brakeman 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/brakeman +32 -173
- data/lib/brakeman.rb +47 -25
- data/lib/brakeman/call_index.rb +37 -1
- data/lib/brakeman/checks.rb +17 -0
- data/lib/brakeman/checks/base_check.rb +5 -1
- data/lib/brakeman/checks/check_cross_site_scripting.rb +18 -22
- data/lib/brakeman/checks/check_execute.rb +11 -24
- data/lib/brakeman/checks/check_render.rb +15 -26
- data/lib/brakeman/checks/check_sql.rb +48 -3
- data/lib/brakeman/options.rb +204 -0
- data/lib/brakeman/processor.rb +2 -2
- data/lib/brakeman/processors/controller_alias_processor.rb +9 -1
- data/lib/brakeman/processors/lib/find_all_calls.rb +36 -0
- data/lib/brakeman/processors/lib/rails3_route_processor.rb +1 -0
- data/lib/brakeman/processors/model_processor.rb +1 -1
- data/lib/brakeman/report.rb +36 -122
- data/lib/brakeman/rescanner.rb +247 -0
- data/lib/brakeman/scanner.rb +94 -76
- data/lib/brakeman/tracker.rb +103 -2
- data/lib/brakeman/util.rb +106 -0
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +26 -11
- metadata +5 -3
data/lib/brakeman/version.rb
CHANGED
data/lib/brakeman/warning.rb
CHANGED
|
@@ -43,6 +43,17 @@ class Brakeman::Warning
|
|
|
43
43
|
@warning_set = :warning
|
|
44
44
|
end
|
|
45
45
|
end
|
|
46
|
+
|
|
47
|
+
@format_message = nil
|
|
48
|
+
@row = nil
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def hash
|
|
52
|
+
self.format_message.hash
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def eql? other_warning
|
|
56
|
+
self.hash == other_warning.hash
|
|
46
57
|
end
|
|
47
58
|
|
|
48
59
|
#Returns name of a view, including where it was rendered from
|
|
@@ -63,37 +74,41 @@ class Brakeman::Warning
|
|
|
63
74
|
|
|
64
75
|
#Return formatted warning message
|
|
65
76
|
def format_message
|
|
66
|
-
|
|
77
|
+
return @format_message if @format_message
|
|
78
|
+
|
|
79
|
+
@format_message = self.message.dup
|
|
67
80
|
|
|
68
81
|
if self.line
|
|
69
|
-
|
|
82
|
+
@format_message << " near line #{self.line}"
|
|
70
83
|
end
|
|
71
84
|
|
|
72
85
|
if self.code
|
|
73
|
-
|
|
86
|
+
@format_message << ": #{format_code}"
|
|
74
87
|
end
|
|
75
88
|
|
|
76
|
-
|
|
89
|
+
@format_message
|
|
77
90
|
end
|
|
78
91
|
|
|
79
92
|
#Generates a hash suitable for inserting into a Ruport table
|
|
80
93
|
def to_row type = :warning
|
|
81
|
-
row
|
|
94
|
+
return @row if @row
|
|
95
|
+
|
|
96
|
+
@row = { "Confidence" => self.confidence,
|
|
82
97
|
"Warning Type" => self.warning_type.to_s,
|
|
83
98
|
"Message" => self.format_message }
|
|
84
99
|
|
|
85
100
|
case type
|
|
86
101
|
when :template
|
|
87
|
-
row["Template"] = self.view_name.to_s
|
|
102
|
+
@row["Template"] = self.view_name.to_s
|
|
88
103
|
when :model
|
|
89
|
-
row["Model"] = self.model.to_s
|
|
104
|
+
@row["Model"] = self.model.to_s
|
|
90
105
|
when :controller
|
|
91
|
-
row["Controller"] = self.controller.to_s
|
|
106
|
+
@row["Controller"] = self.controller.to_s
|
|
92
107
|
when :warning
|
|
93
|
-
row["Class"] = self.class.to_s
|
|
94
|
-
row["Method"] = self.method.to_s
|
|
108
|
+
@row["Class"] = self.class.to_s
|
|
109
|
+
@row["Method"] = self.method.to_s
|
|
95
110
|
end
|
|
96
111
|
|
|
97
|
-
row
|
|
112
|
+
@row
|
|
98
113
|
end
|
|
99
114
|
end
|
metadata
CHANGED
|
@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
|
|
|
4
4
|
prerelease: false
|
|
5
5
|
segments:
|
|
6
6
|
- 1
|
|
7
|
-
-
|
|
7
|
+
- 2
|
|
8
8
|
- 0
|
|
9
|
-
version: 1.
|
|
9
|
+
version: 1.2.0
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Justin Collins
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date:
|
|
17
|
+
date: 2012-01-13 00:00:00 -08:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
@@ -157,6 +157,7 @@ files:
|
|
|
157
157
|
- lib/brakeman/processors/config_processor.rb
|
|
158
158
|
- lib/brakeman/processors/erubis_template_processor.rb
|
|
159
159
|
- lib/brakeman/processors/template_processor.rb
|
|
160
|
+
- lib/brakeman/rescanner.rb
|
|
160
161
|
- lib/brakeman/checks/check_send_file.rb
|
|
161
162
|
- lib/brakeman/checks/check_translate_bug.rb
|
|
162
163
|
- lib/brakeman/checks/check_session_settings.rb
|
|
@@ -187,6 +188,7 @@ files:
|
|
|
187
188
|
- lib/brakeman/report.rb
|
|
188
189
|
- lib/brakeman/version.rb
|
|
189
190
|
- lib/brakeman/call_index.rb
|
|
191
|
+
- lib/brakeman/options.rb
|
|
190
192
|
- lib/brakeman/scanner.rb
|
|
191
193
|
- lib/brakeman/checks.rb
|
|
192
194
|
- lib/brakeman/processor.rb
|