brakeman-min 6.2.2 → 7.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGES.md +17 -0
- data/lib/brakeman/app_tree.rb +23 -18
- data/lib/brakeman/checks/check_deserialize.rb +4 -1
- data/lib/brakeman/checks/check_evaluation.rb +20 -2
- data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -0
- data/lib/brakeman/file_parser.rb +2 -1
- data/lib/brakeman/options.rb +8 -5
- data/lib/brakeman/processors/alias_processor.rb +6 -2
- data/lib/brakeman/processors/lib/file_type_detector.rb +9 -7
- data/lib/brakeman/report/ignore/config.rb +0 -1
- data/lib/brakeman/report/report_sarif.rb +122 -2
- data/lib/brakeman/rescanner.rb +40 -390
- data/lib/brakeman/scanner.rb +62 -38
- data/lib/brakeman/tracker/file_cache.rb +83 -0
- data/lib/brakeman/tracker.rb +19 -2
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman.rb +12 -2
- metadata +4 -34
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
module Brakeman
|
|
2
|
+
class FileCache
|
|
3
|
+
def initialize(file_list = nil)
|
|
4
|
+
@file_list = file_list || {
|
|
5
|
+
controller: {},
|
|
6
|
+
initializer: {},
|
|
7
|
+
lib: {},
|
|
8
|
+
model: {},
|
|
9
|
+
template: {},
|
|
10
|
+
}
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def controllers
|
|
14
|
+
@file_list[:controller]
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def initializers
|
|
18
|
+
@file_list[:initializer]
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def libs
|
|
22
|
+
@file_list[:lib]
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def models
|
|
26
|
+
@file_list[:model]
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def templates
|
|
30
|
+
@file_list[:template]
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def add_file(astfile, type)
|
|
34
|
+
raise "Unknown type: #{type}" unless valid_type? type
|
|
35
|
+
@file_list[type][astfile.path] = astfile
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def valid_type?(type)
|
|
39
|
+
@file_list.key? type
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def cached? path
|
|
43
|
+
@file_list.any? do |name, list|
|
|
44
|
+
list[path]
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def delete path
|
|
49
|
+
@file_list.each do |name, list|
|
|
50
|
+
list.delete path
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def diff other
|
|
55
|
+
@file_list.each do |name, list|
|
|
56
|
+
other_list = other.send(:"#{name}s")
|
|
57
|
+
|
|
58
|
+
if list == other_list
|
|
59
|
+
next
|
|
60
|
+
else
|
|
61
|
+
puts "-- #{name} --"
|
|
62
|
+
puts "Old: #{other_list.keys - list.keys}"
|
|
63
|
+
puts "New: #{list.keys - other_list.keys}"
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def dup
|
|
69
|
+
copy_file_list = @file_list.map do |name, list|
|
|
70
|
+
copy_list = list.map do |path, astfile|
|
|
71
|
+
copy_astfile = astfile.dup
|
|
72
|
+
copy_astfile.ast = copy_astfile.ast.deep_clone
|
|
73
|
+
|
|
74
|
+
[path, copy_astfile]
|
|
75
|
+
end.to_h
|
|
76
|
+
|
|
77
|
+
[name, copy_list]
|
|
78
|
+
end.to_h
|
|
79
|
+
|
|
80
|
+
FileCache.new(copy_file_list)
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
end
|
data/lib/brakeman/tracker.rb
CHANGED
|
@@ -12,7 +12,7 @@ class Brakeman::Tracker
|
|
|
12
12
|
attr_accessor :controllers, :constants, :templates, :models, :errors,
|
|
13
13
|
:checks, :initializers, :config, :routes, :processor, :libs,
|
|
14
14
|
:template_cache, :options, :filter_cache, :start_time, :end_time,
|
|
15
|
-
:duration, :ignored_filter, :app_tree
|
|
15
|
+
:duration, :ignored_filter, :app_tree, :file_cache, :pristine_file_cache
|
|
16
16
|
|
|
17
17
|
#Place holder when there should be a model, but it is not
|
|
18
18
|
#clear what model it will be.
|
|
@@ -26,15 +26,22 @@ class Brakeman::Tracker
|
|
|
26
26
|
@app_tree = app_tree
|
|
27
27
|
@processor = processor
|
|
28
28
|
@options = options
|
|
29
|
+
@file_cache = Brakeman::FileCache.new
|
|
30
|
+
@pristine_file_cache = nil
|
|
29
31
|
|
|
30
|
-
|
|
32
|
+
reset_all
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def reset_all
|
|
31
36
|
@templates = {}
|
|
32
37
|
@controllers = {}
|
|
38
|
+
|
|
33
39
|
#Initialize models with the unknown model so
|
|
34
40
|
#we can match models later without knowing precisely what
|
|
35
41
|
#class they are.
|
|
36
42
|
@models = {}
|
|
37
43
|
@models[UNKNOWN_MODEL] = Brakeman::Model.new(UNKNOWN_MODEL, nil, @app_tree.file_path("NOT_REAL.rb"), nil, self)
|
|
44
|
+
|
|
38
45
|
@method_cache = {}
|
|
39
46
|
@routes = {}
|
|
40
47
|
@initializers = {}
|
|
@@ -46,11 +53,16 @@ class Brakeman::Tracker
|
|
|
46
53
|
@template_cache = Set.new
|
|
47
54
|
@filter_cache = {}
|
|
48
55
|
@call_index = nil
|
|
56
|
+
@config = Brakeman::Config.new(self)
|
|
49
57
|
@start_time = Time.now
|
|
50
58
|
@end_time = nil
|
|
51
59
|
@duration = nil
|
|
52
60
|
end
|
|
53
61
|
|
|
62
|
+
def save_file_cache!
|
|
63
|
+
@pristine_file_cache = @file_cache.dup
|
|
64
|
+
end
|
|
65
|
+
|
|
54
66
|
#Add an error to the list. If no backtrace is given,
|
|
55
67
|
#the one from the exception will be used.
|
|
56
68
|
def error exception, backtrace = nil
|
|
@@ -301,6 +313,11 @@ class Brakeman::Tracker
|
|
|
301
313
|
method_sets << self.controllers
|
|
302
314
|
end
|
|
303
315
|
|
|
316
|
+
if locations.include? :libs
|
|
317
|
+
classes_to_reindex.merge self.libs.keys
|
|
318
|
+
method_sets << self.libs
|
|
319
|
+
end
|
|
320
|
+
|
|
304
321
|
if locations.include? :initializers
|
|
305
322
|
self.initializers.each do |file_name, src|
|
|
306
323
|
@call_index.remove_indexes_by_file file_name
|
data/lib/brakeman/version.rb
CHANGED
data/lib/brakeman.rb
CHANGED
|
@@ -84,6 +84,15 @@ module Brakeman
|
|
|
84
84
|
options[:report_progress] = false
|
|
85
85
|
end
|
|
86
86
|
|
|
87
|
+
if options[:use_prism]
|
|
88
|
+
begin
|
|
89
|
+
require 'prism'
|
|
90
|
+
notify '[Notice] Using Prism parser'
|
|
91
|
+
rescue LoadError => e
|
|
92
|
+
Brakeman.debug "[Notice] Asked to use Prism, but failed to load: #{e}"
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
|
|
87
96
|
scan options
|
|
88
97
|
end
|
|
89
98
|
|
|
@@ -196,6 +205,7 @@ module Brakeman
|
|
|
196
205
|
:pager => true,
|
|
197
206
|
:parallel_checks => true,
|
|
198
207
|
:parser_timeout => 10,
|
|
208
|
+
:use_prism => true,
|
|
199
209
|
:relative_path => false,
|
|
200
210
|
:report_progress => true,
|
|
201
211
|
:safe_methods => Set.new,
|
|
@@ -464,12 +474,12 @@ module Brakeman
|
|
|
464
474
|
def self.rescan tracker, files, options = {}
|
|
465
475
|
require 'brakeman/rescanner'
|
|
466
476
|
|
|
467
|
-
tracker.options.merge
|
|
477
|
+
options = tracker.options.merge options
|
|
468
478
|
|
|
469
479
|
