brakeman-min 3.0.0 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data.tar.gz.sig +0 -0
- data/CHANGES +9 -0
- data/README.md +9 -0
- data/lib/brakeman.rb +3 -1
- data/lib/brakeman/app_tree.rb +11 -4
- data/lib/brakeman/checks/check_forgery_setting.rb +3 -0
- data/lib/brakeman/options.rb +5 -0
- data/lib/brakeman/processors/library_processor.rb +4 -0
- data/lib/brakeman/processors/output_processor.rb +4 -35
- data/lib/brakeman/version.rb +1 -1
- metadata +166 -158
- metadata.gz.sig +0 -0
- checksums.yaml +0 -7
- checksums.yaml.gz.sig +0 -0
data.tar.gz.sig
CHANGED
Binary file
|
data/CHANGES
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
# 3.0.1
|
2
|
+
|
3
|
+
* Avoid protect_from_forgery warning unless ApplicationController inherits from ActionController::Base
|
4
|
+
* Properly format command interpolation (again)
|
5
|
+
* Remove Slim dependency (Casey West)
|
6
|
+
* Allow for controllers/models/templates in directories under `app/` (Neal Harris)
|
7
|
+
* Add `--add-libs-path` for additional libraries (Patrick Toomey)
|
8
|
+
* Properly process libraries (Patrick Toomey)
|
9
|
+
|
1
10
|
# 3.0.0
|
2
11
|
|
3
12
|
* Add check for CVE-2014-7829
|
data/README.md
CHANGED
@@ -40,6 +40,15 @@ From source:
|
|
40
40
|
gem build brakeman.gemspec
|
41
41
|
gem install brakeman*.gem
|
42
42
|
|
43
|
+
## For Slim Users
|
44
|
+
|
45
|
+
[Slim v3.0.0](https://github.com/slim-template/slim/blob/master/CHANGES#L12) dropped support for Ruby 1.8.7. Install a version of [`slim`](http://slim-lang.com/) compatible with your Ruby.
|
46
|
+
|
47
|
+
| Ruby Version | `Gemfile` | Command Line |
|
48
|
+
|--------------|-----------------------|----------------------------------------|
|
49
|
+
| Ruby 1.8.7 | `gem 'slim', '< 3.0'` | `$ gem install slim --version '< 3.0'` |
|
50
|
+
| Ruby 1.9+ | `gem 'slim'` | `$ gem install slim` |
|
51
|
+
|
43
52
|
# Usage
|
44
53
|
|
45
54
|
brakeman [app_path]
|
data/lib/brakeman.rb
CHANGED
@@ -17,6 +17,8 @@ module Brakeman
|
|
17
17
|
#Options:
|
18
18
|
#
|
19
19
|
# * :app_path - path to root of Rails app (required)
|
20
|
+
# * :additional_checks_path - array of additional directories containing additional out-of-tree checks to run
|
21
|
+
# * :additional_libs_path - array of additional application relative lib directories (ex. app/mailers) to process
|
20
22
|
# * :assume_all_routes - assume all methods are routes (default: true)
|
21
23
|
# * :check_arguments - check arguments of methods (default: true)
|
22
24
|
# * :collapse_mass_assignment - report unprotected models in single warning (default: false)
|
@@ -420,7 +422,7 @@ module Brakeman
|
|
420
422
|
require name
|
421
423
|
rescue LoadError => e
|
422
424
|
$stderr.puts e.message
|
423
|
-
$stderr.puts "Please install the appropriate dependency."
|
425
|
+
$stderr.puts "Please install the appropriate dependency: #{name}."
