brakeman 2.5.0 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. checksums.yaml +8 -8
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/CHANGES +14 -0
  5. data/README.md +6 -28
  6. data/lib/brakeman/checks/base_check.rb +5 -4
  7. data/lib/brakeman/checks/check_basic_auth.rb +1 -2
  8. data/lib/brakeman/checks/check_default_routes.rb +65 -15
  9. data/lib/brakeman/checks/check_detailed_exceptions.rb +5 -4
  10. data/lib/brakeman/checks/check_filter_skipping.rb +1 -1
  11. data/lib/brakeman/checks/check_forgery_setting.rb +9 -9
  12. data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -1
  13. data/lib/brakeman/checks/check_model_attributes.rb +3 -3
  14. data/lib/brakeman/checks/check_model_serialize.rb +1 -1
  15. data/lib/brakeman/checks/check_redirect.rb +27 -6
  16. data/lib/brakeman/checks/check_render.rb +2 -2
  17. data/lib/brakeman/checks/check_skip_before_filter.rb +2 -2
  18. data/lib/brakeman/checks/check_sql.rb +2 -1
  19. data/lib/brakeman/file_parser.rb +49 -0
  20. data/lib/brakeman/options.rb +1 -1
  21. data/lib/brakeman/parsers/template_parser.rb +88 -0
  22. data/lib/brakeman/processors/alias_processor.rb +25 -2
  23. data/lib/brakeman/processors/controller_alias_processor.rb +3 -3
  24. data/lib/brakeman/processors/controller_processor.rb +106 -54
  25. data/lib/brakeman/processors/lib/rails3_route_processor.rb +27 -12
  26. data/lib/brakeman/processors/lib/route_helper.rb +1 -1
  27. data/lib/brakeman/processors/library_processor.rb +37 -28
  28. data/lib/brakeman/processors/model_processor.rb +117 -34
  29. data/lib/brakeman/report/report_base.rb +1 -1
  30. data/lib/brakeman/rescanner.rb +84 -35
  31. data/lib/brakeman/scanner.rb +84 -148
  32. data/lib/brakeman/tracker.rb +32 -12
  33. data/lib/brakeman/util.rb +13 -4
  34. data/lib/brakeman/version.rb +1 -1
  35. data/lib/brakeman/warning_codes.rb +2 -1
  36. metadata +6 -4
  37. metadata.gz.sig +0 -0
@@ -5,7 +5,8 @@ require 'brakeman/differ'
5
5
 
6
6
  #Class for rescanning changed files after an initial scan
7
7
  class Brakeman::Rescanner < Brakeman::Scanner
8
-
8
+ include Brakeman::Util
9
+ KNOWN_TEMPLATE_EXTENSIONS = Brakeman::TemplateParser::KNOWN_TEMPLATE_EXTENSIONS
9
10
  SCAN_ORDER = [:config, :gemfile, :initializer, :lib, :routes, :template,
10
11
  :model, :controller]
11
12
 
@@ -74,10 +75,8 @@ class Brakeman::Rescanner < Brakeman::Scanner
74
75
  case type
75
76
  when :controller
76
77
  rescan_controller path
77
- @reindex << :controllers << :templates
78
78
  when :template
79
79
  rescan_template path
80
- @reindex << :templates
81
80
  when :model
82
81
  rescan_model path
83
82
  when :lib
@@ -85,16 +84,9 @@ class Brakeman::Rescanner < Brakeman::Scanner
85
84
  when :config
86
85
  process_config
87
86
  when :initializer
88
- process_initializer path
87
+ rescan_initializer path
89
88
  when :routes
90
- # Routes affect which controller methods are treated as actions
91
- # which affects which templates are rendered, so routes, controllers,
92
- # and templates rendered from controllers must be rescanned
93
- tracker.reset_routes
94
- tracker.reset_templates :only_rendered => true
95
- process_routes
96
- process_controllers
97
- @reindex << :controllers << :templates
89
+ rescan_routes
98
90
  when :gemfile
99
91
  if tracker.config[:gems][:rails_xss] and tracker.config[:escape_html]
100
92
  tracker.config[:escape_html] = false
@@ -109,13 +101,16 @@ class Brakeman::Rescanner < Brakeman::Scanner
109
101
  end
110
102
 
