brakeman 1.3.0 → 1.4.0

data/README.md

@@ -93,6 +93,14 @@ By default, Brakeman will return 0 as an exit code unless something went very wr
 
     brakeman -z
 
+To skip certain files that Brakeman may have trouble parsing, use:
+
+    brakeman --skip-files file1,file2,etc
+
+Brakeman will raise warnings on models that use `attr_protected`. To suppress these warnings:
+
+    brakeman --ignore-protected
+
 # Warning information
 
 See WARNING_TYPES for more information on the warnings reported by this tool.
@@ -131,7 +139,7 @@ The `-c` option can be used to specify a configuration file to use.
 
 The MIT License
 
-Copyright (c) 2010, YELLOWPAGES.COM, LLC
+Copyright (c) 2010-2012, YELLOWPAGES.COM, LLC
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/bin/brakeman

@@ -42,9 +42,9 @@ unless options[:app_path]
 end
 
 #Run scan and output a report
-clean = Brakeman.run options.merge(:print_report => true, :quiet => options[:quiet])
+tracker = Brakeman.run options.merge(:print_report => true, :quiet => options[:quiet])
 
 #Return error code if --exit-on-warn is used and warnings were found
-if options[:exit_on_warn] and not clean
+if options[:exit_on_warn] and not tracker.checks.all_warnings.empty?
   exit Brakeman::Warnings_Found_Exit_Code
 end

data/lib/brakeman.rb

@@ -262,15 +262,6 @@ module Brakeman
       puts tracker.report.send(options[:output_format])
     end
 
-    if options[:exit_on_warn]
-      tracker.checks.all_warnings.each do |warning|
-        next if warning.confidence > options[:min_confidence]
-        return false
-      end
-      
-      return true
-    end
-
     tracker
   end
 

data/lib/brakeman/checks.rb

@@ -20,7 +20,13 @@ class Brakeman::Checks
   end
 
   #No need to use this directly.
-  def initialize
+  def initialize options = { }
+    if options[:min_confidence]
+      @min_confidence = options[:min_confidence]
+    else
+      @min_confidence = Brakeman.get_defaults[:min_confidence]
+    end
+
     @warnings = []
     @template_warnings = []
     @model_warnings = []
@@ -31,18 +37,22 @@ class Brakeman::Checks
   #Add Warning to list of warnings to report.
   #Warnings are split into four different arrays
   #for template, controller, model, and generic warnings.
+  #
+  #Will not add warnings which are below the minimum confidence level.
   def add_warning warning
-    case warning.warning_set
-    when :template
-      @template_warnings << warning
-    when :warning
-      @warnings << warning
-    when :controller
-      @controller_warnings << warning
-    when :model
-      @model_warnings << warning
-    else
-      raise "Unknown warning: #{warning.warning_set}"
+    unless warning.confidence > @min_confidence
+      case warning.warning_set
+      when :template
+        @template_warnings << warning
+      when :warning
+        @warnings << warning
+      when :controller
+        @controller_warnings << warning
+      when :model
+        @model_warnings << warning
+      else
+        raise "Unknown warning: #{warning.warning_set}"
+      end
     end
   end
 
@@ -80,7 +90,7 @@ class Brakeman::Checks
 
   #Run checks sequentially
   def self.run_checks_sequential tracker
-    check_runner = self.new
+    check_runner = self.new :min_confidence => tracker.options[:min_confidence]
 
     @checks.each do |c|
       check_name = get_check_name c
@@ -111,7 +121,7 @@ class Brakeman::Checks
   def self.run_checks_parallel tracker
     threads = []
     
-    check_runner = self.new
+    check_runner = self.new :min_confidence => tracker.options[:min_confidence]
 
     @checks.each do |c|
       check_name = get_check_name c

data/lib/brakeman/checks/check_cross_site_scripting.rb

@@ -71,6 +71,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
   end
 
   def check_for_immediate_xss exp
+    return if duplicate? exp
+
     if exp[0] == :output
       out = exp[1]
     elsif exp[0] == :escaped_output and raw_call? exp
@@ -79,7 +81,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
 
     type, match = has_immediate_user_input? out
 
-    if type and not duplicate? exp
+    if type
       add_result exp
       case type
       when :params
@@ -102,7 +104,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
     elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(out)
       method = match[2]
 
