scanny 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +5 -0
- data/Gemfile +11 -0
- data/LICENSE +23 -0
- data/README.md +185 -0
- data/Rakefile +5 -0
- data/bin/scanny +61 -0
- data/lib/scanny.rb +12 -0
- data/lib/scanny/checks/access_control_check.rb +52 -0
- data/lib/scanny/checks/backticks_check.rb +18 -0
- data/lib/scanny/checks/before_filters_check.rb +35 -0
- data/lib/scanny/checks/check.rb +33 -0
- data/lib/scanny/checks/csrf_check.rb +19 -0
- data/lib/scanny/checks/denial_of_service_check.rb +42 -0
- data/lib/scanny/checks/file_open_check.rb +46 -0
- data/lib/scanny/checks/frameworks_check.rb +24 -0
- data/lib/scanny/checks/helpers.rb +28 -0
- data/lib/scanny/checks/http_basic_auth_check.rb +39 -0
- data/lib/scanny/checks/http_header/header_injection_check.rb +38 -0
- data/lib/scanny/checks/http_redirect_check.rb +37 -0
- data/lib/scanny/checks/http_request_check.rb +74 -0
- data/lib/scanny/checks/http_usage_check.rb +31 -0
- data/lib/scanny/checks/information_leak_check.rb +55 -0
- data/lib/scanny/checks/input_filtering_check.rb +39 -0
- data/lib/scanny/checks/insecure_config/set_rails_env_check.rb +24 -0
- data/lib/scanny/checks/insecure_config/set_secret_check.rb +25 -0
- data/lib/scanny/checks/insecure_config/set_session_key_check.rb +23 -0
- data/lib/scanny/checks/insecure_method/eval_method_check.rb +26 -0
- data/lib/scanny/checks/insecure_method/marshal_check.rb +33 -0
- data/lib/scanny/checks/insecure_method/system_method_check.rb +46 -0
- data/lib/scanny/checks/mass_assignment_check.rb +48 -0
- data/lib/scanny/checks/random_numbers_check.rb +54 -0
- data/lib/scanny/checks/redirect_with_params_check.rb +48 -0
- data/lib/scanny/checks/regexp_check.rb +23 -0
- data/lib/scanny/checks/reset_session_check.rb +24 -0
- data/lib/scanny/checks/session/access_to_session_check.rb +49 -0
- data/lib/scanny/checks/session/session_secure_check.rb +47 -0
- data/lib/scanny/checks/shell_expanding_methods_check.rb +54 -0
- data/lib/scanny/checks/skip_before_filters_check.rb +41 -0
- data/lib/scanny/checks/sql_injection/find_method_check.rb +81 -0
- data/lib/scanny/checks/sql_injection/find_method_with_dynamic_string_check.rb +43 -0
- data/lib/scanny/checks/sql_injection/find_method_with_params_check.rb +80 -0
- data/lib/scanny/checks/sql_injection/sanitize_sql_check.rb +25 -0
- data/lib/scanny/checks/sql_injection/sql_check.rb +14 -0
- data/lib/scanny/checks/sql_injection/string_interpolation_with_params_check.rb +39 -0
- data/lib/scanny/checks/ssl/verify_check.rb +53 -0
- data/lib/scanny/checks/ssl/verify_peer_check.rb +37 -0
- data/lib/scanny/checks/system_tools/gpg_usage_check.rb +51 -0
- data/lib/scanny/checks/system_tools/sudo_check.rb +24 -0
- data/lib/scanny/checks/system_tools/tar_check.rb +24 -0
- data/lib/scanny/checks/system_tools/tar_commands_check.rb +27 -0
- data/lib/scanny/checks/system_tools/unzip_check.rb +30 -0
- data/lib/scanny/checks/temp_file_open_check.rb +57 -0
- data/lib/scanny/checks/user_find_check.rb +40 -0
