brakeman 1.6.2 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/brakeman/checks.rb +14 -5
- data/lib/brakeman/checks/base_check.rb +19 -7
- data/lib/brakeman/checks/check_digest_dos.rb +37 -0
- data/lib/brakeman/checks/check_escape_function.rb +2 -1
- data/lib/brakeman/checks/check_file_access.rb +40 -23
- data/lib/brakeman/checks/check_filter_skipping.rb +2 -1
- data/lib/brakeman/checks/check_forgery_setting.rb +7 -4
- data/lib/brakeman/checks/check_link_to.rb +6 -3
- data/lib/brakeman/checks/check_link_to_href.rb +4 -2
- data/lib/brakeman/checks/check_nested_attributes.rb +3 -2
- data/lib/brakeman/checks/check_quote_table_name.rb +2 -1
- data/lib/brakeman/checks/check_response_splitting.rb +2 -1
- data/lib/brakeman/checks/check_sql.rb +10 -7
- data/lib/brakeman/checks/check_strip_tags.rb +2 -1
- data/lib/brakeman/checks/check_validation_regex.rb +1 -1
- data/lib/brakeman/checks/check_without_protection.rb +2 -9
- data/lib/brakeman/format/style.css +4 -0
- data/lib/brakeman/processors/alias_processor.rb +10 -10
- data/lib/brakeman/processors/base_processor.rb +4 -11
- data/lib/brakeman/processors/controller_processor.rb +9 -1
- data/lib/brakeman/processors/lib/rails3_route_processor.rb +96 -31
- data/lib/brakeman/processors/lib/render_helper.rb +3 -2
- data/lib/brakeman/processors/lib/route_helper.rb +21 -0
- data/lib/brakeman/processors/library_processor.rb +10 -1
- data/lib/brakeman/processors/model_processor.rb +8 -1
- data/lib/brakeman/processors/template_processor.rb +0 -1
- data/lib/brakeman/report.rb +10 -0
- data/lib/brakeman/scanner.rb +2 -0
- data/lib/brakeman/util.rb +1 -2
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +19 -1
- data/lib/ruby_parser/bm_sexp_processor.rb +231 -0
- metadata +81 -79
data/lib/brakeman/report.rb
CHANGED
@@ -96,6 +96,7 @@ class Brakeman::Report
|
|
96
96
|
if html
|
97
97
|
w["Confidence"] = HTML_CONFIDENCE[w["Confidence"]]
|
98
98
|
w["Message"] = with_context warning, w["Message"]
|
99
|
+
w["Warning Type"] = with_link warning, w["Warning Type"]
|
99
100
|
else
|
100
101
|
w["Confidence"] = TEXT_CONFIDENCE[w["Confidence"]]
|
101
102
|
w["Message"] = text_message warning, w["Message"]
|
@@ -134,6 +135,7 @@ class Brakeman::Report
|
|
134
135
|
if html
|
135
136
|
w["Confidence"] = HTML_CONFIDENCE[w["Confidence"]]
|
136
137
|
w["Message"] = with_context warning, w["Message"]
|
138
|
+
w["Warning Type"] = with_link warning, w["Warning Type"]
|
137
139
|
else
|
138
140
|
w["Confidence"] = TEXT_CONFIDENCE[w["Confidence"]]
|
139
141
|
w["Message"] = text_message warning, w["Message"]
|
@@ -170,6 +172,7 @@ class Brakeman::Report
|
|
170
172
|
if html
|
171
173
|
w["Confidence"] = HTML_CONFIDENCE[w["Confidence"]]
|
172
174
|
w["Message"] = with_context warning, w["Message"]
|
175
|
+
