brakeman 1.5.3 → 1.6.0.pre1

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "1.5.3"
+  Version = "1.6.0.pre1"
 end

data/lib/brakeman/warning.rb

@@ -1,7 +1,7 @@
 #The Warning class stores information about warnings
 class Brakeman::Warning
   attr_reader :called_from, :check, :class, :confidence, :controller,
-    :line, :method, :model, :template, :warning_set, :warning_type
+    :line, :method, :model, :template, :user_input, :warning_set, :warning_type
 
   attr_accessor :code, :context, :file, :message
 
@@ -12,7 +12,7 @@ class Brakeman::Warning
     @view_name = nil
 
     [:called_from, :check, :class, :code, :confidence, :controller, :file, :line,
-      :message, :method, :model, :template, :warning_set, :warning_type].each do |option|
+      :message, :method, :model, :template, :user_input, :warning_set, :warning_type].each do |option|
 
       self.instance_variable_set("@#{option}", options[option])
     end
@@ -74,6 +74,12 @@ class Brakeman::Warning
     Brakeman::OutputProcessor.new.format(self.code).gsub(/(\t|\r|\n)+/, " ")
   end
 
+  #Return String of the user input formatted and
+  #stripped of newlines and tabs.
+  def format_user_input
+    Brakeman::OutputProcessor.new.format(self.user_input).gsub(/(\t|\r|\n)+/, " ")
+  end
+
   #Return formatted warning message
   def format_message
     return @format_message if @format_message
@@ -91,7 +97,7 @@ class Brakeman::Warning
     @format_message
   end
 
-  #Generates a hash suitable for inserting into a Ruport table
+  #Generates a hash suitable for inserting into a table
   def to_row type = :warning
     @row = { "Confidence" => self.confidence,
       "Warning Type" => self.warning_type.to_s,
@@ -140,8 +146,10 @@ class Brakeman::Warning
     { :warning_type => self.warning_type,
       :message => self.message,
       :file => self.file,
+      :line => self.line,
       :code => (@code && self.format_code),
       :location => location,
+      :user_input => (@user_input && self.format_user_input),
       :confidence => TEXT_CONFIDENCE[self.confidence]
     }
   end

data/lib/ruby_parser/bm_sexp.rb

@@ -20,7 +20,6 @@ class Sexp
   alias :node_type :sexp_type
   alias :values :sexp_body # TODO: retire
 
-  alias :old_init :initialize
   alias :old_push :<<
   alias :old_line :line
   alias :old_line_set :line=
@@ -30,18 +29,13 @@ class Sexp
   alias :old_fara :find_and_replace_all
   alias :old_find_node :find_node
 
-  def initialize *args
-    old_init(*args)
-    @original_line = nil
-    @my_hash_value = nil
-  end
-
   def original_line line = nil
     if line
       @my_hash_value = nil
       @original_line = line
+      self
     else
-      @original_line
+      @original_line ||= nil
     end
   end
 
@@ -53,9 +47,9 @@ class Sexp
     @my_hash_value ||= super
   end
 
-  def line *args
-    @my_hash_value = nil
-    old_line(*args)
+  def line num = nil
+    @my_hash_value = nil if num
+    old_line(num)
   end
 
