RubyGems - railroader - Versions diffs - 4.3.4 - Mend

railroader 4.3.4

Files changed (165) hide show

checksums.yaml +7 -0
data/CHANGES.md +1091 -0
data/FEATURES +16 -0
data/README.md +174 -0
data/bin/railroader +8 -0
data/lib/railroader/app_tree.rb +191 -0
data/lib/railroader/call_index.rb +219 -0
data/lib/railroader/checks/base_check.rb +505 -0
data/lib/railroader/checks/check_basic_auth.rb +88 -0
data/lib/railroader/checks/check_basic_auth_timing_attack.rb +33 -0
data/lib/railroader/checks/check_content_tag.rb +200 -0
data/lib/railroader/checks/check_create_with.rb +74 -0
data/lib/railroader/checks/check_cross_site_scripting.rb +381 -0
data/lib/railroader/checks/check_default_routes.rb +86 -0
data/lib/railroader/checks/check_deserialize.rb +56 -0
data/lib/railroader/checks/check_detailed_exceptions.rb +55 -0
data/lib/railroader/checks/check_digest_dos.rb +38 -0
data/lib/railroader/checks/check_divide_by_zero.rb +42 -0
data/lib/railroader/checks/check_dynamic_finders.rb +48 -0
data/lib/railroader/checks/check_escape_function.rb +21 -0
data/lib/railroader/checks/check_evaluation.rb +35 -0
data/lib/railroader/checks/check_execute.rb +189 -0
data/lib/railroader/checks/check_file_access.rb +71 -0
data/lib/railroader/checks/check_file_disclosure.rb +35 -0
data/lib/railroader/checks/check_filter_skipping.rb +31 -0
data/lib/railroader/checks/check_forgery_setting.rb +81 -0
data/lib/railroader/checks/check_header_dos.rb +31 -0
data/lib/railroader/checks/check_i18n_xss.rb +48 -0
data/lib/railroader/checks/check_jruby_xml.rb +36 -0
data/lib/railroader/checks/check_json_encoding.rb +47 -0
data/lib/railroader/checks/check_json_parsing.rb +107 -0
data/lib/railroader/checks/check_link_to.rb +132 -0
data/lib/railroader/checks/check_link_to_href.rb +146 -0
data/lib/railroader/checks/check_mail_to.rb +49 -0
data/lib/railroader/checks/check_mass_assignment.rb +196 -0
data/lib/railroader/checks/check_mime_type_dos.rb +39 -0
data/lib/railroader/checks/check_model_attr_accessible.rb +55 -0
data/lib/railroader/checks/check_model_attributes.rb +119 -0
data/lib/railroader/checks/check_model_serialize.rb +67 -0
data/lib/railroader/checks/check_nested_attributes.rb +38 -0
data/lib/railroader/checks/check_nested_attributes_bypass.rb +58 -0
data/lib/railroader/checks/check_number_to_currency.rb +74 -0
data/lib/railroader/checks/check_permit_attributes.rb +43 -0
data/lib/railroader/checks/check_quote_table_name.rb +40 -0
data/lib/railroader/checks/check_redirect.rb +256 -0
data/lib/railroader/checks/check_regex_dos.rb +68 -0
data/lib/railroader/checks/check_render.rb +97 -0
data/lib/railroader/checks/check_render_dos.rb +37 -0
data/lib/railroader/checks/check_render_inline.rb +53 -0
data/lib/railroader/checks/check_response_splitting.rb +21 -0
data/lib/railroader/checks/check_route_dos.rb +42 -0
data/lib/railroader/checks/check_safe_buffer_manipulation.rb +31 -0
data/lib/railroader/checks/check_sanitize_methods.rb +112 -0
data/lib/railroader/checks/check_secrets.rb +40 -0
data/lib/railroader/checks/check_select_tag.rb +59 -0
