Module Brakeman
In: lib/brakeman.rb
lib/brakeman/report/ignore/interactive.rb
lib/brakeman/report/ignore/config.rb
lib/brakeman/report/pager.rb
lib/brakeman/parsers/template_parser.rb
lib/brakeman/processors/lib/safe_call_helper.rb
lib/brakeman/processors/lib/call_conversion_helper.rb
lib/brakeman/processors/lib/render_path.rb
lib/brakeman/tracker/controller.rb
lib/brakeman/tracker/model.rb
lib/brakeman/tracker/template.rb
lib/brakeman/tracker/config.rb
lib/brakeman/tracker/constants.rb
lib/brakeman/tracker/collection.rb
lib/brakeman/tracker/library.rb
lib/brakeman/messages.rb
lib/brakeman/app_tree.rb
lib/brakeman/file_parser.rb
lib/brakeman/codeclimate/engine_configuration.rb
lib/brakeman/processor.rb
lib/brakeman/version.rb
lib/brakeman/commandline.rb

Methods

Classes and Modules

Module Brakeman::CallConversionHelper
Module Brakeman::Codeclimate
Module Brakeman::ControllerMethods
Module Brakeman::Messages
Module Brakeman::ModelMethods
Module Brakeman::ModuleHelper
Module Brakeman::Options
Module Brakeman::ProcessorHelper
Module Brakeman::RenderHelper
Module Brakeman::Report
Module Brakeman::RouteHelper
Module Brakeman::SafeCallHelper
Module Brakeman::Util
Module Brakeman::WarningCodes
Class Brakeman::AliasProcessor
Class Brakeman::AppTree
Class Brakeman::BaseCheck
Class Brakeman::BaseProcessor
Class Brakeman::BasicProcessor
Class Brakeman::CallIndex
Class Brakeman::CheckBasicAuth
Class Brakeman::CheckBasicAuthTimingAttack
Class Brakeman::CheckContentTag
Class Brakeman::CheckCreateWith
Class Brakeman::CheckCrossSiteScripting
Class Brakeman::CheckDefaultRoutes
Class Brakeman::CheckDeserialize
Class Brakeman::CheckDetailedExceptions
Class Brakeman::CheckDigestDoS
Class Brakeman::CheckDivideByZero
Class Brakeman::CheckDynamicFinders
Class Brakeman::CheckEscapeFunction
Class Brakeman::CheckEvaluation
Class Brakeman::CheckExecute
Class Brakeman::CheckFileAccess
Class Brakeman::CheckFileDisclosure
Class Brakeman::CheckFilterSkipping
Class Brakeman::CheckForgerySetting
Class Brakeman::CheckHeaderDoS
Class Brakeman::CheckI18nXSS
Class Brakeman::CheckJRubyXML
Class Brakeman::CheckJSONEncoding
Class Brakeman::CheckJSONParsing
Class Brakeman::CheckLinkTo
Class Brakeman::CheckLinkToHref
Class Brakeman::CheckMailTo
Class Brakeman::CheckMassAssignment
Class Brakeman::CheckMimeTypeDoS
Class Brakeman::CheckModelAttrAccessible
Class Brakeman::CheckModelAttributes
Class Brakeman::CheckModelSerialize
Class Brakeman::CheckNestedAttributes
Class Brakeman::CheckNestedAttributesBypass
Class Brakeman::CheckNumberToCurrency
Class Brakeman::CheckPermitAttributes
Class Brakeman::CheckQuoteTableName
Class Brakeman::CheckRedirect
Class Brakeman::CheckRegexDoS
Class Brakeman::CheckRender
Class Brakeman::CheckRenderDoS
Class Brakeman::CheckRenderInline
Class Brakeman::CheckResponseSplitting
Class Brakeman::CheckRouteDoS
Class Brakeman::CheckSQL
Class Brakeman::CheckSQLCVEs
Class Brakeman::CheckSSLVerify
Class Brakeman::CheckSafeBufferManipulation
Class Brakeman::CheckSanitizeMethods
Class Brakeman::CheckSecrets
Class Brakeman::CheckSelectTag
Class Brakeman::CheckSelectVulnerability
Class Brakeman::CheckSend
Class Brakeman::CheckSendFile
Class Brakeman::CheckSessionManipulation
Class Brakeman::CheckSessionSettings
Class Brakeman::CheckSimpleFormat
Class Brakeman::CheckSingleQuotes
Class Brakeman::CheckSkipBeforeFilter
Class Brakeman::CheckSprocketsPathTraversal
Class Brakeman::CheckStripTags
Class Brakeman::CheckSymbolDoS
Class Brakeman::CheckSymbolDoSCVE
Class Brakeman::CheckTranslateBug
Class Brakeman::CheckUnsafeReflection
Class Brakeman::CheckUnscopedFind
Class Brakeman::CheckValidationRegex
Class Brakeman::CheckWeakHash
Class Brakeman::CheckWithoutProtection
Class Brakeman::CheckXMLDoS
Class Brakeman::CheckYAMLParsing
Class Brakeman::Checks
Class Brakeman::Collection
Class Brakeman::Commandline
Class Brakeman::Config
Class Brakeman::ConfigAliasProcessor
Class Brakeman::ConfigProcessor
Class Brakeman::Constant
Class Brakeman::Constants
Class Brakeman::Controller
Class Brakeman::ControllerAliasProcessor
Class Brakeman::ControllerProcessor
Class Brakeman::DependencyError
Class Brakeman::Differ
Class Brakeman::ErbTemplateProcessor
Class Brakeman::ErubisTemplateProcessor
Class Brakeman::FileParser
Class Brakeman::FindAllCalls
Class Brakeman::FindCall
Class Brakeman::FindReturnValue
Class Brakeman::GemProcessor
Class Brakeman::HamlTemplateProcessor
Class Brakeman::IgnoreConfig
Class Brakeman::InteractiveIgnorer
Class Brakeman::Library
Class Brakeman::LibraryProcessor
Class Brakeman::MissingChecksError
Class Brakeman::Model
Class Brakeman::ModelProcessor
Class Brakeman::NoApplication
Class Brakeman::NoBrakemanError
Class Brakeman::OutputProcessor
Class Brakeman::Pager
Class Brakeman::Processor
Class Brakeman::Rails2ConfigProcessor
Class Brakeman::Rails2RoutesProcessor
Class Brakeman::Rails2XSSPluginErubis
Class Brakeman::Rails3ConfigProcessor
Class Brakeman::Rails3Erubis
Class Brakeman::Rails3RoutesProcessor
Class Brakeman::Rails4ConfigProcessor
Class Brakeman::RenderPath
Class Brakeman::Report
Class Brakeman::RescanReport
Class Brakeman::Rescanner
Class Brakeman::RouteAliasProcessor
Class Brakeman::RoutesProcessor
Class Brakeman::Scanner
Class Brakeman::ScannerErubis
Class Brakeman::SexpProcessor
Class Brakeman::SlimTemplateProcessor
Class Brakeman::Template
Class Brakeman::TemplateAliasProcessor
Class Brakeman::TemplateParser
Class Brakeman::TemplateProcessor
Class Brakeman::Tracker
Class Brakeman::Warning

