brakeman-lib 4.5.0 → 4.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +15 -0
  3. data/README.md +6 -6
  4. data/lib/brakeman.rb +7 -0
  5. data/lib/brakeman/app_tree.rb +34 -22
  6. data/lib/brakeman/checks.rb +7 -7
  7. data/lib/brakeman/checks/base_check.rb +9 -9
  8. data/lib/brakeman/checks/check_cross_site_scripting.rb +5 -0
  9. data/lib/brakeman/checks/check_default_routes.rb +5 -0
  10. data/lib/brakeman/checks/check_deserialize.rb +52 -0
  11. data/lib/brakeman/checks/check_dynamic_finders.rb +1 -1
  12. data/lib/brakeman/checks/check_force_ssl.rb +27 -0
  13. data/lib/brakeman/checks/check_json_parsing.rb +5 -0
  14. data/lib/brakeman/checks/check_link_to_href.rb +6 -1
  15. data/lib/brakeman/checks/check_mail_to.rb +1 -1
  16. data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -1
  17. data/lib/brakeman/checks/check_model_attributes.rb +12 -50
  18. data/lib/brakeman/checks/check_model_serialize.rb +1 -1
  19. data/lib/brakeman/checks/check_nested_attributes_bypass.rb +3 -3
  20. data/lib/brakeman/checks/check_secrets.rb +1 -1
  21. data/lib/brakeman/checks/check_session_settings.rb +10 -10
  22. data/lib/brakeman/checks/check_simple_format.rb +5 -0
  23. data/lib/brakeman/checks/check_skip_before_filter.rb +1 -1
  24. data/lib/brakeman/checks/check_sql.rb +15 -17
  25. data/lib/brakeman/checks/check_validation_regex.rb +1 -1
  26. data/lib/brakeman/file_parser.rb +6 -8
  27. data/lib/brakeman/file_path.rb +71 -0
  28. data/lib/brakeman/options.rb +7 -0
  29. data/lib/brakeman/parsers/template_parser.rb +3 -3
  30. data/lib/brakeman/processor.rb +3 -4
  31. data/lib/brakeman/processors/alias_processor.rb +12 -6
  32. data/lib/brakeman/processors/base_processor.rb +8 -7
  33. data/lib/brakeman/processors/controller_alias_processor.rb +10 -7
  34. data/lib/brakeman/processors/controller_processor.rb +5 -9
  35. data/lib/brakeman/processors/haml_template_processor.rb +5 -0
  36. data/lib/brakeman/processors/lib/module_helper.rb +8 -8
  37. data/lib/brakeman/processors/lib/processor_helper.rb +3 -3
  38. data/lib/brakeman/processors/lib/rails2_config_processor.rb +3 -3
  39. data/lib/brakeman/processors/lib/rails2_route_processor.rb +2 -2
  40. data/lib/brakeman/processors/lib/rails3_config_processor.rb +3 -3
  41. data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -2
  42. data/lib/brakeman/processors/lib/render_helper.rb +2 -2
  43. data/lib/brakeman/processors/lib/render_path.rb +18 -1
  44. data/lib/brakeman/processors/library_processor.rb +5 -5
  45. data/lib/brakeman/processors/model_processor.rb +4 -5
  46. data/lib/brakeman/processors/output_processor.rb +5 -0
  47. data/lib/brakeman/processors/template_alias_processor.rb +4 -5
  48. data/lib/brakeman/processors/template_processor.rb +4 -4
  49. data/lib/brakeman/report.rb +3 -3
  50. data/lib/brakeman/report/ignore/config.rb +2 -3
  51. data/lib/brakeman/report/ignore/interactive.rb +2 -2
  52. data/lib/brakeman/report/pager.rb +1 -0
  53. data/lib/brakeman/report/report_base.rb +51 -6
  54. data/lib/brakeman/report/report_codeclimate.rb +3 -3
  55. data/lib/brakeman/report/report_hash.rb +1 -1
  56. data/lib/brakeman/report/report_html.rb +2 -2
  57. data/lib/brakeman/report/report_json.rb +1 -24
  58. data/lib/brakeman/report/report_table.rb +20 -4
  59. data/lib/brakeman/report/report_tabs.rb +1 -1
  60. data/lib/brakeman/report/report_text.rb +2 -2
  61. data/lib/brakeman/rescanner.rb +9 -12
  62. data/lib/brakeman/scanner.rb +19 -14
  63. data/lib/brakeman/tracker.rb +4 -4
  64. data/lib/brakeman/tracker/collection.rb +4 -3
  65. data/lib/brakeman/tracker/config.rb +6 -0
  66. data/lib/brakeman/util.rb +1 -147
  67. data/lib/brakeman/version.rb +1 -1
  68. data/lib/brakeman/warning.rb +23 -13
  69. data/lib/brakeman/warning_codes.rb +1 -0
  70. data/lib/ruby_parser/bm_sexp_processor.rb +1 -0
  71. metadata +20 -10
@@ -12,24 +12,23 @@ class Brakeman::ModelProcessor < Brakeman::BaseProcessor
12
12
  @current_method = nil
13
13
  @current_module = nil
14
14
  @visibility = :public
15
- @file_name = nil
15
+ @current_file = nil
16
16
  end
17
17
 
18
18
  #Process model source
19
- def process_model src, file_name = nil
20
- @file_name = file_name
19
+ def process_model src, current_file = @current_file
20
+ @current_file = current_file
21
21
  process src
22
22
  end
23
23
 
24
24
  #s(:class, NAME, PARENT, BODY)
25
25
  def process_class exp
26
26
  name = class_name(exp.class_name)
27
- parent = class_name(exp.parent_name)
28
27
 
29
28
  #If inside an inner class we treat it as a library.
30
29
  if @current_class
31
30
  Brakeman.debug "[Notice] Treating inner class as library: #{name}"
32
- Brakeman::LibraryProcessor.new(@tracker).process_library exp, @file_name
31
+ Brakeman::LibraryProcessor.new(@tracker).process_library exp, @current_file
33
32
  return exp
34
33
  end
35
34
 
@@ -8,6 +8,11 @@ require 'brakeman/util'
8
8
  class Brakeman::OutputProcessor < Ruby2Ruby
9
9
  include Brakeman::Util
10
10
 
11
+ def initialize *args
12
+ super
13
+ @user_input = nil
14
+ end
15
+
11
16
  #Copies +exp+ and then formats it.
12
17
  def format exp, user_input = nil, &block
13
18
  @user_input = user_input
@@ -14,22 +14,21 @@ class Brakeman::TemplateAliasProcessor < Brakeman::AliasProcessor
14
14
  def initialize tracker, template, called_from = nil
15
15
  super tracker
16
16
  @template = template
17
+ @current_file = template.file
17
18
  @called_from = called_from
18
19
  end
19
20
 
20
21
  #Process template
21
- def process_template name, args, _, line = nil, file_name = nil
22
- @file_name = file_name || relative_path(@template.file || @tracker.templates[@template.name])
23
-
22
+ def process_template name, args, _, line = nil
24
23
  if @called_from
25
24
  if @called_from.include_template? name
26
25
  Brakeman.debug "Skipping circular render from #{@template.name} to #{name}"
27
26
  return
28
27
  end
29
28
 
30
- super name, args, @called_from.dup.add_template_render(@template.name, line, @file_name), line
29
+ super name, args, @called_from.dup.add_template_render(@template.name, line, @current_file), line
31
30
  else
32
- super name, args, Brakeman::RenderPath.new.add_template_render(@template.name, line, @file_name), line
31
+ super name, args, Brakeman::RenderPath.new.add_template_render(@template.name, line, @current_file), line
33
32
  end
34
33
  end
35
34
 
@@ -5,10 +5,10 @@ require 'brakeman/tracker/template'
5
5
  class Brakeman::TemplateProcessor < Brakeman::BaseProcessor
6
6
 
7
7
  #Initializes template information.
8
- def initialize tracker, template_name, called_from = nil, file_name = nil
9
- super(tracker)
10
- @current_template = Brakeman::Template.new template_name, called_from, file_name, tracker
11
- @file_name = file_name
8
+ def initialize tracker, template_name, called_from = nil, current_file = nil
9
+ super(tracker)
10
+ @current_template = Brakeman::Template.new template_name, called_from, current_file, tracker
11
+ @current_file = @current_template.file
12
12
 
13
13
  if called_from
14
14
  template_name = (template_name.to_s + "." + called_from.to_s).to_sym
@@ -8,8 +8,8 @@ class Brakeman::Report
8
8
 
9
9
  VALID_FORMATS = [:to_html, :to_pdf, :to_csv, :to_json, :to_tabs, :to_hash, :to_s, :to_markdown, :to_codeclimate, :to_plain, :to_text]
10
10
 
