brakeman 0.8.4 → 0.9.0

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -77,12 +77,6 @@ Normally Brakeman will parse `routes.rb` and attempt to infer which controller m
77
77
 
78
78
  Note that this will be enabled automatically if Brakeman runs into an error while parsing the routes.
79
79
 
80
- To skip processing the `lib` directory (which is currently only used in a couple situations):
81
-
82
- brakeman --skip-libs
83
-
84
- This can save processing time and memory.
85
-
86
80
  # Warning information
87
81
 
88
82
  See WARNING_TYPES for more information on the warnings reported by this tool.
@@ -104,14 +104,21 @@ class BaseCheck < SexpProcessor
104
104
  end
105
105
 
106
106
  #Checks if mass assignment is disabled globally in an initializer.
107
- def mass_assign_disabled? tracker
108
- matches = tracker.check_initializers(:"ActiveRecord::Base", :send)
109
- if matches.empty?
110
- false
107
+ def mass_assign_disabled?
108
+ if version_between?("3.1.0", "4.0.0") and
109
+ tracker.config[:rails][:active_record] and
110
+ tracker.config[:rails][:active_record][:whitelist_attributes] == Sexp.new(:true)
111
+
112
+ return true
111
113
  else
112
- matches.each do |result|
113
- if result[3][3] == Sexp.new(:arg_list, Sexp.new(:lit, :attr_accessible), Sexp.new(:nil))
114
- return true
114
+ matches = tracker.check_initializers(:"ActiveRecord::Base", :send)
115
+ if matches.empty?
116
+ false
117
+ else
118
+ matches.each do |result|
119
+ if result[3][3] == Sexp.new(:arg_list, Sexp.new(:lit, :attr_accessible), Sexp.new(:nil))
120
+ return true
121
+ end
115
122
  end
116
123
  end
117
124
  end
@@ -343,13 +350,23 @@ class BaseCheck < SexpProcessor
343
350
  low_version = low_version.split(".").map! { |n| n.to_i }
344
351
  high_version = high_version.split(".").map! { |n| n.to_i }
345
352
 
346
- version.each_with_index do |n, i|
347
- if n < low_version[i] or n > high_version[i]
353
+ version.each_with_index do |v, i|
354
+ if v < low_version[i]
355
+ return false
356
+ elsif v > low_version[i]
357
+ break
358
+ end
359
+ end
360
+
361
+ version.each_with_index do |v, i|
362
+ if v > high_version[i]
348
363
  return false
364
+ elsif v < high_version[i]
365
+ break
349
366
  end
350
367
  end
351
368
 
352
- return true
369
+ true
353
370
  end
354
371
 
355
372
  def gemfile_or_environment
@@ -7,7 +7,7 @@ class CheckMassAssignment < BaseCheck
7
7
  Checks.add self
8
8
 
9
9
  def run_check
10
- return if mass_assign_disabled? tracker
10
+ return if mass_assign_disabled?
11
11
 
12
12
  models = []
13
13
  tracker.models.each do |name, m|
@@ -9,7 +9,7 @@ class CheckModelAttributes < BaseCheck
9
9
  Checks.add self
10
10
 
11
11
  def run_check
12
- return if mass_assign_disabled? tracker
12
+ return if mass_assign_disabled?
13
13
 
14
14
  names = []
15
15
 
@@ -8,7 +8,7 @@ class CheckWithoutProtection < BaseCheck
8
8
  Checks.add self
9
9
 
10
10
  def run_check
11
- if mass_assign_disabled? tracker or version_between? "0.0.0", "3.0.99"
11
+ if version_between? "0.0.0", "3.0.99"
12
12
  return
13
13
  end
14
14
 
