brakeman-lib 4.9.1 → 4.10.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +4 -0
  3. data/lib/brakeman.rb +4 -0
  4. data/lib/brakeman/options.rb +1 -1
  5. data/lib/brakeman/report.rb +7 -0
  6. data/lib/brakeman/report/report_sarif.rb +114 -0
  7. data/lib/brakeman/version.rb +1 -1
  8. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f4533db1d64281404ef6fa22a1b23e8ed35bcb2657aac30585fb38ef44f46ec6
4
- data.tar.gz: b4d0b3c6c37cd04bd06f368fcd678c52da8809f998a2c5f8127363505022f529
3
+ metadata.gz: 0b264d50410107be24af470596fa3b5511eb8f174707f571f9884a6aea932d87
4
+ data.tar.gz: 4a8ab18c5e077e4b192ea52db29b52c7dd6006f66163862f0d4b1fd9973ba366
5
5
  SHA512:
6
- metadata.gz: bac4dc339c777b879c7ec5e372dd3423c1300802561ad2d6be12ec38185785a93f88c5966d7276d5179f142861ea291c16c772052a07fd6969db6790f788ec72
7
- data.tar.gz: 602fbe26d2880cc2f5443b7ce555d1f3411dc59902b9b68d87cf35813aa80d3704b685778222f14aa97509247d9be95d80c71ffd649755848618682877a3ab38
6
+ metadata.gz: 524c94b3b25e13273dea5707e315fde68fe5ad984433e3c0a11674bc7baf1c133a9e4becc528fabb092536ba9b5d02f05714dd10dd32014067cff8e301c37096
7
+ data.tar.gz: 349db7828699760d574a0534f21361eee617454647033f27ed7440e16a9ef38b7807f76b62fbd62fd1746d024c70a557f3d3fa5970cc390f3e92eaf3ca004f0c
data/CHANGES.md CHANGED
@@ -1,3 +1,7 @@
1
+ # 4.10.0 - 2020-09-28
2
+
3
+ * Add SARIF report format (Steve Winton)
4
+
1
5
  # 4.9.1 - 2020-09-04
2
6
 
3
7
  * Check `chomp`ed strings for SQL injection
data/lib/brakeman.rb CHANGED
@@ -237,6 +237,8 @@ module Brakeman
237
237
  [:to_table]
238
238
  when :junit, :to_junit
239
239
  [:to_junit]
240
+ when :sarif, :to_sarif
241
+ [:to_sarif]
240
242
  else
241
243
  [:to_text]
242
244
  end
@@ -266,6 +268,8 @@ module Brakeman
266
268
  :to_table
267
269
  when /\.junit$/i
268
270
  :to_junit
271
+ when /\.sarif$/i
272
+ :to_sarif
269
273
  else
270
274
  :to_text
271
275
  end
data/lib/brakeman/options.rb CHANGED
@@ -229,7 +229,7 @@ module Brakeman::Options
229
229
 
230
230
  opts.on "-f",
231
231
  "--format TYPE",
232
- [:pdf, :text, :html, :csv, :tabs, :json, :markdown, :codeclimate, :cc, :plain, :table, :junit],
232
+ [:pdf, :text, :html, :csv, :tabs, :json, :markdown, :codeclimate, :cc, :plain, :table, :junit, :sarif],
233
233
  "Specify output formats. Default is text" do |type|
234
234
 
235
235
  type = "s" if type == :text
data/lib/brakeman/report.rb CHANGED
@@ -43,6 +43,8 @@ class Brakeman::Report
43
43
  when :to_junit
44
44
  require_report 'junit'
45
45
  Brakeman::Report::JUnit
46
+ when :to_sarif
47
+ return self.to_sarif
46
48
  else
47
49
  raise "Invalid format: #{format}. Should be one of #{VALID_FORMATS.inspect}"
48
50
  end
@@ -85,6 +87,11 @@ class Brakeman::Report
85
87
  alias to_plain to_text
86
88
  alias to_s to_text
87
89
 
