From 8ef1846cd4ed026562a6f3512696bd13fb789cb6 Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Thu, 19 Apr 2012 14:27:48 -0700
Subject: [PATCH] Add option to turn off user input highlighting

---
 lib/brakeman.rb         | 2 ++
 lib/brakeman/options.rb | 4 ++++
 lib/brakeman/report.rb  | 6 ++++--
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/brakeman.rb b/lib/brakeman.rb
index 86d750ab..8a92d4bf 100644
--- a/lib/brakeman.rb
+++ b/lib/brakeman.rb
@@ -23,6 +23,7 @@ module Brakeman
   #  * :config_file - configuration file
   #  * :escape_html - escape HTML by default (automatic)
   #  * :exit_on_warn - return false if warnings found, true otherwise. Not recommended for library use (default: false)
+  #  * :highlight_user_input - highlight user input in reported warnings (default: true)
   #  * :html_style - path to CSS file
   #  * :ignore_model_output - consider models safe (default: false)
   #  * :message_limit - limit length of messages
@@ -113,6 +114,7 @@ module Brakeman
       :min_confidence => 2,
       :combine_locations => true,
       :collapse_mass_assignment => true,
+      :highlight_user_input => true,
       :ignore_redirect_to_model => true,
       :ignore_model_output => false,
       :message_limit => 100,
diff --git a/lib/brakeman/options.rb b/lib/brakeman/options.rb
index 0e289866..96058548 100644
--- a/lib/brakeman/options.rb
+++ b/lib/brakeman/options.rb
@@ -144,6 +144,10 @@ module Brakeman::Options
           options[:combine_locations] = combine
         end
 
+        opts.on "--[no-]highlights", "Highlight user input in report" do |highlight|
+          options[:highlight_user_input] = highlight
+        end
+
         opts.on "-m", "--routes", "Report controller information" do
           options[:report_routes] = true
         end
diff --git a/lib/brakeman/report.rb b/lib/brakeman/report.rb
index 6ccd5246..8bb25eab 100644
--- a/lib/brakeman/report.rb
+++ b/lib/brakeman/report.rb
@@ -34,6 +34,7 @@ class Brakeman::Report
     @checks = tracker.checks
     @element_id = 0 #Used for HTML ids
     @warnings_summary = nil
+    @highlight_user_input = tracker.options[:highlight_user_input]
   end
 
   #Generate summary table of what was parsed
@@ -491,7 +492,7 @@ class Brakeman::Report
 
   #Escape warning message and highlight user input in text output
   def text_message warning, message
-    if warning.user_input
+    if @highlight_user_input and warning.user_input
       user_input = Brakeman::OutputProcessor.new.format(warning.user_input)
       message.gsub(user_input, "+#{user_input}+")
     else
@@ -502,7 +503,8 @@ class Brakeman::Report
   #Escape warning message and highlight user input in HTML output
   def html_message warning, message
     message = CGI.escapeHTML(message)
-    if warning.user_input
+
+    if @highlight_user_input and warning.user_input
       user_input = CGI.escapeHTML(Brakeman::OutputProcessor.new.format(warning.user_input))
 
       message.gsub!(user_input, "<span class=\"user_input\">#{user_input}</span>")
-- 
GitLab