Add more explicit file info to checks

f79762ee · Justin Collins · 44283ebc · f79762ee · f79762ee · f79762ee
4 changed file
--- a/lib/brakeman/checks/check_basic_auth.rb
+++ b/lib/brakeman/checks/check_basic_auth.rb
@@ -25,7 +25,8 @@ class Brakeman::CheckBasicAuth < Brakeman::BaseCheck
              :warning_code => :basic_auth_password,
              :message => "Basic authentication password stored in source code",
              :code => call, 
-              :confidence => 0
+              :confidence => 0,
+              :file => controller[:file]

          break
        end

--- a/lib/brakeman/checks/check_forgery_setting.rb
+++ b/lib/brakeman/checks/check_forgery_setting.rb
@@ -19,7 +19,8 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
        :warning_type => "Cross-Site Request Forgery",
        :warning_code => :csrf_protection_disabled,
        :message => "Forgery protection is disabled", 
-        :confidence => CONFIDENCE[:high]
+        :confidence => CONFIDENCE[:high],
+        :file => app_controller[:file]

    elsif app_controller and not app_controller[:options][:protect_from_forgery]

@@ -27,7 +28,8 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
        :warning_type => "Cross-Site Request Forgery", 
        :warning_code => :csrf_protection_missing,
        :message => "'protect_from_forgery' should be called in ApplicationController", 
-        :confidence => CONFIDENCE[:high]
+        :confidence => CONFIDENCE[:high],
+        :file => app_controller[:file]

    elsif version_between? "2.1.0", "2.3.10"
      

--- a/lib/brakeman/checks/check_model_serialize.rb
+++ b/lib/brakeman/checks/check_model_serialize.rb
@@ -59,7 +59,8 @@ class Brakeman::CheckModelSerialize < Brakeman::BaseCheck
        :warning_code => :CVE_2013_0277,
        :message => "Serialized attributes are vulnerable in Rails #{tracker.config[:rails_version]}, upgrade to #{@upgrade_version} or patch.",
        :confidence => confidence,
-        :link => "https://groups.google.com/d/topic/rubyonrails-security/KtmwSbEpzrU/discussion"
+        :link => "https://groups.google.com/d/topic/rubyonrails-security/KtmwSbEpzrU/discussion",
+        :file => model[:file]
    end
  end
 end
--- a/lib/brakeman/checks/check_skip_before_filter.rb
+++ b/lib/brakeman/checks/check_skip_before_filter.rb
@@ -30,7 +30,9 @@ class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck
        :warning_code => :csrf_blacklist,
        :message => "Use whitelist (:only => [..]) when skipping CSRF check",
        :code => filter,
-        :confidence => CONFIDENCE[:med]
+        :confidence => CONFIDENCE[:med],
+        :file => controller[:file]
+
    when :login_required, :authenticate_user!, :require_user
      warn :controller => controller[:name],
        :warning_code => :auth_blacklist,
@@ -38,7 +40,8 @@ class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck
        :message => "Use whitelist (:only => [..]) when skipping authentication",
        :code => filter,
        :confidence => CONFIDENCE[:med],
-        :link => "authentication_whitelist"
+        :link => "authentication_whitelist",
+        :file => controller[:file]
    end
  end