11
- def initialize app_tree, tracker
12
- @app_tree = app_tree
11
+ def initialize tracker
12
+ @app_tree = tracker.app_tree
13
13
  @tracker = tracker
14
14
  end
15
15
 
@@ -83,6 +83,6 @@ class Brakeman::Report
83
83
  alias to_s to_text
84
84
 
85
85
  def generate reporter
86
- reporter.new(@app_tree, @tracker).generate_report
86
+ reporter.new(@tracker).generate_report
87
87
  end
88
88
  end
@@ -22,6 +22,7 @@ module Brakeman
22
22
  def filter_ignored
23
23
  @shown_warnings = []
24
24
  @ignored_warnings = []
25
+ @used_fingerprints = Set.new
25
26
 
26
27
  @new_warnings.each do |w|
27
28
  if ignored? w
@@ -112,9 +113,7 @@ module Brakeman
112
113
  def save_to_file warnings, file = @file
113
114
  warnings = warnings.map do |w|
114
115
  if w.is_a? Warning
115
- w_hash = w.to_hash
116
- w_hash[:file] = w.relative_path
117
- w = w_hash
116
+ w = w.to_hash(absolute_paths: false)
118
117
  end
119
118
 
120
119
  w[:note] = @notes[w[:fingerprint]] || ""
@@ -280,9 +280,9 @@ q - Quit, do not update ignored warnings
280
280
  say warning.format_code
281
281
  end
282
282
 
283
- if warning.relative_path
283
+ if warning.file
284
284
  label "File"
285
- say warning.relative_path
285
+ say warning.file.relative
286
286
  end
287
287
 
288
288
  if warning.line
@@ -4,6 +4,7 @@ module Brakeman
4
4
  @tracker = tracker
5
5
  @pager = pager
6
6
  @output = output
7
+ @less_available = @less_options = nil
7
8
  end
8
9
 
9
10
  def page_report report, format
@@ -13,8 +13,8 @@ class Brakeman::Report::Base
13
13
 
14
14
  TEXT_CONFIDENCE = Brakeman::Warning::TEXT_CONFIDENCE
15
15
 
16
- def initialize app_tree, tracker
17
- @app_tree = app_tree
16
+ def initialize tracker
17
+ @app_tree = tracker.app_tree
18
18
  @tracker = tracker
19
19
  @checks = tracker.checks
20
20
  @ignore_filter = tracker.ignored_filter
@@ -123,16 +123,52 @@ class Brakeman::Report::Base
123
123
  Set.new(tracker.templates.map {|k,v| v.name.to_s[/[^.]+/]}).length
124
124
  end
125
125
 
126
- def warning_file warning, absolute = @tracker.options[:absolute_paths]
126
+ def absolute_paths?
127
+ @tracker.options[:absolute_paths]
128
+ end
129
+
130
+ def warning_file warning
127
131
  return nil if warning.file.nil?
128
132
 
129
- if absolute
130
- warning.file
133
+ if absolute_paths?
134
+ warning.file.absolute
131
135
  else
132
- relative_path warning.file
136
+ warning.file.relative
133
137
  end
134
138
  end
135
139
 
140
+ #Return array of lines surrounding the warning location from the original
141
+ #file.
142
+ def context_for warning
143
+ file = warning.file
144
+ context = []
145
+ return context unless warning.line and file and file.exists?
146
+
147
+ current_line = 0
148
+ start_line = warning.line - 5
149
+ end_line = warning.line + 5
150
+
151
+ start_line = 1 if start_line < 0
152
+
153
+ File.open file do |f|
154
+ f.each_line do |line|
155
+ current_line += 1
156
+
157
+ next if line.strip == ""
158
+
159
+ if current_line > end_line
160
+ break
161
+ end
162
+
163
+ if current_line >= start_line
164
+ context << [current_line, line]
165
+ end
166
+ end
167
+ end
168
+
169
+ context
170
+ end
171
+
136
172
  def rails_version
137
173
  case
138
174
  when tracker.config.rails_version
@@ -145,4 +181,13 @@ class Brakeman::Report::Base
145
181
  "Unknown"
146
182
  end
147
183
  end
184
+
185
+ def github_url file, line=nil
186
+ if repo_url = @tracker.options[:github_url] and file
187
+ url = "#{repo_url}/#{file.relative}"
188
+ url << "#L#{line}" if line
189
+ else
190
+ nil
191
+ end
192
+ end
148
193
  end
@@ -70,10 +70,10 @@ class Brakeman::Report::CodeClimate < Brakeman::Report::Base
70
70
  end
71
71
 
72
72
  def file_path(warning)
73
- fp = Pathname.new(warning.relative_path)
74
73
  if tracker.options[:path_prefix]
75
- fp = Pathname.new(tracker.options[:path_prefix]) + fp
74
+ (Pathname.new(tracker.options[:path_prefix]) + Pathname.new(warning.file.relative)).to_s
75
+ else
76
+ warning.file
76
77
  end
77
- fp.to_s
78
78
  end
79
79
  end
@@ -11,7 +11,7 @@ class Brakeman::Report::Hash < Brakeman::Report::Base
11
11
  report[meth] = self.send(meth)
12
12
  report[meth].each do |w|
13
13
  w.message = w.format_message
14
- w.context = context_for(@app_tree, w).join("\n")
14
+ w.context = context_for(w).join("\n")
15
15
  end
16
16
  end
17
17
 
@@ -86,7 +86,7 @@ class Brakeman::Report::HTML < Brakeman::Report::Table
86
86
 
87
87
  def convert_ignored_warning warning, original
88
88
  warning = convert_warning(warning, original)
89
- warning['File'] = original.relative_path
89
+ warning['File'] = original.file.relative
90
90
  warning['Note'] = CGI.escapeHTML(@ignore_filter.note_for(original) || "")
91
91
  warning
92
92
  end
@@ -113,7 +113,7 @@ class Brakeman::Report::HTML < Brakeman::Report::Table
113
113
  #Generate HTML for warnings, including context show/hidden via Javascript
114
114
  def with_context warning, message
115
115
  @element_id += 1
116
- context = context_for(@app_tree, warning)
116
+ context = context_for(warning)
117
117
  message = html_message(warning, message)
118
118
 
119
119
  code_id = "context#@element_id"
@@ -37,30 +37,7 @@ class Brakeman::Report::JSON < Brakeman::Report::Base
37
37
 
38
38
  def convert_to_hashes warnings
39
39
  warnings.map do |w|
40
- hash = w.to_hash
41
- hash[:render_path] = convert_render_path hash[:render_path]
42
- hash[:file] = warning_file w
43
-
44
- hash
40
+ w.to_hash(absolute_paths: false)
45
41
  end.sort_by { |w| "#{w[:fingerprint]}#{w[:line]}" }
46
42
  end
47
-
48
- def convert_render_path render_path
49
- return unless render_path and not @tracker.options[:absolute_paths]
50
-
51
- render_path.map do |r|
52
- r = r.dup
53
-
54
- if r[:file]
55
- r[:file] = relative_path(r[:file])
56
- end
57
-
58
- if r[:rendered] and r[:rendered][:file]
59
- r[:rendered] = r[:rendered].dup
60
- r[:rendered][:file] = relative_path(r[:rendered][:file])
61
- end
62
-
63
- r
64
- end
65
- end
66
43
  end
@@ -199,10 +199,6 @@ class Brakeman::Report::Table < Brakeman::Report::Base
199
199
  end
200
200
  end
201
201
 
202
- def convert_warning warning, original
203
- warning
204
- end
205
-
206
202
  def convert_ignored_warning warning, original
207
203
  convert_warning warning, original
208
204
  end
@@ -271,4 +267,24 @@ Duration: #{tracker.duration} seconds
271
267
  Checks run: #{checks.checks_run.sort.join(", ")}
272
268
  HEADER
273
269
  end
270
+
271
+ def truncate_table str
272
+ @terminal_width ||= if @tracker.options[:table_width]
273
+ @tracker.options[:table_width]
274
+ elsif $stdin && $stdin.tty?
275
+ Brakeman.load_brakeman_dependency 'highline'
276
+ ::HighLine.default_instance.terminal.terminal_size[0]
277
+ else
278
+ 80
279
+ end
280
+ lines = str.lines
281
+
282
+ lines.map do |line|
283
+ if line.chomp.length > @terminal_width
284
+ line[0..(@terminal_width - 3)] + ">>\n"
285
+ else
286
+ line
287
+ end
288
+ end.join
289
+ end
274
290
  end
@@ -10,7 +10,7 @@ class Brakeman::Report::Tabs < Brakeman::Report::Table
10
10
  self.send(meth).map do |w|
11
11
  line = w.line || 0
12
12
  w.warning_type.gsub!(/[^\w\s]/, ' ')
13
- "#{warning_file(w, :absolute)}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
13
+ "#{(w.file.absolute)}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
14
14
  end.join "\n"
15
15
 
16
16
  end.join "\n"
@@ -201,8 +201,8 @@ class Brakeman::Report::Text < Brakeman::Report::Base
201
201
 
202
202
  # ONLY used for generate_controllers to avoid duplication
203
203
  def render_array name, cols, values, locals
204
- controllers = values.map do |name, parent, includes, routes|
205
- c = [ label("Controller", name) ]
204
+ controllers = values.map do |controller_name, parent, includes, routes|
205
+ c = [ label("Controller", controller_name) ]
206
206
  c << label("Parent", parent) unless parent.empty?
207
207
  c << label("Includes", includes) unless includes.empty?
208
208
  c << label("Routes", routes)
@@ -13,7 +13,7 @@ class Brakeman::Rescanner < Brakeman::Scanner
13
13
  def initialize options, processor, changed_files
14
14
  super(options, processor)
15
15
 
16
- @paths = changed_files.map {|f| @app_tree.expand_path(f) }
16
+ @paths = changed_files.map {|f| tracker.app_tree.file_path(f) }
17
17
  @old_results = tracker.filtered_warnings #Old warnings from previous scan
18
18
  @changes = nil #True if files had to be rescanned
19
19
  @reindex = Set.new
@@ -67,7 +67,7 @@ class Brakeman::Rescanner < Brakeman::Scanner
67
67
  def rescan_file path, type = nil
68
68
  type ||= file_type path
69
69
 
70
- unless @app_tree.path_exists?(path)
70
+ unless path.exists?
71
71
  return rescan_deleted_file path, type
72
72
  end
73
73
 
@@ -127,14 +127,14 @@ class Brakeman::Rescanner < Brakeman::Scanner
127
127
  end
128
128
 
129
129
  def rescan_template path
130
- return unless path.match KNOWN_TEMPLATE_EXTENSIONS and @app_tree.path_exists?(path)
130
+ return unless path.relative.match KNOWN_TEMPLATE_EXTENSIONS and path.exists?
131
131
 
132
132
  template_name = template_path_to_name(path)
133
133
 
134
134
  tracker.reset_template template_name
135
- fp = Brakeman::FileParser.new(tracker, @app_tree)
135
+ fp = Brakeman::FileParser.new(tracker)
136
136
  template_parser = Brakeman::TemplateParser.new(tracker, fp)
137
- template_parser.parse_template path, @app_tree.read_path(path)
137
+ template_parser.parse_template path, path.read
138
138
  process_template fp.file_list[:templates].first
139
139
 
140
140
  @processor.process_template_alias tracker.templates[template_name]
@@ -256,16 +256,13 @@ class Brakeman::Rescanner < Brakeman::Scanner
256
256
  end
257
257
 
258
258
  def rescan_deleted_template path
259
- return unless path.match KNOWN_TEMPLATE_EXTENSIONS
259
+ return unless path.relative.match KNOWN_TEMPLATE_EXTENSIONS
260
260
 
261
261
  template_name = template_path_to_name(path)
262
262
 
263
263
  #Remove template
264
264
  tracker.reset_template template_name
265
265
 
266
- rendered_from_controller = /^#{template_name}\.(.+Controller)#(.+)/
267
- rendered_from_view = /^#{template_name}\.Template:(.+)/
268
-
269
266
  #Remove any rendered versions, or partials rendered from it
270
267
  tracker.templates.delete_if do |_name, template|
271
268
  template.file == path or template.name.to_sym == template_name.to_sym
@@ -371,7 +368,7 @@ class Brakeman::Rescanner < Brakeman::Scanner
371
368
  next unless template.render_path
372
369
 
373
370
  if template.render_path.include_any_method? method_names
374
- name.to_s.match /^([^.]+)/
371
+ name.to_s.match(/^([^.]+)/)
375
372
 
376
373
  original = tracker.templates[$1.to_sym]
377
374
 
@@ -388,8 +385,8 @@ class Brakeman::Rescanner < Brakeman::Scanner
388
385
  end
389
386
 
390
387
  def parse_ruby_files list
391
- paths = list.select { |path| @app_tree.path_exists? path }
392
- file_parser = Brakeman::FileParser.new(tracker, @app_tree)
388
+ paths = list.select(&:exists?)
389
+ file_parser = Brakeman::FileParser.new(tracker)
393
390
  file_parser.parse_files paths, :rescan
394
391
  file_parser.file_list[:rescan]
395
392
  end
@@ -16,7 +16,6 @@ end
16
16
  #Scans the Rails application.
17
17
  class Brakeman::Scanner
18
18
  attr_reader :options
19
- RUBY_1_9 = RUBY_VERSION >= "1.9.0"
20
19
 
21
20
  #Pass in path to the root of the Rails application
22
21
  def initialize options, processor = nil
@@ -66,7 +65,7 @@ class Brakeman::Scanner
66
65
  end
67
66
 
68
67
  def parse_files
69
- fp = Brakeman::FileParser.new tracker, @app_tree
68
+ fp = Brakeman::FileParser.new tracker
70
69
 
71
70
  files = {
72
71
  :initializers => @app_tree.initializer_paths,
@@ -95,7 +94,7 @@ class Brakeman::Scanner
95
94
  #
96
95
  #Stores parsed information in tracker.config
97
96
  def process_config
98
- if options[:rails3] or options[:rails4] or options[:rails5]
97
+ if options[:rails3] or options[:rails4] or options[:rails5] or options[:rails6]
99
98
  process_config_file "application.rb"
100
99
  process_config_file "environments/production.rb"
101
100
  else
@@ -111,14 +110,14 @@ class Brakeman::Scanner
111
110
  end
112
111
 
113
112
  if @app_tree.exists? ".ruby-version"
114
- tracker.config.set_ruby_version @app_tree.read ".ruby-version"
113
+ tracker.config.set_ruby_version @app_tree.file_path(".ruby-version").read
115
114
  end
116
115
  end
117
116
 
118
117
  def process_config_file file
119
- path = "config/#{file}"
118
+ path = @app_tree.file_path("config/#{file}")
120
119
 
121
- if @app_tree.exists?(path)
120
+ if path.exists?
122
121
  @processor.process_config(parse_ruby_file(path), path)
123
122
  end
124
123
 
@@ -132,16 +131,21 @@ class Brakeman::Scanner
132
131
  #Process Gemfile
133
132
  def process_gems
134
133
  gem_files = {}
134
+
135
135
  if @app_tree.exists? "Gemfile"
136
- gem_files[:gemfile] = { :src => parse_ruby_file("Gemfile"), :file => "Gemfile" }
136
+ file = @app_tree.file_path("Gemfile")
137
+ gem_files[:gemfile] = { :src => parse_ruby_file(file), :file => file }
137
138
  elsif @app_tree.exists? "gems.rb"
138
- gem_files[:gemfile] = { :src => parse_ruby_file("gems.rb"), :file => "gems.rb" }
139
+ file = @app_tree.file_path("gems.rb")
140
+ gem_files[:gemfile] = { :src => parse_ruby_file(file), :file => file }
139
141
  end
140
142
 
141
143
  if @app_tree.exists? "Gemfile.lock"
142
- gem_files[:gemlock] = { :src => @app_tree.read("Gemfile.lock"), :file => "Gemfile.lock" }
144
+ file = @app_tree.file_path("Gemfile.lock")
145
+ gem_files[:gemlock] = { :src => file.read, :file => file }
143
146
  elsif @app_tree.exists? "gems.locked"
144
- gem_files[:gemlock] = { :src => @app_tree.read("gems.locked"), :file => "gems.locked" }
147
+ file = @app_tree.file_path("gems.locked")
148
+ gem_files[:gemlock] = { :src => file.read, :file => file }
145
149
  end
146
150
 
147
151
  if @app_tree.gemspec
@@ -215,7 +219,8 @@ class Brakeman::Scanner
215
219
  #Adds parsed information to tracker.routes
216
220
  def process_routes
217
221
  if @app_tree.exists?("config/routes.rb")
218
- if routes_sexp = parse_ruby_file("config/routes.rb")
222
+ file = @app_tree.file_path("config/routes.rb")
223
+ if routes_sexp = parse_ruby_file(file)
219
224
  @processor.process_routes routes_sexp
220
225
  else
221
226
  Brakeman.notify "[Notice] Error while processing routes - assuming all public controller methods are actions."
@@ -316,9 +321,9 @@ class Brakeman::Scanner
316
321
  tracker.index_call_sites
317
322
  end
318
323
 
319
- def parse_ruby_file path
320
- fp = Brakeman::FileParser.new(self.tracker, @app_tree)
321
- fp.parse_ruby(@app_tree.read(path), path)
324
+ def parse_ruby_file file
325
+ fp = Brakeman::FileParser.new(self.tracker)
326
+ fp.parse_ruby(file.read, file)
322
327
  end
323
328
  end
324
329