Class: Brakeman::Report::JUnit

Inherits:
Base
  • Object
show all
Defined in:
lib/brakeman/report/report_junit.rb

Constant Summary

Constants inherited from Base

Base::TEXT_CONFIDENCE

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP

Instance Attribute Summary

Attributes inherited from Base

#checks, #tracker

Instance Method Summary collapse

Methods inherited from Base

#absolute_paths?, #all_warnings, #context_for, #controller_information, #controller_warnings, #filter_warnings, #generic_warnings, #github_url, #ignored_warnings, #initialize, #model_warnings, #number_of_templates, #rails_version, #template_warnings, #warning_file, #warnings_summary

Methods included from Util

#array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #remove_kwsplat, #request_env?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Constructor Details

This class inherits a constructor from Brakeman::Report::Base

Instance Method Details

#generate_reportObject


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# File 'lib/brakeman/report/report_junit.rb', line 6

def generate_report
  io = StringIO.new
  doc = REXML::Document.new
  doc.add REXML::XMLDecl.new '1.0', 'UTF-8'

  test_suites = REXML::Element.new 'testsuites'
  test_suites.add_attribute 'xmlns:brakeman', 'https://brakemanscanner.org/'
  properties = test_suites.add_element 'brakeman:properties', { 'xml:id' => 'scan_info' }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'app_path', 'brakeman:value' => tracker.app_path }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'rails_version', 'brakeman:value' => rails_version }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'security_warnings', 'brakeman:value' => all_warnings.length }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'start_time', 'brakeman:value' => tracker.start_time.iso8601 }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'end_time', 'brakeman:value' => tracker.end_time.iso8601 }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'duration', 'brakeman:value' => tracker.duration }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'checks_performed', 'brakeman:value' => checks.checks_run.join(',') }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'number_of_controllers', 'brakeman:value' => tracker.controllers.length }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'number_of_models', 'brakeman:value' => tracker.models.length - 1 }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'ruby_version', 'brakeman:value' => number_of_templates(@tracker) }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'number_of_templates', 'brakeman:value' => RUBY_VERSION }
  properties.add_element 'brakeman:property', { 'brakeman:name' => 'brakeman_version', 'brakeman:value' => Brakeman::Version }

  errors = test_suites.add_element 'brakeman:errors'
  tracker.errors.each { |e|
    error = errors.add_element 'brakeman:error'
    error.add_attribute 'brakeman:message', e[:error]
    e[:backtrace].each { |b|
      backtrace = error.add_element 'brakeman:backtrace'
      backtrace.add_text b
    }
  }

  obsolete = test_suites.add_element 'brakeman:obsolete'
  tracker.unused_fingerprints.each { |fingerprint|
    obsolete.add_element 'brakeman:warning', { 'brakeman:fingerprint' => fingerprint }
  }

  ignored = test_suites.add_element 'brakeman:ignored'
  ignored_warnings.each { |w|
    warning = ignored.add_element 'brakeman:warning'
    warning.add_attribute 'brakeman:message', w.message
    warning.add_attribute 'brakeman:category', w.warning_type
    warning.add_attribute 'brakeman:file', warning_file(w)
    warning.add_attribute 'brakeman:line', w.line
    warning.add_attribute 'brakeman:fingerprint', w.fingerprint
    warning.add_attribute 'brakeman:confidence', TEXT_CONFIDENCE[w.confidence]
    warning.add_attribute 'brakeman:code', w.format_code
    warning.add_text w.to_s
  }

  hostname = `hostname`.strip
  i = 0
  all_warnings
    .map { |warning| [warning.file, [warning]] }
    .reduce({}) { |entries, entry|
      key, value = entry
      entries[key] = entries[key] ? entries[key].concat(value) : value
      entries
    }
    .each { |file, warnings|
      i += 1
      test_suite = test_suites.add_element 'testsuite'
      test_suite.add_attribute 'id', i
      test_suite.add_attribute 'package', 'brakeman'
      test_suite.add_attribute 'name', file.relative
      test_suite.add_attribute 'timestamp', tracker.start_time.strftime('%FT%T')
      test_suite.add_attribute 'hostname', hostname == '' ? 'localhost' : hostname
      test_suite.add_attribute 'tests', checks.checks_run.length
      test_suite.add_attribute 'failures', warnings.length
      test_suite.add_attribute 'errors', '0'
      test_suite.add_attribute 'time', '0'

      test_suite.add_element 'properties'

      warnings.each { |warning|
        test_case = test_suite.add_element 'testcase'
        test_case.add_attribute 'name', 'run_check'
        test_case.add_attribute 'classname', warning.check
        test_case.add_attribute 'time', '0'

        failure = test_case.add_element 'failure'
        failure.add_attribute 'message', warning.message
        failure.add_attribute 'type', warning.warning_type
        failure.add_attribute 'brakeman:fingerprint', warning.fingerprint
        failure.add_attribute 'brakeman:file', warning_file(warning)
        failure.add_attribute 'brakeman:line', warning.line
        failure.add_attribute 'brakeman:confidence', TEXT_CONFIDENCE[warning.confidence]
        failure.add_attribute 'brakeman:code', warning.format_code
        failure.add_text warning.to_s
      }

      test_suite.add_element 'system-out'
      test_suite.add_element 'system-err'
    }

  doc.add test_suites
  doc.write io
  io.string
end