brakeman-min 0.5.0 → 0.5.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +12 -10
- data/lib/processors/lib/rails2_route_processor.rb +2 -2
- data/lib/version.rb +1 -1
- metadata +3 -3
data/README.md
CHANGED
@@ -17,39 +17,41 @@ From source:
|
|
17
17
|
|
18
18
|
# Usage
|
19
19
|
|
20
|
-
brakeman app_path
|
20
|
+
brakeman [app_path]
|
21
|
+
|
22
|
+
It is simplest to run brakeman from the root directory of the Rails application. A path may also be supplied.
|
21
23
|
|
22
24
|
# Options
|
23
25
|
|
24
26
|
To specify an output file for the results:
|
25
27
|
|
26
|
-
brakeman -o output_file
|
28
|
+
brakeman -o output_file
|
27
29
|
|
28
30
|
The output format is determined by the file extension or by using the `-f` option. Current options are: `text`, `html`, `csv`, and `tabs`.
|
29
31
|
|
30
32
|
To suppress informational warnings and just output the report:
|
31
33
|
|
32
|
-
brakeman -q
|
34
|
+
brakeman -q
|
33
35
|
|
34
36
|
To see all kinds of debugging information:
|
35
37
|
|
36
|
-
brakeman -d
|
38
|
+
brakeman -d
|
37
39
|
|
38
40
|
Specific checks can be skipped, if desired. The name needs to be the correct case. For example, to skip looking for default routes (`DefaultRoutes`):
|
39
41
|
|
40
|
-
brakeman -x DefaultRoutes
|
42
|
+
brakeman -x DefaultRoutes
|
41
43
|
|
42
44
|
Multiple checks should be separated by a comma:
|
43
45
|
|
44
|
-
brakeman -x DefaultRoutes,Redirect
|
46
|
+
brakeman -x DefaultRoutes,Redirect
|
45
47
|
|
46
48
|
To do the opposite and only run a certain set of tests:
|
47
49
|
|
48
|
-
brakeman -t SQL,ValidationRegex
|
50
|
+
brakeman -t SQL,ValidationRegex
|
49
51
|
|
50
52
|
To indicate certain methods are "safe":
|
51
53
|
|
52
|
-
brakeman -s benign_method,totally_safe
|
54
|
+
brakeman -s benign_method,totally_safe
|
53
55
|
|
54
56
|
By default, brakeman will assume that unknown methods involving untrusted data are dangerous. For example, this would cause a warning (Rails 2):
|
55
57
|
|
@@ -57,7 +59,7 @@ By default, brakeman will assume that unknown methods involving untrusted data a
|
|
57
59
|
|
58
60
|
To only raise warnings only when untrusted data is being directly used:
|
59
61
|
|
60
|
-
brakeman -r
|
62
|
+
brakeman -r
|
61
63
|
|
62
64
|
# Warning information
|
63
65
|
|
@@ -79,7 +81,7 @@ There are three levels of confidence:
|
|
79
81
|
|
80
82
|
To only get warnings above a given confidence level:
|
81
83
|
|
82
|
-
brakeman -w3
|
84
|
+
brakeman -w3
|
83
85
|
|
84
86
|
The `-w` switch takes a number from 1 to 3, with 1 being low (all warnings) and 3 being high (only highest confidence warnings).
|
85
87
|
|
@@ -116,7 +116,7 @@ class RoutesProcessor < BaseProcessor
|
|
116
116
|
process_collection value
|
117
117
|
when :has_one
|
118
118
|
save_controller = current_controller
|
119
|
-
process_resource value[1..-1]
|
119
|
+
process_resource value[1..-1] #Verify this is proper behavior
|
120
120
|
self.current_controller = save_controller
|
121
121
|
when :has_many
|
122
122
|
save_controller = current_controller
|
@@ -164,7 +164,7 @@ class RoutesProcessor < BaseProcessor
|
|
164
164
|
process_resource_options exp[-1]
|
165
165
|
else
|
166
166
|
exp.each do |argument|
|
167
|
-
if argument.node_type == :lit
|
167
|
+
if sexp? argument and argument.node_type == :lit
|
168
168
|
self.current_controller = pluralize(exp[0][1].to_s)
|
169
169
|
add_resource_routes
|
170
170
|
process_resource_options exp[-1]
|
data/lib/version.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
Version = "0.5.
|
1
|
+
Version = "0.5.1"
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 5
|
8
|
-
-
|
9
|
-
version: 0.5.
|
8
|
+
- 1
|
9
|
+
version: 0.5.1
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Justin Collins
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2011-06-
|
17
|
+
date: 2011-06-17 00:00:00 -07:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|