brakeman 0.0.2 → 0.0.3

data/README.md

@@ -6,44 +6,50 @@ It targets Rails versions > 2.0 and < 3.0.
 
 # Installation
 
+Using RubyGems:
+
+    gem install brakeman
+
+From source:
+
     gem build brakeman.gemspec
     gem install brakeman*.gem
 
 # Usage
 
-    brakeman path/to/rails/app/root
+    brakeman app_path
 
 # Options
 
 To specify an output file for the results:
 
-    brakeman -o output_file path/to/rails/app/root
+    brakeman -o output_file app_path
 
 The output format is determined by the file extension or by using the `-f` option. Current options are: `text`, `html`, and `csv`.
 
 To suppress informational warnings and just output the report:
 
-    brakeman -q path/to/rails/app/root
+    brakeman -q app_path
 
 To see all kinds of debugging information:
 
-    brakeman -d path/to/rails/app/root
+    brakeman -d app_path
 
 Specific checks can be skipped, if desired. The name needs to be the correct case. For example, to skip looking for default routes (`DefaultRoutes`):
 
-    brakeman -x DefaultRoutes path/to/rails/app/root
+    brakeman -x DefaultRoutes app_path
 
 Multiple checks should be separated by a comma:
 
-    brakeman -x DefaultRoutes,Redirect path/to/rails/app/root
+    brakeman -x DefaultRoutes,Redirect app_path
 
 To do the opposite and only run a certain set of tests:
 
-    brakeman -t SQL,ValidationRegex path/to/rails/app/root
+    brakeman -t SQL,ValidationRegex app_path
 
 To indicate certain methods are "safe":
 
-    brakeman -s benign_method,totally_safe path/to/rails/app/root
+    brakeman -s benign_method,totally_safe app_path
 
 By default, brakeman will assume that unknown methods involving untrusted data are dangerous. For example, this would a warning:
 
@@ -51,7 +57,7 @@ By default, brakeman will assume that unknown methods involving untrusted data a
 
 To only raise warnings only when untrusted data is being directly used:
 
-    brakeman -r path/to/rails/app/root
+    brakeman -r app_path
 
 # Warning information
 
@@ -73,7 +79,7 @@ There are three levels of confidence:
 
 To only get warnings above a given confidence level:
 
-    brakeman -w3 /path/to/rails/app/root
+    brakeman -w3 app_path
 
 The `-w` switch takes a number from 1 to 3, with 1 being low (all warnings) and 3 being high (only high confidence warnings).
 

data/lib/checks/check_evaluation.rb

@@ -9,8 +9,6 @@ class CheckEvaluation < BaseCheck
   def run_check
     calls = tracker.find_call nil, [:eval, :instance_eval, :class_eval, :module_eval]
 
-    @templates = tracker.templates
-
     calls.each do |call|
       process_result call
     end

data/lib/processors/base_processor.rb

@@ -210,6 +210,8 @@ class BaseProcessor < SexpProcessor
     elsif args[1].is_a? Symbol or args[1].is_a? String
       type = :action
       value = Sexp.new(:lit, args[1].to_sym)
+		elsif args[1].nil?
+			type = :default
     elsif not hash? args[1]
       type = :action
       value = args[1]

data/lib/processors/output_processor.rb

@@ -201,4 +201,33 @@ class OutputProcessor < Ruby2Ruby
     exp.clear
     out
   end
+
+  #This is copied from Ruby2Ruby, except the :string_eval type has been added
+  def util_dthing(type, exp)
+    s = []
+
+    # first item in sexp is a string literal
+    s << dthing_escape(type, exp.shift)
+
+    until exp.empty?
+      pt = exp.shift
+      case pt
+      when Sexp then
+        case pt.first
+        when :str then
+          s << dthing_escape(type, pt.last)
+        when :evstr, :string_eval then
+          s << '#{' << process(pt) << '}' # do not use interpolation here
+        else
+          raise "unknown type: #{pt.inspect}"
+        end
+      else
+        # HACK: raise "huh?: #{pt.inspect}" -- hitting # constants in regexps
+        # do nothing for now
+      end
+    end
+
+    s.join
+  end
+
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: brakeman
 version: !ruby/object:Gem::Version 
-  hash: 27
+  hash: 25
   prerelease: false
   segments: 
   - 0
   - 0
-  - 2
-  version: 0.0.2
+  - 3
+  version: 0.0.3
 platform: ruby
 authors: 
 - Justin Collins
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-27 00:00:00 -07:00
+date: 2010-10-15 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -111,47 +111,47 @@ files:
 - WARNING_TYPES
 - FEATURES
 - README.md
-- lib/report.rb
-- lib/processor.rb
-- lib/tracker.rb
+- lib/warning.rb
+- lib/processors/params_processor.rb
+- lib/processors/controller_alias_processor.rb
+- lib/processors/base_processor.rb
 - lib/processors/controller_processor.rb
-- lib/processors/route_processor.rb
-- lib/processors/alias_processor.rb
 - lib/processors/library_processor.rb
-- lib/processors/params_processor.rb
-- lib/processors/lib/render_helper.rb
+- lib/processors/erb_template_processor.rb
+- lib/processors/haml_template_processor.rb
+- lib/processors/template_alias_processor.rb
+- lib/processors/route_processor.rb
+- lib/processors/model_processor.rb
 - lib/processors/lib/find_call.rb
-- lib/processors/lib/find_model_call.rb
 - lib/processors/lib/processor_helper.rb
-- lib/processors/erubis_template_processor.rb
-- lib/processors/template_alias_processor.rb
-- lib/processors/erb_template_processor.rb
-- lib/processors/controller_alias_processor.rb
-- lib/processors/config_processor.rb
+- lib/processors/lib/find_model_call.rb
+- lib/processors/lib/render_helper.rb
+- lib/processors/alias_processor.rb
 - lib/processors/output_processor.rb
-- lib/processors/base_processor.rb
-- lib/processors/haml_template_processor.rb
+- lib/processors/config_processor.rb
+- lib/processors/erubis_template_processor.rb
 - lib/processors/template_processor.rb
-- lib/processors/model_processor.rb
-- lib/warning.rb
-- lib/checks/check_evaluation.rb
-- lib/checks/check_session_settings.rb
-- lib/checks/check_cross_site_scripting.rb
 - lib/checks/check_send_file.rb
+- lib/checks/check_session_settings.rb
+- lib/checks/check_sql.rb
 - lib/checks/check_mass_assignment.rb
-- lib/checks/check_default_routes.rb
+- lib/checks/check_cross_site_scripting.rb
 - lib/checks/check_model_attributes.rb
-- lib/checks/check_file_access.rb
-- lib/checks/check_render.rb
-- lib/checks/check_forgery_setting.rb
-- lib/checks/base_check.rb
-- lib/checks/check_redirect.rb
+- lib/checks/check_default_routes.rb
+- lib/checks/check_evaluation.rb
 - lib/checks/check_validation_regex.rb
-- lib/checks/check_sql.rb
 - lib/checks/check_execute.rb
+- lib/checks/base_check.rb
+- lib/checks/check_file_access.rb
+- lib/checks/check_redirect.rb
+- lib/checks/check_forgery_setting.rb
+- lib/checks/check_render.rb
+- lib/tracker.rb
 - lib/util.rb
-- lib/checks.rb
+- lib/report.rb
 - lib/scanner.rb
+- lib/checks.rb
+- lib/processor.rb
 - lib/format/style.css
 has_rdoc: true
 homepage: http://github.com/presidentbeef/brakeman