brakeman 0.0.2

data/lib/warning.rb

@@ -0,0 +1,97 @@
+#The Warning class stores information about warnings
+class Warning
+  attr_reader :called_from, :check, :class, :code, :confidence, :controller, :file, :line,
+    :message, :method, :model, :template, :warning_set, :warning_type
+
+  #+options[:result]+ can be a result Sexp from FindCall. Otherwise, it can be +nil+.
+  def initialize options = {}
+    @view_name = nil
+
+    [:called_from, :check, :class, :code, :confidence, :controller, :file, :line,
+      :message, :method, :model, :template, :warning_set, :warning_type].each do |option|
+
+      self.instance_variable_set("@#{option}", options[option])
+    end
+
+    result = options[:result]
+    if result
+      if result.length == 3 #template result
+        @template ||= result[1]
+        @code ||= result[2]
+      else
+        @class ||= result[1]
+        @method ||= result[2]
+        @code ||= result[3]
+      end
+    end
+
+    if @code and not @line and @code.respond_to? :line
+      @line = @code.line
+    end
+
+    unless @warning_set
+      if self.model
+        @warning_set = :model
+      elsif self.template
+        @warning_set = :template
+        @called_from = self.template[:caller]
+      elsif self.controller
+        @warning_set = :controller
+      else
+        @warning_set = :warning
+      end
+    end
+  end
+
+  #Returns name of a view, including where it was rendered from
+  def view_name
+    return @view_name if @view_name
+    if called_from
+      @view_name = "#{template[:name]} (#{called_from})"
+    else
+      @view_name = template[:name]
+    end
+  end
+
+  #Return String of the code output from the OutputProcessor and
+  #stripped of newlines
+  def format_code
+    OutputProcessor.new.format(self.code).gsub(/(\r|\n)+/, " ")
+  end
+
+  #Return formatted warning message
+  def format_message
+    message = self.message
+
+    if self.line
+      message << " near line #{self.line}"
+    end
+
+    if self.code
+      message << ": #{format_code}"
+    end
+
+    message
+  end
+
+  #Generates a hash suitable for inserting into a Ruport table
+  def to_row type = :warning
+    row = { "Confidence" => self.confidence,
+      "Warning Type" => self.warning_type.to_s,
+      "Message" => self.format_message }
+
+    case type
+    when :template
+      row["Template"] = self.view_name.to_s
+    when :model
+      row["Model"] = self.model.to_s
+    when :controller
+      row["Controller"] = self.controller.to_s
+    when :warning
+      row["Class"] = self.class.to_s
+      row["Method"] = self.method.to_s
+    end
+
+    row
+  end
+end

metadata

@@ -0,0 +1,191 @@
+--- !ruby/object:Gem::Specification 
+name: brakeman
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 2
+  version: 0.0.2
+platform: ruby
+authors: 
+- Justin Collins
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-08-27 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: activesupport
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 2
+        - 2
+        - 2
+        version: 2.2.2
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: ruby2ruby
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 23
+        segments: 
+        - 1
+        - 2
+        - 4
+        version: 1.2.4
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: ruport
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 9
+        segments: 
+        - 1
+        - 6
+        - 3
+        version: 1.6.3
+  type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: erubis
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 29
+        segments: 
+        - 2
+        - 6
+        - 5
+        version: 2.6.5
+  type: :runtime
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: haml
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 31
+        segments: 
+        - 3
+        - 0
+        - 12
+        version: 3.0.12
+  type: :runtime
+  version_requirements: *id005
+description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
+email: 
+executables: 
+- brakeman
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- bin/brakeman
+- WARNING_TYPES
+- FEATURES
+- README.md
+- lib/report.rb
+- lib/processor.rb
+- lib/tracker.rb
+- lib/processors/controller_processor.rb
+- lib/processors/route_processor.rb
+- lib/processors/alias_processor.rb
+- lib/processors/library_processor.rb
+- lib/processors/params_processor.rb
+- lib/processors/lib/render_helper.rb
+- lib/processors/lib/find_call.rb
+- lib/processors/lib/find_model_call.rb
+- lib/processors/lib/processor_helper.rb
+- lib/processors/erubis_template_processor.rb
+- lib/processors/template_alias_processor.rb
+- lib/processors/erb_template_processor.rb
+- lib/processors/controller_alias_processor.rb
+- lib/processors/config_processor.rb
+- lib/processors/output_processor.rb
+- lib/processors/base_processor.rb
+- lib/processors/haml_template_processor.rb
+- lib/processors/template_processor.rb
+- lib/processors/model_processor.rb
+- lib/warning.rb
+- lib/checks/check_evaluation.rb
+- lib/checks/check_session_settings.rb
+- lib/checks/check_cross_site_scripting.rb
+- lib/checks/check_send_file.rb
+- lib/checks/check_mass_assignment.rb
+- lib/checks/check_default_routes.rb
+- lib/checks/check_model_attributes.rb
+- lib/checks/check_file_access.rb
+- lib/checks/check_render.rb
+- lib/checks/check_forgery_setting.rb
+- lib/checks/base_check.rb
+- lib/checks/check_redirect.rb
+- lib/checks/check_validation_regex.rb
+- lib/checks/check_sql.rb
+- lib/checks/check_execute.rb
+- lib/util.rb
+- lib/checks.rb
+- lib/scanner.rb
+- lib/format/style.css
+has_rdoc: true
+homepage: http://github.com/presidentbeef/brakeman
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Security vulnerability scanner for Ruby on Rails.
+test_files: []
+