Class: ActiveRecordSaferQuery::Cli

Inherits:
Object
  • Object
show all
Defined in:
lib/active_record_safer_query/checker.rb

Constant Summary collapse

DEFAULT_FORMAT = 
'text'
DEFAULT_FAIL_LEVEL = 
'LOW'

Class Method Summary collapse

Class Method Details

.emit(findings, options, out) ⇒ Object 



364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
 
# File 'lib/active_record_safer_query/checker.rb', line 364

def self.emit(findings, options, out)
  if options[:format] == 'json'
    out.puts JSON.pretty_generate(findings.map(&:to_h))
    return
  end

  if findings.empty?
    out.puts '[activerecord-safer-query] no findings'
    return
  end

  out.puts "[activerecord-safer-query] #{findings.size} findings"
  findings.each do |finding|
    out.puts "#{finding.path}:#{finding.line}: #{finding.severity} #{finding.rule}: #{finding.message}"
    out.puts "  #{finding.source}" unless finding.source.empty?
  end
end

.run(argv = ARGV, out: $stdout, err: $stderr) ⇒ Object 



320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
 
# File 'lib/active_record_safer_query/checker.rb', line 320

def self.run(argv = ARGV, out: $stdout, err: $stderr)
  options = {
    format: DEFAULT_FORMAT,
    fail_level: DEFAULT_FAIL_LEVEL,
    root: Dir.pwd
  }

  parser = OptionParser.new do |opts|
    opts.banner = 'Usage: activerecord-safer-query [options] [paths...]'
    opts.separator ''
    opts.separator 'Detect class-level ActiveRecord lookups that may bypass tenant/user scopes.'
    opts.separator ''
    opts.on('--root PATH', 'Target repository root. Default: current directory') { |value| options[:root] = value }
    opts.on('--format FORMAT', 'text or json') { |value| options[:format] = value }
    opts.on('--fail-level LEVEL', 'LOW, MEDIUM, or HIGH. Default: LOW') { |value| options[:fail_level] = value.upcase }
    opts.on('-h', '--help', 'Show this help') do
      out.puts opts
      return 0
    end
  end

  paths = parser.parse(argv)
  validate_options!(options)

  findings = Checker.new(paths: paths, root: options[:root]).findings
  emit(findings, options, out)

  findings.any? { |finding| finding.fail_at?(options[:fail_level]) } ? 1 : 0
rescue OptionParser::ParseError, ArgumentError => e
  err.puts "[activerecord-safer-query] #{e.message}"
  err.puts parser
  2
end

.validate_options!(options) ⇒ Object 



354
355
356
357
358
359
360
361
362
 
# File 'lib/active_record_safer_query/checker.rb', line 354

def self.validate_options!(options)
  unless %w[text json].include?(options[:format])
    raise ArgumentError, "--format must be text or json: #{options[:format]}"
  end

  unless Checker::SEVERITY_RANK.key?(options[:fail_level])
    raise ArgumentError, "--fail-level must be LOW, MEDIUM, or HIGH: #{options[:fail_level]}"
  end
end