Class: Brakeman::Report::SARIF
- Inherits:
-
Base
- Object
- Base
- Brakeman::Report::SARIF
show all
- Defined in:
- lib/brakeman/report/report_sarif.rb
Constant Summary
Constants included
from Util
Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS
Instance Attribute Summary
Attributes inherited from Base
#checks, #tracker
Instance Method Summary
collapse
Methods inherited from Base
#absolute_paths?, #all_warnings, #context_for, #controller_information, #controller_warnings, #filter_warnings, #generic_warnings, #github_url, #ignored_warnings, #initialize, #model_warnings, #number_of_templates, #rails_version, #template_warnings, #warning_file, #warnings_summary
Methods included from Util
#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore
Instance Method Details
#check_descriptions ⇒ Object
Returns a hash of all check descriptions, keyed by check name
97
98
99
100
101
|
# File 'lib/brakeman/report/report_sarif.rb', line 97
def check_descriptions
@check_descriptions ||= Brakeman::Checks.checks.map do |check|
[check.name.gsub(/^Check/, ''), check.description]
end.to_h
end
|
#generate_report ⇒ Object
2
3
4
5
6
7
8
9
|
# File 'lib/brakeman/report/report_sarif.rb', line 2
def generate_report
sarif_log = {
:version => '2.1.0',
:$schema => 'https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json',
:runs => runs,
}
JSON.pretty_generate sarif_log
end
|
#infer_level(warning) ⇒ Object
124
125
126
127
128
129
130
131
132
|
# File 'lib/brakeman/report/report_sarif.rb', line 124
def infer_level warning
@@levels_from_confidence ||= Hash.new('warning').update({
0 => 'error', 1 => 'warning', 2 => 'note', })
@@levels_from_confidence[warning.confidence]
end
|
#render_id(warning) ⇒ Object
108
109
110
111
|
# File 'lib/brakeman/report/report_sarif.rb', line 108
def render_id warning
"BRAKE#{'%04d' % warning.warning_code}" end
|
#render_message(message) ⇒ Object
113
114
115
116
117
118
119
120
121
122
|
# File 'lib/brakeman/report/report_sarif.rb', line 113
def render_message message
return message if message.nil?
if message.end_with? "."
message
else
"#{message}."
end
end
|
#results ⇒ Object
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
# File 'lib/brakeman/report/report_sarif.rb', line 50
def results
@results ||= tracker.checks.all_warnings.map do |warning|
rule_id = render_id warning
result_level = infer_level warning
message_text = render_message warning.message.to_s
result = {
:ruleId => rule_id,
:ruleIndex => rules.index { |r| r[:id] == rule_id },
:level => result_level,
:message => {
:text => message_text,
},
:locations => [
:physicalLocation => {
:artifactLocation => {
:uri => warning.file.relative,
:uriBaseId => '%SRCROOT%',
},
:region => {
:startLine => warning.line.is_a?(Integer) ? warning.line : 1,
},
},
],
}
if @ignore_filter && @ignore_filter.ignored?(warning)
result[:suppressions] = [
{
:kind => 'external',
:justification => @ignore_filter.note_for(warning),
:location => {
:physicalLocation => {
:artifactLocation => {
:uri => Brakeman::FilePath.from_app_tree(@app_tree, @ignore_filter.file).relative,
:uriBaseId => '%SRCROOT%',
},
},
},
}
]
end
result
end
end
|
#rules ⇒ Object
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# File 'lib/brakeman/report/report_sarif.rb', line 27
def rules
@rules ||= unique_warnings_by_warning_code.map do |warning|
rule_id = render_id warning
check_name = warning.check_name
check_description = render_message check_descriptions[check_name]
{
:id => rule_id,
:name => "#{check_name}/#{warning.warning_type}",
:fullDescription => {
:text => check_description,
},
:helpUri => warning.link,
:help => {
:text => "More info: #{warning.link}.",
:markdown => "[More info](#{warning.link}).",
},
:properties => {
:tags => [check_name],
},
}
end
end
|
#runs ⇒ Object
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
# File 'lib/brakeman/report/report_sarif.rb', line 11
def runs
[
{
:tool => {
:driver => {
:name => 'Brakeman',
:informationUri => 'https://brakemanscanner.org',
:semanticVersion => Brakeman::Version,
:rules => rules,
},
},
:results => results,
},
]
end
|
#unique_warnings_by_warning_code ⇒ Object
Returns a de-duplicated set of warnings, used to generate rules
104
105
106
|
# File 'lib/brakeman/report/report_sarif.rb', line 104
def unique_warnings_by_warning_code
@unique_warnings_by_warning_code ||= tracker.checks.all_warnings.uniq { |w| w.warning_code }
end
|