-      unless duplicate? out or IGNORE_MODEL_METHODS.include? method
+      unless IGNORE_MODEL_METHODS.include? method
         add_result out
 
         if MODEL_METHODS.include? method or method.to_s =~ /^find_by/

data/lib/brakeman/checks/check_link_to.rb

@@ -34,6 +34,8 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
   end
 
   def process_result result
+    return if duplicate? result
+
     #Have to make a copy of this, otherwise it will be changed to
     #an ignored method call by the code above.
     call = result[:call] = result[:call].dup
@@ -58,19 +60,15 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
         message = "Unescaped user input value in link_to"
       end
 
-      unless duplicate? result
-        add_result result
-
-        warn :result => result,
-          :warning_type => "Cross Site Scripting", 
-          :message => message,
-          :confidence => CONFIDENCE[:high]
-      end
-
+      add_result result
+      warn :result => result,
+        :warning_type => "Cross Site Scripting", 
+        :message => message,
+        :confidence => CONFIDENCE[:high]
     elsif not tracker.options[:ignore_model_output] and match = has_immediate_model?(first_arg)
       method = match[2]
 
-      unless duplicate? result or IGNORE_MODEL_METHODS.include? method
+      unless IGNORE_MODEL_METHODS.include? method
         add_result result
 
         if MODEL_METHODS.include? method or method.to_s =~ /^find_by/
@@ -92,7 +90,7 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
         message = "Unescaped parameter value in link_to"
       end
 
-      if message and not duplicate? result
+      if message
         add_result result
 
         warn :result => result, 

data/lib/brakeman/checks/check_link_to_href.rb

@@ -0,0 +1,90 @@
+require 'brakeman/checks/check_cross_site_scripting'
+
+#Checks for calls to link_to which pass in potentially hazardous data
+#to the second argument.  While this argument must be html_safe to not break 
+#the html, it must also be url safe as determined by calling a 
+#:url_safe_method.  This prevents attacks such as javascript:evil() or 
+#data:<encoded XSS> which is html_safe, but not safe as an href
+#Props to Nick Green for the idea.
+class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
+  Brakeman::Checks.add self
+                        
+  @description = "Checks to see if values used for hrefs are sanitized using a :url_safe_method to protect against javascript:/data: XSS"
+
+  def run_check
+    @ignore_methods = Set.new([:button_to, :check_box,
+                           :field_field, :fields_for, :hidden_field,
+                           :hidden_field, :hidden_field_tag, :image_tag, :label,
+                           :mail_to, :radio_button, :select,
+                           :submit_tag, :text_area, :text_field,
+                           :text_field_tag, :url_encode, :url_for,
+                           :will_paginate] ).merge(tracker.options[:url_safe_methods] || [])
+
+    @models = tracker.models.keys
+    @inspect_arguments = tracker.options[:check_arguments]
+
+    methods = tracker.find_call :target => false, :method => :link_to 
+    methods.each do |call|
+      process_result call
+    end
+  end
+
+  def process_result result
+    #Have to make a copy of this, otherwise it will be changed to
+    #an ignored method call by the code above.
+    call = result[:call] = result[:call].dup
+    @matched = false
+    url_arg = process call[3][2]
+
+    #Ignore situations where the href is an interpolated string
+    #with something before the user input
+    return if node_type?(url_arg, :string_interp) && !url_arg[1].chomp.empty?
+
+    type, match = has_immediate_user_input? url_arg
+
+    if type
+      case type
+      when :params
+        message = "Unsafe parameter value in link_to href"
+      when :cookies
+        message = "Unsafe cookie value in link_to href"
+      else
+        message = "Unsafe user input value in link_to href"
+      end
+
+      unless duplicate? result
+        add_result result
+        warn :result => result,
+          :warning_type => "Cross Site Scripting", 
+          :message => message,
+          :confidence => CONFIDENCE[:high]
+      end
+    elsif has_immediate_model? url_arg
+
+      # Decided NOT warn on models.  polymorphic_path is called it a model is 
+      # passed to link_to (which passes it to url_for)
+
+    elsif hash? url_arg
+
+      # url_for uses the key/values pretty carefully and I don't see a risk.
+      # IF you have default routes AND you accept user input for :controller
+      # and :only_path, then MAYBE you could trigger a javascript:/data: 
+      # attack. 
+
+    elsif @matched
+      if @matched == :model and not tracker.options[:ignore_model_output]
+        message = "Unsafe model attribute in link_to href"
+      elsif @matched == :params
+        message = "Unsafe parameter value in link_to href"
+      end
+
+      if message and not duplicate? result
+        add_result result
+        warn :result => result, 
+          :warning_type => "Cross Site Scripting", 
+          :message => message,
+          :confidence => CONFIDENCE[:med]
+      end
+    end
+  end
+end

