railroader 4.3.4

data/lib/railroader/report/report_html.rb

@@ -0,0 +1,216 @@
+require 'cgi'
+
+class Railroader::Report::HTML < Railroader::Report::Base
+  HTML_CONFIDENCE = [ "<span class='high-confidence'>High</span>",
+    "<span class='med-confidence'>Medium</span>",
+    "<span class='weak-confidence'>Weak</span>" ]
+
+  def initialize *args
+    super
+
+    @element_id = 0 #Used for HTML ids
+  end
+
+  def generate_report
+    out = html_header <<
+    generate_overview <<
+    generate_warning_overview.to_s
+
+    # Return early if only summarizing
+    return out if tracker.options[:summary_only]
+
+    out << generate_controllers.to_s if tracker.options[:report_routes] or tracker.options[:debug]
+    out << generate_templates.to_s if tracker.options[:debug]
+    out << generate_errors.to_s
+    out << generate_warnings.to_s
+    out << generate_controller_warnings.to_s
+    out << generate_model_warnings.to_s
+    out << generate_template_warnings.to_s
+    out << generate_ignored_warnings.to_s
+    out << "</body></html>"
+  end
+
+  def generate_overview
+      locals = {
+        :tracker => tracker,
+        :warnings => all_warnings.length,
+        :warnings_summary => warnings_summary,
+        :number_of_templates => number_of_templates(@tracker),
+        :ignored_warnings => ignored_warnings.length
+        }
+
+      Railroader::Report::Renderer.new('overview', :locals => locals).render
+  end
+
+  #Generate listings of templates and their output
+  def generate_templates
+    out_processor = Railroader::OutputProcessor.new
+    template_rows = {}
+    tracker.templates.each do |name, template|
+      template.each_output do |out|
+        out = CGI.escapeHTML(out_processor.format(out))
+        template_rows[name] ||= []
+        template_rows[name] << out.gsub("\n", ";").gsub(/\s+/, " ")
+      end
+    end
+
+    template_rows = template_rows.sort_by{|name, value| name.to_s}
+
+      Railroader::Report::Renderer.new('template_overview', :locals => {:template_rows => template_rows}).render
+  end
+
+  def render_array template, headings, value_array, locals
+    return if value_array.empty?
+
+    Railroader::Report::Renderer.new(template, :locals => locals).render
+  end
+
+  def convert_warning warning, original
+    warning["Confidence"] = HTML_CONFIDENCE[warning["Confidence"]]
+    warning["Message"] = with_context original, warning["Message"]
+    warning["Warning Type"] = with_link original, warning["Warning Type"]
+    warning
+  end
+
+  def with_link warning, message
+    "<a rel=\"no-referrer\" href=\"#{warning.link}\">#{message}</a>"
+  end
+
+  def convert_template_warning warning, original
+    warning["Confidence"] = HTML_CONFIDENCE[warning["Confidence"]]
+    warning["Message"] = with_context original, warning["Message"]
+    warning["Warning Type"] = with_link original, warning["Warning Type"]
+    warning["Called From"] = original.called_from
+    warning["Template Name"] = original.template.name
+    warning
+  end
+
+  def convert_ignored_warning warning, original
+    warning = convert_warning(warning, original)
+    warning['File'] = original.relative_path
+    warning['Note'] = CGI.escapeHTML(@ignore_filter.note_for(original) || "")
+    warning
+  end
+
+  #Return header for HTML output. Uses CSS from tracker.options[:html_style]
+  def html_header
+    if File.exist? tracker.options[:html_style]
+      css = File.read tracker.options[:html_style]
+    else
+      raise "Cannot find CSS stylesheet for HTML: #{tracker.options[:html_style]}"
+    end
+
+    locals = {
+      :css => css,
+      :tracker => tracker,
+      :checks => checks,
+      :rails_version => rails_version,
+      :railroader_version => Railroader::Version
+      }
+
+    Railroader::Report::Renderer.new('header', :locals => locals).render
+  end
+
+  #Generate HTML for warnings, including context show/hidden via Javascript
+  def with_context warning, message
+    context = context_for(@app_tree, warning)
+    full_message = nil
+
+    if tracker.options[:message_limit] and tracker.options[:message_limit] > 0 and message.length > tracker.options[:message_limit]
+      full_message = html_message(warning, message)
+      message = message[0..tracker.options[:message_limit]] << "..."
+    end
+
+    message = html_message(warning, message)
+    return message if context.empty? and not full_message
+
+    @element_id += 1
+    code_id = "context#@element_id"
+    message_id = "message#@element_id"
+    full_message_id = "full_message#@element_id"
+    alt = false
+    output = "<div class='warning_message' onClick=\"toggle('#{code_id}');toggle('#{message_id}');toggle('#{full_message_id}')\" >" <<
+    if full_message
+      "<span id='#{message_id}' style='display:block' >#{message}</span>" <<
+      "<span id='#{full_message_id}' style='display:none'>#{full_message}</span>"
+    else
+      message
+    end <<
+    "<table id='#{code_id}' class='context' style='display:none'>" <<
+    "<caption>#{CGI.escapeHTML warning_file(warning) || ''}</caption>"
+
+    output << <<-HTML
+      <thead style='display:none'>
+        <tr>
+          <th>line number</th>
+          <th>line content</th>
+        </tr>
+      </thead>
+      <tbody>
+    HTML
+
+    unless context.empty?
+      if warning.line - 1 == 1 or warning.line + 1 == 1
+        error = " near_error"
+      elsif 1 == warning.line
+        error = " error"
+      else
+        error = ""
+      end
+
+      output << <<-HTML
+        <tr class='context first#{error}'>
+          <td class='context_line'>
+            <pre class='context'>#{context.first[0]}</pre>
+          </td>
+          <td class='context'>
+            <pre class='context'>#{CGI.escapeHTML context.first[1].chomp}</pre>
+          </td>
+        </tr>
+      HTML
+
+      if context.length > 1
+        output << context[1..-1].map do |code|
+          alt = !alt
+          if code[0] == warning.line - 1 or code[0] == warning.line + 1
+            error = " near_error"
+          elsif code[0] == warning.line
+            error = " error"
+          else
+            error = ""
+          end
+
+          <<-HTML
+          <tr class='context#{alt ? ' alt' : ''}#{error}'>
+            <td class='context_line'>
+              <pre class='context'>#{code[0]}</pre>
+            </td>
+            <td class='context'>
+              <pre class='context'>#{CGI.escapeHTML code[1].chomp}</pre>
+            </td>
+          </tr>
+          HTML
+        end.join
+      end
+    end
+
+    output << "</tbody></table></div>"
+  end
+
+  #Escape warning message and highlight user input in HTML output
+  def html_message warning, message
+    message = CGI.escapeHTML(message)
+
+    if warning.file
+      github_url = github_url warning.file, warning.line
+      message.gsub!(/(near line \d+)/, "<a href=\"#{github_url}\" target='_blank'>\\1</a>") if github_url
+    end
+
+    if @highlight_user_input and warning.user_input
+      user_input = CGI.escapeHTML(warning.format_user_input)
+      message.gsub!(user_input, "<span class=\"user_input\">#{user_input}</span>")
+    end
+
+    message
+  end
+end