@quiet = !!tracker.options[:quiet]
|
|
470
480
|
@debug = !!tracker.options[:debug]
|
|
471
481
|
|
|
472
|
-
Rescanner.new(
|
|
482
|
+
Rescanner.new(options, tracker.processor, files).recheck
|
|
473
483
|
end
|
|
474
484
|
|
|
475
485
|
def self.notify message
|
metadata
CHANGED
|
@@ -1,29 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: brakeman-min
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 7.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Justin Collins
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
10
|
+
date: 2024-12-31 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
|
-
- !ruby/object:Gem::Dependency
|
|
14
|
-
name: csv
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - ">="
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0'
|
|
20
|
-
type: :development
|
|
21
|
-
prerelease: false
|
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
-
requirements:
|
|
24
|
-
- - ">="
|
|
25
|
-
- !ruby/object:Gem::Version
|
|
26
|
-
version: '0'
|
|
27
12
|
- !ruby/object:Gem::Dependency
|
|
28
13
|
name: minitest
|
|
29
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -66,20 +51,6 @@ dependencies:
|
|
|
66
51
|
- - ">="
|
|
67
52
|
- !ruby/object:Gem::Version
|
|
68
53
|
version: '0'
|
|
69
|
-
- !ruby/object:Gem::Dependency
|
|
70
|
-
name: simplecov-html
|
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
|
72
|
-
requirements:
|
|
73
|
-
- - '='
|
|
74
|
-
- !ruby/object:Gem::Version
|
|
75
|
-
version: 0.10.2
|
|
76
|
-
type: :development
|
|
77
|
-
prerelease: false
|
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
-
requirements:
|
|
80
|
-
- - '='
|
|
81
|
-
- !ruby/object:Gem::Version
|
|
82
|
-
version: 0.10.2
|
|
83
54
|
- !ruby/object:Gem::Dependency
|
|
84
55
|
name: parallel
|
|
85
56
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -341,6 +312,7 @@ files:
|
|
|
341
312
|
- lib/brakeman/tracker/config.rb
|
|
342
313
|
- lib/brakeman/tracker/constants.rb
|
|
343
314
|
- lib/brakeman/tracker/controller.rb
|
|
315
|
+
- lib/brakeman/tracker/file_cache.rb
|
|
344
316
|
- lib/brakeman/tracker/library.rb
|
|
345
317
|
- lib/brakeman/tracker/method_info.rb
|
|
346
318
|
- lib/brakeman/tracker/model.rb
|
|
@@ -362,7 +334,6 @@ metadata:
|
|
|
362
334
|
mailing_list_uri: https://gitter.im/presidentbeef/brakeman
|
|
363
335
|
source_code_uri: https://github.com/presidentbeef/brakeman
|
|
364
336
|
wiki_uri: https://github.com/presidentbeef/brakeman/wiki
|
|
365
|
-
post_install_message:
|
|
366
337
|
rdoc_options: []
|
|
367
338
|
require_paths:
|
|
368
339
|
- lib
|
|
@@ -377,8 +348,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
377
348
|
- !ruby/object:Gem::Version
|
|
378
349
|
version: '0'
|
|
379
350
|
requirements: []
|
|
380
|
-
rubygems_version: 3.
|
|
381
|
-
signing_key:
|
|
351
|
+
rubygems_version: 3.6.2
|
|
382
352
|
specification_version: 4
|
|
383
353
|
summary: Security vulnerability scanner for Ruby on Rails.
|
|
384
354
|
test_files: []
|