class Brakeman::Warning

The Warning class stores information about warnings

Constants

CONFIDENCE
OPTIONS
TEXT_CONFIDENCE

Attributes

called_from[R]
check[R]
class[R]
code[RW]
confidence[R]
context[RW]
controller[R]
file[RW]
line[R]
message[RW]
method[R]
model[R]
template[R]
user_input[R]
user_input_type[R]
warning_code[R]
warning_set[R]
warning_type[R]

Public Class Methods

new(options = {}) click to toggle source

options[:result] can be a result from Tracker#find_call. Otherwise, it can be nil.

# File lib/brakeman/warning.rb, line 49
def initialize options = {}
  @view_name = nil

  OPTIONS.each do |key, var|
    self.instance_variable_set(var, options[key])
  end

  self.confidence = options[:confidence]

  result = options[:result]
  if result
    @code ||= result[:call]
    @file ||= result[:location][:file]

    if result[:location][:type] == :template #template result
      @template ||= result[:location][:template]
    else
      @class ||= result[:location][:class]
      @method ||= result[:location][:method]
    end
  end

  if @method.to_s =~ /^fake_filter\d+/
    @method = :before_filter
  end

  if @user_input.is_a? Brakeman::BaseCheck::Match
    @user_input_type = @user_input.type
    @user_input = @user_input.match
  elsif @user_input == false
    @user_input = nil
  end

  if not @line
    if @user_input and @user_input.respond_to? :line
      @line = @user_input.line
    elsif @code and @code.respond_to? :line
      @line = @code.line
    end
  end

  if @gem_info
    if @gem_info.is_a? Hash
      @line ||= @gem_info[:line]
      @file ||= @gem_info[:file]
    else
      # Fallback behavior returns just a string for the file name
      @file ||= @gem_info
    end
  end

  unless @warning_set
    if self.model
      @warning_set = :model
      @file ||= self.model.file
    elsif self.template
      @warning_set = :template
      @called_from = self.template.render_path
      @file ||= self.template.file
    elsif self.controller
      @warning_set = :controller
    else
      @warning_set = :warning
    end
  end

  if options[:warning_code]
    @warning_code = Brakeman::WarningCodes.code options[:warning_code]
  else
    @warning_code = nil
  end

  Brakeman.debug("Warning created without warning code: #{options[:warning_code]}") unless @warning_code

  if options[:message].is_a? String
    @message = Brakeman::Messages::Message.new(options[:message])
  end

  @format_message = nil
  @row = nil
end

Public Instance Methods

check_name() click to toggle source
# File lib/brakeman/warning.rb, line 278
def check_name
  @check_name ||= self.check.sub(/^Brakeman::Check/, '')
end
confidence=(conf) click to toggle source
# File lib/brakeman/warning.rb, line 139
def confidence= conf
  @confidence = case conf
                when Integer
                  conf
                when Symbol
                  CONFIDENCE[conf]
                else
                  raise "Could not set confidence to `#{conf}`"
                end

  raise "Could not set confidence to `#{conf}`" unless @confidence
  raise "Invalid confidence: `#{@confidence}`" unless TEXT_CONFIDENCE[@confidence]
end
confidence_name() click to toggle source
# File lib/brakeman/warning.rb, line 282
def confidence_name
  TEXT_CONFIDENCE[self.confidence]
end
eql?(other_warning) click to toggle source
# File lib/brakeman/warning.rb, line 135
def eql? other_warning
  self.hash == other_warning.hash
end
fingerprint() click to toggle source
# File lib/brakeman/warning.rb, line 248
def fingerprint
  loc = self.location
  location_string = loc && loc.sort_by { |k, v| k.to_s }.inspect
  warning_code_string = sprintf("%03d", @warning_code)
  code_string = @code.inspect

  Digest::SHA2.new(256).update("#{warning_code_string}#{code_string}#{location_string}#{self.file.relative}#{self.confidence}").to_s
end
format_code(strip = true) click to toggle source

Return String of the code output from the OutputProcessor and stripped of newlines and tabs.

# File lib/brakeman/warning.rb, line 164
def format_code strip = true
  format_ruby self.code, strip
end
format_message() click to toggle source

Return formatted warning message

# File lib/brakeman/warning.rb, line 185
def format_message
  return @format_message if @format_message

  @format_message = self.message.to_s.dup

  if self.line
    @format_message << " near line #{self.line}"
  end

  if self.code
    @format_message << ": #{format_code}"
  end

  @format_message
end
format_user_input(strip = true) click to toggle source

Return String of the user input formatted and stripped of newlines and tabs.

# File lib/brakeman/warning.rb, line 170
def format_user_input strip = true
  format_ruby self.user_input, strip
end
format_with_user_input(strip = true, &block) click to toggle source
# File lib/brakeman/warning.rb, line 174
def format_with_user_input strip = true, &block
  if self.user_input
    formatted = Brakeman::OutputProcessor.new.format(code, self.user_input, &block)
    formatted.gsub!(/(\t|\r|\n)+/, " ") if strip
    formatted
  else
    format_code
  end
end
hash() click to toggle source
# File lib/brakeman/warning.rb, line 131
def hash
  self.to_s.hash
end
location(include_renderer = true) click to toggle source
# File lib/brakeman/warning.rb, line 257
def location include_renderer = true
  case @warning_set
  when :template
    { :type => :template, :template => self.view_name(include_renderer) }
  when :model
    { :type => :model, :model => self.model.name }
  when :controller
    { :type => :controller, :controller => self.controller }
  when :warning
    if self.class
      { :type => :method, :class => self.class, :method => self.method }
    else
      nil
    end
  end
end
relative_path() click to toggle source
# File lib/brakeman/warning.rb, line 274
def relative_path
  self.file.relative
end
to_hash(absolute_paths: true) click to toggle source
# File lib/brakeman/warning.rb, line 286
def to_hash absolute_paths: true
  if self.called_from and not absolute_paths
    render_path = self.called_from.with_relative_paths
  else
    render_path = self.called_from
  end

  { :warning_type => self.warning_type,
    :warning_code => @warning_code,
    :fingerprint => self.fingerprint,
    :check_name => self.check_name,
    :message => self.message.to_s,
    :file => (absolute_paths ? self.file.absolute : self.file.relative),
    :line => self.line,
    :link => self.link,
    :code => (@code && self.format_code(false)),
    :render_path => render_path,
    :location => self.location(false),
    :user_input => (@user_input && self.format_user_input(false)),
    :confidence => self.confidence_name
  }
end
to_json() click to toggle source
# File lib/brakeman/warning.rb, line 309
def to_json
  JSON.generate self.to_hash
end
to_row(type = :warning) click to toggle source

Generates a hash suitable for inserting into a table

# File lib/brakeman/warning.rb, line 219
def to_row type = :warning
  @row = { "Confidence" => TEXT_CONFIDENCE[self.confidence],
    "Warning Type" => self.warning_type.to_s,
    "Message" => self.message }

  case type
  when :template
    @row["Template"] = self.view_name.to_s
  when :model
    @row["Model"] = self.model.name.to_s
  when :controller
    @row["Controller"] = self.controller.to_s
  when :warning
    @row["Class"] = self.class.to_s
    @row["Method"] = self.method.to_s
  end

  @row
end
to_s() click to toggle source
# File lib/brakeman/warning.rb, line 239
def to_s
 output =  "(#{TEXT_CONFIDENCE[self.confidence]}) #{self.warning_type} - #{self.message}"
 output << " near line #{self.line}" if self.line
 output << " in #{self.file.relative}" if self.file
 output << ": #{self.format_code}" if self.code

 output
end
view_name(include_renderer = true) click to toggle source

Returns name of a view, including where it was rendered from

# File lib/brakeman/warning.rb, line 154
def view_name(include_renderer = true)
  if called_from and include_renderer
    @view_name = "#{template.name} (#{called_from.last})"
  else
    @view_name = template.name
  end
end

Private Instance Methods

format_ruby(code, strip) click to toggle source
# File lib/brakeman/warning.rb, line 315
def format_ruby code, strip
  formatted = Brakeman::OutputProcessor.new.format(code)
  formatted.gsub!(/(\t|\r|\n)+/, " ") if strip
  formatted
end