data/lib/brakeman/checks/check_mass_assignment.rb

@@ -30,7 +30,8 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
       :update_attributes, 
       :update_attributes!,
       :create,
-      :create!]
+      :create!,
+      :build]
 
     Brakeman.debug "Processing possible mass assignment calls"
     calls.each do |result|

data/lib/brakeman/checks/check_sql.rb

@@ -181,7 +181,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
     arg.each do |exp|
       #For now, don't warn on interpolation of Model.table_name
       #but check for other 'safe' things in the future
-      if sexp? exp and (exp.node_type == :string_eval or exp.node_type == :evstr)
+      if node_type? exp, :string_eval, :evstr
         if call? exp[1] and (model_name?(exp[1][1]) or exp[1][1].nil?) and exp[1][2] == :table_name
           return false
         end

data/lib/brakeman/options.rb

@@ -84,6 +84,11 @@ module Brakeman::Options
           options[:safe_methods].merge methods.map {|e| e.to_sym }
         end
 
+        opts.on "--url-safe-methods method1,method2,etc", Array, "Do not warn of XSS if the link_to href parameter is wrapped in a safe method" do |methods|
+          options[:url_safe_methods] ||= Set.new
+          options[:url_safe_methods].merge methods.map {|e| e.to_sym }
+        end        
+
         opts.on "--skip-files file1,file2,etc", Array, "Skip processing of these files" do |files|
           options[:skip_files] ||= Set.new
           options[:skip_files].merge files.map {|f| f.to_sym }

data/lib/brakeman/processors/controller_processor.rb

@@ -85,7 +85,7 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
             else
               Brakeman.debug "[Notice] Layout not found: #{name}"
             end
-          elsif sexp? args[-1] and (args[-1][0] == :nil or args[-1][0] == :false)
+          elsif node_type? args[-1], :nil, :false
             #layout :false or layout nil
             @controller[:layout] = false
           end
@@ -181,7 +181,7 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
       block_variable = :temp
     end
 
-    if sexp? exp[3] and exp[3].node_type == :block
+    if node_type? exp[3], :block
       block_inner = exp[3][1..-1]
     else
       block_inner = [exp[3]]

data/lib/brakeman/processors/erb_template_processor.rb

@@ -68,7 +68,7 @@ class Brakeman::ErbTemplateProcessor < Brakeman::TemplateProcessor
         res = process e
         if res.empty? or res == ignore
           nil
-        elsif sexp? res and res.node_type == :lvar and res[1] == :_erbout
+        elsif node_type?(res, :lvar) and res[1] == :_erbout
           nil
 
         else

data/lib/brakeman/processors/lib/find_all_calls.rb

@@ -138,7 +138,7 @@ class Brakeman::FindAllCalls < Brakeman::BaseProcessor
   #Returns method chain as an array
   #For example, User.human.alive.all would return [:User, :human, :alive, :all]
   def get_chain call
-    if sexp? call and (call.node_type == :call or call.node_type == :attrasgn)
+    if node_type? call, :call, :attrasgn
       get_chain(call[1]) + [call[2]]
     else
       [get_target(call)]

