brakeman 0.5.1 → 0.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/brakeman +1 -0
- data/lib/processor.rb +1 -0
- data/lib/report.rb +26 -0
- data/lib/scanner.rb +9 -5
- data/lib/version.rb +1 -1
- data/lib/warning.rb +4 -2
- metadata +3 -3
data/bin/brakeman
CHANGED
|
@@ -288,6 +288,7 @@ if OPTIONS[:output_file]
|
|
|
288
288
|
File.open OPTIONS[:output_file], "w" do |f|
|
|
289
289
|
f.puts tracker.report.send(OPTIONS[:output_format])
|
|
290
290
|
end
|
|
291
|
+
warn "Report saved in '#{OPTIONS[:output_file]}'"
|
|
291
292
|
else
|
|
292
293
|
puts tracker.report.send(OPTIONS[:output_format])
|
|
293
294
|
end
|
data/lib/processor.rb
CHANGED
data/lib/report.rb
CHANGED
|
@@ -626,6 +626,8 @@ class Report
|
|
|
626
626
|
output << "</table></div>"
|
|
627
627
|
end
|
|
628
628
|
|
|
629
|
+
#Generated tab-separated output suitable for the Jenkins Brakeman Plugin:
|
|
630
|
+
#https://github.com/presidentbeef/brakeman-jenkins-plugin
|
|
629
631
|
def to_tabs
|
|
630
632
|
[[:warnings, "General"], [:controller_warnings, "Controller"],
|
|
631
633
|
[:model_warnings, "Model"], [:template_warnings, "Template"]].map do |meth, category|
|
|
@@ -638,4 +640,28 @@ class Report
|
|
|
638
640
|
|
|
639
641
|
end.join "\n"
|
|
640
642
|
end
|
|
643
|
+
|
|
644
|
+
def to_test
|
|
645
|
+
report = { :errors => tracker.errors,
|
|
646
|
+
:controllers => tracker.controllers,
|
|
647
|
+
:models => tracker.models,
|
|
648
|
+
:templates => tracker.templates
|
|
649
|
+
}
|
|
650
|
+
|
|
651
|
+
[:warnings, :controller_warnings, :model_warnings, :template_warnings].each do |meth|
|
|
652
|
+
report[meth] = @checks.send(meth)
|
|
653
|
+
report[meth].each do |w|
|
|
654
|
+
w.message = w.format_message
|
|
655
|
+
if w.code
|
|
656
|
+
w.code = w.format_code
|
|
657
|
+
else
|
|
658
|
+
w.code = ""
|
|
659
|
+
end
|
|
660
|
+
w.context = context_for(w).join("\n")
|
|
661
|
+
w.file = file_for w
|
|
662
|
+
end
|
|
663
|
+
end
|
|
664
|
+
|
|
665
|
+
report
|
|
666
|
+
end
|
|
641
667
|
end
|
data/lib/scanner.rb
CHANGED
|
@@ -23,6 +23,7 @@ end
|
|
|
23
23
|
|
|
24
24
|
#Scans the Rails application.
|
|
25
25
|
class Scanner
|
|
26
|
+
RUBY_1_9 = !!(RUBY_VERSION =~ /^1\.9/)
|
|
26
27
|
|
|
27
28
|
#Pass in path to the root of the Rails application
|
|
28
29
|
def initialize path
|
|
@@ -145,25 +146,28 @@ class Scanner
|
|
|
145
146
|
type = f.match(/.*\.(erb|haml|rhtml)$/)[1].to_sym
|
|
146
147
|
type = :erb if type == :rhtml
|
|
147
148
|
name = template_path_to_name f
|
|
149
|
+
text = File.read f
|
|
148
150
|
|
|
149
151
|
begin
|
|
150
152
|
if type == :erb
|
|
151
153
|
if tracker.config[:escape_html]
|
|
152
154
|
type = :erubis
|
|
153
155
|
if OPTIONS[:rails3]
|
|
154
|
-
src = RailsXSSErubis.new(
|
|
156
|
+
src = RailsXSSErubis.new(text).src
|
|
155
157
|
else
|
|
156
|
-
src = ErubisEscape.new(
|
|
158
|
+
src = ErubisEscape.new(text).src
|
|
157
159
|
end
|
|
158
160
|
elsif tracker.config[:erubis]
|
|
159
161
|
type = :erubis
|
|
160
|
-
src = ScannerErubis.new(
|
|
162
|
+
src = ScannerErubis.new(text).src
|
|
161
163
|
else
|
|
162
|
-
src = ERB.new(
|
|
164
|
+
src = ERB.new(text, nil, "-").src
|
|
165
|
+
src.sub!(/^#.*\n/, '') if RUBY_1_9
|
|
163
166
|
end
|
|
167
|
+
|
|
164
168
|
parsed = RubyParser.new.parse src
|
|
165
169
|
elsif type == :haml
|
|
166
|
-
src = Haml::Engine.new(
|
|
170
|
+
src = Haml::Engine.new(text,
|
|
167
171
|
:escape_html => !!tracker.config[:escape_html]).precompiled
|
|
168
172
|
parsed = RubyParser.new.parse src
|
|
169
173
|
else
|
data/lib/version.rb
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Version = "0.5.
|
|
1
|
+
Version = "0.5.2"
|
data/lib/warning.rb
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
#The Warning class stores information about warnings
|
|
2
2
|
class Warning
|
|
3
|
-
attr_reader :called_from, :check, :class, :
|
|
4
|
-
:
|
|
3
|
+
attr_reader :called_from, :check, :class, :confidence, :controller,
|
|
4
|
+
:line, :method, :model, :template, :warning_set, :warning_type
|
|
5
|
+
|
|
6
|
+
attr_accessor :code, :context, :file, :message
|
|
5
7
|
|
|
6
8
|
#+options[:result]+ can be a result Sexp from FindCall. Otherwise, it can be +nil+.
|
|
7
9
|
def initialize options = {}
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
7
|
- 5
|
|
8
|
-
-
|
|
9
|
-
version: 0.5.
|
|
8
|
+
- 2
|
|
9
|
+
version: 0.5.2
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Justin Collins
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2011-06-
|
|
17
|
+
date: 2011-06-29 00:00:00 -07:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|