brakeman-lib 6.0.0 → 6.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +4 -0
- data/lib/brakeman/tracker/config.rb +14 -8
- data/lib/brakeman/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fa04262bdd0adc42cac58526843c33d79a66b439880e8c8df8c6c1df343fcff6
|
4
|
+
data.tar.gz: 7e433c0b3a0ac62bc432bec371432bfacde51c34cd6d2c8ae2e78b698e7c44a4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2b8220a3968c53ba01ac55034a15a2f7021a0bc7c319fda428ae917bb8eead85388a9995115ea67ec41f8a837d68fb2efaa6cfb907ac3d6a00ce92e2a15e4a87
|
7
|
+
data.tar.gz: d9374e5121036962f6f3ea04478ecffceda79cfbc0c3a30d7d6fcb426ce60c0185d903056ff7231b0ec4b37d3fbd72a899ff49d6a7010f5ca7a1703d948dcd43
|
data/CHANGES.md
CHANGED
@@ -189,13 +189,19 @@ module Brakeman
|
|
189
189
|
# Load defaults based on config.load_defaults value
|
190
190
|
# as documented here: https://guides.rubyonrails.org/configuring.html#results-of-config-load-defaults
|
191
191
|
def load_rails_defaults
|
192
|
-
return unless
|
192
|
+
return unless node_type? tracker.config.rails[:load_defaults], :lit, :str
|
193
|
+
|
194
|
+
version = tracker.config.rails[:load_defaults].value.to_s
|
195
|
+
|
196
|
+
unless version.match? /^\d+\.\d+$/
|
197
|
+
Brakeman.debug "[Notice] Unknown version: #{tracker.config.rails[:load_defaults]}"
|
198
|
+
return
|
199
|
+
end
|
193
200
|
|
194
|
-
version = tracker.config.rails[:load_defaults].value
|
195
201
|
true_value = Sexp.new(:true)
|
196
202
|
false_value = Sexp.new(:false)
|
197
203
|
|
198
|
-
if version >= 5.0
|
204
|
+
if version >= '5.0'
|
199
205
|
set_rails_config(value: true_value, path: [:action_controller, :per_form_csrf_tokens])
|
200
206
|
set_rails_config(value: true_value, path: [:action_controller, :forgery_protection_origin_check])
|
201
207
|
set_rails_config(value: true_value, path: [:active_record, :belongs_to_required_by_default])
|
@@ -203,12 +209,12 @@ module Brakeman
|
|
203
209
|
set_rails_config(value: true_value, path: [:ssl_options, :hsts, :subdomains])
|
204
210
|
end
|
205
211
|
|
206
|
-
if version >= 5.1
|
212
|
+
if version >= '5.1'
|
207
213
|
set_rails_config(value: false_value, path: [:assets, :unknown_asset_fallback])
|
208
214
|
set_rails_config(value: true_value, path: [:action_view, :form_with_generates_remote_forms])
|
209
215
|
end
|
210
216
|
|
211
|
-
if version >= 5.2
|
217
|
+
if version >= '5.2'
|
212
218
|
set_rails_config(value: true_value, path: [:active_record, :cache_versioning])
|
213
219
|
set_rails_config(value: true_value, path: [:action_dispatch, :use_authenticated_cookie_encryption])
|
214
220
|
set_rails_config(value: true_value, path: [:active_support, :use_authenticated_message_encryption])
|
@@ -217,7 +223,7 @@ module Brakeman
|
|
217
223
|
set_rails_config(value: true_value, path: [:action_view, :form_with_generates_ids])
|
218
224
|
end
|
219
225
|
|
220
|
-
if version >= 6.0
|
226
|
+
if version >= '6.0'
|
221
227
|
set_rails_config(value: Sexp.new(:lit, :zeitwerk), path: [:autoloader])
|
222
228
|
set_rails_config(value: false_value, path: [:action_view, :default_enforce_utf8])
|
223
229
|
set_rails_config(value: true_value, path: [:action_dispatch, :use_cookies_with_metadata])
|
@@ -230,7 +236,7 @@ module Brakeman
|
|
230
236
|
set_rails_config(value: true_value, path: [:active_record, :collection_cache_versioning])
|
231
237
|
end
|
232
238
|
|
233
|
-
if version >= 6.1
|
239
|
+
if version >= '6.1'
|
234
240
|
set_rails_config(value: true_value, path: [:action_controller, :urlsafe_csrf_tokens])
|
235
241
|
set_rails_config(value: Sexp.new(:lit, :lax), path: [:action_dispatch, :cookies_same_site_protection])
|
236
242
|
set_rails_config(value: Sexp.new(:lit, 308), path: [:action_dispatch, :ssl_default_redirect_status])
|
@@ -242,7 +248,7 @@ module Brakeman
|
|
242
248
|
set_rails_config(value: true_value, path: [:active_storage, :track_variants])
|
243
249
|
end
|
244
250
|
|
245
|
-
if version >= 7.0
|
251
|
+
if version >= '7.0'
|
246
252
|
video_args =
|
247
253
|
Sexp.new(:str, "-vf 'select=eq(n\\,0)+eq(key\\,1)+gt(scene\\,0.015),loop=loop=-1:size=2,trim=start_frame=1' -frames:v 1 -f image2")
|
248
254
|
hash_class = s(:colon2, s(:colon2, s(:const, :OpenSSL), :Digest), :SHA256)
|
data/lib/brakeman/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman-lib
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.0.
|
4
|
+
version: 6.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Collins
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-07-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: minitest
|
@@ -451,7 +451,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
451
451
|
- !ruby/object:Gem::Version
|
452
452
|
version: '0'
|
453
453
|
requirements: []
|
454
|
-
rubygems_version: 3.
|
454
|
+
rubygems_version: 3.3.3
|
455
455
|
signing_key:
|
456
456
|
specification_version: 4
|
457
457
|
summary: Security vulnerability scanner for Ruby on Rails.
|