Class: Brakeman::Warning

Inherits:
Object show all
Defined in:
lib/brakeman/warning.rb

Overview

The Warning class stores information about warnings

Constant Summary

TEXT_CONFIDENCE =
[ "High", "Medium", "Weak" ]

Instance Attribute Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (Warning) initialize(options = {})

options can be a result from Tracker#find_call. Otherwise, it can be nil.



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# File 'lib/brakeman/warning.rb', line 16

def initialize options = {}
  @view_name = nil

  [:called_from, :check, :class, :code, :confidence, :controller, :file, :line, :link_path,
    :message, :method, :model, :relative_path, :template, :user_input, :warning_set, :warning_type].each do |option|

    self.instance_variable_set("@#{option}", options[option])
  end

  result = options[:result]
  if result
    @code ||= result[:call]
    @file ||= result[:location][:file]

    if result[:location][:type] == :template #template result
      @template ||= result[:location][:template]
    else
      @class ||= result[:location][:class]
      @method ||= result[:location][:method]
    end
  end

  if not @line
    if @user_input and @user_input.respond_to? :line
      @line = @user_input.line
    elsif @code and @code.respond_to? :line
      @line = @code.line
    end
  end

  unless @warning_set
    if self.model
      @warning_set = :model
    elsif self.template
      @warning_set = :template
      @called_from = self.template[:caller]
    elsif self.controller
      @warning_set = :controller
    else
      @warning_set = :warning
    end
  end

  if options[:warning_code]
    @warning_code = Brakeman::WarningCodes.code options[:warning_code]
  end

  Brakeman.debug("Warning created without warning code: #{options[:warning_code]}") unless @warning_code

  @format_message = nil
  @row = nil
end

Instance Attribute Details

- (Object) called_from (readonly)

Returns the value of attribute called_from



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def called_from
  @called_from
end

- (Object) check (readonly)

Returns the value of attribute check



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def check
  @check
end

- (Object) class (readonly)

Returns the value of attribute class



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def class
  @class
end

- (Object) code

Returns the value of attribute code



11
12
13
# File 'lib/brakeman/warning.rb', line 11

def code
  @code
end

- (Object) confidence (readonly)

Returns the value of attribute confidence



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def confidence
  @confidence
end

- (Object) context

Returns the value of attribute context



11
12
13
# File 'lib/brakeman/warning.rb', line 11

def context
  @context
end

- (Object) controller (readonly)

Returns the value of attribute controller



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def controller
  @controller
end

- (Object) file

Returns the value of attribute file



11
12
13
# File 'lib/brakeman/warning.rb', line 11

def file
  @file
end

- (Object) line (readonly)

Returns the value of attribute line



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def line
  @line
end

- (Object) message

Returns the value of attribute message



11
12
13
# File 'lib/brakeman/warning.rb', line 11

def message
  @message
end

- (Object) method (readonly)

Returns the value of attribute method



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def method
  @method
end

- (Object) model (readonly)

Returns the value of attribute model



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def model
  @model
end

- (Object) relative_path

Returns the value of attribute relative_path



11
12
13
# File 'lib/brakeman/warning.rb', line 11

def relative_path
  @relative_path
end

- (Object) template (readonly)

Returns the value of attribute template



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def template
  @template
end

- (Object) user_input (readonly)

Returns the value of attribute user_input



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def user_input
  @user_input
end

- (Object) warning_code (readonly)

Returns the value of attribute warning_code



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def warning_code
  @warning_code
end

- (Object) warning_set (readonly)

Returns the value of attribute warning_set



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def warning_set
  @warning_set
end

- (Object) warning_type (readonly)

Returns the value of attribute warning_type



7
8
9
# File 'lib/brakeman/warning.rb', line 7

def warning_type
  @warning_type
end

Instance Method Details

- (Boolean) eql?(other_warning)



73
74
75
# File 'lib/brakeman/warning.rb', line 73

def eql? other_warning
  self.hash == other_warning.hash
end

- (Object) fingerprint



163
164
165
166
167
168
169
170
# File 'lib/brakeman/warning.rb', line 163

def fingerprint
  loc = self.location
  location_string = loc && loc.sort_by { |k, v| k.to_s }.inspect
  warning_code_string = sprintf("%03d", @warning_code)
  code_string = @code.inspect

  Digest::SHA2.new(256).update("#{warning_code_string}#{code_string}#{location_string}#{@relative_path}#{self.confidence}").to_s
end

- (Object) format_code(strip = true)

Return String of the code output from the OutputProcessor and stripped of newlines and tabs.



