Class: Brakeman::Report::Text

Inherits:
Base
  • Object
show all
Defined in:
lib/brakeman/report/report_text.rb

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS

Instance Attribute Summary

Attributes inherited from Base

#checks, #tracker

Instance Method Summary collapse

Methods inherited from Base

#absolute_paths?, #all_warnings, #context_for, #controller_information, #controller_warnings, #filter_warnings, #generic_warnings, #github_url, #ignored_warnings, #initialize, #model_warnings, #number_of_templates, #rails_version, #template_warnings, #warning_file, #warnings_summary

Methods included from Util

#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Constructor Details

This class inherits a constructor from Brakeman::Report::Base

Instance Method Details

#add_chunk(chunk, out = @output_string) ⇒ Object 



26
27
28
29
30
31
32
33
34
 
# File 'lib/brakeman/report/report_text.rb', line 26

def add_chunk chunk, out = @output_string
  if chunk and not chunk.empty?
    if chunk.is_a? Array
      chunk = chunk.join("\n")
    end

    out << chunk << "\n\n"
  end
end

#confidence(c) ⇒ Object 



206
207
208
209
210
211
212
213
214
215
 
# File 'lib/brakeman/report/report_text.rb', line 206

def confidence c
  case c
  when 0
    HighLine.new.color("High", :red)
  when 1
    HighLine.new.color("Medium", :yellow)
  when 2
    HighLine.new.color("Weak", :none)
  end
end

#double_space(title, values) ⇒ Object 



191
192
193
194
 
# File 'lib/brakeman/report/report_text.rb', line 191

def double_space title, values
  values = values.map { |v| v.join("\n") }.join("\n\n")
  [header(title), values]
end

#format_code(w) ⇒ Object 



196
197
198
199
200
201
202
203
204
 
# File 'lib/brakeman/report/report_text.rb', line 196

def format_code w
  if @highlight_user_input and w.user_input
    w.format_with_user_input do |exp, text|
      HighLine.new.color(text, :yellow)
    end
  else
    w.format_code
  end
end

#format_line(w, option) ⇒ Object 



156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
 
# File 'lib/brakeman/report/report_text.rb', line 156

def format_line w, option
  case option
  when :confidence
    label('Confidence', confidence(w.confidence))
  when :category
    label('Category', w.warning_type.to_s)
  when :cwe
    label('CWE', w.cwe_id.join(', '))
  when :check
    label('Check', w.check_name)
  when :message
    label('Message', w.message)
  when :code
    if w.code
      label('Code', format_code(w))
    end
  when :file
    label('File', warning_file(w))
  when :line
    if w.line
      label('Line', w.line)
    end
  when :link
    label('Link', w.link)
  when :fingerprint
    label('Fingerprint', w.fingerprint)
  when :category_id
    label('Category ID', w.warning_code)
  when :render_path
    if w.called_from
      label('Render Path', w.called_from.join(" > "))
    end
  end
end

#generate_controllersObject 



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/brakeman/report/report_text.rb', line 36

def generate_controllers
  double_space "Controller Overview", controller_information.map { |ci|
    controller = [
      label("Controller", ci["Name"]),
      label("Parent", ci["Parent"]),
      label("Routes", ci["Routes"])
    ]

    if ci["Includes"] and not ci["Includes"].empty?
      controller.insert(2, label("Includes", ci["Includes"]))
    end

    controller
  }
end

#generate_errorsObject 



104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
# File 'lib/brakeman/report/report_text.rb', line 104

def generate_errors
  return if tracker.errors.empty?
  full_trace = tracker.options[:debug]

  errors = tracker.errors.map do |e|
    trace = if full_trace
      e[:backtrace].join("\n")
    else
      e[:backtrace][0]
    end

    [
      label("Error", e[:error]),
      label("Location", trace)
    ]
  end

  double_space "Errors", errors
end

#generate_headerObject 



52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/brakeman/report/report_text.rb', line 52

def generate_header
  [
    header("Brakeman Report"),
    label("Application Path", tracker.app_path),
    label("Rails Version", rails_version),
    label("Brakeman Version", Brakeman::Version),
    label("Scan Date", tracker.start_time),
    label("Duration", "#{tracker.duration} seconds"),
    label("Checks Run", checks.checks_run.sort.join(", "))
  ]
end

#generate_obsoleteObject 



124
125
126
127
128
 
# File 'lib/brakeman/report/report_text.rb', line 124

def generate_obsolete
  return if tracker.unused_fingerprints.empty?

  [header("Obsolete Ignore Entries")] + tracker.unused_fingerprints
end

#generate_overviewObject 



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/brakeman/report/report_text.rb', line 64

def generate_overview
  overview = [
    header("Overview"),
    label('Controllers', tracker.controllers.length),
    label('Models', tracker.models.length - 1),
    label('Templates', number_of_templates(@tracker)),
    label('Errors', tracker.errors.length),
    label('Security Warnings', all_warnings.length)
  ]

  unless ignored_warnings.empty?
    overview << label('Ignored Warnings', ignored_warnings.length)
  end

  overview
end

#generate_reportObject 



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/brakeman/report/report_text.rb', line 4

def generate_report
  HighLine.use_color = !!tracker.options[:output_color]
  summary_option = tracker.options[:summary_only]
  @output_string = "\n"

  unless summary_option == :no_summary
    add_chunk generate_header
    add_chunk generate_overview
    add_chunk generate_warning_overview
  end

  if summary_option == :summary_only or summary_option == true
    return @output_string
  end

  add_chunk generate_controllers if tracker.options[:debug] or tracker.options[:report_routes]
  add_chunk generate_templates if tracker.options[:debug]
  add_chunk generate_obsolete
  add_chunk generate_errors
  add_chunk generate_warnings
end

#generate_templatesObject 



130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'lib/brakeman/report/report_text.rb', line 130

def generate_templates
  out_processor = Brakeman::OutputProcessor.new

  template_rows = {}
  tracker.templates.each do |name, template|
    template.each_output do |out|
      out = out_processor.format out
      template_rows[name] ||= []
      template_rows[name] << out.gsub("\n", ";").gsub(/\s+/, " ")
    end
  end

  double_space "Template Output", template_rows.sort_by { |name, value| name.to_s }.map { |template|
    [HighLine.new.color("#{template.first}\n", :cyan)] + template[1]
  }.compact
end

#generate_warning_overviewObject 



81
82
83
84
85
86
87
88
 
# File 'lib/brakeman/report/report_text.rb', line 81

def generate_warning_overview
  warning_types = warnings_summary
  warning_types.delete :high_confidence

  warning_types.sort_by { |t, c| t }.map do |type, count|
    label(type, count)
  end.unshift(header('Warning Types'))
end

#generate_warningsObject 



90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/brakeman/report/report_text.rb', line 90

def generate_warnings
  if tracker.filtered_warnings.empty?
    HighLine.color("No warnings found", :bold, :green)
  else
    warnings = tracker.filtered_warnings.sort_by do |w|
      [w.confidence, w.warning_type, w.file, w.line || 0, w.fingerprint]
    end.map do |w|
      output_warning w
    end

    double_space "Warnings", warnings
  end
end

#header(text) ⇒ Object 



221
222
223
 
# File 'lib/brakeman/report/report_text.rb', line 221

def header text
  HighLine.new.color("== #{text} ==\n", :bold, :magenta)
end

#label(l, value, color = :green) ⇒ Object 



217
218
219
 
# File 'lib/brakeman/report/report_text.rb', line 217

def label l, value, color = :green
  "#{HighLine.new.color(l, color)}: #{value}"
end

#output_warning(w) ⇒ Object 



147
148
149
150
151
152
153
154
 
# File 'lib/brakeman/report/report_text.rb', line 147

def output_warning w
  text_format = tracker.options[:text_fields] ||
    [:confidence, :category, :check, :message, :code, :file, :line]

  text_format.map do |option|
    format_line(w, option)
  end.compact
end

#render_array(name, cols, values, locals) ⇒ Object

ONLY used for generate_controllers to avoid duplication



226
227
228
229
230
231
232
233
234
235
 
# File 'lib/brakeman/report/report_text.rb', line 226

def render_array name, cols, values, locals
  controllers = values.map do |controller_name, parent, includes, routes|
    c = [ label("Controller", controller_name) ]
    c << label("Parent", parent) unless parent.empty?
    c << label("Includes", includes) unless includes.empty?
    c << label("Routes", routes)
  end

  double_space "Controller Overview", controllers
end