brakeman-min 2.4.1 → 2.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGES +9 -0
- data/lib/brakeman/checks.rb +2 -2
- data/lib/brakeman/checks/check_sanitize_methods.rb +3 -0
- data/lib/brakeman/processors/alias_processor.rb +1 -1
- data/lib/brakeman/processors/erb_template_processor.rb +1 -1
- data/lib/brakeman/processors/haml_template_processor.rb +52 -5
- data/lib/brakeman/processors/lib/find_all_calls.rb +10 -2
- data/lib/brakeman/processors/lib/render_helper.rb +8 -0
- data/lib/brakeman/processors/output_processor.rb +1 -1
- data/lib/brakeman/processors/template_processor.rb +2 -2
- data/lib/brakeman/scanner.rb +8 -8
- data/lib/brakeman/version.rb +1 -1
- data/lib/ruby_parser/bm_sexp_processor.rb +1 -1
- metadata +65 -107
- data.tar.gz.sig +0 -0
- metadata.gz.sig +0 -2
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 73220a83ef34f7926ef4f7e67491fbd3303b9433
|
4
|
+
data.tar.gz: 4eee59d1bcb0987ff93e3a1be536e67a1a237fc7
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 2d5c03a11006dec392f60d60c208d7ee96f8464ce270ea5c16700b7f809f17ac2c6f6570dc1056f19acc56600497e7ea302ecd53d6068341aa819e17bb55a86d
|
7
|
+
data.tar.gz: b8fd703779f241838ff928aa4f30158eaf966f5f313d976096deb13871abcb257b22b5f07df59bc32c17dbee6c86a51c99901098b33b916e8b964057f25b4244
|
data/CHANGES
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
# 2.4.2
|
2
|
+
|
3
|
+
* Remove `rescue Exception`
|
4
|
+
* Fix duplicate warnings about sanitize CVE
|
5
|
+
* Reuse duplicate call location information
|
6
|
+
* Only track original template output locations
|
7
|
+
* Skip identically rendered templates
|
8
|
+
* Fix HAML template processing
|
9
|
+
|
1
10
|
# 2.4.1
|
2
11
|
|
3
12
|
* Add check for CVE-2014-0082
|
data/lib/brakeman/checks.rb
CHANGED
@@ -100,7 +100,7 @@ class Brakeman::Checks
|
|
100
100
|
|
101
101
|
begin
|
102
102
|
check.run_check
|
103
|
-
rescue
|
103
|
+
rescue => e
|
104
104
|
tracker.error e
|
105
105
|
end
|
106
106
|
|
@@ -138,7 +138,7 @@ class Brakeman::Checks
|
|
138
138
|
|
139
139
|
begin
|
140
140
|
check.run_check
|
141
|
-
rescue
|
141
|
+
rescue => e
|
142
142
|
error_mutex.synchronize do
|
143
143
|
tracker.error e
|
144
144
|
end
|
@@ -35,6 +35,9 @@ class Brakeman::CheckSanitizeMethods < Brakeman::BaseCheck
|
|
35
35
|
|
36
36
|
def check_for_cve method, code, link
|
37
37
|
tracker.find_call(:target => false, :method => method).each do |result|
|
38
|
+
next if duplicate? result
|
39
|
+
add_result result
|
40
|
+
|
38
41
|
message = "Rails #{tracker.config[:rails_version]} has a vulnerability in #{method}: upgrade to #{@fix_version} or patch"
|
39
42
|
|
40
43
|
if include_user_input? result[:call]
|
@@ -20,7 +20,7 @@ class Brakeman::ErbTemplateProcessor < Brakeman::TemplateProcessor
|
|
20
20
|
@inside_concat = false
|
21
21
|
|
22
22
|
if exp.second_arg
|
23
|
-
raise
|
23
|
+
raise "Did not expect more than a single argument to _erbout.concat"
|
24
24
|
end
|
25
25
|
|
26
26
|
arg = exp.first_arg
|
@@ -3,6 +3,7 @@ require 'brakeman/processors/template_processor'
|
|
3
3
|
#Processes HAML templates.
|
4
4
|
class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
|
5
5
|
HAML_FORMAT_METHOD = /format_script_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)/
|
6
|
+
HAML_HELPERS = s(:colon2, s(:const, :Haml), :Helpers)
|
6
7
|
|
7
8
|
#Processes call, looking for template output
|
8
9
|
def process_call exp
|
@@ -29,7 +30,7 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
|
|
29
30
|
out = exp.first_arg = process(arg)
|
30
31
|
@inside_concat = false
|
31
32
|
else
|
32
|
-
raise
|
33
|
+
raise "Empty _hamlout.#{method}()?"
|
33
34
|
end
|
34
35
|
|
35
36
|
if string? out
|
@@ -37,9 +38,7 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
|
|
37
38
|
else
|
38
39
|
case method.to_s
|
39
40
|
when "push_text"
|
40
|
-
|
41
|
-
@current_template[:outputs] << s
|
42
|
-
s
|
41
|
+
build_output_from_push_text(out)
|
43
42
|
when HAML_FORMAT_METHOD
|
44
43
|
if $4 == "true"
|
45
44
|
Sexp.new :format_escaped, out
|
@@ -47,7 +46,7 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
|
|
47
46
|
Sexp.new :format, out
|
48
47
|
end
|
49
48
|
else
|
50
|
-
raise
|
49
|
+
raise "Unrecognized action on _hamlout: #{method}"
|
51
50
|
end
|
52
51
|
end
|
53
52
|
|
@@ -117,4 +116,52 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
|
|
117
116
|
exp.target.value == :_hamlout and
|
118
117
|
exp.method == :buffer
|
119
118
|
end
|
119
|
+
|
120
|
+
#HAML likes to put interpolated values into _hamlout.push_text
|
121
|
+
#but we want to handle those individually
|
122
|
+
def build_output_from_push_text exp
|
123
|
+
if node_type? exp, :string_interp, :dstr
|
124
|
+
exp.map! do |e|
|
125
|
+
if sexp? e
|
126
|
+
if node_type? e, :string_eval, :evstr
|
127
|
+
e = e.value
|
128
|
+
end
|
129
|
+
|
130
|
+
get_pushed_value e
|
131
|
+
else
|
132
|
+
e
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
#Gets outputs from values interpolated into _hamlout.push_text
|
139
|
+
def get_pushed_value exp
|
140
|
+
return exp unless sexp? exp
|
141
|
+
|
142
|
+
case exp.node_type
|
143
|
+
when :format
|
144
|
+
exp.node_type = :output
|
145
|
+
@current_template[:outputs] << exp
|
146
|
+
exp
|
147
|
+
when :format_escaped
|
148
|
+
exp.node_type = :escaped_output
|
149
|
+
@current_template[:outputs] << exp
|
150
|
+
exp
|
151
|
+
when :str, :ignore, :output, :escaped_output
|
152
|
+
exp
|
153
|
+
when :block, :rlist, :string_interp, :dstr
|
154
|
+
exp.map! { |e| get_pushed_value e }
|
155
|
+
else
|
156
|
+
if call? exp and exp.target == HAML_HELPERS and exp.method == :html_escape
|
157
|
+
s = Sexp.new(:escaped_output, exp.first_arg)
|
158
|
+
else
|
159
|
+
s = Sexp.new(:output, exp)
|
160
|
+
end
|
161
|
+
|
162
|
+
s.line(exp.line)
|
163
|
+
@current_template[:outputs] << s
|
164
|
+
s
|
165
|
+
end
|
166
|
+
end
|
120
167
|
end
|
@@ -9,6 +9,7 @@ class Brakeman::FindAllCalls < Brakeman::BaseProcessor
|
|
9
9
|
@current_method = nil
|
10
10
|
@in_target = false
|
11
11
|
@calls = []
|
12
|
+
@cache = {}
|
12
13
|
end
|
13
14
|
|
14
15
|
#Process the given source. Provide either class and method being searched
|
@@ -145,11 +146,18 @@ class Brakeman::FindAllCalls < Brakeman::BaseProcessor
|
|
145
146
|
|
146
147
|
def make_location
|
147
148
|
if @current_template
|
148
|
-
|
149
|
+
key = [@current_template, @current_file]
|
150
|
+
cached = @cache[key]
|
151
|
+
return cached if cached
|
152
|
+
|
153
|
+
@cache[key] = { :type => :template,
|
149
154
|
:template => @current_template,
|
150
155
|
:file => @current_file }
|
151
156
|
else
|
152
|
-
|
157
|
+
key = [@current_class, @current_method, @current_file]
|
158
|
+
cached = @cache[key]
|
159
|
+
return cached if cached
|
160
|
+
@cache[key] = { :type => :class,
|
153
161
|
:class => @current_class,
|
154
162
|
:method => @current_method,
|
155
163
|
:file => @current_file }
|
@@ -129,6 +129,14 @@ module Brakeman::RenderHelper
|
|
129
129
|
#TODO: Add in :locals => { ... } to environment
|
130
130
|
src = Brakeman::TemplateAliasProcessor.new(@tracker, template, called_from).process_safely(template[:src], template_env)
|
131
131
|
|
132
|
+
digest = Digest::SHA1.new.update(name + src.to_s).to_s.to_sym
|
133
|
+
|
134
|
+
if @tracker.template_cache.include? digest
|
135
|
+
return
|
136
|
+
else
|
137
|
+
@tracker.template_cache << digest
|
138
|
+
end
|
139
|
+
|
132
140
|
#Run alias-processed src through the template processor to pull out
|
133
141
|
#information and outputs.
