brakeman-lib 4.9.0 → 4.9.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 43b7d1a166362e6f078be06194adde0e9acc6f6ee5bbe6b54212a4dddb0335ad
4
- data.tar.gz: fd3fcf8965f5125991e51dce67d18415ca3f5db6f431a4076c16acbf1a3bd906
3
+ metadata.gz: f4533db1d64281404ef6fa22a1b23e8ed35bcb2657aac30585fb38ef44f46ec6
4
+ data.tar.gz: b4d0b3c6c37cd04bd06f368fcd678c52da8809f998a2c5f8127363505022f529
5
5
  SHA512:
6
- metadata.gz: a929f04cb48c9ccb434cfa3ee47791d263a1fc3d30acdea4459c25c8c7bcab7d72887369f893de1eed5418a059dd07e55a98157bd2729967f1b9e4c72a4b94f5
7
- data.tar.gz: ead62901264f2d1230512894820ad8160ce6115a19ac32dd2ea3474ebb9b9a723e2090077ea6780b38c0b9d3f3b59e4c93ad55d8dbf613f9426475796a167ab3
6
+ metadata.gz: bac4dc339c777b879c7ec5e372dd3423c1300802561ad2d6be12ec38185785a93f88c5966d7276d5179f142861ea291c16c772052a07fd6969db6790f788ec72
7
+ data.tar.gz: 602fbe26d2880cc2f5443b7ce555d1f3411dc59902b9b68d87cf35813aa80d3704b685778222f14aa97509247d9be95d80c71ffd649755848618682877a3ab38
data/CHANGES.md CHANGED
@@ -1,3 +1,10 @@
1
+ # 4.9.1 - 2020-09-04
2
+
3
+ * Check `chomp`ed strings for SQL injection
4
+ * Use version from `active_record` for non-Rails apps (Ulysse Buonomo)
5
+ * Always set line number for joined arrays
6
+ * Avoid warning about missing `attr_accessible` if `protected_attributes` gem is used
7
+
1
8
  # 4.9.0 - 2020-08-04
2
9
 
3
10
  * Add check for CVE-2020-8166 (Jamie Finnigan)
@@ -8,7 +8,7 @@ class Brakeman::CheckModelAttributes < Brakeman::BaseCheck
8
8
  @description = "Reports models which do not use attr_restricted and warns on models that use attr_protected"
9
9
 
10
10
  def run_check
11
- return if mass_assign_disabled?
11
+ return if mass_assign_disabled? or tracker.config.has_gem?(:protected_attributes)
12
12
 
13
13
  #Roll warnings into one warning for all models
14
14
  if tracker.options[:collapse_mass_assignment]
@@ -393,7 +393,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
393
393
  nil
394
394
  end
395
395
 
396
- TO_STRING_METHODS = [:to_s, :squish, :strip, :strip_heredoc]
396
+ TO_STRING_METHODS = [:chomp, :to_s, :squish, :strip, :strip_heredoc]
397
397
 
398
398
  #Returns value if interpolated value is not something safe
399
399
  def unsafe_string_interp? exp
@@ -10,7 +10,7 @@ module Brakeman
10
10
  def join_arrays lhs, rhs, original_exp = nil
11
11
  if array? lhs and array? rhs
12
12
  result = Sexp.new(:array)
13
- result.line(lhs.line || rhs.line)
13
+ result.line(lhs.line || rhs.line || 1)
14
14
  result.concat lhs[1..-1]
15
15
  result.concat rhs[1..-1]
16
16
  result
@@ -79,7 +79,9 @@ module Brakeman
79
79
  # Only used by Rails2ConfigProcessor right now
80
80
  extract_version(version)
81
81
  else
82
- gem_version(:rails) || gem_version(:railties)
82
+ gem_version(:rails) ||
83
+ gem_version(:railties) ||
84
+ gem_version(:activerecord)
83
85
  end
84
86
 
85
87
  if version
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "4.9.0"
2
+ Version = "4.9.1"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman-lib
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.9.0
4
+ version: 4.9.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-04 00:00:00.000000000 Z
11
+ date: 2020-09-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest