forked from jjarboe/analysis-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
brakeman_import.py
79 lines (66 loc) · 2.7 KB
/
brakeman_import.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
import os
from coverity_import import CoverityIssueCollector, main, get_opts, InvalidFormatException
import json
class BrakemanCollector(CoverityIssueCollector):
_checker_prefix='brakeman'
'''
A simple collector for Brakeman reports.
'''
def find_line(self, issue):
return issue['line'] or '1'
def process(self, f):
data = json.load(f)
try:
data['scan_info']
data['scan_info']['brakeman_version']
self._build_dir = data['scan_info']['app_path']
except Exception, e:
raise InvalidFormatException("Couldn't find attribute", e)
# There are also members "ignored_warnings" and "errors"
for issue in data.get('warnings',[]) + data.get('ignored_warnings',[]):
# warning_type, warning_code
# fingerprint
# message
# file, line, link
# code (expression affected)
# render_path
# location
# type:controller, controller:
# type:method, class:, method:
# type:model, model:
# type:template, template:
# user_input (affected variable/parameter)
# confidence
description = []
if issue['code']:
description.append('In expression "%s"' % (issue['code'],))
if issue['user_input']:
description.append('"%s" is unsafe' % (issue['user_input'],))
description = issue['message']+'. '+ ', '.join(description)+'.'
attrs = {
'checker': issue['warning_type'],
'tag': 'Warning',
'subcategory': issue['confidence'],
'description': ''.join(description)
}
if issue['fingerprint']:
attrs['extra'] = issue['fingerprint']
if issue['location'] and issue['location'].get('method',None):
attrs['function'] = issue['location']['class']+'.'+issue['location']['method']
if issue['line'] is None:
issue['line'] = self.find_line(issue)
msg = self.create_issue(**attrs)
# Do we need to walk over issue['render_path'] to create
# dataflow events?
# Also takes description, method, tag
msg.add_location(
issue['line'],
issue['file'],
link = issue.get('link', None),
linktext = issue.get('link') and '[Brakeman description]' or None
)
self.add_issue(msg)
if __name__ == '__main__':
import sys
opts = get_opts('brakeman_import.py', sys.argv)
print BrakemanCollector(**opts).run(sys.argv[-1])