|
134
142
|
#This information will be stored in tracker.templates, but with a name
|
@@ -26,7 +26,7 @@ class Brakeman::TemplateProcessor < Brakeman::BaseProcessor
|
|
26
26
|
def process exp
|
27
27
|
begin
|
28
28
|
super
|
29
|
-
rescue
|
29
|
+
rescue => e
|
30
30
|
except = e.exception("Error when processing #{@current_template[:name]}: #{e.message}")
|
31
31
|
except.set_backtrace(e.backtrace)
|
32
32
|
raise except
|
@@ -48,7 +48,7 @@ class Brakeman::TemplateProcessor < Brakeman::BaseProcessor
|
|
48
48
|
#Adds output to the list of outputs.
|
49
49
|
def process_output exp
|
50
50
|
exp.value = process exp.value
|
51
|
-
@current_template[:outputs] << exp
|
51
|
+
@current_template[:outputs] << exp unless exp.original_line
|
52
52
|
exp
|
53
53
|
end
|
54
54
|
|
data/lib/brakeman/scanner.rb
CHANGED
@@ -95,7 +95,7 @@ class Brakeman::Scanner
|
|
95
95
|
@processor.process_config(parse_ruby(@app_tree.read(path)))
|
96
96
|
end
|
97
97
|
|
98
|
-
rescue
|
98
|
+
rescue => e
|
99
99
|
Brakeman.notify "[Notice] Error while processing #{path}"
|
100
100
|
tracker.error e.exception(e.message + "\nwhile processing #{path}"), e.backtrace
|
101
101
|
end
|
@@ -111,7 +111,7 @@ class Brakeman::Scanner
|
|
111
111
|
@processor.process_gems(parse_ruby(@app_tree.read("Gemfile")))
|
112
112
|
end
|
113
113
|
end
|
114
|
-
rescue
|
114
|
+
rescue => e
|
115
115
|
Brakeman.notify "[Notice] Error while processing Gemfile."
|
116
116
|
tracker.error e.exception(e.message + "\nWhile processing Gemfile"), e.backtrace
|
117
117
|
end
|
@@ -131,7 +131,7 @@ class Brakeman::Scanner
|
|
131
131
|
@processor.process_initializer(path, parse_ruby(@app_tree.read_path(path)))
|
132
132
|
rescue Racc::ParseError => e
|
133
133
|
tracker.error e, "could not parse #{path}. There is probably a typo in the file. Test it with 'ruby_parse #{path}'"
|
134
|
-
rescue
|
134
|
+
rescue => e
|
135
135
|
tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
|
136
136
|
end
|
137
137
|
end
|
@@ -162,7 +162,7 @@ class Brakeman::Scanner
|
|
162
162
|
@processor.process_lib parse_ruby(@app_tree.read_path(path)), path
|
163
163
|
rescue Racc::ParseError => e
|
164
164
|
tracker.error e, "could not parse #{path}. There is probably a typo in the file. Test it with 'ruby_parse #{path}'"
|
165
|
-
rescue
|
165
|
+
rescue => e
|
166
166
|
tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
|
167
167
|
end
|
168
168
|
end
|
@@ -174,7 +174,7 @@ class Brakeman::Scanner
|
|
174
174
|
if @app_tree.exists?("config/routes.rb")
|
175
175
|
begin
|
176
176
|
@processor.process_routes parse_ruby(@app_tree.read("config/routes.rb"))
|
177
|
-
rescue
|
177
|
+
rescue => e
|
178
178
|
tracker.error e.exception(e.message + "\nWhile processing routes.rb"), e.backtrace
|
179
179
|
Brakeman.notify "[Notice] Error while processing routes - assuming all public controller methods are actions."
|
180
180
|
options[:assume_all_routes] = true
|
@@ -219,7 +219,7 @@ class Brakeman::Scanner
|
|
219
219
|
@processor.process_controller(parse_ruby(@app_tree.read_path(path)), path)
|
220
220
|
rescue Racc::ParseError => e
|
221
221
|
tracker.error e, "could not parse #{path}. There is probably a typo in the file. Test it with 'ruby_parse #{path}'"
|
222
|
-
rescue
|
222
|
+
rescue => e
|
223
223
|
tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
|
224
224
|
end
|
225
225
|
end
|
@@ -305,7 +305,7 @@ class Brakeman::Scanner
|
|
305
305
|
tracker.error e, "could not parse #{path}"
|
306
306
|
rescue Haml::Error => e
|
307
307
|
tracker.error e, ["While compiling HAML in #{path}"] << e.backtrace
|
308
|
-
rescue
|
308
|
+
rescue StandardError, LoadError => e
|
309
309
|
tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
|
310
310
|
end
|
311
311
|
end
|
@@ -339,7 +339,7 @@ class Brakeman::Scanner
|
|
339
339
|
@processor.process_model(parse_ruby(@app_tree.read_path(path)), path)
|
340
340
|
rescue Racc::ParseError => e
|
341
341
|
tracker.error e, "could not parse #{path}"
|
342
|
-
rescue
|
342
|
+
rescue => e
|
343
343
|
tracker.error e.exception(e.message + "\nWhile processing #{path}"), e.backtrace
|
344
344
|
end
|
345
345
|
end
|
data/lib/brakeman/version.rb
CHANGED
@@ -88,7 +88,7 @@ class Brakeman::SexpProcessor
|
|
88
88
|
def error_handler(type, exp=nil) # :nodoc:
|
89
89
|
begin
|
90
90
|
return yield
|
91
|
-
rescue
|
91
|
+
rescue => err
|
92
92
|
warn "#{err.class} Exception thrown while processing #{type} for sexp #{exp.inspect} #{caller.inspect}" if $DEBUG
|
93
93
|
raise
|
94
94
|
end
|
metadata
CHANGED
@@ -1,107 +1,77 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman-min
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
6
|
-
segments:
|
7
|
-
- 2
|
8
|
-
- 4
|
9
|
-
- 1
|
10
|
-
version: 2.4.1
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 2.4.2
|
11
5
|
platform: ruby
|
12
|
-
authors:
|
6
|
+
authors:
|
13
7
|
- Justin Collins
|
14
8
|
autorequire:
|
15
9
|
bindir: bin
|
16
|
-
cert_chain:
|
17
|
-
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
Fw0xMzEyMTIwMDMxNTdaFw0xNDEyMTIwMDMxNTdaMD0xDDAKBgNVBAMMA2dlbTEY
|
22
|
-
MBYGCgmSJomT8ixkARkWCGJyYWtlbWFuMRMwEQYKCZImiZPyLGQBGRYDb3JnMIIB
|
23
|
-
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCHmXCaAcZ4bVjijKoyQFx4N
|
24
|
-
dyN7B7bqY8wOXy6f/UZ6mdC8IRAj82KaWQjNE2LT/ObFUWpCRyLdrwjkDjdFDyOT
|
25
|
-
mZCZkiOeEy2ZxYGfxXMI/xg24c8r5Xmh16ErsYuprRcg+/KZ6s4UjseBNTARmBK4
|
26
|
-
IHcqIdnoWbYa3BWHoflJPaJUIaU+/yTclzFQHpswU7ka8ftIAWeoDQo22gasP/4N
|
27
|
-
HtJvAIyg1DcWPLcn0qbZmdehg8HZv8C+2MuLKX/2qZG9eseegMqMlHHabwwEy9Vv
|
28
|
-
f/t/+ltLjC0CRa2TqZ2EuQ5EEzbOsqAftaZJFmwv9Ut1UhjmdvR5RfN6dWMQ5QID
|
29
|
-
AQABozkwNzALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFPyEKeRy09i8qSr+9KFbeTqw