data/lib/railroader/report/report_json.rb

@@ -0,0 +1,45 @@
+class Railroader::Report::JSON < Railroader::Report::Base
+  def generate_report
+    errors = tracker.errors.map{|e| { :error => e[:error], :location => e[:backtrace][0] }}
+
+    obsolete = tracker.unused_fingerprints
+
+    warnings = convert_to_hashes all_warnings
+
+    ignored = convert_to_hashes ignored_warnings
+
+    scan_info = {
+      :app_path => tracker.app_path,
+      :rails_version => rails_version,
+      :security_warnings => all_warnings.length,
+      :start_time => tracker.start_time.to_s,
+      :end_time => tracker.end_time.to_s,
+      :duration => tracker.duration,
+      :checks_performed => checks.checks_run.sort,
+      :number_of_controllers => tracker.controllers.length,
+      # ignore the "fake" model
+      :number_of_models => tracker.models.length - 1,
+      :number_of_templates => number_of_templates(@tracker),
+      :ruby_version => RUBY_VERSION,
+      :railroader_version => Railroader::Version
+    }
+
+    report_info = {
+      :scan_info => scan_info,
+      :warnings => warnings,
+      :ignored_warnings => ignored,
+      :errors => errors,
+      :obsolete => obsolete
+    }
+
+    JSON.pretty_generate report_info
+  end
+
+  def convert_to_hashes warnings
+    warnings.map do |w|
+      hash = w.to_hash
+      hash[:file] = warning_file w
+      hash
+    end.sort_by { |w| "#{w[:fingerprint]}#{w[:line]}" }
+  end
+end

