Class: Brakeman::Warning

Inherits:
Object
  • Object
show all
Defined in:
lib/brakeman/warning.rb

Overview

The Warning class stores information about warnings

Constant Summary collapse

TEXT_CONFIDENCE = 
{
  0 => "High",
  1 => "Medium",
  2 => "Weak",
}
CONFIDENCE = 
{
  :high => 0,
  :med => 1,
  :medium => 1,
  :low => 2,
  :weak => 2,
}
OPTIONS = 
{
  :called_from => :@called_from,
  :check => :@check,
  :class => :@class,
  :code => :@code,
  :controller => :@controller,
  :file => :@file,
  :gem_info => :@gem_info,
  :line => :@line,
  :link => :@link,
  :link_path => :@link_path,
  :message => :@message,
  :method => :@method,
  :model => :@model,
  :template => :@template,
  :user_input => :@user_input,
  :warning_set => :@warning_set,
  :warning_type => :@warning_type,
}

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Warning

options[:result] can be a result from Tracker#find_call. Otherwise, it can be nil.



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
# File 'lib/brakeman/warning.rb', line 49

def initialize options = {}
  @view_name = nil

  OPTIONS.each do |key, var|
    self.instance_variable_set(var, options[key])
  end

  self.confidence = options[:confidence]

  result = options[:result]
  if result
    @code ||= result[:call]
    @file ||= result[:location][:file]

    if result[:location][:type] == :template #template result
      @template ||= result[:location][:template]
    else
      @class ||= result[:location][:class]
      @method ||= result[:location][:method]
    end
  end

  if @method.to_s =~ /^fake_filter\d+/
    @method = :before_filter
  end

  if @user_input.is_a? Brakeman::BaseCheck::Match
    @user_input_type = @user_input.type
    @user_input = @user_input.match
  elsif @user_input == false
    @user_input = nil
  end

  if not @line
    if @user_input and @user_input.respond_to? :line
      @line = @user_input.line
    elsif @code and @code.respond_to? :line
      @line = @code.line
    end
  end

  if @gem_info
    if @gem_info.is_a? Hash
      @line ||= @gem_info[:line]
      @file ||= @gem_info[:file]
    else
      # Fallback behavior returns just a string for the file name
      @file ||= @gem_info
    end
  end

  unless @warning_set
    if self.model
      @warning_set = :model
      @file ||= self.model.file
    elsif self.template
      @warning_set = :template
      @called_from = self.template.render_path
      @file ||= self.template.file
    elsif self.controller
      @warning_set = :controller
    else
      @warning_set = :warning
    end
  end

  if options[:warning_code]
    @warning_code = Brakeman::WarningCodes.code options[:warning_code]
  else
    @warning_code = nil
  end

  Brakeman.debug("Warning created without warning code: #{options[:warning_code]}") unless @warning_code

  if options[:message].is_a? String
    @message = Brakeman::Messages::Message.new(options[:message])
  end

  @format_message = nil
  @row = nil
end

Instance Attribute Details

#called_fromObject (readonly)

Returns the value of attribute called_from.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def called_from
  @called_from
end

#checkObject (readonly)

Returns the value of attribute check.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def check
  @check
end

#classObject (readonly)

Returns the value of attribute class.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def class
  @class
end

#codeObject

Returns the value of attribute code.



12
13
14
 
# File 'lib/brakeman/warning.rb', line 12

def code
  @code
end

#confidenceObject

Returns the value of attribute confidence.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def confidence
  @confidence
end

#contextObject

Returns the value of attribute context.



12
13
14
 
# File 'lib/brakeman/warning.rb', line 12

def context
  @context
end

#controllerObject (readonly)

Returns the value of attribute controller.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def controller
  @controller
end

#fileObject

Returns the value of attribute file.



12
13
14
 
# File 'lib/brakeman/warning.rb', line 12

def file
  @file
end

#lineObject (readonly)

Returns the value of attribute line.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def line
  @line
end

#messageObject

Returns the value of attribute message.



12
13
14
 
# File 'lib/brakeman/warning.rb', line 12

def message
  @message
end

#methodObject (readonly)

Returns the value of attribute method.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def method
  @method
end

#modelObject (readonly)

Returns the value of attribute model.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def model
  @model
end

#templateObject (readonly)

Returns the value of attribute template.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def template
  @template
end

#user_inputObject (readonly)

Returns the value of attribute user_input.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def user_input
  @user_input
end

#user_input_typeObject (readonly)

Returns the value of attribute user_input_type.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def user_input_type
  @user_input_type
end

#warning_codeObject (readonly)

Returns the value of attribute warning_code.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def warning_code
  @warning_code
end

#warning_setObject (readonly)

Returns the value of attribute warning_set.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def warning_set
  @warning_set
end

#warning_typeObject (readonly)

Returns the value of attribute warning_type.



