Skip to content

B
brakeman

社会瑞弟呀 / brakeman

通知 1
Star 0
Fork 0
B
brakeman

体验新版 GitCode,发现更多精彩内容 >>

提交 8ef1846c 编写于 作者: J Justin Collins
浏览文件
操作

Add option to turn off user input highlighting

上级 b42ccb85
隐藏空白更改
内联 并排
Showing with 10 addition and 2 deletion
lib/brakeman.rb
浏览文件 @ 8ef1846c
...@@ -23,6 +23,7 @@ module Brakeman ...@@ -23,6 +23,7 @@ module Brakeman
# * :config_file - configuration file # * :config_file - configuration file
# * :escape_html - escape HTML by default (automatic) # * :escape_html - escape HTML by default (automatic)
# * :exit_on_warn - return false if warnings found, true otherwise. Not recommended for library use (default: false) # * :exit_on_warn - return false if warnings found, true otherwise. Not recommended for library use (default: false)
# * :highlight_user_input - highlight user input in reported warnings (default: true)
# * :html_style - path to CSS file # * :html_style - path to CSS file
# * :ignore_model_output - consider models safe (default: false) # * :ignore_model_output - consider models safe (default: false)
# * :message_limit - limit length of messages # * :message_limit - limit length of messages
...@@ -113,6 +114,7 @@ module Brakeman ...@@ -113,6 +114,7 @@ module Brakeman
:min_confidence => 2, :min_confidence => 2,
:combine_locations => true, :combine_locations => true,
:collapse_mass_assignment => true, :collapse_mass_assignment => true,
:highlight_user_input => true,
:ignore_redirect_to_model => true, :ignore_redirect_to_model => true,
:ignore_model_output => false, :ignore_model_output => false,
:message_limit => 100, :message_limit => 100,
......
lib/brakeman/options.rb
浏览文件 @ 8ef1846c
...@@ -144,6 +144,10 @@ module Brakeman::Options ...@@ -144,6 +144,10 @@ module Brakeman::Options
options[:combine_locations] = combine options[:combine_locations] = combine
end end
opts.on "--[no-]highlights", "Highlight user input in report" do |highlight|
options[:highlight_user_input] = highlight
end
opts.on "-m", "--routes", "Report controller information" do opts.on "-m", "--routes", "Report controller information" do
options[:report_routes] = true options[:report_routes] = true
end end
......
lib/brakeman/report.rb
浏览文件 @ 8ef1846c
...@@ -34,6 +34,7 @@ class Brakeman::Report ...@@ -34,6 +34,7 @@ class Brakeman::Report
@checks = tracker.checks @checks = tracker.checks
@element_id = 0 #Used for HTML ids @element_id = 0 #Used for HTML ids
@warnings_summary = nil @warnings_summary = nil
@highlight_user_input = tracker.options[:highlight_user_input]
end end
#Generate summary table of what was parsed #Generate summary table of what was parsed
...@@ -491,7 +492,7 @@ class Brakeman::Report ...@@ -491,7 +492,7 @@ class Brakeman::Report
#Escape warning message and highlight user input in text output #Escape warning message and highlight user input in text output
def text_message warning, message def text_message warning, message
if warning.user_input if @highlight_user_input and warning.user_input
user_input = Brakeman::OutputProcessor.new.format(warning.user_input) user_input = Brakeman::OutputProcessor.new.format(warning.user_input)
message.gsub(user_input, "+#{user_input}+") message.gsub(user_input, "+#{user_input}+")
else else
...@@ -502,7 +503,8 @@ class Brakeman::Report ...@@ -502,7 +503,8 @@ class Brakeman::Report
#Escape warning message and highlight user input in HTML output #Escape warning message and highlight user input in HTML output
def html_message warning, message def html_message warning, message
message = CGI.escapeHTML(message) message = CGI.escapeHTML(message)
if warning.user_input
if @highlight_user_input and warning.user_input
user_input = CGI.escapeHTML(Brakeman::OutputProcessor.new.format(warning.user_input)) user_input = CGI.escapeHTML(Brakeman::OutputProcessor.new.format(warning.user_input))
message.gsub!(user_input, "<span class=\"user_input\">#{user_input}</span>") message.gsub!(user_input, "<span class=\"user_input\">#{user_input}</span>")
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册