w["Warning Type"] = with_link warning, w["Warning Type"]
|
173
176
|
else
|
174
177
|
w["Confidence"] = TEXT_CONFIDENCE[w["Confidence"]]
|
175
178
|
w["Message"] = text_message warning, w["Message"]
|
@@ -206,6 +209,7 @@ class Brakeman::Report
|
|
206
209
|
if html
|
207
210
|
w["Confidence"] = HTML_CONFIDENCE[w["Confidence"]]
|
208
211
|
w["Message"] = with_context warning, w["Message"]
|
212
|
+
w["Warning Type"] = with_link warning, w["Warning Type"]
|
209
213
|
else
|
210
214
|
w["Confidence"] = TEXT_CONFIDENCE[w["Confidence"]]
|
211
215
|
w["Message"] = text_message warning, w["Message"]
|
@@ -595,6 +599,10 @@ class Brakeman::Report
|
|
595
599
|
output << "</table></div>"
|
596
600
|
end
|
597
601
|
|
602
|
+
def with_link warning, message
|
603
|
+
"<a href=\"#{warning.link}\">#{message}</a>"
|
604
|
+
end
|
605
|
+
|
598
606
|
#Generated tab-separated output suitable for the Jenkins Brakeman Plugin:
|
599
607
|
#https://github.com/presidentbeef/brakeman-jenkins-plugin
|
600
608
|
def to_tabs
|
@@ -630,6 +638,8 @@ class Brakeman::Report
|
|
630
638
|
w.file = file_for w
|
631
639
|
end
|
632
640
|
end
|
641
|
+
|
642
|
+
report[:config] = tracker.config
|
633
643
|
|
634
644
|
report
|
635
645
|
end
|
data/lib/brakeman/scanner.rb
CHANGED
data/lib/brakeman/util.rb
CHANGED
@@ -1,4 +1,3 @@
|
|
1
|
-
require 'sexp_processor'
|
2
1
|
require 'set'
|
3
2
|
require 'active_support/inflector'
|
4
3
|
|
@@ -352,7 +351,7 @@ module Brakeman::Util
|
|
352
351
|
|
353
352
|
lines.map do |line|
|
354
353
|
if line.chomp.length > @terminal_width
|
355
|
-
line[0..(@terminal_width - 3)] + "
|
354
|
+
line[0..(@terminal_width - 3)] + ">>\n"
|
356
355
|
else
|
357
356
|
line
|
358
357
|
end
|
data/lib/brakeman/version.rb
CHANGED
data/lib/brakeman/warning.rb
CHANGED
@@ -11,7 +11,7 @@ class Brakeman::Warning
|
|
11
11
|
def initialize options = {}
|
12
12
|
@view_name = nil
|
13
13
|
|
14
|
-
[:called_from, :check, :class, :code, :confidence, :controller, :file, :line,
|
14
|
+
[:called_from, :check, :class, :code, :confidence, :controller, :file, :line, :link_path,
|
15
15
|
:message, :method, :model, :template, :user_input, :warning_set, :warning_type].each do |option|
|
16
16
|
|
17
17
|
self.instance_variable_set("@#{option}", options[option])
|
@@ -101,6 +101,23 @@ class Brakeman::Warning
|
|
101
101
|
@format_message
|
102
102
|
end
|
103
103
|
|
104
|
+
def link
|
105
|
+
return @link if @link
|
106
|
+
|
107
|
+
if @link_path
|
108
|
+
if @link_path.start_with? "http"
|
109
|
+
@link = @link_path
|
110
|
+
else
|
111
|
+
@link = "http://brakemanscanner.org/docs/warning_types/#{@link_path}"
|
112
|
+
end
|
113
|
+
else
|
114
|
+
warning_path = self.warning_type.to_s.downcase.gsub(/\s+/, '_') + "/"
|
115
|
+
@link = "http://brakemanscanner.org/docs/warning_types/#{warning_path}"
|
116
|
+
end
|
117
|
+
|
118
|
+
@link
|
119
|
+
end
|
120
|
+
|
104
121
|
#Generates a hash suitable for inserting into a table
|
105
122
|
def to_row type = :warning
|
106
123
|
@row = { "Confidence" => self.confidence,
|
@@ -151,6 +168,7 @@ class Brakeman::Warning
|
|
151
168
|
:message => self.message,
|
152
169
|
:file => self.file,
|
153
170
|
:line => self.line,
|
171
|
+
:link => self.link,
|
154
172
|
:code => (@code && self.format_code),
|
155
173
|
:location => location,
|
156
174
|
:user_input => (@user_input && self.format_user_input),
|
@@ -0,0 +1,231 @@
|
|
1
|
+
##
|
2
|
+
# SexpProcessor provides a uniform interface to process Sexps.
|
3
|
+
#
|
4
|
+
# In order to create your own SexpProcessor subclass you'll need
|
5
|
+
# to call super in the initialize method, then set any of the
|
6
|
+
# Sexp flags you want to be different from the defaults.
|
7
|
+
#
|
8
|
+
# SexpProcessor uses a Sexp's type to determine which process method
|
9
|
+
# to call in the subclass. For Sexp <code>s(:lit, 1)</code>
|
10
|
+
# SexpProcessor will call #process_lit, if it is defined.
|
11
|
+
#
|
12
|
+
|
13
|
+
class Brakeman::SexpProcessor
|
14
|
+
|
15
|
+
VERSION = 'CUSTOM'
|
16
|
+
|
17
|
+
##
|
18
|
+
# Return a stack of contexts. Most recent node is first.
|
19
|
+
|
20
|
+
attr_reader :context
|
21
|
+
|
22
|
+
##
|
23
|
+
# Expected result class
|
24
|
+
|
25
|
+
attr_accessor :expected
|
26
|
+
|
27
|
+
##
|
28
|
+
# A scoped environment to make you happy.
|
29
|
+
|
30
|
+
attr_reader :env
|
31
|
+
|
32
|
+
##
|
33
|
+
# Creates a new SexpProcessor. Use super to invoke this
|
34
|
+
# initializer from SexpProcessor subclasses, then use the
|
35
|
+
# attributes above to customize the functionality of the
|
36
|
+
# SexpProcessor
|
37
|
+
|
38
|
+
def initialize
|
39
|
+
@expected = Sexp
|
40
|
+
|
41
|
+
# we do this on an instance basis so we can subclass it for
|
42
|
+
# different processors.
|
43
|
+
@processors = {}
|
44
|
+
@context = []
|
45
|
+
|
46
|
+
public_methods.each do |name|
|
47
|
+
if name.to_s.start_with? "process_" then
|
48
|
+
@processors[name[8..-1].to_sym] = name.to_sym
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
##
|
54
|
+
# Default Sexp processor. Invokes process_<type> methods matching
|
55
|
+
# the Sexp type given. Performs additional checks as specified by
|
56
|
+
# the initializer.
|
57
|
+
|
58
|
+
def process(exp)
|
59
|
+
return nil if exp.nil?
|
60
|
+
|
61
|
+
result = nil
|
62
|
+
|
63
|
+
type = exp.first
|
64
|
+
raise "type should be a Symbol, not: #{exp.first.inspect}" unless
|
65
|
+
Symbol === type
|
66
|
+
|
67
|
+
in_context type do
|
68
|
+
# now do a pass with the real processor (or generic)
|
69
|
+
meth = @processors[type]
|
70
|
+
if meth then
|
71
|
+
if $DEBUG
|
72
|
+
result = error_handler(type) do
|
73
|
+
self.send(meth, exp)
|
74
|
+
end
|
75
|
+
else
|
76
|
+
result = self.send(meth, exp)
|
77
|
+
end
|
78
|
+
|
79
|
+
else
|
80
|
+
result = self.process_default(exp)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
raise SexpTypeError, "Result must be a #{@expected}, was #{result.class}:#{result.inspect}" unless @expected === result
|
85
|
+
|
86
|
+
result
|
87
|
+
end
|
88
|
+
|
89
|
+
def error_handler(type, exp=nil) # :nodoc:
|
90
|
+
begin
|
91
|
+
return yield
|
92
|
+
rescue StandardError => err
|
93
|
+
warn "#{err.class} Exception thrown while processing #{type} for sexp #{exp.inspect} #{caller.inspect}" if $DEBUG
