Class: Brakeman::Report::Text
- Inherits:
-
Base
- Object
- Base
- Brakeman::Report::Text
show all
- Defined in:
- lib/brakeman/report/report_text.rb
Constant Summary
Constants inherited
from Base
Base::TEXT_CONFIDENCE
Constants included
from Util
Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP
Instance Attribute Summary
Attributes inherited from Base
#checks, #tracker
Instance Method Summary
collapse
Methods inherited from Base
#absolute_paths?, #all_warnings, #context_for, #controller_information, #controller_warnings, #filter_warnings, #generic_warnings, #github_url, #ignored_warnings, #initialize, #model_warnings, #number_of_templates, #rails_version, #template_warnings, #warning_file, #warnings_summary
Methods included from Util
#array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #kwsplat?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #remove_kwsplat, #request_env?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore
Instance Method Details
#add_chunk(chunk, out = @output_string) ⇒ Object
26
27
28
29
30
31
32
33
34
|
# File 'lib/brakeman/report/report_text.rb', line 26
def add_chunk chunk, out = @output_string
if chunk and not chunk.empty?
if chunk.is_a? Array
chunk = chunk.join("\n")
end
out << chunk << "\n\n"
end
end
|
#confidence(c) ⇒ Object
183
184
185
186
187
188
189
190
191
192
|
# File 'lib/brakeman/report/report_text.rb', line 183
def confidence c
case c
when 0
HighLine.new.color("High", :red)
when 1
HighLine.new.color("Medium", :yellow)
when 2
HighLine.new.color("Weak", :none)
end
end
|
#double_space(title, values) ⇒ Object
168
169
170
171
|
# File 'lib/brakeman/report/report_text.rb', line 168
def double_space title, values
values = values.map { |v| v.join("\n") }.join("\n\n")
[(title), values]
end
|
173
174
175
176
177
178
179
180
181
|
# File 'lib/brakeman/report/report_text.rb', line 173
def format_code w
if @highlight_user_input and w.user_input
w.format_with_user_input do |exp, text|
HighLine.new.color(text, :yellow)
end
else
w.format_code
end
end
|
#generate_controllers ⇒ Object
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
# File 'lib/brakeman/report/report_text.rb', line 36
def generate_controllers
double_space "Controller Overview", controller_information.map { |ci|
controller = [
label("Controller", ci["Name"]),
label("Parent", ci["Parent"]),
label("Routes", ci["Routes"])
]
if ci["Includes"] and not ci["Includes"].empty?
controller.insert(2, label("Includes", ci["Includes"]))
end
controller
}
end
|
#generate_errors ⇒ Object
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# File 'lib/brakeman/report/report_text.rb', line 104
def generate_errors
return if tracker.errors.empty?
full_trace = tracker.options[:debug]
errors = tracker.errors.map do |e|
trace = if full_trace
e[:backtrace].join("\n")
else
e[:backtrace][0]
end
[
label("Error", e[:error]),
label("Location", trace)
]
end
double_space "Errors", errors
end
|
52
53
54
55
56
57
58
59
60
61
62
|
# File 'lib/brakeman/report/report_text.rb', line 52
def
[
("Brakeman Report"),
label("Application Path", tracker.app_path),
label("Rails Version", rails_version),
label("Brakeman Version", Brakeman::Version),
label("Scan Date", tracker.start_time),
label("Duration", "#{tracker.duration} seconds"),
label("Checks Run", checks.checks_run.sort.join(", "))
]
end
|
#generate_obsolete ⇒ Object
124
125
126
127
128
|
# File 'lib/brakeman/report/report_text.rb', line 124
def generate_obsolete
return if tracker.unused_fingerprints.empty?
