brakeman-min 0.5.1 → 0.5.2
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/brakeman +1 -0
- data/lib/processor.rb +1 -0
- data/lib/report.rb +27 -0
- data/lib/scanner.rb +9 -6
- data/lib/version.rb +1 -1
- data/lib/warning.rb +4 -2
- metadata +3 -3
data/bin/brakeman
CHANGED
@@ -288,6 +288,7 @@ if OPTIONS[:output_file]
|
|
288
288
|
File.open OPTIONS[:output_file], "w" do |f|
|
289
289
|
f.puts tracker.report.send(OPTIONS[:output_format])
|
290
290
|
end
|
291
|
+
warn "Report saved in '#{OPTIONS[:output_file]}'"
|
291
292
|
else
|
292
293
|
puts tracker.report.send(OPTIONS[:output_format])
|
293
294
|
end
|
data/lib/processor.rb
CHANGED
data/lib/report.rb
CHANGED
@@ -630,6 +630,8 @@ class Report
|
|
630
630
|
output << "</table></div>"
|
631
631
|
end
|
632
632
|
|
633
|
+
#Generated tab-separated output suitable for the Jenkins Brakeman Plugin:
|
634
|
+
#https://github.com/presidentbeef/brakeman-jenkins-plugin
|
633
635
|
def to_tabs
|
634
636
|
[[:warnings, "General"], [:controller_warnings, "Controller"],
|
635
637
|
[:model_warnings, "Model"], [:template_warnings, "Template"]].map do |meth, category|
|
@@ -643,6 +645,31 @@ class Report
|
|
643
645
|
end.join "\n"
|
644
646
|
end
|
645
647
|
|
648
|
+
def to_test
|
649
|
+
report = { :errors => tracker.errors,
|
650
|
+
:controllers => tracker.controllers,
|
651
|
+
:models => tracker.models,
|
652
|
+
:templates => tracker.templates
|
653
|
+
}
|
654
|
+
|
655
|
+
[:warnings, :controller_warnings, :model_warnings, :template_warnings].each do |meth|
|
656
|
+
report[meth] = @checks.send(meth)
|
657
|
+
report[meth].each do |w|
|
658
|
+
w.message = w.format_message
|
659
|
+
if w.code
|
660
|
+
w.code = w.format_code
|
661
|
+
else
|
662
|
+
w.code = ""
|
663
|
+
end
|
664
|
+
w.context = context_for(w).join("\n")
|
665
|
+
w.file = file_for w
|
666
|
+
end
|
667
|
+
end
|
668
|
+
|
669
|
+
report
|
670
|
+
end
|
671
|
+
|
672
|
+
#Loads Ruport library if available. Otherwise, alert user.
|
646
673
|
def load_ruport
|
647
674
|
require 'ruport'
|
648
675
|
rescue LoadError => e
|
data/lib/scanner.rb
CHANGED
@@ -11,6 +11,7 @@ end
|
|
11
11
|
|
12
12
|
#Scans the Rails application.
|
13
13
|
class Scanner
|
14
|
+
RUBY_1_9 = !!(RUBY_VERSION =~ /^1\.9/)
|
14
15
|
|
15
16
|
#Pass in path to the root of the Rails application
|
16
17
|
def initialize path
|
@@ -136,6 +137,7 @@ class Scanner
|
|
136
137
|
type = f.match(/.*\.(erb|haml|rhtml)$/)[1].to_sym
|
137
138
|
type = :erb if type == :rhtml
|
138
139
|
name = template_path_to_name f
|
140
|
+
text = File.read f
|
139
141
|
|
140
142
|
begin
|
141
143
|
if type == :erb
|
@@ -143,22 +145,23 @@ class Scanner
|
|
143
145
|
initialize_erubis unless @initialized_erubis
|
144
146
|
type = :erubis
|
145
147
|
if OPTIONS[:rails3]
|
146
|
-
src = RailsXSSErubis.new(
|
148
|
+
src = RailsXSSErubis.new(text).src
|
147
149
|
else
|
148
|
-
src = ErubisEscape.new(
|
150
|
+
src = ErubisEscape.new(text).src
|
149
151
|
end
|
150
152
|
elsif tracker.config[:erubis]
|
151
153
|
initialize_erubis unless @initialized_erubis
|
152
|
-
src = ScannerErubis.new(
|
154
|
+
src = ScannerErubis.new(text).src
|
153
155
|
type = :erubis
|
154
|
-
src = ScannerErubis.new(
|
156
|
+
src = ScannerErubis.new(text).src
|
155
157
|
else
|
156
|
-
src = ERB.new(
|
158
|
+
src = ERB.new(text, nil, "-").src
|
159
|
+
src.sub!(/^#.*\n/, '') if RUBY_1_9
|
157
160
|
end
|
158
161
|
parsed = RubyParser.new.parse src
|
159
162
|
elsif type == :haml
|
160
163
|
initialize_haml unless @initialized_haml
|
161
|
-
src = Haml::Engine.new(
|
164
|
+
src = Haml::Engine.new(text,
|
162
165
|
:escape_html => !!tracker.config[:escape_html]).precompiled
|
163
166
|
parsed = RubyParser.new.parse src
|
164
167
|
else
|
data/lib/version.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
Version = "0.5.
|
1
|
+
Version = "0.5.2"
|
data/lib/warning.rb
CHANGED
@@ -1,7 +1,9 @@
|
|
1
1
|
#The Warning class stores information about warnings
|
2
2
|
class Warning
|
3
|
-
attr_reader :called_from, :check, :class, :
|
4
|
-
:
|
3
|
+
attr_reader :called_from, :check, :class, :confidence, :controller,
|
4
|
+
:line, :method, :model, :template, :warning_set, :warning_type
|
5
|
+
|
6
|
+
attr_accessor :code, :context, :file, :message
|
5
7
|
|
6
8
|
#+options[:result]+ can be a result Sexp from FindCall. Otherwise, it can be +nil+.
|
7
9
|
def initialize options = {}
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 5
|
8
|
-
-
|
9
|
-
version: 0.5.
|
8
|
+
- 2
|
9
|
+
version: 0.5.2
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Justin Collins
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2011-06-
|
17
|
+
date: 2011-06-29 00:00:00 -07:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|