90
+ def to_sarif
91
+ require_report 'sarif'
92
+ generate Brakeman::Report::SARIF
93
+ end
94
+
88
95
  def generate reporter
89
96
  reporter.new(@tracker).generate_report
90
97
  end
data/lib/brakeman/report/report_sarif.rb ADDED
@@ -0,0 +1,114 @@
1
+ class Brakeman::Report::SARIF < Brakeman::Report::Base
2
+ def generate_report
3
+ sarif_log = {
4
+ :version => '2.1.0',
5
+ :$schema => 'https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json',
6
+ :runs => runs,
7
+ }
8
+ JSON.pretty_generate sarif_log
9
+ end
10
+
11
+ def runs
12
+ [
13
+ {
14
+ :tool => {
15
+ :driver => {
16
+ :name => 'Brakeman',
17
+ :informationUri => 'https://brakemanscanner.org',
18
+ :semanticVersion => Brakeman::Version,
19
+ :rules => rules,
20
+ },
21
+ },
22
+ :results => results,
23
+ },
24
+ ]
25
+ end
26
+
27
+ def rules
28
+ @rules ||= unique_warnings_by_warning_code.map do |warning|
29
+ rule_id = render_id warning
30
+ check_name = warning.check.gsub(/^Brakeman::Check/, '')
31
+ check_description = render_message check_descriptions[check_name]
32
+ {
33
+ :id => rule_id,
34
+ :name => "#{check_name}/#{warning.warning_type}",
35
+ :fullDescription => {
36
+ :text => check_description,
37
+ },
38
+ :helpUri => warning.link,
39
+ :help => {
40
+ :text => "More info: #{warning.link}.",
41
+ :markdown => "[More info](#{warning.link}).",
42
+ },
43
+ :properties => {
44
+ :tags => [check_name],
45
+ },
46
+ }
47
+ end
48
+ end
49
+
50
+ def results
51
+ @results ||= all_warnings.map do |warning|
52
+ rule_id = render_id warning
53
+ result_level = infer_level warning
54
+ message_text = render_message warning.message.to_s
55
+ result = {
56
+ :ruleId => rule_id,
57
+ :ruleIndex => rules.index { |r| r[:id] == rule_id },
58
+ :level => result_level,
59
+ :message => {
60
+ :text => message_text,
61
+ },
62
+ :locations => [
63
+ :physicalLocation => {
64
+ :artifactLocation => {
65
+ :uri => warning.file.relative,
66
+ :uriBaseId => '%SRCROOT%',
67
+ },
68
+ :region => {
69
+ :startLine => warning.line.is_a?(Integer) ? warning.line : 1,
70
+ },
71
+ },
72
+ ],
73
+ }
74
+
75
+ result
76
+ end
77
+ end
78
+
79
+ # Returns a hash of all check descriptions, keyed by check namne
80
+ def check_descriptions
81
+ @check_descriptions ||= Brakeman::Checks.checks.map do |check|
82
+ [check.name.gsub(/^Check/, ''), check.description]
83
+ end.to_h
84
+ end
85
+
86
+ # Returns a de-duplicated set of warnings, used to generate rules
87
+ def unique_warnings_by_warning_code
88
+ @unique_warnings_by_warning_code ||= all_warnings.uniq { |w| w.warning_code }
89
+ end
90
+
91
+ def render_id warning
92
+ # Include alpha prefix to provide 'compiler error' appearance
93
+ "BRAKE#{'%04d' % warning.warning_code}" # 46 becomes BRAKE0046, for example
94
+ end
95
+
96
+ def render_message message
97
+ # Ensure message ends with a period
98
+ if message.end_with? "."
99
+ message
100
+ else
101
+ "#{message}."
102
+ end
103
+ end
104
+
105
+ def infer_level warning
106
+ # Infer result level from warning confidence
107
+ @@levels_from_confidence ||= Hash.new('warning').update({
108
+ 0 => 'error', # 0 represents 'high confidence', which we infer as 'error'
109
+ 1 => 'warning', # 1 represents 'medium confidence' which we infer as 'warning'
110
+ 2 => 'note', # 2 represents 'weak, or low, confidence', which we infer as 'note'
111
+ })
112
+ @@levels_from_confidence[warning.confidence]
113
+ end
114
+ end
data/lib/brakeman/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "4.9.1"
2
+ Version = "4.10.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman-lib
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.9.1
4
+ version: 4.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-09-04 00:00:00.000000000 Z
11
+ date: 2020-09-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest
@@ -184,14 +184,14 @@ dependencies:
184
184
  requirements:
185
185
  - - "~>"
186
186
  - !ruby/object:Gem::Version
187
- version: '5.1'
187
+ version: 5.1.0
188
188
  type: :runtime
189
189
  prerelease: false
190
190
  version_requirements: !ruby/object:Gem::Requirement
191
191
  requirements:
192
192
  - - "~>"
193
193
  - !ruby/object:Gem::Version
194
- version: '5.1'
194
+ version: 5.1.0
195
195
  - !ruby/object:Gem::Dependency
196
196
  name: slim
197
197
  requirement: !ruby/object:Gem::Requirement
@@ -368,6 +368,7 @@ files:
368
368
  - lib/brakeman/report/report_json.rb
369
369
  - lib/brakeman/report/report_junit.rb
370
370
  - lib/brakeman/report/report_markdown.rb
371
+ - lib/brakeman/report/report_sarif.rb
371
372
  - lib/brakeman/report/report_table.rb
372
373
  - lib/brakeman/report/report_tabs.rb
373
374
  - lib/brakeman/report/report_text.rb