@@ -1,146 +1,5 @@
1
- require 'processors/base_processor'
2
- require 'processors/alias_processor'
3
-
4
- #Replace block variable in
5
- #
6
- # Rails::Initializer.run |config|
7
- #
8
- #with this value so we can keep track of it.
9
- RAILS_CONFIG = Sexp.new(:const, :"!BRAKEMAN_RAILS_CONFIG")
10
-
11
- #Processes configuration. Results are put in tracker.config.
12
- #
13
- #Configuration of Rails via Rails::Initializer are stored in tracker.config[:rails].
14
- #For example:
15
- #
16
- # Rails::Initializer.run |config|
17
- # config.action_controller.session_store = :cookie_store
18
- # end
19
- #
20
- #will be stored in
21
- #
22
- # tracker.config[:rails][:action_controller][:session_store]
23
- #
24
- #Values for tracker.config[:rails] will still be Sexps.
25
- class ConfigProcessor < BaseProcessor
26
- def initialize *args
27
- super
28
- @tracker.config[:rails] ||= {}
29
- end
30
-
31
- #Use this method to process configuration file
32
- def process_config src
33
- res = ConfigAliasProcessor.new.process_safely(src)
34
- process res
35
- end
36
-
37
- #Check if config is set to use Erubis
38
- def process_call exp
39
- target = exp[1]
40
- target = process target if sexp? target
41
-
42
- if exp[2] == :gem and exp[3][1][1] == "erubis"
43
- warn "[Notice] Using Erubis for ERB templates"
44
- @tracker.config[:erubis] = true
45
- end
46
-
47
- exp
48
- end
49
-
50
- #Look for configuration settings
51
- def process_attrasgn exp
52
- if exp[1] == RAILS_CONFIG
53
- #Get rid of '=' at end
54
- attribute = exp[2].to_s[0..-2].to_sym
55
- if exp[3].length > 2
56
- #Multiple arguments?...not sure if this will ever happen
57
- @tracker.config[:rails][exp[2]] = exp[3][1..-1]
58
- else
59
- @tracker.config[:rails][exp[2]] = exp[3][1]
60
- end
61
- elsif include_rails_config? exp
62
- options = get_rails_config exp
63
- level = @tracker.config[:rails]
64
- options[0..-2].each do |o|
65
- level[o] ||= {}
66
- level = level[o]
67
- end
68
-
69
- level[options.last] = exp[3][1]
70
- end
71
-
72
- exp
73
- end
74
-
75
- #Check for Rails version
76
- def process_cdecl exp
77
- #Set Rails version required
78
- if exp[1] == :RAILS_GEM_VERSION
79
- @tracker.config[:rails_version] = exp[2][1]
80
- end
81
-
82
- exp
83
- end
84
-
85
- #Check if an expression includes a call to set Rails config
86
- def include_rails_config? exp
87
- target = exp[1]
88
- if call? target
89
- if target[1] == RAILS_CONFIG
90
- true
91
- else
92
- include_rails_config? target
93
- end
94
- elsif target == RAILS_CONFIG
95
- true
96
- else
97
- false
98
- end
99
- end
100
-
101
- #Returns an array of symbols for each 'level' in the config
102
- #
103
- # config.action_controller.session_store = :cookie
104
- #
105
- #becomes
106
- #
107
- # [:action_controller, :session_store]
108
- def get_rails_config exp
109
- if sexp? exp and exp.node_type == :attrasgn
110
- attribute = exp[2].to_s[0..-2].to_sym
111
- get_rails_config(exp[1]) << attribute
112
- elsif call? exp
113
- if exp[1] == RAILS_CONFIG
114
- [exp[2]]
115
- else
116
- get_rails_config(exp[1]) << exp[2]
117
- end
118
- else
119
- raise "WHAT"
120
- end
121
- end
122
- end
123
-
124
- #This is necessary to replace block variable so we can track config settings
125
- class ConfigAliasProcessor < AliasProcessor
126
-
127
- RAILS_INIT = Sexp.new(:colon2, Sexp.new(:const, :Rails), :Initializer)
128
-
129
- #Look for a call to
130
- #
131
- # Rails::Initializer.run do |config|
132
- # ...
133
- # end
134
- #
135
- #and replace config with RAILS_CONFIG
136
- def process_iter exp
137
- target = exp[1][1]
138
- method = exp[1][2]
139
-
