brakeman-min 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/processors/lib/find_call.rb +13 -1
- data/lib/processors/lib/find_model_call.rb +1 -1
- data/lib/report.rb +3 -1
- data/lib/version.rb +1 -1
- metadata +40 -35
@@ -31,13 +31,14 @@ require 'processors/base_processor'
|
|
31
31
|
# FindCall.new nil, /^g?sub!?$/
|
32
32
|
class FindCall < BaseProcessor
|
33
33
|
|
34
|
-
def initialize targets, methods
|
34
|
+
def initialize targets, methods, in_depth = false
|
35
35
|
super(nil)
|
36
36
|
@calls = []
|
37
37
|
@find_targets = targets
|
38
38
|
@find_methods = methods
|
39
39
|
@current_class = nil
|
40
40
|
@current_method = nil
|
41
|
+
@in_depth = in_depth
|
41
42
|
end
|
42
43
|
|
43
44
|
#Returns a list of results.
|
@@ -97,6 +98,17 @@ class FindCall < BaseProcessor
|
|
97
98
|
else
|
98
99
|
@calls << Sexp.new(:result, @current_class, @current_method, exp).line(exp.line)
|
99
100
|
end
|
101
|
+
|
102
|
+
end
|
103
|
+
|
104
|
+
#Normally FindCall won't match a method invocation that is the target of
|
105
|
+
#another call, such as:
|
106
|
+
#
|
107
|
+
# User.find(:first, :conditions => "user = '#{params['user']}').name
|
108
|
+
#
|
109
|
+
#A search for User.find will not match this unless @in_depth is true.
|
110
|
+
if @in_depth and sexp? exp[1] and exp[1][0] == :call
|
111
|
+
process exp[1]
|
100
112
|
end
|
101
113
|
|
102
114
|
exp
|
@@ -6,7 +6,7 @@ class FindModelCall < FindCall
|
|
6
6
|
|
7
7
|
#Passes +targets+ to FindCall
|
8
8
|
def initialize targets
|
9
|
-
super(targets, /^(find.*|first|last|all|count|sum|average|minumum|maximum|count_by_sql)
|
9
|
+
super(targets, /^(find.*|first|last|all|count|sum|average|minumum|maximum|count_by_sql)$/, true)
|
10
10
|
end
|
11
11
|
|
12
12
|
#Matches entire method chain as a target. This differs from
|
data/lib/report.rb
CHANGED
@@ -635,7 +635,9 @@ class Report
|
|
635
635
|
[:model_warnings, "Model"], [:template_warnings, "Template"]].map do |meth, category|
|
636
636
|
|
637
637
|
checks.send(meth).map do |w|
|
638
|
-
|
638
|
+
line = w.line || 0
|
639
|
+
w.warning_type.gsub! /[^\w\s]/, ' '
|
640
|
+
"#{file_for w}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
|
639
641
|
end.join "\n"
|
640
642
|
|
641
643
|
end.join "\n"
|
data/lib/version.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
Version = "0.3.
|
1
|
+
Version = "0.3.1"
|
metadata
CHANGED
@@ -1,12 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman-min
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
4
|
+
hash: 17
|
5
|
+
prerelease:
|
5
6
|
segments:
|
6
7
|
- 0
|
7
8
|
- 3
|
8
|
-
-
|
9
|
-
version: 0.3.
|
9
|
+
- 1
|
10
|
+
version: 0.3.1
|
10
11
|
platform: ruby
|
11
12
|
authors:
|
12
13
|
- Justin Collins
|
@@ -14,7 +15,7 @@ autorequire:
|
|
14
15
|
bindir: bin
|
15
16
|
cert_chain: []
|
16
17
|
|
17
|
-
date: 2011-03
|
18
|
+
date: 2011-05-03 00:00:00 -07:00
|
18
19
|
default_executable:
|
19
20
|
dependencies:
|
20
21
|
- !ruby/object:Gem::Dependency
|
@@ -25,6 +26,7 @@ dependencies:
|
|
25
26
|
requirements:
|
26
27
|
- - ~>
|
27
28
|
- !ruby/object:Gem::Version
|
29
|
+
hash: 7
|
28
30
|
segments:
|
29
31
|
- 2
|
30
32
|
- 2
|
@@ -39,6 +41,7 @@ dependencies:
|
|
39
41
|
requirements:
|
40
42
|
- - ~>
|
41
43
|
- !ruby/object:Gem::Version
|
44
|
+
hash: 23
|
42
45
|
segments:
|
43
46
|
- 1
|
44
47
|
- 2
|
@@ -59,51 +62,51 @@ files:
|
|
59
62
|
- WARNING_TYPES
|
60
63
|
- FEATURES
|
61
64
|
- README.md
|
62
|
-
- lib/
|
63
|
-
- lib/processors/alias_processor.rb
|
64
|
-
- lib/processors/haml_template_processor.rb
|
65
|
-
- lib/processors/output_processor.rb
|
65
|
+
- lib/warning.rb
|
66
66
|
- lib/processors/params_processor.rb
|
67
|
-
- lib/processors/erubis_template_processor.rb
|
68
67
|
- lib/processors/controller_alias_processor.rb
|
69
|
-
- lib/processors/
|
70
|
-
- lib/processors/
|
71
|
-
- lib/processors/
|
72
|
-
- lib/processors/lib/find_call.rb
|
73
|
-
- lib/processors/route_processor.rb
|
74
|
-
- lib/processors/model_processor.rb
|
68
|
+
- lib/processors/base_processor.rb
|
69
|
+
- lib/processors/controller_processor.rb
|
70
|
+
- lib/processors/library_processor.rb
|
75
71
|
- lib/processors/erb_template_processor.rb
|
72
|
+
- lib/processors/haml_template_processor.rb
|
76
73
|
- lib/processors/template_alias_processor.rb
|
74
|
+
- lib/processors/route_processor.rb
|
75
|
+
- lib/processors/model_processor.rb
|
76
|
+
- lib/processors/lib/find_call.rb
|
77
|
+
- lib/processors/lib/processor_helper.rb
|
78
|
+
- lib/processors/lib/find_model_call.rb
|
79
|
+
- lib/processors/lib/render_helper.rb
|
80
|
+
- lib/processors/alias_processor.rb
|
81
|
+
- lib/processors/output_processor.rb
|
77
82
|
- lib/processors/config_processor.rb
|
83
|
+
- lib/processors/erubis_template_processor.rb
|
78
84
|
- lib/processors/template_processor.rb
|
79
|
-
- lib/processors/controller_processor.rb
|
80
|
-
- lib/processors/library_processor.rb
|
81
|
-
- lib/report.rb
|
82
|
-
- lib/util.rb
|
83
85
|
- lib/checks/check_send_file.rb
|
84
|
-
- lib/checks/
|
85
|
-
- lib/checks/
|
86
|
-
- lib/checks/check_execute.rb
|
87
|
-
- lib/checks/check_mass_assignment.rb
|
86
|
+
- lib/checks/check_session_settings.rb
|
87
|
+
- lib/checks/check_nested_attributes.rb
|
88
88
|
- lib/checks/check_sql.rb
|
89
|
-
- lib/checks/
|
90
|
-
- lib/checks/check_validation_regex.rb
|
89
|
+
- lib/checks/check_mass_assignment.rb
|
91
90
|
- lib/checks/check_cross_site_scripting.rb
|
92
|
-
- lib/checks/check_redirect.rb
|
93
|
-
- lib/checks/check_session_settings.rb
|
94
|
-
- lib/checks/check_forgery_setting.rb
|
95
|
-
- lib/checks/base_check.rb
|
96
91
|
- lib/checks/check_model_attributes.rb
|
97
|
-
- lib/checks/
|
92
|
+
- lib/checks/check_default_routes.rb
|
98
93
|
- lib/checks/check_evaluation.rb
|
94
|
+
- lib/checks/check_validation_regex.rb
|
95
|
+
- lib/checks/check_execute.rb
|
96
|
+
- lib/checks/check_mail_to.rb
|
97
|
+
- lib/checks/base_check.rb
|
99
98
|
- lib/checks/check_file_access.rb
|
100
|
-
- lib/
|
101
|
-
- lib/
|
99
|
+
- lib/checks/check_redirect.rb
|
100
|
+
- lib/checks/check_forgery_setting.rb
|
101
|
+
- lib/checks/check_render.rb
|
102
102
|
- lib/tracker.rb
|
103
|
-
- lib/
|
103
|
+
- lib/util.rb
|
104
|
+
- lib/report.rb
|
104
105
|
- lib/version.rb
|
105
|
-
- lib/
|
106
|
+
- lib/scanner.rb
|
107
|
+
- lib/checks.rb
|
106
108
|
- lib/scanner_erubis.rb
|
109
|
+
- lib/processor.rb
|
107
110
|
- lib/format/style.css
|
108
111
|
has_rdoc: true
|
109
112
|
homepage: http://github.com/presidentbeef/brakeman
|
@@ -119,6 +122,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
119
122
|
requirements:
|
120
123
|
- - ">="
|
121
124
|
- !ruby/object:Gem::Version
|
125
|
+
hash: 3
|
122
126
|
segments:
|
123
127
|
- 0
|
124
128
|
version: "0"
|
@@ -127,13 +131,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
127
131
|
requirements:
|
128
132
|
- - ">="
|
129
133
|
- !ruby/object:Gem::Version
|
134
|
+
hash: 3
|
130
135
|
segments:
|
131
136
|
- 0
|
132
137
|
version: "0"
|
133
138
|
requirements: []
|
134
139
|
|
135
140
|
rubyforge_project:
|
136
|
-
rubygems_version: 1.
|
141
|
+
rubygems_version: 1.4.1
|
137
142
|
signing_key:
|
138
143
|
specification_version: 3
|
139
144
|
summary: Security vulnerability scanner for Ruby on Rails.
|