Don't rely on $VERBOSE for silence

although we're still depending on "globals", just not ones shared with every Ruby app

Don't rely on $VERBOSE for silence
although we're still depending on "globals", just not ones shared with every Ruby app
2ffb3c33 · Justin Collins · 29beb790 · 2ffb3c33 · 2ffb3c33 · 2ffb3c33
26 changed file
--- a/lib/brakeman.rb
+++ b/lib/brakeman.rb
@@ -8,6 +8,9 @@ module Brakeman
  #option is set
  Warnings_Found_Exit_Code = 3
+  @debug = false
+  @quiet = false
  #Run Brakeman scan. Returns Tracker object.
  #
  #Options:
@@ -42,10 +45,10 @@ module Brakeman
  def self.run options
    options = set_options options
-    if options[:quiet]
+    @quiet = !!options[:quiet]
-      options[:report_progress] = false
+    @debug = !!options[:debug]
-      $VERBOSE = nil
-    end
+    options[:report_progress] = !@quiet
    scan options
  end
@@ -68,7 +71,7 @@ module Brakeman
    if File.exist? app_path + "/script/rails"
      options[:rails3] = true
-      warn "[Notice] Detected Rails 3 application" 
+      notify "[Notice] Detected Rails 3 application"
    end
    options
@@ -86,7 +89,7 @@ module Brakeman
      "#{File.expand_path(File.dirname(__FILE__))}/../lib/config.yaml"].each do |f|
      if File.exist? f and not File.directory? f
-        warn "[Notice] Using configuration in #{f}" unless options[:quiet]
+        notify "[Notice] Using configuration in #{f}"
        options = YAML.load_file f
        options.each do |k,v|
          if v.is_a? Array
@@ -173,7 +176,7 @@ module Brakeman
    require 'fileutils'
    if not File.exists? "lib/tasks"
-      warn "Creating lib/tasks"
+      notify "Creating lib/tasks"
      FileUtils.mkdir_p "lib/tasks"
    end
@@ -182,10 +185,10 @@ module Brakeman
    FileUtils.cp "#{path}/brakeman/brakeman.rake", "lib/tasks/brakeman.rake"
    if File.exists? "lib/tasks/brakeman.rake"
-      warn "Task created in lib/tasks/brakeman.rake"
+      notify "Task created in lib/tasks/brakeman.rake"
-      warn "Usage: rake brakeman:run[output_file]"
+      notify "Usage: rake brakeman:run[output_file]"
    else
-      warn "Could not create task"
+      notify "Could not create task"
    end
  end
@@ -219,7 +222,7 @@ module Brakeman
  #Run a scan. Generally called from Brakeman.run instead of directly.
  def self.scan options
    #Load scanner
-    warn "Loading scanner..."
+    notify "Loading scanner..."
    begin
      require 'brakeman/scanner'
@@ -230,27 +233,27 @@ module Brakeman
    #Start scanning
    scanner = Scanner.new options
-    warn "[Notice] Using Ruby #{RUBY_VERSION}. Please make sure this matches the one used to run your Rails application."
+    notify "[Notice] Using Ruby #{RUBY_VERSION}. Please make sure this matches the one used to run your Rails application."
-    warn "Processing application in #{options[:app_path]}"
+    notify "Processing application in #{options[:app_path]}"
    tracker = scanner.process
    if options[:parallel_checks]
-      warn "Running checks in parallel..."
+      notify "Running checks in parallel..."
    else
-      warn "Runnning checks..."
+      notify "Runnning checks..."
    end
    tracker.run_checks
    if options[:output_file]
-      warn "Generating report..."
+      notify "Generating report..."
      File.open options[:output_file], "w" do |f|
        f.puts tracker.report.send(options[:output_format])
      end
-      warn "Report saved in '#{options[:output_file]}'"
+      notify "Report saved in '#{options[:output_file]}'"
    elsif options[:print_report]
-      warn "Generating report..."
+      notify "Generating report..."
      puts tracker.report.send(options[:output_format])
    end
@@ -273,11 +276,27 @@ module Brakeman
  #The returned Tracker object from Brakeman.run is used as a starting point
  #for the rescan.
  #
+  #Options may be given as a hash with the same values as Brakeman.run.
+  #Note that these options will be merged into the Tracker.
+  #
  #This method returns a RescanReport object with information about the scan.
  #However, the Tracker object will also be modified as the scan is run.
-  def self.rescan tracker, files
+  def self.rescan tracker, files, options = {}
    require 'brakeman/rescanner'
+    tracker.options.merge! options
+    @quiet = !!tracker.options[:quiet]
+    @debug = !!tracker.options[:debug]
    Rescanner.new(tracker.options, tracker.processor, files).recheck
  end
+  def self.notify message
+    $stderr.puts message unless @quiet
+  end
+  def self.debug message
+    $stderr.puts message if @debug
+  end
 end
--- a/lib/brakeman/call_index.rb
+++ b/lib/brakeman/call_index.rb
@@ -55,7 +55,7 @@ class Brakeman::CallIndex
    elsif method
      calls = calls_by_method method
    else
-      warn "Invalid arguments to CallCache#find_calls: #{options.inspect}"
+      notify "Invalid arguments to CallCache#find_calls: #{options.inspect}"
    end
    return [] if calls.nil?

