diff --git a/test/test.rb b/test/test.rb index 32ea670b5259a7485b832f852c0940cfc393bf01..f7e9b61327919f5863a1c28d81b0f3256409484a 100644 --- a/test/test.rb +++ b/test/test.rb @@ -25,20 +25,10 @@ module BrakemanTester #Run scan on app at the given path def run_scan path, name = nil, opts = {} opts.merge! :app_path => "#{TEST_PATH}/apps/#{path}", - :quiet => false, :url_safe_methods => [:ensure_valid_proto!] - announce "Processing #{name} application..." - Brakeman.run(opts).report.to_hash end - - #Make an announcement - def announce msg - $stderr.puts "-" * 40 - $stderr.puts msg - $stderr.puts "-" * 40 - end end end diff --git a/test/tests/only_files_option.rb b/test/tests/only_files_option.rb index 03727c28c42650bc156dac9e9df10a6efb656648..0c7ff69c84b2342beabcf0a60d846aed3bc08a50 100644 --- a/test/tests/only_files_option.rb +++ b/test/tests/only_files_option.rb @@ -1,7 +1,5 @@ abort "Please run using test/test.rb" unless defined? BrakemanTester -Rails32OnlyFiles = BrakemanTester.run_scan "rails3.2", "Rails 3.2", { :only_files => ["app/views/users/"], :skip_files => ["app/views/users/sanitized.html.erb"] } - class OnlyFilesOptionTests < Test::Unit::TestCase include BrakemanTester::FindWarning include BrakemanTester::CheckExpected @@ -21,7 +19,7 @@ class OnlyFilesOptionTests < Test::Unit::TestCase end def report - Rails32OnlyFiles + @@report ||= BrakemanTester.run_scan "rails3.2", "Rails 3.2", { :only_files => ["app/views/users/"], :skip_files => ["app/views/users/sanitized.html.erb"] } end def test_escaped_params_to_json diff --git a/test/tests/rails2.rb b/test/tests/rails2.rb index 1ab87faa9b1b5bfdbbfce3b82bd3b5d66617e0f3..20cecb6d2c7a040fae9e21d48812ddeeac9aa0e2 100644 --- a/test/tests/rails2.rb +++ b/test/tests/rails2.rb @@ -5,8 +5,6 @@ abort "Please run using test/test.rb" unless defined? BrakemanTester -Rails2 = BrakemanTester.run_scan "rails2", "Rails 2", :run_all_checks => true, :collapse_mass_assignment => true - class Rails2Tests < Test::Unit::TestCase include BrakemanTester::FindWarning include BrakemanTester::CheckExpected @@ -28,7 +26,7 @@ class Rails2Tests < Test::Unit::TestCase end def report - Rails2 + @@report ||= BrakemanTester.run_scan "rails2", "Rails 2", :run_all_checks => true, :collapse_mass_assignment => true end def test_no_errors @@ -1399,8 +1397,6 @@ class Rails2Tests < Test::Unit::TestCase end end -Rails2WithOptions = BrakemanTester.run_scan "rails2", "Rails 2", :run_all_checks => true - class Rails2WithOptionsTests < Test::Unit::TestCase include BrakemanTester::FindWarning include BrakemanTester::CheckExpected @@ -1422,7 +1418,7 @@ class Rails2WithOptionsTests < Test::Unit::TestCase end def report - Rails2WithOptions + @@report ||= BrakemanTester.run_scan "rails2", "Rails 2", :run_all_checks => true end def test_no_errors diff --git a/test/tests/rails3.rb b/test/tests/rails3.rb index f15e5cb7181903920be1b621df8c37fd2fbdf5b4..a486894efa4e16c793ad17341d742db6639764d3 100644 --- a/test/tests/rails3.rb +++ b/test/tests/rails3.rb @@ -1,14 +1,12 @@ abort "Please run using test/test.rb" unless defined? BrakemanTester -Rails3 = BrakemanTester.run_scan "rails3", "Rails 3", :rails3 => true, - :config_file => File.join(TEST_PATH, "apps", "rails3", "config", "brakeman.yml") - class Rails3Tests < Test::Unit::TestCase include BrakemanTester::FindWarning include BrakemanTester::CheckExpected def report - Rails3 + @@report ||= BrakemanTester.run_scan "rails3", "Rails 3", :rails3 => true, + :config_file => File.join(TEST_PATH, "apps", "rails3", "config", "brakeman.yml") end def expected diff --git a/test/tests/rails31.rb b/test/tests/rails31.rb index b00d0bba282915ad9e2773dac8cd9c8f778a3660..04f6a29d35a4e94a81051a0f3c33f60ef5abcbd2 100644 --- a/test/tests/rails31.rb +++ b/test/tests/rails31.rb @@ -1,13 +1,11 @@ abort "Please run using test/test.rb" unless defined? BrakemanTester -Rails31 = BrakemanTester.run_scan "rails3.1", "Rails 3.1", :rails3 => true, :parallel_checks => false, :interprocedural => true - class Rails31Tests < Test::Unit::TestCase include BrakemanTester::FindWarning include BrakemanTester::CheckExpected def report - Rails31 + @@report ||= BrakemanTester.run_scan "rails3.1", "Rails 3.1", :rails3 => true, :parallel_checks => false, :interprocedural => true end def expected diff --git a/test/tests/rails32.rb b/test/tests/rails32.rb index 167771840dafc299c5b0467e1c693e62e0c9e9d5..23f5e446de15f6c80a28bfeb98bb64833887fca4 100644 --- a/test/tests/rails32.rb +++ b/test/tests/rails32.rb @@ -5,8 +5,6 @@ abort "Please run using test/test.rb" unless defined? BrakemanTester -Rails32 = BrakemanTester.run_scan "rails3.2", "Rails 3.2" - class Rails32Tests < Test::Unit::TestCase include BrakemanTester::FindWarning include BrakemanTester::CheckExpected @@ -26,11 +24,11 @@ class Rails32Tests < Test::Unit::TestCase end def report - Rails32 + @@report ||= BrakemanTester.run_scan "rails3.2", "Rails 3.2" end def test_rc_version_number - assert_equal "3.2.9.rc2", Rails32[:config][:rails_version] + assert_equal "3.2.9.rc2", report[:config][:rails_version] end def test_sql_injection_CVE_2012_5664 diff --git a/test/tests/rails4.rb b/test/tests/rails4.rb index d7ffd77aaf1b7e0231ab2bfe44fc9e0010e2fc37..b90909d36435a1bd7d5388cea2fd9e686d26a4b2 100644 --- a/test/tests/rails4.rb +++ b/test/tests/rails4.rb @@ -1,14 +1,12 @@ abort "Please run using test/test.rb" unless defined? BrakemanTester -EXTERNAL_CHECKS_PATH = File.expand_path(File.join(File.dirname(__FILE__), "..", "/apps/rails4/external_checks")) -Rails4 = BrakemanTester.run_scan "rails4", "Rails 4", {:additional_checks_path => [EXTERNAL_CHECKS_PATH], :run_all_checks => true, :additional_libs_path => ["app/api"]} - class Rails4Tests < Test::Unit::TestCase include BrakemanTester::FindWarning include BrakemanTester::CheckExpected def report - Rails4 + external_checks_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "/apps/rails4/external_checks")) + @@report ||= BrakemanTester.run_scan "rails4", "Rails 4", {:additional_checks_path => [external_checks_path], :run_all_checks => true, :additional_libs_path => ["app/api"]} end def expected diff --git a/test/tests/rails4_with_engines.rb b/test/tests/rails4_with_engines.rb index cfd54d7f17f12f3c59afb6e1c88cae67e15c186b..1b12320c83edbe856e901f1f1cae40895cc626bd 100644 --- a/test/tests/rails4_with_engines.rb +++ b/test/tests/rails4_with_engines.rb @@ -1,7 +1,5 @@ abort "Please run using test/test.rb" unless defined? BrakemanTester -Rails4WithEngines = BrakemanTester.run_scan "rails4_with_engines", "Rails4WithEngines" - class Rails4WithEnginesTests < Test::Unit::TestCase include BrakemanTester::FindWarning include BrakemanTester::CheckExpected @@ -15,7 +13,7 @@ class Rails4WithEnginesTests < Test::Unit::TestCase end def report - Rails4WithEngines + @@report ||= BrakemanTester.run_scan "rails4_with_engines", "Rails4WithEngines" end def test_i18n_xss_CVE_2013_4491 diff --git a/test/tests/rails_with_xss_plugin.rb b/test/tests/rails_with_xss_plugin.rb index adf2102280384ac77624633245c2634612b521ba..1ae4d9cc9f25cee774ca4708ad6e065a75aa983c 100644 --- a/test/tests/rails_with_xss_plugin.rb +++ b/test/tests/rails_with_xss_plugin.rb @@ -1,13 +1,5 @@ abort "Please run using test/test.rb" unless defined? BrakemanTester -RailsWithXssPlugin = BrakemanTester.run_scan( - "rails_with_xss_plugin", - "RailsWithXssPlugin", - :absolute_paths => true, - :run_all_checks => true, - :collapse_mass_assignment => true -) - class RailsWithXssPluginTests < Test::Unit::TestCase include BrakemanTester::FindWarning include BrakemanTester::CheckExpected @@ -21,7 +13,13 @@ class RailsWithXssPluginTests < Test::Unit::TestCase end def report - RailsWithXssPlugin + @@report ||= BrakemanTester.run_scan( + "rails_with_xss_plugin", + "RailsWithXssPlugin", + :absolute_paths => true, + :run_all_checks => true, + :collapse_mass_assignment => true + ) end def test_default_routes_1