brakeman 1.0.rc1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +7 -3
- data/bin/brakeman +1 -1
- data/lib/brakeman.rb +15 -6
- data/lib/brakeman/checks/check_sql.rb +4 -0
- data/lib/brakeman/format/style.css +105 -0
- data/lib/brakeman/processors/alias_processor.rb +58 -5
- data/lib/brakeman/processors/controller_processor.rb +0 -1
- data/lib/brakeman/scanner.rb +30 -21
- data/lib/brakeman/tracker.rb +1 -1
- data/lib/brakeman/util.rb +13 -0
- data/lib/brakeman/version.rb +1 -1
- data/lib/ruby_parser/ruby18_parser.rb +5544 -0
- data/lib/ruby_parser/ruby19_parser.rb +5756 -0
- data/lib/ruby_parser/ruby_lexer.rb +48 -19
- data/lib/ruby_parser/ruby_parser.rb +4 -5568
- data/lib/ruby_parser/ruby_parser_extras.rb +1075 -0
- metadata +36 -59
metadata
CHANGED
|
@@ -1,14 +1,12 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: brakeman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
5
|
-
prerelease: 4
|
|
4
|
+
prerelease: false
|
|
6
5
|
segments:
|
|
7
6
|
- 1
|
|
8
7
|
- 0
|
|
9
|
-
-
|
|
10
|
-
|
|
11
|
-
version: 1.0.rc1
|
|
8
|
+
- 0
|
|
9
|
+
version: 1.0.0
|
|
12
10
|
platform: ruby
|
|
13
11
|
authors:
|
|
14
12
|
- Justin Collins
|
|
@@ -16,7 +14,7 @@ autorequire:
|
|
|
16
14
|
bindir: bin
|
|
17
15
|
cert_chain: []
|
|
18
16
|
|
|
19
|
-
date: 2011-12-
|
|
17
|
+
date: 2011-12-08 00:00:00 -08:00
|
|
20
18
|
default_executable:
|
|
21
19
|
dependencies:
|
|
22
20
|
- !ruby/object:Gem::Dependency
|
|
@@ -27,7 +25,6 @@ dependencies:
|
|
|
27
25
|
requirements:
|
|
28
26
|
- - ~>
|
|
29
27
|
- !ruby/object:Gem::Version
|
|
30
|
-
hash: 35040058
|
|
31
28
|
segments:
|
|
32
29
|
- 2
|
|
33
30
|
- 2
|
|
@@ -42,7 +39,6 @@ dependencies:
|
|
|
42
39
|
requirements:
|
|
43
40
|
- - ~>
|
|
44
41
|
- !ruby/object:Gem::Version
|
|
45
|
-
hash: 199563509
|
|
46
42
|
segments:
|
|
47
43
|
- 1
|
|
48
44
|
- 2
|
|
@@ -50,70 +46,51 @@ dependencies:
|
|
|
50
46
|
version: 1.2.4
|
|
51
47
|
type: :runtime
|
|
52
48
|
version_requirements: *id002
|
|
53
|
-
- !ruby/object:Gem::Dependency
|
|
54
|
-
name: ruby_parser
|
|
55
|
-
prerelease: false
|
|
56
|
-
requirement: &id003 !ruby/object:Gem::Requirement
|
|
57
|
-
none: false
|
|
58
|
-
requirements:
|
|
59
|
-
- - ">="
|
|
60
|
-
- !ruby/object:Gem::Version
|
|
61
|
-
hash: 349353174
|
|
62
|
-
segments:
|
|
63
|
-
- 2
|
|
64
|
-
- 3
|
|
65
|
-
- 0
|
|
66
|
-
version: 2.3.0
|
|
67
|
-
type: :runtime
|
|
68
|
-
version_requirements: *id003
|
|
69
49
|
- !ruby/object:Gem::Dependency
|
|
70
50
|
name: ruport
|
|
71
51
|
prerelease: false
|
|
72
|
-
requirement: &
|
|
52
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