89
90
91
# File 'lib/brakeman/warning.rb', line 89

def format_code strip = true
  format_ruby self.code, strip
end

- (Object) format_message

Return formatted warning message



100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# File 'lib/brakeman/warning.rb', line 100

def format_message
  return @format_message if @format_message

  @format_message = self.message.dup

  if self.line
    @format_message << " near line #{self.line}"
  end

  if self.code
    @format_message << ": #{format_code}"
  end

  @format_message
end

- (Object) format_user_input(strip = true)

Return String of the user input formatted and stripped of newlines and tabs.



95
96
97
# File 'lib/brakeman/warning.rb', line 95

def format_user_input strip = true
  format_ruby self.user_input, strip
end

- (Object) hash



69
70
71
# File 'lib/brakeman/warning.rb', line 69

def hash
  self.to_s.hash
end


116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# File 'lib/brakeman/warning.rb', line 116

def link
  return @link if @link

  if @link_path
    if @link_path.start_with? "http"
      @link = @link_path
    else
      @link = "http://brakemanscanner.org/docs/warning_types/#{@link_path}"
    end
  else
    warning_path = self.warning_type.to_s.downcase.gsub(/\s+/, '_') + "/"
    @link = "http://brakemanscanner.org/docs/warning_types/#{warning_path}"
  end

  @link
end

- (Object) location



172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
# File 'lib/brakeman/warning.rb', line 172

def location
  case @warning_set
  when :template
    location = { :type => :template, :template => self.view_name }
  when :model
    location = { :type => :model, :model => self.model }
  when :controller
    location = { :type => :controller, :controller => self.controller }
  when :warning
    if self.class
      location = { :type => :method, :class => self.class, :method => self.method }
    else
      location = nil
    end
  end
end

- (Object) to_hash



189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
# File 'lib/brakeman/warning.rb', line 189

def to_hash
  { :warning_type => self.warning_type,
    :warning_code => @warning_code,
    :fingerprint => self.fingerprint,
    :message => self.message,
    :file => self.file,
    :line => self.line,
    :link => self.link,
    :code => (@code && self.format_code(false)),
    :render_path => self.called_from,
    :location => self.location,
    :user_input => (@user_input && self.format_user_input(false)),
    :confidence => TEXT_CONFIDENCE[self.confidence]
  }
end

- (Object) to_json



205
206
207
# File 'lib/brakeman/warning.rb', line 205

def to_json
  MultiJson.dump self.to_hash
end

- (Object) to_row(type = :warning)

Generates a hash suitable for inserting into a table



134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# File 'lib/brakeman/warning.rb', line 134

def to_row type = :warning
  @row = { "Confidence" => self.confidence,
    "Warning Type" => self.warning_type.to_s,
    "Message" => self.format_message }

  case type
  when :template
    @row["Template"] = self.view_name.to_s
  when :model
    @row["Model"] = self.model.to_s
  when :controller
    @row["Controller"] = self.controller.to_s
  when :warning
    @row["Class"] = self.class.to_s
    @row["Method"] = self.method.to_s
  end

  @row
end

- (Object) to_s



154
155
156
157
158
159
160
161
# File 'lib/brakeman/warning.rb', line 154

def to_s
 output =  "(#{TEXT_CONFIDENCE[self.confidence]}) #{self.warning_type} - #{self.message}"
 output << " near line #{self.line}" if self.line
 output << " in #{self.file}" if self.file
 output << ": #{self.format_code}" if self.code

 output
end

- (Object) view_name

Returns name of a view, including where it was rendered from



78
79
80
81
82
83
84
85
# File 'lib/brakeman/warning.rb', line 78

def view_name
  return @view_name if @view_name
  if called_from
    @view_name = "#{template[:name]} (#{called_from.last})"
  else
    @view_name = template[:name]
  end
end