Add option to turn off user input highlighting

8ef1846c · Justin Collins · b42ccb85 · 8ef1846c · 8ef1846c · 8ef1846c
隐藏空白更改
内联并排

Showing with 10 addition and 2 deletion

lib/brakeman.rb lib/brakeman.rb +2 -0

lib/brakeman/options.rb lib/brakeman/options.rb +4 -0

lib/brakeman/report.rb lib/brakeman/report.rb +4 -2

未找到文件。
--- a/lib/brakeman.rb
+++ b/lib/brakeman.rb
@@ -23,6 +23,7 @@ module Brakeman
  #  * :config_file - configuration file
  #  * :escape_html - escape HTML by default (automatic)
  #  * :exit_on_warn - return false if warnings found, true otherwise. Not recommended for library use (default: false)
+  #  * :highlight_user_input - highlight user input in reported warnings (default: true)
  #  * :html_style - path to CSS file
  #  * :ignore_model_output - consider models safe (default: false)
  #  * :message_limit - limit length of messages
@@ -113,6 +114,7 @@ module Brakeman
      :min_confidence => 2,
      :combine_locations => true,
      :collapse_mass_assignment => true,
+      :highlight_user_input => true,
      :ignore_redirect_to_model => true,
      :ignore_model_output => false,
      :message_limit => 100,

--- a/lib/brakeman/options.rb
+++ b/lib/brakeman/options.rb
@@ -144,6 +144,10 @@ module Brakeman::Options
          options[:combine_locations] = combine
        end

+        opts.on "--[no-]highlights", "Highlight user input in report" do |highlight|
+          options[:highlight_user_input] = highlight
+        end
+
        opts.on "-m", "--routes", "Report controller information" do
          options[:report_routes] = true
        end

--- a/lib/brakeman/report.rb
+++ b/lib/brakeman/report.rb
@@ -34,6 +34,7 @@ class Brakeman::Report
    @checks = tracker.checks
    @element_id = 0 #Used for HTML ids
    @warnings_summary = nil
+    @highlight_user_input = tracker.options[:highlight_user_input]
  end

  #Generate summary table of what was parsed
@@ -491,7 +492,7 @@ class Brakeman::Report

  #Escape warning message and highlight user input in text output
  def text_message warning, message
-    if warning.user_input
+    if @highlight_user_input and warning.user_input
      user_input = Brakeman::OutputProcessor.new.format(warning.user_input)
      message.gsub(user_input, "+#{user_input}+")
    else
@@ -502,7 +503,8 @@ class Brakeman::Report
  #Escape warning message and highlight user input in HTML output
  def html_message warning, message
    message = CGI.escapeHTML(message)
-    if warning.user_input
+
+    if @highlight_user_input and warning.user_input
      user_input = CGI.escapeHTML(Brakeman::OutputProcessor.new.format(warning.user_input))

      message.gsub!(user_input, "<span class=\"user_input\">#{user_input}</span>")