- data/lib/scanny/checks/validates_check.rb +32 -0
- data/lib/scanny/checks/verify_check.rb +44 -0
- data/lib/scanny/checks/xss/xss_flash_check.rb +70 -0
- data/lib/scanny/checks/xss/xss_logger_check.rb +78 -0
- data/lib/scanny/checks/xss/xss_mark_check.rb +48 -0
- data/lib/scanny/checks/xss/xss_send_check.rb +70 -0
- data/lib/scanny/cli.rb +47 -0
- data/lib/scanny/issue.rb +28 -0
- data/lib/scanny/rake_task.rb +56 -0
- data/lib/scanny/reporters.rb +3 -0
- data/lib/scanny/reporters/reporter.rb +22 -0
- data/lib/scanny/reporters/simple_reporter.rb +19 -0
- data/lib/scanny/reporters/xml_reporter.rb +64 -0
- data/lib/scanny/ruby_version_check.rb +15 -0
- data/lib/scanny/runner.rb +90 -0
- data/scanny.gemspec +22 -0
- data/spec/scanny/check_spec.rb +22 -0
- data/spec/scanny/checks/access_control_check_spec.rb +43 -0
- data/spec/scanny/checks/backticks_check_spec.rb +22 -0
- data/spec/scanny/checks/before_filters_check_spec.rb +45 -0
- data/spec/scanny/checks/csrf_check_spec.rb +16 -0
- data/spec/scanny/checks/denial_of_service_check_spec.rb +28 -0
- data/spec/scanny/checks/file_open_check_spec.rb +22 -0
- data/spec/scanny/checks/frameworks_check_spec.rb +16 -0
- data/spec/scanny/checks/http_basic_auth_check_spec.rb +20 -0
- data/spec/scanny/checks/http_header/header_injection_check_spec.rb +21 -0
- data/spec/scanny/checks/http_redirect_check_spec.rb +15 -0
- data/spec/scanny/checks/http_request_check_spec.rb +37 -0
- data/spec/scanny/checks/http_usage_check_spec.rb +20 -0
- data/spec/scanny/checks/information_leak_check_spec.rb +32 -0
- data/spec/scanny/checks/input_filtering_check_spec.rb +19 -0
- data/spec/scanny/checks/insecure_config/set_rails_env_check_spec.rb +17 -0
- data/spec/scanny/checks/insecure_config/set_secret_check_spec.rb +22 -0
- data/spec/scanny/checks/insecure_config/set_session_key_check_spec.rb +21 -0
- data/spec/scanny/checks/insecure_method/eval_method_check_spec.rb +22 -0
- data/spec/scanny/checks/insecure_method/marshal_check_spec.rb +26 -0
- data/spec/scanny/checks/insecure_method/system_method_check_spec.rb +33 -0
- data/spec/scanny/checks/mass_assignment_check_spec.rb +30 -0
- data/spec/scanny/checks/random_numbers_check_spec.rb +41 -0
- data/spec/scanny/checks/redirect_with_params_check_spec.rb +24 -0
- data/spec/scanny/checks/regexp_check_spec.rb +22 -0
- data/spec/scanny/checks/reset_session_check_spec.rb +15 -0
- data/spec/scanny/checks/session/access_to_session_check_spec.rb +29 -0
- data/spec/scanny/checks/session/session_secure_check_spec.rb +22 -0
- data/spec/scanny/checks/shell_expanding_methods_check_spec.rb +67 -0
- data/spec/scanny/checks/skip_before_filters_check_spec.rb +81 -0
- data/spec/scanny/checks/sql_injection/find_method_check_spec.rb +62 -0
- data/spec/scanny/checks/sql_injection/find_method_with_dynamic_string_check_spec.rb +27 -0
- data/spec/scanny/checks/sql_injection/find_method_with_params_check_spec.rb +93 -0
- data/spec/scanny/checks/sql_injection/sanitize_sql_check_spec.rb +16 -0
- data/spec/scanny/checks/sql_injection/string_interpolation_with_params_check_spec.rb +18 -0
- data/spec/scanny/checks/ssl/verify_check_spec.rb +25 -0
- data/spec/scanny/checks/ssl/verify_peer_check_spec.rb +17 -0
- data/spec/scanny/checks/system_tools/gpg_usage_check_spec.rb +43 -0
- data/spec/scanny/checks/system_tools/sudo_check_spec.rb +24 -0
- data/spec/scanny/checks/system_tools/tar_check_spec.rb +20 -0
- data/spec/scanny/checks/system_tools/tar_commands_check_spec.rb +41 -0
- data/spec/scanny/checks/system_tools/unizp_check_spec.rb +29 -0
- data/spec/scanny/checks/temp_file_open_check_spec.rb +22 -0
- data/spec/scanny/checks/user_find_check_spec.rb +22 -0
- data/spec/scanny/checks/validates_check_spec.rb +19 -0
- data/spec/scanny/checks/verify_check_spec.rb +27 -0
- data/spec/scanny/checks/xss/xss_flash_check_spec.rb +22 -0
- data/spec/scanny/checks/xss/xss_logger_check_spec.rb +24 -0
- data/spec/scanny/checks/xss/xss_mark_check_spec.rb +31 -0
- data/spec/scanny/checks/xss/xss_send_check_spec.rb +34 -0
- data/spec/scanny/cli_spec.rb +167 -0
- data/spec/scanny/issue_spec.rb +82 -0
- data/spec/scanny/rake_taks_spec.rb +82 -0
- data/spec/scanny/reporters/reporter_spec.rb +24 -0
- data/spec/scanny/reporters/simple_reporter_spec.rb +48 -0
- data/spec/scanny/reporters/xml_reporter_spec.rb +52 -0
- data/spec/scanny/ruby_version_check_spec.rb +24 -0
- data/spec/scanny/runner_spec.rb +128 -0
- data/spec/spec_helper.rb +10 -0
- data/spec/support/aruba.rb +4 -0
- data/spec/support/check_spec_helpers.rb +5 -0
- data/spec/support/checks/extend_test_check.rb +11 -0
- data/spec/support/checks/test_check.rb +15 -0
- data/spec/support/checks/test_strict_check.rb +17 -0
- data/spec/support/const_spec_helpers.rb +36 -0
- data/spec/support/matchers/check_matcher.rb +43 -0
- data/spec/support/matchers/xpath_matcher.rb +30 -0
- data/spec/support/mock_task.rb +43 -0
- metadata +242 -0
@@ -0,0 +1,82 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Scanny
|
4
|
+
describe RakeTask do
|
5
|
+
before(:each) { MockTask.reset_tasks }
|
6
|
+
|
7
|
+
it "executes clean scanny" do
|
8
|
+
task = RakeTask.new
|
9
|
+
MockTask.last_instance.call
|
10
|
+
MockTask.last_cmd.should == "scanny"
|
11
|
+
end
|
12
|
+
|
13
|
+
it "executes scanny with format" do
|
14
|
+
task = RakeTask.new { |t| t.format = :stdout }
|
15
|
+
MockTask.last_instance.call
|
16
|
+
MockTask.last_cmd.should == "scanny -f stdout"
|
17
|
+
end
|
18
|
+
|
19
|
+
it "executes scanny with include option" do
|
20
|
+
task = RakeTask.new { |t| t.include = "./checks" }
|
21
|
+
MockTask.last_instance.call
|
22
|
+
MockTask.last_cmd.should == "scanny -i ./checks"
|
23
|
+
end
|
24
|
+
|
25
|
+
it "executes scanny with many include option" do
|
26
|
+
task = RakeTask.new { |t| t.include = ["./checks", "./checks2"] }
|
27
|
+
MockTask.last_instance.call
|
28
|
+
MockTask.last_cmd.should == "scanny -i ./checks ./checks2"
|
29
|
+
end
|
30
|
+
|
31
|
+
