From 59fa795f95a40f10f7f1202c23cf845c3c7c6c7e Mon Sep 17 00:00:00 2001
From: Nick Malcolm <nmalcolm@gitlab.com>
Date: Tue, 16 Jul 2024 12:19:29 +1200
Subject: [PATCH] Fix the behavior of the GitLab AppSec SAST comment

Previously, the comment would have the warning followed immediately by
the footer comment. This was due to an insufficient number of newlines,
based on how GitLab Flavored Markdown works.

The comment would also fail to apply a quick action. This was due to it
being prefixed by two spaces.
---
 scripts/semgrep_result_processor.rb           | 4 +++-
 spec/scripts/semgrep_result_processor_spec.rb | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/semgrep_result_processor.rb b/scripts/semgrep_result_processor.rb
index 684730b5ec430..33c5b5fc2a9e6 100755
--- a/scripts/semgrep_result_processor.rb
+++ b/scripts/semgrep_result_processor.rb
@@ -11,7 +11,8 @@ class SemgrepResultProcessor
   ALLOWED_API_URLS = %w[https://gitlab.com/api/v4].freeze
 
   # Remove this when the feature is fully working
-  MESSAGE_FOOTER = <<-FOOTER
+  MESSAGE_FOOTER = <<~FOOTER
+
 
   <small>
   This AppSec automation is currently under testing.
@@ -19,6 +20,7 @@ class SemgrepResultProcessor
   For any detailed feedback, [add a comment here](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/issues/38).
   </small>
 
+
   /label ~"appsec-sast::commented"
   FOOTER
 
diff --git a/spec/scripts/semgrep_result_processor_spec.rb b/spec/scripts/semgrep_result_processor_spec.rb
index d2c62b719da8c..487dd541254c1 100644
--- a/spec/scripts/semgrep_result_processor_spec.rb
+++ b/spec/scripts/semgrep_result_processor_spec.rb
@@ -71,7 +71,7 @@
         {
           "id" => 1933334610,
           "type" => "DiffNote",
-          "body" => "Deserializing user-controlled objects can cause vulnerabilities.  \n\n  \u003csmall\u003e\n  This AppSec automation is currently under testing.\n  Use ~\"appsec-sast::helpful\" or ~\"appsec-sast::unhelpful\" for quick feedback.\n  For any detailed feedback, [add a comment here](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/issues/38).\n  \u003c/small\u003e\n\n  /label ~\"appsec-sast::commented\"",
+          "body" => "Deserializing user-controlled objects can cause vulnerabilities.\n\n\n\u003csmall\u003e\nThis AppSec automation is currently under testing.\nUse ~\"appsec-sast::helpful\" or ~\"appsec-sast::unhelpful\" for quick feedback.\nFor any detailed feedback, [add a comment here](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/issues/38).\n\u003c/small\u003e\n\n\n/label ~\"appsec-sast::commented\"",
           "author" => {
             "id" => 21564538
           },
-- 
GitLab