Class: Brakeman::Report::Markdown

Inherits:
Base
  • Object
show all
Defined in:
lib/brakeman/report/report_markdown.rb

Defined Under Namespace

Classes: MarkdownTable

Constant Summary

Constants inherited from Base

Base::TEXT_CONFIDENCE

Constants included from Util

Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP

Instance Attribute Summary

Attributes inherited from Base

#checks, #tracker

Instance Method Summary collapse

Methods inherited from Base

#all_warnings, #controller_warnings, #convert_controller_warning, #convert_ignored_warning, #convert_model_warning, #convert_template_warning, #convert_to_rows, #filter_warnings, #generate_controller_warnings, #generate_controllers, #generate_errors, #generate_ignored_warnings, #generate_model_warnings, #generate_template_warnings, #generate_warning_overview, #generate_warnings, #generic_warnings, #ignored_warnings, #initialize, #model_warnings, #number_of_templates, #rails_version, #render_warnings, #sort, #template_warnings, #text_message, #warning_file, #warnings_summary

Methods included from Util

#array?, #block?, #call?, #camelize, #class_name, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore

Constructor Details

This class inherits a constructor from Brakeman::Report::Base

Instance Method Details

#convert_warning(warning, original) ⇒ Object 



135
136
137
138
139
140
 
# File 'lib/brakeman/report/report_markdown.rb', line 135

def convert_warning warning, original
  warning["Confidence"] = TEXT_CONFIDENCE[warning["Confidence"]]
  warning["Message"] = markdown_message original, warning["Message"]
  warning["Warning Type"] = "[#{warning['Warning Type']}](#{original.link})" if original.link
  warning
end

#generate_checksObject 



78
79
80
81
82
 
# File 'lib/brakeman/report/report_markdown.rb', line 78

def generate_checks
  MarkdownTable.new(:headings => ['Checks performed']) do |t|
    t.add_row([checks.checks_run.sort.join(", ")])
  end
end

#generate_metadataObject 



63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/brakeman/report/report_markdown.rb', line 63

def generate_metadata
  MarkdownTable.new(
    :headings =>
      ['Application path', 'Rails version', 'Brakeman version', 'Started at', 'Duration']
  ) do |t|
    t.add_row([
      tracker.app_path,
      rails_version,
      Brakeman::Version,
      tracker.start_time,
      "#{tracker.duration} seconds",
    ])
  end
end

#generate_overviewObject 



84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/brakeman/report/report_markdown.rb', line 84

def generate_overview
  num_warnings = all_warnings.length

  MarkdownTable.new(:headings => ['Scanned/Reported', 'Total']) do |t|
    t.add_row ['Controllers', tracker.controllers.length]
    t.add_row ['Models', tracker.models.length - 1]
    t.add_row ['Templates', number_of_templates(@tracker)]
    t.add_row ['Errors', tracker.errors.length]
    t.add_row ['Security Warnings', "#{num_warnings} (#{warnings_summary[:high_confidence]})"]
    t.add_row ['Ignored Warnings', ignored_warnings.length] unless ignored_warnings.empty?
  end
end

#generate_reportObject 



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/brakeman/report/report_markdown.rb', line 24

def generate_report
  out = "# BRAKEMAN REPORT\n\n" <<
  generate_metadata.to_s << "\n\n" <<
  generate_checks.to_s << "\n\n" <<
  "### SUMMARY\n\n" <<
  generate_overview.to_s << "\n\n" <<
  generate_warning_overview.to_s << "\n\n"

  #Return output early if only summarizing
  return out if tracker.options[:summary_only]

  if tracker.options[:report_routes] or tracker.options[:debug]
    out << "### CONTROLLERS"  << "\n\n" <<
    generate_controllers.to_s << "\n\n"
  end

  if tracker.options[:debug]
    out << "### TEMPLATES\n\n" <<
    generate_templates.to_s << "\n\n"
  end

  res = generate_errors
  out << "### Errors\n\n" << res.to_s << "\n\n" if res

  res = generate_warnings
  out << "### SECURITY WARNINGS\n\n" << res.to_s << "\n\n" if res

  res = generate_controller_warnings
  out << "### Controller Warnings:\n\n" << res.to_s << "\n\n" if res

  res = generate_model_warnings
  out << "### Model Warnings:\n\n" << res.to_s << "\n\n" if res

  res = generate_template_warnings
  out << "### View Warnings:\n\n" << res.to_s << "\n\n" if res

  out
end

#generate_templatesObject

Generate listings of templates and their output



98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
 
# File 'lib/brakeman/report/report_markdown.rb', line 98

def generate_templates
  out_processor = Brakeman::OutputProcessor.new
  template_rows = {}
  tracker.templates.each do |name, template|
    template.each_output do |out|
      out = out_processor.format out
      template_rows[name] ||= []
      template_rows[name] << out.gsub("\n", ";").gsub(/\s+/, " ")
    end
  end

  template_rows = template_rows.sort_by{|name, value| name.to_s}

  output = ''
  template_rows.each do |template|
    output << template.first.to_s << "\n\n"
    table = MarkdownTable.new(:headings => ['Output']) do |t|
      # template[1] is an array of calls
      template[1].each do |v|
        t.add_row [v]
      end
    end

    output << table.to_s << "\n\n"
  end

  output
end

#markdown_message(warning, message) ⇒ Object

Escape and code format warning message



143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/brakeman/report/report_markdown.rb', line 143

def markdown_message warning, message
  if warning.file
    github_url = github_url warning.file, warning.line
    message.gsub!(/(near line \d+)/, "[\\1](#{github_url})") if github_url
  end
  if warning.code
    code = warning.format_code
    message.gsub(code, "`#{code.gsub('`','``').gsub(/\A``|``\z/, '` `')}`")
  else
    message
  end
end

#render_array(template, headings, value_array, locals) ⇒ Object 



127
128
129
130
131
132
133
 
# File 'lib/brakeman/report/report_markdown.rb', line 127

def render_array template, headings, value_array, locals
  return if value_array.empty?

  MarkdownTable.new(:headings => headings) do |t|
    value_array.each { |value_row| t.add_row value_row }
  end
end