data/lib/railroader/checks/check_select_vulnerability.rb +60 -0
data/lib/railroader/checks/check_send.rb +47 -0
data/lib/railroader/checks/check_send_file.rb +19 -0
data/lib/railroader/checks/check_session_manipulation.rb +35 -0
data/lib/railroader/checks/check_session_settings.rb +176 -0
data/lib/railroader/checks/check_simple_format.rb +58 -0
data/lib/railroader/checks/check_single_quotes.rb +101 -0
data/lib/railroader/checks/check_skip_before_filter.rb +60 -0
data/lib/railroader/checks/check_sql.rb +700 -0
data/lib/railroader/checks/check_sql_cves.rb +106 -0
data/lib/railroader/checks/check_ssl_verify.rb +48 -0
data/lib/railroader/checks/check_strip_tags.rb +89 -0
data/lib/railroader/checks/check_symbol_dos.rb +71 -0
data/lib/railroader/checks/check_symbol_dos_cve.rb +30 -0
data/lib/railroader/checks/check_translate_bug.rb +45 -0
data/lib/railroader/checks/check_unsafe_reflection.rb +50 -0
data/lib/railroader/checks/check_unscoped_find.rb +57 -0
data/lib/railroader/checks/check_validation_regex.rb +116 -0
data/lib/railroader/checks/check_weak_hash.rb +148 -0
data/lib/railroader/checks/check_without_protection.rb +80 -0
data/lib/railroader/checks/check_xml_dos.rb +45 -0
data/lib/railroader/checks/check_yaml_parsing.rb +121 -0
data/lib/railroader/checks.rb +209 -0
data/lib/railroader/codeclimate/engine_configuration.rb +97 -0
data/lib/railroader/commandline.rb +179 -0
data/lib/railroader/differ.rb +66 -0
data/lib/railroader/file_parser.rb +54 -0
data/lib/railroader/format/style.css +133 -0
data/lib/railroader/options.rb +339 -0
data/lib/railroader/parsers/rails2_erubis.rb +6 -0
data/lib/railroader/parsers/rails2_xss_plugin_erubis.rb +48 -0
data/lib/railroader/parsers/rails3_erubis.rb +81 -0
data/lib/railroader/parsers/template_parser.rb +108 -0
data/lib/railroader/processor.rb +102 -0
data/lib/railroader/processors/alias_processor.rb +1229 -0
data/lib/railroader/processors/base_processor.rb +295 -0
data/lib/railroader/processors/config_processor.rb +14 -0
data/lib/railroader/processors/controller_alias_processor.rb +278 -0
data/lib/railroader/processors/controller_processor.rb +249 -0
data/lib/railroader/processors/erb_template_processor.rb +77 -0
data/lib/railroader/processors/erubis_template_processor.rb +92 -0
data/lib/railroader/processors/gem_processor.rb +64 -0
data/lib/railroader/processors/haml_template_processor.rb +191 -0
data/lib/railroader/processors/lib/basic_processor.rb +37 -0
data/lib/railroader/processors/lib/call_conversion_helper.rb +90 -0
data/lib/railroader/processors/lib/find_all_calls.rb +224 -0
data/lib/railroader/processors/lib/find_call.rb +183 -0
data/lib/railroader/processors/lib/find_return_value.rb +166 -0
data/lib/railroader/processors/lib/module_helper.rb +111 -0
data/lib/railroader/processors/lib/processor_helper.rb +88 -0
data/lib/railroader/processors/lib/rails2_config_processor.rb +145 -0
data/lib/railroader/processors/lib/rails2_route_processor.rb +313 -0
data/lib/railroader/processors/lib/rails3_config_processor.rb +132 -0
