brakeman-min 2.3.0 → 2.3.1

data/CHANGES

@@ -1,3 +1,8 @@
+# 2.3.1
+
+ * Fix check for CVE-2013-4491 (i18n XSS) to detect workaround
+ * Fix link for CVE-2013-6415 (number_to_currency)
+
 # 2.3.0
 
  * Add check for Parameters#permit!

data/lib/brakeman/checks/check_i18n_xss.rb

@@ -6,7 +6,7 @@ class Brakeman::CheckI18nXSS < Brakeman::BaseCheck
   @description = "Checks for i18n XSS (CVE-2013-4491)"
 
   def run_check
-    if (version_between? "3.0.6", "3.2.15" or version_between? "4.0.0", "4.0.1")# and not has_workaround?
+    if (version_between? "3.0.6", "3.2.15" or version_between? "4.0.0", "4.0.1") and not has_workaround?
       message = "Rails #{tracker.config[:rails_version]} has an XSS vulnerability in i18n (CVE-2013-4491). Upgrade to Rails version "
 
       i18n_gem = tracker.config[:gems] && tracker.config[:gems][:i18n]

data/lib/brakeman/checks/check_number_to_currency.rb

@@ -27,7 +27,7 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
       :message => message,
       :confidence => CONFIDENCE[:med],
       :file => gemfile_or_environment,
-      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/8CpI7egxX4E/discussion"
+      :link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ"
   end
 
   def check_number_to_currency_usage
@@ -49,7 +49,7 @@ class Brakeman::CheckNumberToCurrency < Brakeman::BaseCheck
       :warning_code => :CVE_2013_6415_call,
       :message => "Currency value in number_to_currency is not safe in Rails #{@tracker.config[:rails_version]}",
       :confidence => CONFIDENCE[:high],
-      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/8CpI7egxX4E/discussion",
+      :link_path => "https://groups.google.com/d/msg/ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ",
       :user_input => match
   end
 end

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "2.3.0"
+  Version = "2.3.1"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: brakeman-min
 version: !ruby/object:Gem::Version 
-  hash: 3
+  hash: 1
   prerelease: 
   segments: 
   - 2
   - 3
-  - 0
-  version: 2.3.0
+  - 1
+  version: 2.3.1
 platform: ruby
 authors: 
 - Justin Collins
@@ -36,7 +36,7 @@ cert_chain:
   bdw=
   -----END CERTIFICATE-----
 
-date: 2013-12-12 00:00:00 Z
+date: 2013-12-13 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: ruby_parser