|
424
426
|
exit! -1
|
425
427
|
end
|
426
428
|
end
|
data/lib/brakeman/app_tree.rb
CHANGED
@@ -15,6 +15,7 @@ module Brakeman
|
|
15
15
|
if options[:only_files]
|
16
16
|
init_options[:only_files] = Regexp.new("(?:" << options[:only_files].map { |f| Regexp.escape f }.join("|") << ")")
|
17
17
|
end
|
18
|
+
init_options[:additional_libs_path] = options[:additional_libs_path]
|
18
19
|
new(root, init_options)
|
19
20
|
end
|
20
21
|
|
@@ -22,6 +23,7 @@ module Brakeman
|
|
22
23
|
@root = root
|
23
24
|
@skip_files = init_options[:skip_files]
|
24
25
|
@only_files = init_options[:only_files]
|
26
|
+
@additional_libs_path = init_options[:additional_libs_path] || []
|
25
27
|
end
|
26
28
|
|
27
29
|
def expand_path(path)
|
@@ -54,15 +56,15 @@ module Brakeman
|
|
54
56
|
end
|
55
57
|
|
56
58
|
def controller_paths
|
57
|
-
@controller_paths ||= find_paths("app
|
59
|
+
@controller_paths ||= find_paths("app/**/controllers")
|
58
60
|
end
|
59
61
|
|
60
62
|
def model_paths
|
61
|
-
@model_paths ||= find_paths("app
|
63
|
+
@model_paths ||= find_paths("app/**/models")
|
62
64
|
end
|
63
65
|
|
64
66
|
def template_paths
|
65
|
-
@template_paths ||= find_paths("app
|
67
|
+
@template_paths ||= find_paths("app/**/views", "*.{#{VIEW_EXTENSIONS}}")
|
66
68
|
end
|
67
69
|
|
68
70
|
def layout_exists?(name)
|
@@ -71,11 +73,16 @@ module Brakeman
|
|
71
73
|
end
|
72
74
|
|
73
75
|
def lib_paths
|
74
|
-
@lib_files ||= find_paths("lib").reject { |path| path.include? "/generators/" or path.include? "lib/tasks/" }
|
76
|
+
@lib_files ||= find_paths("lib").reject { |path| path.include? "/generators/" or path.include? "lib/tasks/" } +
|
77
|
+
find_additional_lib_paths
|
75
78
|
end
|
76
79
|
|
77
80
|
private
|
78
81
|
|
82
|
+
def find_additional_lib_paths
|
83
|
+
@additional_libs_path.collect{ |path| find_paths path }.flatten
|
84
|
+
end
|
85
|
+
|
79
86
|
def find_paths(directory, extensions = "*.rb")
|
80
87
|
pattern = @root + "/{engines/*/,}#{directory}/**/#{extensions}"
|
81
88
|
|
@@ -11,6 +11,9 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
|
|
11
11
|
|
12
12
|
def run_check
|
13
13
|
app_controller = tracker.controllers[:ApplicationController]
|
14
|
+
|
15
|
+
return unless ancestor? app_controller, :"ActionController::Base"
|
16
|
+
|
14
17
|
if tracker.config[:rails][:action_controller] and
|
15
18
|
tracker.config[:rails][:action_controller][:allow_forgery_protection] == Sexp.new(:false)
|
16
19
|
|
data/lib/brakeman/options.rb
CHANGED
@@ -124,6 +124,11 @@ module Brakeman::Options
|
|
124
124
|
options[:skip_libs] = true
|
125
125
|
end
|
126
126
|
|
127
|
+
opts.on "--add-libs-path path1,path2,etc", Array, "An application relative lib directory (ex. app/mailers) to process" do |paths|
|
128
|
+
options[:additional_libs_path] ||= Set.new
|
129
|
+
options[:additional_libs_path].merge paths
|
130
|
+
end
|
131
|
+
|
127
132
|
opts.on "-t", "--test Check1,Check2,etc", Array, "Only run the specified checks" do |checks|
|
128
133
|
checks.each_with_index do |s, index|
|
129
134
|
if s[0,5] != "Check"
|
@@ -106,8 +106,10 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
|
|
106
106
|
exp.node_type = :methdef
|
107
107
|
|
108
108
|
if @current_class
|
109
|
+
exp.body = process_all! exp.body
|
109
110
|
@current_class[:public][exp.method_name] = { :src => exp, :file => @file_name }
|
110
111
|
elsif @current_module
|
112
|
+
exp.body = process_all! exp.body
|
111
113
|
@current_module[:public][exp.method_name] = { :src => exp, :file => @file_name }
|
112
114
|
end
|
113
115
|
|
@@ -119,8 +121,10 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
|
|
119
121
|
exp.node_type = :selfdef
|
120
122
|
|
121
123
|
if @current_class
|
124
|
+
exp.body = process_all! exp.body
|
122
125
|
@current_class[:public][exp.method_name] = { :src => exp, :file => @file_name }
|
123
126
|
elsif @current_module
|
127
|
+
exp.body = process_all! exp.body
|
124
128
|
@current_module[:public][exp.method_name] = { :src => exp, :file => @file_name }
|
125
129
|
end
|
126
130
|
|
@@ -43,41 +43,8 @@ class Brakeman::OutputProcessor < Ruby2Ruby
|
|
43
43
|
"cookies"
|
44
44
|
end
|
45
45
|
|
46
|
-
|
47
|
-
|
48
|
-
exp.each do |e|
|
49
|
-
if e.is_a? String
|
50
|
-
out << e
|
51
|
-
else
|
52
|
-
res = process e
|
53
|
-
out << res unless res == ""
|
54
|
-
end
|
55
|
-
end
|
56
|
-
out << '"'
|
57
|
-
exp.clear
|
58
|
-
out
|
59
|
-
end
|
60
|
-
|
61
|
-
def process_string_eval exp
|
62
|
-
out = "\#{#{process(exp[0])}}"
|
63
|
-
exp.clear
|
64
|
-
out
|
65
|
-
end
|
66
|
-
|
67
|
-
def process_dxstr exp
|
68
|
-
out = "`"
|
69
|
-
out << exp.map! do |e|
|
70
|
-
if e.is_a? String
|
71
|
-
e
|
72
|
-
elsif string? e
|
73
|
-
e[1]
|
74
|
-
else
|
75
|
-
"\#{#{process e}}"
|
76
|
-
end
|
77
|
-
end.join
|
78
|
-
exp.clear
|
79
|
-
out << "`"
|
80
|
-
end
|
46
|
+
alias process_string_interp process_dstr
|
47
|
+
alias process_string_eval process_evstr
|
81
48
|
|
82
49
|
def process_rlist exp
|
83
50
|
out = exp.map do |e|
|
@@ -226,6 +193,8 @@ class Brakeman::OutputProcessor < Ruby2Ruby
|
|
226
193
|
else
|
227
194
|
raise "unknown type: #{pt.inspect}"
|
228
195
|
end
|
196
|
+
when String then
|
197
|
+
s << pt
|
229
198
|
else
|
230
199
|
# HACK: raise "huh?: #{pt.inspect}" -- hitting # constants in regexps
|
231
200
|
# do nothing for now
|
data/lib/brakeman/version.rb
CHANGED
metadata
CHANGED
@@ -1,13 +1,14 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman-min
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease:
|
5
|
+
version: 3.0.1
|
5
6
|
platform: ruby
|
6
|
-
authors:
|
7
|
+
authors:
|
7
8
|
- Justin Collins
|
8
9
|
autorequire:
|
9
10
|
bindir: bin
|
10
|
-
cert_chain:
|
11
|
+
cert_chain:
|
11
12
|
- |
|
12
13
|
-----BEGIN CERTIFICATE-----
|
13
14
|
MIIDijCCAnKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQ8wDQYDVQQDDAZqdXN0
|
@@ -30,219 +31,226 @@ cert_chain:
|
|
30
31
|
bxoxp9KNxkO+709YwLO1rYfmcGghg8WV6MYz3PSHdlgWF4KrjRFc/00hXHqVk0Sf
|
31
32
|
mREEv2LPwHH2SgpSSab+iawnX4l6lV8XcIrmp/HSMySsPVFBeOmB0c05LpEN8w==
|
32
33
|
-----END CERTIFICATE-----
|
33
|
-
|
34
|
-
|
35
|
-
|
34
|
+
|
35
|
+
date: 2015-01-23 00:00:00 Z
|
36
|
+
dependencies:
|
37
|
+
- !ruby/object:Gem::Dependency
|
38
|
+
name: test-unit
|
39
|
+
prerelease: false
|
40
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ">="