data/lib/brakeman/processors/lib/find_call.rb

@@ -107,7 +107,7 @@ class Brakeman::FindCall < Brakeman::BaseProcessor
     #  User.find(:first, :conditions => "user = '#{params['user']}').name
     #
     #A search for User.find will not match this unless @in_depth is true.
-    if @in_depth and sexp? exp[1] and exp[1][0] == :call
+    if @in_depth and node_type? exp[1], :call
       process exp[1]
     end
 

data/lib/brakeman/processors/lib/rails2_config_processor.rb

@@ -103,7 +103,7 @@ class Brakeman::Rails2ConfigProcessor < Brakeman::BaseProcessor
   #
   #  [:action_controller, :session_store]
   def get_rails_config exp
-    if sexp? exp and exp.node_type == :attrasgn
+    if node_type? exp, :attrasgn
       attribute = exp[2].to_s[0..-2].to_sym
       get_rails_config(exp[1]) << attribute
     elsif call? exp

data/lib/brakeman/processors/lib/rails2_route_processor.rb

@@ -89,7 +89,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BaseProcessor
       process_resource_options exp[-1]
     else
       exp.each do |argument|
-        if sexp? argument and argument.node_type == :lit
+        if node_type? argument, :lit
           self.current_controller = exp[0][1]
           add_resources_routes
           process_resource_options exp[-1]
@@ -165,7 +165,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BaseProcessor
       process_resource_options exp[-1]
     else
       exp.each do |argument|
-        if sexp? argument and argument.node_type == :lit
+        if node_type? argument, :lit
           self.current_controller = pluralize(exp[0][1].to_s)
           add_resource_routes
           process_resource_options exp[-1]

data/lib/brakeman/processors/lib/rails3_config_processor.rb

@@ -29,7 +29,7 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BaseProcessor
 
   #Look for MyApp::Application.configure do ... end
   def process_iter exp
-    if sexp?(exp[1][1]) and exp[1][1][0] == :colon2 and exp[1][1][2] == :Application
+    if node_type?(exp[1][1], :colon2) and exp[1][1][2] == :Application
       @inside_config = true
       process exp[-1] if sexp? exp[-1]
       @inside_config = false
@@ -100,7 +100,7 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BaseProcessor
   #
   #  [:action_controller, :session_store]
   def get_rails_config exp
-    if sexp? exp and exp.node_type == :attrasgn
+    if node_type? exp, :attrasgn
       attribute = exp[2].to_s[0..-2].to_sym
       get_rails_config(exp[1]) << attribute
     elsif call? exp

data/lib/brakeman/processors/lib/render_helper.rb

@@ -75,7 +75,7 @@ module Brakeman::RenderHelper
       #Process layout
       if string? options[:layout]
         process_template "layouts/#{options[:layout][1]}", nil
-      elsif sexp? options[:layout] and options[:layout][0] == :false
+      elsif node_type? options[:layout], :false
         #nothing
       elsif not template[:name].to_s.match(/[^\/_][^\/]+$/)
         #Don't do this for partials

data/lib/brakeman/processors/template_alias_processor.rb

@@ -40,7 +40,7 @@ class Brakeman::TemplateAliasProcessor < Brakeman::AliasProcessor
 
     #Check for e.g. Model.find.each do ... end
     if method == :each and args and block and model = get_model_target(target)
-      if sexp? args and args.node_type == :lasgn
+      if node_type? args, :lasgn
         if model == target[1]
           env[Sexp.new(:lvar, args[1])] = Sexp.new(:call, model, :new, Sexp.new(:arglist))
         else
@@ -50,7 +50,7 @@ class Brakeman::TemplateAliasProcessor < Brakeman::AliasProcessor
         process block if sexp? block
       end
     elsif FORM_METHODS.include? method
-      if sexp? args and args.node_type == :lasgn
+      if node_type? args, :lasgn
         env[Sexp.new(:lvar, args[1])] = Sexp.new(:call, Sexp.new(:const, :FormBuilder), :new, Sexp.new(:arglist)) 
 