--- a/lib/brakeman/checks.rb
+++ b/lib/brakeman/checks.rb
@@ -89,7 +89,7 @@ class Brakeman::Checks
      unless tracker.options[:skip_checks].include? check_name or 
        (tracker.options[:run_checks] and not tracker.options[:run_checks].include? check_name)
-        warn " - #{check_name}"
+        Brakeman.notify " - #{check_name}"
        check = c.new(tracker)
        check.run_check
@@ -120,7 +120,7 @@ class Brakeman::Checks
      unless tracker.options[:skip_checks].include? check_name or 
        (tracker.options[:run_checks] and not tracker.options[:run_checks].include? check_name)
-        warn " - #{check_name}"
+        Brakeman.notify " - #{check_name}"
        threads << Thread.new do
          begin
@@ -128,7 +128,7 @@ class Brakeman::Checks
            check.run_check
            check.warnings
          rescue Exception => e
-            warn "[#{check_name}] #{e}"
+            Brakeman.notify "[#{check_name}] #{e}"
            []
          end
        end
@@ -141,7 +141,7 @@ class Brakeman::Checks
    threads.each { |t| t.join }
-    warn "Checks finished, collecting results..."
+    Brakeman.notify "Checks finished, collecting results..."
    #Collect results
    threads.each do |thread|

--- a/lib/brakeman/checks/check_cross_site_scripting.rb
+++ b/lib/brakeman/checks/check_cross_site_scripting.rb
@@ -59,10 +59,10 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
    tracker.each_template do |name, template|
      @current_template = template
      template[:outputs].each do |out|
-        debug_info "Checking #{name} for direct XSS"
+        Brakeman.debug "Checking #{name} for direct XSS"
        unless check_for_immediate_xss out
-          debug_info "Checking #{name} for indirect XSS"
+          Brakeman.debug "Checking #{name} for indirect XSS"
          @matched = false
          @mark = false

--- a/lib/brakeman/checks/check_default_routes.rb
+++ b/lib/brakeman/checks/check_default_routes.rb
@@ -15,7 +15,7 @@ class Brakeman::CheckDefaultRoutes < Brakeman::BaseCheck
        :confidence => CONFIDENCE[:high],
        :file => "#{tracker.options[:app_path]}/config/routes.rb"
    else #Report each controller separately
-      debug_info "Checking each controller for default routes"
+      Brakeman.debug "Checking each controller for default routes"
      tracker.routes.each do |name, actions|
        if actions.is_a? Array and actions[0] == :allow_all_actions

--- a/lib/brakeman/checks/check_evaluation.rb
+++ b/lib/brakeman/checks/check_evaluation.rb
@@ -7,10 +7,10 @@ class Brakeman::CheckEvaluation < Brakeman::BaseCheck
  #Process calls
  def run_check
-    debug_info "Finding eval-like calls"
+    Brakeman.debug "Finding eval-like calls"
    calls = tracker.find_call :method => [:eval, :instance_eval, :class_eval, :module_eval]
-    debug_info "Processing eval-like calls"
+    Brakeman.debug "Processing eval-like calls"
    calls.each do |call|
      process_result call
    end

