New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more structured message construction #1259

merged 15 commits into from Sep 13, 2018


None yet
1 participant
Copy link

presidentbeef commented Sep 11, 2018

Updates to make warning message format more flexible and consistent.

Instead of creating a string for a warning message, it is instead a Brakeman::Messages::Message which is essentially a list of Brakeman::Messages types.

For example:

 "Unescaped #{friendly_type_of @matched} in content_tag"


 msg("Unescaped ", msg_input(@matched), " in ", msg_code("content_tag"))

The output value becomes something like

Message(Plain("Unescaped "), Input(@matched), Plain(" in "), Code("content_tag"))

This way values like code, versions, input types, etc. can be formatted at output time depending on the report format (e.g. HTML). In the future this may help with translations.

presidentbeef added some commits Aug 14, 2018

Initial work to update message string construction
Switch from straight strings to objects that can be more easily formatted in
different ways depending on report format.
Update HTML report with new messages
also stop supporting message length for truncation
Some cleanup of report generation
Move table creation to Report::Table and subclass from there.
Add msg_cve to message building
and also fix some version messages

@presidentbeef presidentbeef merged commit 6b477a0 into master Sep 13, 2018

4 of 5 checks passed

codeclimate 6 issues to fix
ci/circleci Your tests passed on CircleCI!
codeclimate/diff-coverage 94% (90% threshold)
codeclimate/total-coverage 94% (0.0% change)
continuous-integration/travis-ci/pr The Travis CI build passed

@presidentbeef presidentbeef deleted the extract_message_strings branch Sep 13, 2018


This comment has been minimized.

Copy link
Owner Author

presidentbeef commented Sep 13, 2018

I'd better document more of the changes:

  • Messages are no longer truncated in HTML reports. But code at the end of the message might still be truncated if there is a huge chunk of code being displayed.
  • CVEs in HTML reports are links to MITRE
  • Links in HTML reports now correctly use rel="noreferrer"

Repository owner locked and limited conversation to collaborators Oct 16, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.