140
- if sexp? target and target == RAILS_INIT and method == :run
141
- exp[2][2] = RAILS_CONFIG
142
- end
143
-
144
- process_default exp
145
- end
1
+ if OPTIONS[:rails3]
2
+ load 'processors/lib/rails3_config_processor.rb'
3
+ else
4
+ load 'processors/lib/rails2_config_processor.rb'
146
5
  end
@@ -0,0 +1,146 @@
1
+ require 'processors/base_processor'
2
+ require 'processors/alias_processor'
3
+
4
+ #Replace block variable in
5
+ #
6
+ # Rails::Initializer.run |config|
7
+ #
8
+ #with this value so we can keep track of it.
9
+ RAILS_CONFIG = Sexp.new(:const, :"!BRAKEMAN_RAILS_CONFIG")
10
+
11
+ #Processes configuration. Results are put in tracker.config.
12
+ #
13
+ #Configuration of Rails via Rails::Initializer are stored in tracker.config[:rails].
14
+ #For example:
15
+ #
16
+ # Rails::Initializer.run |config|
17
+ # config.action_controller.session_store = :cookie_store
18
+ # end
19
+ #
20
+ #will be stored in
21
+ #
22
+ # tracker.config[:rails][:action_controller][:session_store]
23
+ #
24
+ #Values for tracker.config[:rails] will still be Sexps.
25
+ class ConfigProcessor < BaseProcessor
26
+ def initialize *args
27
+ super
28
+ @tracker.config[:rails] ||= {}
29
+ end
30
+
31
+ #Use this method to process configuration file
32
+ def process_config src
33
+ res = ConfigAliasProcessor.new.process_safely(src)
34
+ process res
35
+ end
36
+
37
+ #Check if config is set to use Erubis
38
+ def process_call exp
39
+ target = exp[1]
40
+ target = process target if sexp? target
41
+
42
+ if exp[2] == :gem and exp[3][1][1] == "erubis"
43
+ warn "[Notice] Using Erubis for ERB templates"
44
+ @tracker.config[:erubis] = true
45
+ end
46
+
47
+ exp
48
+ end
49
+
50
+ #Look for configuration settings
51
+ def process_attrasgn exp
52
+ if exp[1] == RAILS_CONFIG
53
+ #Get rid of '=' at end
54
+ attribute = exp[2].to_s[0..-2].to_sym
55
+ if exp[3].length > 2
56
+ #Multiple arguments?...not sure if this will ever happen
57
+ @tracker.config[:rails][attribute] = exp[3][1..-1]
58
+ else
59
+ @tracker.config[:rails][attribute] = exp[3][1]
60
+ end
61
+ elsif include_rails_config? exp
62
+ options = get_rails_config exp
63
+ level = @tracker.config[:rails]
64
+ options[0..-2].each do |o|
65
+ level[o] ||= {}
66
+ level = level[o]
67
+ end
68
+
69
+ level[options.last] = exp[3][1]
70
+ end
71
+
72
+ exp
73
+ end
74
+
75
+ #Check for Rails version
76
+ def process_cdecl exp
77
+ #Set Rails version required
78
+ if exp[1] == :RAILS_GEM_VERSION
79
+ @tracker.config[:rails_version] = exp[2][1]
80
+ end
81
+
82
+ exp
83
+ end
84
+
85
+ #Check if an expression includes a call to set Rails config
86
+ def include_rails_config? exp
87
+ target = exp[1]
88
+ if call? target
89
+ if target[1] == RAILS_CONFIG
90
+ true
91
+ else
92
+ include_rails_config? target
93
+ end
94
+ elsif target == RAILS_CONFIG
95
+ true
96
+ else
97
+ false
98
+ end
99
+ end
100
+
101
+ #Returns an array of symbols for each 'level' in the config
102
+ #
103
+ # config.action_controller.session_store = :cookie
104
+ #
105
+ #becomes
106
+ #
107
+ # [:action_controller, :session_store]
108
+ def get_rails_config exp
109
+ if sexp? exp and exp.node_type == :attrasgn
110
+ attribute = exp[2].to_s[0..-2].to_sym
111
+ get_rails_config(exp[1]) << attribute
112
+ elsif call? exp
113
+ if exp[1] == RAILS_CONFIG
114
+ [exp[2]]
115
+ else
116
+ get_rails_config(exp[1]) << exp[2]
117
+ end
118
+ else
119
+ raise "WHAT"
120
+ end
121
+ end
122
+ end
123
+
124
+ #This is necessary to replace block variable so we can track config settings
125
+ class ConfigAliasProcessor < AliasProcessor
126
+
127