   def line= *args

metadata

@@ -1,13 +1,15 @@
 --- !ruby/object:Gem::Specification 
 name: brakeman
 version: !ruby/object:Gem::Version 
-  hash: 5
-  prerelease: 
+  hash: -1001353691
+  prerelease: 6
   segments: 
   - 1
-  - 5
-  - 3
-  version: 1.5.3
+  - 6
+  - 0
+  - pre
+  - 1
+  version: 1.6.0.pre1
 platform: ruby
 authors: 
 - Justin Collins
@@ -15,7 +17,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-04-10 00:00:00 Z
+date: 2012-04-19 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: activesupport
@@ -46,9 +48,25 @@ dependencies:
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  name: ruby2ruby
+  name: ruby_parser
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 1
+        segments: 
+        - 2
+        - 3
+        - 1
+        version: 2.3.1
+  type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: ruby2ruby
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -59,11 +77,41 @@ dependencies:
         - 2
         version: "1.2"
   type: :runtime
-  version_requirements: *id003
+  version_requirements: *id004
 - !ruby/object:Gem::Dependency 
-  name: ruport
+  name: terminal-table
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 1
+        - 4
+        version: "1.4"
+  type: :runtime
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: fastercsv
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 5
+        segments: 
+        - 1
+        - 5
+        version: "1.5"
+  type: :runtime
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: highline
+  prerelease: false
+  requirement: &id007 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -74,11 +122,11 @@ dependencies:
         - 6
         version: "1.6"
   type: :runtime
-  version_requirements: *id004
+  version_requirements: *id007
 - !ruby/object:Gem::Dependency 
   name: erubis
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  requirement: &id008 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -89,11 +137,11 @@ dependencies:
         - 6
         version: "2.6"
   type: :runtime
-  version_requirements: *id005
+  version_requirements: *id008
 - !ruby/object:Gem::Dependency 
   name: haml
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  requirement: &id009 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -104,11 +152,11 @@ dependencies:
         - 0
         version: "3.0"
   type: :runtime
-  version_requirements: *id006
+  version_requirements: *id009
 - !ruby/object:Gem::Dependency 
   name: sass
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
+  requirement: &id010 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -119,7 +167,7 @@ dependencies:
         - 0
         version: "3.0"
   type: :runtime
-  version_requirements: *id007
+  version_requirements: *id010
 description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
 email: 
 executables: 
@@ -133,7 +181,6 @@ files:
 - WARNING_TYPES
 - FEATURES
 - README.md
-- lib/brakeman/brakeman.rake
 - lib/ruby_parser/ruby18_parser.rb
 - lib/ruby_parser/ruby_parser_extras.rb
 - lib/ruby_parser/bm_sexp.rb
@@ -141,6 +188,7 @@ files:
 - lib/ruby_parser/ruby_parser.rb
 - lib/ruby_parser/ruby19_parser.rb
 - lib/brakeman/warning.rb
+- lib/brakeman/differ.rb
 - lib/brakeman/processors/gem_processor.rb
 - lib/brakeman/processors/params_processor.rb
 - lib/brakeman/processors/controller_alias_processor.rb
@@ -166,6 +214,7 @@ files:
 - lib/brakeman/processors/config_processor.rb
 - lib/brakeman/processors/erubis_template_processor.rb
 - lib/brakeman/processors/template_processor.rb
+- lib/brakeman/format/style.css
 - lib/brakeman/rescanner.rb
 - lib/brakeman/checks/check_send_file.rb
 - lib/brakeman/checks/check_translate_bug.rb
@@ -201,17 +250,27 @@ files:
 - lib/brakeman/tracker.rb
 - lib/brakeman/util.rb
 - lib/brakeman/report.rb
+- lib/brakeman/templates/header.html.erb
+- lib/brakeman/templates/warning_overview.html.erb
+- lib/brakeman/templates/overview.html.erb
+- lib/brakeman/templates/controller_warnings.html.erb
+- lib/brakeman/templates/error_overview.html.erb
+- lib/brakeman/templates/controller_overview.html.erb
+- lib/brakeman/templates/security_warnings.html.erb
+- lib/brakeman/templates/model_warnings.html.erb
+- lib/brakeman/templates/view_warnings.html.erb
+- lib/brakeman/templates/template_overview.html.erb
 - lib/brakeman/parsers/rails3_erubis.rb
 - lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
 - lib/brakeman/parsers/rails2_erubis.rb
 - lib/brakeman/version.rb
 - lib/brakeman/call_index.rb
+- lib/brakeman/brakeman.rake
 - lib/brakeman/options.rb
 - lib/brakeman/scanner.rb
 - lib/brakeman/checks.rb
 - lib/brakeman/processor.rb
 - lib/brakeman.rb
-- lib/brakeman/format/style.css
 homepage: http://brakemanscanner.org
 licenses: []
 
@@ -232,12 +291,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version 
-      hash: 3
+      hash: 25
       segments: 
-      - 0
-      version: "0"
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
 requirements: []
 
 rubyforge_project: