brakeman-min 2.6.0 → 2.6.1
Sign up to get free protection for your applications and to get access to all the features.
- data.tar.gz.sig +0 -0
- data/CHANGES +6 -0
- data/lib/brakeman/checks/check_sql_cves.rb +12 -0
- data/lib/brakeman/processors/alias_processor.rb +2 -0
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning_codes.rb +6 -3
- metadata +21 -28
- metadata.gz.sig +0 -0
- checksums.yaml +0 -15
- checksums.yaml.gz.sig +0 -0
data.tar.gz.sig
CHANGED
Binary file
|
data/CHANGES
CHANGED
@@ -48,6 +48,18 @@ class Brakeman::CheckSQLCVEs < Brakeman::BaseCheck
|
|
48
48
|
}
|
49
49
|
end
|
50
50
|
|
51
|
+
if tracker.config[:gems] and tracker.config[:gems][:pg]
|
52
|
+
issues << {
|
53
|
+
:cve => "CVE-2014-3482",
|
54
|
+
:versions => [%w[2.0.0 2.9.9 3.2.19], %w[3.0.0 3.2.18 3.2.19], %w[4.0.0 4.0.6 4.0.7], %w[4.1.0 4.1.2 4.1.3]],
|
55
|
+
:url => "https://groups.google.com/d/msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J"
|
56
|
+
} <<
|
57
|
+
{
|
58
|
+
:cve => "CVE-2014-3483",
|
59
|
+
:versions => [%w[2.0.0 2.9.9 3.2.19], %w[3.0.0 3.2.18 3.2.19], %w[4.0.0 4.0.6 4.0.7], %w[4.1.0 4.1.2 4.1.3]],
|
60
|
+
:url => "https://groups.google.com/d/msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }
|
61
|
+
end
|
62
|
+
|
51
63
|
issues.each do |cve_issue|
|
52
64
|
cve_warning_for cve_issue[:versions], cve_issue[:cve], cve_issue[:url]
|
53
65
|
end
|
@@ -180,6 +180,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
180
180
|
#Force block arg(s) to be local
|
181
181
|
if node_type? e, :lasgn
|
182
182
|
env.current[Sexp.new(:lvar, e.lhs)] = e.rhs
|
183
|
+
elsif node_type? e, :kwarg
|
184
|
+
env.current[Sexp.new(:lvar, e[1])] = e[2]
|
183
185
|
elsif node_type? e, :masgn
|
184
186
|
e[1..-1].each do |var|
|
185
187
|
local = Sexp.new(:lvar, var)
|
data/lib/brakeman/version.rb
CHANGED
@@ -41,7 +41,7 @@ module Brakeman::WarningCodes
|
|
41
41
|
:CVE_2012_2660 => 38,
|
42
42
|
:CVE_2012_2661 => 39,
|
43
43
|
:CVE_2012_2695 => 40,
|
44
|
-
|
44
|
+
#:CVE_2012_2931 => 41,
|
45
45
|
:CVE_2012_3424 => 42,
|
46
46
|
:CVE_2012_3463 => 43,
|
47
47
|
:CVE_2012_3464 => 44,
|
@@ -65,8 +65,9 @@ module Brakeman::WarningCodes
|
|
65
65
|
:detailed_exceptions => 62,
|
66
66
|
:CVE_2013_4491 => 63,
|
67
67
|
:CVE_2013_6414 => 64,
|
68
|
-
|
69
|
-
|
68
|
+
# Replaced by CVE_2014_0081
|
69
|
+
#:CVE_2013_6415 => 65,
|
70
|
+
#:CVE_2013_6415_call => 66,
|
70
71
|
:CVE_2013_6416 => 67,
|
71
72
|
:CVE_2013_6416_call => 68,
|
72
73
|
:CVE_2013_6417 => 69,
|
@@ -78,6 +79,8 @@ module Brakeman::WarningCodes
|
|
78
79
|
:CVE_2014_0082 => 75,
|
79
80
|
:regex_dos => 76,
|
80
81
|
:CVE_2014_0130 => 77,
|
82
|
+
:CVE_2014_3482 => 78,
|
83
|
+
:CVE_2014_3483 => 79,
|
81
84
|
}
|
82
85
|
|
83
86
|
def self.code name
|
metadata
CHANGED
@@ -1,7 +1,8 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman-min
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.6.