+ RAILS_INIT = Sexp.new(:colon2, Sexp.new(:const, :Rails), :Initializer)
128
+
129
+ #Look for a call to
130
+ #
131
+ # Rails::Initializer.run do |config|
132
+ # ...
133
+ # end
134
+ #
135
+ #and replace config with RAILS_CONFIG
136
+ def process_iter exp
137
+ target = exp[1][1]
138
+ method = exp[1][2]
139
+
140
+ if sexp? target and target == RAILS_INIT and method == :run
141
+ exp[2][2] = RAILS_CONFIG
142
+ end
143
+
144
+ process_default exp
145
+ end
146
+ end
@@ -0,0 +1,119 @@
1
+ require 'processors/base_processor'
2
+ require 'processors/alias_processor'
3
+
4
+ RAILS_CONFIG = Sexp.new(:call, nil, :config, Sexp.new(:arglist))
5
+
6
+ #Processes configuration. Results are put in tracker.config.
7
+ #
8
+ #Configuration of Rails via Rails::Initializer are stored in tracker.config[:rails].
9
+ #For example:
10
+ #
11
+ # MyApp::Application.configure do
12
+ # config.active_record.whitelist_attributes = true
13
+ # end
14
+ #
15
+ #will be stored in
16
+ #
17
+ # tracker.config[:rails][:active_record][:whitelist_attributes]
18
+ #
19
+ #Values for tracker.config[:rails] will still be Sexps.
20
+ class ConfigProcessor < BaseProcessor
21
+ def initialize *args
22
+ super
23
+ @tracker.config[:rails] ||= {}
24
+ @inside_config = false
25
+ end
26
+
27
+ #Use this method to process configuration file
28
+ def process_config src
29
+ res = AliasProcessor.new.process_safely(src)
30
+ process res
31
+ end
32
+
33
+ #Look for MyApp::Application.configure do ... end
34
+ def process_iter exp
35
+ if sexp?(exp[1][1]) and exp[1][1][0] == :colon2 and exp[1][1][2] == :Application
36
+ @inside_config = true
37
+ process exp[-1] if sexp? exp[-1]
38
+ @inside_config = false
39
+ end
40
+
41
+ exp
42
+ end
43
+
44
+ #Look for class Application < Rails::Application
45
+ def process_class exp
46
+ if exp[1] == :Application
47
+ @inside_config = true
48
+ process exp[-1] if sexp? exp[-1]
49
+ @inside_config = false
50
+ end
51
+
52
+ exp
53
+ end
54
+
55
+ #Look for configuration settings
56
+ def process_attrasgn exp
57
+ return unless @inside_config
58
+
59
+ if exp[1] == RAILS_CONFIG
60
+ #Get rid of '=' at end
61
+ attribute = exp[2].to_s[0..-2].to_sym
62
+ if exp[3].length > 2
63
+ #Multiple arguments?...not sure if this will ever happen
64
+ @tracker.config[:rails][attribute] = exp[3][1..-1]
65
+ else
66
+ @tracker.config[:rails][attribute] = exp[3][1]
67
+ end
68
+ elsif include_rails_config? exp
69
+ options = get_rails_config exp
70
+ level = @tracker.config[:rails]
71
+ options[0..-2].each do |o|
72
+ level[o] ||= {}
73
+ level = level[o]
74
+ end
75
+
76
+ level[options.last] = exp[3][1]
77
+ end
78
+
79
+ exp
80
+ end
81
+
82
+ #Check if an expression includes a call to set Rails config
83
+ def include_rails_config? exp
84
+ target = exp[1]
85
+ if call? target
86
+ if target[1] == RAILS_CONFIG
87
+ true
88
+ else
89
+ include_rails_config? target
90
+ end
91
+ elsif target == RAILS_CONFIG
92
+ true
93
+ else
94
+ false
95
+ end
96
+ end
97
+
98
+ #Returns an array of symbols for each 'level' in the config
99
+ #
100
+ # config.action_controller.session_store = :cookie
101
+ #
102
+ #becomes
103
+ #
104
+ # [:action_controller, :session_store]
105
+ def get_rails_config exp
106
+ if sexp? exp and exp.node_type == :attrasgn
107
+ attribute = exp[2].to_s[0..-2].to_sym
108
+ get_rails_config(exp[1]) << attribute
109
+ elsif call? exp
110
+ if exp[1] == RAILS_CONFIG
111
+ [exp[2]]
112
+ else
113
+ get_rails_config(exp[1]) << exp[2]
114
+ end
115
+ else
116
+ raise "WHAT"
117
+ end
118
+ end
119
+ end
@@ -5,7 +5,7 @@ require 'util'
5
5
  require 'set'
6
6
 