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: "0"
|
46
|
+
type: :development
|
47
|
+
version_requirements: *id001
|
48
|
+
- !ruby/object:Gem::Dependency
|
36
49
|
name: ruby_parser
|
37
|
-
requirement: !ruby/object:Gem::Requirement
|
38
|
-
requirements:
|
39
|
-
- - "~>"
|
40
|
-
- !ruby/object:Gem::Version
|
41
|
-
version: 3.5.0
|
42
|
-
type: :runtime
|
43
50
|
prerelease: false
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
51
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
52
|
+
none: false
|
53
|
+
requirements:
|
54
|
+
- - ~>
|
55
|
+
- !ruby/object:Gem::Version
|
48
56
|
version: 3.5.0
|
49
|
-
- !ruby/object:Gem::Dependency
|
50
|
-
name: ruby2ruby
|
51
|
-
requirement: !ruby/object:Gem::Requirement
|
52
|
-
requirements:
|
53
|
-
- - "~>"
|
54
|
-
- !ruby/object:Gem::Version
|
55
|
-
version: 2.1.1
|
56
57
|
type: :runtime
|
58
|
+
version_requirements: *id002
|
59
|
+
- !ruby/object:Gem::Dependency
|
60
|
+
name: ruby2ruby
|
57
61
|
prerelease: false
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
63
|
+
none: false
|
64
|
+
requirements:
|
65
|
+
- - ~>
|
66
|
+
- !ruby/object:Gem::Version
|
62
67
|
version: 2.1.1
|
63
|
-
- !ruby/object:Gem::Dependency
|
64
|
-
name: multi_json
|
65
|
-
requirement: !ruby/object:Gem::Requirement
|
66
|
-
requirements:
|
67
|
-
- - "~>"
|
68
|
-
- !ruby/object:Gem::Version
|
69
|
-
version: '1.2'
|
70
68
|
type: :runtime
|
69
|
+
version_requirements: *id003
|
70
|
+
- !ruby/object:Gem::Dependency
|
71
|
+
name: multi_json
|
71
72
|
prerelease: false
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
73
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
74
|
+
none: false
|
75
|
+
requirements:
|
76
|
+
- - ~>
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
version: "1.2"
|
79
|
+
type: :runtime
|
80
|
+
version_requirements: *id004
|
81
|
+
description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis. This version of the gem only requires the minimum number of dependencies. Use the 'brakeman' gem for a full install.
|
80
82
|
email: gem@brakeman.org
|
81
|
-
executables:
|
83
|
+
executables:
|
82
84
|
- brakeman
|
83
85
|
extensions: []
|
86
|
+
|
84
87
|
extra_rdoc_files: []
|
85
|
-
|
88
|
+
|
89
|
+
files:
|
90
|
+
- bin/brakeman
|
86
91
|
- CHANGES
|
92
|
+
- WARNING_TYPES
|
87
93
|
- FEATURES
|
88
94
|
- README.md
|
89
|
-
- WARNING_TYPES
|
90
|
-
- bin/brakeman
|
91
95
|
- lib/brakeman.rb
|
96
|
+
- lib/ruby_parser/bm_sexp.rb
|
97
|
+
- lib/ruby_parser/bm_sexp_processor.rb
|
92
98
|
- lib/brakeman/app_tree.rb
|
93
|
-
- lib/brakeman/brakeman.rake
|
94
99
|
- lib/brakeman/call_index.rb
|
95
|
-
- lib/brakeman/
|
96
|
-
- lib/brakeman/
|
97
|
-
- lib/brakeman/
|
98
|
-
- lib/brakeman/
|
99
|
-
- lib/brakeman/
|
100
|
-
- lib/brakeman/checks/check_cross_site_scripting.rb
|
101
|
-
- lib/brakeman/checks/check_default_routes.rb
|
102
|
-
- lib/brakeman/checks/check_deserialize.rb
|
103
|
-
- lib/brakeman/checks/check_detailed_exceptions.rb
|
104
|
-
- lib/brakeman/checks/check_digest_dos.rb
|
105
|
-
- lib/brakeman/checks/check_escape_function.rb
|
106
|
-
- lib/brakeman/checks/check_evaluation.rb
|
107
|
-