--- a/lib/brakeman/checks/check_execute.rb
+++ b/lib/brakeman/checks/check_execute.rb
@@ -13,13 +13,13 @@ class Brakeman::CheckExecute < Brakeman::BaseCheck
  #Check models, controllers, and views for command injection.
  def run_check
-    debug_info "Finding system calls using ``"
+    Brakeman.debug "Finding system calls using ``"
    check_for_backticks tracker
-    debug_info "Finding other system calls"
+    Brakeman.debug "Finding other system calls"
    calls = tracker.find_call :targets => [:IO, :Open3, :Kernel, nil], :methods => [:exec, :popen, :popen3, :syscall, :system]
-    debug_info "Processing system calls"
+    Brakeman.debug "Processing system calls"
    calls.each do |result|
      process_result result
    end

--- a/lib/brakeman/checks/check_file_access.rb
+++ b/lib/brakeman/checks/check_file_access.rb
@@ -6,16 +6,16 @@ class Brakeman::CheckFileAccess < Brakeman::BaseCheck
  Brakeman::Checks.add self
  def run_check
-    debug_info "Finding possible file access"
+    Brakeman.debug "Finding possible file access"
    methods = tracker.find_call :targets => [:Dir, :File, :IO, :Kernel, :"Net::FTP", :"Net::HTTP", :PStore, :Pathname, :Shell, :YAML], :methods => [:[], :chdir, :chroot, :delete, :entries, :foreach, :glob, :install, :lchmod, :lchown, :link, :load, :load_file, :makedirs, :move, :new, :open, :read, :read_lines, :rename, :rmdir, :safe_unlink, :symlink, :syscopy, :sysopen, :truncate, :unlink]
-    debug_info "Finding calls to load()"
+    Brakeman.debug "Finding calls to load()"
    methods.concat tracker.find_call :target => false, :method => :load
-    debug_info "Finding calls using FileUtils"
+    Brakeman.debug "Finding calls using FileUtils"
    methods.concat tracker.find_call :target => :FileUtils
-    debug_info "Processing found calls"
+    Brakeman.debug "Processing found calls"
    methods.each do |call|
      process_result call
    end

--- a/lib/brakeman/checks/check_mail_to.rb
+++ b/lib/brakeman/checks/check_mail_to.rb
@@ -28,7 +28,7 @@ class Brakeman::CheckMailTo < Brakeman::BaseCheck
  #Check for javascript encoding of mail_to address
  #    mail_to email, name, :encode => :javascript
  def mail_to_javascript?
-    debug_info "Checking calls to mail_to for javascript encoding"
+    Brakeman.debug "Checking calls to mail_to for javascript encoding"
    tracker.find_call(:target => false, :method => :mail_to).each do |result|
      call = result[:call]

--- a/lib/brakeman/checks/check_mass_assignment.rb
+++ b/lib/brakeman/checks/check_mass_assignment.rb
@@ -21,7 +21,7 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
    @results = Set.new
-    debug_info "Finding possible mass assignment calls on #{models.length} models"
+    Brakeman.debug "Finding possible mass assignment calls on #{models.length} models"
    calls = tracker.find_call :chained => true, :targets => models, :methods => [:new,
      :attributes=, 
      :update_attribute, 
@@ -30,7 +30,7 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
      :create,
      :create!]
-    debug_info "Processing possible mass assignment calls"
+    Brakeman.debug "Processing possible mass assignment calls"
    calls.each do |result|
      process_result result
    end

--- a/lib/brakeman/checks/check_quote_table_name.rb
+++ b/lib/brakeman/checks/check_quote_table_name.rb
@@ -29,7 +29,7 @@ class Brakeman::CheckQuoteTableName < Brakeman::BaseCheck
  end
  def uses_quote_table_name?
-    debug_info "Finding calls to quote_table_name()"
+    Brakeman.debug "Finding calls to quote_table_name()"
    not tracker.find_call(:target => false, :method => :quote_table_name).empty?
  end

--- a/lib/brakeman/checks/check_redirect.rb
+++ b/lib/brakeman/checks/check_redirect.rb
@@ -9,7 +9,7 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
  Brakeman::Checks.add self
  def run_check
-    debug_info "Finding calls to redirect_to()"
+    Brakeman.debug "Finding calls to redirect_to()"
    @tracker.find_call(:target => false, :method => :redirect_to).each do |res|
      process_result res
@@ -42,7 +42,7 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
  #which can be used to enable/disable reporting output of method calls which use
  #user input as arguments.
  def include_user_input? call
-    debug_info "Checking if call includes user input"
+    Brakeman.debug "Checking if call includes user input"
    if tracker.options[:ignore_redirect_to_model] and call? call[3][1] and 
      call[3][1][2] == :new and call[3][1][1]

