RubyGems - brakeman - Versions diffs - 1.5.3 → 1.6.0.pre1 - Mend

brakeman 1.5.3 → 1.6.0.pre1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

data/bin/brakeman +20 -6
data/lib/brakeman.rb +21 -1
data/lib/brakeman/checks.rb +2 -7
data/lib/brakeman/checks/base_check.rb +31 -26
data/lib/brakeman/checks/check_basic_auth.rb +1 -7
data/lib/brakeman/checks/check_cross_site_scripting.rb +38 -33
data/lib/brakeman/checks/check_evaluation.rb +2 -1
data/lib/brakeman/checks/check_execute.rb +5 -1
data/lib/brakeman/checks/check_file_access.rb +6 -4
data/lib/brakeman/checks/check_link_to.rb +8 -5
data/lib/brakeman/checks/check_link_to_href.rb +6 -5
data/lib/brakeman/checks/check_mail_to.rb +2 -4
data/lib/brakeman/checks/check_mass_assignment.rb +12 -6
data/lib/brakeman/checks/check_redirect.rb +17 -14
data/lib/brakeman/checks/check_render.rb +4 -4
data/lib/brakeman/checks/check_send.rb +4 -2
data/lib/brakeman/checks/check_session_settings.rb +16 -21
data/lib/brakeman/checks/check_skip_before_filter.rb +2 -4
data/lib/brakeman/checks/check_sql.rb +8 -7
data/lib/brakeman/checks/check_validation_regex.rb +2 -4
data/lib/brakeman/checks/check_without_protection.rb +8 -9
data/lib/brakeman/differ.rb +61 -0
data/lib/brakeman/format/style.css +4 -0
data/lib/brakeman/options.rb +8 -0
data/lib/brakeman/processors/alias_processor.rb +5 -7
data/lib/brakeman/processors/controller_alias_processor.rb +10 -3
data/lib/brakeman/processors/erb_template_processor.rb +2 -0
data/lib/brakeman/processors/erubis_template_processor.rb +2 -0
data/lib/brakeman/processors/gem_processor.rb +8 -0
data/lib/brakeman/processors/haml_template_processor.rb +2 -0
data/lib/brakeman/processors/lib/rails2_route_processor.rb +2 -6
data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -4
data/lib/brakeman/processors/lib/render_helper.rb +3 -1
data/lib/brakeman/processors/library_processor.rb +4 -6
data/lib/brakeman/processors/template_alias_processor.rb +1 -1
data/lib/brakeman/report.rb +257 -198
data/lib/brakeman/rescanner.rb +112 -10
data/lib/brakeman/scanner.rb +3 -4
data/lib/brakeman/templates/controller_overview.html.erb +18 -0
data/lib/brakeman/templates/controller_warnings.html.erb +17 -0
data/lib/brakeman/templates/error_overview.html.erb +14 -0
data/lib/brakeman/templates/header.html.erb +38 -0
data/lib/brakeman/templates/model_warnings.html.erb +17 -0
data/lib/brakeman/templates/overview.html.erb +28 -0
data/lib/brakeman/templates/security_warnings.html.erb +28 -0
data/lib/brakeman/templates/template_overview.html.erb +17 -0
data/lib/brakeman/templates/view_warnings.html.erb +17 -0
data/lib/brakeman/templates/warning_overview.html.erb +13 -0
data/lib/brakeman/tracker.rb +1 -1
data/lib/brakeman/util.rb +24 -4
data/lib/brakeman/version.rb +1 -1
data/lib/brakeman/warning.rb +11 -3
data/lib/ruby_parser/bm_sexp.rb +5 -11
metadata +84 -23

data/lib/brakeman/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "1.5.3"
+  Version = "1.6.0.pre1"
 end

data/lib/brakeman/warning.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 #The Warning class stores information about warnings
 class Brakeman::Warning
   attr_reader :called_from, :check, :class, :confidence, :controller,
-    :line, :method, :model, :template, :warning_set, :warning_type
+    :line, :method, :model, :template, :user_input, :warning_set, :warning_type
   attr_accessor :code, :context, :file, :message
@@ -12,7 +12,7 @@ class Brakeman::Warning
     @view_name = nil
     [:called_from, :check, :class, :code, :confidence, :controller, :file, :line,
-      :message, :method, :model, :template, :warning_set, :warning_type].each do |option|
+      :message, :method, :model, :template, :user_input, :warning_set, :warning_type].each do |option|
       self.instance_variable_set("@#{option}", options[option])
     end
@@ -74,6 +74,12 @@ class Brakeman::Warning
     Brakeman::OutputProcessor.new.format(self.code).gsub(/(\t|\r|\n)+/, " ")
   end
+  #Return String of the user input formatted and
+  #stripped of newlines and tabs.
+  def format_user_input
+    Brakeman::OutputProcessor.new.format(self.user_input).gsub(/(\t|\r|\n)+/, " ")
+  end
   #Return formatted warning message
   def format_message
     return @format_message if @format_message
@@ -91,7 +97,7 @@ class Brakeman::Warning
     @format_message
   end
-  #Generates a hash suitable for inserting into a Ruport table
+  #Generates a hash suitable for inserting into a table
   def to_row type = :warning
     @row = { "Confidence" => self.confidence,
       "Warning Type" => self.warning_type.to_s,
@@ -140,8 +146,10 @@ class Brakeman::Warning
     { :warning_type => self.warning_type,
       :message => self.message,
       :file => self.file,
+      :line => self.line,
       :code => (@code && self.format_code),
       :location => location,
+      :user_input => (@user_input && self.format_user_input),
       :confidence => TEXT_CONFIDENCE[self.confidence]
     }
   end

data/lib/ruby_parser/bm_sexp.rb CHANGED Viewed

@@ -20,7 +20,6 @@ class Sexp
   alias :node_type :sexp_type
   alias :values :sexp_body # TODO: retire
-  alias :old_init :initialize
   alias :old_push :<<
   alias :old_line :line
   alias :old_line_set :line=
@@ -30,18 +29,13 @@ class Sexp
   alias :old_fara :find_and_replace_all
   alias :old_find_node :find_node
-  def initialize *args
-    old_init(*args)
-    @original_line = nil
-    @my_hash_value = nil
-  end
   def original_line line = nil
     if line
       @my_hash_value = nil
       @original_line = line
+      self
     else
-      @original_line
+      @original_line ||= nil
     end
   end
@@ -53,9 +47,9 @@ class Sexp
     @my_hash_value ||= super
   end
-  def line *args
-    @my_hash_value = nil
-    old_line(*args)
+  def line num = nil
+    @my_hash_value = nil if num
+    old_line(num)
   end
   def line= *args