[("Obsolete Ignore Entries")] + tracker.unused_fingerprints
end
|
#generate_overview ⇒ Object
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
# File 'lib/brakeman/report/report_text.rb', line 64
def generate_overview
overview = [
("Overview"),
label('Controllers', tracker.controllers.length),
label('Models', tracker.models.length - 1),
label('Templates', number_of_templates(@tracker)),
label('Errors', tracker.errors.length),
label('Security Warnings', all_warnings.length)
]
unless ignored_warnings.empty?
overview << label('Ignored Warnings', ignored_warnings.length)
end
overview
end
|
#generate_report ⇒ Object
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
# File 'lib/brakeman/report/report_text.rb', line 4
def generate_report
HighLine.use_color = !!tracker.options[:output_color]
summary_option = tracker.options[:summary_only]
@output_string = "\n"
unless summary_option == :no_summary
add_chunk
add_chunk generate_overview
add_chunk generate_warning_overview
end
if summary_option == :summary_only or summary_option == true
return @output_string
end
add_chunk generate_controllers if tracker.options[:debug] or tracker.options[:report_routes]
add_chunk generate_templates if tracker.options[:debug]
add_chunk generate_obsolete
add_chunk generate_errors
add_chunk generate_warnings
end
|
#generate_templates ⇒ Object
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
# File 'lib/brakeman/report/report_text.rb', line 130
def generate_templates
out_processor = Brakeman::OutputProcessor.new
template_rows = {}
tracker.templates.each do |name, template|
template.each_output do |out|
out = out_processor.format out
template_rows[name] ||= []
template_rows[name] << out.gsub("\n", ";").gsub(/\s+/, " ")
end
end
double_space "Template Output", template_rows.sort_by { |name, value| name.to_s }.map { |template|
[HighLine.new.color("#{template.first}\n", :cyan)] + template[1]
}.compact
end
|
#generate_warning_overview ⇒ Object
81
82
83
84
85
86
87
88
|
# File 'lib/brakeman/report/report_text.rb', line 81
def generate_warning_overview
warning_types = warnings_summary
warning_types.delete :high_confidence
warning_types.sort_by { |t, c| t }.map do |type, count|
label(type, count)
end.unshift(('Warning Types'))
end
|
#generate_warnings ⇒ Object
90
91
92
93
94
95
96
97
98
99
100
101
102
|
# File 'lib/brakeman/report/report_text.rb', line 90
def generate_warnings
if tracker.filtered_warnings.empty?
HighLine.color("No warnings found", :bold, :green)
else
warnings = tracker.filtered_warnings.sort_by do |w|
[w.confidence, w.warning_type, w.file, w.line, w.fingerprint]
end.map do |w|
output_warning w
end
double_space "Warnings", warnings
end
end
|
198
199
200
|
# File 'lib/brakeman/report/report_text.rb', line 198
def text
HighLine.new.color("== #{text} ==\n", :bold, :magenta)
end
|
#label(l, value, color = :green) ⇒ Object
194
195
196
|
# File 'lib/brakeman/report/report_text.rb', line 194
def label l, value, color = :green
"#{HighLine.new.color(l, color)}: #{value}"
end
|
#output_warning(w) ⇒ Object
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
# File 'lib/brakeman/report/report_text.rb', line 147
def output_warning w
out = [
label('Confidence', confidence(w.confidence)),
label('Category', w.warning_type.to_s),
label('Check', w.check.gsub(/^Brakeman::Check/, '')),
label('Message', w.message)
]
if w.code
out << label('Code', format_code(w))
end
out << label('File', warning_file(w))
if w.line
out << label('Line', w.line)
end
out
end
|
#render_array(name, cols, values, locals) ⇒ Object
ONLY used for generate_controllers to avoid duplication
203
204
205
206
207
208
209
210
211
212
|
# File 'lib/brakeman/report/report_text.rb', line 203
def render_array name, cols, values, locals
controllers = values.map do |controller_name, parent, includes, routes|
c = [ label("Controller", controller_name) ]
c << label("Parent", parent) unless parent.empty?
c << label("Includes", includes) unless includes.empty?
c << label("Routes", routes)
end
double_space "Controller Overview", controllers
end
|