--- a/lib/brakeman/checks/check_send_file.rb
+++ b/lib/brakeman/checks/check_send_file.rb
@@ -6,7 +6,7 @@ class Brakeman::CheckSendFile < Brakeman::CheckFileAccess
  Brakeman::Checks.add self
  def run_check
-    debug_info "Finding all calls to send_file()"
+    Brakeman.debug "Finding all calls to send_file()"
    methods = tracker.find_call :target => false, :method => :send_file

--- a/lib/brakeman/checks/check_sql.rb
+++ b/lib/brakeman/checks/check_sql.rb
@@ -14,7 +14,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
  def run_check
    @rails_version = tracker.config[:rails_version]
-    debug_info "Finding possible SQL calls on models"
+    Brakeman.debug "Finding possible SQL calls on models"
    if tracker.options[:rails3]
      calls = tracker.find_call :targets => tracker.models.keys,
        :methods => /^(find.*|first|last|all|where|order|group|having)$/,
@@ -25,16 +25,16 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
        :chained => true
    end
-    debug_info "Finding possible SQL calls with no target"
+    Brakeman.debug "Finding possible SQL calls with no target"
    calls.concat tracker.find_call(:target => nil, :method => /^(find.*|last|first|all|count|sum|average|minumum|maximum|count_by_sql)$/)
-    debug_info "Finding possible SQL calls using constantized()"
+    Brakeman.debug "Finding possible SQL calls using constantized()"
    calls.concat tracker.find_call(:method => /^(find.*|last|first|all|count|sum|average|minumum|maximum|count_by_sql)$/).select { |result| constantize_call? result }
-    debug_info "Finding calls to named_scope or scope"
+    Brakeman.debug "Finding calls to named_scope or scope"
    calls.concat find_scope_calls
-    debug_info "Processing possible SQL calls"
+    Brakeman.debug "Processing possible SQL calls"
    calls.each do |c|
      process_result c
    end

--- a/lib/brakeman/checks/check_strip_tags.rb
+++ b/lib/brakeman/checks/check_strip_tags.rb
@@ -23,7 +23,7 @@ class Brakeman::CheckStripTags < Brakeman::BaseCheck
  end
  def uses_strip_tags?
-    debug_info "Finding calls to strip_tags()"
+    Brakeman.debug "Finding calls to strip_tags()"
    not tracker.find_call(:target => false, :method => :strip_tags).empty?
  end

--- a/lib/brakeman/checks/check_translate_bug.rb
+++ b/lib/brakeman/checks/check_translate_bug.rb
@@ -34,7 +34,7 @@ class Brakeman::CheckTranslateBug < Brakeman::BaseCheck
  end
  def uses_translate?
-    debug_info "Finding calls to translate() or t()"
+    Brakeman.debug "Finding calls to translate() or t()"
    not tracker.find_call(:target => nil, :methods => [:t, :translate]).empty?
  end

--- a/lib/brakeman/checks/check_without_protection.rb
+++ b/lib/brakeman/checks/check_without_protection.rb
@@ -23,7 +23,7 @@ class Brakeman::CheckWithoutProtection < Brakeman::BaseCheck
    @results = Set.new
-    debug_info "Finding all mass assignments"
+    Brakeman.debug "Finding all mass assignments"
    calls = tracker.find_call :targets => models, :methods => [:new,
      :attributes=, 
      :update_attribute, 
@@ -32,7 +32,7 @@ class Brakeman::CheckWithoutProtection < Brakeman::BaseCheck
      :create,
      :create!]
-    debug_info "Processing all mass assignments"
+    Brakeman.debug "Processing all mass assignments"
    calls.each do |result|
      process_result result
    end

--- a/lib/brakeman/processors/controller_alias_processor.rb
+++ b/lib/brakeman/processors/controller_alias_processor.rb
@@ -87,7 +87,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
    method = find_method name, @current_class    
    if method.nil?
-      warn "[Notice] Could not find filter #{name}" if @tracker.options[:debug]
+      Brakeman.debug "[Notice] Could not find filter #{name}"
      return
    end
@@ -207,7 +207,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
      when :lit, :str
        filter[option] = value[1]
      else
-        warn "[Notice] Unknown before_filter value: #{option} => #{value}" if @tracker.options[:debug]
+        Brakeman.debug "[Notice] Unknown before_filter value: #{option} => #{value}"
      end
    else
      filter[:all] = true