Constants

Warnings_Found_Exit_Code = 3   This exit code is used when warnings are found and the —exit-on-warn option is set
No_App_Found_Exit_Code = 4   Exit code returned when no Rails application is detected
Not_Latest_Version_Exit_Code = 5   Exit code returned when brakeman was outdated
Missing_Checks_Exit_Code = 6   Exit code returned when user requests non-existent checks
Errors_Found_Exit_Code = 7   Exit code returned when errors were found and the —exit-on-error option is set
CONFIG_FILES = [ File.expand_path("~/.brakeman/config.yml"), File.expand_path("/etc/brakeman/config.yml")
ASTFile = Struct.new(:path, :ast)
Version = "4.4.0"

Public Class methods

Compare JSON ouptut from a previous scan and return the diff of the two scans

Default set of options

Output configuration to YAML

Determine output formats based on options[:output_formats] or options[:output_files]

Output list of checks (for `-k` option)

Load options from YAML file

Rescan a subset of files in a Rails application.

A full scan must have been run already to use this method. The returned Tracker object from Brakeman.run is used as a starting point for the rescan.

Options may be given as a hash with the same values as Brakeman.run. Note that these options will be merged into the Tracker.

This method returns a RescanReport object with information about the scan. However, the Tracker object will also be modified as the scan is run.

Run Brakeman scan. Returns Tracker object.

Options:

  * :app_path - path to root of Rails app (required)
  * :additional_checks_path - array of additional directories containing additional out-of-tree checks to run
  * :additional_libs_path - array of additional application relative lib directories (ex. app/mailers) to process
  * :assume_all_routes - assume all methods are routes (default: true)
  * :check_arguments - check arguments of methods (default: true)
  * :collapse_mass_assignment - report unprotected models in single warning (default: false)
  * :combine_locations - combine warning locations (default: true)
  * :config_file - configuration file
  * :escape_html - escape HTML by default (automatic)
  * :exit_on_error - only affects Commandline module (default: true)
  * :exit_on_warn - only affects Commandline module (default: true)
  * :github_repo - github repo to use for file links (user/repo[/path][@ref])
  * :highlight_user_input - highlight user input in reported warnings (default: true)
  * :html_style - path to CSS file
  * :ignore_model_output - consider models safe (default: false)
  * :index_libs - add libraries to call index (default: true)
  * :interprocedural - limited interprocedural processing of method calls (default: false)
  * :message_limit - limit length of messages
  * :min_confidence - minimum confidence (0-2, 0 is highest)
  * :output_files - files for output
  * :output_formats - formats for output (:to_s, :to_tabs, :to_csv, :to_html)
  * :parallel_checks - run checks in parallel (default: true)
  * :parser_timeout - set timeout for parsing an individual file (default: 10 seconds)
  * :print_report - if no output file specified, print to stdout (default: false)
  * :quiet - suppress most messages (default: true)
  * :rails3 - force Rails 3 mode (automatic)
  * :report_routes - show found routes on controllers (default: false)
  * :run_checks - array of checks to run (run all if not specified)
  * :safe_methods - array of methods to consider safe
  * :skip_libs - do not process lib/ directory (default: false)
  * :skip_checks - checks not to run (run all if not specified)
  * :absolute_paths - show absolute path of each file (default: false)
  * :summary_only - only output summary section of report for plain/table (:summary_only, :no_summary, true)

Alternatively, just supply a path as a string.

Run a scan. Generally called from Brakeman.run instead of directly.

Sets up options for run, checks given application path

[Validate]