|
73
53
|
none: false
|
|
74
54
|
requirements:
|
|
75
55
|
- - ~>
|
|
76
56
|
- !ruby/object:Gem::Version
|
|
77
|
-
hash: 443479320
|
|
78
57
|
segments:
|
|
79
58
|
- 1
|
|
80
59
|
- 6
|
|
81
60
|
- 3
|
|
82
61
|
version: 1.6.3
|
|
83
62
|
type: :runtime
|
|
84
|
-
version_requirements: *
|
|
63
|
+
version_requirements: *id003
|
|
85
64
|
- !ruby/object:Gem::Dependency
|
|
86
65
|
name: erubis
|
|
87
66
|
prerelease: false
|
|
88
|
-
requirement: &
|
|
67
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
|
89
68
|
none: false
|
|
90
69
|
requirements:
|
|
91
70
|
- - ~>
|
|
92
71
|
- !ruby/object:Gem::Version
|
|
93
|
-
hash: 576733947
|
|
94
72
|
segments:
|
|
95
73
|
- 2
|
|
96
74
|
- 6
|
|
97
75
|
- 5
|
|
98
76
|
version: 2.6.5
|
|
99
77
|
type: :runtime
|
|
100
|
-
version_requirements: *
|
|
78
|
+
version_requirements: *id004
|
|
101
79
|
- !ruby/object:Gem::Dependency
|
|
102
80
|
name: haml
|
|
103
81
|
prerelease: false
|
|
104
|
-
requirement: &
|
|
82
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
|
105
83
|
none: false
|
|
106
84
|
requirements:
|
|
107
85
|
- - ~>
|
|
108
86
|
- !ruby/object:Gem::Version
|
|
109
|
-
hash: 359472903
|
|
110
87
|
segments:
|
|
111
88
|
- 3
|
|
112
89
|
- 0
|
|
113
90
|
- 12
|
|
114
91
|
version: 3.0.12
|
|
115
92
|
type: :runtime
|
|
116
|
-
version_requirements: *
|
|
93
|
+
version_requirements: *id005
|
|
117
94
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
|
|
118
95
|
email:
|
|
119
96
|
executables:
|
|
@@ -127,18 +104,12 @@ files:
|
|
|
127
104
|
- WARNING_TYPES
|
|
128
105
|
- FEATURES
|
|
129
106
|
- README.md
|
|
130
|
-
- lib/
|
|
107
|
+
- lib/ruby_parser/ruby18_parser.rb
|
|
108
|
+
- lib/ruby_parser/ruby_parser_extras.rb
|
|
131
109
|
- lib/ruby_parser/ruby_lexer.rb
|
|
132
110
|
- lib/ruby_parser/ruby_parser.rb
|
|
111
|
+
- lib/ruby_parser/ruby19_parser.rb
|
|
133
112
|
- lib/brakeman/warning.rb
|
|
134
|
-
- lib/brakeman/tracker.rb
|
|
135
|
-
- lib/brakeman/util.rb
|
|
136
|
-
- lib/brakeman/report.rb
|
|
137
|
-
- lib/brakeman/version.rb
|
|
138
|
-
- lib/brakeman/call_index.rb
|
|
139
|
-
- lib/brakeman/scanner.rb
|
|
140
|
-
- lib/brakeman/checks.rb
|
|
141
|
-
- lib/brakeman/processor.rb
|
|
142
113
|
- lib/brakeman/processors/gem_processor.rb
|
|
143
114
|
- lib/brakeman/processors/params_processor.rb
|
|
144
115
|
- lib/brakeman/processors/controller_alias_processor.rb
|
|
@@ -150,6 +121,15 @@ files:
|
|
|
150
121
|
- lib/brakeman/processors/template_alias_processor.rb
|
|
151
122
|
- lib/brakeman/processors/route_processor.rb
|
|
152
123
|
- lib/brakeman/processors/model_processor.rb