data/lib/railroader/processors/lib/rails3_route_processor.rb +308 -0
data/lib/railroader/processors/lib/render_helper.rb +181 -0
data/lib/railroader/processors/lib/render_path.rb +107 -0
data/lib/railroader/processors/lib/route_helper.rb +68 -0
data/lib/railroader/processors/lib/safe_call_helper.rb +16 -0
data/lib/railroader/processors/library_processor.rb +74 -0
data/lib/railroader/processors/model_processor.rb +91 -0
data/lib/railroader/processors/output_processor.rb +144 -0
data/lib/railroader/processors/route_processor.rb +17 -0
data/lib/railroader/processors/slim_template_processor.rb +111 -0
data/lib/railroader/processors/template_alias_processor.rb +118 -0
data/lib/railroader/processors/template_processor.rb +85 -0
data/lib/railroader/report/config/remediation.yml +71 -0
data/lib/railroader/report/ignore/config.rb +153 -0
data/lib/railroader/report/ignore/interactive.rb +362 -0
data/lib/railroader/report/pager.rb +112 -0
data/lib/railroader/report/renderer.rb +24 -0
data/lib/railroader/report/report_base.rb +292 -0
data/lib/railroader/report/report_codeclimate.rb +79 -0
data/lib/railroader/report/report_csv.rb +55 -0
data/lib/railroader/report/report_hash.rb +23 -0
data/lib/railroader/report/report_html.rb +216 -0
data/lib/railroader/report/report_json.rb +45 -0
data/lib/railroader/report/report_markdown.rb +107 -0
data/lib/railroader/report/report_table.rb +117 -0
data/lib/railroader/report/report_tabs.rb +17 -0
data/lib/railroader/report/report_text.rb +198 -0
data/lib/railroader/report/templates/controller_overview.html.erb +22 -0
data/lib/railroader/report/templates/controller_warnings.html.erb +21 -0
data/lib/railroader/report/templates/error_overview.html.erb +29 -0
data/lib/railroader/report/templates/header.html.erb +58 -0
data/lib/railroader/report/templates/ignored_warnings.html.erb +25 -0
data/lib/railroader/report/templates/model_warnings.html.erb +21 -0
data/lib/railroader/report/templates/overview.html.erb +38 -0
data/lib/railroader/report/templates/security_warnings.html.erb +23 -0
data/lib/railroader/report/templates/template_overview.html.erb +21 -0
data/lib/railroader/report/templates/view_warnings.html.erb +34 -0
data/lib/railroader/report/templates/warning_overview.html.erb +17 -0
data/lib/railroader/report.rb +88 -0
data/lib/railroader/rescanner.rb +483 -0
data/lib/railroader/scanner.rb +321 -0
data/lib/railroader/tracker/collection.rb +93 -0
data/lib/railroader/tracker/config.rb +154 -0
data/lib/railroader/tracker/constants.rb +171 -0
data/lib/railroader/tracker/controller.rb +161 -0
data/lib/railroader/tracker/library.rb +17 -0
data/lib/railroader/tracker/model.rb +90 -0
data/lib/railroader/tracker/template.rb +33 -0
data/lib/railroader/tracker.rb +362 -0
data/lib/railroader/util.rb +503 -0
data/lib/railroader/version.rb +3 -0
data/lib/railroader/warning.rb +294 -0
data/lib/railroader/warning_codes.rb +117 -0
data/lib/railroader.rb +544 -0
data/lib/ruby_parser/bm_sexp.rb +626 -0
data/lib/ruby_parser/bm_sexp_processor.rb +116 -0
metadata +386 -0