it "executes scanny with disable options" do
|
32
|
+
task = RakeTask.new { |t| t.disable = "HTTPRequestCheck" }
|
33
|
+
MockTask.last_instance.call
|
34
|
+
MockTask.last_cmd.should == "scanny -d HTTPRequestCheck"
|
35
|
+
end
|
36
|
+
|
37
|
+
it "executes scanny with many disable options" do
|
38
|
+
task = RakeTask.new { |t| t.disable = ["HTTPRequestCheck", "Check"] }
|
39
|
+
MockTask.last_instance.call
|
40
|
+
MockTask.last_cmd.should == "scanny -d HTTPRequestCheck Check"
|
41
|
+
end
|
42
|
+
|
43
|
+
it "executes scanny in strict mode" do
|
44
|
+
task = RakeTask.new { |t| t.strict = true }
|
45
|
+
MockTask.last_instance.call
|
46
|
+
MockTask.last_cmd.should == "scanny -s"
|
47
|
+
end
|
48
|
+
|
49
|
+
it "executes scanny with custom directory" do
|
50
|
+
task = RakeTask.new { |t| t.path = "./custom/app" }
|
51
|
+
MockTask.last_instance.call
|
52
|
+
MockTask.last_cmd.should == "scanny ./custom/app"
|
53
|
+
end
|
54
|
+
|
55
|
+
describe "system command return false" do
|
56
|
+
before do
|
57
|
+
task = RakeTask.new { |t| t.fail_on_error = true }
|
58
|
+
def task.system(*) return false end
|
59
|
+
end
|
60
|
+
|
61
|
+
it "fails on error" do
|
62
|
+
lambda {
|
63
|
+
MockTask.last_instance.call
|
64
|
+
}.should raise_error(RuntimeError)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
describe "ruby parser mode" do
|
69
|
+
it "executes scanny with ruby 18 mode" do
|
70
|
+
task = RakeTask.new { |t| t.ruby_mode = "18" }
|
71
|
+
MockTask.last_instance.call
|
72
|
+
MockTask.last_cmd.should == "scanny -m 18"
|
73
|
+
end
|
74
|
+
|
75
|
+
it "executes scanny with ruby 19 mode" do
|
76
|
+
task = RakeTask.new { |t| t.ruby_mode = "19" }
|
77
|
+
MockTask.last_instance.call
|
78
|
+
MockTask.last_cmd.should == "scanny -m 19"
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny
|
4
|
+
module Reporters
|
5
|
+
describe Reporter do
|
6
|
+
describe "initialize" do
|
7
|
+
it "setup correctly instance variables" do
|
8
|
+
arguments = {
|
9
|
+
:file => :file,
|
10
|
+
:checks_performed => :checks_performed,
|
11
|
+
:nodes_inspected => :nodes_inspected,
|
12
|
+
:issues => :issues
|
13
|
+
}
|
14
|
+
reporter = Reporter.new(arguments)
|
15
|
+
|
16
|
+
reporter.file.should be_equal(arguments[:file])
|
17
|
+
reporter.checks_performed.should be_equal(arguments[:checks_performed])
|
18
|
+
reporter.nodes_inspected.should be_equal(arguments[:nodes_inspected])
|
19
|
+
reporter.issues.should be_equal(arguments[:issues])
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny
|
4
|
+
module Reporters
|
5
|
+
describe SimpleReporter do
|
6
|
+
describe "report" do
|
7
|
+
describe "no issues" do
|
8
|
+
it "returns correctly formatted string" do
|
9
|
+
checks_performed = 5
|
10
|
+
nodes_inspected = 10
|
11
|
+
|
12
|
+
reporter = SimpleReporter.new
|
13
|
+
reporter.stub(:puts)
|
14
|
+
reporter.file = 'foo.rb'
|
15
|
+
reporter.checks_performed = checks_performed
|
16
|
+
reporter.nodes_inspected = nodes_inspected