data/lib/railroader/report/report_markdown.rb

@@ -0,0 +1,107 @@
+require 'railroader/report/report_table'
+
+class Railroader::Report::Markdown < Railroader::Report::Table
+
+  class MarkdownTable < Terminal::Table
+
+    def initialize options = {}, &block
+      options[:style] ||= {}
+      options[:style].merge!({
+          :border_x => '-',
+          :border_y => '|',
+          :border_i => '|'
+      })
+      super options, &block
+    end
+
+    def render
+      super.split("\n")[1...-1].join("\n")
+    end
+    alias :to_s :render
+
+  end
+
+  def initialize *args
+    super
+    @table = MarkdownTable
+  end
+
+  def generate_report
+    out = "# BRAKEMAN REPORT\n\n" <<
+    generate_metadata.to_s << "\n\n" <<
+    generate_checks.to_s << "\n\n" <<
+    "### SUMMARY\n\n" <<
+    generate_overview.to_s << "\n\n" <<
+    generate_warning_overview.to_s << "\n\n"
+
+    #Return output early if only summarizing
+    return out if tracker.options[:summary_only]
+
+    if tracker.options[:report_routes] or tracker.options[:debug]
+      out << "### CONTROLLERS"  << "\n\n" <<
+      generate_controllers.to_s << "\n\n"
+    end
+
+    if tracker.options[:debug]
+      out << "### TEMPLATES\n\n" <<
+      generate_templates.to_s << "\n\n"
+    end
+
+    output_table("Errors", generate_errors, out)
+    output_table("SECURITY WARNINGS", generate_warnings, out)
+    output_table("Controller Warnings:", generate_controller_warnings, out)
+    output_table("Model Warnings:", generate_model_warnings, out)
+    output_table("View Warnings:", generate_template_warnings, out)
+
+    out
+  end
+
+  def output_table title, result, output
+    return unless result
+
+    output << "### #{title}\n\n#{result.to_s}\n\n"
+  end
+
+  def generate_metadata
+    MarkdownTable.new(
+      :headings =>
+        ['Application path', 'Rails version', 'Railroader version', 'Started at', 'Duration']
+    ) do |t|
+      t.add_row([
+        tracker.app_path,
+        rails_version,
+        Railroader::Version,
+        tracker.start_time,
+        "#{tracker.duration} seconds",
+      ])
+    end
+  end
+
+  def generate_checks
+    MarkdownTable.new(:headings => ['Checks performed']) do |t|
+      t.add_row([checks.checks_run.sort.join(", ")])
+    end
+  end
+
+  def convert_warning warning, original
+    warning["Confidence"] = TEXT_CONFIDENCE[warning["Confidence"]]
+    warning["Message"] = markdown_message original, warning["Message"]
+    warning["Warning Type"] = "[#{warning['Warning Type']}](#{original.link})" if original.link
+    warning
+  end
+
+  # Escape and code format warning message
+  def markdown_message warning, message
+    if warning.file
+      github_url = github_url warning.file, warning.line
+      message.gsub!(/(near line \d+)/, "[\\1](#{github_url})") if github_url
+    end
+    if warning.code
+      code = warning.format_code
+      message.gsub(code, "`#{code.gsub('`','``').gsub(/\A``|``\z/, '` `')}`")
+    else
+      message
+    end
+  end
+
+end