--- a/lib/brakeman/processors/controller_processor.rb
+++ b/lib/brakeman/processors/controller_processor.rb
@@ -22,7 +22,7 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
  #s(:class, NAME, PARENT, s(:scope ...))
  def process_class exp
    if @controller
-      warn "[Notice] Skipping inner class: #{class_name exp[1]}" if @tracker.options[:debug]
+      Brakeman.debug "[Notice] Skipping inner class: #{class_name exp[1]}"
      return ignore
    end
@@ -83,7 +83,7 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
            unless Dir.glob("#{@tracker.options[:app_path]}/app/views/layouts/#{name}.html.{erb,haml}").empty?
              @controller[:layout] = "layouts/#{name}"
            else
-              warn "[Notice] Layout not found: #{name}" if @tracker.options[:debug]
+              Brakeman.debug "[Notice] Layout not found: #{name}"
            end
          elsif sexp? args[-1] and (args[-1][0] == :nil or args[-1][0] == :false)
            #layout :false or layout nil

--- a/lib/brakeman/processors/lib/rails2_config_processor.rb
+++ b/lib/brakeman/processors/lib/rails2_config_processor.rb
@@ -37,7 +37,7 @@ class Brakeman::Rails2ConfigProcessor < Brakeman::BaseProcessor
    target = process target if sexp? target
    if exp[2] == :gem and exp[3][1][1] == "erubis"
-      warn "[Notice] Using Erubis for ERB templates"
+      Brakeman.notify "[Notice] Using Erubis for ERB templates"
      @tracker.config[:erubis] = true
    end

--- a/lib/brakeman/processors/lib/render_helper.rb
+++ b/lib/brakeman/processors/lib/render_helper.rb
@@ -50,7 +50,7 @@ module Brakeman::RenderHelper
    name = name.to_s.gsub(/^\//, "")
    template = @tracker.templates[name.to_sym]
    unless template
-      warn "[Notice] No such template: #{name}" if @tracker.options[:debug]
+      Brakeman.debug "[Notice] No such template: #{name}"
      return 
    end

--- a/lib/brakeman/processors/model_processor.rb
+++ b/lib/brakeman/processors/model_processor.rb
@@ -19,7 +19,7 @@ class Brakeman::ModelProcessor < Brakeman::BaseProcessor
  #s(:class, NAME, PARENT, s(:scope ...))
  def process_class exp
    if @model
-      warn "[Notice] Skipping inner class: #{class_name exp[1]}" if @tracker.options[:debug]
+      Brakeman.debug "[Notice] Skipping inner class: #{class_name exp[1]}"
      ignore
    else
      @model = { :name => class_name(exp[1]),

--- a/lib/brakeman/processors/output_processor.rb
+++ b/lib/brakeman/processors/output_processor.rb
@@ -19,7 +19,7 @@ class Brakeman::OutputProcessor < Ruby2Ruby
    begin
      super exp if sexp? exp and not exp.empty?
    rescue Exception => e
-      warn "While formatting #{exp}: #{e}\n#{e.backtrace.join("\n")}" if @tracker.options[:debug]
+      Brakeman.debug "While formatting #{exp}: #{e}\n#{e.backtrace.join("\n")}"
    end
  end

--- a/lib/brakeman/report.rb
+++ b/lib/brakeman/report.rb
@@ -83,7 +83,7 @@ class Brakeman::Report
      tracker.errors.each do |w|
-        p w if tracker.options[:debug]
+        Brakeman.debug w.inspect
        if html
          w[:error] = CGI.escapeHTML w[:error]

--- a/lib/brakeman/rescanner.rb
+++ b/lib/brakeman/rescanner.rb
@@ -45,7 +45,7 @@ class Brakeman::Rescanner < Brakeman::Scanner
    SCAN_ORDER.each do |type|
      paths_by_type[type].each do |path|
-        warn "Rescanning #{path} as #{type}" if tracker.options[:debug]
+        Brakeman.debug "Rescanning #{path} as #{type}"
        if rescan_file path, type
          @changes = true