|
17
|
+
|
18
|
+
reporter.report.should == "foo.rb [#{checks_performed} checks done | "\
|
19
|
+
"#{nodes_inspected} nodes inspected | "\
|
20
|
+
"0 issues]"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
describe "has issues" do
|
25
|
+
it "returns correctly formatted string" do
|
26
|
+
checks_performed = 5
|
27
|
+
nodes_inspected = 10
|
28
|
+
|
29
|
+
reporter = SimpleReporter.new
|
30
|
+
reporter.stub(:puts)
|
31
|
+
reporter.file = 'foo.rb'
|
32
|
+
reporter.checks_performed = checks_performed
|
33
|
+
reporter.nodes_inspected = nodes_inspected
|
34
|
+
reporter.issues << Issue.new("unsecure.rb", 42, :high, "Hey, I found unsecure code!", 43)
|
35
|
+
reporter.issues << Issue.new("unsecure.rb", 43, :high, "Hey, I found unsecure code!", 43)
|
36
|
+
|
37
|
+
expected_string = <<-EOT
|
38
|
+
foo.rb [#{checks_performed} checks done | #{nodes_inspected} nodes inspected | 2 issues]
|
39
|
+
- [high] unsecure.rb:42: Hey, I found unsecure code! (CWE-43)
|
40
|
+
- [high] unsecure.rb:43: Hey, I found unsecure code! (CWE-43)
|
41
|
+
EOT
|
42
|
+
reporter.report.should == expected_string.chomp
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny
|
4
|
+
module Reporters
|
5
|
+
describe XMLReporter do
|
6
|
+
describe "report" do
|
7
|
+
describe "no issues" do
|
8
|
+
it "returns correctly formatted string" do
|
9
|
+
checks_performed = 5
|
10
|
+
nodes_inspected = 10
|
11
|
+
|
12
|
+
report = XMLReporter.new
|
13
|
+
report.file = 'foo.rb'
|
14
|
+
report.checks_performed = checks_performed
|
15
|
+
report.nodes_inspected = nodes_inspected
|
16
|
+
|
17
|
+
doc = REXML::Document.new report.report
|
18
|
+
doc.should_not have_xml('/testsuite/testcase')
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
describe "has issues" do
|
23
|
+
it "returns correctly formatted string" do
|
24
|
+
file = 'foo.rb'
|
25
|
+
checks_performed = 5
|
26
|
+
nodes_inspected = 10
|
27
|
+
|
28
|
+
report = XMLReporter.new
|
29
|
+
report.file = file
|
30
|
+
report.checks_performed = checks_performed
|
31
|
+
report.nodes_inspected = nodes_inspected
|
32
|
+
report.issues << Issue.new("unsecure.rb", 42, :high, "Hey, I found unsecure code!", 43)
|
33
|
+
report.issues << Issue.new("unsecure.rb", 43, :high, "Hey, I found unsecure code!", 43)
|
34
|
+
|
35
|
+
xpath_query = "/testsuite[@tests='#{checks_performed}' and "\
|
36
|
+
"@skipped='0' and @failures='0' and "\
|
37
|
+
"@assertions='#{nodes_inspected}' and "\
|
38
|
+
"@name='#{file}']"
|
39
|
+
report.report.should have_xml xpath_query
|
40
|
+
|
41
|
+
report.issues.each do |issue|
|
42
|
+
xpath_query = "//testcase[@name='#{issue.file}:#{issue.line}' and "\
|
43
|
+
"[error[@message='#{issue.message}' and "\
|
44
|
+
"@type='#{issue.impact.to_s}']]]"
|
45
|
+
report.report.should have_xml xpath_query
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe "Ruby version check" do
|
4
|
+
|
5
|
+
before { @load_file = "scanny/ruby_version_check.rb" }
|
6
|
+
|
7
|
+