- lib/brakeman/checks/check_execute.rb
|
108
|
-
- lib/brakeman/checks/check_file_access.rb
|
109
|
-
- lib/brakeman/checks/check_file_disclosure.rb
|
110
|
-
- lib/brakeman/checks/check_filter_skipping.rb
|
111
|
-
- lib/brakeman/checks/check_forgery_setting.rb
|
112
|
-
- lib/brakeman/checks/check_header_dos.rb
|
113
|
-
- lib/brakeman/checks/check_i18n_xss.rb
|
114
|
-
- lib/brakeman/checks/check_jruby_xml.rb
|
115
|
-
- lib/brakeman/checks/check_json_parsing.rb
|
116
|
-
- lib/brakeman/checks/check_link_to.rb
|
117
|
-
- lib/brakeman/checks/check_link_to_href.rb
|
118
|
-
- lib/brakeman/checks/check_mail_to.rb
|
119
|
-
- lib/brakeman/checks/check_mass_assignment.rb
|
100
|
+
- lib/brakeman/brakeman.rake
|
101
|
+
- lib/brakeman/scanner.rb
|
102
|
+
- lib/brakeman/options.rb
|
103
|
+
- lib/brakeman/warning_codes.rb
|
104
|
+
- lib/brakeman/differ.rb
|
120
105
|
- lib/brakeman/checks/check_model_attr_accessible.rb
|
121
|
-
- lib/brakeman/checks/
|
122
|
-
- lib/brakeman/checks/
|
123
|
-
- lib/brakeman/checks/
|
124
|
-
- lib/brakeman/checks/check_number_to_currency.rb
|
125
|
-
- lib/brakeman/checks/check_quote_table_name.rb
|
106
|
+
- lib/brakeman/checks/check_i18n_xss.rb
|
107
|
+
- lib/brakeman/checks/check_digest_dos.rb
|
108
|
+
- lib/brakeman/checks/check_session_settings.rb
|
126
109
|
- lib/brakeman/checks/check_redirect.rb
|
110
|
+
- lib/brakeman/checks/check_model_serialize.rb
|
127
111
|
- lib/brakeman/checks/check_regex_dos.rb
|
128
|
-
- lib/brakeman/checks/
|
129
|
-
- lib/brakeman/checks/
|
130
|
-
- lib/brakeman/checks/
|
131
|
-
- lib/brakeman/checks/
|
112
|
+
- lib/brakeman/checks/check_validation_regex.rb
|
113
|
+
- lib/brakeman/checks/check_single_quotes.rb
|
114
|
+
- lib/brakeman/checks/check_detailed_exceptions.rb
|
115
|
+
- lib/brakeman/checks/check_file_access.rb
|
116
|
+
- lib/brakeman/checks/check_unscoped_find.rb
|
117
|
+
- lib/brakeman/checks/check_forgery_setting.rb
|
118
|
+
- lib/brakeman/checks/check_symbol_dos.rb
|
119
|
+
- lib/brakeman/checks/check_execute.rb
|
132
120
|
- lib/brakeman/checks/check_safe_buffer_manipulation.rb
|
121
|
+
- lib/brakeman/checks/check_skip_before_filter.rb
|
122
|
+
- lib/brakeman/checks/check_default_routes.rb
|
123
|
+
- lib/brakeman/checks/check_file_disclosure.rb
|
124
|
+
- lib/brakeman/checks/check_basic_auth.rb
|
125
|
+
- lib/brakeman/checks/check_render.rb
|
126
|
+
- lib/brakeman/checks/base_check.rb
|
127
|
+
- lib/brakeman/checks/check_mass_assignment.rb
|
133
128
|
- lib/brakeman/checks/check_sanitize_methods.rb
|
134
|
-
- lib/brakeman/checks/
|
129
|
+
- lib/brakeman/checks/check_simple_format.rb
|
135
130
|
- lib/brakeman/checks/check_select_vulnerability.rb
|
136
|
-
- lib/brakeman/checks/check_send.rb
|
137
131
|
- lib/brakeman/checks/check_send_file.rb
|
138
|
-
- lib/brakeman/checks/
|
139
|
-
- lib/brakeman/checks/check_simple_format.rb
|
140
|
-
- lib/brakeman/checks/check_single_quotes.rb
|
141
|
-
- lib/brakeman/checks/check_skip_before_filter.rb
|
142
|
-
- lib/brakeman/checks/check_sql.rb
|
143
|
-
- lib/brakeman/checks/check_sql_cves.rb
|
132
|
+
- lib/brakeman/checks/check_response_splitting.rb
|
144
133
|
- lib/brakeman/checks/check_ssl_verify.rb
|
134
|
+
- lib/brakeman/checks/check_filter_skipping.rb
|
135
|
+
- lib/brakeman/checks/check_jruby_xml.rb
|
136
|
+
- lib/brakeman/checks/check_escape_function.rb
|
145
137
|
- lib/brakeman/checks/check_strip_tags.rb
|
146
|
-
- lib/brakeman/checks/
|
147
|
-
- lib/brakeman/checks/
|
138
|
+
- lib/brakeman/checks/check_json_parsing.rb
|
139
|
+
- lib/brakeman/checks/check_select_tag.rb
|
148
140
|
- lib/brakeman/checks/check_translate_bug.rb
|
141
|
+
- lib/brakeman/checks/check_quote_table_name.rb
|
142
|
+
- lib/brakeman/checks/check_sql.rb
|
143
|
+
- lib/brakeman/checks/check_yaml_parsing.rb
|
144
|
+
- lib/brakeman/checks/check_render_inline.rb
|
145
|
+
- lib/brakeman/checks/check_cross_site_scripting.rb
|
146
|
+
- lib/brakeman/checks/check_link_to_href.rb
|
147
|
+
- lib/brakeman/checks/check_deserialize.rb
|
148
|
+
- lib/brakeman/checks/check_model_attributes.rb
|
149
|
+
- lib/brakeman/checks/check_number_to_currency.rb
|
150
|
+
- lib/brakeman/checks/check_content_tag.rb
|
151
|
+
- lib/brakeman/checks/check_symbol_dos_cve.rb
|
152
|
+
- lib/brakeman/checks/check_nested_attributes.rb
|
153
|
+
- lib/brakeman/checks/check_send.rb
|
149
154
|
- lib/brakeman/checks/check_unsafe_reflection.rb
|
150
|
-
- lib/brakeman/checks/
|
151
|
-
- lib/brakeman/checks/
|
155
|
+
- lib/brakeman/checks/check_evaluation.rb
|
156
|
+
- lib/brakeman/checks/check_sql_cves.rb
|
157
|
+
- lib/brakeman/checks/check_mail_to.rb
|
152
158
|
- lib/brakeman/checks/check_without_protection.rb
|
153
|
-
- lib/brakeman/checks/
|
154
|
-
- lib/brakeman/
|
159
|
+
- lib/brakeman/checks/check_create_with.rb
|
160
|
+
- lib/brakeman/checks/check_header_dos.rb
|
161
|
+
- lib/brakeman/checks/check_link_to.rb
|
162
|
+
- lib/brakeman/checks/check_render_dos.rb
|
163
|
+
- lib/brakeman/processor.rb
|
155
164
|
- lib/brakeman/file_parser.rb
|
165
|
+
- lib/brakeman/version.rb
|
156
166
|
- lib/brakeman/format/style.css
|
157
|
-
- lib/brakeman/
|
158
|
-
- lib/brakeman/
|
159
|
-
- lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
|
167
|
+
- lib/brakeman/checks.rb
|
168
|
+
- lib/brakeman/tracker.rb
|
160
169
|
- lib/brakeman/parsers/rails3_erubis.rb
|
170
|
+
- lib/brakeman/parsers/rails2_erubis.rb
|
161
171
|
- lib/brakeman/parsers/template_parser.rb
|
162
|
-
- lib/brakeman/
|
172
|
+
- lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
|
173
|
+
- lib/brakeman/util.rb
|
174
|
+
- lib/brakeman/report.rb
|
175
|
+
- lib/brakeman/warning.rb
|
163
176
|
- lib/brakeman/processors/alias_processor.rb
|
164
|
-
- lib/brakeman/processors/
|
177
|
+
- lib/brakeman/processors/output_processor.rb
|
178
|
+
- lib/brakeman/processors/template_processor.rb
|
179
|
+
- lib/brakeman/processors/erubis_template_processor.rb
|
180
|
+
- lib/brakeman/processors/erb_template_processor.rb
|
181
|
+
- lib/brakeman/processors/model_processor.rb
|
182
|
+
- lib/brakeman/processors/template_alias_processor.rb
|
165
183
|
- lib/brakeman/processors/config_processor.rb
|
166
184
|
- lib/brakeman/processors/controller_alias_processor.rb
|
167
|
-
- lib/brakeman/processors/controller_processor.rb
|
168
|
-
- lib/brakeman/processors/erb_template_processor.rb
