brakeman-min 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/processors/lib/find_call.rb +13 -1
- data/lib/processors/lib/find_model_call.rb +1 -1
- data/lib/report.rb +3 -1
- data/lib/version.rb +1 -1
- metadata +40 -35
|
@@ -31,13 +31,14 @@ require 'processors/base_processor'
|
|
|
31
31
|
# FindCall.new nil, /^g?sub!?$/
|
|
32
32
|
class FindCall < BaseProcessor
|
|
33
33
|
|
|
34
|
-
def initialize targets, methods
|
|
34
|
+
def initialize targets, methods, in_depth = false
|
|
35
35
|
super(nil)
|
|
36
36
|
@calls = []
|
|
37
37
|
@find_targets = targets
|
|
38
38
|
@find_methods = methods
|
|
39
39
|
@current_class = nil
|
|
40
40
|
@current_method = nil
|
|
41
|
+
@in_depth = in_depth
|
|
41
42
|
end
|
|
42
43
|
|
|
43
44
|
#Returns a list of results.
|
|
@@ -97,6 +98,17 @@ class FindCall < BaseProcessor
|
|
|
97
98
|
else
|
|
98
99
|
@calls << Sexp.new(:result, @current_class, @current_method, exp).line(exp.line)
|
|
99
100
|
end
|
|
101
|
+
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
#Normally FindCall won't match a method invocation that is the target of
|
|
105
|
+
#another call, such as:
|
|
106
|
+
#
|
|
107
|
+
# User.find(:first, :conditions => "user = '#{params['user']}').name
|
|
108
|
+
#
|
|
109
|
+
#A search for User.find will not match this unless @in_depth is true.
|
|
110
|
+
if @in_depth and sexp? exp[1] and exp[1][0] == :call
|
|
111
|
+
process exp[1]
|
|
100
112
|
end
|
|
101
113
|
|
|
102
114
|
exp
|
|
@@ -6,7 +6,7 @@ class FindModelCall < FindCall
|
|
|
6
6
|
|
|
7
7
|
#Passes +targets+ to FindCall
|
|
8
8
|
def initialize targets
|
|
9
|
-
super(targets, /^(find.*|first|last|all|count|sum|average|minumum|maximum|count_by_sql)
|
|
9
|
+
super(targets, /^(find.*|first|last|all|count|sum|average|minumum|maximum|count_by_sql)$/, true)
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
#Matches entire method chain as a target. This differs from
|
data/lib/report.rb
CHANGED
|
@@ -635,7 +635,9 @@ class Report
|
|
|
635
635
|
[:model_warnings, "Model"], [:template_warnings, "Template"]].map do |meth, category|
|
|
636
636
|
|
|
637
637
|
checks.send(meth).map do |w|
|
|
638
|
-
|
|
638
|
+
line = w.line || 0
|
|
639
|
+
w.warning_type.gsub! /[^\w\s]/, ' '
|
|
640
|
+
"#{file_for w}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
|
|
639
641
|
end.join "\n"
|
|
640
642
|
|
|
641
643
|
end.join "\n"
|
data/lib/version.rb
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Version = "0.3.
|
|
1
|
+
Version = "0.3.1"
|
metadata
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: brakeman-min
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
4
|
+
hash: 17
|
|
5
|
+
prerelease:
|
|
5
6
|
segments:
|
|
6
7
|
- 0
|
|
7
8
|
- 3
|
|
8
|
-
-
|
|
9
|
-
version: 0.3.
|
|
9
|
+
- 1
|
|
10
|
+
version: 0.3.1
|
|
10
11
|
platform: ruby
|
|
11
12
|
authors:
|
|
12
13
|
- Justin Collins
|
|
@@ -14,7 +15,7 @@ autorequire:
|
|
|
14
15
|
bindir: bin
|
|
15
16
|
cert_chain: []
|
|
16
17
|
|
|
17
|
-
date: 2011-03
|
|
18
|
+
date: 2011-05-03 00:00:00 -07:00
|
|
18
19
|
default_executable:
|
|
19
20
|
dependencies:
|
|
20
21
|
- !ruby/object:Gem::Dependency
|
|
@@ -25,6 +26,7 @@ dependencies:
|
|
|
25
26
|
requirements:
|
|
26
27
|
- - ~>
|
|
27
28
|
- !ruby/object:Gem::Version
|
|
29
|
+
hash: 7
|
|
28
30
|
segments:
|
|
29
31
|
- 2
|
|
30
32
|
- 2
|
|
@@ -39,6 +41,7 @@ dependencies:
|
|
|
39
41
|
requirements:
|
|
40
42
|
- - ~>
|
|
41
43
|
- !ruby/object:Gem::Version
|
|
44
|
+
hash: 23
|
|
42
45
|
segments:
|
|
43
46
|
- 1
|
|
44
47
|
- 2
|
|
@@ -59,51 +62,51 @@ files:
|
|
|
59
62
|
- WARNING_TYPES
|
|
60
63
|
- FEATURES
|
|
61
64
|
- README.md
|
|
62
|
-
- lib/
|
|
63
|
-
- lib/processors/alias_processor.rb
|
|
64
|
-
- lib/processors/haml_template_processor.rb
|
|
65
|
-
- lib/processors/output_processor.rb
|
|
65
|
+
- lib/warning.rb
|
|
66
66
|
- lib/processors/params_processor.rb
|
|
67
|
-
- lib/processors/erubis_template_processor.rb
|
|
68
67
|
- lib/processors/controller_alias_processor.rb
|
|
69
|
-
- lib/processors/
|
|
70
|
-
- lib/processors/
|
|
71
|
-
- lib/processors/
|
|
72
|
-
- lib/processors/lib/find_call.rb
|
|
73
|
-
- lib/processors/route_processor.rb
|
|
74
|
-
- lib/processors/model_processor.rb
|
|
68
|
+
- lib/processors/base_processor.rb
|
|
69
|
+
- lib/processors/controller_processor.rb
|
|
70
|
+
- lib/processors/library_processor.rb
|
|
75
71
|
- lib/processors/erb_template_processor.rb
|
|
72
|
+
- lib/processors/haml_template_processor.rb
|
|
76
73
|
- lib/processors/template_alias_processor.rb
|
|
74
|
+
- lib/processors/route_processor.rb
|
|
75
|
+
- lib/processors/model_processor.rb
|
|
76
|
+
- lib/processors/lib/find_call.rb
|
|
77
|
+
- lib/processors/lib/processor_helper.rb
|
|
78
|
+
- lib/processors/lib/find_model_call.rb
|
|
79
|
+
- lib/processors/lib/render_helper.rb
|
|
80
|
+
- lib/processors/alias_processor.rb
|
|
81
|
+
- lib/processors/output_processor.rb
|
|
77
82
|
- lib/processors/config_processor.rb
|
|
83
|
+
- lib/processors/erubis_template_processor.rb
|
|
78
84
|
- lib/processors/template_processor.rb
|
|
79
|
-
- lib/processors/controller_processor.rb
|
|
80
|
-
- lib/processors/library_processor.rb
|
|
81
|
-
- lib/report.rb
|
|
82
|
-
- lib/util.rb
|
|
83
85
|
- lib/checks/check_send_file.rb
|
|
84
|
-
- lib/checks/
|
|
85
|
-
- lib/checks/
|
|
86
|
-
- lib/checks/check_execute.rb
|
|
87
|
-
- lib/checks/check_mass_assignment.rb
|
|
86
|
+
- lib/checks/check_session_settings.rb
|
|
87
|
+
- lib/checks/check_nested_attributes.rb
|
|
88
88
|
- lib/checks/check_sql.rb
|
|
89
|
-
- lib/checks/
|
|
90
|
-
- lib/checks/check_validation_regex.rb
|
|
89
|
+
- lib/checks/check_mass_assignment.rb
|
|
91
90
|
- lib/checks/check_cross_site_scripting.rb
|
|
92
|
-
- lib/checks/check_redirect.rb
|
|
93
|
-
- lib/checks/check_session_settings.rb
|
|
94
|
-
- lib/checks/check_forgery_setting.rb
|
|
95
|
-
- lib/checks/base_check.rb
|
|
96
91
|
- lib/checks/check_model_attributes.rb
|
|
97
|
-
- lib/checks/
|
|
92
|
+
- lib/checks/check_default_routes.rb
|
|
98
93
|
- lib/checks/check_evaluation.rb
|
|
94
|
+
- lib/checks/check_validation_regex.rb
|
|
95
|
+
- lib/checks/check_execute.rb
|
|
96
|
+
- lib/checks/check_mail_to.rb
|
|
97
|
+
- lib/checks/base_check.rb
|
|
99
98
|
- lib/checks/check_file_access.rb
|
|
100
|
-
- lib/
|
|
101
|
-
- lib/
|
|
99
|
+
- lib/checks/check_redirect.rb
|
|
100
|
+
- lib/checks/check_forgery_setting.rb
|
|
101
|
+
- lib/checks/check_render.rb
|
|
102
102
|
- lib/tracker.rb
|
|
103
|
-
- lib/
|
|
103
|
+
- lib/util.rb
|
|
104
|
+
- lib/report.rb
|
|
104
105
|
- lib/version.rb
|
|
105
|
-
- lib/
|
|
106
|
+
- lib/scanner.rb
|
|
107
|
+
- lib/checks.rb
|
|
106
108
|
- lib/scanner_erubis.rb
|
|
109
|
+
- lib/processor.rb
|
|
107
110
|
- lib/format/style.css
|
|
108
111
|
has_rdoc: true
|
|
109
112
|
homepage: http://github.com/presidentbeef/brakeman
|
|
@@ -119,6 +122,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
119
122
|
requirements:
|
|
120
123
|
- - ">="
|
|
121
124
|
- !ruby/object:Gem::Version
|
|
125
|
+
hash: 3
|
|
122
126
|
segments:
|
|
123
127
|
- 0
|
|
124
128
|
version: "0"
|
|
@@ -127,13 +131,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
127
131
|
requirements:
|
|
128
132
|
- - ">="
|
|
129
133
|
- !ruby/object:Gem::Version
|
|
134
|
+
hash: 3
|
|
130
135
|
segments:
|
|
131
136
|
- 0
|
|
132
137
|
version: "0"
|
|
133
138
|
requirements: []
|
|
134
139
|
|
|
135
140
|
rubyforge_project:
|
|
136
|
-
rubygems_version: 1.
|
|
141
|
+
rubygems_version: 1.4.1
|
|
137
142
|
signing_key:
|
|
138
143
|
specification_version: 3
|
|
139
144
|
summary: Security vulnerability scanner for Ruby on Rails.
|