|
4
|
+
version: 2.6.1
|
5
|
+
prerelease:
|
5
6
|
platform: ruby
|
6
7
|
authors:
|
7
8
|
- Justin Collins
|
@@ -35,50 +36,41 @@ cert_chain:
|
|
35
36
|
Q0c3bUZaNnhnaDAxZXFuWlVzTmQ4dk0rNlY2djIzVnUKamsydE1qRlQ0TDFk
|
36
37
|
QTNNRXN6MytNUDE0NFBEaFBDaDd0UGU2eXk4MUJPdnlZVFZrS3pyQWtnS3dI
|
37
38
|
RDFDdXZzSApiZHc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
38
|
-
date: 2014-
|
39
|
+
date: 2014-07-02 00:00:00.000000000 Z
|
39
40
|
dependencies:
|
40
41
|
- !ruby/object:Gem::Dependency
|
41
42
|
name: ruby_parser
|
42
|
-
requirement: !ruby/object:Gem::Requirement
|
43
|
+
requirement: &70097644561700 !ruby/object:Gem::Requirement
|
44
|
+
none: false
|
43
45
|
requirements:
|
44
46
|
- - ~>
|
45
47
|
- !ruby/object:Gem::Version
|
46
48
|
version: 3.5.0
|
47
49
|
type: :runtime
|
48
50
|
prerelease: false
|
49
|
-
version_requirements:
|
50
|
-
requirements:
|
51
|
-
- - ~>
|
52
|
-
- !ruby/object:Gem::Version
|
53
|
-
version: 3.5.0
|
51
|
+
version_requirements: *70097644561700
|
54
52
|
- !ruby/object:Gem::Dependency
|
55
53
|
name: ruby2ruby
|
56
|
-
requirement: !ruby/object:Gem::Requirement
|
54
|
+
requirement: &70097644561180 !ruby/object:Gem::Requirement
|
55
|
+
none: false
|
57
56
|
requirements:
|
58
57
|
- - ~>
|
59
58
|
- !ruby/object:Gem::Version
|
60
59
|
version: 2.0.5
|
61
60
|
type: :runtime
|
62
61
|
prerelease: false
|
63
|
-
version_requirements:
|
64
|
-
requirements:
|
65
|
-
- - ~>
|
66
|
-
- !ruby/object:Gem::Version
|
67
|
-
version: 2.0.5
|
62
|
+
version_requirements: *70097644561180
|
68
63
|
- !ruby/object:Gem::Dependency
|
69
64
|
name: multi_json
|
70
|
-
requirement: !ruby/object:Gem::Requirement
|
65
|
+
requirement: &70097644560680 !ruby/object:Gem::Requirement
|
66
|
+
none: false
|
71
67
|
requirements:
|
72
68
|
- - ~>
|
73
69
|
- !ruby/object:Gem::Version
|
74
70
|
version: '1.2'
|
75
71
|
type: :runtime
|
76
72
|
prerelease: false
|
77
|
-
version_requirements:
|
78
|
-
requirements:
|
79
|
-
- - ~>
|
80
|
-
- !ruby/object:Gem::Version
|
81
|
-
version: '1.2'
|
73
|
+
version_requirements: *70097644560680
|
82
74
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
83
75
|
via static analysis. This version of the gem only requires the minimum number of
|
84
76
|
dependencies. Use the 'brakeman' gem for a full install.
|
@@ -88,16 +80,14 @@ executables:
|
|
88
80
|
extensions: []
|
89
81
|
extra_rdoc_files: []
|
90
82
|
files:
|
83
|
+
- bin/brakeman
|
91
84
|
- CHANGES
|
85
|
+
- WARNING_TYPES
|
92
86
|
- FEATURES
|
93
87
|
- README.md
|
94
|
-
- WARNING_TYPES
|
95
|
-
- bin/brakeman
|
96
|
-
- lib/brakeman.rb
|
97
88
|
- lib/brakeman/app_tree.rb
|
98
89
|
- lib/brakeman/brakeman.rake
|
99
90
|
- lib/brakeman/call_index.rb
|
100
|
-
- lib/brakeman/checks.rb
|
101
91
|
- lib/brakeman/checks/base_check.rb
|
102
92
|
- lib/brakeman/checks/check_basic_auth.rb
|
103
93
|
- lib/brakeman/checks/check_content_tag.rb
|
@@ -151,6 +141,7 @@ files:
|
|
151
141
|
- lib/brakeman/checks/check_validation_regex.rb
|
152
142
|
- lib/brakeman/checks/check_without_protection.rb
|
153
143
|
