brakeman-min 4.9.1 → 4.10.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +4 -0
  3. data/lib/brakeman.rb +4 -0
  4. data/lib/brakeman/options.rb +1 -1
  5. data/lib/brakeman/report.rb +7 -0
  6. data/lib/brakeman/report/report_sarif.rb +114 -0
  7. data/lib/brakeman/version.rb +1 -1
  8. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b0fcf3c3ee13f623d43462b52e575c0d89670f9efd97029f024e1dd4428ecdad
4
- data.tar.gz: 28ffc613573a1be76a17daa9d47b97fe82c83efb85beeb475543f536f5f16dd9
3
+ metadata.gz: 7bfea3fcc26490216cb839ad7e23f3db30312439b996719bc36e446d81ee6c21
4
+ data.tar.gz: 0ec67a45a20be3d85c28ebf4250abf4528fc30e661c9bd4bd149ce024b0b8e81
5
5
  SHA512:
6
- metadata.gz: 9ae9718ffe7c7d062a0de46bd3bc1505c2c626fbfaede605505cad16ffaf89a8c50bc9e134d27f63d5450ce286c8c4aca67b26c8265dc730a83fa0b423cef6cf
7
- data.tar.gz: fe49548d88cc579e7a8c540655bcde6107a51015a812440cb385d024e301932e52155f28ec12efa4078305b34b7e7ff21487c102b54cc17d718b715b37c49b17
6
+ metadata.gz: a356ae3757074a222d1b8044e228b6d0848942bffbe7bbcf84bd08bd1793767c66e8e71d93bea0053281efeda5aabcca968482d7dde65f7490fe6091e5857e8c
7
+ data.tar.gz: d233b34ddf6c0d85b0f44fb32b02e782750b0dc50bc476606719777f73ecaf7c49639114947942cbac9ef9c1ba671a874584b651fc06162482296279aa118aef
data/CHANGES.md CHANGED
@@ -1,3 +1,7 @@
1
+ # 4.10.0 - 2020-09-28
2
+
3
+ * Add SARIF report format (Steve Winton)
4
+
1
5
  # 4.9.1 - 2020-09-04
2
6
 
3
7
  * Check `chomp`ed strings for SQL injection
data/lib/brakeman.rb CHANGED
@@ -237,6 +237,8 @@ module Brakeman
237
237
  [:to_table]
238
238
  when :junit, :to_junit
239
239
  [:to_junit]
240
+ when :sarif, :to_sarif
241
+ [:to_sarif]
240
242
  else
241
243
  [:to_text]
242
244
  end
@@ -266,6 +268,8 @@ module Brakeman
266
268
  :to_table
267
269
  when /\.junit$/i
268
270
  :to_junit
271
+ when /\.sarif$/i
272
+ :to_sarif
269
273
  else
270
274
  :to_text
271
275
  end
data/lib/brakeman/options.rb CHANGED
@@ -229,7 +229,7 @@ module Brakeman::Options
229
229
 
230
230
  opts.on "-f",
231
231
  "--format TYPE",
232
- [:pdf, :text, :html, :csv, :tabs, :json, :markdown, :codeclimate, :cc, :plain, :table, :junit],
232
+ [:pdf, :text, :html, :csv, :tabs, :json, :markdown, :codeclimate, :cc, :plain, :table, :junit, :sarif],
233
233
  "Specify output formats. Default is text" do |type|
234
234
 
235
235
  type = "s" if type == :text
data/lib/brakeman/report.rb CHANGED
@@ -43,6 +43,8 @@ class Brakeman::Report
43
43
  when :to_junit
44
44
  require_report 'junit'
45
45
  Brakeman::Report::JUnit
46
+ when :to_sarif
47
+ return self.to_sarif
46
48
  else
47
49
  raise "Invalid format: #{format}. Should be one of #{VALID_FORMATS.inspect}"
48
50
  end
@@ -85,6 +87,11 @@ class Brakeman::Report
85
87
  alias to_plain to_text
86
88
  alias to_s to_text
87
89
 