|
30
|
-
kMCSMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBALEk8/Wnl2VAqchxWlbg
|
31
|
-
RN0MkVUWMf8L0xxUiVKo5QeL4NBViALMBrU6IS4y6zyn+FoULAMEawUjZlZf4Hcg
|
32
|
-
S9unev3p+RTWUyksAnA27wHZs/NRIkW34s1ZI5NNE/xyu4ULOQjfh1wOjlWzyHu9
|
33
|
-
0t41/CtpgNPM2uAjG3RIqlp7QKXlby50cQqWJQCgTH3JNjMhmROEhTsI6COoApvd
|
34
|
-
Ce7Br39yjeoarvekq0wCXBYakUBw/DdZCG7mFZ6xgh01eqnZUsNd8vM+6V6v23Vu
|
35
|
-
jk2tMjFT4L1dA3MEsz3+MP144PDhPCh7tPe6yy81BOvyYTVkKzrAkgKwHD1CuvsH
|
36
|
-
bdw=
|
37
|
-
-----END CERTIFICATE-----
|
38
|
-
|
39
|
-
date: 2014-02-19 00:00:00 Z
|
40
|
-
dependencies:
|
41
|
-
- !ruby/object:Gem::Dependency
|
10
|
+
cert_chain:
|
11
|
+
- brakeman-public_cert.pem
|
12
|
+
date: 2014-03-21 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
42
15
|
name: ruby_parser
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
- - ~>
|
48
|
-
- !ruby/object:Gem::Version
|
49
|
-
hash: 23
|
50
|
-
segments:
|
51
|
-
- 3
|
52
|
-
- 4
|
53
|
-
- 0
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
requirements:
|
18
|
+
- - "~>"
|
19
|
+
- !ruby/object:Gem::Version
|
54
20
|
version: 3.4.0
|
55
21
|
type: :runtime
|
56
|
-
version_requirements: *id001
|
57
|
-
- !ruby/object:Gem::Dependency
|
58
|
-
name: ruby2ruby
|
59
22
|
prerelease: false
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
23
|
+
version_requirements: !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - "~>"
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
version: 3.4.0
|
28
|
+
- !ruby/object:Gem::Dependency
|
29
|
+
name: ruby2ruby
|
30
|
+
requirement: !ruby/object:Gem::Requirement
|
31
|
+
requirements:
|
32
|
+
- - "~>"
|
33
|
+
- !ruby/object:Gem::Version
|
70
34
|
version: 2.0.5
|
71
35
|
type: :runtime
|
72
|
-
version_requirements: *id002
|
73
|
-
- !ruby/object:Gem::Dependency
|
74
|
-
name: multi_json
|
75
36
|
prerelease: false
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
37
|
+
version_requirements: !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
39
|
+
- - "~>"
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: 2.0.5
|
42
|
+
- !ruby/object:Gem::Dependency
|
43
|
+
name: multi_json
|
44
|
+
requirement: !ruby/object:Gem::Requirement
|
45
|
+
requirements:
|
46
|
+
- - "~>"
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
version: '1.2'
|
86
49
|
type: :runtime
|
87
|
-
|
88
|
-
|
50
|
+
prerelease: false
|
51
|
+
version_requirements: !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - "~>"
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
version: '1.2'
|
56
|
+
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
57
|
+
via static analysis. This version of the gem only requires the minimum number of
|
58
|
+
dependencies. Use the 'brakeman' gem for a full install.
|
89
59
|
email: gem@brakeman.org
|
90
|
-
executables:
|
60
|
+
executables:
|
91
61
|
- brakeman
|
92
62
|
extensions: []
|
93
|
-
|
94
63
|
extra_rdoc_files: []
|
95
|
-
|
96
|
-
files:
|
97
|
-
- bin/brakeman
|
64
|
+
files:
|
98
65
|
- CHANGES
|
99
|
-
- WARNING_TYPES
|
100
66
|
- FEATURES
|
101
67
|
- README.md
|
68
|
+
- WARNING_TYPES
|
69
|
+
- bin/brakeman
|
70
|
+
- lib/brakeman.rb
|
102
71
|
- lib/brakeman/app_tree.rb
|
103
72
|
- lib/brakeman/brakeman.rake
|
104
73
|
- lib/brakeman/call_index.rb
|
74
|
+
- lib/brakeman/checks.rb
|
105
75
|
- lib/brakeman/checks/base_check.rb
|
106
76
|
- lib/brakeman/checks/check_basic_auth.rb
|
107
77
|
- lib/brakeman/checks/check_content_tag.rb
|
@@ -153,7 +123,6 @@ files:
|
|
153
123
|
- lib/brakeman/checks/check_validation_regex.rb
|
154
124
|
- lib/brakeman/checks/check_without_protection.rb
|
155
125
|
- lib/brakeman/checks/check_yaml_parsing.rb
|
156
|
-
- lib/brakeman/checks.rb
|
157
126
|
- lib/brakeman/differ.rb
|
158
127
|
- lib/brakeman/format/style.css
|
159
128
|
- lib/brakeman/options.rb
|
@@ -187,6 +156,7 @@ files:
|
|
187
156
|
- lib/brakeman/processors/slim_template_processor.rb
|
188
157
|
- lib/brakeman/processors/template_alias_processor.rb
|
189
158
|
- lib/brakeman/processors/template_processor.rb
|
159
|
+
- lib/brakeman/report.rb
|
190
160
|
- lib/brakeman/report/ignore/config.rb
|
191
161
|
- lib/brakeman/report/ignore/interactive.rb
|
192
162
|
- lib/brakeman/report/initializers/faster_csv.rb
|
@@ -210,7 +180,6 @@ files:
|
|
210
180
|
- lib/brakeman/report/templates/template_overview.html.erb
|
211
181
|
- lib/brakeman/report/templates/view_warnings.html.erb
|
212
182
|
- lib/brakeman/report/templates/warning_overview.html.erb
|
213
|
-
- lib/brakeman/report.rb
|
214
183
|
- lib/brakeman/rescanner.rb
|
215
184
|
- lib/brakeman/scanner.rb
|
216
185
|
- lib/brakeman/tracker.rb
|
@@ -218,41 +187,30 @@ files:
|
|
218
187
|
- lib/brakeman/version.rb
|
219
188
|
- lib/brakeman/warning.rb
|
220
189
|
- lib/brakeman/warning_codes.rb
|
221
|
-
- lib/brakeman.rb
|
222
190
|
- lib/ruby_parser/bm_sexp.rb
|
223
191
|
- lib/ruby_parser/bm_sexp_processor.rb
|
224
192
|
homepage: http://brakemanscanner.org
|
225
|
-
licenses:
|
193
|
+
licenses:
|
226
194
|
- MIT
|
195
|
+
metadata: {}
|
227
196
|
post_install_message:
|
228
197
|
rdoc_options: []
|
229
|
-
|
230
|
-
require_paths:
|
198
|
+
require_paths:
|
231
199
|
- lib
|
232
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
233
|
-
|
234
|
-
requirements:
|
200
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
201
|
+
requirements:
|
235
202
|
- - ">="
|
236
|
-
- !ruby/object:Gem::Version
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
version: "0"
|
241
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
242
|
-
none: false
|
243
|
-
requirements:
|
203
|
+
- !ruby/object:Gem::Version
|
204
|
+
version: '0'
|
205
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
206
|
+
requirements:
|
244
207
|
- - ">="
|
245
|
-
- !ruby/object:Gem::Version
|
246
|
-
|
247
|
-
segments:
|
248
|
-
- 0
|
249
|
-
version: "0"
|
208
|
+
- !ruby/object:Gem::Version
|
209
|
+
version: '0'
|
250
210
|
requirements: []
|
251
|
-
|
252
211
|
rubyforge_project:
|
253
|
-
rubygems_version:
|
212
|
+
rubygems_version: 2.2.2
|
254
213
|
signing_key:
|
255
|
-
specification_version:
|
214
|
+
specification_version: 4
|
256
215
|
summary: Security vulnerability scanner for Ruby on Rails.
|
257
216
|
test_files: []
|
258
|
-
|
data.tar.gz.sig
DELETED
Binary file
|
metadata.gz.sig
DELETED