- lib/brakeman/checks/check_yaml_parsing.rb
|
144
|
+
- lib/brakeman/checks.rb
|
154
145
|
- lib/brakeman/differ.rb
|
155
146
|
- lib/brakeman/file_parser.rb
|
156
147
|
- lib/brakeman/format/style.css
|
@@ -186,7 +177,6 @@ files:
|
|
186
177
|
- lib/brakeman/processors/slim_template_processor.rb
|
187
178
|
- lib/brakeman/processors/template_alias_processor.rb
|
188
179
|
- lib/brakeman/processors/template_processor.rb
|
189
|
-
- lib/brakeman/report.rb
|
190
180
|
- lib/brakeman/report/ignore/config.rb
|
191
181
|
- lib/brakeman/report/ignore/interactive.rb
|
192
182
|
- lib/brakeman/report/initializers/faster_csv.rb
|
@@ -211,6 +201,7 @@ files:
|
|
211
201
|
- lib/brakeman/report/templates/template_overview.html.erb
|
212
202
|
- lib/brakeman/report/templates/view_warnings.html.erb
|
213
203
|
- lib/brakeman/report/templates/warning_overview.html.erb
|
204
|
+
- lib/brakeman/report.rb
|
214
205
|
- lib/brakeman/rescanner.rb
|
215
206
|
- lib/brakeman/scanner.rb
|
216
207
|
- lib/brakeman/tracker.rb
|
@@ -218,30 +209,32 @@ files:
|
|
218
209
|
- lib/brakeman/version.rb
|
219
210
|
- lib/brakeman/warning.rb
|
220
211
|
- lib/brakeman/warning_codes.rb
|
212
|
+
- lib/brakeman.rb
|
221
213
|
- lib/ruby_parser/bm_sexp.rb
|
222
214
|
- lib/ruby_parser/bm_sexp_processor.rb
|
223
215
|
homepage: http://brakemanscanner.org
|
224
216
|
licenses:
|
225
217
|
- MIT
|
226
|
-
metadata: {}
|
227
218
|
post_install_message:
|
228
219
|
rdoc_options: []
|
229
220
|
require_paths:
|
230
221
|
- lib
|
231
222
|
required_ruby_version: !ruby/object:Gem::Requirement
|
223
|
+
none: false
|
232
224
|
requirements:
|
233
225
|
- - ! '>='
|
234
226
|
- !ruby/object:Gem::Version
|
235
227
|
version: '0'
|
236
228
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
229
|
+
none: false
|
237
230
|
requirements:
|
238
231
|
- - ! '>='
|
239
232
|
- !ruby/object:Gem::Version
|
240
233
|
version: '0'
|
241
234
|
requirements: []
|
242
235
|
rubyforge_project:
|
243
|
-
rubygems_version:
|
236
|
+
rubygems_version: 1.8.9
|
244
237
|
signing_key:
|
245
|
-
specification_version:
|
238
|
+
specification_version: 3
|
246
239
|
summary: Security vulnerability scanner for Ruby on Rails.
|
247
240
|
test_files: []
|
metadata.gz.sig
CHANGED
Binary file
|
checksums.yaml
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
---
|
2
|
-
!binary "U0hBMQ==":
|
3
|
-
metadata.gz: !binary |-
|
4
|
-
N2IyMjQ4YzA0MGJjYTE4M2QzODBlMmNkM2U3ZWYyMDMxNmIzMGZhMw==
|
5
|
-
data.tar.gz: !binary |-
|
6
|
-
OGY5YTMxYjhiYmQ0MmEzMzk3M2Q1YzNkNjM1OTlkZDljN2IxN2IzMA==
|
7
|
-
SHA512:
|
8
|
-
metadata.gz: !binary |-
|
9
|
-
Njk1MmNlODJiMzhiZTM4YTcxNWEzNTQ0YjM0ODg4ODE1OTEzYjg0MGQwZjQ3
|
10
|
-
YWFkZDgxOTY5MGM5Njg0NGQ4MjVhYmVhNTk2MGQ2YjZiNjBjZmRhODBmOTQy
|
11
|
-
YTlmMTZkNmFiNjMzYjZiYTM4ZWNjOWZjNTY1ZWFhMjU2YTlkNGI=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
NGUwZGQzYWNmNjBmMjk3YTVmNThiYzcyNDc0YTM3NjAzM2I2MjBkYTg4YWRi
|
14
|
-
MzdjMDgyZDI4MTdhN2VhN2FmNmQ3Mjc0YWQ0N2Q1OTFmY2FkMmE4YzRkMTQ5
|
15
|
-
N2M1YTdlYTQ5NWVmMzg3NTEyNjc5Njc1NDE2YWUyYmUxNGEzNDU=
|
checksums.yaml.gz.sig
DELETED
Binary file
|