rake_check 0.1.6 → 0.1.7

data/lib/rake_check/brakeman_checker.rb

@@ -0,0 +1,81 @@
+require 'colored'
+require 'json'
+##
+# BrakemanChecker checks the output for undocumented classes and methods
+#
+# @author dmasur
+class BrakemanChecker
+  ##
+  # Gives the Checkresult
+  #
+  # @return [Hash] Checkresult
+  # @author dmasur
+  def result
+    @shell_output = begin
+      `brakeman -f json 2>/dev/null`
+    rescue Errno::ENOENT
+      "Brakeman not found"
+    end
+    {:type => :brakeman, :check_output => output, :status => status}
+  end
+
+  private
+    ##
+    # Color the Coverage
+    #
+    # @return [String] colored Coverage
+    # @author dmasur
+    def color_count count
+      case count
+      when 0 then count.to_s.green
+      else count.to_s.red
+      end
+    end
+
+    ##
+    # Gives the Check Status
+    #
+    # @return [String] Checkstatus
+    # @author dmasur
+    def status
+      if @shell_output == ''
+        return 'N/A'
+      else
+        begin
+          warnings_string = "#{color_count data["warnings"].count} Warnings"
+          errors_string = "#{color_count data["errors"].count} Errors"
+          return "#{warnings_string}, #{errors_string}"
+        rescue JSON::ParserError
+          return 'Parse Error'
+        end
+      end
+    end
+
+    ##
+    # Parses the JSON Output
+    #
+    # @author dmasur
+    def data
+      raise JSON::ParserError if @shell_output.empty?
+      json_string = @shell_output.split("Generating report...").last
+      json = JSON.parse(json_string)
+    end
+
+    ##
+    # Gives the check output
+    #
+    # @return [String] Output
+    # @author dmasur
+    def output
+      if @shell_output == ''
+        return ''
+      else
+        begin
+          (data["warnings"].map { |warning| warning["message"] } +
+          data["errors"].map { |error| error["error"] }).join(", ")
+        rescue JSON::ParserError
+          return @shell_output
+        end
+      end
+    end
+end

data/lib/rake_check/cucumber_checker.rb

@@ -15,7 +15,7 @@ class CucumberChecker
     rescue Errno::ENOENT
       "Cucumber not found"
     end
-    {:type => :cucumber, :check_output => '', :status => status}
+    {:type => :cucumber, :check_output => output, :status => status}
   end
 
   private
@@ -38,4 +38,18 @@ class CucumberChecker
         'N/A'
       end
     end
+
+    ##
+    # Cucumber Output
+    #
+    # @author dmasur
+    def output
+      if status == "N/A"
+        ''
+      elsif status == "OK".green
+        ''
+      else
+        @shell_output
+      end
+    end
 end

data/lib/rake_check/tasks/check.rake

@@ -5,6 +5,7 @@ require 'rake_check/reek_checker'
 require 'rake_check/yard_checker'
 require 'rake_check/cane_checker'
 require 'rake_check/cucumber_checker'
+require 'rake_check/brakeman_checker'
 ##
 # Do exakt what it is called
 #
@@ -39,9 +40,10 @@ end
 #
 # @author dmasur
 def print_summary results
-  results.each do |result|
-    puts "#{result[:type]}:\t#{result[:status]}"
+  result = results.map do |result|
+    "#{result[:type]} #{result[:status]}"
   end
+  puts `echo "#{result.join("\n")}" | column -t`
 end
 
 desc "Check all Metric tools"
@@ -55,5 +57,6 @@ task :check do
   results << YardChecker.new.result
   results << ReekChecker.new.result
   results << CaneChecker.new.result
+  results << BrakemanChecker.new.result
   print_check_result results
 end

data/lib/rake_check/version.rb

@@ -3,5 +3,5 @@ module RakeCheck
   # The Version Constant
   #
   # @author dmasur
-  VERSION = "0.1.6"
+  VERSION = "0.1.7"
 end

data/rake_check.gemspec

@@ -21,4 +21,5 @@ Gem::Specification.new do |gem|
   gem.add_dependency "reek"
   gem.add_dependency "cane"
   gem.add_dependency "cucumber"
+  gem.add_dependency "brakeman"
 end

data/spec/files/brakeman_error.json

@@ -0,0 +1,53 @@
+{
+  "scan_info": {
+    "app_path": "/path/to/app",
+    "rails_version": "3.2.6",
+    "security_warnings": 1,
+    "timestamp": "2012-06-19 10:18:54 +0200",
+    "checks_performed": [
+      "BasicAuth",
+      "CrossSiteScripting",
+      "DefaultRoutes",
+      "EscapeFunction",
+      "Evaluation",
+      "Execute",
+      "FileAccess",
+      "FilterSkipping",
+      "ForgerySetting",
+      "LinkTo",
+      "LinkToHref",
+      "MailTo",
+      "MassAssignment",
+      "ModelAttributes",
+      "NestedAttributes",
+      "QuoteTableName",
+      "Redirect",
+      "Render",
+      "ResponseSplitting",
+      "SQL",
+      "SafeBufferManipulation",
+      "SelectVulnerability",
+      "Send",
+      "SendFile",
+      "SessionSettings",
+      "SkipBeforeFilter",
+      "StripTags",
+      "TranslateBug",
+      "ValidationRegex",
+      "WithoutProtection"
+    ],
+    "number_of_controllers": 16,
+    "number_of_models": 32,
+    "number_of_templates": 67,
+    "ruby_version": "1.9.3",
+    "brakeman_version": "1.6.2"
+  },
+  "warnings": [
+  ],
+  "errors": [
+    {
+      "error": "unterminated string meets end of file. near line 13: \"\" While processing /path/to/app/controllers/admin/admins_controller.rb",
+      "location": "/path/to/gem_dir/gems/brakeman-1.6.2/lib/ruby_parser/ruby_lexer.rb:398:in `rb_compile_error'"
+    }
+  ]
+}

data/spec/files/brakeman_ok.json

@@ -0,0 +1,100 @@
+[Notice] Detected Rails 3 application
+Loading scanner...
+[Notice] Using Ruby 1.9.3. Please make sure this matches the one used to run your Rails application.
+Processing application in /Users/dmasur/code/jobmensa2
+Processing configuration...
+[Notice] Escaping HTML by default
+Processing gems...
+Processing initializers...
+Processing libs...
+Processing routes...          
+Processing templates...       
+Processing data flow in templates...
+Processing models...          
+Processing controllers...     
+Processing data flow in controllers...
+Indexing call sites...        
+Running checks in parallel...
+ - CheckBasicAuth
+ - CheckCrossSiteScripting
+ - CheckDefaultRoutes
+ - CheckEscapeFunction
+ - CheckEvaluation
+ - CheckExecute
+ - CheckFileAccess
+ - CheckFilterSkipping
+ - CheckForgerySetting
+ - CheckLinkTo
+ - CheckLinkToHref
+ - CheckMailTo
+ - CheckMassAssignment
+ - CheckModelAttributes
+ - CheckNestedAttributes
+ - CheckQuoteTableName
+ - CheckRedirect
+ - CheckRender
+ - CheckResponseSplitting
+ - CheckSafeBufferManipulation
+ - CheckSelectVulnerability
+ - CheckSend
+ - CheckSendFile
+ - CheckSessionSettings
+ - CheckSkipBeforeFilter
+ - CheckSQL
+ - CheckStripTags
+ - CheckTranslateBug
+ - CheckValidationRegex
+ - CheckWithoutProtection
+Checks finished, collecting results...
+Generating report...
+{
+  "scan_info": {
+    "app_path": "/Users/dmasur/code/jobmensa2",
+    "rails_version": "3.2.6",
+    "security_warnings": 0,
+    "timestamp": "2012-06-19 09:19:41 +0200",
+    "checks_performed": [
+      "BasicAuth",
+      "CrossSiteScripting",
+      "DefaultRoutes",
+      "EscapeFunction",
+      "Evaluation",
+      "Execute",
+      "FileAccess",
+      "FilterSkipping",
+      "ForgerySetting",
+      "LinkTo",
+      "LinkToHref",
+      "MailTo",
+      "MassAssignment",
+      "ModelAttributes",
+      "NestedAttributes",
+      "QuoteTableName",
+      "Redirect",
+      "Render",
+      "ResponseSplitting",
+      "SQL",
+      "SafeBufferManipulation",
+      "SelectVulnerability",
+      "Send",
+      "SendFile",
+      "SessionSettings",
+      "SkipBeforeFilter",
+      "StripTags",
+      "TranslateBug",
+      "ValidationRegex",
+      "WithoutProtection"
+    ],
+    "number_of_controllers": 17,
+    "number_of_models": 32,
+    "number_of_templates": 67,
+    "ruby_version": "1.9.3",
+    "brakeman_version": "1.6.2"
+  },
+  "warnings": [
+
+  ],
+  "errors": [
+
+  ]
+}

