Class: Brakeman::Report::Text
- Inherits:
-
Base
- Object
- Base
- Brakeman::Report::Text
show all
- Defined in:
- lib/brakeman/report/report_text.rb
Constant Summary
Constants inherited
from Base
Base::TEXT_CONFIDENCE
Constants included
from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Instance Attribute Summary
Attributes inherited from Base
#checks, #tracker
Instance Method Summary
collapse
Methods inherited from Base
#all_warnings, #controller_warnings, #convert_controller_warning, #convert_ignored_warning, #convert_model_warning, #convert_template_warning, #convert_to_rows, #convert_warning, #filter_warnings, #generate_controller_warnings, #generate_controllers, #generate_ignored_warnings, #generate_model_warnings, #generate_template_warnings, #generic_warnings, #ignored_warnings, #initialize, #model_warnings, #number_of_templates, #rails_version, #render_warnings, #sort, #template_warnings, #text_message, #warning_file, #warnings_summary
Methods included from Util
#array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore
Instance Method Details
#add_chunk(chunk, out = @output_string) ⇒ Object
26
27
28
29
30
31
32
33
34
|
# File 'lib/brakeman/report/report_text.rb', line 26
def add_chunk chunk, out = @output_string
if chunk and not chunk.empty?
if chunk.is_a? Array
chunk = chunk.join("\n")
end
out << chunk << "\n\n"
end
end
|
#confidence(c) ⇒ Object
167
168
169
170
171
172
173
174
175
176
|
# File 'lib/brakeman/report/report_text.rb', line 167
def confidence c
case c
when 0
HighLine.new.color("High", :red)
when 1
HighLine.new.color("Medium", :yellow)
when 2
HighLine.new.color("Weak", :none)
end
end
|
#double_space(title, values) ⇒ Object
152
153
154
155
|
# File 'lib/brakeman/report/report_text.rb', line 152
def double_space title, values
values = values.map { |v| v.join("\n") }.join("\n\n")
[(title), values]
end
|
157
158
159
160
161
162
163
164
165
|
# File 'lib/brakeman/report/report_text.rb', line 157
def format_code w
if @highlight_user_input and w.user_input
w.format_with_user_input do |exp, text|
HighLine.new.color(text, :yellow)
end
else
w.format_code
end
end
|
#generate_errors ⇒ Object
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
# File 'lib/brakeman/report/report_text.rb', line 88
def generate_errors
return if tracker.errors.empty?
full_trace = tracker.options[:debug]
errors = tracker.errors.map do |e|
trace = if full_trace
e[:backtrace].join("\n")
else
e[:backtrace][0]
end
[
label("Error", e[:error]),
label("Location", trace)
]
end
double_space "Errors", errors
end
|
36
37
38
39
40
41
42
43
44
45
46
|
# File 'lib/brakeman/report/report_text.rb', line 36
def
[
("Brakeman Report"),
label("Application Path", tracker.app_path),
label("Rails Version", rails_version),
label("Brakeman Version", Brakeman::Version),
label("Scan Date", tracker.start_time),
label("Duration", "#{tracker.duration} seconds"),
label("Checks Run", checks.checks_run.sort.join(", "))
]
end
|
#generate_obsolete ⇒ Object
108
109
110
111
112
|
# File 'lib/brakeman/report/report_text.rb', line 108
def generate_obsolete
return if tracker.unused_fingerprints.empty?
[("Obsolete Ignore Entries")] + tracker.unused_fingerprints
end
|
#generate_overview ⇒ Object
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# File 'lib/brakeman/report/report_text.rb', line 48
def generate_overview
overview = [
("Overview"),
label('Controllers', tracker.controllers.length),
label('Models', tracker.models.length - 1),
label('Templates', number_of_templates(@tracker)),
label('Errors', tracker.errors.length),
label('Security Warnings', all_warnings.length)
]
unless ignored_warnings.empty?
overview << label('Ignored Warnings', ignored_warnings.length)
end
overview
end
|
#generate_report ⇒ Object
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
# File 'lib/brakeman/report/report_text.rb', line 4
def generate_report
HighLine.use_color = !!tracker.options[:output_color]
summary_option = tracker.options[:summary_only]
@output_string = "\n"
unless summary_option == :no_summary
add_chunk
add_chunk generate_overview
add_chunk generate_warning_overview
end
if summary_option == :summary_only or summary_option == true
return @output_string
end
add_chunk generate_controllers if tracker.options[:debug] or tracker.options[:report_routes]
add_chunk generate_templates if tracker.options[:debug]
add_chunk generate_obsolete
add_chunk generate_errors
add_chunk generate_warnings
end
|
#generate_templates ⇒ Object
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# File 'lib/brakeman/report/report_text.rb', line 114
def generate_templates
out_processor = Brakeman::OutputProcessor.new
template_rows = {}
tracker.templates.each do |name, template|
template.each_output do |out|
out = out_processor.format out
template_rows[name] ||= []
template_rows[name] << out.gsub("\n", ";").gsub(/\s+/, " ")
end
end
double_space "Template Output", template_rows.sort_by { |name, value| name.to_s }.map { |template|
[HighLine.new.color(template.first.to_s << "\n", :cyan)] + template[1]
}.compact
end
|
#generate_warning_overview ⇒ Object
65
66
67
68
69
70
71
72
|
# File 'lib/brakeman/report/report_text.rb', line 65
def generate_warning_overview
warning_types = warnings_summary
warning_types.delete :high_confidence
warning_types.sort_by { |t, c| t }.map do |type, count|
label(type, count)
end.unshift(('Warning Types'))
end
|
#generate_warnings ⇒ Object
74
75
76
77
78
79
80
81
82
83
84
85
86
|
# File 'lib/brakeman/report/report_text.rb', line 74
def generate_warnings
if tracker.filtered_warnings.empty?
HighLine.color("No warnings found", :bold, :green)
else
warnings = tracker.filtered_warnings.sort_by do |w|
[w.confidence, w.warning_type, w.fingerprint]
end.map do |w|
output_warning w
end
double_space "Warnings", warnings
end
end
|
182
183
184
|
# File 'lib/brakeman/report/report_text.rb', line 182
def text
HighLine.new.color("== #{text} ==\n", :bold, :magenta)
end
|
#label(l, value, color = :green) ⇒ Object
178
179
180
|
# File 'lib/brakeman/report/report_text.rb', line 178
def label l, value, color = :green
"#{HighLine.new.color(l, color)}: #{value}"
end
|
#output_warning(w) ⇒ Object
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
# File 'lib/brakeman/report/report_text.rb', line 131
def output_warning w
out = [
label('Confidence', confidence(w.confidence)),
label('Category', w.warning_type.to_s),
label('Check', w.check.gsub(/^Brakeman::Check/, '')),
label('Message', w.message)
]
if w.code
out << label('Code', format_code(w))
end
out << label('File', warning_file(w))
if w.line
out << label('Line', w.line)
end
out
end
|
#render_array(name, cols, values, locals) ⇒ Object
ONLY used for generate_controllers to avoid duplication
187
188
189
190
191
192
193
194
195
196
197
198
|
# File 'lib/brakeman/report/report_text.rb', line 187
def render_array name, cols, values, locals
controllers = values.map do |name, parent, includes, routes|
[
label("Controller", name),
label("Parent", parent),
label("Includes", includes),
label("Routes", routes)
]
end
double_space "Controller Overview", controllers
end
|