Class: Brakeman::RescanReport

Inherits:
Object
  • Object
show all
Includes:
Util
Defined in:
lib/brakeman/rescanner.rb

Overview

Class to make reporting of rescan results simpler to deal with

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Util

#array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #remove_kwsplat, #request_env?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Constructor Details

#initialize(old_results, tracker) ⇒ RescanReport

Returns a new instance of RescanReport.


404
405
406
407
408
409
# File 'lib/brakeman/rescanner.rb', line 404

def initialize old_results, tracker
  @tracker = tracker
  @old_results = old_results
  @all_warnings = nil
  @diff = nil
end

Instance Attribute Details

#new_resultsObject (readonly)

Returns the value of attribute new_results


402
403
404
# File 'lib/brakeman/rescanner.rb', line 402

def new_results
  @new_results
end

#old_resultsObject (readonly)

Returns the value of attribute old_results


402
403
404
# File 'lib/brakeman/rescanner.rb', line 402

def old_results
  @old_results
end

Instance Method Details

#all_warningsObject

Returns an array of all warnings found


417
418
419
# File 'lib/brakeman/rescanner.rb', line 417

def all_warnings
  @all_warnings ||= @tracker.filtered_warnings
end

#any_warnings?Boolean

Returns true if any warnings were found (new or old)

Returns:

  • (Boolean)

412
413
414
# File 'lib/brakeman/rescanner.rb', line 412

def any_warnings?
  not all_warnings.empty?
end

#diffObject

Returns a hash of arrays for :new and :fixed warnings


439
440
441
# File 'lib/brakeman/rescanner.rb', line 439

def diff
  @diff ||= Brakeman::Differ.new(all_warnings, @old_results).diff
end

#existing_warningsObject

Returns an array of warnings which were in the old report and the new report


444
445
446
447
448
# File 'lib/brakeman/rescanner.rb', line 444

def existing_warnings
  @old ||= all_warnings.select do |w|
    not new_warnings.include? w
  end
end

#fixed_warningsObject

Returns an array of warnings which were in the old report but are not in the new report after rescanning


423
424
425
# File 'lib/brakeman/rescanner.rb', line 423

def fixed_warnings
  diff[:fixed]
end

#new_warningsObject

Returns an array of warnings which were in the new report but were not in the old report


429
430
431
# File 'lib/brakeman/rescanner.rb', line 429

def new_warnings
  diff[:new]
end

#to_s(verbose = false) ⇒ Object

Output total, fixed, and new warnings


451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
# File 'lib/brakeman/rescanner.rb', line 451

def to_s(verbose = false)
  Brakeman.load_brakeman_dependency 'terminal-table'

  if !verbose
    <<-OUTPUT
Total warnings: #{all_warnings.length}
Fixed warnings: #{fixed_warnings.length}
New warnings: #{new_warnings.length}
    OUTPUT
  else
    #Eventually move this to different method, or make default to_s
    out = ""

    {:fixed => fixed_warnings, :new => new_warnings, :existing => existing_warnings}.each do |warning_type, warnings|
      if warnings.length > 0
        out << "#{warning_type.to_s.titleize} warnings: #{warnings.length}\n"

        table = Terminal::Table.new(:headings => ["Confidence", "Class", "Method", "Warning Type", "Message"]) do |t|
          warnings.sort_by { |w| w.confidence}.each do |warning|
            w = warning.to_row

            w["Confidence"] = Brakeman::Report::TEXT_CONFIDENCE[w["Confidence"]]

            t << [w["Confidence"], w["Class"], w["Method"], w["Warning Type"], w["Message"]]
          end
        end
        out << truncate_table(table.to_s)
      end
    end

    out
  end
end

#warnings_changed?Boolean

Returns true if there are any new or fixed warnings

Returns:

  • (Boolean)

434
435
436
# File 'lib/brakeman/rescanner.rb', line 434

def warnings_changed?
  not (diff[:new].empty? and diff[:fixed].empty?)
end