class Brakeman::Report::HTML
Constants
- HTML_CONFIDENCE
Public Class Methods
new(*args)
click to toggle source
Calls superclass method
Brakeman::Report::Table::new
# File lib/brakeman/report/report_html.rb, line 9 def initialize *args super @element_id = 0 #Used for HTML ids end
Public Instance Methods
convert_ignored_warning(warning, original)
click to toggle source
# File lib/brakeman/report/report_html.rb, line 87 def convert_ignored_warning warning, original warning = convert_warning(warning, original) warning['File'] = original.file.relative warning['Note'] = CGI.escapeHTML(@ignore_filter.note_for(original) || "") warning end
convert_template_warning(warning, original)
click to toggle source
# File lib/brakeman/report/report_html.rb, line 80 def convert_template_warning warning, original warning = convert_warning warning, original warning["Called From"] = original.called_from warning["Template Name"] = original.template.name warning end
convert_warning(warning, original)
click to toggle source
# File lib/brakeman/report/report_html.rb, line 69 def convert_warning warning, original warning["Confidence"] = HTML_CONFIDENCE[original.confidence] warning["Message"] = with_context original, warning["Message"] warning["Warning Type"] = with_link original, warning["Warning Type"] warning end
generate_overview()
click to toggle source
# File lib/brakeman/report/report_html.rb, line 34 def generate_overview locals = { :tracker => tracker, :warnings => all_warnings.length, :warnings_summary => warnings_summary, :number_of_templates => number_of_templates(@tracker), :ignored_warnings => ignored_warnings.length } Brakeman::Report::Renderer.new('overview', :locals => locals).render end
generate_report()
click to toggle source
# File lib/brakeman/report/report_html.rb, line 15 def generate_report out = html_header << generate_overview << generate_warning_overview.to_s # Return early if only summarizing return out if tracker.options[:summary_only] out << generate_controllers.to_s if tracker.options[:report_routes] or tracker.options[:debug] out << generate_templates.to_s if tracker.options[:debug] out << generate_errors.to_s out << generate_warnings.to_s out << generate_controller_warnings.to_s out << generate_model_warnings.to_s out << generate_template_warnings.to_s out << generate_ignored_warnings.to_s out << "</body></html>" end
generate_templates()
click to toggle source
Generate listings of templates and their output
# File lib/brakeman/report/report_html.rb, line 47 def generate_templates out_processor = Brakeman::OutputProcessor.new template_rows = {} tracker.templates.each do |name, template| template.each_output do |out| out = CGI.escapeHTML(out_processor.format(out)) template_rows[name] ||= [] template_rows[name] << out.gsub("\n", ";").gsub(/\s+/, " ") end end template_rows = template_rows.sort_by{|name, value| name.to_s} Brakeman::Report::Renderer.new('template_overview', :locals => {:template_rows => template_rows}).render end
html_header()
click to toggle source
Return header for HTML
output. Uses CSS from tracker.options
# File lib/brakeman/report/report_html.rb, line 95 def html_header if File.exist? tracker.options[:html_style] css = File.read tracker.options[:html_style] else raise "Cannot find CSS stylesheet for HTML: #{tracker.options[:html_style]}" end locals = { :css => css, :tracker => tracker, :checks => checks, :rails_version => rails_version, :brakeman_version => Brakeman::Version } Brakeman::Report::Renderer.new('header', :locals => locals).render end
html_message(warning, message)
click to toggle source
Escape warning message and highlight user input in HTML
output
# File lib/brakeman/report/report_html.rb, line 187 def html_message warning, message message = message.to_html if warning.file if github_url = github_url(warning.file, warning.line) message << " <a href=\"#{github_url}\" target='_blank'>near line #{warning.line}</a>" elsif warning.line message << " near line #{warning.line}" end end if warning.code code = warning.format_with_user_input do |_, user_input| "[BMP_UI]#{user_input}[/BMP_UI]" end code = "<span class=\"code\">#{CGI.escapeHTML(code).gsub("[BMP_UI]", "<span class=\"user_input\">").gsub("[/BMP_UI]", "</span>")}</span>" full_message = "#{message}: #{code}" if warning.code.mass > 20 message_id = "message#@element_id" full_message_id = "full_message#@element_id" "<span id='#{message_id}' style='display:block'>#{message}: ...</span>" << "<span id='#{full_message_id}' style='display:none'>#{full_message}</span>" else full_message end else message end end
render_array(template, headings, value_array, locals)
click to toggle source
# File lib/brakeman/report/report_html.rb, line 63 def render_array template, headings, value_array, locals return if value_array.empty? Brakeman::Report::Renderer.new(template, :locals => locals).render end
with_context(warning, message)
click to toggle source
Generate HTML
for warnings, including context show/hidden via Javascript
# File lib/brakeman/report/report_html.rb, line 114 def with_context warning, message @element_id += 1 context = context_for(warning) message = html_message(warning, message) code_id = "context#@element_id" message_id = "message#@element_id" full_message_id = "full_message#@element_id" alt = false output = "<div class='warning_message' onClick=\"toggle('#{code_id}');toggle('#{message_id}');toggle('#{full_message_id}')\" >" << message << "<table id='#{code_id}' class='context' style='display:none'>" << "<caption>#{CGI.escapeHTML warning_file(warning) || ''}</caption>" output << <<-HTML <thead style='display:none'> <tr> <th>line number</th> <th>line content</th> </tr> </thead> <tbody> HTML unless context.empty? if warning.line - 1 == 1 or warning.line + 1 == 1 error = " near_error" elsif 1 == warning.line error = " error" else error = "" end output << <<-HTML <tr class='context first#{error}'> <td class='context_line'> <pre class='context'>#{context.first[0]}</pre> </td> <td class='context'> <pre class='context'>#{CGI.escapeHTML context.first[1].chomp}</pre> </td> </tr> HTML if context.length > 1 output << context[1..-1].map do |code| alt = !alt if code[0] == warning.line - 1 or code[0] == warning.line + 1 error = " near_error" elsif code[0] == warning.line error = " error" else error = "" end <<-HTML <tr class='context#{alt ? ' alt' : ''}#{error}'> <td class='context_line'> <pre class='context'>#{code[0]}</pre> </td> <td class='context'> <pre class='context'>#{CGI.escapeHTML code[1].chomp}</pre> </td> </tr> HTML end.join end end output << "</tbody></table></div>" end
with_link(warning, message)
click to toggle source
# File lib/brakeman/report/report_html.rb, line 76 def with_link warning, message "<a rel=\"noreferrer\" href=\"#{warning.link}\">#{message}</a>" end