RubyGems - brakeman - Versions diffs - 6.2.2 → 7.0.0 - Mend

brakeman 6.2.2 → 7.0.0

Files changed (202) hide show

data/lib/brakeman/scanner.rb CHANGED Viewed

@@ -7,6 +7,7 @@ begin
   require 'brakeman/file_parser'
   require 'brakeman/parsers/template_parser'
   require 'brakeman/processors/lib/file_type_detector'
+  require 'brakeman/tracker/file_cache'
 rescue LoadError => e
   $stderr.puts e.message
   $stderr.puts "Please install the appropriate dependency."
@@ -38,6 +39,10 @@ class Brakeman::Scanner
     @processor.tracked_events
   end
+  def file_cache
+    tracker.file_cache
+  end
   def process_step description
     Brakeman.notify "#{description}...".ljust(40)
@@ -67,7 +72,7 @@ class Brakeman::Scanner
   end
   #Process everything in the Rails application
-  def process
+  def process(ruby_paths: nil, template_paths: nil)
     process_step 'Processing gems' do
       process_gems
     end
@@ -77,14 +82,30 @@ class Brakeman::Scanner
       process_config
     end
+    # -
+    # If ruby_paths or template_paths are set,
+    # only parse those files. The rest will be fetched
+    # from the file cache.
+    #
+    # Otherwise, parse everything normally.
+    #
+    astfiles = nil
+    process_step 'Finding files' do
+      ruby_paths ||= tracker.app_tree.ruby_file_paths
+      template_paths ||= tracker.app_tree.template_paths
+    end
     process_step 'Parsing files' do
-      parse_files
+      astfiles = parse_files(ruby_paths: ruby_paths, template_paths: template_paths)
     end
     process_step 'Detecting file types' do
-      detect_file_types
+      detect_file_types(astfiles)
     end
+    tracker.save_file_cache! if support_rescanning?
+    # -
     process_step 'Processing initializers' do
       process_initializers
     end
@@ -124,44 +145,37 @@ class Brakeman::Scanner
     tracker
   end
-  def parse_files
+  def parse_files(ruby_paths:, template_paths:)
     fp = Brakeman::FileParser.new(tracker.app_tree, tracker.options[:parser_timeout], tracker.options[:parallel_checks], tracker.options[:use_prism])
-    fp.parse_files tracker.app_tree.ruby_file_paths
+    fp.parse_files ruby_paths
     template_parser = Brakeman::TemplateParser.new(tracker, fp)
-    fp.read_files(@app_tree.template_paths) do |path, contents|
-      template_parser.parse_template path, contents
+    fp.read_files(template_paths) do |path, contents|
+      template_parser.parse_template(path, contents)
     end
     # Collect errors raised during parsing
     tracker.add_errors(fp.errors)
-    @parsed_files = fp.file_list
+    fp.file_list
   end
-  def detect_file_types
-    @file_list = {
-      controllers: [],
-      initializers: [],
-      libs: [],
-      models: [],
-      templates: [],
-    }
+  def detect_file_types(astfiles)
     detector = Brakeman::FileTypeDetector.new
-    @parsed_files.each do |file|
+    astfiles.each do |file|
       if file.is_a? Brakeman::TemplateParser::TemplateFile
-        @file_list[:templates] << file
+        file_cache.add_file file, :template
       else
         type = detector.detect_type(file)
         unless type == :skip
-          if @file_list[type].nil?
-            raise type.to_s
+          if file_cache.valid_type? type
+            file_cache.add_file(file, type)
           else
-            @file_list[type] << file
+            raise "Unexpected file type: #{type.inspect}"
           end
         end
       end
@@ -268,8 +282,8 @@ class Brakeman::Scanner
   #
   #Adds parsed information to tracker.initializers
   def process_initializers
-    track_progress @file_list[:initializers] do |init|
-      process_step_file init[:path] do
+    track_progress file_cache.initializers do |path, init|
+      process_step_file path do
         process_initializer init
       end
     end
@@ -289,8 +303,10 @@ class Brakeman::Scanner
       return
     end
-    track_progress @file_list[:libs] do |lib|
-      process_step_file lib.path do
+    libs = file_cache.libs.sort_by { |path, _| path }
+    track_progress libs do |path, lib|
+      process_step_file path do
         process_lib lib
       end
     end
@@ -322,15 +338,17 @@ class Brakeman::Scanner
   #
   #Adds processed controllers to tracker.controllers
   def process_controllers
-    track_progress @file_list[:controllers] do |controller|
-      process_step_file controller.path do
+    controllers = file_cache.controllers.sort_by { |path, _| path }
+    track_progress controllers do |path, controller|
+      process_step_file path do
         process_controller controller
       end
     end
   end
   def process_controller_data_flows
-    controllers = tracker.controllers.sort_by { |name, _| name.to_s }
+    controllers = tracker.controllers.sort_by { |name, _| name }
     track_progress controllers, "controllers" do |name, controller|
       process_step_file name do
@@ -356,10 +374,10 @@ class Brakeman::Scanner
   #
   #Adds processed views to tracker.views
   def process_templates
-    templates = @file_list[:templates].sort_by { |t| t[:path] }
+    templates = file_cache.templates.sort_by { |path, _| path }
-    track_progress templates, "templates" do |template|
-      process_step_file template[:path] do
+    track_progress templates, "templates" do |path, template|
+      process_step_file path do
         process_template template
       end
     end
@@ -370,7 +388,7 @@ class Brakeman::Scanner
   end
   def process_template_data_flows
-    templates = tracker.templates.sort_by { |name, _| name.to_s }
+    templates = tracker.templates.sort_by { |name, _| name }
     track_progress templates, "templates" do |name, template|
       process_step_file name do
@@ -383,15 +401,17 @@ class Brakeman::Scanner
   #
   #Adds the processed models to tracker.models
   def process_models
-    track_progress @file_list[:models] do |model|
-      process_step_file model[:path] do
-        process_model model[:path], model[:ast]
+    models = file_cache.models.sort_by { |path, _| path }
+    track_progress models do |path, model|
+      process_step_file path do
+        process_model model
       end
     end
   end
-  def process_model path, ast
-    @processor.process_model(ast, path)
+  def process_model astfile
+    @processor.process_model(astfile.ast, astfile.path)
   end
   def track_progress list, type = "files"
@@ -420,6 +440,10 @@ class Brakeman::Scanner
     tracker.error(e)
     nil
   end
+  def support_rescanning?
+    tracker.options[:support_rescanning]
+  end
 end
 # This is to allow operation without loading the Haml library

data/lib/brakeman/tracker/file_cache.rb ADDED Viewed

@@ -0,0 +1,83 @@
+module Brakeman
+  class FileCache
+    def initialize(file_list = nil)
+      @file_list = file_list || {
+        controller: {},
+        initializer: {},
+        lib: {},
+        model: {},
+        template: {},
+      }
+    end
+    def controllers
+      @file_list[:controller]
+    end
+    def initializers
+      @file_list[:initializer]
+    end
+    def libs
+      @file_list[:lib]
+    end
+    def models
+      @file_list[:model]
+    end
+    def templates
+      @file_list[:template]
+    end
+    def add_file(astfile, type)
+      raise "Unknown type: #{type}" unless valid_type? type
+      @file_list[type][astfile.path] = astfile
+    end
+    def valid_type?(type)
+      @file_list.key? type
+    end
+    def cached? path
+      @file_list.any? do |name, list|
+        list[path]
+      end
+    end
+    def delete path
+      @file_list.each do |name, list|
+        list.delete path
+      end
+    end
+    def diff other
+      @file_list.each do |name, list|
+        other_list = other.send(:"#{name}s")
+        if list == other_list
+          next
+        else
+          puts "-- #{name} --"
+          puts "Old: #{other_list.keys - list.keys}"
+          puts "New: #{list.keys - other_list.keys}"
+        end
+      end
+    end
+    def dup
+      copy_file_list = @file_list.map do |name, list|
+        copy_list = list.map do |path, astfile|
+          copy_astfile = astfile.dup
+          copy_astfile.ast = copy_astfile.ast.deep_clone
+          [path, copy_astfile]
+        end.to_h
+        [name, copy_list]
+      end.to_h
+      FileCache.new(copy_file_list)
+    end
+  end
+end

