class Brakeman::Warning
The Warning
class stores information about warnings
Constants
- CONFIDENCE
- OPTIONS
- TEXT_CONFIDENCE
Attributes
called_from[R]
check[R]
class[R]
code[RW]
confidence[R]
context[RW]
controller[R]
file[RW]
line[R]
message[RW]
method[R]
model[R]
template[R]
user_input[R]
user_input_type[R]
warning_code[R]
warning_set[R]
warning_type[R]
Public Class Methods
new(options = {})
click to toggle source
options[:result]
can be a result from Tracker#find_call. Otherwise, it can be nil
.
# File lib/brakeman/warning.rb, line 49 def initialize options = {} @view_name = nil OPTIONS.each do |key, var| self.instance_variable_set(var, options[key]) end self.confidence = options[:confidence] result = options[:result] if result @code ||= result[:call] @file ||= result[:location][:file] if result[:location][:type] == :template #template result @template ||= result[:location][:template] else @class ||= result[:location][:class] @method ||= result[:location][:method] end end if @method.to_s =~ /^fake_filter\d+/ @method = :before_filter end if @user_input.is_a? Brakeman::BaseCheck::Match @user_input_type = @user_input.type @user_input = @user_input.match elsif @user_input == false @user_input = nil end if not @line if @user_input and @user_input.respond_to? :line @line = @user_input.line elsif @code and @code.respond_to? :line @line = @code.line end end if @gem_info if @gem_info.is_a? Hash @line ||= @gem_info[:line] @file ||= @gem_info[:file] else # Fallback behavior returns just a string for the file name @file ||= @gem_info end end unless @warning_set if self.model @warning_set = :model @file ||= self.model.file elsif self.template @warning_set = :template @called_from = self.template.render_path @file ||= self.template.file elsif self.controller @warning_set = :controller else @warning_set = :warning end end if options[:warning_code] @warning_code = Brakeman::WarningCodes.code options[:warning_code] else @warning_code = nil end Brakeman.debug("Warning created without warning code: #{options[:warning_code]}") unless @warning_code if options[:message].is_a? String @message = Brakeman::Messages::Message.new(options[:message]) end @format_message = nil @row = nil end
Public Instance Methods
check_name()
click to toggle source
# File lib/brakeman/warning.rb, line 278 def check_name @check_name ||= self.check.sub(/^Brakeman::Check/, '') end
confidence=(conf)
click to toggle source
# File lib/brakeman/warning.rb, line 139 def confidence= conf @confidence = case conf when Integer conf when Symbol CONFIDENCE[conf] else raise "Could not set confidence to `#{conf}`" end raise "Could not set confidence to `#{conf}`" unless @confidence raise "Invalid confidence: `#{@confidence}`" unless TEXT_CONFIDENCE[@confidence] end
confidence_name()
click to toggle source
# File lib/brakeman/warning.rb, line 282 def confidence_name TEXT_CONFIDENCE[self.confidence] end
eql?(other_warning)
click to toggle source
# File lib/brakeman/warning.rb, line 135 def eql? other_warning self.hash == other_warning.hash end
fingerprint()
click to toggle source
# File lib/brakeman/warning.rb, line 248 def fingerprint loc = self.location location_string = loc && loc.sort_by { |k, v| k.to_s }.inspect warning_code_string = sprintf("%03d", @warning_code) code_string = @code.inspect Digest::SHA2.new(256).update("#{warning_code_string}#{code_string}#{location_string}#{self.file.relative}#{self.confidence}").to_s end
format_code(strip = true)
click to toggle source
Return String
of the code output from the OutputProcessor and stripped of newlines and tabs.
# File lib/brakeman/warning.rb, line 164 def format_code strip = true format_ruby self.code, strip end
format_message()
click to toggle source
Return formatted warning message
# File lib/brakeman/warning.rb, line 185 def format_message return @format_message if @format_message @format_message = self.message.to_s.dup if self.line @format_message << " near line #{self.line}" end if self.code @format_message << ": #{format_code}" end @format_message end
format_user_input(strip = true)
click to toggle source
Return String
of the user input formatted and stripped of newlines and tabs.
# File lib/brakeman/warning.rb, line 170 def format_user_input strip = true format_ruby self.user_input, strip end
format_with_user_input(strip = true, &block)
click to toggle source
# File lib/brakeman/warning.rb, line 174 def format_with_user_input strip = true, &block if self.user_input formatted = Brakeman::OutputProcessor.new.format(code, self.user_input, &block) formatted.gsub!(/(\t|\r|\n)+/, " ") if strip formatted else format_code end end
hash()
click to toggle source
# File lib/brakeman/warning.rb, line 131 def hash self.to_s.hash end
link()
click to toggle source
# File lib/brakeman/warning.rb, line 201 def link return @link if @link if @link_path if @link_path.start_with? "http" @link = @link_path else @link = "https://brakemanscanner.org/docs/warning_types/#{@link_path}" end else warning_path = self.warning_type.to_s.downcase.gsub(/\s+/, '_') + "/" @link = "https://brakemanscanner.org/docs/warning_types/#{warning_path}" end @link end
location(include_renderer = true)
click to toggle source
# File lib/brakeman/warning.rb, line 257 def location include_renderer = true case @warning_set when :template { :type => :template, :template => self.view_name(include_renderer) } when :model { :type => :model, :model => self.model.name } when :controller { :type => :controller, :controller => self.controller } when :warning if self.class { :type => :method, :class => self.class, :method => self.method } else nil end end end
relative_path()
click to toggle source
# File lib/brakeman/warning.rb, line 274 def relative_path self.file.relative end
to_hash(absolute_paths: true)
click to toggle source
# File lib/brakeman/warning.rb, line 286 def to_hash absolute_paths: true if self.called_from and not absolute_paths render_path = self.called_from.with_relative_paths else render_path = self.called_from end { :warning_type => self.warning_type, :warning_code => @warning_code, :fingerprint => self.fingerprint, :check_name => self.check_name, :message => self.message.to_s, :file => (absolute_paths ? self.file.absolute : self.file.relative), :line => self.line, :link => self.link, :code => (@code && self.format_code(false)), :render_path => render_path, :location => self.location(false), :user_input => (@user_input && self.format_user_input(false)), :confidence => self.confidence_name } end
to_json()
click to toggle source
# File lib/brakeman/warning.rb, line 309 def to_json JSON.generate self.to_hash end
to_row(type = :warning)
click to toggle source
Generates a hash suitable for inserting into a table
# File lib/brakeman/warning.rb, line 219 def to_row type = :warning @row = { "Confidence" => TEXT_CONFIDENCE[self.confidence], "Warning Type" => self.warning_type.to_s, "Message" => self.message } case type when :template @row["Template"] = self.view_name.to_s when :model @row["Model"] = self.model.name.to_s when :controller @row["Controller"] = self.controller.to_s when :warning @row["Class"] = self.class.to_s @row["Method"] = self.method.to_s end @row end
to_s()
click to toggle source
# File lib/brakeman/warning.rb, line 239 def to_s output = "(#{TEXT_CONFIDENCE[self.confidence]}) #{self.warning_type} - #{self.message}" output << " near line #{self.line}" if self.line output << " in #{self.file.relative}" if self.file output << ": #{self.format_code}" if self.code output end
view_name(include_renderer = true)
click to toggle source
Returns name of a view, including where it was rendered from
# File lib/brakeman/warning.rb, line 154 def view_name(include_renderer = true) if called_from and include_renderer @view_name = "#{template.name} (#{called_from.last})" else @view_name = template.name end end
Private Instance Methods
format_ruby(code, strip)
click to toggle source
# File lib/brakeman/warning.rb, line 315 def format_ruby code, strip formatted = Brakeman::OutputProcessor.new.format(code) formatted.gsub!(/(\t|\r|\n)+/, " ") if strip formatted end