         process block if sexp? block

data/lib/brakeman/report.rb

@@ -102,7 +102,6 @@ class Brakeman::Report
   def generate_warnings html = false
     table = Ruport::Data::Table(["Confidence", "Class", "Method", "Warning Type", "Message"])
     checks.warnings.each do |warning|
-      next if warning.confidence > tracker.options[:min_confidence]
       w = warning.to_row
 
       if html
@@ -132,7 +131,6 @@ class Brakeman::Report
     unless checks.template_warnings.empty?
       table = Ruport::Data::Table(["Confidence", "Template", "Warning Type", "Message"])
       checks.template_warnings.each do |warning|
-        next if warning.confidence > tracker.options[:min_confidence]
         w = warning.to_row :template
 
         if html
@@ -163,7 +161,6 @@ class Brakeman::Report
     unless checks.model_warnings.empty?
       table = Ruport::Data::Table(["Confidence", "Model", "Warning Type", "Message"])
       checks.model_warnings.each do |warning|
-        next if warning.confidence > tracker.options[:min_confidence]
         w = warning.to_row :model
 
         if html
@@ -194,7 +191,6 @@ class Brakeman::Report
     unless checks.controller_warnings.empty?
       table = Ruport::Data::Table(["Confidence", "Controller", "Warning Type", "Message"])
       checks.controller_warnings.each do |warning|
-        next if warning.confidence > tracker.options[:min_confidence]
         w = warning.to_row :controller
 
         if html
@@ -483,13 +479,10 @@ class Brakeman::Report
         checks.template_warnings].each do |warnings|
 
       warnings.each do |warning|
-        unless warning.confidence > tracker.options[:min_confidence]
+        summary[warning.warning_type.to_s] += 1
 
-          summary[warning.warning_type.to_s] += 1
-
-          if warning.confidence == 0
-            high_confidence_warnings += 1
-          end
+        if warning.confidence == 0
+          high_confidence_warnings += 1
         end
       end
     end
@@ -586,7 +579,6 @@ class Brakeman::Report
       [:model_warnings, "Model"], [:template_warnings, "Template"]].map do |meth, category|
 
       checks.send(meth).map do |w|
-        next if w.confidence > tracker.options[:min_confidence]
         line = w.line || 0
         w.warning_type.gsub!(/[^\w\s]/, ' ')
         "#{file_for w}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
@@ -618,4 +610,10 @@ class Brakeman::Report
       
     report
   end
+
+  def to_json
+    require 'json'
+
+    @checks.all_warnings.map { |w| w.to_hash }.to_json
+  end
 end

data/lib/brakeman/rescanner.rb

@@ -256,31 +256,34 @@ class Brakeman::RescanReport
   #Output total, fixed, and new warnings
   def to_s(verbose = false)
     if !verbose
-    <<-OUTPUT
+      <<-OUTPUT
 Total warnings: #{all_warnings.length}
 Fixed warnings: #{fixed_warnings.length}
 New warnings: #{new_warnings.length}
-    OUTPUT
+      OUTPUT
     else
-      existing_warnings = all_warnings - new_warnings
-
-      "".tap do |out|
-        {:fixed => fixed_warnings, :new => new_warnings, :existing => existing_warnings}.each do |warning_type, warnings|
-          if warnings.length > 0
-            out << "#{warning_type.to_s.titleize} warnings: #{warnings.length}\n"
-            table = Ruport::Data::Table(["Confidence", "Class", "Method", "Warning Type", "Message"])
-            warnings.sort_by{|w| w.confidence}.each do |warning|
-              next if warning.confidence > @tracker.options[:min_confidence]
-              w = warning.to_row
-              w["Confidence"] = Brakeman::Report::TEXT_CONFIDENCE[w["Confidence"]] if w["Confidence"].is_a?(Numeric)
-              table << warning.to_row
-            end
-            out << table.to_s
+      #Eventually move this to different method, or make default to_s
+      out = ""
+
+      {:fixed => fixed_warnings, :new => new_warnings, :existing => existing_warnings}.each do |warning_type, warnings|
+        if warnings.length > 0
+          out << "#{warning_type.to_s.titleize} warnings: #{warnings.length}\n"
+
+          table = Ruport::Data::Table(["Confidence", "Class", "Method", "Warning Type", "Message"])
+
+          warnings.sort_by { |w| w.confidence}.each do |warning|
+            w = warning.to_row
+
+            w["Confidence"] = Brakeman::Report::TEXT_CONFIDENCE[w["Confidence"]]
+
+            table << w
           end
 
