Merge pull request #166 from presidentbeef/use_multi_json_gem

Use multi_json instead of json_pure gem

bin/brakeman

@@ -54,7 +54,8 @@ end
 
 if options[:previous_results_json]
   vulns = Brakeman.compare options.merge(:quiet => options[:quiet])
-  puts JSON.pretty_generate(vulns)
+  puts MultiJson.dump(vulns, :pretty => true)
+
   if options[:exit_on_warn] and (vulns[:new].count + vulns[:fixed].count > 0)
     exit Brakeman::Warnings_Found_Exit_Code
   end

brakeman.gemspec

@@ -19,5 +19,5 @@ Gem::Specification.new do |s|
   s.add_dependency "erubis", "~>2.6"
   s.add_dependency "haml", "~>3.0"
   s.add_dependency "sass", "~>3.0"
-  s.add_dependency "json_pure"
+  s.add_dependency "multi_json"
 end

lib/brakeman.rb

@@ -316,19 +316,20 @@ module Brakeman
 
   # Compare JSON ouptut from a previous scan and return the diff of the two scans
   def self.compare options
-    require 'json'
+    require 'multi_json'
     require 'brakeman/differ'
     raise ArgumentError.new("Comparison file doesn't exist") unless File.exists? options[:previous_results_json]
 
     begin
-      previous_results = JSON.parse(File.read(options[:previous_results_json]), :symbolize_names =>true)[:warnings]
-    rescue JSON::ParserError
+      previous_results = MultiJson.load(File.read(options[:previous_results_json]), :symbolize_keys => true)[:warnings]
+    rescue MultiJson::DecodeError
       self.notify "Error parsing comparison file: #{options[:previous_results_json]}"
       exit!
     end
 
     tracker = run(options)
-    new_results = JSON.parse(tracker.report.to_json, :symbolize_names =>true)[:warnings]
+
+    new_results = MultiJson.load(tracker.report.to_json, :symbolize_keys => true)[:warnings]
 
     Brakeman::Differ.new(new_results, previous_results).diff
   end

lib/brakeman/report.rb

@@ -6,6 +6,7 @@ require 'brakeman/util'
 require 'terminal-table'
 require 'highline/system_extensions'
 require "csv"
+require 'multi_json'
 require 'brakeman/version'
 
 if CSV.const_defined? :Reader
@@ -17,6 +18,15 @@ else
   # CSV is now FasterCSV in ruby 1.9
 end
 
+#This is so OkJson will work with symbol values
+if MultiJson.default_engine == :ok_json 
+  class Symbol
+    def to_json
+      self.to_s.inspect
+    end
+  end
+end
+
 #Generates a report based on the Tracker and the results of
 #Tracker#run_checks. Be sure to +run_checks+ before generating
 #a report.
@@ -647,8 +657,6 @@ class Brakeman::Report
   end
 
   def to_json
-    require 'json'
-
     errors = tracker.errors.map{|e| { :error => e[:error], :location => e[:backtrace][0] }}
     app_path = tracker.options[:app_path]
 
@@ -662,7 +670,7 @@ class Brakeman::Report
       :app_path => File.expand_path(tracker.options[:app_path]),
       :rails_version => rails_version,
       :security_warnings => all_warnings.length,
-      :timestamp => Time.now,
+      :timestamp => Time.now.to_s,
       :checks_performed => checks.checks_run.sort,
       :number_of_controllers =>tracker.controllers.length,
       # ignore the "fake" model
@@ -672,11 +680,11 @@ class Brakeman::Report
       :brakeman_version => Brakeman::Version
     }
 
-    JSON.pretty_generate({
+    MultiJson.dump({
       :scan_info => scan_info,
       :warnings => warnings,
       :errors => errors
-    })
+    }, :pretty => true)
   end
 
   def all_warnings

lib/brakeman/warning.rb

+require 'multi_json'
+
 #The Warning class stores information about warnings
 class Brakeman::Warning
   attr_reader :called_from, :check, :class, :confidence, :controller,
@@ -177,8 +179,6 @@ class Brakeman::Warning
   end
 
   def to_json
-    require 'json'
-
-    JSON.dump self.to_hash
+    MultiJson.dump self.to_hash
   end
 end

test/tests/test_json_compare.rb

@@ -6,7 +6,7 @@ class JSONCompareTests < Test::Unit::TestCase
     @json_path = File.join @path, "report.json"
     File.delete @json_path if File.exist? @json_path
     Brakeman.run :app_path => @path, :output_files => [@json_path]
-    @report = JSON.parse File.read(@json_path)
+    @report = MultiJson.load File.read(@json_path)
   end
 
   def update_json