Class: Brakeman::Report::Text

Inherits:
Base
  • Object
show all
Defined in:
lib/brakeman/report/report_text.rb

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS

Instance Attribute Summary

Attributes inherited from Base

#checks, #tracker

Instance Method Summary collapse

Methods inherited from Base

#absolute_paths?, #all_warnings, #context_for, #controller_information, #controller_warnings, #filter_warnings, #generic_warnings, #github_url, #ignored_warnings, #initialize, #model_warnings, #number_of_templates, #rails_version, #template_warnings, #warning_file, #warnings_summary

Methods included from Util

#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Constructor Details

This class inherits a constructor from Brakeman::Report::Base

Instance Method Details

#add_chunk(chunk, out = @output_string) ⇒ Object 



29
30
31
32
33
34
35
36
37
 
# File 'lib/brakeman/report/report_text.rb', line 29

def add_chunk chunk, out = @output_string
  if chunk and not chunk.empty?
    if chunk.is_a? Array
      chunk = chunk.join("\n")
    end

    out << chunk << "\n\n"
  end
end

#confidence(c) ⇒ Object 



213
214
215
216
217
218
219
220
221
222
 
# File 'lib/brakeman/report/report_text.rb', line 213

def confidence c
  case c
  when 0
    HighLine.new.color("High", :red)
  when 1
    HighLine.new.color("Medium", :yellow)
  when 2
    HighLine.new.color("Weak", :none)
  end
end

#double_space(title, values) ⇒ Object 



198
199
200
201
 
# File 'lib/brakeman/report/report_text.rb', line 198

def double_space title, values
  values = values.map { |v| v.join("\n") }.join("\n\n")
  [header(title), values]
end

#format_code(w) ⇒ Object 



203
204
205
206
207
208
209
210
211
 
# File 'lib/brakeman/report/report_text.rb', line 203

def format_code w
  if @highlight_user_input and w.user_input
    w.format_with_user_input do |exp, text|
      HighLine.new.color(text, :yellow)
    end
  else
    w.format_code
  end
end

#format_line(w, option) ⇒ Object 



163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
 
# File 'lib/brakeman/report/report_text.rb', line 163

def format_line w, option
  case option
  when :confidence
    label('Confidence', confidence(w.confidence))
  when :category
    label('Category', w.warning_type.to_s)
  when :cwe
    label('CWE', w.cwe_id.join(', '))
  when :check
    label('Check', w.check_name)
  when :message
    label('Message', w.message)
  when :code
    if w.code
      label('Code', format_code(w))
    end
  when :file
    label('File', warning_file(w))
  when :line
    if w.line
      label('Line', w.line)
    end
  when :link
    label('Link', w.link)
  when :fingerprint
    label('Fingerprint', w.fingerprint)
  when :category_id
    label('Category ID', w.warning_code)
  when :render_path
    if w.called_from
      label('Render Path', w.called_from.join(" > "))
    end
  end
end

#generate_controllersObject 



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/brakeman/report/report_text.rb', line 39

def generate_controllers
  double_space "Controller Overview", controller_information.map { |ci|
    controller = [
      label("Controller", ci["Name"]),
      label("Parent", ci["Parent"]),
      label("Routes", ci["Routes"])
    ]

    if ci["Includes"] and not ci["Includes"].empty?
      controller.insert(2, label("Includes", ci["Includes"]))
    end

    controller
  }
end

#generate_errorsObject 



111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
# File 'lib/brakeman/report/report_text.rb', line 111

def generate_errors
  return if tracker.errors.empty?
  full_trace = tracker.options[:debug]

  errors = tracker.errors.map do |e|
    trace = if full_trace
      e[:backtrace].join("\n")
    else
      e[:backtrace][0]
    end

    [
      label("Error", e[:error]),
      label("Location", trace)
    ]
  end

  double_space "Errors", errors
end

#generate_headerObject 



55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/brakeman/report/report_text.rb', line 55

def generate_header
  [
    header("Brakeman Report"),
    label("Application Path", tracker.app_path),
    label("Rails Version", rails_version),
    label("Brakeman Version", Brakeman::Version),
    label("Scan Date", tracker.start_time),
    label("Duration", "#{tracker.duration} seconds"),
    label("Checks Run", checks.checks_run.sort.join(", "))
  ]
end

#generate_obsoleteObject 



131
132
133
134
135
 
# File 'lib/brakeman/report/report_text.rb', line 131

def generate_obsolete
  return if tracker.unused_fingerprints.empty?