|
169
|
-
- lib/brakeman/processors/erubis_template_processor.rb
|
170
|
-
- lib/brakeman/processors/gem_processor.rb
|
171
185
|
- lib/brakeman/processors/haml_template_processor.rb
|
172
|
-
- lib/brakeman/processors/
|
173
|
-
- lib/brakeman/processors/lib/find_all_calls.rb
|
174
|
-
- lib/brakeman/processors/lib/find_call.rb
|
186
|
+
- lib/brakeman/processors/base_processor.rb
|
175
187
|
- lib/brakeman/processors/lib/find_return_value.rb
|
176
|
-
- lib/brakeman/processors/lib/processor_helper.rb
|
177
|
-
- lib/brakeman/processors/lib/rails2_config_processor.rb
|
178
|
-
- lib/brakeman/processors/lib/rails2_route_processor.rb
|
179
|
-
- lib/brakeman/processors/lib/rails3_config_processor.rb
|
180
188
|
- lib/brakeman/processors/lib/rails3_route_processor.rb
|
181
|
-
- lib/brakeman/processors/lib/
|
189
|
+
- lib/brakeman/processors/lib/find_all_calls.rb
|
190
|
+
- lib/brakeman/processors/lib/basic_processor.rb
|
191
|
+
- lib/brakeman/processors/lib/rails2_route_processor.rb
|
182
192
|
- lib/brakeman/processors/lib/route_helper.rb
|
193
|
+
- lib/brakeman/processors/lib/find_call.rb
|
194
|
+
- lib/brakeman/processors/lib/render_helper.rb
|
195
|
+
- lib/brakeman/processors/lib/rails3_config_processor.rb
|
196
|
+
- lib/brakeman/processors/lib/rails2_config_processor.rb
|
197
|
+
- lib/brakeman/processors/lib/processor_helper.rb
|
198
|
+
- lib/brakeman/processors/controller_processor.rb
|
199
|
+
- lib/brakeman/processors/slim_template_processor.rb
|
183
200
|
- lib/brakeman/processors/library_processor.rb
|
184
|
-
- lib/brakeman/processors/
|
185
|
-
- lib/brakeman/processors/output_processor.rb
|
201
|
+
- lib/brakeman/processors/gem_processor.rb
|
186
202
|
- lib/brakeman/processors/route_processor.rb
|
187
|
-
- lib/brakeman/
|
188
|
-
- lib/brakeman/processors/template_alias_processor.rb
|
189
|
-
- lib/brakeman/processors/template_processor.rb
|
190
|
-
- lib/brakeman/report.rb
|
191
|
-
- lib/brakeman/report/ignore/config.rb
|
192
|
-
- lib/brakeman/report/ignore/interactive.rb
|
193
|
-
- lib/brakeman/report/initializers/faster_csv.rb
|
194
|
-
- lib/brakeman/report/initializers/multi_json.rb
|
195
|
-
- lib/brakeman/report/renderer.rb
|
203
|
+
- lib/brakeman/report/report_markdown.rb
|
196
204
|
- lib/brakeman/report/report_base.rb
|
197
|
-
- lib/brakeman/report/report_csv.rb
|
198
205
|
- lib/brakeman/report/report_hash.rb
|
199
|
-
- lib/brakeman/report/report_html.rb
|
200
|
-
- lib/brakeman/report/report_json.rb
|
201
|
-
- lib/brakeman/report/report_markdown.rb
|
202
|
-
- lib/brakeman/report/report_table.rb
|
203
|
-
- lib/brakeman/report/report_tabs.rb
|
204
206
|
- lib/brakeman/report/templates/controller_overview.html.erb
|
205
|
-
- lib/brakeman/report/templates/
|
206
|
-
- lib/brakeman/report/templates/
|
207
|
-
- lib/brakeman/report/templates/header.html.erb
|
207
|
+
- lib/brakeman/report/templates/security_warnings.html.erb
|
208
|
+
- lib/brakeman/report/templates/warning_overview.html.erb
|
208
209
|
- lib/brakeman/report/templates/ignored_warnings.html.erb
|
209
210
|
- lib/brakeman/report/templates/model_warnings.html.erb
|
211
|
+
