Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
社会瑞弟呀
brakeman
提交
8ef1846c
B
brakeman
项目概览
社会瑞弟呀
/
brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
8ef1846c
编写于
4月 19, 2012
作者:
J
Justin Collins
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add option to turn off user input highlighting
上级
b42ccb85
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
10 addition
and
2 deletion
+10
-2
lib/brakeman.rb
lib/brakeman.rb
+2
-0
lib/brakeman/options.rb
lib/brakeman/options.rb
+4
-0
lib/brakeman/report.rb
lib/brakeman/report.rb
+4
-2
未找到文件。
lib/brakeman.rb
浏览文件 @
8ef1846c
...
@@ -23,6 +23,7 @@ module Brakeman
...
@@ -23,6 +23,7 @@ module Brakeman
# * :config_file - configuration file
# * :config_file - configuration file
# * :escape_html - escape HTML by default (automatic)
# * :escape_html - escape HTML by default (automatic)
# * :exit_on_warn - return false if warnings found, true otherwise. Not recommended for library use (default: false)
# * :exit_on_warn - return false if warnings found, true otherwise. Not recommended for library use (default: false)
# * :highlight_user_input - highlight user input in reported warnings (default: true)
# * :html_style - path to CSS file
# * :html_style - path to CSS file
# * :ignore_model_output - consider models safe (default: false)
# * :ignore_model_output - consider models safe (default: false)
# * :message_limit - limit length of messages
# * :message_limit - limit length of messages
...
@@ -113,6 +114,7 @@ module Brakeman
...
@@ -113,6 +114,7 @@ module Brakeman
:min_confidence
=>
2
,
:min_confidence
=>
2
,
:combine_locations
=>
true
,
:combine_locations
=>
true
,
:collapse_mass_assignment
=>
true
,
:collapse_mass_assignment
=>
true
,
:highlight_user_input
=>
true
,
:ignore_redirect_to_model
=>
true
,
:ignore_redirect_to_model
=>
true
,
:ignore_model_output
=>
false
,
:ignore_model_output
=>
false
,
:message_limit
=>
100
,
:message_limit
=>
100
,
...
...
lib/brakeman/options.rb
浏览文件 @
8ef1846c
...
@@ -144,6 +144,10 @@ module Brakeman::Options
...
@@ -144,6 +144,10 @@ module Brakeman::Options
options
[
:combine_locations
]
=
combine
options
[
:combine_locations
]
=
combine
end
end
opts
.
on
"--[no-]highlights"
,
"Highlight user input in report"
do
|
highlight
|
options
[
:highlight_user_input
]
=
highlight
end
opts
.
on
"-m"
,
"--routes"
,
"Report controller information"
do
opts
.
on
"-m"
,
"--routes"
,
"Report controller information"
do
options
[
:report_routes
]
=
true
options
[
:report_routes
]
=
true
end
end
...
...
lib/brakeman/report.rb
浏览文件 @
8ef1846c
...
@@ -34,6 +34,7 @@ class Brakeman::Report
...
@@ -34,6 +34,7 @@ class Brakeman::Report
@checks
=
tracker
.
checks
@checks
=
tracker
.
checks
@element_id
=
0
#Used for HTML ids
@element_id
=
0
#Used for HTML ids
@warnings_summary
=
nil
@warnings_summary
=
nil
@highlight_user_input
=
tracker
.
options
[
:highlight_user_input
]
end
end
#Generate summary table of what was parsed
#Generate summary table of what was parsed
...
@@ -491,7 +492,7 @@ class Brakeman::Report
...
@@ -491,7 +492,7 @@ class Brakeman::Report
#Escape warning message and highlight user input in text output
#Escape warning message and highlight user input in text output
def
text_message
warning
,
message
def
text_message
warning
,
message
if
warning
.
user_input
if
@highlight_user_input
and
warning
.
user_input
user_input
=
Brakeman
::
OutputProcessor
.
new
.
format
(
warning
.
user_input
)
user_input
=
Brakeman
::
OutputProcessor
.
new
.
format
(
warning
.
user_input
)
message
.
gsub
(
user_input
,
"+
#{
user_input
}
+"
)
message
.
gsub
(
user_input
,
"+
#{
user_input
}
+"
)
else
else
...
@@ -502,7 +503,8 @@ class Brakeman::Report
...
@@ -502,7 +503,8 @@ class Brakeman::Report
#Escape warning message and highlight user input in HTML output
#Escape warning message and highlight user input in HTML output
def
html_message
warning
,
message
def
html_message
warning
,
message
message
=
CGI
.
escapeHTML
(
message
)
message
=
CGI
.
escapeHTML
(
message
)
if
warning
.
user_input
if
@highlight_user_input
and
warning
.
user_input
user_input
=
CGI
.
escapeHTML
(
Brakeman
::
OutputProcessor
.
new
.
format
(
warning
.
user_input
))
user_input
=
CGI
.
escapeHTML
(
Brakeman
::
OutputProcessor
.
new
.
format
(
warning
.
user_input
))
message
.
gsub!
(
user_input
,
"<span class=
\"
user_input
\"
>
#{
user_input
}
</span>"
)
message
.
gsub!
(
user_input
,
"<span class=
\"
user_input
\"
>
#{
user_input
}
</span>"
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录