metadata CHANGED Viewed

@@ -1,13 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: brakeman
 version: !ruby/object:Gem::Version
-  hash: 5
-  prerelease:
+  hash: -1001353691
+  prerelease: 6
   segments:
   - 1
-  - 5
-  - 3
-  version: 1.5.3
+  - 6
+  - 0
+  - pre
+  - 1
+  version: 1.6.0.pre1
 platform: ruby
 authors:
 - Justin Collins
@@ -15,7 +17,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-04-10 00:00:00 Z
+date: 2012-04-19 00:00:00 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -46,9 +48,25 @@ dependencies:
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency
-  name: ruby2ruby
+  name: ruby_parser
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - "="
+      - !ruby/object:Gem::Version
+        hash: 1
+        segments:
+        - 2
+        - 3
+        - 1
+        version: 2.3.1
+  type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency
+  name: ruby2ruby
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -59,11 +77,41 @@ dependencies:
         - 2
         version: "1.2"
   type: :runtime
-  version_requirements: *id003
+  version_requirements: *id004
 - !ruby/object:Gem::Dependency
-  name: ruport
+  name: terminal-table
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
+  requirement: &id005 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        hash: 7
+        segments:
+        - 1
+        - 4
+        version: "1.4"
+  type: :runtime
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency
+  name: fastercsv
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        hash: 5
+        segments:
+        - 1
+        - 5
+        version: "1.5"
+  type: :runtime
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency
+  name: highline
+  prerelease: false
+  requirement: &id007 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -74,11 +122,11 @@ dependencies:
         - 6
         version: "1.6"
   type: :runtime
-  version_requirements: *id004
+  version_requirements: *id007
 - !ruby/object:Gem::Dependency
   name: erubis
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement
+  requirement: &id008 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -89,11 +137,11 @@ dependencies:
         - 6
         version: "2.6"
   type: :runtime
-  version_requirements: *id005
+  version_requirements: *id008
 - !ruby/object:Gem::Dependency
   name: haml
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement
+  requirement: &id009 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -104,11 +152,11 @@ dependencies:
         - 0
         version: "3.0"
   type: :runtime
-  version_requirements: *id006
+  version_requirements: *id009
 - !ruby/object:Gem::Dependency
   name: sass
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement
+  requirement: &id010 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -119,7 +167,7 @@ dependencies:
         - 0
         version: "3.0"
   type: :runtime
-  version_requirements: *id007
+  version_requirements: *id010
 description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
 email:
 executables:
@@ -133,7 +181,6 @@ files:
 - WARNING_TYPES
 - FEATURES
 - README.md
-- lib/brakeman/brakeman.rake
 - lib/ruby_parser/ruby18_parser.rb
 - lib/ruby_parser/ruby_parser_extras.rb
 - lib/ruby_parser/bm_sexp.rb
@@ -141,6 +188,7 @@ files:
 - lib/ruby_parser/ruby_parser.rb
 - lib/ruby_parser/ruby19_parser.rb
 - lib/brakeman/warning.rb
+- lib/brakeman/differ.rb
 - lib/brakeman/processors/gem_processor.rb
 - lib/brakeman/processors/params_processor.rb
 - lib/brakeman/processors/controller_alias_processor.rb
@@ -166,6 +214,7 @@ files:
 - lib/brakeman/processors/config_processor.rb
 - lib/brakeman/processors/erubis_template_processor.rb
 - lib/brakeman/processors/template_processor.rb
+- lib/brakeman/format/style.css
 - lib/brakeman/rescanner.rb
 - lib/brakeman/checks/check_send_file.rb
 - lib/brakeman/checks/check_translate_bug.rb
@@ -201,17 +250,27 @@ files:
 - lib/brakeman/tracker.rb
 - lib/brakeman/util.rb
 - lib/brakeman/report.rb
+- lib/brakeman/templates/header.html.erb
+- lib/brakeman/templates/warning_overview.html.erb
+- lib/brakeman/templates/overview.html.erb
+- lib/brakeman/templates/controller_warnings.html.erb
+- lib/brakeman/templates/error_overview.html.erb
+- lib/brakeman/templates/controller_overview.html.erb
+- lib/brakeman/templates/security_warnings.html.erb
+- lib/brakeman/templates/model_warnings.html.erb
+- lib/brakeman/templates/view_warnings.html.erb
+- lib/brakeman/templates/template_overview.html.erb
 - lib/brakeman/parsers/rails3_erubis.rb
 - lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
 - lib/brakeman/parsers/rails2_erubis.rb
 - lib/brakeman/version.rb
 - lib/brakeman/call_index.rb
+- lib/brakeman/brakeman.rake
 - lib/brakeman/options.rb
 - lib/brakeman/scanner.rb
 - lib/brakeman/checks.rb
 - lib/brakeman/processor.rb
 - lib/brakeman.rb
-- lib/brakeman/format/style.css
 homepage: http://brakemanscanner.org
 licenses: []
@@ -232,12 +291,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      hash: 3
+      hash: 25
       segments:
-      - 0
-      version: "0"
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
 requirements: []
 rubyforge_project: