brakeman-lib 5.0.0 → 5.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGES.md +46 -0
- data/README.md +10 -1
- data/lib/brakeman.rb +23 -8
- data/lib/brakeman/checks/check_detailed_exceptions.rb +1 -1
- data/lib/brakeman/checks/check_evaluation.rb +1 -1
- data/lib/brakeman/checks/check_execute.rb +10 -0
- data/lib/brakeman/checks/check_mass_assignment.rb +4 -6
- data/lib/brakeman/checks/check_render.rb +15 -1
- data/lib/brakeman/checks/check_sanitize_methods.rb +2 -1
- data/lib/brakeman/checks/check_sql.rb +58 -8
- data/lib/brakeman/checks/check_verb_confusion.rb +1 -1
- data/lib/brakeman/commandline.rb +1 -1
- data/lib/brakeman/file_parser.rb +45 -15
- data/lib/brakeman/options.rb +7 -2
- data/lib/brakeman/parsers/template_parser.rb +24 -0
- data/lib/brakeman/processors/alias_processor.rb +105 -18
- data/lib/brakeman/processors/base_processor.rb +4 -4
- data/lib/brakeman/processors/controller_alias_processor.rb +6 -43
- data/lib/brakeman/processors/lib/call_conversion_helper.rb +10 -6
- data/lib/brakeman/processors/lib/rails4_config_processor.rb +2 -1
- data/lib/brakeman/processors/library_processor.rb +9 -0
- data/lib/brakeman/processors/model_processor.rb +31 -0
- data/lib/brakeman/report.rb +4 -1
- data/lib/brakeman/report/ignore/config.rb +4 -4
- data/lib/brakeman/report/ignore/interactive.rb +1 -1
- data/lib/brakeman/report/report_github.rb +31 -0
- data/lib/brakeman/report/report_sarif.rb +21 -2
- data/lib/brakeman/rescanner.rb +1 -1
- data/lib/brakeman/scanner.rb +4 -1
- data/lib/brakeman/tracker.rb +33 -4
- data/lib/brakeman/tracker/collection.rb +57 -7
- data/lib/brakeman/tracker/method_info.rb +70 -0
- data/lib/brakeman/util.rb +34 -18
- data/lib/brakeman/version.rb +1 -1
- data/lib/ruby_parser/bm_sexp.rb +14 -0
- metadata +18 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 425078e2c4abfb5dc629bd5b70fcbaa1de59be69093097ad5ca78c3f425f575c
|
4
|
+
data.tar.gz: 1ddaf7c9084213dcc7db6772dc164095800de50897d157345a01c234d09fe778
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4a0a910c6859f389eeaf21253dc8d33f7f0d199e2289bc3e6145b7d9eecaf7dd0793dad3a2a013ec3a4c64c681cfbbf88647e21566ea3b7269bf485f29ef10ee
|
7
|
+
data.tar.gz: 2d5845a9bd98a86f3af891122d9fe410da8586aa8aa45ccb2e05bcf25b8fdf6b6702d6ac396f866a4b53b9659cceface62a03997c30954d20d2e32b73cffab5c
|
data/CHANGES.md
CHANGED
@@ -1,3 +1,49 @@
|
|
1
|
+
# 5.1.0 - 2021-07-19
|
2
|
+
|
3
|
+
* Initial support for ActiveRecord enums
|
4
|
+
* Support `Hash#include?`
|
5
|
+
* Interprocedural dataflow from very simple class methods
|
6
|
+
* Fix SARIF report when checks have no description (Eli Block)
|
7
|
+
* Add ignored warnings to SARIF report (Eli Block)
|
8
|
+
* Add `--sql-safe-methods` option (Esty Scheiner)
|
9
|
+
* Update SQL injection check for Rails 6.0/6.1
|
10
|
+
* Fix false positive in command injection with `Open3.capture` (Richard Fitzgerald)
|
11
|
+
* Fix infinite loop on mixin self-includes (Andrew Szczepanski)
|
12
|
+
* Ignore dates in SQL
|
13
|
+
* Refactor `cookie?`/`param?` methods (Keenan Brock)
|
14
|
+
* Ignore renderables in dynamic render path check (Brad Parker)
|
15
|
+
* Support `Array#push`
|
16
|
+
* Better `Array#join` support
|
17
|
+
* Adjust copy of `--interactive` menu (Elia Schito)
|
18
|
+
* Support `Array#*`
|
19
|
+
* Better method definition tracking and lookup
|
20
|
+
* Support `Hash#values` and `Hash#values_at`
|
21
|
+
* Check for user-controlled evaluation even if it's a call target
|
22
|
+
* Support `Array#fetch` and `Hash#fetch`
|
23
|
+
* Ignore `sanitize_sql_like` in SQL
|
24
|
+
* Ignore method calls on numbers in SQL
|
25
|
+
* Add GitHub Actions format (Klaus Badelt)
|
26
|
+
* Read and parse files in parallel
|
27
|
+
|
28
|
+
# 5.0.4 - 2021-06-08
|
29
|
+
|
30
|
+
(brakeman gem release only)
|
31
|
+
|
32
|
+
* Update bundled `ruby_parser` to include argument forwarding support
|
33
|
+
|
34
|
+
# 5.0.2 - 2021-06-07
|
35
|
+
|
36
|
+
* Fix Loofah version check
|
37
|
+
|
38
|
+
# 5.0.1 - 2021-04-27
|
39
|
+
|
40
|
+
* Detect `::Rails.application.configure` too
|
41
|
+
* Set more line numbers on Sexps
|
42
|
+
* Support loading `slim/smart`
|
43
|
+
* Don't fail if $HOME/$USER are not defined
|
44
|
+
* Always ignore slice/only calls for mass assignment
|
45
|
+
* Convert splat array arguments to arguments
|
46
|
+
|
1
47
|
# 5.0.0 - 2021-01-26
|
2
48
|
|
3
49
|
* Ignore `uuid` as a safe attribute
|
data/README.md
CHANGED
@@ -159,7 +159,16 @@ The `-w` switch takes a number from 1 to 3, with 1 being low (all warnings) and
|
|
159
159
|
|
160
160
|
# Configuration files
|
161
161
|
|
162
|
-
Brakeman options can stored and read from YAML files.
|
162
|
+
Brakeman options can be stored and read from YAML files.
|
163
|
+
|
164
|
+
To simplify the process of writing a configuration file, the `-C` option will output the currently set options:
|
165
|
+
|
166
|
+
```sh
|
167
|
+
$ brakeman -C --skip-files plugins/
|
168
|
+
---
|
169
|
+
:skip_files:
|
170
|
+
- plugins/
|
171
|
+
```
|
163
172
|
|
164
173
|
Options passed in on the commandline have priority over configuration files.
|
165
174
|
|
data/lib/brakeman.rb
CHANGED
@@ -65,6 +65,7 @@ module Brakeman
|
|
65
65
|
# * :report_routes - show found routes on controllers (default: false)
|
66
66
|
# * :run_checks - array of checks to run (run all if not specified)
|
67
67
|
# * :safe_methods - array of methods to consider safe
|
68
|
+
# * :sql_safe_methods - array of sql sanitization methods to consider safe
|
68
69
|
# * :skip_libs - do not process lib/ directory (default: false)
|
69
70
|
# * :skip_vendor - do not process vendor/ directory (default: true)
|
70
71
|
# * :skip_checks - checks not to run (run all if not specified)
|
@@ -157,10 +158,17 @@ module Brakeman
|
|
157
158
|
end
|
158
159
|
end
|
159
160
|
|
160
|
-
CONFIG_FILES =
|
161
|
-
|
162
|
-
|
163
|
-
|
161
|
+
CONFIG_FILES = begin
|
162
|
+
[
|
163
|
+
File.expand_path("~/.brakeman/config.yml"),
|
164
|
+
File.expand_path("/etc/brakeman/config.yml")
|
165
|
+
]
|
166
|
+
rescue ArgumentError
|
167
|
+
# In case $HOME or $USER aren't defined for use of `~`
|
168
|
+
[
|
169
|
+
File.expand_path("/etc/brakeman/config.yml")
|
170
|
+
]
|
171
|
+
end
|
164
172
|
|
165
173
|
def self.config_file custom_location, app_path
|
166
174
|
app_config = File.expand_path(File.join(app_path, "config", "brakeman.yml"))
|
@@ -191,6 +199,7 @@ module Brakeman
|
|
191
199
|
:relative_path => false,
|
192
200
|
:report_progress => true,
|
193
201
|
:safe_methods => Set.new,
|
202
|
+
:sql_safe_methods => Set.new,
|
194
203
|
:skip_checks => Set.new,
|
195
204
|
:skip_vendor => true,
|
196
205
|
}
|
@@ -243,6 +252,8 @@ module Brakeman
|
|
243
252
|
[:to_sarif]
|
244
253
|
when :sonar, :to_sonar
|
245
254
|
[:to_sonar]
|
255
|
+
when :github, :to_github
|
256
|
+
[:to_github]
|
246
257
|
else
|
247
258
|
[:to_text]
|
248
259
|
end
|
@@ -276,6 +287,8 @@ module Brakeman
|
|
276
287
|
:to_sarif
|
277
288
|
when /\.sonar$/i
|
278
289
|
:to_sonar
|
290
|
+
when /\.github$/i
|
291
|
+
:to_github
|
279
292
|
else
|
280
293
|
:to_text
|
281
294
|
end
|
@@ -514,12 +527,14 @@ module Brakeman
|
|
514
527
|
|
515
528
|
# Returns an array of alert fingerprints for any ignored warnings without
|
516
529
|
# notes found in the specified ignore file (if it exists).
|
517
|
-
def self.ignore_file_entries_with_empty_notes file
|
530
|
+
def self.ignore_file_entries_with_empty_notes file, options
|
518
531
|
return [] unless file
|
519
532
|
|
520
533
|
require 'brakeman/report/ignore/config'
|
521
534
|
|
522
|
-
|
535
|
+
app_tree = Brakeman::AppTree.from_options(options)
|
536
|
+
|
537
|
+
config = IgnoreConfig.new(Brakeman::FilePath.from_app_tree(app_tree, file), nil)
|
523
538
|
config.read_from_file
|
524
539
|
config.already_ignored_entries_with_empty_notes.map { |i| i[:fingerprint] }
|
525
540
|
end
|
@@ -530,9 +545,9 @@ module Brakeman
|
|
530
545
|
app_tree = Brakeman::AppTree.from_options(options)
|
531
546
|
|
532
547
|
if options[:ignore_file]
|
533
|
-
file = options[:ignore_file]
|
548
|
+
file = Brakeman::FilePath.from_app_tree(app_tree, options[:ignore_file])
|
534
549
|
elsif app_tree.exists? "config/brakeman.ignore"
|
535
|
-
file =
|
550
|
+
file = Brakeman::FilePath.from_app_tree(app_tree, "config/brakeman.ignore")
|
536
551
|
elsif not options[:interactive_ignore]
|
537
552
|
return
|
538
553
|
end
|
@@ -26,7 +26,7 @@ class Brakeman::CheckDetailedExceptions < Brakeman::BaseCheck
|
|
26
26
|
def check_detailed_exceptions
|
27
27
|
tracker.controllers.each do |_name, controller|
|
28
28
|
controller.methods_public.each do |method_name, definition|
|
29
|
-
src = definition
|
29
|
+
src = definition.src
|
30
30
|
body = src.body.last
|
31
31
|
next unless body
|
32
32
|
|
@@ -10,7 +10,7 @@ class Brakeman::CheckEvaluation < Brakeman::BaseCheck
|
|
10
10
|
#Process calls
|
11
11
|
def run_check
|
12
12
|
Brakeman.debug "Finding eval-like calls"
|
13
|
-
calls = tracker.find_call :
|
13
|
+
calls = tracker.find_call methods: [:eval, :instance_eval, :class_eval, :module_eval], nested: true
|
14
14
|
|
15
15
|
Brakeman.debug "Processing eval-like calls"
|
16
16
|
calls.each do |call|
|
@@ -87,6 +87,16 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
|
|
87
87
|
dangerous_interp?(first_arg) ||
|
88
88
|
dangerous_string_building?(first_arg)
|
89
89
|
end
|
90
|
+
when :capture2, :capture2e, :capture3
|
91
|
+
# Open3 capture methods can take a :stdin_data argument which is used as the
|
92
|
+
# the input to the called command so it is not succeptable to command injection.
|
93
|
+
# As such if the last argument is a hash (and therefore execution options) it
|
94
|
+
# should be ignored
|
95
|
+
|
96
|
+
args.pop if hash?(args.last) && args.length > 2
|
97
|
+
failure = include_user_input?(args) ||
|
98
|
+
dangerous_interp?(args) ||
|
99
|
+
dangerous_string_building?(args)
|
90
100
|
else
|
91
101
|
failure = include_user_input?(args) ||
|
92
102
|
dangerous_interp?(args) ||
|
@@ -69,17 +69,15 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
|
|
69
69
|
if check and original? res
|
70
70
|
|
71
71
|
model = tracker.models[res[:chain].first]
|
72
|
-
|
73
72
|
attr_protected = (model and model.attr_protected)
|
73
|
+
first_arg = call.first_arg
|
74
74
|
|
75
75
|
if attr_protected and tracker.options[:ignore_attr_protected]
|
76
76
|
return
|
77
|
+
elsif call? first_arg and (first_arg.method == :slice or first_arg.method == :only)
|
78
|
+
return
|
77
79
|
elsif input = include_user_input?(call.arglist)
|
78
|
-
|
79
|
-
|
80
|
-
if call? first_arg and (first_arg.method == :slice or first_arg.method == :only)
|
81
|
-
return
|
82
|
-
elsif not node_type? first_arg, :hash
|
80
|
+
if not node_type? first_arg, :hash
|
83
81
|
if attr_protected
|
84
82
|
confidence = :medium
|
85
83
|
else
|
@@ -33,6 +33,7 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
|
|
33
33
|
view = result[:call][2]
|
34
34
|
|
35
35
|
if sexp? view and original? result
|
36
|
+
return if renderable?(view)
|
36
37
|
|
37
38
|
if input = has_immediate_user_input?(view)
|
38
39
|
if string_interp? view
|
@@ -94,4 +95,17 @@ class Brakeman::CheckRender < Brakeman::BaseCheck
|
|
94
95
|
end
|
95
96
|
end
|
96
97
|
end
|
97
|
-
|
98
|
+
|
99
|
+
def renderable? exp
|
100
|
+
return false unless call?(exp) and constant?(exp.target)
|
101
|
+
|
102
|
+
target_class_name = class_name(exp.target)
|
103
|
+
known_renderable_class?(target_class_name) or tracker.find_method(:render_in, target_class_name)
|
104
|
+
end
|
105
|
+
|
106
|
+
def known_renderable_class? class_name
|
107
|
+
klass = tracker.find_class(class_name)
|
108
|
+
return false if klass.nil?
|
109
|
+
klass.ancestor? :"ViewComponent::Base"
|
110
|
+
end
|
111
|
+
end
|
@@ -90,7 +90,8 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
|
|
90
90
|
def loofah_vulnerable_cve_2018_8048?
|
91
91
|
loofah_version = tracker.config.gem_version(:loofah)
|
92
92
|
|
93
|
-
|
93
|
+
# 2.2.1 is fix version
|
94
|
+
loofah_version and version_between?("0.0.0", "2.2.0", loofah_version)
|
94
95
|
end
|
95
96
|
|
96
97
|
def warn_sanitizer_cve cve, link, upgrade_version
|
@@ -22,7 +22,19 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
|
|
22
22
|
:find_by_sql, :maximum, :minimum, :pluck, :sum, :update_all]
|
23
23
|
@sql_targets.concat [:from, :group, :having, :joins, :lock, :order, :reorder, :where] if tracker.options[:rails3]
|
24
24
|
@sql_targets.concat [:find_by, :find_by!, :find_or_create_by, :find_or_create_by!, :find_or_initialize_by, :not] if tracker.options[:rails4]
|
25
|
-
|
25
|
+
|
26
|
+
if tracker.options[:rails6]
|
27
|
+
@sql_targets.concat [:delete_by, :destroy_by, :rewhere, :reselect]
|
28
|
+
|
29
|
+
@sql_targets.delete :delete_all
|
30
|
+
@sql_targets.delete :destroy_all
|
31
|
+
end
|
32
|
+
|
33
|
+
if version_between?("6.1.0", "9.9.9")
|
34
|
+
@sql_targets.delete :order
|
35
|
+
@sql_targets.delete :reorder
|
36
|
+
@sql_targets.delete :pluck
|
37
|
+
end
|
26
38
|
|
27
39
|
if version_between?("2.0.0", "3.9.9") or tracker.config.rails_version.nil?
|
28
40
|
@sql_targets << :first << :last << :all
|
@@ -185,7 +197,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
|
|
185
197
|
else
|
186
198
|
check_find_arguments call.last_arg
|
187
199
|
end
|
188
|
-
when :where, :having, :find_by, :find_by!, :find_or_create_by, :find_or_create_by!, :find_or_initialize_by,:not, :delete_by, :destroy_by
|
200
|
+
when :where, :rewhere, :having, :find_by, :find_by!, :find_or_create_by, :find_or_create_by!, :find_or_initialize_by,:not, :delete_by, :destroy_by
|
189
201
|
check_query_arguments call.arglist
|
190
202
|
when :order, :group, :reorder
|
191
203
|
check_order_arguments call.arglist
|
@@ -199,7 +211,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
|
|
199
211
|
unsafe_sql? call.first_arg
|
200
212
|
when :sql
|
201
213
|
unsafe_sql? call.first_arg
|
202
|
-
when :update_all, :select
|
214
|
+
when :update_all, :select, :reselect
|
203
215
|
check_update_all_arguments call.args
|
204
216
|
when *@connection_calls
|
205
217
|
check_by_sql_arguments call.first_arg
|
@@ -572,13 +584,17 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
|
|
572
584
|
end
|
573
585
|
|
574
586
|
IGNORE_METHODS_IN_SQL = Set[:id, :merge_conditions, :table_name, :quoted_table_name,
|
575
|
-
:quoted_primary_key, :to_i, :to_f, :sanitize_sql, :sanitize_sql_array,
|
587
|
+
:quoted_primary_key, :to_i, :to_f, :sanitize_sql, :sanitize_sql_array, :sanitize_sql_like,
|
576
588
|
:sanitize_sql_for_assignment, :sanitize_sql_for_conditions, :sanitize_sql_hash,
|
577
589
|
:sanitize_sql_hash_for_assignment, :sanitize_sql_hash_for_conditions,
|
578
590
|
:to_sql, :sanitize, :primary_key, :table_name_prefix, :table_name_suffix,
|
579
591
|
:where_values_hash, :foreign_key, :uuid
|
580
592
|
]
|
581
593
|
|
594
|
+
def ignore_methods_in_sql
|
595
|
+
@ignore_methods_in_sql ||= IGNORE_METHODS_IN_SQL + (tracker.options[:sql_safe_methods] || [])
|
596
|
+
end
|
597
|
+
|
582
598
|
def safe_value? exp
|
583
599
|
return true unless sexp? exp
|
584
600
|
|
@@ -589,10 +605,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
|
|
589
605
|
if exp.method == :to_s or exp.method == :to_sym
|
590
606
|
safe_value? exp.target
|
591
607
|
else
|
592
|
-
|
593
|
-
quote_call? exp or
|
594
|
-
arel? exp or
|
595
|
-
exp.method.to_s.end_with? "_id"
|
608
|
+
ignore_call? exp
|
596
609
|
end
|
597
610
|
when :if
|
598
611
|
safe_value? exp.then_clause and safe_value? exp.else_clause
|
@@ -607,6 +620,17 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
|
|
607
620
|
end
|
608
621
|
end
|
609
622
|
|
623
|
+
def ignore_call? exp
|
624
|
+
return unless call? exp
|
625
|
+
|
626
|
+
ignore_methods_in_sql.include? exp.method or
|
627
|
+
quote_call? exp or
|
628
|
+
arel? exp or
|
629
|
+
exp.method.to_s.end_with? "_id" or
|
630
|
+
number_target? exp or
|
631
|
+
date_target? exp
|
632
|
+
end
|
633
|
+
|
610
634
|
QUOTE_METHODS = [:quote, :quote_column_name, :quoted_date, :quote_string, :quote_table_name]
|
611
635
|
|
612
636
|
def quote_call? exp
|
@@ -695,4 +719,30 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
|
|
695
719
|
active_record_models.include? klass
|
696
720
|
end
|
697
721
|
end
|
722
|
+
|
723
|
+
def number_target? exp
|
724
|
+
return unless call? exp
|
725
|
+
|
726
|
+
if number? exp.target
|
727
|
+
true
|
728
|
+
elsif call? exp.target
|
729
|
+
number_target? exp.target
|
730
|
+
else
|
731
|
+
false
|
732
|
+
end
|
733
|
+
end
|
734
|
+
|
735
|
+
DATE_CLASS = s(:const, :Date)
|
736
|
+
|
737
|
+
def date_target? exp
|
738
|
+
return unless call? exp
|
739
|
+
|
740
|
+
if exp.target == DATE_CLASS
|
741
|
+
true
|
742
|
+
elsif call? exp.target
|
743
|
+
date_target? exp.target
|
744
|
+
else
|
745
|
+
false
|
746
|
+
end
|
747
|
+
end
|
698
748
|
end
|
data/lib/brakeman/commandline.rb
CHANGED
@@ -126,7 +126,7 @@ module Brakeman
|
|
126
126
|
|
127
127
|
ensure_ignore_notes_failed = false
|
128
128
|
if tracker.options[:ensure_ignore_notes]
|
129
|
-
fingerprints = Brakeman::ignore_file_entries_with_empty_notes tracker.ignored_filter&.file
|
129
|
+
fingerprints = Brakeman::ignore_file_entries_with_empty_notes tracker.ignored_filter&.file, options
|
130
130
|
|
131
131
|
unless fingerprints.empty?
|
132
132
|
ensure_ignore_notes_failed = true
|
data/lib/brakeman/file_parser.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'parallel'
|
2
|
+
|
1
3
|
module Brakeman
|
2
4
|
ASTFile = Struct.new(:path, :ast)
|
3
5
|
|
@@ -5,29 +7,62 @@ module Brakeman
|
|
5
7
|
class FileParser
|
6
8
|
attr_reader :file_list, :errors
|
7
9
|
|
8
|
-
def initialize app_tree, timeout
|
10
|
+
def initialize app_tree, timeout, parallel = true
|
9
11
|
@app_tree = app_tree
|
10
12
|
@timeout = timeout
|
11
13
|
@file_list = []
|
12
14
|
@errors = []
|
15
|
+
@parallel = parallel
|
13
16
|
end
|
14
17
|
|
15
18
|
def parse_files list
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
+
if @parallel
|
20
|
+
parallel_options = {}
|
21
|
+
else
|
22
|
+
# Disable parallelism
|
23
|
+
parallel_options = { in_threads: 0 }
|
24
|
+
end
|
25
|
+
|
26
|
+
# Parse the files in parallel.
|
27
|
+
# By default, the parsing will be in separate processes.
|
28
|
+
# So we map the result to ASTFiles and/or Exceptions
|
29
|
+
# then partition them into ASTFiles and Exceptions
|
30
|
+
# and add the Exceptions to @errors
|
31
|
+
#
|
32
|
+
# Basically just a funky way to deal with two possible
|
33
|
+
# return types that are returned from isolated processes.
|
34
|
+
#
|
35
|
+
# Note this method no longer uses read_files
|
36
|
+
@file_list, new_errors = Parallel.map(list, parallel_options) do |file_name|
|
37
|
+
file_path = @app_tree.file_path(file_name)
|
38
|
+
contents = file_path.read
|
39
|
+
|
40
|
+
begin
|
41
|
+
if ast = parse_ruby(contents, file_path.relative)
|
42
|
+
ASTFile.new(file_name, ast)
|
43
|
+
end
|
44
|
+
rescue Exception => e
|
45
|
+
e
|
19
46
|
end
|
47
|
+
end.compact.partition do |result|
|
48
|
+
result.is_a? ASTFile
|
20
49
|
end
|
50
|
+
|
51
|
+
errors.concat new_errors
|
21
52
|
end
|
22
53
|
|
23
54
|
def read_files list
|
24
55
|
list.each do |path|
|
25
56
|
file = @app_tree.file_path(path)
|
26
57
|
|
27
|
-
|
58
|
+
begin
|
59
|
+
result = yield file, file.read
|
28
60
|
|
29
|
-
|
30
|
-
|
61
|
+
if result
|
62
|
+
@file_list << result
|
63
|
+
end
|
64
|
+
rescue Exception => e
|
65
|
+
@errors << e
|
31
66
|
end
|
32
67
|
end
|
33
68
|
end
|
@@ -42,17 +77,12 @@ module Brakeman
|
|
42
77
|
Brakeman.debug "Parsing #{path}"
|
43
78
|
RubyParser.new.parse input, path, @timeout
|
44
79
|
rescue Racc::ParseError => e
|
45
|
-
|
80
|
+
raise e.exception(e.message + "\nCould not parse #{path}")
|
46
81
|
rescue Timeout::Error => e
|
47
|
-
|
82
|
+
raise Exception.new("Parsing #{path} took too long (> #{@timeout} seconds). Try increasing the limit with --parser-timeout")
|
48
83
|
rescue => e
|
49
|
-
|
84
|
+
raise e.exception(e.message + "\nWhile processing #{path}")
|
50
85
|
end
|
51
86
|
end
|
52
|
-
|
53
|
-
def error exception
|
54
|
-
@errors << exception
|
55
|
-
nil
|
56
|
-
end
|
57
87
|
end
|
58
88
|
end
|