data/lib/railroader/report/report_table.rb

@@ -0,0 +1,117 @@
+Railroader.load_railroader_dependency 'terminal-table'
+
+class Railroader::Report::Table < Railroader::Report::Base
+  def initialize *args
+    super
+    @table = Terminal::Table
+  end
+
+  def generate_report
+    summary_option = tracker.options[:summary_only]
+    out = ""
+
+    unless summary_option == :no_summary
+      out << text_header <<
+        "\n\n+SUMMARY+\n\n" <<
+        truncate_table(generate_overview.to_s) << "\n\n" <<
+        truncate_table(generate_warning_overview.to_s) << "\n"
+    end
+
+    #Return output early if only summarizing
+    if summary_option == :summary_only or summary_option == true
+      return out
+    end
+
+    if tracker.options[:report_routes] or tracker.options[:debug]
+      out << "\n+CONTROLLERS+\n" <<
+      truncate_table(generate_controllers.to_s) << "\n"
+    end
+
+    if tracker.options[:debug]
+      out << "\n+TEMPLATES+\n\n" <<
+      truncate_table(generate_templates.to_s) << "\n"
+    end
+
+    output_table("+Obsolete Ignore Entries+", generate_obsolete, out)
+    output_table("+Errors+", generate_errors, out)
+    output_table("+SECURITY WARNINGS+", generate_warnings, out)
+    output_table("Controller Warnings:", generate_controller_warnings, out)
+    output_table("Model Warnings:", generate_model_warnings, out)
+    output_table("View Warnings:", generate_template_warnings, out)
+
+    out << "\n"
+    out
+  end
+
+  def output_table title, result, output
+    return unless result
+
+    output << "\n\n#{title}\n\n#{truncate_table(result.to_s)}"
+  end
+
+  def generate_overview
+    num_warnings = all_warnings.length
+
+    @table.new(:headings => ['Scanned/Reported', 'Total']) do |t|
+      t.add_row ['Controllers', tracker.controllers.length]
+      t.add_row ['Models', tracker.models.length - 1]
+      t.add_row ['Templates', number_of_templates(@tracker)]
+      t.add_row ['Errors', tracker.errors.length]
+      t.add_row ['Security Warnings', "#{num_warnings} (#{warnings_summary[:high_confidence]})"]
+      t.add_row ['Ignored Warnings', ignored_warnings.length] unless ignored_warnings.empty?
+    end
+  end
+
+  #Generate listings of templates and their output
+  def generate_templates
+    out_processor = Railroader::OutputProcessor.new
+    template_rows = {}
+    tracker.templates.each do |name, template|
+      template.each_output do |out|
+        out = out_processor.format out
+        template_rows[name] ||= []
+        template_rows[name] << out.gsub("\n", ";").gsub(/\s+/, " ")
+      end
+    end
+
+    template_rows = template_rows.sort_by{|name, value| name.to_s}
+
+    output = ''
+    template_rows.each do |template|
+      output << template.first.to_s << "\n\n"
+      table = @table.new(:headings => ['Output']) do |t|
+        # template[1] is an array of calls
+        template[1].each do |v|
+          t.add_row [v]
+        end
+      end
+
+      output << table.to_s << "\n\n"
+    end
+
+    output
+  end
+
+  def render_array template, headings, value_array, locals
+    return if value_array.empty?
+
+    @table.new(:headings => headings) do |t|
+      value_array.each { |value_row| t.add_row value_row }
+    end
+  end
+
+  #Generate header for text output
+  def text_header
+    <<-HEADER
+
++BRAKEMAN REPORT+
+
+Application path: #{tracker.app_path}
+Rails version: #{rails_version}
+Railroader version: #{Railroader::Version}
+Started at #{tracker.start_time}
+Duration: #{tracker.duration} seconds
+Checks run: #{checks.checks_run.sort.join(", ")}
+HEADER
+  end
+end

data/lib/railroader/report/report_tabs.rb

@@ -0,0 +1,17 @@
+#Generated tab-separated output suitable for the Jenkins Railroader Plugin:
+#https://github.com/presidentbeef/railroader-jenkins-plugin
+class Railroader::Report::Tabs < Railroader::Report::Base
+  def generate_report
+    [[:generic_warnings, "General"], [:controller_warnings, "Controller"],
+      [:model_warnings, "Model"], [:template_warnings, "Template"]].map do |meth, category|
+
+      self.send(meth).map do |w|
+        line = w.line || 0
+        w.warning_type.gsub!(/[^\w\s]/, ' ')
+        "#{warning_file(w, :absolute)}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
+      end.join "\n"
+
+    end.join "\n"
+
+  end
+end

