 
 	brakemanScan.Vulnerabilities = huskyCIbrakemanResults
 }
diff --git a/client/analysis/output.go b/client/analysis/output.go
index 5f100bcb..afabb801 100644
--- a/client/analysis/output.go
+++ b/client/analysis/output.go
@@ -123,6 +123,7 @@ func prepareAllSummary(analysis types.Analysis) {
 	}
 
 	// Brakeman summary
+	outputJSON.Summary.BrakemanSummary.NoSecVuln = len(outputJSON.RubyResults.HuskyCIBrakemanOutput.NoSecVulns)
 	outputJSON.Summary.BrakemanSummary.LowVuln = len(outputJSON.RubyResults.HuskyCIBrakemanOutput.LowVulns)
 	outputJSON.Summary.BrakemanSummary.MediumVuln = len(outputJSON.RubyResults.HuskyCIBrakemanOutput.MediumVulns)
 	outputJSON.Summary.BrakemanSummary.HighVuln = len(outputJSON.RubyResults.HuskyCIBrakemanOutput.HighVulns)

From c68f9a5d1bd03958cb3a3b7c148cdca2fb770e01 Mon Sep 17 00:00:00 2001
From: Gabriel Henriques <henriques.gabriel@outlook.com>
Date: Sat, 20 Mar 2021 21:55:51 -0300
Subject: [PATCH 4/4] fixing client total output and config.yaml

---
 api/config.yaml           | 1 +
 client/analysis/output.go | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/config.yaml b/api/config.yaml
index 28a8a5ab..1d518cb2 100644
--- a/api/config.yaml
+++ b/api/config.yaml
@@ -141,6 +141,7 @@ brakeman:
           brakeman -q -i /app/brakeman.ignore -o results.json .
         else
           brakeman -q -o results.json .
+        fi
         jq -j -M -c . results.json
       fi
     else
diff --git a/client/analysis/output.go b/client/analysis/output.go
index afabb801..ca2a6e2f 100644
--- a/client/analysis/output.go
+++ b/client/analysis/output.go
@@ -199,7 +199,7 @@ func prepareAllSummary(analysis types.Analysis) {
 		types.FoundInfo = true
 	}
 
-	totalNoSec = outputJSON.Summary.BanditSummary.NoSecVuln + outputJSON.Summary.GosecSummary.NoSecVuln + outputJSON.Summary.GitleaksSummary.NoSecVuln
+	totalNoSec = outputJSON.Summary.BrakemanSummary.NoSecVuln + outputJSON.Summary.BanditSummary.NoSecVuln + outputJSON.Summary.GosecSummary.NoSecVuln + outputJSON.Summary.GitleaksSummary.NoSecVuln
 
 	totalLow = outputJSON.Summary.BrakemanSummary.LowVuln + outputJSON.Summary.SafetySummary.LowVuln + outputJSON.Summary.BanditSummary.LowVuln + outputJSON.Summary.GosecSummary.LowVuln + outputJSON.Summary.NpmAuditSummary.LowVuln + outputJSON.Summary.YarnAuditSummary.LowVuln + outputJSON.Summary.GitleaksSummary.LowVuln + outputJSON.Summary.SpotBugsSummary.LowVuln + outputJSON.Summary.TFSecSummary.LowVuln