class Pronto::Brakeman

Public Instance Methods

erb_file?(path) click to toggle source
# File lib/pronto/brakeman.rb, line 78
def erb_file?(path)
  File.extname(path) == '.erb'
end
erb_patches() click to toggle source
# File lib/pronto/brakeman.rb, line 73
def erb_patches
  @erb_patches ||= Array(@patches).select { |patch| patch.additions > 0 }
                                  .select { |patch| erb_file?(patch.new_file_full_path) }
end
ignore_file() click to toggle source
# File lib/pronto/brakeman.rb, line 65
def ignore_file
  pronto_brakeman_config['ignore_file']
end
messages_for(code_patches, output) click to toggle source
# File lib/pronto/brakeman.rb, line 24
def messages_for(code_patches, output)
  output.filtered_warnings.map do |warning|
    patch = patch_for_warning(code_patches, warning)

    next unless patch
    line = patch.added_lines.find do |added_line|
      added_line.new_lineno == warning.line
    end

    new_message(line, warning) if line
  end
end
new_message(line, warning) click to toggle source
# File lib/pronto/brakeman.rb, line 37
def new_message(line, warning)
  Message.new(line.patch.delta.new_file[:path], line,
              severity_for_confidence(warning.confidence),
              "Possible security vulnerability: [#{warning.message}](#{warning.link})",
              nil, self.class)
end
patch_for_warning(code_patches, warning) click to toggle source
# File lib/pronto/brakeman.rb, line 55
def patch_for_warning(code_patches, warning)
  code_patches.find do |patch|
    patch.new_file_full_path.to_s == warning.file.absolute
  end
end
pronto_brakeman_config() click to toggle source
# File lib/pronto/brakeman.rb, line 69
def pronto_brakeman_config
  pronto_brakeman_config ||= Pronto::ConfigFile.new.to_h['brakeman'] || {}
end
run() click to toggle source
# File lib/pronto/brakeman.rb, line 6
def run
  patches = ruby_patches | erb_patches
  files = patches.map do |patch|
    patch.new_file_full_path.relative_path_from(repo_path).to_s
  end.sort

  return [] unless files.any?

  output = ::Brakeman.run(app_path: repo_path,
                          output_formats: [:to_s],
                          only_files: files,
                          run_all_checks: run_all_checks?,
                          ignore_file: ignore_file)
   messages_for(patches, output).compact
rescue ::Brakeman::NoApplication
  []
end
run_all_checks?() click to toggle source
# File lib/pronto/brakeman.rb, line 61
def run_all_checks?
  pronto_brakeman_config['run_all_checks']
end
severity_for_confidence(confidence_level) click to toggle source
# File lib/pronto/brakeman.rb, line 44
def severity_for_confidence(confidence_level)
  case confidence_level
  when 0 # Brakeman High confidence
    :fatal
  when 1 # Brakeman Medium confidence
    :warning
  else # Brakeman Low confidence (and other possibilities)
    :info
  end
end