7
7
  if OPTIONS[:rails3]
8
- require 'processors/lib/rails3_route_processor'
8
+ load 'processors/lib/rails3_route_processor.rb'
9
9
  else
10
- require 'processors/lib/rails2_route_processor'
10
+ load 'processors/lib/rails2_route_processor.rb'
11
11
  end
@@ -5,6 +5,17 @@ require 'ruport'
5
5
  require 'processors/output_processor'
6
6
  require 'util'
7
7
 
8
+ #Fix for Ruport under 1.9
9
+ #as reported here: https://github.com/ruport/ruport/pull/7
10
+ module Ruport
11
+ class Formatter::CSV < Formatter
12
+ def csv_writer
13
+ @csv_writer ||= options.formatter ||
14
+ FCSV.instance(output, options.format_options || {})
15
+ end
16
+ end
17
+ end
18
+
8
19
  #Generates a report based on the Tracker and the results of
9
20
  #Tracker#run_checks. Be sure to +run_checks+ before generating
10
21
  #a report.
@@ -69,15 +69,22 @@ class Scanner
69
69
  #
70
70
  #Stores parsed information in tracker.config
71
71
  def process_config
72
- @processor.process_config(RubyParser.new.parse(File.read("#@path/config/environment.rb")))
72
+ if OPTIONS[:rails3]
73
+ @processor.process_config(RubyParser.new.parse(File.read("#@path/config/application.rb")))
74
+ @processor.process_config(RubyParser.new.parse(File.read("#@path/config/environments/production.rb")))
75
+ else
76
+ @processor.process_config(RubyParser.new.parse(File.read("#@path/config/environment.rb")))
77
+
78
+ if File.exists? "#@path/config/gems.rb"
79
+ @processor.process_config(RubyParser.new.parse(File.read("#@path/config/gems.rb")))
80
+ end
73
81
 
74
- if File.exists? "#@path/config/gems.rb"
75
- @processor.process_config(RubyParser.new.parse(File.read("#@path/config/gems.rb")))
76
82
  end
77
83
 
78
84
  if File.exists? "#@path/vendor/plugins/rails_xss" or
79
85
  OPTIONS[:rails3] or OPTIONS[:escape_html] or
80
86
  (File.exists? "#@path/Gemfile" and File.read("#@path/Gemfile").include? "rails_xss")
87
+
81
88
  tracker.config[:escape_html] = true
82
89
  warn "[Notice] Escaping HTML by default"
83
90
  end
@@ -1 +1 @@
1
- Version = "0.8.4"
1
+ Version = "0.9.0"
metadata CHANGED
@@ -1,90 +1,120 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: brakeman
3
- version: !ruby/object:Gem::Version
4
- version: 0.8.4
5
- prerelease:
3
+ version: !ruby/object:Gem::Version
4
+ prerelease: false
5
+ segments:
6
+ - 0
7
+ - 9
8
+ - 0
9
+ version: 0.9.0
6
10
  platform: ruby
7
- authors:
11
+ authors:
8
12
  - Justin Collins
9
13
  autorequire:
10
14
  bindir: bin
11
15
  cert_chain: []
12
- date: 2011-11-04 00:00:00.000000000 Z
13
- dependencies:
14
- - !ruby/object:Gem::Dependency
16
+
17
+ date: 2011-11-16 00:00:00 -08:00
18
+ default_executable:
19
+ dependencies:
20
+ - !ruby/object:Gem::Dependency
15
21
  name: activesupport
16
- requirement: &70053260 !ruby/object:Gem::Requirement
22
+ prerelease: false
23
+ requirement: &id001 !ruby/object:Gem::Requirement
17
24
  none: false
18
- requirements:
25
+ requirements:
19
26
  - - ~>
20
- - !ruby/object:Gem::Version
21
- version: '2.2'
27
+ - !ruby/object:Gem::Version
28
+ segments:
29
+ - 2
30
+ - 2
31
+ version: "2.2"
22
32
  type: :runtime
23
- prerelease: false
24
- version_requirements: *70053260
25
- - !ruby/object:Gem::Dependency
33
+ version_requirements: *id001
34
+ - !ruby/object:Gem::Dependency
26
35
  name: ruby2ruby
27
- requirement: &70052900 !ruby/object:Gem::Requirement
36
+ prerelease: false
37
+ requirement: &id002 !ruby/object:Gem::Requirement
28
38
  none: false
29
- requirements:
39
+ requirements:
30
40
  - - ~>
31
- - !ruby/object:Gem::Version
41
+ - !ruby/object:Gem::Version
42
+ segments:
43
+ - 1
44
+ - 2
45
+ - 4
32
46
  version: 1.2.4
33
47
  type: :runtime
34
- prerelease: false
35
- version_requirements: *70052900
36
- - !ruby/object:Gem::Dependency
48
+ version_requirements: *id002
49
+ - !ruby/object:Gem::Dependency
37
50
  name: ruby_parser
38
- requirement: &70051800 !ruby/object:Gem::Requirement
51
+ prerelease: false
52
+ requirement: &id003 !ruby/object:Gem::Requirement
39
53
  none: false
40
- requirements:
41
- - - ! '>='
42
- - !ruby/object:Gem::Version
54
+ requirements:
55
+ - - ">="
56
+ - !ruby/object:Gem::Version
57
+ segments:
58
+ - 2
59
+ - 3
60
+ - 0
43
61
  version: 2.3.0
44
62
  type: :runtime
45
- prerelease: false
46
- version_requirements: *70051800
47
- - !ruby/object:Gem::Dependency
63
+ version_requirements: *id003
64
+ - !ruby/object:Gem::Dependency
48
65
  name: ruport
49
- requirement: &70051430 !ruby/object:Gem::Requirement
66
+ prerelease: false
67
+ requirement: &id004 !ruby/object:Gem::Requirement
50
68
  none: false
51
- requirements:
69
+ requirements:
52
70
  - - ~>
53
- - !ruby/object:Gem::Version
71
+ - !ruby/object:Gem::Version
72
+ segments:
73
+ - 1
74
+ - 6
75
+ - 3
54
76
  version: 1.6.3
55
77
  type: :runtime
56
- prerelease: false
57
- version_requirements: *70051430
58
- - !ruby/object:Gem::Dependency
78
+ version_requirements: *id004
79