  [header("Obsolete Ignore Entries")] + tracker.unused_fingerprints
end

#generate_overviewObject 



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'lib/brakeman/report/report_text.rb', line 67

def generate_overview
  overview = [
    header("Overview"),
    label('Controllers', tracker.controllers.length),
    label('Models', tracker.models.length - 1),
    label('Templates', number_of_templates(@tracker)),
    label('Errors', tracker.errors.length),
    label('Security Warnings', all_warnings.length)
  ]

  unless ignored_warnings.empty?
    overview << label('Ignored Warnings', ignored_warnings.length)
  end

  overview
end

#generate_reportObject 



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/brakeman/report/report_text.rb', line 4

def generate_report
  HighLine.use_color = !!tracker.options[:output_color]
  summary_option = tracker.options[:summary_only]
  @output_string = +"\n"

  unless summary_option == :no_summary
    add_chunk generate_header
    add_chunk generate_overview
    add_chunk generate_warning_overview
  end

  if summary_option == :summary_only or summary_option == true
    return @output_string
  end

  add_chunk generate_controllers if tracker.options[:debug] or tracker.options[:report_routes]
  add_chunk generate_templates if tracker.options[:debug]
  add_chunk generate_obsolete
  add_chunk generate_errors
  add_chunk generate_warnings
  add_chunk generate_show_ignored_overview if tracker.options[:show_ignored] && ignored_warnings.any?

  @output_string
end

#generate_show_ignored_overviewObject 



107
108
109
 
# File 'lib/brakeman/report/report_text.rb', line 107

def generate_show_ignored_overview
  double_space("Ignored Warnings", ignored_warnings.map {|w| output_warning w})
end

#generate_templatesObject 



137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
 
# File 'lib/brakeman/report/report_text.rb', line 137

def generate_templates
  out_processor = Brakeman::OutputProcessor.new

  template_rows = {}
  tracker.templates.each do |name, template|
    template.each_output do |out|
      out = out_processor.format out
      template_rows[name] ||= []
      template_rows[name] << out.gsub("\n", ";").gsub(/\s+/, " ")
    end
  end

  double_space "Template Output", template_rows.sort_by { |name, value| name.to_s }.map { |template|
    [HighLine.new.color("#{template.first}\n", :cyan)] + template[1]
  }.compact
end

#generate_warning_overviewObject 



84
85
86
87
88
89
90
91
 
# File 'lib/brakeman/report/report_text.rb', line 84

def generate_warning_overview
  warning_types = warnings_summary
  warning_types.delete :high_confidence

  warning_types.sort_by { |t, c| t }.map do |type, count|
    label(type, count)
  end.unshift(header('Warning Types'))
end

#generate_warningsObject 



93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/brakeman/report/report_text.rb', line 93

def generate_warnings
  if tracker.filtered_warnings.empty?
    HighLine.color("No warnings found", :bold, :green)
  else
    warnings = tracker.filtered_warnings.sort_by do |w|
      [w.confidence, w.warning_type, w.file, w.line || 0, w.fingerprint]
    end.map do |w|
      output_warning w
    end

    double_space "Warnings", warnings
  end
end

#header(text) ⇒ Object 



228
229
230
 
# File 'lib/brakeman/report/report_text.rb', line 228

def header text
  HighLine.new.color("== #{text} ==\n", :bold, :magenta)
end

#label(l, value, color = :green) ⇒ Object 



224
225
226
 
# File 'lib/brakeman/report/report_text.rb', line 224

def label l, value, color = :green
  "#{HighLine.new.color(l, color)}: #{value}"
end

#output_warning(w) ⇒ Object 



154
155
156
157
158
159
160
161
 
# File 'lib/brakeman/report/report_text.rb', line 154

def output_warning w
  text_format = tracker.options[:text_fields] ||
    [:confidence, :category, :check, :message, :code, :file, :line]

  text_format.map do |option|
    format_line(w, option)
  end.compact
end

#render_array(name, cols, values, locals) ⇒ Object

ONLY used for generate_controllers to avoid duplication



233
234
235
236
237
238
239
240
241
242
 
# File 'lib/brakeman/report/report_text.rb', line 233

def render_array name, cols, values, locals
  controllers = values.map do |controller_name, parent, includes, routes|
    c = [ label("Controller", controller_name) ]
    c << label("Parent", parent) unless parent.empty?
    c << label("Includes", includes) unless includes.empty?
    c << label("Routes", routes)
  end

  double_space "Controller Overview", controllers
end