111
103
  def rescan_controller path
112
- #Process source
113
- process_controller path
104
+ controller = tracker.reset_controller path
105
+ paths = controller.nil? ? [path] : controller[:files]
106
+ parse_ruby_files(paths).each do |astfile|
107
+ process_controller astfile
108
+ end
114
109
 
115
110
  #Process data flow and template rendering
116
111
  #from the controller
117
112
  tracker.controllers.each do |name, controller|
118
- if controller[:file] == path
113
+ if controller[:files].include?(path)
119
114
  tracker.templates.each do |template_name, template|
120
115
  next unless template[:caller]
121
116
  unless template[:caller].grep(/^#{name}#/).empty?
@@ -123,9 +118,13 @@ class Brakeman::Rescanner < Brakeman::Scanner
123
118
  end
124
119
  end
125
120
 
126
- @processor.process_controller_alias controller[:name], controller[:src]
121
+ controller[:src].each_value do |src|
122
+ @processor.process_controller_alias controller[:name], src
123
+ end
127
124
  end
128
125
  end
126
+
127
+ @reindex << :templates << :controllers
129
128
  end
130
129
 
131
130
  def rescan_template path
@@ -134,7 +133,10 @@ class Brakeman::Rescanner < Brakeman::Scanner
134
133
  template_name = template_path_to_name(path)
135
134
 
136
135
  tracker.reset_template template_name
137
- process_template path
136
+ fp = Brakeman::FileParser.new(tracker, @app_tree)
137
+ template_parser = Brakeman::TemplateParser.new(tracker, fp)
138
+ template_parser.parse_template path, @app_tree.read_path(path)
139
+ process_template fp.file_list[:templates].first
138
140
 
139
141
  @processor.process_template_alias tracker.templates[template_name]
140
142
 
@@ -164,8 +166,10 @@ class Brakeman::Rescanner < Brakeman::Scanner
164
166
  if r[0] == :controller
165
167
  controller = tracker.controllers[r[1]]
166
168
 
167
- unless @paths.include? controller[:file]
168
- @processor.process_controller_alias controller[:name], controller[:src], r[2]
169
+ controller[:src].each do |file, src|
170
+ unless @paths.include? file
171
+ @processor.process_controller_alias controller[:name], src, r[2]
172
+ end
169
173
  end
170
174
  elsif r[0] == :template
171
175
  template = tracker.templates[r[1]]
@@ -173,17 +177,22 @@ class Brakeman::Rescanner < Brakeman::Scanner
173
177
  rescan_template template[:file]
174
178
  end
175
179
  end
180
+
181
+ @reindex << :templates
176
182
  end
177
183
 
178
184
  def rescan_model path
179
185
  num_models = tracker.models.length
180
- tracker.reset_model path
181
- process_model path if @app_tree.path_exists?(path)
186
+ model = tracker.reset_model path
187
+ paths = model.nil? ? [path] : model[:files]
188
+ parse_ruby_files(paths).each do |astfile|
189
+ process_model astfile.path, astfile.ast
190
+ end
182
191
 
183
192
  #Only need to rescan other things if a model is added or removed
184
193
  if num_models != tracker.models.length
185
- process_templates
186
- process_controllers
194
+ process_template_data_flows
195
+ process_controller_data_flows
187
196
  @reindex << :templates << :controllers
188
197
  end
189
198
 
@@ -191,12 +200,16 @@ class Brakeman::Rescanner < Brakeman::Scanner
191
200
  end
192
201
 
193
202
  def rescan_lib path
194
- process_lib path if @app_tree.path_exists?(path)
203
+ lib = tracker.reset_lib path
204
+ paths = lib.nil? ? [path] : lib[:files]
205
+ parse_ruby_files(paths).each do |astfile|
206
+ process_lib astfile
207
+ end
195
208
 
196
209
  lib = nil
197
210
 
198
211
  tracker.libs.each do |name, library|
199
- if library[:file] == path
212
+ if library[:files].include?(path)
200
213
  lib = library
201
214
  break
202
215
  end
@@ -205,11 +218,28 @@ class Brakeman::Rescanner < Brakeman::Scanner
205
218
  rescan_mixin lib if lib
206
219
  end
207
220
 
