Class: Brakeman::Warning

Inherits:

Object

• Object
• Brakeman::Warning

Defined in:

lib/brakeman/warning.rb

Overview

The Warning class stores information about warnings

Constant Summary

TEXT_CONFIDENCE =

{
  0 => "High",
  1 => "Medium",
  2 => "Weak",
}

CONFIDENCE =

{
  :high => 0,
  :med => 1,
  :medium => 1,
  :low => 2,
  :weak => 2,
}

OPTIONS =

{
  :called_from => :@called_from,
  :check => :@check,
  :class => :@class,
  :code => :@code,
  :controller => :@controller,
  :file => :@file,
  :gem_info => :@gem_info,
  :line => :@line,
  :link_path => :@link_path,
  :message => :@message,
  :method => :@method,
  :model => :@model,
  :relative_path => :@relative_path,
  :template => :@template,
  :user_input => :@user_input,
  :warning_set => :@warning_set,
  :warning_type => :@warning_type,
}

Instance Attribute Summary

• #called_from ⇒ Object readonly

  Returns the value of attribute called_from.

• #check ⇒ Object readonly

  Returns the value of attribute check.

• #class ⇒ Object readonly

  Returns the value of attribute class.

• #code ⇒ Object

  Returns the value of attribute code.

• #confidence ⇒ Object

  Returns the value of attribute confidence.

• #context ⇒ Object

  Returns the value of attribute context.

• #controller ⇒ Object readonly

  Returns the value of attribute controller.

• #file ⇒ Object

  Returns the value of attribute file.

• #line ⇒ Object readonly

  Returns the value of attribute line.

• #message ⇒ Object

  Returns the value of attribute message.

• #method ⇒ Object readonly

  Returns the value of attribute method.

• #model ⇒ Object readonly

  Returns the value of attribute model.

• #relative_path ⇒ Object

  Returns the value of attribute relative_path.

• #template ⇒ Object readonly

  Returns the value of attribute template.

• #user_input ⇒ Object readonly

  Returns the value of attribute user_input.

• #user_input_type ⇒ Object readonly

  Returns the value of attribute user_input_type.

• #warning_code ⇒ Object readonly

  Returns the value of attribute warning_code.

• #warning_set ⇒ Object readonly

  Returns the value of attribute warning_set.

• #warning_type ⇒ Object readonly

  Returns the value of attribute warning_type.

Instance Method Summary

• #eql?(other_warning) ⇒ Boolean
• #fingerprint ⇒ Object
• #format_code(strip = true) ⇒ Object

  Return String of the code output from the OutputProcessor and stripped of newlines and tabs.

• #format_message ⇒ Object

  Return formatted warning message.

• #format_user_input(strip = true) ⇒ Object

  Return String of the user input formatted and stripped of newlines and tabs.

• #format_with_user_input(strip = true, &block) ⇒ Object
• #hash ⇒ Object
• #initialize(options = {}) ⇒ Warning constructor

  options[:result] can be a result from Tracker#find_call.

• #link ⇒ Object
• #location(include_renderer = true) ⇒ Object
• #to_hash ⇒ Object
• #to_json ⇒ Object
• #to_row(type = :warning) ⇒ Object

  Generates a hash suitable for inserting into a table.

• #to_s ⇒ Object
• #view_name(include_renderer = true) ⇒ Object

  Returns name of a view, including where it was rendered from.

Constructor Details

#initialize(options = {}) ⇒ Warning

options[:result] can be a result from Tracker#find_call. Otherwise, it can be nil.

# File 'lib/brakeman/warning.rb', line 48

def initialize options = {}
  @view_name = nil

  OPTIONS.each do |key, var|
    self.instance_variable_set(var, options[key])
  end

  self.confidence = options[:confidence]

  result = options[:result]
  if result
    @code ||= result[:call]
    @file ||= result[:location][:file]

    if result[:location][:type] == :template #template result
      @template ||= result[:location][:template]
    else
      @class ||= result[:location][:class]
      @method ||= result[:location][:method]
    end
  end

  if @method.to_s =~ /^fake_filter\d+/
    @method = :before_filter
  end

  if @user_input.is_a? Brakeman::BaseCheck::Match
    @user_input_type = @user_input.type
    @user_input = @user_input.match
  elsif @user_input == false
    @user_input = nil
  end

