From 1ccee8939d6aa64d33d8ddef71e94d5640b0871b Mon Sep 17 00:00:00 2001
From: Florian Sellmayr <florian.sellmayr@gmail.com>
Date: Wed, 1 May 2019 15:49:27 +0700
Subject: [PATCH] Extend java-find-secbugs module to include package and class
 name in error code

Fixes #107
---
 lib/modules/java-find-secbugs/__tests__/findsecbugs-unit.js | 6 +++---
 lib/modules/java-find-secbugs/index.js                      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/modules/java-find-secbugs/__tests__/findsecbugs-unit.js b/lib/modules/java-find-secbugs/__tests__/findsecbugs-unit.js
index 40c2d930..b7ed2f07 100644
--- a/lib/modules/java-find-secbugs/__tests__/findsecbugs-unit.js
+++ b/lib/modules/java-find-secbugs/__tests__/findsecbugs-unit.js
@@ -84,7 +84,7 @@ describe('FindSecBugs Module', () => {
     const results = await run(fm)
 
     expect(results.results.high).to.deep.equal([{
-      code: 'java-find-secbugs-XML_DECODER',
+      code: 'java-find-secbugs-XML_DECODER-com.hawkeye.java.test.controller.MyVulnerableControllerClass',
       offender: 'In method com.hawkeye.java.test.controller.MyVulnerableControllerClass.Update(int, UpdateCommand, BindingResult)',
       description: 'It is not safe to use an XMLDecoder to parse user supplied data',
       mitigation: 'Check line(s) [47-48]'
@@ -102,7 +102,7 @@ describe('FindSecBugs Module', () => {
     const results = await run(fm)
 
     expect(results.results.medium).to.deep.equal([{
-      code: 'java-find-secbugs-PREDICTABLE_RANDOM',
+      code: 'java-find-secbugs-PREDICTABLE_RANDOM-com.hawkeye.java.test.config.MyVulnerableConfigClass',
       offender: 'In method com.hawkeye.java.test.config.MyVulnerableConfigClass.generateSecretToken()',
       description: 'The use of java.util.Random is predictable',
       mitigation: 'Check line(s) 30'
@@ -120,7 +120,7 @@ describe('FindSecBugs Module', () => {
     const results = await run(fm)
 
     expect(results.results.low).to.deep.equal([{
-      code: 'java-find-secbugs-CRLF_INJECTION_LOGS',
+      code: 'java-find-secbugs-CRLF_INJECTION_LOGS-com.hawkeye.java.Application',
       description: 'This use of Logger.info(...) might be used to include CRLF characters into log messages',
       mitigation: 'Check line(s) 50, 55, 57, 59, 60, 61',
       offender: 'In method com.hawkeye.java.Application.main(String[])'
diff --git a/lib/modules/java-find-secbugs/index.js b/lib/modules/java-find-secbugs/index.js
index 9671e0a3..c0f4458c 100644
--- a/lib/modules/java-find-secbugs/index.js
+++ b/lib/modules/java-find-secbugs/index.js
@@ -52,7 +52,7 @@ module.exports = {
     const bugs = _.get(findSecBugsResult, ['BugCollection', 'BugInstance'], [])
     return bugs.map(bug => ({
       level: getSeverity(bug.$.priority),
-      code: bug.$.type,
+      code: bug.$.type + '-' + _.get(bug, ['Class', '0', '$', 'classname'], ''),
       offender: bug.Method[0].Message[0],
       description: bug.LongMessage[0],
       mitigation: getMitigationMessage(bug.SourceLine)