221
+ def rescan_routes
222
+ # Routes affect which controller methods are treated as actions
223
+ # which affects which templates are rendered, so routes, controllers,
224
+ # and templates rendered from controllers must be rescanned
225
+ tracker.reset_routes
226
+ tracker.reset_templates :only_rendered => true
227
+ process_routes
228
+ process_controller_data_flows
229
+ @reindex << :controllers << :templates
230
+ end
231
+
232
+ def rescan_initializer path
233
+ parse_ruby_files([path]).each do |astfile|
234
+ process_initializer astfile
235
+ end
236
+ end
237
+
208
238
  #Handle rescanning when a file is deleted
209
239
  def rescan_deleted_file path, type
210
240
  case type
211
241
  when :controller
212
- rescan_deleted_controller path
242
+ rescan_controller path
213
243
  when :template
214
244
  rescan_deleted_template path
215
245
  when :model
@@ -229,10 +259,6 @@ class Brakeman::Rescanner < Brakeman::Scanner
229
259
  true
230
260
  end
231
261
 
232
- def rescan_deleted_controller path
233
- tracker.reset_controller path
234
- end
235
-
236
262
  def rescan_deleted_template path
237
263
  return unless path.match KNOWN_TEMPLATE_EXTENSIONS
238
264
 
@@ -260,7 +286,7 @@ class Brakeman::Rescanner < Brakeman::Scanner
260
286
  deleted_lib = nil
261
287
 
262
288
  tracker.libs.delete_if do |name, lib|
263
- if lib[:file] == path
289
+ if lib[:files].include?(path)
264
290
  deleted_lib = lib
265
291
  true
266
292
  end
@@ -278,15 +304,22 @@ class Brakeman::Rescanner < Brakeman::Scanner
278
304
  def remove_deleted_file path
279
305
  deleted = false
280
306
 
281
- [:controllers, :templates, :models, :libs].each do |collection|
307
+ [:controllers, :models, :libs].each do |collection|
282
308
  tracker.send(collection).delete_if do |name, data|
283
- if data[:file] == path
309
+ if data[:files].include?(path)
284
310
  deleted = true
285
311
  true
286
312
  end
287
313
  end
288
314
  end
289
315
 
316
+ tracker.templates.delete_if do |name, data|
317
+ if data[:file] == path
318
+ deleted = true
319
+ true
320
+ end
321
+ end
322
+
290
323
  deleted
291
324
  end
292
325
 
@@ -325,15 +358,24 @@ class Brakeman::Rescanner < Brakeman::Scanner
325
358
 
326
359
  method_matcher = /##{method_names.map {|n| Regexp.escape(n.to_s)}.join('|')}$/
327
360
 
361
+ to_rescan = []
362
+
328
363
  #Rescan controllers that mixed in library
329
364
  tracker.controllers.each do |name, controller|
330
365
  if controller[:includes].include? lib[:name]
331
- unless @paths.include? controller[:file]
332
- rescan_file controller[:file]
366
+ controller[:files].each do |path|
367
+ unless @paths.include? path
368
+ to_rescan << path
369
+ end
333
370
  end
334
371
  end
335
372
  end
336
373
 
374
+ to_rescan.each do |controller|
375
+ tracker.reset_controller controller
376
+ rescan_file controller
377
+ end
378
+
337
379
  to_rescan = []
338
380
 
339
381
  #Check if a method from this mixin was used to render a template.
@@ -358,6 +400,13 @@ class Brakeman::Rescanner < Brakeman::Scanner
358
400
  rescan_file template[1]
359
401
  end
360
402
  end
403
+
404
+ def parse_ruby_files list
405
+ paths = list.select { |path| @app_tree.path_exists? path }
406
+ file_parser = Brakeman::FileParser.new(tracker, @app_tree)
407
+ file_parser.parse_files paths, :rescan
408
+ file_parser.file_list[:rescan]
409
+ end
361
410
  end
362
411
 
363
412
  #Class to make reporting of rescan results simpler to deal with
@@ -6,6 +6,8 @@ begin
6
6
  require 'ruby_parser/bm_sexp_processor.rb'
7
7
  require 'brakeman/processor'
8
8
  require 'brakeman/app_tree'
9
+ require 'brakeman/file_parser'
10
+ require 'brakeman/parsers/template_parser'
9
11
  rescue LoadError => e
10
12
  $stderr.puts e.message
11
13
  $stderr.puts "Please install the appropriate dependency."
@@ -15,9 +17,7 @@ end
15
17
  #Scans the Rails application.
16
18
  class Brakeman::Scanner
17
19
  attr_reader :options
18
-
19
- RUBY_1_9 = !!(RUBY_VERSION >= "1.9.0")
20
- KNOWN_TEMPLATE_EXTENSIONS = /.*\.(erb|haml|rhtml|slim)$/
20
+ RUBY_1_9 = RUBY_VERSION >= "1.9.0"
21
21
 
22
22
  #Pass in path to the root of the Rails application
23
23
  def initialize options, processor = nil
@@ -36,7 +36,6 @@ class Brakeman::Scanner
36
36
  Brakeman.notify "[Notice] Detected Rails 4 application"
37
37
  end
38
38
 
39
- @ruby_parser = ::RubyParser
40
39
  @processor = processor || Brakeman::Processor.new(@app_tree, options)
41
40
  end
42
41
 
@@ -51,6 +50,8 @@ class Brakeman::Scanner
51
50
  process_gems
52
51
  Brakeman.notify "Processing configuration..."
53
52
  process_config
53
+ Brakeman.notify "Parsing files..."
54
+ parse_files
54
55
  Brakeman.notify "Processing initializers..."
55
56
  process_initializers
56
57
  Brakeman.notify "Processing libs..."
@@ -59,15 +60,45 @@ class Brakeman::Scanner
59
60
  process_routes
60
61
  Brakeman.notify "Processing templates... "
61
62
  process_templates
63
+ Brakeman.notify "Processing data flow in templates..."
64
+ process_template_data_flows
62
65
  Brakeman.notify "Processing models... "
63
66
  process_models
64
67
  Brakeman.notify "Processing controllers... "
65
68
  process_controllers
69
+ Brakeman.notify "Processing data flow in controllers..."
70
+ process_controller_data_flows
66
71
  Brakeman.notify "Indexing call sites... "
67
72
  index_call_sites
68
73
  tracker
69
74
  end
70
75
 
76
+ def parse_files
77
+ fp = Brakeman::FileParser.new tracker, @app_tree
78
+
79
+ files = {
80
+ :initializers => @app_tree.initializer_paths,
81
+ :controllers => @app_tree.controller_paths,
82
+ :models => @app_tree.model_paths
83
+ }
84
+
85
+ unless options[:skip_libs]
86
+ files[:libs] = @app_tree.lib_paths
87
+ end
88
+
89
+ files.each do |name, paths|
90
+ fp.parse_files paths, name
91
+ end
92
+
93
+ template_parser = Brakeman::TemplateParser.new(tracker, fp)
94
+
95
+ fp.read_files(@app_tree.template_paths, :templates) do |path, contents|
96
+ template_parser.parse_template path, contents
97
+ end
98
+
99
+ @file_list = fp.file_list
100
+ end
101
+
71
102
  #Process config/environment.rb and config/gems.rb
72
103
  #
73
104
  #Stores parsed information in tracker.config
@@ -120,20 +151,15 @@ class Brakeman::Scanner
120
151
  #
121
152
  #Adds parsed information to tracker.initializers
122
153
  def process_initializers
123
- @app_tree.initializer_paths.each do |f|
124
- process_initializer f
154
+ track_progress @file_list[:initializers] do |init|
155
+ Brakeman.debug "Processing #{init[:path]}"
156
+ process_initializer init
125
157
  end
126
158
  end
127
159
 
128
160
  #Process an initializer
129
- def process_initializer path
130
- begin
131
- @processor.process_initializer(path, parse_ruby(@app_tree.read_path(path)))
132
- rescue Racc::ParseError => e
133
- tracker.error e, "could not parse #{path}. There is probably a typo in the file. Test it with 'ruby_parse #{path}'"
134
- rescue => e
135
- tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
136
- end
161
+ def process_initializer init
162
+ @processor.process_initializer(init.path, init.ast)
137
163
  end
138
164
 
139
165
  #Process all .rb in lib/
@@ -145,26 +171,15 @@ class Brakeman::Scanner
145
171
  return
146
172
  end
147
173
 
148
- total = @app_tree.lib_paths.length
149
- current = 0
150
-
151
- @app_tree.lib_paths.each do |f|
152
- Brakeman.debug "Processing #{f}"
153
- report_progress(current, total)
154
- current += 1
155
- process_lib f
174
+ track_progress @file_list[:libs] do |lib|
175
+ Brakeman.debug "Processing #{lib.path}"
176
+ process_lib lib
156
177
  end
157
178
  end
158
179
 
159
180
  #Process a library
160
- def process_lib path
161
- begin
162
- @processor.process_lib parse_ruby(@app_tree.read_path(path)), path
163
- rescue Racc::ParseError => e
164
- tracker.error e, "could not parse #{path}. There is probably a typo in the file. Test it with 'ruby_parse #{path}'"
165
- rescue => e
166
- tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
167
- end
181
+ def process_lib lib
182
+ @processor.process_lib lib.ast, lib.path
168
183
  end
169
184
 
170
185
  #Process config/routes.rb
@@ -188,37 +203,29 @@ class Brakeman::Scanner
188
203
  #
189
204
  #Adds processed controllers to tracker.controllers
190
205
  def process_controllers
191
- total = @app_tree.controller_paths.length
192
- current = 0
193
-
194
- @app_tree.controller_paths.each do |f|
195
- Brakeman.debug "Processing #{f}"
196
- report_progress(current, total)
197
- current += 1
198
- process_controller f
206
+ track_progress @file_list[:controllers] do |controller|
207
+ Brakeman.debug "Processing #{controller.path}"
208
+ process_controller controller
199
209
  end
210
+ end
200
211
 
201
- current = 0
202
- total = tracker.controllers.length
212
+ def process_controller_data_flows
213
+ controllers = tracker.controllers.sort_by { |name, _| name.to_s }
203
214
 
204
- Brakeman.notify "Processing data flow in controllers..."
205
-
206
- tracker.controllers.sort_by{|name| name.to_s}.each do |name, controller|
215
+ track_progress controllers, "controllers" do |name, controller|
207
216
  Brakeman.debug "Processing #{name}"
208
- report_progress(current, total, "controllers")
209
- current += 1
210
- @processor.process_controller_alias name, controller[:src]
217
+ controller[:src].each_value do |src|
218
+ @processor.process_controller_alias name, src
219
+ end
211
220
  end
212
221
 
213
222
  #No longer need these processed filter methods
214
223
  tracker.filter_cache.clear
215
224
  end
216
225
 
217
- def process_controller path
226
+ def process_controller astfile
218
227
  begin
219
- @processor.process_controller(parse_ruby(@app_tree.read_path(path)), path)
220
- rescue Racc::ParseError => e
221
- tracker.error e, "could not parse #{path}. There is probably a typo in the file. Test it with 'ruby_parse #{path}'"
228
+ @processor.process_controller(astfile.ast, astfile.path)
222
229
  rescue => e
223
230
  tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
224
231
  end
@@ -228,119 +235,48 @@ class Brakeman::Scanner
228
235
  #
229
236
  #Adds processed views to tracker.views
230
237
  def process_templates
231
- $stdout.sync = true
232
-
233
- count = 0
234
- total = @app_tree.template_paths.length
238
+ templates = @file_list[:templates].sort_by { |t| t[:path] }
235
239
 
236
- @app_tree.template_paths.each do |path|
237
- Brakeman.debug "Processing #{path}"
238
- report_progress(count, total)
239
- count += 1
240
- process_template path
241
- end
242
-
243
- total = tracker.templates.length
244
- count = 0
245
-
246
- Brakeman.notify "Processing data flow in templates..."
247
-
248
- tracker.templates.keys.dup.sort_by{|name| name.to_s}.each do |name|
249
- Brakeman.debug "Processing #{name}"
250
- report_progress(count, total, "templates")
251
- count += 1
252
- @processor.process_template_alias tracker.templates[name]
240
+ track_progress templates, "templates" do |template|
241
+ Brakeman.debug "Processing #{template[:path]}"
242
+ process_template template
253
243
  end
254
244
  end
255
245
 
256
- def process_template path
257
- type = path.match(KNOWN_TEMPLATE_EXTENSIONS)[1].to_sym
258
- type = :erb if type == :rhtml
259
- name = template_path_to_name path
260
- text = @app_tree.read_path path
261
-
262
- begin
263
- if type == :erb
264
- if tracker.config[:escape_html]
265
- type = :erubis
266
- if options[:rails3]
267
- require 'brakeman/parsers/rails3_erubis'
268
- src = Brakeman::Rails3Erubis.new(text).src
269
- else
270
- require 'brakeman/parsers/rails2_xss_plugin_erubis'
271
- src = Brakeman::Rails2XSSPluginErubis.new(text).src
272
- end
273
- elsif tracker.config[:erubis]
274
- require 'brakeman/parsers/rails2_erubis'
275
- type = :erubis
276
- src = Brakeman::ScannerErubis.new(text).src
277
- else
278
- require 'erb'
279
- src = ERB.new(text, nil, "-").src
280
- src.sub!(/^#.*\n/, '') if RUBY_1_9
281
- end
282
-
283
- parsed = parse_ruby src
284
- elsif type == :haml
285
- Brakeman.load_brakeman_dependency 'haml'
286
- Brakeman.load_brakeman_dependency 'sass'
287
-
288
- src = Haml::Engine.new(text,
289
- :escape_html => !!tracker.config[:escape_html]).precompiled
290
- parsed = parse_ruby src
291
- elsif type == :slim
292
- Brakeman.load_brakeman_dependency 'slim'
293
-
294
- src = Slim::Template.new(:disable_capture => true,
295
- :generator => Temple::Generators::RailsOutputBuffer) { text }.precompiled_template
296
-
297
- parsed = parse_ruby src
298
- else
299
- tracker.error "Unkown template type in #{path}"
300
- end
246
+ def process_template template
247
+ @processor.process_template(template.name, template.ast, template.type, nil, template.path)
248
+ end
301
249
 
302
- @processor.process_template(name, parsed, type, nil, path)
250
+ def process_template_data_flows
251
+ templates = tracker.templates.sort_by { |name, _| name.to_s }
303
252
 
304
- rescue Racc::ParseError => e
305
- tracker.error e, "could not parse #{path}"
306
- rescue Haml::Error => e
307
- tracker.error e, ["While compiling HAML in #{path}"] << e.backtrace
308
- rescue StandardError, LoadError => e
309
- tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
253
+ track_progress templates, "templates" do |name, template|
254
+ Brakeman.debug "Processing #{name}"
255
+ @processor.process_template_alias template
310
256
  end
311
257
  end
312
258
 
313
- #Convert path/filename to view name
314
- #
315
- # views/test/something.html.erb -> test/something
316
- def template_path_to_name path
317
- names = path.split("/")
318
- names.last.gsub!(/(\.(html|js)\..*|\.rhtml)$/, '')
319
- names[(names.index("views") + 1)..-1].join("/").to_sym
320
- end
321
-
322
259
  #Process all the .rb files in models/
323
260
  #
324
261
  #Adds the processed models to tracker.models
325
262
  def process_models
326
- total = @app_tree.model_paths.length
327
- current = 0
328
-
329
- @app_tree.model_paths.each do |f|
330
- Brakeman.debug "Processing #{f}"
331
- report_progress(current, total)
332
- current += 1
333
- process_model f
263
+ track_progress @file_list[:models] do |model|
264
+ Brakeman.debug "Processing #{model[:path]}"
265
+ process_model model[:path], model[:ast]
334
266
  end
335
267
  end
336
268
 
337
- def process_model path
338
- begin
339
- @processor.process_model(parse_ruby(@app_tree.read_path(path)), path)
340
- rescue Racc::ParseError => e
341
- tracker.error e, "could not parse #{path}"
342
- rescue => e
343
- tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
269
+ def process_model path, ast
270
+ @processor.process_model(ast, path)
271
+ end
272
+
273
+ def track_progress list, type = "files"
274
+ total = list.length
275
+ current = 0
276
+ list.each do |item|
277
+ report_progress current, total, type
278
+ current += 1
279
+ yield item
344
280
  end
345
281
  end
346
282
 
@@ -354,7 +290,7 @@ class Brakeman::Scanner
354
290
  end
355
291
 
356
292
  def parse_ruby input
357
- @ruby_parser.new.parse input
293
+ RubyParser.new.parse input
358
294
  end
359
295
  end
360
296