From ebba5cd2db83433b2c9771c2450e764d01d265d9 Mon Sep 17 00:00:00 2001 From: Justin Collins Date: Mon, 15 Oct 2012 12:03:55 -0700 Subject: [PATCH] Use multi_json instead of json gem closes #164 --- bin/brakeman | 3 ++- brakeman.gemspec | 2 +- lib/brakeman.rb | 9 +++++---- lib/brakeman/report.rb | 7 +++---- lib/brakeman/warning.rb | 6 +++--- test/tests/test_json_compare.rb | 2 +- 6 files changed, 15 insertions(+), 14 deletions(-) diff --git a/bin/brakeman b/bin/brakeman index 6419928c..9300c9bb 100755 --- a/bin/brakeman +++ b/bin/brakeman @@ -54,7 +54,8 @@ end if options[:previous_results_json] vulns = Brakeman.compare options.merge(:quiet => options[:quiet]) - puts JSON.pretty_generate(vulns) + puts MultiJson.dump(vulns, :pretty => true) + if options[:exit_on_warn] and (vulns[:new].count + vulns[:fixed].count > 0) exit Brakeman::Warnings_Found_Exit_Code end diff --git a/brakeman.gemspec b/brakeman.gemspec index 5356e6d1..d32e7e00 100644 --- a/brakeman.gemspec +++ b/brakeman.gemspec @@ -19,5 +19,5 @@ Gem::Specification.new do |s| s.add_dependency "erubis", "~>2.6" s.add_dependency "haml", "~>3.0" s.add_dependency "sass", "~>3.0" - s.add_dependency "json_pure" + s.add_dependency "multi_json" end diff --git a/lib/brakeman.rb b/lib/brakeman.rb index 50ddaef6..5b4be4df 100644 --- a/lib/brakeman.rb +++ b/lib/brakeman.rb @@ -316,19 +316,20 @@ module Brakeman # Compare JSON ouptut from a previous scan and return the diff of the two scans def self.compare options - require 'json' + require 'multi_json' require 'brakeman/differ' raise ArgumentError.new("Comparison file doesn't exist") unless File.exists? options[:previous_results_json] begin - previous_results = JSON.parse(File.read(options[:previous_results_json]), :symbolize_names =>true)[:warnings] - rescue JSON::ParserError + previous_results = MultiJson.load(File.read(options[:previous_results_json]), :symbolize_keys => true)[:warnings] + rescue MultiJson::DecodeError self.notify "Error parsing comparison file: #{options[:previous_results_json]}" exit! end tracker = run(options) - new_results = JSON.parse(tracker.report.to_json, :symbolize_names =>true)[:warnings] + + new_results = MultiJson.load(tracker.report.to_json, :symbolize_keys => true)[:warnings] Brakeman::Differ.new(new_results, previous_results).diff end diff --git a/lib/brakeman/report.rb b/lib/brakeman/report.rb index bfc7fb24..409566ce 100644 --- a/lib/brakeman/report.rb +++ b/lib/brakeman/report.rb @@ -6,6 +6,7 @@ require 'brakeman/util' require 'terminal-table' require 'highline/system_extensions' require "csv" +require 'multi_json' require 'brakeman/version' if CSV.const_defined? :Reader @@ -647,8 +648,6 @@ class Brakeman::Report end def to_json - require 'json' - errors = tracker.errors.map{|e| { :error => e[:error], :location => e[:backtrace][0] }} app_path = tracker.options[:app_path] @@ -672,11 +671,11 @@ class Brakeman::Report :brakeman_version => Brakeman::Version } - JSON.pretty_generate({ + MultiJson.dump({ :scan_info => scan_info, :warnings => warnings, :errors => errors - }) + }, :pretty => true) end def all_warnings diff --git a/lib/brakeman/warning.rb b/lib/brakeman/warning.rb index fcbf2227..086efa81 100644 --- a/lib/brakeman/warning.rb +++ b/lib/brakeman/warning.rb @@ -1,3 +1,5 @@ +require 'multi_json' + #The Warning class stores information about warnings class Brakeman::Warning attr_reader :called_from, :check, :class, :confidence, :controller, @@ -177,8 +179,6 @@ class Brakeman::Warning end def to_json - require 'json' - - JSON.dump self.to_hash + MultiJson.dump self.to_hash end end diff --git a/test/tests/test_json_compare.rb b/test/tests/test_json_compare.rb index 6bc77769..77a92f61 100644 --- a/test/tests/test_json_compare.rb +++ b/test/tests/test_json_compare.rb @@ -6,7 +6,7 @@ class JSONCompareTests < Test::Unit::TestCase @json_path = File.join @path, "report.json" File.delete @json_path if File.exist? @json_path Brakeman.run :app_path => @path, :output_files => [@json_path] - @report = JSON.parse File.read(@json_path) + @report = MultiJson.load File.read(@json_path) end def update_json -- GitLab