data/lib/railroader/report/report_text.rb

@@ -0,0 +1,198 @@
+Railroader.load_railroader_dependency 'highline'
+
+class Railroader::Report::Text < Railroader::Report::Base
+  def generate_report
+    HighLine.use_color = !!tracker.options[:output_color]
+    summary_option = tracker.options[:summary_only]
+    @output_string = "\n"
+
+    unless summary_option == :no_summary
+      add_chunk generate_header
+      add_chunk generate_overview
+      add_chunk generate_warning_overview
+    end
+
+    if summary_option == :summary_only or summary_option == true
+      return @output_string
+    end
+
+    add_chunk generate_controllers if tracker.options[:debug] or tracker.options[:report_routes]
+    add_chunk generate_templates if tracker.options[:debug]
+    add_chunk generate_obsolete
+    add_chunk generate_errors 
+    add_chunk generate_warnings
+  end
+
+  def add_chunk chunk, out = @output_string
+    if chunk and not chunk.empty?
+      if chunk.is_a? Array
+        chunk = chunk.join("\n")
+      end
+
+      out << chunk << "\n\n"
+    end
+  end
+
+  def generate_header
+    [
+      header("Railroader Report"), 
+      label("Application Path", tracker.app_path),
+      label("Rails Version", rails_version),
+      label("Railroader Version", Railroader::Version),
+      label("Scan Date", tracker.start_time),
+      label("Duration", "#{tracker.duration} seconds"),
+      label("Checks Run", checks.checks_run.sort.join(", "))
+    ]
+  end
+
+  def generate_overview
+    overview = [
+      header("Overview"),
+      label('Controllers', tracker.controllers.length),
+      label('Models', tracker.models.length - 1),
+      label('Templates', number_of_templates(@tracker)),
+      label('Errors', tracker.errors.length),
+      label('Security Warnings', all_warnings.length)
+    ]
+
+    unless ignored_warnings.empty?
+      overview << label('Ignored Warnings', ignored_warnings.length)
+    end
+
+    overview
+  end
+
+  def generate_warning_overview
+    warning_types = warnings_summary
+    warning_types.delete :high_confidence
+
+    warning_types.sort_by { |t, c| t }.map do |type, count|
+      label(type, count)
+    end.unshift(header('Warning Types'))
+  end
+
+  def generate_warnings
+    if tracker.filtered_warnings.empty?
+      HighLine.color("No warnings found", :bold, :green)
+    else
+      warnings = tracker.filtered_warnings.sort_by do |w|
+        [w.confidence, w.warning_type, w.fingerprint]
+      end.map do |w|
+        output_warning w
+      end
+
+      double_space "Warnings", warnings
+    end
+  end
+
+  def generate_errors
+    return if tracker.errors.empty?
+    full_trace = tracker.options[:debug]
+
+    errors = tracker.errors.map do |e|
+      trace = if full_trace
+        e[:backtrace].join("\n")
+      else
+        e[:backtrace][0]
+      end
+
+      [
+        label("Error", e[:error]),
+        label("Location", trace)
+      ]
+    end
+
+    double_space "Errors", errors
+  end
+
+  def generate_obsolete
+    return if tracker.unused_fingerprints.empty?
+
+    [header("Obsolete Ignore Entries")] + tracker.unused_fingerprints
+  end
+
+  def generate_templates
+    out_processor = Railroader::OutputProcessor.new
+
+    template_rows = {}
+    tracker.templates.each do |name, template|
+      template.each_output do |out|
+        out = out_processor.format out
+        template_rows[name] ||= []
+        template_rows[name] << out.gsub("\n", ";").gsub(/\s+/, " ")
+      end
+    end
+
+    double_space "Template Output", template_rows.sort_by { |name, value| name.to_s }.map { |template|
+      [HighLine.new.color(template.first.to_s << "\n", :cyan)] + template[1]
+    }.compact
+  end
+
+  def output_warning w
+    out = [
+      label('Confidence', confidence(w.confidence)),
+      label('Category', w.warning_type.to_s),
+      label('Check', w.check.gsub(/^Railroader::Check/, '')),
+      label('Message', w.message)
+    ]
+
+    if w.code
+      out << label('Code', format_code(w))
+    end
+
+    out << label('File', warning_file(w))
+
+    if w.line
+      out << label('Line', w.line)
+    end
+
+    out
+  end
+
+  def double_space title, values
+    values = values.map { |v| v.join("\n") }.join("\n\n")
+    [header(title), values]
+  end
+
+  def format_code w
+    if @highlight_user_input and w.user_input
+      w.format_with_user_input do |exp, text|
+        HighLine.new.color(text, :yellow)
+      end
+    else
+      w.format_code
+    end
+  end
+
+  def confidence c
+    case c
+    when 0
+      HighLine.new.color("High", :red)
+    when 1
+      HighLine.new.color("Medium", :yellow)
+    when 2
+      HighLine.new.color("Weak", :none)
+    end
+  end
+
+  def label l, value, color = :green
+    "#{HighLine.new.color(l, color)}: #{value}"
+  end
+
+  def header text
+    HighLine.new.color("== #{text} ==\n", :bold, :magenta)
+  end
+
+  # ONLY used for generate_controllers to avoid duplication
+  def render_array name, cols, values, locals
+    controllers = values.map do |name, parent, includes, routes|
+      c = [ label("Controller", name) ]
+      c << label("Parent", parent) unless parent.empty?
+      c << label("Includes", includes) unless includes.empty?
+      c << label("Routes", routes)
+    end
+
+    double_space "Controller Overview", controllers
+  end
+end
+