Add plaintext fingerprint to warning hash #1067
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Occasionally when comparing two brakeman reports to find new warnings introduced by a code change, it will report an old warning and it's not immediately apparent why the code change caused the warning to reappear. You would assume it's because the fingerprint changed, but just seeing that two hashes are different doesn't give you any context for why it changed. This PR breaks up the one fingerprint method into two — one to generate the string and the other to hash it. This allows you to pass the plaintext fingerprint into the warning hash.
It's entirely possible this PR is just adding redundant data to the hash, and we would be fine using the data already in the hash (since it makes up most of the fingerprint), but having access to the fingerprint string would tell you with certainty why a fingerprint changed. I feel like people might find the fingerprint text useful to have, though perhaps it's not needed for most use cases.