it "should raise exception (ruby 1.8)" do
|
8
|
+
-> { load_with('ruby', '1.8', @load_file) }.should raise_error
|
9
|
+
end
|
10
|
+
|
11
|
+
it "should raise exception (ruby 1.9)" do
|
12
|
+
-> { load_with('ruby', '1.9', @load_file) }.should raise_error
|
13
|
+
end
|
14
|
+
|
15
|
+
it "should raise exception (rbx 1.8 mode)" do
|
16
|
+
-> { load_with('rbx', '1.8', @load_file) }.should raise_error
|
17
|
+
end
|
18
|
+
|
19
|
+
it "should not raise exception (rbx 1.9 mode)" do
|
20
|
+
-> { load_with('rbx', '1.9', @load_file) }.should_not raise_error
|
21
|
+
end
|
22
|
+
|
23
|
+
end
|
24
|
+
|
@@ -0,0 +1,128 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
module Scanny
|
4
|
+
describe Runner do
|
5
|
+
before :each do
|
6
|
+
@check = Checks::TestCheck.new
|
7
|
+
@runner = Runner.new(@check)
|
8
|
+
end
|
9
|
+
|
10
|
+
describe "initialize" do
|
11
|
+
it "uses passed checks when they are passed" do
|
12
|
+
@runner.checks.should == [@check]
|
13
|
+
end
|
14
|
+
|
15
|
+
it "uses default checks when no checks are passed" do
|
16
|
+
checks = Runner.new.checks
|
17
|
+
|
18
|
+
checks.any? { |ch| ch.is_a?(Checks::TestCheck) }.should be_true
|
19
|
+
checks.any? { |ch| ch.is_a?(Checks::XssSendCheck) }.should be_true
|
20
|
+
end
|
21
|
+
|
22
|
+
it "uses only \"leaf\" check classes" do
|
23
|
+
checks = Runner.new.checks
|
24
|
+
|
25
|
+
checks.any? { |ch| ch.class == Checks::ExtendCheck }.should be_false
|
26
|
+
checks.any? { |ch| ch.class == Checks::MyCheck }.should be_true
|
27
|
+
end
|
28
|
+
|
29
|
+
it "initializes checks_data on start" do
|
30
|
+
runner = Runner.new
|
31
|
+
runner.checks_data.should_not be_nil
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
describe "check" do
|
36
|
+
it "reports issues" do
|
37
|
+
check_data = @runner.check("unsecure.rb", '42')
|
38
|
+
|
39
|
+
check_data[:file].should == 'unsecure.rb'
|
40
|
+
check_data[:issues].should == [
|
41
|
+
Issue.new("unsecure.rb", 1, :high, "Hey, I found unsecure code!", 42),
|
42
|
+
Issue.new("unsecure.rb", 1, :high, "Hey, I found more unsecure code!", 43),
|
43
|
+
Issue.new("unsecure.rb", 1, :low, "OK, this is unsecure too, but not that much")
|
44
|
+
]
|
45
|
+
end
|
46
|
+
|
47
|
+
it "raises SyntaxError when the input can't be parsed as Ruby code" do
|
48
|
+
lambda {
|
49
|
+
@runner.check("rubbish.rb", "@$%")
|
50
|
+
}.should raise_error(SyntaxError)
|
51
|
+
end
|
52
|
+
|
53
|
+
describe "ignore comments" do
|
54
|
+
describe "SCANNY_IGNORE" do
|
55
|
+
it "ignores lines with SCANNY_IGNORE" do
|
56
|
+
@runner.should check('42 # SCANNY_IGNORE').without_issues
|
57
|
+
end
|
58
|
+
|
59
|
+
it "does not ignore lines before SCANNY_IGNORE" do
|
60
|
+
@runner.should check(<<-EOT).with_n_issues(3)
|
61
|
+
42
|
62
|
+
boo # SCANNY_IGNORE
|
63
|
+
EOT
|
64
|
+
end
|
65
|
+
|
66
|
+
it "does not ignore lines after SCANNY_IGNORE" do
|
67
|
+
@runner.should check(<<-EOT).with_n_issues(3)
|
68
|
+
boo # SCANNY_IGNORE
|
69
