Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GitHub flavored markdown output #463

Merged
merged 1 commit into from Apr 11, 2014

Conversation

Projects
None yet
3 participants
@gregose
Copy link
Contributor

gregose commented Apr 2, 2014

This adds GFM output format for reports (closes #435). This can be triggered with -f markdown or -o file.md flags or programmatically with Brakeman::Report#to_markdown.

Additionally, the github-repo flag / option has been added.

--github-repo USER/REPO[/PATH][@REF]
               Output links to GitHub in markdown and HTML reports using specified repo

This allows a user to set the app's GitHub repository (user/repo) and optionally, application path within the repo and git ref (sha, tag, branch). This is used to generate links within the GFM and HTML reports to the file and line on GitHub for each warning with file info.

As an example, brakeman -o test.md test/apps/rails3 --github-repo github/brakeman/test/apps/rails3 yields the report at https://gist.github.com/gregose/e7f1cc43263054bccd6d.

github@e2d3781 also closes a potential existing XSS in the HTML report by escaping the filename.

/cc @mastahyeti

@mastahyeti

This comment has been minimized.

Copy link
Contributor

mastahyeti commented Apr 2, 2014

@mastahyeti

This comment has been minimized.

Copy link
Contributor

mastahyeti commented Apr 2, 2014

/cc #435

@presidentbeef

This comment has been minimized.

Copy link
Owner

presidentbeef commented Apr 11, 2014

Looks good to me. Actually pretty cool 👍 Can you squash the commits, though?

GFM report format
markdown formatting tweaks, github file links, and test

support subpath in repo

github url support in HTML output

use to_markdown in format call

update non ruby1.9 line count

add markdown to valid format list

escape file names

move repo validation and parsing to Brakeman#set_options
@gregose

This comment has been minimized.

Copy link
Contributor Author

gregose commented Apr 11, 2014

Can you squash the commits

Done!

@presidentbeef presidentbeef merged commit eb342e3 into presidentbeef:master Apr 11, 2014

1 check failed

continuous-integration/travis-ci The Travis CI build failed
Details
@presidentbeef

This comment has been minimized.

Copy link
Owner

presidentbeef commented Apr 11, 2014

Merged, thanks!

Repository owner locked and limited conversation to collaborators Feb 16, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.