+          out << table.to_s
         end
       end
 
+      out
     end
   end
 end

data/lib/brakeman/scanner.rb

@@ -300,9 +300,9 @@ class Brakeman::Scanner
         if tracker.config[:escape_html]
           type = :erubis
           if options[:rails3]
-            src = Brakeman::RailsXSSErubis.new(text).src
+            src = Brakeman::Rails3XSSErubis.new(text).src
           else
-            src = Brakeman::ErubisEscape.new(text).src
+            src = Brakeman::Rails2XSSErubis.new(text).src
           end
         elsif tracker.config[:erubis]
           type = :erubis
@@ -382,12 +382,13 @@ class Brakeman::Scanner
 end
 
 #This is from Rails 3 version of the Erubis handler
-class Brakeman::RailsXSSErubis < ::Erubis::Eruby
+class Brakeman::Rails3XSSErubis < ::Erubis::Eruby
 
   def add_preamble(src)
     # src << "_buf = ActionView::SafeBuffer.new;\n"
   end
 
+  #This is different from Rails 3 - fixes some line number issues
   def add_text(src, text)
     if text == "\n"
       src << "\n"
@@ -441,3 +442,54 @@ class Brakeman::RailsXSSErubis < ::Erubis::Eruby
   end
 end
 
+#This is from the rails_xss plugin for Rails 2
+class Brakeman::Rails2XSSErubis < ::Erubis::Eruby
+  def add_preamble(src)
+    #src << "@output_buffer = ActiveSupport::SafeBuffer.new;"
+  end
+
+  def add_text(src, text)
+    return if text.empty?
+    src << "@output_buffer.safe_concat('" << escape_text(text) << "');"
+  end
+
+  #This is different from rails_xss - fixes some line number issues
+  def add_text(src, text)
+    if text == "\n"
+      src << "\n"
+    elsif text.include? "\n"
+      lines = text.split("\n")
+      if text.match(/\n\z/)
+        lines.each do |line|
+          src << "@output_buffer.safe_concat('" << escape_text(line) << "');\n"
+        end
+      else
+        lines[0..-2].each do |line|
+          src << "@output_buffer.safe_concat('" << escape_text(line) << "');\n"
+        end
+
+        src << "@output_buffer.safe_concat('" << escape_text(lines.last) << "');"
+      end
+    else
+      src << "@output_buffer.safe_concat('" << escape_text(text) << "');"
+    end
+  end
+
+  BLOCK_EXPR = /\s+(do|\{)(\s*\|[^|]*\|)?\s*\Z/
+
+  def add_expr_literal(src, code)
+    if code =~ BLOCK_EXPR
+      src << "@output_buffer.safe_concat((" << $1 << ").to_s);"
+    else
+      src << '@output_buffer << ((' << code << ').to_s);'
+    end
+  end
+
+  def add_expr_escaped(src, code)
+    src << '@output_buffer << ' << escaped_expr(code) << ';'
+  end
+
+  def add_postamble(src)
+    #src << '@output_buffer.to_s'
+  end
+end

data/lib/brakeman/util.rb

@@ -192,6 +192,11 @@ module Brakeman::Util
     exp.is_a? Sexp
   end
 
+  #Check if _exp_ is a Sexp and the node type matches one of the given types.
+  def node_type? exp, *types
+    exp.is_a? Sexp and types.include? exp.node_type
+  end
+
   #Return file name related to given warning. Uses +warning.file+ if it exists
   def file_for warning, tracker = nil
     if tracker.nil?

