brakeman-min 2.3.0 → 2.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data.tar.gz.sig +0 -0
- data/CHANGES +5 -0
- data/lib/brakeman/checks/check_i18n_xss.rb +1 -1
- data/lib/brakeman/checks/check_number_to_currency.rb +2 -2
- data/lib/brakeman/version.rb +1 -1
- metadata +4 -4
- metadata.gz.sig +0 -0
data.tar.gz.sig
CHANGED
Binary file
|
data/CHANGES
CHANGED
@@ -6,7 +6,7 @@ class Brakeman::CheckI18nXSS < Brakeman::BaseCheck
|
|
6
6
|
@description = "Checks for i18n XSS (CVE-2013-4491)"
|
7
7
|
|
8
8
|
def run_check
|
9
|
-
if (version_between? "3.0.6", "3.2.15" or version_between? "4.0.0", "4.0.1")
|
9
|
+
if (version_between? "3.0.6", "3.2.15" or version_between? "4.0.0", "4.0.1") and not has_workaround?
|
10
10
|
message = "Rails #{tracker.config[:rails_version]} has an XSS vulnerability in i18n (CVE-2013-4491). Upgrade to Rails version "
|
11
11
|
|
12
12
|
i18n_gem = tracker.config[:gems] && tracker.config[:gems][:i18n]
|
@@ -27,7 +27,7 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
|
|
27
27
|
:message => message,
|
28
28
|
:confidence => CONFIDENCE[:med],
|
29
29
|
:file => gemfile_or_environment,
|
30
|
-
:link_path => "https://groups.google.com/d/
|
30
|
+
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ"
|
31
31
|
end
|
32
32
|
|
33
33
|
def check_number_to_currency_usage
|
@@ -49,7 +49,7 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
|
|
49
49
|
:warning_code => :CVE_2013_6415_call,
|
50
50
|
:message => "Currency value in number_to_currency is not safe in Rails #{@tracker.config[:rails_version]}",
|
51
51
|
:confidence => CONFIDENCE[:high],
|
52
|
-
:link_path => "https://groups.google.com/d/
|
52
|
+
:link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
|
53
53
|
:user_input => match
|
54
54
|
end
|
55
55
|
end
|
data/lib/brakeman/version.rb
CHANGED
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman-min
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 1
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 2
|
8
8
|
- 3
|
9
|
-
-
|
10
|
-
version: 2.3.
|
9
|
+
- 1
|
10
|
+
version: 2.3.1
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Justin Collins
|
@@ -36,7 +36,7 @@ cert_chain:
|
|
36
36
|
bdw=
|
37
37
|
-----END CERTIFICATE-----
|
38
38
|
|
39
|
-
date: 2013-12-
|
39
|
+
date: 2013-12-13 00:00:00 Z
|
40
40
|
dependencies:
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: ruby_parser
|
metadata.gz.sig
CHANGED
Binary file
|