Add tests for ignored warnings

b3eb0845 · Justin Collins · 36670f57 · b3eb0845 · b3eb0845 · b3eb0845
3 changed file
--- a/test/apps/rails2/app/views/other/ignore_me.html.erb
+++ b/test/apps/rails2/app/views/other/ignore_me.html.erb
+Going to ignore the warning below
+<%= User.first(:conditions => "x = #{params[:x]}").bio %>
--- a/test/apps/rails2/config/brakeman.ignore
+++ b/test/apps/rails2/config/brakeman.ignore
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "Cross Site Scripting",
+      "warning_code": 2,
+      "fingerprint": "6300805e44167e6c3446efbd06b97206928855a2bfc6e1f3e61c097795956b13",
+      "message": "Unescaped model attribute",
+      "file": "app/views/other/ignore_me.html.erb",
+      "line": 2,
+      "link": "http://brakemanscanner.org/docs/warning_types/cross_site_scripting",
+      "code": "User.first(:conditions => (\"x = #{params[:x]}\")).bio",
+      "render_path": null,
+      "location": {
+        "type": "template",
+        "template": "other/ignore_me"
+      },
+      "user_input": null,
+      "confidence": "High",
+      "note": ""
+    },
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "f2fa1da45eea252150f6920454822bda3ed5c83a2c376c1296a98037969dd45f",
+      "message": "Possible SQL injection",
+      "file": "app/views/other/ignore_me.html.erb",
+      "line": 2,
+      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "User.first(:conditions => (\"x = #{params[:x]}\"))",
+      "render_path": null,
+      "location": {
+        "type": "template",
+        "template": "other/ignore_me"
+      },
+      "user_input": "params[:x]",
+      "confidence": "High",
+      "note": "Ignoring for testing"
+    }
+  ],
+  "updated": "2013-07-12 16:58:59 -0700",
+  "brakeman_version": "2.0.0"
+}
--- a/test/tests/rails2.rb
+++ b/test/tests/rails2.rb
@@ -1195,6 +1195,27 @@ class Rails2Tests < Test::Unit::TestCase
      :relative_path => "app/controllers/other_controller.rb"
  end

+  def test_ignored_sql_warning
+    assert_no_warning :type => :template,
+      :warning_code => 0,
+      :fingerprint => "f2fa1da45eea252150f6920454822bda3ed5c83a2c376c1296a98037969dd45f",
+      :warning_type => "SQL Injection",
+      :line => 2,
+      :message => /^Possible\ SQL\ injection/,
+      :confidence => 0,
+      :relative_path => "app/views/other/ignore_me.html.erb"
+  end
+
+  def test_ignored_xss_warning
+    assert_no_warning :type => :template,
+      :warning_code => 2,
+      :fingerprint => "6300805e44167e6c3446efbd06b97206928855a2bfc6e1f3e61c097795956b13",
+      :warning_type => "Cross Site Scripting",
+      :line => 2,
+      :message => /^Unescaped\ model\ attribute/,
+      :confidence => 0,
+      :relative_path => "app/views/other/ignore_me.html.erb"
+  end
 end

 Rails2WithOptions = BrakemanTester.run_scan "rails2", "Rails 2", :collapse_mass_assignment => false