|
|
124
|
+
- lib/brakeman/processors/lib/find_all_calls.rb
|
|
125
|
+
- lib/brakeman/processors/lib/find_call.rb
|
|
126
|
+
- lib/brakeman/processors/lib/processor_helper.rb
|
|
127
|
+
- lib/brakeman/processors/lib/rails3_route_processor.rb
|
|
128
|
+
- lib/brakeman/processors/lib/route_helper.rb
|
|
129
|
+
- lib/brakeman/processors/lib/rails2_config_processor.rb
|
|
130
|
+
- lib/brakeman/processors/lib/rails2_route_processor.rb
|
|
131
|
+
- lib/brakeman/processors/lib/render_helper.rb
|
|
132
|
+
- lib/brakeman/processors/lib/rails3_config_processor.rb
|
|
153
133
|
- lib/brakeman/processors/alias_processor.rb
|
|
154
134
|
- lib/brakeman/processors/output_processor.rb
|
|
155
135
|
- lib/brakeman/processors/config_processor.rb
|
|
@@ -180,15 +160,16 @@ files:
|
|
|
180
160
|
- lib/brakeman/checks/check_redirect.rb
|
|
181
161
|
- lib/brakeman/checks/check_forgery_setting.rb
|
|
182
162
|
- lib/brakeman/checks/check_render.rb
|
|
183
|
-
- lib/brakeman/
|
|
184
|
-
- lib/brakeman/
|
|
185
|
-
- lib/brakeman/
|
|
186
|
-
- lib/brakeman/
|
|
187
|
-
- lib/brakeman/
|
|
188
|
-
- lib/brakeman/
|
|
189
|
-
- lib/brakeman/
|
|
190
|
-
- lib/brakeman/
|
|
191
|
-
- lib/brakeman
|
|
163
|
+
- lib/brakeman/tracker.rb
|
|
164
|
+
- lib/brakeman/util.rb
|
|
165
|
+
- lib/brakeman/report.rb
|
|
166
|
+
- lib/brakeman/version.rb
|
|
167
|
+
- lib/brakeman/call_index.rb
|
|
168
|
+
- lib/brakeman/scanner.rb
|
|
169
|
+
- lib/brakeman/checks.rb
|
|
170
|
+
- lib/brakeman/processor.rb
|
|
171
|
+
- lib/brakeman.rb
|
|
172
|
+
- lib/brakeman/format/style.css
|
|
192
173
|
has_rdoc: true
|
|
193
174
|
homepage: http://brakemanscanner.org
|
|
194
175
|
licenses: []
|
|
@@ -203,25 +184,21 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
203
184
|
requirements:
|
|
204
185
|
- - ">="
|
|
205
186
|
- !ruby/object:Gem::Version
|
|
206
|
-
hash: 881230260
|
|
207
187
|
segments:
|
|
208
188
|
- 0
|
|
209
189
|
version: "0"
|
|
210
190
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
211
191
|
none: false
|
|
212
192
|
requirements:
|
|
213
|
-
- - "
|
|
193
|
+
- - ">="
|
|
214
194
|
- !ruby/object:Gem::Version
|
|
215
|
-
hash: 357276212
|
|
216
195
|
segments:
|
|
217
|
-
-
|
|
218
|
-
|
|
219
|
-
- 1
|
|
220
|
-
version: 1.3.1
|
|
196
|
+
- 0
|
|
197
|
+
version: "0"
|
|
221
198
|
requirements: []
|
|
222
199
|
|
|
223
200
|
rubyforge_project:
|
|
224
|
-
rubygems_version: 1.
|
|
201
|
+
rubygems_version: 1.3.7
|
|
225
202
|
signing_key:
|
|
226
203
|
specification_version: 3
|
|
227
204
|
summary: Security vulnerability scanner for Ruby on Rails.
|