brakeman-min 0.5.1 → 0.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/brakeman +1 -0
- data/lib/processor.rb +1 -0
- data/lib/report.rb +27 -0
- data/lib/scanner.rb +9 -6
- data/lib/version.rb +1 -1
- data/lib/warning.rb +4 -2
- metadata +3 -3
data/bin/brakeman
CHANGED
|
@@ -288,6 +288,7 @@ if OPTIONS[:output_file]
|
|
|
288
288
|
File.open OPTIONS[:output_file], "w" do |f|
|
|
289
289
|
f.puts tracker.report.send(OPTIONS[:output_format])
|
|
290
290
|
end
|
|
291
|
+
warn "Report saved in '#{OPTIONS[:output_file]}'"
|
|
291
292
|
else
|
|
292
293
|
puts tracker.report.send(OPTIONS[:output_format])
|
|
293
294
|
end
|
data/lib/processor.rb
CHANGED
data/lib/report.rb
CHANGED
|
@@ -630,6 +630,8 @@ class Report
|
|
|
630
630
|
output << "</table></div>"
|
|
631
631
|
end
|
|
632
632
|
|
|
633
|
+
#Generated tab-separated output suitable for the Jenkins Brakeman Plugin:
|
|
634
|
+
#https://github.com/presidentbeef/brakeman-jenkins-plugin
|
|
633
635
|
def to_tabs
|
|
634
636
|
[[:warnings, "General"], [:controller_warnings, "Controller"],
|
|
635
637
|
[:model_warnings, "Model"], [:template_warnings, "Template"]].map do |meth, category|
|
|
@@ -643,6 +645,31 @@ class Report
|
|
|
643
645
|
end.join "\n"
|
|
644
646
|
end
|
|
645
647
|
|
|
648
|
+
def to_test
|
|
649
|
+
report = { :errors => tracker.errors,
|
|
650
|
+
:controllers => tracker.controllers,
|
|
651
|
+
:models => tracker.models,
|
|
652
|
+
:templates => tracker.templates
|
|
653
|
+
}
|
|
654
|
+
|
|
655
|
+
[:warnings, :controller_warnings, :model_warnings, :template_warnings].each do |meth|
|
|
656
|
+
report[meth] = @checks.send(meth)
|
|
657
|
+
report[meth].each do |w|
|
|
658
|
+
w.message = w.format_message
|
|
659
|
+
if w.code
|
|
660
|
+
w.code = w.format_code
|
|
661
|
+
else
|
|
662
|
+
w.code = ""
|
|
663
|
+
end
|
|
664
|
+
w.context = context_for(w).join("\n")
|
|
665
|
+
w.file = file_for w
|
|
666
|
+
end
|
|
667
|
+
end
|
|
668
|
+
|
|
669
|
+
report
|
|
670
|
+
end
|
|
671
|
+
|
|
672
|
+
#Loads Ruport library if available. Otherwise, alert user.
|
|
646
673
|
def load_ruport
|
|
647
674
|
require 'ruport'
|
|
648
675
|
rescue LoadError => e
|
data/lib/scanner.rb
CHANGED
|
@@ -11,6 +11,7 @@ end
|
|
|
11
11
|
|
|
12
12
|
#Scans the Rails application.
|
|
13
13
|
class Scanner
|
|
14
|
+
RUBY_1_9 = !!(RUBY_VERSION =~ /^1\.9/)
|
|
14
15
|
|
|
15
16
|
#Pass in path to the root of the Rails application
|
|
16
17
|
def initialize path
|
|
@@ -136,6 +137,7 @@ class Scanner
|
|
|
136
137
|
type = f.match(/.*\.(erb|haml|rhtml)$/)[1].to_sym
|
|
137
138
|
type = :erb if type == :rhtml
|
|
138
139
|
name = template_path_to_name f
|
|
140
|
+
text = File.read f
|
|
139
141
|
|
|
140
142
|
begin
|
|
141
143
|
if type == :erb
|
|
@@ -143,22 +145,23 @@ class Scanner
|
|
|
143
145
|
initialize_erubis unless @initialized_erubis
|
|
144
146
|
type = :erubis
|
|
145
147
|
if OPTIONS[:rails3]
|
|
146
|
-
src = RailsXSSErubis.new(
|
|
148
|
+
src = RailsXSSErubis.new(text).src
|
|
147
149
|
else
|
|
148
|
-
src = ErubisEscape.new(
|
|
150
|
+
src = ErubisEscape.new(text).src
|
|
149
151
|
end
|
|
150
152
|
elsif tracker.config[:erubis]
|
|
151
153
|
initialize_erubis unless @initialized_erubis
|
|
152
|
-
src = ScannerErubis.new(
|
|
154
|
+
src = ScannerErubis.new(text).src
|
|
153
155
|
type = :erubis
|
|
154
|
-
src = ScannerErubis.new(
|
|
156
|
+
src = ScannerErubis.new(text).src
|
|
155
157
|
else
|
|
156
|
-
src = ERB.new(
|
|
158
|
+
src = ERB.new(text, nil, "-").src
|
|
159
|
+
src.sub!(/^#.*\n/, '') if RUBY_1_9
|
|
157
160
|
end
|
|
158
161
|
parsed = RubyParser.new.parse src
|
|
159
162
|
elsif type == :haml
|
|
160
163
|
initialize_haml unless @initialized_haml
|
|
161
|
-
src = Haml::Engine.new(
|
|
164
|
+
src = Haml::Engine.new(text,
|
|
162
165
|
:escape_html => !!tracker.config[:escape_html]).precompiled
|
|
163
166
|
parsed = RubyParser.new.parse src
|
|
164
167
|
else
|
data/lib/version.rb
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Version = "0.5.
|
|
1
|
+
Version = "0.5.2"
|
data/lib/warning.rb
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
#The Warning class stores information about warnings
|
|
2
2
|
class Warning
|
|
3
|
-
attr_reader :called_from, :check, :class, :
|
|
4
|
-
:
|
|
3
|
+
attr_reader :called_from, :check, :class, :confidence, :controller,
|
|
4
|
+
:line, :method, :model, :template, :warning_set, :warning_type
|
|
5
|
+
|
|
6
|
+
attr_accessor :code, :context, :file, :message
|
|
5
7
|
|
|
6
8
|
#+options[:result]+ can be a result Sexp from FindCall. Otherwise, it can be +nil+.
|
|
7
9
|
def initialize options = {}
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
7
|
- 5
|
|
8
|
-
-
|
|
9
|
-
version: 0.5.
|
|
8
|
+
- 2
|
|
9
|
+
version: 0.5.2
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Justin Collins
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2011-06-
|
|
17
|
+
date: 2011-06-29 00:00:00 -07:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|