data/spec/files/brakeman_warning.json

@@ -0,0 +1,63 @@
+{
+  "scan_info": {
+    "app_path": "/path/to/app",
+    "rails_version": "3.2.6",
+    "security_warnings": 0,
+    "timestamp": "2012-06-19 10:06:35 +0200",
+    "checks_performed": [
+      "BasicAuth",
+      "CrossSiteScripting",
+      "DefaultRoutes",
+      "EscapeFunction",
+      "Evaluation",
+      "Execute",
+      "FileAccess",
+      "FilterSkipping",
+      "ForgerySetting",
+      "LinkTo",
+      "LinkToHref",
+      "MailTo",
+      "MassAssignment",
+      "ModelAttributes",
+      "NestedAttributes",
+      "QuoteTableName",
+      "Redirect",
+      "Render",
+      "ResponseSplitting",
+      "SQL",
+      "SafeBufferManipulation",
+      "SelectVulnerability",
+      "Send",
+      "SendFile",
+      "SessionSettings",
+      "SkipBeforeFilter",
+      "StripTags",
+      "TranslateBug",
+      "ValidationRegex",
+      "WithoutProtection"
+    ],
+    "number_of_controllers": 16,
+    "number_of_models": 32,
+    "number_of_templates": 67,
+    "ruby_version": "1.9.3",
+    "brakeman_version": "1.6.2"
+  },
+  "warnings": [
+    {
+      "warning_type": "SQL Injection",
+      "message": "Possible SQL injection",
+      "file": "/path/to/app/controllers/admin/admins_controller.rb",
+      "line": 13,
+      "code": "Admin.order(\"name #{parms[:direction]}\")",
+      "location": {
+        "type": "method",
+        "class": "Admin::AdminsController",
+        "method": "index"
+      },
+      "user_input": "parms[:direction]",
+      "confidence": "Medium"
+    }
+  ],
+  "errors": [
+  ]
+}

data/spec/lib/rake_check/brakeman_checker_spec.rb

@@ -0,0 +1,40 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../../lib/rake_check/brakeman_checker')
+
+describe BrakemanChecker do
+  it "gives N/A on no Rails Apps" do
+    subject.stub('`' => '')
+    subject.result.should == { type: :brakeman, check_output: '', status: 'N/A' }
+  end
+  it "gives N/A on Error" do
+    subject.stub('`' => 'Error')
+    subject.result.should == { type: :brakeman, check_output: 'Error', status: 'Parse Error' }
+  end
+  it "gives OK with no Errors" do
+    shell_output = File.read(File.expand_path(File.dirname(__FILE__) +
+                                              '/../../files/brakeman_ok.json'))
+    subject.stub('`' => shell_output)
+    subject.result.should == { type: :brakeman,
+                               check_output: '',
+                               status: "\e[32m0\e[0m Warnings, \e[32m0\e[0m Errors" }
+  end
+  describe "Code Coverage" do
+    it "is red with errors" do
+      shell_output = File.read(File.expand_path(File.dirname(__FILE__) +
+                                                '/../../files/brakeman_error.json'))
+      subject.stub('`' => shell_output)
+      output = 'unterminated string meets end of file. near line 13:' +
+        ' "" While processing /path/to/app/controllers/admin/admins_controller.rb'
+      subject.result.should == { type: :brakeman,
+                                 check_output: output,
+                                 status: "\e[32m0\e[0m Warnings, \e[31m1\e[0m Errors" }
+    end
+    it "is red with warnings" do
+      shell_output = File.read(File.expand_path(File.dirname(__FILE__) +
+                                                '/../../files/brakeman_warning.json'))
+      subject.stub('`' => shell_output)
+      subject.result.should == { type: :brakeman,
+                                 check_output: 'Possible SQL injection',
+                                 status: "\e[31m1\e[0m Warnings, \e[32m0\e[0m Errors" }
+    end
+  end
+end

data/{spec_no_rails → spec}/lib/rake_check/cucumber_checker_spec.rb

@@ -14,7 +14,7 @@ describe CucumberChecker do
   it "is red on Error" do
     subject.stub('`' => "8 scenarios (1 failed, 7 passed)")
     subject.result.should == { type: :cucumber,
-                               check_output: '',
+                               check_output: '8 scenarios (1 failed, 7 passed)',
                                status: "\e[31m1 failed scenarios\e[0m" }
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rake_check
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.1.7
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-05-21 00:00:00.000000000 Z
+date: 2012-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70208090319120 !ruby/object:Gem::Requirement
+  requirement: &70129581054120 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70208090319120
+  version_requirements: *70129581054120
 - !ruby/object:Gem::Dependency
   name: colored
-  requirement: &70208090317960 !ruby/object:Gem::Requirement
+  requirement: &70129581052460 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70208090317960
+  version_requirements: *70129581052460
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &70208090316700 !ruby/object:Gem::Requirement
+  requirement: &70129581050700 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70208090316700
+  version_requirements: *70129581050700
 - !ruby/object:Gem::Dependency
   name: reek
-  requirement: &70208090315880 !ruby/object:Gem::Requirement
+  requirement: &70129581049100 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,10 +54,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70208090315880
+  version_requirements: *70129581049100
 - !ruby/object:Gem::Dependency
   name: cane
-  requirement: &70208090315320 !ruby/object:Gem::Requirement
+  requirement: &70129581048080 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70208090315320
+  version_requirements: *70129581048080
 - !ruby/object:Gem::Dependency
   name: cucumber
-  requirement: &70208090314700 !ruby/object:Gem::Requirement
+  requirement: &70129581084760 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,7 +76,18 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70208090314700
+  version_requirements: *70129581084760
+- !ruby/object:Gem::Dependency
+  name: brakeman
+  requirement: &70129581081740 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70129581081740
 description: Checking the Project for Code Smells and bad documentation
 email:
 - dominik.masur@googlemail.com
@@ -94,6 +105,7 @@ files:
 - README.md
 - Rakefile
 - lib/rake_check.rb
+- lib/rake_check/brakeman_checker.rb
 - lib/rake_check/cane_checker.rb
 - lib/rake_check/cucumber_checker.rb
 - lib/rake_check/rbp_checker.rb
@@ -103,16 +115,19 @@ files:
 - lib/rake_check/version.rb
 - lib/rake_check/yard_checker.rb
 - rake_check.gemspec
-- spec
-- spec_no_rails/files/cucumber_fail_output.txt
-- spec_no_rails/files/reek_output.yaml
-- spec_no_rails/lib/rake_check/cane_checker_spec.rb
-- spec_no_rails/lib/rake_check/cucumber_checker_spec.rb
-- spec_no_rails/lib/rake_check/rbp_checker_spec.rb
-- spec_no_rails/lib/rake_check/reek_checker_spec.rb
-- spec_no_rails/lib/rake_check/rspec_checker_spec.rb
-- spec_no_rails/lib/rake_check/yard_checker_spec.rb
-- spec_no_rails/spec_helper.rb
+- spec/files/brakeman_error.json
+- spec/files/brakeman_ok.json
+- spec/files/brakeman_warning.json
+- spec/files/cucumber_fail_output.txt
+- spec/files/reek_output.yaml
+- spec/lib/rake_check/brakeman_checker_spec.rb
+- spec/lib/rake_check/cane_checker_spec.rb
+- spec/lib/rake_check/cucumber_checker_spec.rb
+- spec/lib/rake_check/rbp_checker_spec.rb
+- spec/lib/rake_check/reek_checker_spec.rb
+- spec/lib/rake_check/rspec_checker_spec.rb
+- spec/lib/rake_check/yard_checker_spec.rb
+- spec/spec_helper.rb
 homepage: https://github.com/TBAA/rake_check
 licenses: []
 post_install_message: 
@@ -127,7 +142,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3052005853982871500
+      hash: 2895400743441379252
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -136,12 +151,25 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3052005853982871500
+      hash: 2895400743441379252
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: Checking the Project for Code Smells and bad documentation
-test_files: []
+test_files:
+- spec/files/brakeman_error.json
+- spec/files/brakeman_ok.json
+- spec/files/brakeman_warning.json
+- spec/files/cucumber_fail_output.txt
+- spec/files/reek_output.yaml
+- spec/lib/rake_check/brakeman_checker_spec.rb
+- spec/lib/rake_check/cane_checker_spec.rb
+- spec/lib/rake_check/cucumber_checker_spec.rb
+- spec/lib/rake_check/rbp_checker_spec.rb
+- spec/lib/rake_check/reek_checker_spec.rb
+- spec/lib/rake_check/rspec_checker_spec.rb
+- spec/lib/rake_check/yard_checker_spec.rb
+- spec/spec_helper.rb
 has_rdoc: