brakeman 1.4.0 → 1.5.0

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -140,6 +140,7 @@ The `-c` option can be used to specify a configuration file to use.
140
140
  The MIT License
141
141
 
142
142
  Copyright (c) 2010-2012, YELLOWPAGES.COM, LLC
143
+ Copyright (c) 2012, Twitter, Inc.
143
144
 
144
145
  Permission is hereby granted, free of charge, to any person obtaining a copy
145
146
  of this software and associated documentation files (the "Software"), to deal
@@ -138,6 +138,8 @@ module Brakeman
138
138
  :to_pdf
139
139
  when :tabs, :to_tabs
140
140
  :to_tabs
141
+ when :json, :to_json
142
+ :to_json
141
143
  else
142
144
  :to_s
143
145
  end
@@ -151,6 +153,8 @@ module Brakeman
151
153
  :to_pdf
152
154
  when /\.tabs$/i
153
155
  :to_tabs
156
+ when /\.json$/i
157
+ :to_json
154
158
  else
155
159
  :to_s
156
160
  end
@@ -17,9 +17,9 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
17
17
  @description = "Checks for unescaped output in views"
18
18
 
19
19
  #Model methods which are known to be harmless
20
- IGNORE_MODEL_METHODS = Set.new([:average, :count, :maximum, :minimum, :sum])
20
+ IGNORE_MODEL_METHODS = Set[:average, :count, :maximum, :minimum, :sum, :id]
21
21
 
22
- MODEL_METHODS = Set.new([:all, :find, :first, :last, :new])
22
+ MODEL_METHODS = Set[:all, :find, :first, :last, :new]
23
23
 
24
24
  IGNORE_LIKE = /^link_to_|(_path|_tag|_url)$/
25
25
 
@@ -35,18 +35,18 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
35
35
 
36
36
  #Run check
37
37
  def run_check
38
- @ignore_methods = Set.new([:button_to, :check_box, :escapeHTML, :escape_once,
38
+ @ignore_methods = Set[:button_to, :check_box, :content_tag, :escapeHTML, :escape_once,
39
39
  :field_field, :fields_for, :h, :hidden_field,
40
40
  :hidden_field, :hidden_field_tag, :image_tag, :label,
41
- :link_to, :mail_to, :radio_button, :select,
41
+ :link_to, :mail_to, :radio_button,
42
42
  :submit_tag, :text_area, :text_field,
43
43
  :text_field_tag, :url_encode, :url_for,
44
- :will_paginate] ).merge tracker.options[:safe_methods]
44
+ :will_paginate].merge tracker.options[:safe_methods]
45
45
 
46
46
  @models = tracker.models.keys
47
47
  @inspect_arguments = tracker.options[:check_arguments]
48
48
 
49
- @known_dangerous = Set.new([:truncate, :concat])
49
+ @known_dangerous = Set[:truncate, :concat]
50
50
 
51
51
  if version_between? "2.0.0", "3.0.5"
52
52
  @known_dangerous << :auto_link
@@ -54,6 +54,10 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
54
54
  @ignore_methods << :auto_link
55
55
  end
56
56
 
57
+ if tracker.config[:rails3]
58
+ @ignore_methods << :select
59
+ end
60
+
57
61
  tracker.each_template do |name, template|
58
62
  @current_template = template
59
63
  template[:outputs].each do |out|
@@ -12,13 +12,13 @@ class Brakeman::CheckLinkTo < Brakeman::CheckCrossSiteScripting
12
12
  def run_check
13
13
  return unless version_between?("2.0.0", "2.9.9") and not tracker.config[:escape_html]
14
14
 
15
- @ignore_methods = Set.new([:button_to, :check_box, :escapeHTML, :escape_once,
15
+ @ignore_methods = Set[:button_to, :check_box, :escapeHTML, :escape_once,
16
16
  :field_field, :fields_for, :h, :hidden_field,
17
17
  :hidden_field, :hidden_field_tag, :image_tag, :label,
18
18
  :mail_to, :radio_button, :select,
19
19
  :submit_tag, :text_area, :text_field,
20
20
  :text_field_tag, :url_encode, :url_for,
21
- :will_paginate] ).merge tracker.options[:safe_methods]
21
+ :will_paginate].merge tracker.options[:safe_methods]
22
22
 
23
23
  @known_dangerous = []
24
24
  #Ideally, I think this should also check to see if people are setting
@@ -12,13 +12,13 @@ class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
12
12
  @description = "Checks to see if values used for hrefs are sanitized using a :url_safe_method to protect against javascript:/data: XSS"
13
13
 
14
14
  def run_check
15
- @ignore_methods = Set.new([:button_to, :check_box,
15
+ @ignore_methods = Set[:button_to, :check_box,
16
16
  :field_field, :fields_for, :hidden_field,
17
17
  :hidden_field, :hidden_field_tag, :image_tag, :label,
18
18
  :mail_to, :radio_button, :select,
19
19
  :submit_tag, :text_area, :text_field,
20
20
  :text_field_tag, :url_encode, :url_for,
21
- :will_paginate] ).merge(tracker.options[:url_safe_methods] || [])
21
+ :will_paginate].merge(tracker.options[:url_safe_methods] || [])
22
22
 
23
23
  @models = tracker.models.keys
24
24
  @inspect_arguments = tracker.options[:check_arguments]
@@ -85,7 +85,7 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
85
85
  end
86
86
  end
87
87
 
88
- LITERALS = Set.new([:lit, :true, :false, :nil, :string])
88
+ LITERALS = Set[:lit, :true, :false, :nil, :string]
89
89
 
90
90
  def all_literals? args
91
91
  args.all? do |arg|
@@ -0,0 +1,30 @@
1
+ require 'brakeman/checks/base_check'
2
+
3
+ #Check for unsafe manipulation of strings
4
+ #Right now this is just a version check for
5
+ #https://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913?pli=1
6
+ class Brakeman::CheckSafeBufferManipulation < Brakeman::BaseCheck
7
+ Brakeman::Checks.add self
8
+
9
+ @description = "Check for Rails versions with SafeBuffer bug"
10
+
11
+ def run_check
12
+
13
+ if version_between? "3.0.0", "3.0.11"
14
+ suggested_version = "3.0.12"
15
+ elsif version_between? "3.1.0", "3.1.3"
16
+ suggested_version = "3.1.4"
17
+ elsif version_between? "3.2.0", "3.2.1"
18
+ suggested_version = "3.2.2"
19
+ else
20
+ return
21
+ end
22
+
23
+ message = "Rails #{tracker.config[:rails_version]} has a vulnerabilty in SafeBuffer. Upgrade to #{suggested_version} or apply patches."
24
+
25
+ warn :warning_type => "Cross Site Scripting",
26
+ :message => message,
27
+ :confidence => CONFIDENCE[:med],
28
+ :file => gemfile_or_environment
29
+ end
30
+ end
@@ -0,0 +1,55 @@
1
+ require 'brakeman/checks/base_check'
2
+
3
+ #Checks for select() helper vulnerability in some versions of Rails 3
4
+ #http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664
5
+ class Brakeman::CheckSelectVulnerability < Brakeman::BaseCheck
6
+ Brakeman::Checks.add self
7
+
8
+ @description = "Looks for unsafe uses of select() helper in some versions of Rails 3.x"
9
+
10
+ def run_check
11
+
12
+ if version_between? "3.0.0", "3.0.11"
13
+ suggested_version = "3.0.12"
14
+ elsif version_between? "3.1.0", "3.1.3"
15
+ suggested_version = "3.1.4"
16
+ elsif version_between? "3.2.0", "3.2.1"
17
+ suggested_version = "3.2.2"
18
+ else
19
+ return
20
+ end
21
+
22
+ @message = "Upgrade to Rails #{suggested_version}, #{tracker.config[:rails_version]} select() helper is vulnerable"
23
+
24
+ calls = tracker.find_call(:target => nil, :method => :select).select do |result|
25
+ result[:location][0] == :template
26
+ end
27
+
28
+ calls.each do |result|
29
+ process_result result
30
+ end
31
+ end
32
+
33
+ def process_result result
34
+ return if duplicate? result
35
+
36
+ args = result[:call][3]
37
+
38
+ #Check for user input in options parameter
39
+ if sexp? args[3] and include_user_input? args[3]
40
+ add_result result
41
+
42
+ if node_type? args[3], :string_interp, :dstr
43
+ confidence = CONFIDENCE[:med]
44
+ else
45
+ confidence = CONFIDENCE[:low]
46
+ end
47
+
48
+ warn :template => result[:location][1],
49
+ :warning_type => "Cross Site Scripting",
50
+ :result => result,
51
+ :message => @message,
52
+ :confidence => confidence
53
+ end
54
+ end
55
+ end
@@ -0,0 +1,51 @@
1
+ require 'brakeman/checks/base_check'
2
+
3
+ #At the moment, this looks for
4
+ #
5
+ # skip_before_filter :verify_authenticity_token, :except => [...]
6
+ #
7
+ #which is essentially a blacklist approach (no actions are checked EXCEPT the
8
+ #ones listed) versus a whitelist approach (ONLY the actions listed will skip
9
+ #the check)
10
+ class Brakeman::CheckSkipBeforeFilter < Brakeman::BaseCheck
11
+ Brakeman::Checks.add self
12
+
13
+ @description = "Warn when skipping CSRF check by default"
14
+
15
+ def run_check
16
+ tracker.controllers.each do |name, controller|
17
+ if filter_skips = (controller[:options][:skip_before_filter] or controller[:options][:skip_filter])
18
+ filter_skips.each do |filter|
19
+ process_skip_filter filter, controller
20
+ end
21
+ end
22
+ end
23
+ end
24
+
25
+ def process_skip_filter filter, controller
26
+ if skip_verify_except? filter
27
+ warn :class => controller[:name],
28
+ :warning_type => "Cross-Site Request Forgery",
29
+ :message => "Use whitelist (:only => [..]) when skipping CSRF check",
30
+ :line => filter.line,
31
+ :code => filter,
32
+ :confidence => CONFIDENCE[:med]
33
+ end
34
+ end
35
+
36
+ def skip_verify_except? filter
37
+ return false unless call? filter
38
+
39
+ args = filter[3]
40
+
41
+ if symbol? args[1] and args[1][1] == :verify_authenticity_token and hash? args.last
42
+ hash_iterate args.last do |k, v|
43
+ if symbol? k and k[1] == :except
44
+ return true
45
+ end
46
+ end
47
+ end
48
+
49
+ false
50
+ end
51
+ end
@@ -16,22 +16,22 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
16
16
  def run_check
17
17
  @rails_version = tracker.config[:rails_version]
18
18
 
19
- Brakeman.debug "Finding possible SQL calls on models"
20
19
  if tracker.options[:rails3]
21
- calls = tracker.find_call :targets => tracker.models.keys,
22
- :methods => /^(find.*|first|last|all|where|order|group|having)$/,
23
- :chained => true
20
+ @sql_targets = /^(find.*|last|first|all|count|sum|average|minumum|maximum|count_by_sql|where|order|group|having)$/
24
21
  else
25
- calls = tracker.find_call :targets => tracker.models.keys,
26
- :methods => /^(find.*|first|last|all)$/,
27
- :chained => true
22
+ @sql_targets = /^(find.*|last|first|all|count|sum|average|minumum|maximum|count_by_sql)$/
28
23
  end
29
24
 
25
+ Brakeman.debug "Finding possible SQL calls on models"
26
+ calls = tracker.find_call :targets => tracker.models.keys,
27
+ :methods => @sql_targets,
28
+ :chained => true
29
+
30
30
  Brakeman.debug "Finding possible SQL calls with no target"
31
- calls.concat tracker.find_call(:target => nil, :method => /^(find.*|last|first|all|count|sum|average|minumum|maximum|count_by_sql)$/)
31
+ calls.concat tracker.find_call(:target => nil, :method => @sql_targets)
32
32
 
33
33
  Brakeman.debug "Finding possible SQL calls using constantized()"
34
- calls.concat tracker.find_call(:method => /^(find.*|last|first|all|count|sum|average|minumum|maximum|count_by_sql)$/).select { |result| constantize_call? result }
34
+ calls.concat tracker.find_call(:method => @sql_targets).select { |result| constantize_call? result }
35
35
 
36
36
  Brakeman.debug "Finding calls to named_scope or scope"
37
37
  calls.concat find_scope_calls
@@ -90,8 +90,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
90
90
  find_calls.process_source block, model_name, scope_name
91
91
 
92
92
  find_calls.calls.each do |call|
93
- if call[:method].to_s =~ /^(find.*|first|last|all|where|order|group|having)$/
94
- puts "Looks like #{call.inspect}"
93
+ if call[:method].to_s =~ @sql_targets
95
94
  process_result call
96
95
  end
97
96
  end
@@ -129,7 +129,7 @@ module Brakeman::Options
129
129
 
130
130
  opts.on "-f",
131
131
  "--format TYPE",
132
- [:pdf, :text, :html, :csv, :tabs],
132
+ [:pdf, :text, :html, :csv, :tabs, :json],
133
133
  "Specify output format. Default is text" do |type|
134
134
 
135
135
  type = "s" if type == :text
@@ -30,9 +30,8 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BaseProcessor
30
30
  def process_call exp
31
31
  target = exp[1]
32
32
 
33
- if target == map or target == nested
33
+ if target == map or (not target.nil? and target == nested)
34
34
  process_map exp
35
-
36
35
  else
37
36
  process_default exp
38
37
  end
@@ -193,7 +192,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BaseProcessor
193
192
  #This -seems- redundant, but people might connect actions
194
193
  #to a controller which already allows them all
195
194
  return if @tracker.routes[@current_controller].is_a? Array and @tracker.routes[@current_controller][0] == :allow_all_actions
196
-
195
+
197
196
  exp[-1].each_with_index do |e,i|
198
197
  if symbol? e and e[1] == :action
199
198
  @tracker.routes[@current_controller] << exp[-1][i + 1][1].to_sym
@@ -23,12 +23,19 @@ module Brakeman::RouteHelper
23
23
 
24
24
  #Add default routes
25
25
  def add_resources_routes
26
- @tracker.routes[@current_controller].merge [:index, :new, :create, :show, :edit, :update, :destroy]
27
- end
26
+ existing_routes = @tracker.routes[@current_controller]
28
27
 
28
+ unless existing_routes.is_a? Array and existing_routes.first == :allow_all_actions
29
+ existing_routes.merge [:index, :new, :create, :show, :edit, :update, :destroy]
30
+ end
31
+ end
29
32
 
30
33
  #Add default routes minus :index
31
34
  def add_resource_routes
32
- @tracker.routes[@current_controller].merge [:new, :create, :show, :edit, :update, :destroy]
35
+ existing_routes = @tracker.routes[@current_controller]
36
+
37
+ unless existing_routes.is_a? Array and existing_routes.first == :allow_all_actions
38
+ existing_routes.merge [:new, :create, :show, :edit, :update, :destroy]
39
+ end
33
40
  end
34
41
  end
@@ -15,7 +15,7 @@ class Brakeman::ParamsProcessor < SexpProcessor
15
15
  @result = []
16
16
  @matched = false
17
17
  @mark = false
18
- @watch_nodes = Set.new([:call, :iasgn, :lasgn, :gasgn, :cvasgn, :return, :attrasgn])
18
+ @watch_nodes = Set[:call, :iasgn, :lasgn, :gasgn, :cvasgn, :return, :attrasgn]
19
19
  @params = Sexp.new(:call, nil, :params, Sexp.new(:arglist))
20
20
  end
21
21
 
@@ -7,7 +7,7 @@ require 'brakeman/processors/lib/render_helper'
7
7
  class Brakeman::TemplateAliasProcessor < Brakeman::AliasProcessor
8
8
  include Brakeman::RenderHelper
9
9
 
10
- FORM_METHODS = Set.new([:form_for, :remote_form_for, :form_remote_for])
10
+ FORM_METHODS = Set[:form_for, :remote_form_for, :form_remote_for]
11
11
 
12
12
  def initialize tracker, template
13
13
  super()
@@ -19,7 +19,7 @@ module Brakeman::Util
19
19
 
20
20
  SESSION = Sexp.new(:call, nil, :session, Sexp.new(:arglist))
21
21
 
22
- ALL_PARAMETERS = Set.new([PARAMETERS, QUERY_PARAMETERS, PATH_PARAMETERS, REQUEST_PARAMETERS])
22
+ ALL_PARAMETERS = Set[PARAMETERS, QUERY_PARAMETERS, PATH_PARAMETERS, REQUEST_PARAMETERS]
23
23
 
