brakeman-min 0.3.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/lib/processors/lib/find_call.rb +13 -1
  2. data/lib/processors/lib/find_model_call.rb +1 -1
  3. data/lib/report.rb +3 -1
  4. data/lib/version.rb +1 -1
  5. metadata +40 -35
data/lib/processors/lib/find_call.rb CHANGED
@@ -31,13 +31,14 @@ require 'processors/base_processor'
31
31
  # FindCall.new nil, /^g?sub!?$/
32
32
  class FindCall < BaseProcessor
33
33
 
34
- def initialize targets, methods
34
+ def initialize targets, methods, in_depth = false
35
35
  super(nil)
36
36
  @calls = []
37
37
  @find_targets = targets
38
38
  @find_methods = methods
39
39
  @current_class = nil
40
40
  @current_method = nil
41
+ @in_depth = in_depth
41
42
  end
42
43
 
43
44
  #Returns a list of results.
@@ -97,6 +98,17 @@ class FindCall < BaseProcessor
97
98
  else
98
99
  @calls << Sexp.new(:result, @current_class, @current_method, exp).line(exp.line)
99
100
  end
101
+
102
+ end
103
+
104
+ #Normally FindCall won't match a method invocation that is the target of
105
+ #another call, such as:
106
+ #
107
+ # User.find(:first, :conditions => "user = '#{params['user']}').name
108
+ #
109
+ #A search for User.find will not match this unless @in_depth is true.
110
+ if @in_depth and sexp? exp[1] and exp[1][0] == :call
111
+ process exp[1]
100
112
  end
101
113
 
102
114
  exp
data/lib/processors/lib/find_model_call.rb CHANGED
@@ -6,7 +6,7 @@ class FindModelCall < FindCall
6
6
 
7
7
  #Passes +targets+ to FindCall
8
8
  def initialize targets
9
- super(targets, /^(find.*|first|last|all|count|sum|average|minumum|maximum|count_by_sql)$/)
9
+ super(targets, /^(find.*|first|last|all|count|sum|average|minumum|maximum|count_by_sql)$/, true)
10
10
  end
11
11
 
12
12
  #Matches entire method chain as a target. This differs from
data/lib/report.rb CHANGED
@@ -635,7 +635,9 @@ class Report
635
635
  [:model_warnings, "Model"], [:template_warnings, "Template"]].map do |meth, category|
636
636
 
637
637
  checks.send(meth).map do |w|
638
- "#{file_for w}\t#{w.line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
638
+ line = w.line || 0
639
+ w.warning_type.gsub! /[^\w\s]/, ' '
640
+ "#{file_for w}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
639
641
  end.join "\n"
640
642
 
641
643
  end.join "\n"
data/lib/version.rb CHANGED
@@ -1 +1 @@
1
- Version = "0.3.0"
1
+ Version = "0.3.1"
metadata CHANGED
@@ -1,12 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman-min
3
3
  version: !ruby/object:Gem::Version
4
- prerelease: false
4
+ hash: 17
5
+ prerelease:
5
6
  segments:
6
7
  - 0
7
8
  - 3
8
- - 0
9
- version: 0.3.0
9
+ - 1
10
+ version: 0.3.1
10
11
  platform: ruby
11
12
  authors:
12
13
  - Justin Collins
@@ -14,7 +15,7 @@ autorequire:
14
15
  bindir: bin
15
16
  cert_chain: []
16
17
 
17
- date: 2011-03-21 00:00:00 -07:00
18
+ date: 2011-05-03 00:00:00 -07:00
18
19
  default_executable:
19
20
  dependencies:
20
21
  - !ruby/object:Gem::Dependency
@@ -25,6 +26,7 @@ dependencies:
25
26
  requirements:
26
27
  - - ~>
27
28
  - !ruby/object:Gem::Version
29
+ hash: 7
28
30
  segments:
29
31
  - 2
30
32
  - 2
@@ -39,6 +41,7 @@ dependencies:
39
41
  requirements:
40
42
  - - ~>
41
43
  - !ruby/object:Gem::Version
44
+ hash: 23
42
45
  segments:
43
46
  - 1
44
47
  - 2
@@ -59,51 +62,51 @@ files:
59
62
  - WARNING_TYPES
60
63
  - FEATURES
61
64
  - README.md
62
- - lib/processors/base_processor.rb
63
- - lib/processors/alias_processor.rb
64
- - lib/processors/haml_template_processor.rb
65
- - lib/processors/output_processor.rb
65
+ - lib/warning.rb
66
66
  - lib/processors/params_processor.rb
67
- - lib/processors/erubis_template_processor.rb
68
67
  - lib/processors/controller_alias_processor.rb
69
- - lib/processors/lib/processor_helper.rb
70
- - lib/processors/lib/render_helper.rb
71
- - lib/processors/lib/find_model_call.rb
72
- - lib/processors/lib/find_call.rb
73
- - lib/processors/route_processor.rb
74
- - lib/processors/model_processor.rb
68
+ - lib/processors/base_processor.rb
69
+ - lib/processors/controller_processor.rb
70
+ - lib/processors/library_processor.rb
75
71
  - lib/processors/erb_template_processor.rb
72
+ - lib/processors/haml_template_processor.rb
76
73
  - lib/processors/template_alias_processor.rb
74
+ - lib/processors/route_processor.rb
75
+ - lib/processors/model_processor.rb
76
+ - lib/processors/lib/find_call.rb
77
+ - lib/processors/lib/processor_helper.rb
78
+ - lib/processors/lib/find_model_call.rb
79
+ - lib/processors/lib/render_helper.rb
80
+ - lib/processors/alias_processor.rb
81
+ - lib/processors/output_processor.rb
77
82
  - lib/processors/config_processor.rb
83
+ - lib/processors/erubis_template_processor.rb
78
84
  - lib/processors/template_processor.rb
79
- - lib/processors/controller_processor.rb
80
- - lib/processors/library_processor.rb
81
- - lib/report.rb
82
- - lib/util.rb
83
85
  - lib/checks/check_send_file.rb
84
- - lib/checks/check_default_routes.rb
85
- - lib/checks/check_render.rb
86
- - lib/checks/check_execute.rb
87
- - lib/checks/check_mass_assignment.rb
86
+ - lib/checks/check_session_settings.rb
87
+ - lib/checks/check_nested_attributes.rb
88
88
  - lib/checks/check_sql.rb
89
- - lib/checks/check_mail_to.rb
90
- - lib/checks/check_validation_regex.rb
89
+ - lib/checks/check_mass_assignment.rb
91
90
  - lib/checks/check_cross_site_scripting.rb
92
- - lib/checks/check_redirect.rb
93
- - lib/checks/check_session_settings.rb
94
- - lib/checks/check_forgery_setting.rb
95
- - lib/checks/base_check.rb
96
91
  - lib/checks/check_model_attributes.rb
97
- - lib/checks/check_nested_attributes.rb
92
+ - lib/checks/check_default_routes.rb
98
93
  - lib/checks/check_evaluation.rb
94
+ - lib/checks/check_validation_regex.rb
95
+ - lib/checks/check_execute.rb
96
+ - lib/checks/check_mail_to.rb
97
+ - lib/checks/base_check.rb
99
98
  - lib/checks/check_file_access.rb
100
- - lib/processor.rb
101
- - lib/scanner.rb
99
+ - lib/checks/check_redirect.rb
100
+ - lib/checks/check_forgery_setting.rb
101
+ - lib/checks/check_render.rb
102
102
  - lib/tracker.rb
103
- - lib/checks.rb
103
+ - lib/util.rb
104
+ - lib/report.rb
104
105
  - lib/version.rb
105
- - lib/warning.rb
106
+ - lib/scanner.rb
107
+ - lib/checks.rb
106
108
  - lib/scanner_erubis.rb
109
+ - lib/processor.rb
107
110
  - lib/format/style.css
108
111
  has_rdoc: true
109
112
  homepage: http://github.com/presidentbeef/brakeman
@@ -119,6 +122,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
119
122
  requirements:
120
123
  - - ">="
121
124
  - !ruby/object:Gem::Version
125
+ hash: 3
122
126
  segments:
123
127
  - 0
124
128
  version: "0"
@@ -127,13 +131,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
127
131
  requirements:
128
132
  - - ">="
129
133
  - !ruby/object:Gem::Version
134
+ hash: 3
130
135
  segments:
131
136
  - 0
132
137
  version: "0"
133
138
  requirements: []
134
139
 
135
140
  rubyforge_project:
136
- rubygems_version: 1.3.7
141
+ rubygems_version: 1.4.1
137
142
  signing_key:
138
143
  specification_version: 3
139
144
  summary: Security vulnerability scanner for Ruby on Rails.