- lib/brakeman/report/templates/controller_warnings.html.erb
|
210
212
|
- lib/brakeman/report/templates/overview.html.erb
|
211
|
-
- lib/brakeman/report/templates/
|
212
|
-
- lib/brakeman/report/templates/template_overview.html.erb
|
213
|
+
- lib/brakeman/report/templates/error_overview.html.erb
|
213
214
|
- lib/brakeman/report/templates/view_warnings.html.erb
|
214
|
-
- lib/brakeman/report/templates/
|
215
|
+
- lib/brakeman/report/templates/header.html.erb
|
216
|
+
- lib/brakeman/report/templates/template_overview.html.erb
|
217
|
+
- lib/brakeman/report/ignore/config.rb
|
218
|
+
- lib/brakeman/report/ignore/interactive.rb
|
219
|
+
- lib/brakeman/report/renderer.rb
|
220
|
+
- lib/brakeman/report/report_table.rb
|
221
|
+
- lib/brakeman/report/report_html.rb
|
222
|
+
- lib/brakeman/report/report_csv.rb
|
223
|
+
- lib/brakeman/report/report_tabs.rb
|
224
|
+
- lib/brakeman/report/initializers/faster_csv.rb
|
225
|
+
- lib/brakeman/report/initializers/multi_json.rb
|
226
|
+
- lib/brakeman/report/report_json.rb
|
215
227
|
- lib/brakeman/rescanner.rb
|
216
|
-
- lib/brakeman/scanner.rb
|
217
|
-
- lib/brakeman/tracker.rb
|
218
|
-
- lib/brakeman/util.rb
|
219
|
-
- lib/brakeman/version.rb
|
220
|
-
- lib/brakeman/warning.rb
|
221
|
-
- lib/brakeman/warning_codes.rb
|
222
|
-
- lib/ruby_parser/bm_sexp.rb
|
223
|
-
- lib/ruby_parser/bm_sexp_processor.rb
|
224
228
|
homepage: http://brakemanscanner.org
|
225
|
-
licenses:
|
229
|
+
licenses:
|
226
230
|
- MIT
|
227
|
-
metadata: {}
|
228
231
|
post_install_message:
|
229
232
|
rdoc_options: []
|
230
|
-
|
233
|
+
|
234
|
+
require_paths:
|
231
235
|
- lib
|
232
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
233
|
-
|
236
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
237
|
+
none: false
|
238
|
+
requirements:
|
234
239
|
- - ">="
|
235
|
-
- !ruby/object:Gem::Version
|
236
|
-
version:
|
237
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
238
|
-
|
240
|
+
- !ruby/object:Gem::Version
|
241
|
+
version: "0"
|
242
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
243
|
+
none: false
|
244
|
+
requirements:
|
239
245
|
- - ">="
|
240
|
-
- !ruby/object:Gem::Version
|
241
|
-
version:
|
246
|
+
- !ruby/object:Gem::Version
|
247
|
+
version: "0"
|
242
248
|
requirements: []
|
249
|
+
|
243
250
|
rubyforge_project:
|
244
|
-
rubygems_version:
|
251
|
+
rubygems_version: 1.8.5
|
245
252
|
signing_key:
|
246
|
-
specification_version:
|
253
|
+
specification_version: 3
|
247
254
|
summary: Security vulnerability scanner for Ruby on Rails.
|
248
255
|
test_files: []
|
256
|
+
|
metadata.gz.sig
CHANGED
Binary file
|
checksums.yaml
DELETED
@@ -1,7 +0,0 @@
|
|
1
|
-
---
|
2
|
-
SHA1:
|
3
|
-
metadata.gz: 04c48b233761ad0e436ded61ca55e22dbdeffac0
|
4
|
-
data.tar.gz: 3526a4f2a9296abb4c92cf48896481ec5d0cc2ab
|
5
|
-
SHA512:
|
6
|
-
metadata.gz: 0f79dbd775d2a86ca18fc7f5d58e2c492a1380f6f384ea86fa6cac648332eb35c1e197b0667c5b74d899715757f27eb03acca86405c41bfb7ae259b1698a74e9
|
7
|
-
data.tar.gz: 6a7ff026595a4d66477949bb63f1c5bf1de57b95c21c0d15b4de6a154d5134074cf7b357de2954df135b3f170123d13c97c79f8e3c6e71068e384d58cdaee235
|
checksums.yaml.gz.sig
DELETED
Binary file
|