24
24
  #Convert a string from "something_like_this" to "SomethingLikeThis"
25
25
  #
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "1.4.0"
2
+ Version = "1.5.0"
3
3
  end
metadata CHANGED
@@ -1,101 +1,134 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: brakeman
3
- version: !ruby/object:Gem::Version
4
- version: 1.4.0
3
+ version: !ruby/object:Gem::Version
4
+ hash: 3
5
5
  prerelease:
6
+ segments:
7
+ - 1
8
+ - 5
9
+ - 0
10
+ version: 1.5.0
6
11
  platform: ruby
7
- authors:
12
+ authors:
8
13
  - Justin Collins
9
14
  autorequire:
10
15
  bindir: bin
11
16
  cert_chain: []
12
- date: 2012-02-24 00:00:00.000000000 Z
13
- dependencies:
14
- - !ruby/object:Gem::Dependency
17
+
18
+ date: 2012-03-02 00:00:00 Z
19
+ dependencies:
20
+ - !ruby/object:Gem::Dependency
15
21
  name: activesupport
16
- requirement: &78318730 !ruby/object:Gem::Requirement
22
+ prerelease: false
23
+ requirement: &id001 !ruby/object:Gem::Requirement
17
24
  none: false
18
- requirements:
19
- - - ! '>='
20
- - !ruby/object:Gem::Version
21
- version: '0'
25
+ requirements:
26
+ - - ">="
27
+ - !ruby/object:Gem::Version
28
+ hash: 3
29
+ segments:
30
+ - 0
31
+ version: "0"
22
32
  type: :runtime
23
- prerelease: false
24
- version_requirements: *78318730
25
- - !ruby/object:Gem::Dependency
33
+ version_requirements: *id001
34
+ - !ruby/object:Gem::Dependency
26
35
  name: i18n
27
- requirement: &78318500 !ruby/object:Gem::Requirement
36
+ prerelease: false
37
+ requirement: &id002 !ruby/object:Gem::Requirement
28
38
  none: false
29
- requirements:
30
- - - ! '>='
31
- - !ruby/object:Gem::Version
32
- version: '0'
39
+ requirements:
40
+ - - ">="
41
+ - !ruby/object:Gem::Version
42
+ hash: 3
43
+ segments:
44
+ - 0
45
+ version: "0"
33
46
  type: :runtime
34
- prerelease: false
35
- version_requirements: *78318500
36
- - !ruby/object:Gem::Dependency
47
+ version_requirements: *id002
48
+ - !ruby/object:Gem::Dependency
37
49
  name: ruby2ruby
38
- requirement: &78318250 !ruby/object:Gem::Requirement
50
+ prerelease: false
51
+ requirement: &id003 !ruby/object:Gem::Requirement
39
52
  none: false
40
- requirements:
53
+ requirements:
41
54
  - - ~>
42
- - !ruby/object:Gem::Version
43
- version: '1.2'
55
+ - !ruby/object:Gem::Version
56
+ hash: 11
57
+ segments:
58
+ - 1
59
+ - 2
60
+ version: "1.2"
44
61
  type: :runtime
45
- prerelease: false
46
- version_requirements: *78318250
47
- - !ruby/object:Gem::Dependency
62
+ version_requirements: *id003
63
+ - !ruby/object:Gem::Dependency
48
64
  name: ruport
49
- requirement: &78318000 !ruby/object:Gem::Requirement
65
+ prerelease: false
66
+ requirement: &id004 !ruby/object:Gem::Requirement
50
67
  none: false
51
- requirements:
68
+ requirements:
52
69
  - - ~>
53
- - !ruby/object:Gem::Version
54
- version: '1.6'
70
+ - !ruby/object:Gem::Version
71
+ hash: 3
72
+ segments:
73
+ - 1
74
+ - 6
75
+ version: "1.6"
55
76
  type: :runtime
56
- prerelease: false
57
- version_requirements: *78318000
58
- - !ruby/object:Gem::Dependency
77
+ version_requirements: *id004
78
+ - !ruby/object:Gem::Dependency
59
79
  name: erubis
60
- requirement: &78317770 !ruby/object:Gem::Requirement
80
+ prerelease: false
81
+ requirement: &id005 !ruby/object:Gem::Requirement
61
82
  none: false
62
- requirements:
83
+ requirements:
63
84
  - - ~>
64
- - !ruby/object:Gem::Version
65
- version: '2.6'
85
+ - !ruby/object:Gem::Version
86
+ hash: 15
87
+ segments:
88
+ - 2
89
+ - 6
90
+ version: "2.6"
66
91
  type: :runtime
67
- prerelease: false
68
- version_requirements: *78317770
69
- - !ruby/object:Gem::Dependency
92
+ version_requirements: *id005
93
+ - !ruby/object:Gem::Dependency
70
94
  name: haml
71
- requirement: &78317540 !ruby/object:Gem::Requirement
95
+ prerelease: false
96
+ requirement: &id006 !ruby/object:Gem::Requirement
72
97
  none: false