data/lib/railroader/report/pager.rb ADDED Viewed

@@ -0,0 +1,112 @@
+module Railroader
+  class Pager
+    def initialize tracker, pager = :less, output = $stdout
+      @tracker = tracker
+      @pager = pager
+      @output = output
+    end
+    def page_report report, format
+      if @pager == :less
+        set_color
+      end
+      text = report.format(format)
+      if in_ci?
+        no_pager text
+      else
+        page_output text
+      end
+    end
+    def page_output text
+      case @pager
+      when :none
+        no_pager text
+      when :highline
+        page_via_highline text
+      when :less
+        if less_available?
+          page_via_less text
+        else
+          page_via_highline text
+        end
+      else
+        no_pager text
+      end
+    end
+    def no_pager text
+      @output.puts text
+    end
+    def page_via_highline text
+      Railroader.load_railroader_dependency 'highline'
+      h = ::HighLine.new($stdin, @output)
+      h.page_at = :auto
+      h.say text
+    end
+    def page_via_less text
+      # Adapted from https://github.com/piotrmurach/tty-pager/
+      write_io = open("|less #{less_options.join}", 'w')
+      pid = write_io.pid
+      write_io.write(text)
+      write_io.close
+      Process.waitpid2(pid, Process::WNOHANG)
+    rescue Errno::ECHILD
+      # on jruby 9x waiting on pid raises (per tty-pager)
+      true
+    rescue => e
+      warn "[Error] #{e}"
+      warn "[Error] Could not use pager. Set --no-pager to avoid this issue."
+      no_pager text
+    end
+    def in_ci?
+      ci = ENV["CI"]
+      ci.is_a? String and ci.downcase == "true"
+    end
+    def less_available?
+      return @less_available unless @less_available.nil?
+      @less_available = system("which less > /dev/null")
+    end
+    def less_options
+      # -R show colors
+      # -F exit if output fits on one screen
+      # -X do not clear screen after less exits
+      return @less_options if @less_options
+      @less_options = []
+      if system("which less > /dev/null")
+        less_help = `less -?`
+        ["-R ", "-F ", "-X "].each do |opt|
+          if less_help.include? opt
+            @less_options << opt
+          end
+        end
+      end
+      @less_options
+    end
+    def set_color
+      return unless @tracker
+      unless less_options.include? "-R " or @tracker.options[:output_color] == :force
+        @tracker.options[:output_color] = false
+      end
+    end
+  end
+end

data/lib/railroader/report/renderer.rb ADDED Viewed

@@ -0,0 +1,24 @@
+require 'erb'
+class Railroader::Report
+  class Renderer
+    def initialize(template_file, hash = {})
+      hash[:locals] ||= {}
+      singleton = class << self; self end
+      hash[:locals].each do |attribute_name, attribute_value|
+        singleton.send(:define_method, attribute_name) { attribute_value }
+      end
+      # There are last, so as to make overwriting these using locals impossible.
+      singleton.send(:define_method, 'template_file') { template_file }
+      singleton.send(:define_method, 'template') {
+        File.read(File.expand_path("templates/#{template_file}.html.erb", File.dirname(__FILE__)))
+      }
+    end
+    def render
+      ERB.new(template).result(binding)
+    end
+  end
+end

