brakeman 0.5.1 → 0.5.2
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/brakeman +1 -0
- data/lib/processor.rb +1 -0
- data/lib/report.rb +26 -0
- data/lib/scanner.rb +9 -5
- data/lib/version.rb +1 -1
- data/lib/warning.rb +4 -2
- metadata +3 -3
data/bin/brakeman
CHANGED
|
@@ -288,6 +288,7 @@ if OPTIONS[:output_file]
|
|
|
288
288
|
File.open OPTIONS[:output_file], "w" do |f|
|
|
289
289
|
f.puts tracker.report.send(OPTIONS[:output_format])
|
|
290
290
|
end
|
|
291
|
+
warn "Report saved in '#{OPTIONS[:output_file]}'"
|
|
291
292
|
else
|
|
292
293
|
puts tracker.report.send(OPTIONS[:output_format])
|
|
293
294
|
end
|
data/lib/processor.rb
CHANGED
data/lib/report.rb
CHANGED
|
@@ -626,6 +626,8 @@ class Report
|
|
|
626
626
|
output << "</table></div>"
|
|
627
627
|
end
|
|
628
628
|
|
|
629
|
+
#Generated tab-separated output suitable for the Jenkins Brakeman Plugin:
|
|
630
|
+
#https://github.com/presidentbeef/brakeman-jenkins-plugin
|
|
629
631
|
def to_tabs
|
|
630
632
|
[[:warnings, "General"], [:controller_warnings, "Controller"],
|
|
631
633
|
[:model_warnings, "Model"], [:template_warnings, "Template"]].map do |meth, category|
|
|
@@ -638,4 +640,28 @@ class Report
|
|
|
638
640
|
|
|
639
641
|
end.join "\n"
|
|
640
642
|
end
|
|
643
|
+
|
|
644
|
+
def to_test
|
|
645
|
+
report = { :errors => tracker.errors,
|
|
646
|
+
:controllers => tracker.controllers,
|
|
647
|
+
:models => tracker.models,
|
|
648
|
+
:templates => tracker.templates
|
|
649
|
+
}
|
|
650
|
+
|
|
651
|
+
[:warnings, :controller_warnings, :model_warnings, :template_warnings].each do |meth|
|
|
652
|
+
report[meth] = @checks.send(meth)
|
|
653
|
+
report[meth].each do |w|
|
|
654
|
+
w.message = w.format_message
|
|
655
|
+
if w.code
|
|
656
|
+
w.code = w.format_code
|
|
657
|
+
else
|
|
658
|
+
w.code = ""
|
|
659
|
+
end
|
|
660
|
+
w.context = context_for(w).join("\n")
|
|
661
|
+
w.file = file_for w
|
|
662
|
+
end
|
|
663
|
+
end
|
|
664
|
+
|
|
665
|
+
report
|
|
666
|
+
end
|
|
641
667
|
end
|
data/lib/scanner.rb
CHANGED
|
@@ -23,6 +23,7 @@ end
|
|
|
23
23
|
|
|
24
24
|
#Scans the Rails application.
|
|
25
25
|
class Scanner
|
|
26
|
+
RUBY_1_9 = !!(RUBY_VERSION =~ /^1\.9/)
|
|
26
27
|
|
|
27
28
|
#Pass in path to the root of the Rails application
|
|
28
29
|
def initialize path
|
|
@@ -145,25 +146,28 @@ class Scanner
|
|
|
145
146
|
type = f.match(/.*\.(erb|haml|rhtml)$/)[1].to_sym
|
|
146
147
|
type = :erb if type == :rhtml
|
|
147
148
|
name = template_path_to_name f
|
|
149
|
+
text = File.read f
|
|
148
150
|
|
|
149
151
|
begin
|
|
150
152
|
if type == :erb
|
|
151
153
|
if tracker.config[:escape_html]
|
|
152
154
|
type = :erubis
|
|
153
155
|
if OPTIONS[:rails3]
|
|
154
|
-
src = RailsXSSErubis.new(
|
|
156
|
+
src = RailsXSSErubis.new(text).src
|
|
155
157
|
else
|
|
156
|
-
src = ErubisEscape.new(
|
|
158
|
+
src = ErubisEscape.new(text).src
|
|
157
159
|
end
|
|
158
160
|
elsif tracker.config[:erubis]
|
|
159
161
|
type = :erubis
|
|
160
|
-
src = ScannerErubis.new(
|
|
162
|
+
src = ScannerErubis.new(text).src
|
|
161
163
|
else
|
|
162
|
-
src = ERB.new(
|
|
164
|
+
src = ERB.new(text, nil, "-").src
|
|
165
|
+
src.sub!(/^#.*\n/, '') if RUBY_1_9
|
|
163
166
|
end
|
|
167
|
+
|
|
164
168
|
parsed = RubyParser.new.parse src
|
|
165
169
|
elsif type == :haml
|
|
166
|
-
src = Haml::Engine.new(
|
|
170
|
+
src = Haml::Engine.new(text,
|
|
167
171
|
:escape_html => !!tracker.config[:escape_html]).precompiled
|
|
168
172
|
parsed = RubyParser.new.parse src
|
|
169
173
|
else
|
data/lib/version.rb
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Version = "0.5.
|
|
1
|
+
Version = "0.5.2"
|
data/lib/warning.rb
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
#The Warning class stores information about warnings
|
|
2
2
|
class Warning
|
|
3
|
-
attr_reader :called_from, :check, :class, :
|
|
4
|
-
:
|
|
3
|
+
attr_reader :called_from, :check, :class, :confidence, :controller,
|
|
4
|
+
:line, :method, :model, :template, :warning_set, :warning_type
|
|
5
|
+
|
|
6
|
+
attr_accessor :code, :context, :file, :message
|
|
5
7
|
|
|
6
8
|
#+options[:result]+ can be a result Sexp from FindCall. Otherwise, it can be +nil+.
|
|
7
9
|
def initialize options = {}
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
7
|
- 5
|
|
8
|
-
-
|
|
9
|
-
version: 0.5.
|
|
8
|
+
- 2
|
|
9
|
+
version: 0.5.2
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Justin Collins
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2011-06-
|
|
17
|
+
date: 2011-06-29 00:00:00 -07:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|