Merge pull request #1861 from gazayas/features/show-ignored-flag

Add `--show-ignored` flag
presidentbeef · Aug 21, 2024 · 1f7bbad · 1f7bbad
2 parents c83406e + 5d40a44
commit 1f7bbad
Show file tree

Hide file tree

Showing 7 changed files with 34 additions and 0 deletions.
diff --git a/OPTIONS.md b/OPTIONS.md
@@ -201,6 +201,10 @@ Brakeman will raise warnings on models that use `attr_protected`. To suppress th
 
     brakeman --ignore-protected
 
+To show all ignored warnings without affecting the exit code (i.e. - Will return `0` if the application shows no warnings when simply running `brakeman`):
+
+    brakeman --show-ignored
+
 Brakeman will assume that unknown methods involving untrusted data are dangerous. For example, this would cause a warning (Rails 2):
 
     <%= some_method(:option => params[:input]) %>

diff --git a/README.md b/README.md
@@ -133,6 +133,10 @@ To create and manage this file, use:
 
     brakeman -I
 
+If you want to temporarily see the warnings you ignored without affecting the exit code, use:
+
+    brakeman --show-ignored
+
 # Warning information
 
 See [warning\_types](docs/warning_types) for more information on the warnings reported by this tool.

diff --git a/lib/brakeman.rb b/lib/brakeman.rb
@@ -65,6 +65,7 @@ module Brakeman
   #  * :report_routes - show found routes on controllers (default: false)
   #  * :run_checks - array of checks to run (run all if not specified)
   #  * :safe_methods - array of methods to consider safe
+  #  * :show_ignored - Display warnings that are usually ignored
   #  * :sql_safe_methods - array of sql sanitization methods to consider safe
   #  * :skip_libs - do not process lib/ directory (default: false)
   #  * :skip_vendor - do not process vendor/ directory (default: true)
@@ -198,6 +199,7 @@ def self.default_options
       :relative_path => false,
       :report_progress => true,
       :safe_methods => Set.new,
+      :show_ignored => false,
       :sql_safe_methods => Set.new,
       :skip_checks => Set.new,
       :skip_vendor => true,

diff --git a/lib/brakeman/options.rb b/lib/brakeman/options.rb
@@ -295,6 +295,10 @@ def create_option_parser options
           options[:interactive_ignore] = true
         end
 
+        opts.on "--show-ignored", "Show files that are usually ignored by the ignore configuration file" do
+          options[:show_ignored] = true
+        end
+
         opts.on "-l", "--[no-]combine-locations", "Combine warning locations (Default)" do |combine|
           options[:combine_locations] = combine
         end

diff --git a/lib/brakeman/report/report_text.rb b/lib/brakeman/report/report_text.rb
@@ -21,6 +21,9 @@ def generate_report
     add_chunk generate_obsolete
     add_chunk generate_errors
     add_chunk generate_warnings
+    add_chunk generate_show_ignored_overview if tracker.options[:show_ignored] && ignored_warnings.any?
+
+    @output_string
   end
 
   def add_chunk chunk, out = @output_string
@@ -101,6 +104,10 @@ def generate_warnings
     end
   end
 
+  def generate_show_ignored_overview
+    double_space("Ignored Warnings", ignored_warnings.map {|w| output_warning w})
+  end
+
   def generate_errors
     return if tracker.errors.empty?
     full_trace = tracker.options[:debug]

diff --git a/test/tests/commandline.rb b/test/tests/commandline.rb
@@ -135,6 +135,13 @@ def test_exit_on_warn_no_warnings
     end
   end
 
+  # Assert default when using `--show-ignored` flag.
+  def test_show_ignored_warnings
+    assert_exit Brakeman::Warnings_Found_Exit_Code do
+      scan_app "--show-ignored"
+    end
+  end
+
   def test_compare_deactivates_ensure_ignore_notes
     opts, = Brakeman::Commandline.parse_options [
       '--ensure-ignore-notes',

diff --git a/test/tests/options.rb b/test/tests/options.rb
@@ -25,6 +25,7 @@ class BrakemanOptionsTest < Minitest::Test
     :absolute_paths         => "--absolute-paths",
     :list_checks            => "-k",
     :list_optional_checks   => "--optional-checks",
+    :show_ignored           => "--show-ignored",
     :show_version           => "-v",
     :show_help              => "-h",
     :force_scan             => "--force-scan",
@@ -252,6 +253,11 @@ def test_ignore_file_option
     assert_equal "dont_warn_for_these.rb", options[:ignore_file]
   end
 
+  def test_show_ignored_option
+    options = setup_options_from_input("--show-ignored")
+    assert options[:show_ignored]
+  end
+
   def test_combine_warnings_option
     options = setup_options_from_input("--combine-locations")
     assert options[:combine_locations]