  if not @line
    if @user_input and @user_input.respond_to? :line
      @line = @user_input.line
    elsif @code and @code.respond_to? :line
      @line = @code.line
    end
  end

  if @gem_info
    if @gem_info.is_a? Hash
      @line ||= @gem_info[:line]
      @file ||= @gem_info[:file]
    else
      # Fallback behavior returns just a string for the file name
      @file ||= @gem_info
    end
  end

  unless @warning_set
    if self.model
      @warning_set = :model
    elsif self.template
      @warning_set = :template
      @called_from = self.template.render_path
    elsif self.controller
      @warning_set = :controller
    else
      @warning_set = :warning
    end
  end

  if options[:warning_code]
    @warning_code = Brakeman::WarningCodes.code options[:warning_code]
  end

  Brakeman.debug("Warning created without warning code: #{options[:warning_code]}") unless @warning_code

  @format_message = nil
  @row = nil
end

Instance Attribute Details

#called_from ⇒ Object (readonly)

Returns the value of attribute called_from.

# File 'lib/brakeman/warning.rb', line 7

def called_from
  @called_from
end

#check ⇒ Object (readonly)

Returns the value of attribute check.

# File 'lib/brakeman/warning.rb', line 7

def check
  @check
end

#class ⇒ Object (readonly)

Returns the value of attribute class.

# File 'lib/brakeman/warning.rb', line 7

def class
  @class
end

#code ⇒ Object

Returns the value of attribute code.

# File 'lib/brakeman/warning.rb', line 11

def code
  @code
end

#confidence ⇒ Object

Returns the value of attribute confidence.

# File 'lib/brakeman/warning.rb', line 7

def confidence
  @confidence
end

#context ⇒ Object

Returns the value of attribute context.

# File 'lib/brakeman/warning.rb', line 11

def context
  @context
end

#controller ⇒ Object (readonly)

Returns the value of attribute controller.

# File 'lib/brakeman/warning.rb', line 7

def controller
  @controller
end

#file ⇒ Object

Returns the value of attribute file.

# File 'lib/brakeman/warning.rb', line 11

def file
  @file
end

#line ⇒ Object (readonly)

Returns the value of attribute line.

# File 'lib/brakeman/warning.rb', line 7

def line
  @line
end

#message ⇒ Object

Returns the value of attribute message.

# File 'lib/brakeman/warning.rb', line 11

def message
  @message
end

#method ⇒ Object (readonly)

Returns the value of attribute method.

# File 'lib/brakeman/warning.rb', line 7

def method
  @method
end

#model ⇒ Object (readonly)

Returns the value of attribute model.

# File 'lib/brakeman/warning.rb', line 7

def model
  @model
end

#relative_path ⇒ Object

Returns the value of attribute relative_path.

# File 'lib/brakeman/warning.rb', line 11

def relative_path
  @relative_path
end

#template ⇒ Object (readonly)

Returns the value of attribute template.

# File 'lib/brakeman/warning.rb', line 7

def template
  @template
end

#user_input ⇒ Object (readonly)

Returns the value of attribute user_input.

# File 'lib/brakeman/warning.rb', line 7

def user_input
  @user_input
end

#user_input_type ⇒ Object (readonly)

Returns the value of attribute user_input_type.

# File 'lib/brakeman/warning.rb', line 7

def user_input_type
  @user_input_type
end

#warning_code ⇒ Object (readonly)

Returns the value of attribute warning_code.

# File 'lib/brakeman/warning.rb', line 7

def warning_code
  @warning_code
end

#warning_set ⇒ Object (readonly)

Returns the value of attribute warning_set.

# File 'lib/brakeman/warning.rb', line 7

def warning_set
  @warning_set
end

#warning_type ⇒ Object (readonly)

Returns the value of attribute warning_type.

# File 'lib/brakeman/warning.rb', line 7

def warning_type
  @warning_type
end

Instance Method Details

#eql?(other_warning) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/brakeman/warning.rb', line 126

def eql? other_warning
  self.hash == other_warning.hash
end

#fingerprint ⇒ Object

# File 'lib/brakeman/warning.rb', line 239

def fingerprint
  loc = self.location
  location_string = loc && loc.sort_by { |k, v| k.to_s }.inspect
  warning_code_string = sprintf("%03d", @warning_code)
  code_string = @code.inspect

  Digest::SHA2.new(256).update("#{warning_code_string}#{code_string}#{location_string}#{@relative_path}#{self.confidence}").to_s
end

#format_code(strip = true) ⇒ Object

Return String of the code output from the OutputProcessor and stripped of newlines and tabs.