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "1.3.0"
+  Version = "1.4.0"
 end

data/lib/brakeman/warning.rb

@@ -51,7 +51,7 @@ class Brakeman::Warning
   end
 
   def hash
-    self.format_message.hash
+    self.to_s.hash
   end
 
   def eql? other_warning
@@ -93,8 +93,6 @@ class Brakeman::Warning
 
   #Generates a hash suitable for inserting into a Ruport table
   def to_row type = :warning
-    return @row if @row
-
     @row = { "Confidence" => self.confidence,
       "Warning Type" => self.warning_type.to_s,
       "Message" => self.format_message }
@@ -122,4 +120,35 @@ class Brakeman::Warning
 
    output
   end
+
+  def to_hash
+    case @warning_set
+    when :template
+      location = { :type => :template, :template => self.view_name }
+    when :model
+      location = { :type => :model, :model => self.model }
+    when :controller
+      location = { :type => :controller, :controller => self.controller }
+    when :warning
+      if self.class
+        location = { :type => :method, :class => self.class, :method => self.method }
+      else
+        location = nil
+      end
+    end
+
+    { :warning_type => self.warning_type,
+      :message => self.message,
+      :file => self.file,
+      :code => (@code && self.format_code),
+      :location => location,
+      :confidence => TEXT_CONFIDENCE[self.confidence]
+    }
+  end
+
+  def to_json
+    require 'json'
+
+    JSON.dump self.to_hash
+  end
 end

metadata

@@ -1,134 +1,101 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: brakeman
-version: !ruby/object:Gem::Version 
-  hash: 27
+version: !ruby/object:Gem::Version
+  version: 1.4.0
   prerelease: 
-  segments: 
-  - 1
-  - 3
-  - 0
-  version: 1.3.0
 platform: ruby
-authors: 
+authors:
 - Justin Collins
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-02-09 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-02-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: activesupport
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: &78318730 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: i18n
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: *78318730
+- !ruby/object:Gem::Dependency
+  name: i18n
+  requirement: &78318500 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: ruby2ruby
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: *78318500
+- !ruby/object:Gem::Dependency
+  name: ruby2ruby
+  requirement: &78318250 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 2
-        version: "1.2"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: ruport
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: *78318250
+- !ruby/object:Gem::Dependency
+  name: ruport
+  requirement: &78318000 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 1
-        - 6
-        version: "1.6"
+      - !ruby/object:Gem::Version
+        version: '1.6'
   type: :runtime
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: erubis
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: *78318000
+- !ruby/object:Gem::Dependency
+  name: erubis
+  requirement: &78317770 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 2
-        - 6
-        version: "2.6"
+      - !ruby/object:Gem::Version
+        version: '2.6'
   type: :runtime
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: haml
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: *78317770
+- !ruby/object:Gem::Dependency
+  name: haml
+  requirement: &78317540 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        version: "3.0"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: sass
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
+  version_requirements: *78317540
+- !ruby/object:Gem::Dependency
+  name: sass
+  requirement: &78317310 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        version: "3.0"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
-  version_requirements: *id007
-description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
+  prerelease: false
+  version_requirements: *78317310
+description: Brakeman detects security vulnerabilities in Ruby on Rails applications
+  via static analysis.
 email: 
-executables: 
+executables:
 - brakeman
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - bin/brakeman
 - WARNING_TYPES
 - FEATURES
@@ -184,6 +151,7 @@ files:
 - lib/brakeman/checks/check_execute.rb
 - lib/brakeman/checks/check_filter_skipping.rb
 - lib/brakeman/checks/check_mail_to.rb
+- lib/brakeman/checks/check_link_to_href.rb
 - lib/brakeman/checks/base_check.rb
 - lib/brakeman/checks/check_file_access.rb
 - lib/brakeman/checks/check_response_splitting.rb
@@ -204,36 +172,26 @@ files:
 - lib/brakeman/format/style.css
 homepage: http://brakemanscanner.org
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
 rubygems_version: 1.8.15
 signing_key: 
 specification_version: 3
 summary: Security vulnerability scanner for Ruby on Rails.
 test_files: []
-