diff --git a/bin/brakeman b/bin/brakeman index 6419928cfd9bb7e8db97a6f93b329b95af88f946..9300c9bb07c54e0b3742b1f4ba83bf57698bd0de 100755 --- a/bin/brakeman +++ b/bin/brakeman @@ -54,7 +54,8 @@ end if options[:previous_results_json] vulns = Brakeman.compare options.merge(:quiet => options[:quiet]) - puts JSON.pretty_generate(vulns) + puts MultiJson.dump(vulns, :pretty => true) + if options[:exit_on_warn] and (vulns[:new].count + vulns[:fixed].count > 0) exit Brakeman::Warnings_Found_Exit_Code end diff --git a/brakeman.gemspec b/brakeman.gemspec index 5356e6d10b1976323d5939d24745fdb747280f53..d32e7e00ce536ff1a7bf09196057d1006ea0adef 100644 --- a/brakeman.gemspec +++ b/brakeman.gemspec @@ -19,5 +19,5 @@ Gem::Specification.new do |s| s.add_dependency "erubis", "~>2.6" s.add_dependency "haml", "~>3.0" s.add_dependency "sass", "~>3.0" - s.add_dependency "json_pure" + s.add_dependency "multi_json" end diff --git a/lib/brakeman.rb b/lib/brakeman.rb index 50ddaef6ac853197d2eb2113fba71e0a6f433990..5b4be4df8454aaccd6fb3eaf1b34c23ff0f10338 100644 --- a/lib/brakeman.rb +++ b/lib/brakeman.rb @@ -316,19 +316,20 @@ module Brakeman # Compare JSON ouptut from a previous scan and return the diff of the two scans def self.compare options - require 'json' + require 'multi_json' require 'brakeman/differ' raise ArgumentError.new("Comparison file doesn't exist") unless File.exists? options[:previous_results_json] begin - previous_results = JSON.parse(File.read(options[:previous_results_json]), :symbolize_names =>true)[:warnings] - rescue JSON::ParserError + previous_results = MultiJson.load(File.read(options[:previous_results_json]), :symbolize_keys => true)[:warnings] + rescue MultiJson::DecodeError self.notify "Error parsing comparison file: #{options[:previous_results_json]}" exit! end tracker = run(options) - new_results = JSON.parse(tracker.report.to_json, :symbolize_names =>true)[:warnings] + + new_results = MultiJson.load(tracker.report.to_json, :symbolize_keys => true)[:warnings] Brakeman::Differ.new(new_results, previous_results).diff end diff --git a/lib/brakeman/report.rb b/lib/brakeman/report.rb index bfc7fb243430663559a6202b4f7c95c9ac7a7cff..409566ce1edcb1aeabdcc34a7ca8aa7b186d4231 100644 --- a/lib/brakeman/report.rb +++ b/lib/brakeman/report.rb @@ -6,6 +6,7 @@ require 'brakeman/util' require 'terminal-table' require 'highline/system_extensions' require "csv" +require 'multi_json' require 'brakeman/version' if CSV.const_defined? :Reader @@ -647,8 +648,6 @@ class Brakeman::Report end def to_json - require 'json' - errors = tracker.errors.map{|e| { :error => e[:error], :location => e[:backtrace][0] }} app_path = tracker.options[:app_path] @@ -672,11 +671,11 @@ class Brakeman::Report :brakeman_version => Brakeman::Version } - JSON.pretty_generate({ + MultiJson.dump({ :scan_info => scan_info, :warnings => warnings, :errors => errors - }) + }, :pretty => true) end def all_warnings diff --git a/lib/brakeman/warning.rb b/lib/brakeman/warning.rb index fcbf222722ba238cbfcf2d0d8c52e0a2c499fb04..086efa818d0467de08d8a4431c9e4dc00ab18128 100644 --- a/lib/brakeman/warning.rb +++ b/lib/brakeman/warning.rb @@ -1,3 +1,5 @@ +require 'multi_json' + #The Warning class stores information about warnings class Brakeman::Warning attr_reader :called_from, :check, :class, :confidence, :controller, @@ -177,8 +179,6 @@ class Brakeman::Warning end def to_json - require 'json' - - JSON.dump self.to_hash + MultiJson.dump self.to_hash end end diff --git a/test/tests/test_json_compare.rb b/test/tests/test_json_compare.rb index 6bc77769b82f51e2cc476f261c18b1c66fc8431d..77a92f61815899dda13cfa96e79f3a4f1973574d 100644 --- a/test/tests/test_json_compare.rb +++ b/test/tests/test_json_compare.rb @@ -6,7 +6,7 @@ class JSONCompareTests < Test::Unit::TestCase @json_path = File.join @path, "report.json" File.delete @json_path if File.exist? @json_path Brakeman.run :app_path => @path, :output_files => [@json_path] - @report = JSON.parse File.read(@json_path) + @report = MultiJson.load File.read(@json_path) end def update_json