# File 'lib/brakeman/warning.rb', line 155

def format_code strip = true
  format_ruby self.code, strip
end

#format_message ⇒ Object

Return formatted warning message

# File 'lib/brakeman/warning.rb', line 176

def format_message
  return @format_message if @format_message

  @format_message = self.message.dup

  if self.line
    @format_message << " near line #{self.line}"
  end

  if self.code
    @format_message << ": #{format_code}"
  end

  @format_message
end

#format_user_input(strip = true) ⇒ Object

Return String of the user input formatted and stripped of newlines and tabs.

# File 'lib/brakeman/warning.rb', line 161

def format_user_input strip = true
  format_ruby self.user_input, strip
end

#format_with_user_input(strip = true, &block) ⇒ Object

# File 'lib/brakeman/warning.rb', line 165

def format_with_user_input strip = true, &block
  if self.user_input
    formatted = Brakeman::OutputProcessor.new.format(code, self.user_input, &block)
    formatted.gsub!(/(\t|\r|\n)+/, " ") if strip
    formatted
  else
    format_code
  end
end

#hash ⇒ Object

# File 'lib/brakeman/warning.rb', line 122

def hash
  self.to_s.hash
end

#link ⇒ Object

# File 'lib/brakeman/warning.rb', line 192

def link
  return @link if @link

  if @link_path
    if @link_path.start_with? "http"
      @link = @link_path
    else
      @link = "https://brakemanscanner.org/docs/warning_types/#{@link_path}"
    end
  else
    warning_path = self.warning_type.to_s.downcase.gsub(/\s+/, '_') + "/"
    @link = "https://brakemanscanner.org/docs/warning_types/#{warning_path}"
  end

  @link
end

#location(include_renderer = true) ⇒ Object

# File 'lib/brakeman/warning.rb', line 248

def location include_renderer = true
  case @warning_set
  when :template
    location = { :type => :template, :template => self.view_name(include_renderer) }
  when :model
    location = { :type => :model, :model => self.model }
  when :controller
    location = { :type => :controller, :controller => self.controller }
  when :warning
    if self.class
      location = { :type => :method, :class => self.class, :method => self.method }
    else
      location = nil
    end
  end
end

#to_hash ⇒ Object

# File 'lib/brakeman/warning.rb', line 265

def to_hash
  { :warning_type => self.warning_type,
    :warning_code => @warning_code,
    :fingerprint => self.fingerprint,
    :check_name => self.check.gsub(/^Brakeman::Check/, ''),
    :message => self.message,
    :file => self.file,
    :line => self.line,
    :link => self.link,
    :code => (@code && self.format_code(false)),
    :render_path => self.called_from,
    :location => self.location(false),
    :user_input => (@user_input && self.format_user_input(false)),
    :confidence => TEXT_CONFIDENCE[self.confidence]
  }
end

#to_json ⇒ Object

# File 'lib/brakeman/warning.rb', line 282

def to_json
  JSON.generate self.to_hash
end

#to_row(type = :warning) ⇒ Object

Generates a hash suitable for inserting into a table

# File 'lib/brakeman/warning.rb', line 210

def to_row type = :warning
  @row = { "Confidence" => self.confidence,
    "Warning Type" => self.warning_type.to_s,
    "Message" => self.format_message }

  case type
  when :template
    @row["Template"] = self.view_name.to_s
  when :model
    @row["Model"] = self.model.to_s
  when :controller
    @row["Controller"] = self.controller.to_s
  when :warning
    @row["Class"] = self.class.to_s
    @row["Method"] = self.method.to_s
  end

  @row
end

#to_s ⇒ Object

# File 'lib/brakeman/warning.rb', line 230

def to_s
 output =  "(#{TEXT_CONFIDENCE[self.confidence]}) #{self.warning_type} - #{self.message}"
 output << " near line #{self.line}" if self.line
 output << " in #{self.file}" if self.file
 output << ": #{self.format_code}" if self.code

 output
end

#view_name(include_renderer = true) ⇒ Object

Returns name of a view, including where it was rendered from

# File 'lib/brakeman/warning.rb', line 145

def view_name(include_renderer = true)
  if called_from and include_renderer
    @view_name = "#{template.name} (#{called_from.last})"
  else
    @view_name = template.name
  end
end