Merge remote-tracking branch 'fsword/master' into relative_paths_for_reports

lib/brakeman.rb

@@ -39,6 +39,7 @@ module Brakeman
   #  * :safe_methods - array of methods to consider safe
   #  * :skip_libs - do not process lib/ directory (default: false)
   #  * :skip_checks - checks not to run (run all if not specified)
+  #  * :relative_path - show relative path of each file(default: false)
   #  * :summary_only - only output summary section of report 
   #                    (does not apply to tabs format)
   #
@@ -119,6 +120,7 @@ module Brakeman
       :ignore_model_output => false,
       :message_limit => 100,
       :parallel_checks => true,
+      :relative_path => false,
       :quiet => true,
       :report_progress => true,
       :html_style => "#{File.expand_path(File.dirname(__FILE__))}/brakeman/format/style.css" 

lib/brakeman/options.rb

@@ -169,6 +169,10 @@ module Brakeman::Options
           options[:summary_only] = true
         end
 
+        opts.on "--relative-path", "Output relative file path (only JSON is supported)" do
+          options[:relative_path] = true
+        end
+
         opts.on "-w", 
           "--confidence-level LEVEL", 
           ["1", "2", "3"], 

lib/brakeman/report.rb

@@ -650,7 +650,17 @@ class Brakeman::Report
     require 'json'
 
     errors = tracker.errors.map{|e| { :error => e[:error], :location => e[:backtrace][0] }}
-    warnings = all_warnings.map { |w| w.to_hash }.sort_by{|w| w[:file]}
+    app_path = tracker.options[:app_path]
+    if tracker.options[:relative_path]
+      warnings = all_warnings.map { |w| 
+        hash = w.to_hash 
+        if file = hash[:file]
+          hash.update :file => file.sub( /^#{app_path}/,'.' )
+        end
+      }.sort_by{|w| w[:file]}
+    else
+      warnings = all_warnings.map { |w| w.to_hash }.sort_by{|w| w[:file]}
+    end
     scan_info = {
       :app_path => File.expand_path(tracker.options[:app_path]),
       :rails_version => rails_version,