data/lib/railroader/report/report_base.rb ADDED Viewed

@@ -0,0 +1,292 @@
+require 'set'
+require 'railroader/util'
+require 'railroader/version'
+require 'railroader/report/renderer'
+require 'railroader/processors/output_processor'
+require 'railroader/warning'
+# Base class for report formats
+class Railroader::Report::Base
+  include Railroader::Util
+  attr_reader :tracker, :checks
+  TEXT_CONFIDENCE = Railroader::Warning::TEXT_CONFIDENCE
+  def initialize app_tree, tracker
+    @app_tree = app_tree
+    @tracker = tracker
+    @checks = tracker.checks
+    @ignore_filter = tracker.ignored_filter
+    @highlight_user_input = tracker.options[:highlight_user_input]
+    @warnings_summary = nil
+  end
+  #Generate table of how many warnings of each warning type were reported
+  def generate_warning_overview
+    types = warnings_summary.keys
+    types.delete :high_confidence
+    values = types.sort.collect{|warning_type| [warning_type, warnings_summary[warning_type]] }
+    locals = {:types => types, :warnings_summary => warnings_summary}
+    render_array('warning_overview', ['Warning Type', 'Total'], values, locals)
+  end
+  #Generate table of controllers and routes found for those controllers
+  def generate_controllers
+    controller_rows = []
+    tracker.controllers.keys.map{|k| k.to_s}.sort.each do |name|
+      name = name.to_sym
+      c = tracker.controllers[name]
+      if tracker.routes.include? :allow_all_actions or (tracker.routes[name] and tracker.routes[name].include? :allow_all_actions)
+        routes = c.methods_public.keys.map{|e| e.to_s}.sort.join(", ")
+      elsif tracker.routes[name].nil?
+        #No routes defined for this controller.
+        #This can happen when it is only a parent class
+        #for other controllers, for example.
+        routes = "[None]"
+      else
+        routes = (Set.new(c.methods_public.keys) & tracker.routes[name.to_sym]).
+          to_a.
+          map {|e| e.to_s}.
+          sort.
+          join(", ")
+      end
+      if routes == ""
+        routes = "[None]"
+      end
+      controller_rows << { "Name" => name.to_s,
+        "Parent" => c.parent.to_s,
+        "Includes" => c.includes.join(", "),
+        "Routes" => routes
+      }
+    end
+    cols = ['Name', 'Parent', 'Includes', 'Routes']
+    locals = {:controller_rows => controller_rows}
+    values = controller_rows.collect{|row| row.values_at(*cols) }
+    render_array('controller_overview', cols, values, locals)
+  end
+  #Generate table of errors or return nil if no errors
+  def generate_errors
+    values = tracker.errors.collect{|error| [error[:error], error[:backtrace][0]]}
+    render_array('error_overview', ['Error', 'Location'], values, {:tracker => tracker})
+  end
+  def generate_obsolete
+    values = tracker.unused_fingerprints.collect{|fingerprint| [fingerprint] }
+    render_array('obsolete_ignore_entries', ['fingerprint'], values, {:tracker => tracker})
+  end
+  def generate_warnings
+    render_warnings generic_warnings,
+                    :warning,
+                    'security_warnings',
+                    ["Confidence", "Class", "Method", "Warning Type", "Message"],
+                    'Class'
+  end
+  #Generate table of template warnings or return nil if no warnings
+  def generate_template_warnings
+    render_warnings template_warnings,
+                    :template,
+                    'view_warnings',
+                    ['Confidence', 'Template', 'Warning Type', 'Message'],
+                    'Template'
+  end
+  #Generate table of model warnings or return nil if no warnings
+  def generate_model_warnings
+    render_warnings model_warnings,
+                    :model,
+                    'model_warnings',
+                    ['Confidence', 'Model', 'Warning Type', 'Message'],
+                    'Model'
+  end
+  #Generate table of controller warnings or nil if no warnings
+  def generate_controller_warnings
+    render_warnings controller_warnings,
+                    :controller,
+                    'controller_warnings',
+                    ['Confidence', 'Controller', 'Warning Type', 'Message'],
+                    'Controller'
+  end
+  def generate_ignored_warnings
+    render_warnings ignored_warnings,
+                    :ignored,
+                    'ignored_warnings',
+                    ['Confidence', 'Warning Type', 'File', 'Message'],
+                    'Warning Type'
+  end
+  def render_warnings warnings, type, template, cols, sort_col
+    unless warnings.empty?
+      rows = sort(convert_to_rows(warnings, type), sort_col)
+      values = rows.collect { |row| row.values_at(*cols) }
+      locals = { :warnings => rows }
+      render_array(template, cols, values, locals)
+    else
+      nil
+    end
+  end
+  def convert_to_rows warnings, type = :warning
+    warnings.map do |warning|
+      w = warning.to_row type
+      case type
+      when :warning
+        convert_warning w, warning
+      when :template
+        convert_template_warning w, warning
+      when :model
+        convert_model_warning w, warning
+      when :controller
+        convert_controller_warning w, warning
+      when :ignored
+        convert_ignored_warning w, warning
+      end
+    end
+  end
+  def convert_warning warning, original
+    warning["Confidence"] = TEXT_CONFIDENCE[warning["Confidence"]]
+    warning["Message"] = text_message original, warning["Message"]
+    warning
+  end
+  def convert_template_warning warning, original
+    convert_warning warning, original
+  end
+  def convert_model_warning warning, original
+    convert_warning warning, original
+  end
+  def convert_controller_warning warning, original
+    convert_warning warning, original
+  end
+  def convert_ignored_warning warning, original
+    convert_warning warning, original
+  end
+  def sort rows, sort_col
+    stabilizer = 0
+    rows.sort_by do |row|
+      stabilizer += 1
+      row.values_at("Confidence", "Warning Type", sort_col) << stabilizer
+    end
+  end
+  #Return summary of warnings in hash and store in @warnings_summary
+  def warnings_summary
+    return @warnings_summary if @warnings_summary
+    summary = Hash.new(0)
+    high_confidence_warnings = 0
+    [all_warnings].each do |warnings|
+      warnings.each do |warning|
+        summary[warning.warning_type.to_s] += 1
+        high_confidence_warnings += 1 if warning.confidence == 0
+      end
+    end
+    summary[:high_confidence] = high_confidence_warnings
+    @warnings_summary = summary
+  end
+  def all_warnings
+    if @ignore_filter
+      @all_warnings ||= @ignore_filter.shown_warnings
+    else
+      @all_warnings ||= tracker.checks.all_warnings
+    end
+  end
+  def filter_warnings warnings
+    if @ignore_filter
+      warnings.reject do |w|
+        @ignore_filter.ignored? w
+      end
+    else
+      warnings
+    end
+  end
+  def generic_warnings
+    filter_warnings tracker.checks.warnings
+  end
+  def template_warnings
+    filter_warnings tracker.checks.template_warnings
+  end
+  def model_warnings
+    filter_warnings tracker.checks.model_warnings
+  end
+  def controller_warnings
+    filter_warnings tracker.checks.controller_warnings
+  end
+  def ignored_warnings
+    if @ignore_filter
+      @ignore_filter.ignored_warnings
+    else
+      []
+    end
+  end
+  def number_of_templates tracker
+    Set.new(tracker.templates.map {|k,v| v.name.to_s[/[^.]+/]}).length
+  end
+  def warning_file warning, absolute = @tracker.options[:absolute_paths]
+    return nil if warning.file.nil?
+    if absolute
+      warning.file
+    else
+      relative_path warning.file
+    end
+  end
+  def rails_version
+    case
+    when tracker.config.rails_version
+      tracker.config.rails_version
+    when tracker.options[:rails4]
+      "4.x"
+    when tracker.options[:rails3]
+      "3.x"
+    else
+      "Unknown"
+    end
+  end
+  #Escape warning message and highlight user input in text output
+  def text_message warning, message
+    if @highlight_user_input and warning.user_input
+      user_input = warning.format_user_input
+      message.gsub(user_input, "+#{user_input}+")
+    else
+      message
+    end
+  end
+end

data/lib/railroader/report/report_codeclimate.rb ADDED Viewed

@@ -0,0 +1,79 @@
+require "json"
+require "yaml"
+require "pathname"
+class Railroader::Report::CodeClimate < Railroader::Report::Base
+  DOCUMENTATION_PATH = File.expand_path("../../../../docs/warning_types", __FILE__)
+  REMEDIATION_POINTS_CONFIG_PATH = File.expand_path("../config/remediation.yml", __FILE__)
+  REMEDIATION_POINTS_DEFAULT = 300_000
+  def generate_report
+    all_warnings.map { |warning| issue_json(warning) }.join("\0")
+  end
+  private
+  def issue_json(warning)
+    warning_code_name = name_for(warning.warning_code)
+    {
+      type: "Issue",
+      check_name: warning_code_name,
+      description: warning.message,
+      fingerprint: warning.fingerprint,
+      categories: ["Security"],
+      severity: severity_level_for(warning.confidence),
+      remediation_points: remediation_points_for(warning_code_name),
+      location: {
+        path: file_path(warning),
+        lines: {
+          begin: warning.line || 1,
+          end: warning.line || 1,
+        }
+      },
+      content: {
+        body: content_for(warning.warning_code, warning.link)
+      }
+    }.to_json
+  end
+  def severity_level_for(confidence)
+    if confidence == 0
+      "critical"
+    else
+      "normal"
+    end
+  end
+  def remediation_points_for(warning_code)
+    @remediation_points ||= YAML.load_file(REMEDIATION_POINTS_CONFIG_PATH)
+    @remediation_points.fetch(name_for(warning_code), REMEDIATION_POINTS_DEFAULT)
+  end
+  def name_for(warning_code)
+    @warning_codes ||= Railroader::WarningCodes::Codes.invert
+    @warning_codes[warning_code].to_s
+  end
+  def content_for(warning_code, link)
+    @contents ||= {}
+    unless link.nil?
+      @contents[warning_code] ||= local_content_for(link) || "Read more: #{link}"
+    end
+  end
+  def local_content_for(link)
+    directory = link.split("/").last
+    filename = File.join(DOCUMENTATION_PATH, directory, "index.markdown")
+    File.read(filename) if File.exist?(filename)
+  end
+  def file_path(warning)
+    fp = Pathname.new(warning.relative_path)
+    if tracker.options[:path_prefix]
+      fp = Pathname.new(tracker.options[:path_prefix]) + fp
+    end
+    fp.to_s
+  end
+end

data/lib/railroader/report/report_csv.rb ADDED Viewed

@@ -0,0 +1,55 @@
+require 'csv'
+require "railroader/report/report_table"
+class Railroader::Report::CSV < Railroader::Report::Table
+  def generate_report
+    output = csv_header
+    output << "\nSUMMARY\n"
+    output << table_to_csv(generate_overview) << "\n"
+    output << table_to_csv(generate_warning_overview) << "\n"
+    #Return output early if only summarizing
+    if tracker.options[:summary_only]
+      return output
+    end
+    if tracker.options[:report_routes] or tracker.options[:debug]
+      output << "CONTROLLERS\n"
+      output << table_to_csv(generate_controllers) << "\n"
+    end
+    if tracker.options[:debug]
+      output << "TEMPLATES\n\n"
+      output << table_to_csv(generate_templates) << "\n"
+    end
+    res = generate_errors
+    output << "ERRORS\n" << table_to_csv(res) << "\n" if res
+    res = generate_warnings
+    output << "SECURITY WARNINGS\n" << table_to_csv(res) << "\n" if res
+    output << "Controller Warnings\n"
+    res = generate_controller_warnings
+    output << table_to_csv(res) << "\n" if res
+    output << "Model Warnings\n"
+    res = generate_model_warnings
+    output << table_to_csv(res) << "\n" if res
+    res = generate_template_warnings
+    output << "Template Warnings\n"
+    output << table_to_csv(res) << "\n" if res
+    output
+  end
+  #Generate header for CSV output
+  def csv_header
+    header = CSV.generate_line(["Application Path", "Report Generation Time", "Checks Performed", "Rails Version"])
+    header << CSV.generate_line([File.expand_path(tracker.app_path), Time.now.to_s, checks.checks_run.sort.join(", "), rails_version])
+    "BRAKEMAN REPORT\n\n" + header
+  end
+end

data/lib/railroader/report/report_hash.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# Generates a hash table for use in Railroader tests
+class Railroader::Report::Hash < Railroader::Report::Base
+  def generate_report
+    report = { :errors => tracker.errors,
+               :controllers => tracker.controllers,
+               :models => tracker.models,
+               :templates => tracker.templates
+              }
+    [:generic_warnings, :controller_warnings, :model_warnings, :template_warnings].each do |meth|
+      report[meth] = self.send(meth)
+      report[meth].each do |w|
+        w.message = w.format_message
+        w.context = context_for(@app_tree, w).join("\n")
+      end
+    end
+    report[:config] = tracker.config
+    report[:checks_run] = tracker.checks.checks_run
+    report
+  end
+end