Class: Brakeman::RescanReport

Inherits:

Object

• Object
• Brakeman::RescanReport

Includes:

Util

Defined in:

lib/brakeman/rescanner.rb

Overview

Class to make reporting of rescan results simpler to deal with

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS

Instance Attribute Summary

• #new_results ⇒ Object readonly

  Returns the value of attribute new_results.

• #old_results ⇒ Object readonly

  Returns the value of attribute old_results.

Instance Method Summary

• #all_warnings ⇒ Object

  Returns an array of all warnings found.

• #any_warnings? ⇒ Boolean

  Returns true if any warnings were found (new or old).

• #diff ⇒ Object

  Returns a hash of arrays for :new and :fixed warnings.

• #existing_warnings ⇒ Object

  Returns an array of warnings which were in the old report and the new report.

• #fixed_warnings ⇒ Object

  Returns an array of warnings which were in the old report but are not in the new report after rescanning.

• #initialize(old_results, tracker) ⇒ RescanReport constructor

  A new instance of RescanReport.

• #new_warnings ⇒ Object

  Returns an array of warnings which were in the new report but were not in the old report.

• #to_s(verbose = false) ⇒ Object

  Output total, fixed, and new warnings.

• #warnings_changed? ⇒ Boolean

  Returns true if there are any new or fixed warnings.

Methods included from Util

#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Constructor Details

#initialize(old_results, tracker) ⇒ RescanReport

Returns a new instance of RescanReport.

# File 'lib/brakeman/rescanner.rb', line 408

def initialize old_results, tracker
  @tracker = tracker
  @old_results = old_results
  @all_warnings = nil
  @diff = nil
end

Instance Attribute Details

#new_results ⇒ Object (readonly)

Returns the value of attribute new_results.

# File 'lib/brakeman/rescanner.rb', line 406

def new_results
  @new_results
end

#old_results ⇒ Object (readonly)

Returns the value of attribute old_results.

# File 'lib/brakeman/rescanner.rb', line 406

def old_results
  @old_results
end

Instance Method Details

#all_warnings ⇒ Object

Returns an array of all warnings found

# File 'lib/brakeman/rescanner.rb', line 421

def all_warnings
  @all_warnings ||= @tracker.filtered_warnings
end

#any_warnings? ⇒ Boolean

Returns true if any warnings were found (new or old)

Returns:

• (Boolean)

# File 'lib/brakeman/rescanner.rb', line 416

def any_warnings?
  not all_warnings.empty?
end

#diff ⇒ Object

Returns a hash of arrays for :new and :fixed warnings

# File 'lib/brakeman/rescanner.rb', line 443

def diff
  @diff ||= Brakeman::Differ.new(all_warnings, @old_results).diff
end

#existing_warnings ⇒ Object

Returns an array of warnings which were in the old report and the new report

# File 'lib/brakeman/rescanner.rb', line 448

def existing_warnings
  @old ||= all_warnings.select do |w|
    not new_warnings.include? w
  end
end

#fixed_warnings ⇒ Object

Returns an array of warnings which were in the old report but are not in the new report after rescanning

# File 'lib/brakeman/rescanner.rb', line 427

def fixed_warnings
  diff[:fixed]
end

#new_warnings ⇒ Object

Returns an array of warnings which were in the new report but were not in the old report

# File 'lib/brakeman/rescanner.rb', line 433

def new_warnings
  diff[:new]
end

#to_s(verbose = false) ⇒ Object

Output total, fixed, and new warnings

# File 'lib/brakeman/rescanner.rb', line 455

def to_s(verbose = false)
  Brakeman.load_brakeman_dependency 'terminal-table'

  if !verbose
    <<-OUTPUT
Total warnings: #{all_warnings.length}
Fixed warnings: #{fixed_warnings.length}
New warnings: #{new_warnings.length}
    OUTPUT
  else
    #Eventually move this to different method, or make default to_s
    out = ""

    {:fixed => fixed_warnings, :new => new_warnings, :existing => existing_warnings}.each do |warning_type, warnings|
      if warnings.length > 0
        out << "#{warning_type.to_s.titleize} warnings: #{warnings.length}\n"

        table = Terminal::Table.new(:headings => ["Confidence", "Class", "Method", "Warning Type", "Message"]) do |t|
          warnings.sort_by { |w| w.confidence}.each do |warning|
            w = warning.to_row

            w["Confidence"] = Brakeman::Report::TEXT_CONFIDENCE[w["Confidence"]]

            t << [w["Confidence"], w["Class"], w["Method"], w["Warning Type"], w["Message"]]
          end
        end
        out << truncate_table(table.to_s)
      end
    end

    out
  end
end

#warnings_changed? ⇒ Boolean

Returns true if there are any new or fixed warnings

Returns:

• (Boolean)

# File 'lib/brakeman/rescanner.rb', line 438

def warnings_changed?
  not (diff[:new].empty? and diff[:fixed].empty?)
end