90
+ def to_sarif
91
+ require_report 'sarif'
92
+ generate Brakeman::Report::SARIF
93
+ end
94
+
88
95
  def generate reporter
89
96
  reporter.new(@tracker).generate_report
90
97
  end
data/lib/brakeman/report/report_sarif.rb ADDED
@@ -0,0 +1,114 @@
1
+ class Brakeman::Report::SARIF < Brakeman::Report::Base
2
+ def generate_report
3
+ sarif_log = {
4
+ :version => '2.1.0',
5
+ :$schema => 'https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json',
6
+ :runs => runs,
7
+ }
8
+ JSON.pretty_generate sarif_log
9
+ end
10
+
11
+ def runs
12
+ [
13
+ {
14
+ :tool => {
15
+ :driver => {
16
+ :name => 'Brakeman',
17
+ :informationUri => 'https://brakemanscanner.org',
18
+ :semanticVersion => Brakeman::Version,
19
+ :rules => rules,
20
+ },
21
+ },
22
+ :results => results,
23
+ },
24
+ ]
25
+ end
26
+
27
+ def rules
28
+ @rules ||= unique_warnings_by_warning_code.map do |warning|
29
+ rule_id = render_id warning
30
+ check_name = warning.check.gsub(/^Brakeman::Check/, '')
31
+ check_description = render_message check_descriptions[check_name]
32
+ {
33
+ :id => rule_id,
34
+ :name => "#{check_name}/#{warning.warning_type}",
35
+ :fullDescription => {
36
+ :text => check_description,
37
+ },
38
+ :helpUri => warning.link,
39
+ :help => {
40
+ :text => "More info: #{warning.link}.",
41
+ :markdown => "[More info](#{warning.link}).",
42
+ },
43
+ :properties => {
44
+ :tags => [check_name],
45
+ },
46
+ }
47
+ end
48
+ end
49
+
50
+ def results
51
+ @results ||= all_warnings.map do |warning|
52
+ rule_id = render_id warning
53
+ result_level = infer_level warning
54
+ message_text = render_message warning.message.to_s
55
+ result = {
56
+ :ruleId => rule_id,
57
+ :ruleIndex => rules.index { |r| r[:id] == rule_id },
58
+ :level => result_level,
59
+ :message => {
60
+ :text => message_text,
61
+ },
62
+ :locations => [
63
+ :physicalLocation => {
64
+ :artifactLocation => {
65
+ :uri => warning.file.relative,
66
+ :uriBaseId => '%SRCROOT%',
67
+ },
68
+ :region => {
69
+ :startLine => warning.line.is_a?(Integer) ? warning.line : 1,
70
+ },
71
+ },
72
+ ],
73
+ }
74
+
75
+ result
76
+ end
77
+ end
78
+
79
+ # Returns a hash of all check descriptions, keyed by check namne
80
+ def check_descriptions
81
+ @check_descriptions ||= Brakeman::Checks.checks.map do |check|
82
+ [check.name.gsub(/^Check/, ''), check.description]
83
+ end.to_h
84
+ end
85
+
86
+ # Returns a de-duplicated set of warnings, used to generate rules
87
+ def unique_warnings_by_warning_code
88
+ @unique_warnings_by_warning_code ||= all_warnings.uniq { |w| w.warning_code }
89
+ end
90
+
91
+ def render_id warning
92
+ # Include alpha prefix to provide 'compiler error' appearance
93
+ "BRAKE#{'%04d' % warning.warning_code}" # 46 becomes BRAKE0046, for example
94
+ end
95
+
96
+ def render_message message
97
+ # Ensure message ends with a period
98
+ if message.end_with? "."
99
+ message
100
+ else
101
+ "#{message}."
102
+ end
103
+ end
104
+
105
+ def infer_level warning
106
+ # Infer result level from warning confidence
107
+ @@levels_from_confidence ||= Hash.new('warning').update({
108
+ 0 => 'error', # 0 represents 'high confidence', which we infer as 'error'
109
+ 1 => 'warning', # 1 represents 'medium confidence' which we infer as 'warning'
110
+ 2 => 'note', # 2 represents 'weak, or low, confidence', which we infer as 'note'
111
+ })
112
+ @@levels_from_confidence[warning.confidence]
113
+ end
114
+ end
data/lib/brakeman/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "4.9.1"
2
+ Version = "4.10.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman-min
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.9.1
4
+ version: 4.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-09-04 00:00:00.000000000 Z
11
+ date: 2020-09-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest
@@ -292,6 +292,7 @@ files:
292
292
  - lib/brakeman/report/report_json.rb
293
293
  - lib/brakeman/report/report_junit.rb
294
294
  - lib/brakeman/report/report_markdown.rb
295
+ - lib/brakeman/report/report_sarif.rb
295
296
  - lib/brakeman/report/report_table.rb
296
297
  - lib/brakeman/report/report_tabs.rb
297
298
  - lib/brakeman/report/report_text.rb