Merge remote-tracking branch 'origin/relative_paths_by_default'

Conflicts:
	lib/brakeman.rb

lib/brakeman.rb

@@ -40,7 +40,7 @@ module Brakeman
   #  * :safe_methods - array of methods to consider safe
   #  * :skip_libs - do not process lib/ directory (default: false)
   #  * :skip_checks - checks not to run (run all if not specified)
-  #  * :relative_path - show relative path of each file(default: false)
+  #  * :absolute_paths - show absolute path of each file (default: false)
   #  * :summary_only - only output summary section of report
   #                    (does not apply to tabs format)
   #

lib/brakeman/options.rb

@@ -178,8 +178,8 @@ module Brakeman::Options
           options[:summary_only] = true
         end
 
-        opts.on "--relative-paths", "Output relative file paths in reports" do
-          options[:relative_paths] = true
+        opts.on "--absolute-paths", "Output absolute file paths in reports" do
+          options[:absolute_paths] = true
         end
 
         opts.on "-w",

lib/brakeman/report.rb

@@ -524,7 +524,7 @@ HEADER
       message
     end <<
     "<table id='#{code_id}' class='context' style='display:none'>" <<
-    "<caption>#{warning_file(warning, :relative) || ''}</caption>"
+    "<caption>#{warning_file(warning) || ''}</caption>"
 
     unless context.empty?
       if warning.line - 1 == 1 or warning.line + 1 == 1
@@ -587,7 +587,7 @@ HEADER
       checks.send(meth).map do |w|
         line = w.line || 0
         w.warning_type.gsub!(/[^\w\s]/, ' ')
-        "#{warning_file w}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
+        "#{warning_file(w, :absolute)}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
       end.join "\n"
 
     end.join "\n"
@@ -632,7 +632,7 @@ HEADER
       :timestamp => tracker.end_time.to_s,
       :duration => tracker.duration,
       :checks_performed => checks.checks_run.sort,
-      :number_of_controllers =>tracker.controllers.length,
+      :number_of_controllers => tracker.controllers.length,
       # ignore the "fake" model
       :number_of_models => tracker.models.length - 1,
       :number_of_templates => number_of_templates(@tracker),
@@ -657,13 +657,13 @@ HEADER
     Set.new(tracker.templates.map {|k,v| v[:name].to_s[/[^.]+/]}).length
   end
 
-  def warning_file warning, relative = false
+  def warning_file warning, absolute = @tracker.options[:absolute_paths]
     return nil if warning.file.nil?
 
-    if @tracker.options[:relative_paths] or relative
-      relative_path warning.file
-    else
+    if absolute
       warning.file
+    else
+      relative_path warning.file
     end
   end
 

test/tests/test_json_output.rb

@@ -28,4 +28,8 @@ class JSONOutputTests < Test::Unit::TestCase
   def test_for_errors
     assert @json["errors"].is_a? Array
   end
+
+  def test_paths
+    assert @json["warnings"].all? { |w| not w["file"].start_with? "/" }
+  end
 end

test/tests/test_rails_with_xss_plugin.rb

 abort "Please run using test/test.rb" unless defined? BrakemanTester
 
-RailsWithXssPlugin = BrakemanTester.run_scan "rails_with_xss_plugin", "RailsWithXssPlugin"
+RailsWithXssPlugin = BrakemanTester.run_scan "rails_with_xss_plugin", "RailsWithXssPlugin", :absolute_paths => true
 
 class RailsWithXssPluginTests < Test::Unit::TestCase
   include BrakemanTester::FindWarning
@@ -284,6 +284,10 @@ class RailsWithXssPluginTests < Test::Unit::TestCase
       :file => /session_store\.rb/
   end
 
+  def test_absolute_paths
+    assert report[:warnings].all? { |w| w.file.start_with? "/" }
+  end
+
   def test_sql_injection_CVE_2013_0155
     assert_warning :type => :warning,
       :warning_type => "SQL Injection",