Merge pull request #137 from presidentbeef/relative_paths_for_reports

Relative paths for reports

lib/brakeman.rb

@@ -39,6 +39,7 @@ module Brakeman
   #  * :safe_methods - array of methods to consider safe
   #  * :skip_libs - do not process lib/ directory (default: false)
   #  * :skip_checks - checks not to run (run all if not specified)
+  #  * :relative_path - show relative path of each file(default: false)
   #  * :summary_only - only output summary section of report 
   #                    (does not apply to tabs format)
   #
@@ -119,6 +120,7 @@ module Brakeman
       :ignore_model_output => false,
       :message_limit => 100,
       :parallel_checks => true,
+      :relative_path => false,
       :quiet => true,
       :report_progress => true,
       :html_style => "#{File.expand_path(File.dirname(__FILE__))}/brakeman/format/style.css" 

lib/brakeman/options.rb

@@ -169,6 +169,10 @@ module Brakeman::Options
           options[:summary_only] = true
         end
 
+        opts.on "--relative-paths", "Output relative file paths in reports" do
+          options[:relative_paths] = true
+        end
+
         opts.on "-w", 
           "--confidence-level LEVEL", 
           ["1", "2", "3"], 

lib/brakeman/report.rb

 require 'cgi'
 require 'set'
+require 'pathname'
 require 'brakeman/processors/output_processor'
 require 'brakeman/util'
 require 'terminal-table'
@@ -551,7 +552,7 @@ class Brakeman::Report
       message
     end <<
     "<table id='#{code_id}' class='context' style='display:none'>" <<
-    "<caption>#{(warning.file || '').gsub(tracker.options[:app_path], "")}</caption>"
+    "<caption>#{warning_file(warning, :relative) || ''}</caption>"
 
     unless context.empty?
       if warning.line - 1 == 1 or warning.line + 1 == 1
@@ -614,7 +615,7 @@ class Brakeman::Report
       checks.send(meth).map do |w|
         line = w.line || 0
         w.warning_type.gsub!(/[^\w\s]/, ' ')
-        "#{file_for w}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
+        "#{warning_file w}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
       end.join "\n"
 
     end.join "\n"
@@ -637,7 +638,6 @@ class Brakeman::Report
           w.code = ""
         end
         w.context = context_for(w).join("\n")
-        w.file = file_for w
       end
     end
 
@@ -650,7 +650,14 @@ class Brakeman::Report
     require 'json'
 
     errors = tracker.errors.map{|e| { :error => e[:error], :location => e[:backtrace][0] }}
-    warnings = all_warnings.map { |w| w.to_hash }.sort_by{|w| w[:file]}
+    app_path = tracker.options[:app_path]
+
+    warnings = all_warnings.map do |w|
+      hash = w.to_hash
+      hash[:file] = warning_file w
+      hash
+    end.sort_by { |w| w[:file] }
+
     scan_info = {
       :app_path => File.expand_path(tracker.options[:app_path]),
       :rails_version => rails_version,
@@ -680,6 +687,16 @@ class Brakeman::Report
     Set.new(tracker.templates.map {|k,v| v[:name].to_s[/[^.]+/]}).length
   end
 
+  def warning_file warning, relative = false
+    return nil if warning.file.nil?
+
+    if @tracker.options[:relative_paths] or relative
+      Pathname.new(warning.file).relative_path_from(Pathname.new(tracker.options[:app_path])).to_s
+    else
+      warning.file
+    end
+  end
+
   private
 
   def load_and_render_erb file, bind