data/lib/brakeman/tracker.rb CHANGED Viewed

@@ -12,7 +12,7 @@ class Brakeman::Tracker
   attr_accessor :controllers, :constants, :templates, :models, :errors,
     :checks, :initializers, :config, :routes, :processor, :libs,
     :template_cache, :options, :filter_cache, :start_time, :end_time,
-    :duration, :ignored_filter, :app_tree
+    :duration, :ignored_filter, :app_tree, :file_cache, :pristine_file_cache
   #Place holder when there should be a model, but it is not
   #clear what model it will be.
@@ -26,15 +26,22 @@ class Brakeman::Tracker
     @app_tree = app_tree
     @processor = processor
     @options = options
+    @file_cache = Brakeman::FileCache.new
+    @pristine_file_cache = nil
-    @config = Brakeman::Config.new(self)
+    reset_all
+  end
+  def reset_all
     @templates = {}
     @controllers = {}
     #Initialize models with the unknown model so
     #we can match models later without knowing precisely what
     #class they are.
     @models = {}
     @models[UNKNOWN_MODEL] = Brakeman::Model.new(UNKNOWN_MODEL, nil, @app_tree.file_path("NOT_REAL.rb"), nil, self)
     @method_cache = {}
     @routes = {}
     @initializers = {}
@@ -46,11 +53,16 @@ class Brakeman::Tracker
     @template_cache = Set.new
     @filter_cache = {}
     @call_index = nil
+    @config = Brakeman::Config.new(self)
     @start_time = Time.now
     @end_time = nil
     @duration = nil
   end
+  def save_file_cache!
+    @pristine_file_cache = @file_cache.dup
+  end
   #Add an error to the list. If no backtrace is given,
   #the one from the exception will be used.
   def error exception, backtrace = nil
@@ -301,6 +313,11 @@ class Brakeman::Tracker
       method_sets << self.controllers
     end
+    if locations.include? :libs
+      classes_to_reindex.merge self.libs.keys
+      method_sets << self.libs
+    end
     if locations.include? :initializers
       self.initializers.each do |file_name, src|
         @call_index.remove_indexes_by_file file_name

data/lib/brakeman/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "6.2.2"
+  Version = "7.0.0"
 end

data/lib/brakeman.rb CHANGED Viewed

@@ -84,6 +84,15 @@ module Brakeman
       options[:report_progress] = false
     end
+    if options[:use_prism]
+      begin
+        require 'prism'
+        notify '[Notice] Using Prism parser'
+      rescue LoadError => e
+        Brakeman.debug "[Notice] Asked to use Prism, but failed to load: #{e}"
+      end
+    end
     scan options
   end
@@ -196,6 +205,7 @@ module Brakeman
       :pager => true,
       :parallel_checks => true,
       :parser_timeout => 10,
+      :use_prism => true,
       :relative_path => false,
       :report_progress => true,
       :safe_methods => Set.new,
@@ -464,12 +474,12 @@ module Brakeman
   def self.rescan tracker, files, options = {}
     require 'brakeman/rescanner'
-    tracker.options.merge! options
+    options = tracker.options.merge options
     @quiet = !!tracker.options[:quiet]
     @debug = !!tracker.options[:debug]
-    Rescanner.new(tracker.options, tracker.processor, files).recheck
+    Rescanner.new(options, tracker.processor, files).recheck
   end
   def self.notify message