|
+
42
|
70
|
+
EOT
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
describe "SCANNY_IGNORE_NEXT" do
|
75
|
+
it "ignores line after SCANNY_IGNORE_NEXT" do
|
76
|
+
@runner.should check(<<-EOT).without_issues
|
77
|
+
boo # SCANNY_IGNORE_NEXT
|
78
|
+
42
|
79
|
+
EOT
|
80
|
+
end
|
81
|
+
|
82
|
+
it "does not ignore a line with SCANNY_IGNORE_NEXT" do
|
83
|
+
@runner.should check(<<-EOT).with_n_issues(3)
|
84
|
+
42 # SCANNY_IGNORE_NEXT
|
85
|
+
EOT
|
86
|
+
end
|
87
|
+
|
88
|
+
it "does not ignore 2nd line after SCANNY_IGNORE_NEXT" do
|
89
|
+
@runner.should check(<<-EOT).with_n_issues(3)
|
90
|
+
boo # SCANNY_IGNORE_NEXT
|
91
|
+
boo
|
92
|
+
42
|
93
|
+
EOT
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
describe "SCANNY_IGNORE_NEXT_n" do
|
98
|
+
it "ignores n lines after SCANNY_IGNORE_NEXT_n" do
|
99
|
+
@runner.should check(<<-EOT).without_issues
|
100
|
+
# SCANNY_IGNORE_NEXT_3
|
101
|
+
42
|
102
|
+
42
|
103
|
+
42
|
104
|
+
EOT
|
105
|
+
end
|
106
|
+
|
107
|
+
it "does not ignore a line with SCANNY_IGNORE_NEXT_n" do
|
108
|
+
@runner.should check(<<-EOT).with_n_issues(3)
|
109
|
+
42 # SCANNY_IGNORE_NEXT_3
|
110
|
+
EOT
|
111
|
+
end
|
112
|
+
|
113
|
+
it "does not ignore (n+1)th line after SCANNY_IGNORE_NEXT_n" do
|
114
|
+
@runner.should check(<<-EOT).with_n_issues(3)
|
115
|
+
boo # SCANNY_IGNORE_NEXT_3
|
116
|
+
boo
|
117
|
+
boo
|
118
|
+
boo
|
119
|
+
42
|
120
|
+
EOT
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
126
|
+
# We don't test #check_file since it's just a tiny wrapper around #check.
|
127
|
+
end
|
128
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
module Scanny
|
2
|
+
module Checks
|
3
|
+
class TestCheck < Check
|
4
|
+
def pattern
|
5
|
+
'FixnumLiteral'
|
6
|
+
end
|
7
|
+
|
8
|
+
def check(node)
|
9
|
+
issue :high, "Hey, I found unsecure code!", :cwe => 42
|
10
|
+
issue :high, "Hey, I found more unsecure code!", :cwe => 43
|
11
|
+
issue :low, "OK, this is unsecure too, but not that much"
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
module ConstSpecHelpers
|
2
|
+
def with_const(const, &block)
|
3
|
+
saved_consts = {}
|
4
|
+
const.each do |const, val|
|
5
|
+
saved_consts[const] = Object.const_get(const)
|
6
|
+
Object.const_set(const, val)
|
7
|
+
end
|
8
|
+
|
9
|
+
begin
|
10
|
+
block.call
|
11
|
+
ensure
|
12
|
+
const.each_key do |const|
|
13
|
+
Object.const_set(const, saved_consts[ const ])
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def with_ruby(engine = "rbx", version = '1.9.3', &block)
|
19
|
+
with_const(:RUBY_VERSION => version,:RUBY_ENGINE => engine, &block)
|
20
|
+
end
|
21
|
+
|
22
|
+
def silence
|
23
|
+
orig_stdout = $stderr
|
24
|
+
$stderr = File.new('/dev/null', 'w')
|
25
|
+
yield
|
26
|
+
ensure
|
27
|
+
$stderr = orig_stdout
|
28
|
+
end
|
29
|
+
|
30
|
+
def load_with(engine, version, file)
|
31
|
+
silence do
|
32
|
+
with_ruby(engine, version) { load(file) }
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|