--- a/lib/brakeman/scanner.rb
+++ b/lib/brakeman/scanner.rb
@@ -51,23 +51,23 @@ class Brakeman::Scanner
  #Process everything in the Rails application
  def process
-    warn "Processing configuration..."
+    Brakeman.notify "Processing configuration..."
    process_config
-    warn "Processing gems..."
+    Brakeman.notify "Processing gems..."
    process_gems
-    warn "Processing initializers..."
+    Brakeman.notify "Processing initializers..."
    process_initializers
-    warn "Processing libs..."
+    Brakeman.notify "Processing libs..."
    process_libs
-    warn "Processing routes...        "
+    Brakeman.notify "Processing routes...        "
    process_routes
-    warn "Processing templates...     "
+    Brakeman.notify "Processing templates...     "
    process_templates
-    warn "Processing models...        "
+    Brakeman.notify "Processing models...        "
    process_models
-    warn "Processing controllers...   "
+    Brakeman.notify "Processing controllers...   "
    process_controllers
-    warn "Indexing call sites...      "
+    Brakeman.notify "Indexing call sites...      "
    index_call_sites
    tracker
  end
@@ -89,7 +89,7 @@ class Brakeman::Scanner
      (File.exists? "#@path/Gemfile" and File.read("#@path/Gemfile").include? "rails_xss")
      tracker.config[:escape_html] = true
-      warn "[Notice] Escaping HTML by default"
+      Brakeman.notify "[Notice] Escaping HTML by default"
    end
  end
@@ -99,7 +99,7 @@ class Brakeman::Scanner
    end
  rescue Exception => e
-    warn "[Notice] Error while processing config/#{file}"
+    Brakeman.notify "[Notice] Error while processing config/#{file}"
    tracker.error e.exception(e.message + "\nwhile processing Gemfile"), e.backtrace
  end
@@ -115,7 +115,7 @@ class Brakeman::Scanner
      end
    end
  rescue Exception => e
-    warn "[Notice] Error while processing Gemfile."
+    Brakeman.notify "[Notice] Error while processing Gemfile."
    tracker.error e.exception(e.message + "\nWhile processing Gemfile"), e.backtrace
  end
@@ -144,7 +144,7 @@ class Brakeman::Scanner
  #Adds parsed information to tracker.libs.
  def process_libs
    if options[:skip_libs]
-      warn '[Skipping]'
+      Brakeman.notify '[Skipping]'
      return
    end
@@ -153,7 +153,7 @@ class Brakeman::Scanner
    current = 0
    lib_files.each do |f|
-      warn "Processing #{f}" if options[:debug]
+      Brakeman.debug "Processing #{f}"
      if @report_progress
        $stderr.print " #{current}/#{total} files processed\r"
        current += 1
@@ -183,11 +183,11 @@ class Brakeman::Scanner
        @processor.process_routes parse_ruby(File.read("#@path/config/routes.rb"))
      rescue Exception => e
        tracker.error e.exception(e.message + "\nWhile processing routes.rb"), e.backtrace
-        warn "[Notice] Error while processing routes - assuming all public controller methods are actions."
+        Brakeman.notify "[Notice] Error while processing routes - assuming all public controller methods are actions."
        options[:assume_all_routes] = true
      end
    else
-      warn "[Notice] No route information found"
+      Brakeman.notify "[Notice] No route information found"
    end
  end
@@ -200,7 +200,7 @@ class Brakeman::Scanner
    current = 0
    controller_files.each do |f|
-      warn "Processing #{f}" if options[:debug]
+      Brakeman.debug "Processing #{f}"
      if @report_progress
        $stderr.print " #{current}/#{total} files processed\r"
        current += 1
@@ -212,7 +212,7 @@ class Brakeman::Scanner
    current = 0
    total = tracker.controllers.length
-    warn "Processing data flow in controllers..."
+    Brakeman.notify "Processing data flow in controllers..."
    tracker.controllers.each do |name, controller|
      if @report_progress
@@ -258,7 +258,7 @@ class Brakeman::Scanner
    total = tracker.templates.length
    count = 0
-    warn "Processing data flow in templates..."
+    Brakeman.notify "Processing data flow in templates..."
    tracker.templates.keys.dup.each do |name|
      if @report_progress