+ - !ruby/object:Gem::Dependency
59
80
  name: erubis
60
- requirement: &70051060 !ruby/object:Gem::Requirement
81
+ prerelease: false
82
+ requirement: &id005 !ruby/object:Gem::Requirement
61
83
  none: false
62
- requirements:
84
+ requirements:
63
85
  - - ~>
64
- - !ruby/object:Gem::Version
86
+ - !ruby/object:Gem::Version
87
+ segments:
88
+ - 2
89
+ - 6
90
+ - 5
65
91
  version: 2.6.5
66
92
  type: :runtime
67
- prerelease: false
68
- version_requirements: *70051060
69
- - !ruby/object:Gem::Dependency
93
+ version_requirements: *id005
94
+ - !ruby/object:Gem::Dependency
70
95
  name: haml
71
- requirement: &70050750 !ruby/object:Gem::Requirement
96
+ prerelease: false
97
+ requirement: &id006 !ruby/object:Gem::Requirement
72
98
  none: false
73
- requirements:
99
+ requirements:
74
100
  - - ~>
75
- - !ruby/object:Gem::Version
101
+ - !ruby/object:Gem::Version
102
+ segments:
103
+ - 3
104
+ - 0
105
+ - 12
76
106
  version: 3.0.12
77
107
  type: :runtime
78
- prerelease: false
79
- version_requirements: *70050750
80
- description: Brakeman detects security vulnerabilities in Ruby on Rails applications
81
- via static analysis.
108
+ version_requirements: *id006
109
+ description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
82
110
  email:
83
- executables:
111
+ executables:
84
112
  - brakeman
85
113
  extensions: []
114
+
86
115
  extra_rdoc_files: []
87
- files:
116
+
117
+ files:
88
118
  - bin/brakeman
89
119
  - WARNING_TYPES
90
120
  - FEATURES
@@ -105,9 +135,11 @@ files:
105
135
  - lib/processors/lib/processor_helper.rb
106
136
  - lib/processors/lib/rails3_route_processor.rb
107
137
  - lib/processors/lib/route_helper.rb
138
+ - lib/processors/lib/rails2_config_processor.rb
108
139
  - lib/processors/lib/rails2_route_processor.rb
109
140
  - lib/processors/lib/find_model_call.rb
110
141
  - lib/processors/lib/render_helper.rb
142
+ - lib/processors/lib/rails3_config_processor.rb
111
143
  - lib/processors/alias_processor.rb
112
144
  - lib/processors/output_processor.rb
113
145
  - lib/processors/config_processor.rb
@@ -148,28 +180,37 @@ files:
148
180
  - lib/checks.rb
149
181
  - lib/processor.rb
150
182
  - lib/format/style.css
183
+ has_rdoc: true
151
184
  homepage: http://brakemanscanner.org
152
185
  licenses: []
186
+
153
187
  post_install_message:
154
188
  rdoc_options: []
155
- require_paths:
189
+
190
+ require_paths:
156
191
  - lib
157
- required_ruby_version: !ruby/object:Gem::Requirement
192
+ required_ruby_version: !ruby/object:Gem::Requirement
158
193
  none: false
159
- requirements:
160
- - - ! '>='
161
- - !ruby/object:Gem::Version
162
- version: '0'
163
- required_rubygems_version: !ruby/object:Gem::Requirement
194
+ requirements:
195
+ - - ">="
196
+ - !ruby/object:Gem::Version
197
+ segments:
198
+ - 0
199
+ version: "0"
200
+ required_rubygems_version: !ruby/object:Gem::Requirement
164
201
  none: false
165
- requirements:
166
- - - ! '>='
167
- - !ruby/object:Gem::Version
168
- version: '0'
202
+ requirements:
203
+ - - ">="
204
+ - !ruby/object:Gem::Version
205
+ segments:
206
+ - 0
207
+ version: "0"
169
208
  requirements: []
209
+
170
210
  rubyforge_project:
171
- rubygems_version: 1.8.6
211
+ rubygems_version: 1.3.7
172
212
  signing_key:
173
213
  specification_version: 3
174
214
  summary: Security vulnerability scanner for Ruby on Rails.
175
215
  test_files: []
216
+