Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
社会瑞弟呀
brakeman
提交
d8bb8110
B
brakeman
项目概览
社会瑞弟呀
/
brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
d8bb8110
编写于
5月 08, 2013
作者:
J
Justin Collins
浏览文件
操作
浏览文件
下载
差异文件
Merge remote-tracking branch 'origin/relative_paths_by_default'
Conflicts: lib/brakeman.rb
上级
8e8e6072
973a4c11
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
19 addition
and
11 deletion
+19
-11
lib/brakeman.rb
lib/brakeman.rb
+1
-1
lib/brakeman/options.rb
lib/brakeman/options.rb
+2
-2
lib/brakeman/report.rb
lib/brakeman/report.rb
+7
-7
test/tests/test_json_output.rb
test/tests/test_json_output.rb
+4
-0
test/tests/test_rails_with_xss_plugin.rb
test/tests/test_rails_with_xss_plugin.rb
+5
-1
未找到文件。
lib/brakeman.rb
浏览文件 @
d8bb8110
...
...
@@ -40,7 +40,7 @@ module Brakeman
# * :safe_methods - array of methods to consider safe
# * :skip_libs - do not process lib/ directory (default: false)
# * :skip_checks - checks not to run (run all if not specified)
# * :
relative_path - show relative path of each file
(default: false)
# * :
absolute_paths - show absolute path of each file
(default: false)
# * :summary_only - only output summary section of report
# (does not apply to tabs format)
#
...
...
lib/brakeman/options.rb
浏览文件 @
d8bb8110
...
...
@@ -178,8 +178,8 @@ module Brakeman::Options
options
[
:summary_only
]
=
true
end
opts
.
on
"--
relative-paths"
,
"Output relativ
e file paths in reports"
do
options
[
:
relativ
e_paths
]
=
true
opts
.
on
"--
absolute-paths"
,
"Output absolut
e file paths in reports"
do
options
[
:
absolut
e_paths
]
=
true
end
opts
.
on
"-w"
,
...
...
lib/brakeman/report.rb
浏览文件 @
d8bb8110
...
...
@@ -524,7 +524,7 @@ HEADER
message
end
<<
"<table id='
#{
code_id
}
' class='context' style='display:none'>"
<<
"<caption>
#{
warning_file
(
warning
,
:relative
)
||
''
}
</caption>"
"<caption>
#{
warning_file
(
warning
)
||
''
}
</caption>"
unless
context
.
empty?
if
warning
.
line
-
1
==
1
or
warning
.
line
+
1
==
1
...
...
@@ -587,7 +587,7 @@ HEADER
checks
.
send
(
meth
).
map
do
|
w
|
line
=
w
.
line
||
0
w
.
warning_type
.
gsub!
(
/[^\w\s]/
,
' '
)
"
#{
warning_file
w
}
\t
#{
line
}
\t
#{
w
.
warning_type
}
\t
#{
category
}
\t
#{
w
.
format_message
}
\t
#{
TEXT_CONFIDENCE
[
w
.
confidence
]
}
"
"
#{
warning_file
(
w
,
:absolute
)
}
\t
#{
line
}
\t
#{
w
.
warning_type
}
\t
#{
category
}
\t
#{
w
.
format_message
}
\t
#{
TEXT_CONFIDENCE
[
w
.
confidence
]
}
"
end
.
join
"
\n
"
end
.
join
"
\n
"
...
...
@@ -632,7 +632,7 @@ HEADER
:timestamp
=>
tracker
.
end_time
.
to_s
,
:duration
=>
tracker
.
duration
,
:checks_performed
=>
checks
.
checks_run
.
sort
,
:number_of_controllers
=>
tracker
.
controllers
.
length
,
:number_of_controllers
=>
tracker
.
controllers
.
length
,
# ignore the "fake" model
:number_of_models
=>
tracker
.
models
.
length
-
1
,
:number_of_templates
=>
number_of_templates
(
@tracker
),
...
...
@@ -657,13 +657,13 @@ HEADER
Set
.
new
(
tracker
.
templates
.
map
{
|
k
,
v
|
v
[
:name
].
to_s
[
/[^.]+/
]}).
length
end
def
warning_file
warning
,
relative
=
false
def
warning_file
warning
,
absolute
=
@tracker
.
options
[
:absolute_paths
]
return
nil
if
warning
.
file
.
nil?
if
@tracker
.
options
[
:relative_paths
]
or
relative
relative_path
warning
.
file
else
if
absolute
warning
.
file
else
relative_path
warning
.
file
end
end
...
...
test/tests/test_json_output.rb
浏览文件 @
d8bb8110
...
...
@@ -28,4 +28,8 @@ class JSONOutputTests < Test::Unit::TestCase
def
test_for_errors
assert
@json
[
"errors"
].
is_a?
Array
end
def
test_paths
assert
@json
[
"warnings"
].
all?
{
|
w
|
not
w
[
"file"
].
start_with?
"/"
}
end
end
test/tests/test_rails_with_xss_plugin.rb
浏览文件 @
d8bb8110
abort
"Please run using test/test.rb"
unless
defined?
BrakemanTester
RailsWithXssPlugin
=
BrakemanTester
.
run_scan
"rails_with_xss_plugin"
,
"RailsWithXssPlugin"
RailsWithXssPlugin
=
BrakemanTester
.
run_scan
"rails_with_xss_plugin"
,
"RailsWithXssPlugin"
,
:absolute_paths
=>
true
class
RailsWithXssPluginTests
<
Test
::
Unit
::
TestCase
include
BrakemanTester
::
FindWarning
...
...
@@ -284,6 +284,10 @@ class RailsWithXssPluginTests < Test::Unit::TestCase
:file
=>
/session_store\.rb/
end
def
test_absolute_paths
assert
report
[
:warnings
].
all?
{
|
w
|
w
.
file
.
start_with?
"/"
}
end
def
test_sql_injection_CVE_2013_0155
assert_warning
:type
=>
:warning
,
:warning_type
=>
"SQL Injection"
,
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录