73
- requirements:
98
+ requirements:
74
99
  - - ~>
75
- - !ruby/object:Gem::Version
76
- version: '3.0'
100
+ - !ruby/object:Gem::Version
101
+ hash: 7
102
+ segments:
103
+ - 3
104
+ - 0
105
+ version: "3.0"
77
106
  type: :runtime
78
- prerelease: false
79
- version_requirements: *78317540
80
- - !ruby/object:Gem::Dependency
107
+ version_requirements: *id006
108
+ - !ruby/object:Gem::Dependency
81
109
  name: sass
82
- requirement: &78317310 !ruby/object:Gem::Requirement
110
+ prerelease: false
111
+ requirement: &id007 !ruby/object:Gem::Requirement
83
112
  none: false
84
- requirements:
113
+ requirements:
85
114
  - - ~>
86
- - !ruby/object:Gem::Version
87
- version: '3.0'
115
+ - !ruby/object:Gem::Version
116
+ hash: 7
117
+ segments:
118
+ - 3
119
+ - 0
120
+ version: "3.0"
88
121
  type: :runtime
89
- prerelease: false
90
- version_requirements: *78317310
91
- description: Brakeman detects security vulnerabilities in Ruby on Rails applications
92
- via static analysis.
122
+ version_requirements: *id007
123
+ description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
93
124
  email:
94
- executables:
125
+ executables:
95
126
  - brakeman
96
127
  extensions: []
128
+
97
129
  extra_rdoc_files: []
98
- files:
130
+
131
+ files:
99
132
  - bin/brakeman
100
133
  - WARNING_TYPES
101
134
  - FEATURES
@@ -137,6 +170,7 @@ files:
137
170
  - lib/brakeman/checks/check_session_settings.rb
138
171
  - lib/brakeman/checks/check_nested_attributes.rb
139
172
  - lib/brakeman/checks/check_strip_tags.rb
173
+ - lib/brakeman/checks/check_safe_buffer_manipulation.rb
140
174
  - lib/brakeman/checks/check_sql.rb
141
175
  - lib/brakeman/checks/check_without_protection.rb
142
176
  - lib/brakeman/checks/check_mass_assignment.rb
@@ -144,6 +178,7 @@ files:
144
178
  - lib/brakeman/checks/check_cross_site_scripting.rb
145
179
  - lib/brakeman/checks/check_model_attributes.rb
146
180
  - lib/brakeman/checks/check_default_routes.rb
181
+ - lib/brakeman/checks/check_select_vulnerability.rb
147
182
  - lib/brakeman/checks/check_evaluation.rb
148
183
  - lib/brakeman/checks/check_quote_table_name.rb
149
184
  - lib/brakeman/checks/check_validation_regex.rb
@@ -152,6 +187,7 @@ files:
152
187
  - lib/brakeman/checks/check_filter_skipping.rb
153
188
  - lib/brakeman/checks/check_mail_to.rb
154
189
  - lib/brakeman/checks/check_link_to_href.rb
190
+ - lib/brakeman/checks/check_skip_before_filter.rb
155
191
  - lib/brakeman/checks/base_check.rb
156
192
  - lib/brakeman/checks/check_file_access.rb
157
193
  - lib/brakeman/checks/check_response_splitting.rb
@@ -172,26 +208,36 @@ files:
172
208
  - lib/brakeman/format/style.css
173
209
  homepage: http://brakemanscanner.org
174
210
  licenses: []
211
+
175
212
  post_install_message:
176
213
  rdoc_options: []
177
- require_paths:
214
+
215
+ require_paths:
178
216
  - lib
179
- required_ruby_version: !ruby/object:Gem::Requirement
217
+ required_ruby_version: !ruby/object:Gem::Requirement
180
218
  none: false
181
- requirements:
182
- - - ! '>='
183
- - !ruby/object:Gem::Version
184
- version: '0'
185
- required_rubygems_version: !ruby/object:Gem::Requirement
219
+ requirements:
220
+ - - ">="
221
+ - !ruby/object:Gem::Version
222
+ hash: 3
223
+ segments:
224
+ - 0
225
+ version: "0"
226
+ required_rubygems_version: !ruby/object:Gem::Requirement
186
227
  none: false
187
- requirements:
188
- - - ! '>='
189
- - !ruby/object:Gem::Version
190
- version: '0'
228
+ requirements:
229
+ - - ">="
230
+ - !ruby/object:Gem::Version
231
+ hash: 3
232
+ segments:
233
+ - 0
234
+ version: "0"
191
235
  requirements: []
236
+
192
237
  rubyforge_project:
193
238
  rubygems_version: 1.8.15
194
239
  signing_key:
195
240
  specification_version: 3
196
241
  summary: Security vulnerability scanner for Ruby on Rails.
197
242
  test_files: []
243
+