8
9
10
 
# File 'lib/brakeman/warning.rb', line 8

def warning_type
  @warning_type
end

Instance Method Details

#check_nameObject 



278
279
280
 
# File 'lib/brakeman/warning.rb', line 278

def check_name
  @check_name ||= self.check.sub(/^Brakeman::Check/, '')
end

#confidence_nameObject 



282
283
284
 
# File 'lib/brakeman/warning.rb', line 282

def confidence_name
  TEXT_CONFIDENCE[self.confidence]
end

#eql?(other_warning) ⇒ Boolean

Returns:

  • (Boolean) 


135
136
137
 
# File 'lib/brakeman/warning.rb', line 135

def eql? other_warning
  self.hash == other_warning.hash
end

#fingerprintObject 



248
249
250
251
252
253
254
255
 
# File 'lib/brakeman/warning.rb', line 248

def fingerprint
  loc = self.location
  location_string = loc && loc.sort_by { |k, v| k.to_s }.inspect
  warning_code_string = sprintf("%03d", @warning_code)
  code_string = @code.inspect

  Digest::SHA2.new(256).update("#{warning_code_string}#{code_string}#{location_string}#{self.file.relative}#{self.confidence}").to_s
end

#format_code(strip = true) ⇒ Object

Return String of the code output from the OutputProcessor and stripped of newlines and tabs.



164
165
166
 
# File 'lib/brakeman/warning.rb', line 164

def format_code strip = true
  format_ruby self.code, strip
end

#format_messageObject

Return formatted warning message



185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
 
# File 'lib/brakeman/warning.rb', line 185

def format_message
  return @format_message if @format_message

  @format_message = self.message.to_s.dup

  if self.line
    @format_message << " near line #{self.line}"
  end

  if self.code
    @format_message << ": #{format_code}"
  end

  @format_message
end

#format_user_input(strip = true) ⇒ Object

Return String of the user input formatted and stripped of newlines and tabs.



170
171
172
 
# File 'lib/brakeman/warning.rb', line 170

def format_user_input strip = true
  format_ruby self.user_input, strip
end

#format_with_user_input(strip = true, &block) ⇒ Object 



174
175
176
177
178
179
180
181
182
 
# File 'lib/brakeman/warning.rb', line 174

def format_with_user_input strip = true, &block
  if self.user_input
    formatted = Brakeman::OutputProcessor.new.format(code, self.user_input, &block)
    formatted.gsub!(/(\t|\r|\n)+/, " ") if strip
    formatted
  else
    format_code
  end
end

#hashObject 



131
132
133
 
# File 'lib/brakeman/warning.rb', line 131

def hash
  self.to_s.hash
end

#linkObject 



201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
 
# File 'lib/brakeman/warning.rb', line 201

def link
  return @link if @link

  if @link_path
    if @link_path.start_with? "http"
      @link = @link_path
    else
      @link = "https://brakemanscanner.org/docs/warning_types/#{@link_path}"
    end
  else
    warning_path = self.warning_type.to_s.downcase.gsub(/\s+/, '_') + "/"
    @link = "https://brakemanscanner.org/docs/warning_types/#{warning_path}"
  end

  @link
end

#location(include_renderer = true) ⇒ Object 



257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
 
# File 'lib/brakeman/warning.rb', line 257

def location include_renderer = true
  case @warning_set
  when :template
    { :type => :template, :template => self.view_name(include_renderer) }
  when :model
    { :type => :model, :model => self.model.name }
  when :controller
    { :type => :controller, :controller => self.controller }
  when :warning
    if self.class
      { :type => :method, :class => self.class, :method => self.method }
    else
      nil
    end
  end
end

#relative_pathObject 



274
275
276
 
# File 'lib/brakeman/warning.rb', line 274

def relative_path
  self.file.relative
end

#to_hash(absolute_paths: true) ⇒ Object 



286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
 
# File 'lib/brakeman/warning.rb', line 286

def to_hash absolute_paths: true
  if self.called_from and not absolute_paths
    render_path = self.called_from.with_relative_paths
  else
    render_path = self.called_from
  end

  { :warning_type => self.warning_type,
    :warning_code => @warning_code,
    :fingerprint => self.fingerprint,
    :check_name => self.check_name,
    :message => self.message.to_s,
    :file => (absolute_paths ? self.file.absolute : self.file.relative),
    :line => self.line,
    :link => self.link,
    :code => (@code && self.format_code(false)),
    :render_path => render_path,
    :location => self.location(false),
    :user_input => (@user_input && self.format_user_input(false)),
    :confidence => self.confidence_name
  }
end

#to_jsonObject 



309
310
311
 
# File 'lib/brakeman/warning.rb', line 309

def to_json
  JSON.generate self.to_hash
end

#to_row(type = :warning) ⇒ Object

Generates a hash suitable for inserting into a table



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
 
# File 'lib/brakeman/warning.rb', line 219

def to_row type = :warning
  @row = { "Confidence" => TEXT_CONFIDENCE[self.confidence],
    "Warning Type" => self.warning_type.to_s,
    "Message" => self.message }

  case type
  when :template
    @row["Template"] = self.view_name.to_s
  when :model
    @row["Model"] = self.model.name.to_s
  when :controller
    @row["Controller"] = self.controller.to_s
  when :warning
    @row["Class"] = self.class.to_s
    @row["Method"] = self.method.to_s
  end

  @row
end

#to_sObject 



239
240
241
242
243
244
245
246
 
# File 'lib/brakeman/warning.rb', line 239

def to_s
 output =  "(#{TEXT_CONFIDENCE[self.confidence]}) #{self.warning_type} - #{self.message}"
 output << " near line #{self.line}" if self.line
 output << " in #{self.file.relative}" if self.file
 output << ": #{self.format_code}" if self.code

 output
end

#view_name(include_renderer = true) ⇒ Object

Returns name of a view, including where it was rendered from



154
155
156
157
158
159
160
 
# File 'lib/brakeman/warning.rb', line 154

def view_name(include_renderer = true)
  if called_from and include_renderer
    @view_name = "#{template.name} (#{called_from.last})"
  else
    @view_name = template.name
  end
end