|
94
|
+
raise
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
##
|
99
|
+
# A fairly generic processor for a dummy node. Dummy nodes are used
|
100
|
+
# when your processor is doing a complicated rewrite that replaces
|
101
|
+
# the current sexp with multiple sexps.
|
102
|
+
#
|
103
|
+
# Bogus Example:
|
104
|
+
#
|
105
|
+
# def process_something(exp)
|
106
|
+
# return s(:dummy, process(exp), s(:extra, 42))
|
107
|
+
# end
|
108
|
+
|
109
|
+
def process_dummy(exp)
|
110
|
+
result = @expected.new(:dummy) rescue @expected.new
|
111
|
+
|
112
|
+
until exp.empty? do
|
113
|
+
result << self.process(exp.shift)
|
114
|
+
end
|
115
|
+
|
116
|
+
result
|
117
|
+
end
|
118
|
+
|
119
|
+
##
|
120
|
+
# Add a scope level to the current env. Eg:
|
121
|
+
#
|
122
|
+
# def process_defn exp
|
123
|
+
# name = exp.shift
|
124
|
+
# args = process(exp.shift)
|
125
|
+
# scope do
|
126
|
+
# body = process(exp.shift)
|
127
|
+
# # ...
|
128
|
+
# end
|
129
|
+
# end
|
130
|
+
#
|
131
|
+
# env[:x] = 42
|
132
|
+
# scope do
|
133
|
+
# env[:x] # => 42
|
134
|
+
# env[:y] = 24
|
135
|
+
# end
|
136
|
+
# env[:y] # => nil
|
137
|
+
|
138
|
+
def scope &block
|
139
|
+
env.scope(&block)
|
140
|
+
end
|
141
|
+
|
142
|
+
def in_context type
|
143
|
+
self.context.unshift type
|
144
|
+
|
145
|
+
yield
|
146
|
+
|
147
|
+
self.context.shift
|
148
|
+
end
|
149
|
+
|
150
|
+
##
|
151
|
+
# I really hate this here, but I hate subdirs in my lib dir more...
|
152
|
+
# I guess it is kinda like shaving... I'll split this out when it
|
153
|
+
# itches too much...
|
154
|
+
|
155
|
+
class Environment
|
156
|
+
def initialize
|
157
|
+
@env = []
|
158
|
+
@env.unshift({})
|
159
|
+
end
|
160
|
+
|
161
|
+
def all
|
162
|
+
@env.reverse.inject { |env, scope| env.merge scope }
|
163
|
+
end
|
164
|
+
|
165
|
+
def depth
|
166
|
+
@env.length
|
167
|
+
end
|
168
|
+
|
169
|
+
# TODO: depth_of
|
170
|
+
|
171
|
+
def [] name
|
172
|
+
hash = @env.find { |closure| closure.has_key? name }
|
173
|
+
hash[name] if hash
|
174
|
+
end
|
175
|
+
|
176
|
+
def []= name, val
|
177
|
+
hash = @env.find { |closure| closure.has_key? name } || @env.first
|
178
|
+
hash[name] = val
|
179
|
+
end
|
180
|
+
|
181
|
+
def scope
|
182
|
+
@env.unshift({})
|
183
|
+
begin
|
184
|
+
yield
|
185
|
+
ensure
|
186
|
+
@env.shift
|
187
|
+
raise "You went too far unextending env" if @env.empty?
|
188
|
+
end
|
189
|
+
end
|
190
|
+
end
|
191
|
+
end
|
192
|
+
|
193
|
+
class Object
|
194
|
+
|
195
|
+
##
|
196
|
+
# deep_clone is the usual Marshalling hack to make a deep copy.
|
197
|
+
# It is rather slow, so use it sparingly. Helps with debugging
|
198
|
+
# SexpProcessors since you usually shift off sexps.
|
199
|
+
|
200
|
+
def deep_clone
|
201
|
+
Marshal.load(Marshal.dump(self))
|
202
|
+
end
|
203
|
+
end
|
204
|
+
|
205
|
+
##
|
206
|
+
# SexpProcessor base exception class.
|
207
|
+
|
208
|
+
class SexpProcessorError < StandardError; end
|
209
|
+
|
210
|
+
##
|
211
|
+
# Raised by SexpProcessor if it sees a node type listed in its
|
212
|
+
# unsupported list.
|
213
|
+
|
214
|
+
class UnsupportedNodeError < SexpProcessorError; end
|
215
|
+
|
216
|
+
##
|
217
|
+
# Raised by SexpProcessor if it is in strict mode and sees a node for
|
218
|
+
# which there is no processor available.
|
219
|
+
|
220
|
+
class UnknownNodeError < SexpProcessorError; end
|
221
|
+
|
222
|
+
##
|
223
|
+
# Raised by SexpProcessor if a processor did not process every node in
|
224
|
+
# a sexp and @require_empty is true.
|
225
|
+
|
226
|
+
class NotEmptyError < SexpProcessorError; end
|
227
|
+
|
228
|
+
##
|
229
|
+
# Raised if assert_type encounters an unexpected sexp type.
|
230
|
+
|
231
|
+
class SexpTypeError < SexpProcessorError; end
|
metadata
CHANGED
@@ -5,9 +5,9 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 1
|
8
|
-
-
|
9
|
-
-
|
10
|
-
version: 1.
|
8
|
+
- 7
|
9
|
+
- 0
|
10
|
+
version: 1.7.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Justin Collins
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2012-
|
18
|
+
date: 2012-07-31 00:00:00 Z
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
21
|
name: activesupport
|
@@ -193,94 +193,96 @@ files:
|
|
193
193
|
- WARNING_TYPES
|
194
194
|
- FEATURES
|
195
195
|
- README.md
|
196
|
-
- lib/
|
197
|
-
- lib/ruby_parser/ruby_parser_extras.rb
|
198
|
-
- lib/ruby_parser/bm_sexp.rb
|
199
|
-
- lib/ruby_parser/ruby_lexer.rb
|
200
|
-
- lib/ruby_parser/ruby_parser.rb
|
201
|
-
- lib/ruby_parser/ruby19_parser.rb
|
202
|
-
- lib/brakeman/warning.rb
|
196
|
+
- lib/brakeman/version.rb
|
203
197
|
- lib/brakeman/differ.rb
|
204
|
-
- lib/brakeman/
|
205
|
-
- lib/brakeman/
|
206
|
-
- lib/brakeman/
|
207
|
-
- lib/brakeman/
|
208
|
-
- lib/brakeman/
|
209
|
-
- lib/brakeman/
|
210
|
-
- lib/brakeman/
|
211
|
-
- lib/brakeman/processors/template_alias_processor.rb
|
212
|
-
- lib/brakeman/processors/route_processor.rb
|
213
|
-
- lib/brakeman/processors/model_processor.rb
|
214
|
-
- lib/brakeman/processors/lib/find_all_calls.rb
|
215
|
-
- lib/brakeman/processors/lib/find_call.rb
|
216
|
-
- lib/brakeman/processors/lib/processor_helper.rb
|
217
|
-
- lib/brakeman/processors/lib/rails3_route_processor.rb
|
218
|
-
- lib/brakeman/processors/lib/route_helper.rb
|
219
|
-
- lib/brakeman/processors/lib/rails2_config_processor.rb
|
220
|
-
- lib/brakeman/processors/lib/rails2_route_processor.rb
|
221
|
-
- lib/brakeman/processors/lib/render_helper.rb
|
222
|
-
- lib/brakeman/processors/lib/rails3_config_processor.rb
|
223
|
-
- lib/brakeman/processors/alias_processor.rb
|
224
|
-
- lib/brakeman/processors/output_processor.rb
|
225
|
-
- lib/brakeman/processors/config_processor.rb
|
226
|
-
- lib/brakeman/processors/erubis_template_processor.rb
|
227
|
-
- lib/brakeman/processors/template_processor.rb
|
198
|
+
- lib/brakeman/util.rb
|
199
|
+
- lib/brakeman/brakeman.rake
|
200
|
+
- lib/brakeman/call_index.rb
|
201
|
+
- lib/brakeman/tracker.rb
|
202
|
+
- lib/brakeman/report.rb
|
203
|
+
- lib/brakeman/scanner.rb
|
204
|
+
- lib/brakeman/processor.rb
|
228
205
|
- lib/brakeman/format/style.css
|
229
|
-
- lib/brakeman/
|
230
|
-
- lib/brakeman/checks/check_send_file.rb
|
231
|
-
- lib/brakeman/checks/check_translate_bug.rb
|
232
|
-
- lib/brakeman/checks/check_session_settings.rb
|
233
|
-
- lib/brakeman/checks/check_nested_attributes.rb
|
234
|
-
- lib/brakeman/checks/check_strip_tags.rb
|
235
|
-
- lib/brakeman/checks/check_safe_buffer_manipulation.rb
|
236
|
-
- lib/brakeman/checks/check_sql.rb
|
237
|
-
- lib/brakeman/checks/check_without_protection.rb
|
238
|
-
- lib/brakeman/checks/check_mass_assignment.rb
|
206
|
+
- lib/brakeman/checks/check_select_vulnerability.rb
|
239
207
|
- lib/brakeman/checks/check_escape_function.rb
|
240
|
-
- lib/brakeman/checks/
|
208
|
+
- lib/brakeman/checks/check_basic_auth.rb
|
209
|
+
- lib/brakeman/checks/check_safe_buffer_manipulation.rb
|
210
|
+
- lib/brakeman/checks/check_forgery_setting.rb
|
211
|
+
- lib/brakeman/checks/check_session_settings.rb
|
241
212
|
- lib/brakeman/checks/check_model_attributes.rb
|
242
|
-
- lib/brakeman/checks/
|
243
|
-
- lib/brakeman/checks/
|
244
|
-
- lib/brakeman/checks/
|
245
|
-
- lib/brakeman/checks/check_quote_table_name.rb
|
246
|
-
- lib/brakeman/checks/check_validation_regex.rb
|
247
|
-
- lib/brakeman/checks/check_link_to.rb
|
248
|
-
- lib/brakeman/checks/check_execute.rb
|
249
|
-
- lib/brakeman/checks/check_filter_skipping.rb
|
213
|
+
- lib/brakeman/checks/check_redirect.rb
|
214
|
+
- lib/brakeman/checks/check_skip_before_filter.rb
|
215
|
+
- lib/brakeman/checks/check_response_splitting.rb
|
250
216
|
- lib/brakeman/checks/check_mail_to.rb
|
217
|
+
- lib/brakeman/checks/check_sql.rb
|
218
|
+
- lib/brakeman/checks/check_mass_assignment.rb
|
251
219
|
- lib/brakeman/checks/check_link_to_href.rb
|
252
|
-
- lib/brakeman/checks/
|
253
|
-
- lib/brakeman/checks/base_check.rb
|
220
|
+
- lib/brakeman/checks/check_filter_skipping.rb
|
254
221
|
- lib/brakeman/checks/check_file_access.rb
|
255
|
-
- lib/brakeman/checks/
|
256
|
-
- lib/brakeman/checks/
|
257
|
-
- lib/brakeman/checks/
|
258
|
-
- lib/brakeman/checks/
|
259
|
-
- lib/brakeman/checks/check_forgery_setting.rb
|
222
|
+
- lib/brakeman/checks/base_check.rb
|
223
|
+
- lib/brakeman/checks/check_validation_regex.rb
|
224
|
+
- lib/brakeman/checks/check_evaluation.rb
|
225
|
+
- lib/brakeman/checks/check_digest_dos.rb
|
260
226
|
- lib/brakeman/checks/check_render.rb
|
261
|
-
- lib/brakeman/
|
262
|
-
- lib/brakeman/
|
263
|
-
- lib/brakeman/
|
264
|
-
- lib/brakeman/
|
265
|
-
- lib/brakeman/
|
227
|
+
- lib/brakeman/checks/check_send_file.rb
|
228
|
+
- lib/brakeman/checks/check_execute.rb
|
229
|
+
- lib/brakeman/checks/check_translate_bug.rb
|
230
|
+
- lib/brakeman/checks/check_default_routes.rb
|
231
|
+
- lib/brakeman/checks/check_link_to.rb
|
232
|
+
- lib/brakeman/checks/check_quote_table_name.rb
|
233
|
+
- lib/brakeman/checks/check_send.rb
|
234
|
+
- lib/brakeman/checks/check_cross_site_scripting.rb
|
235
|
+
- lib/brakeman/checks/check_strip_tags.rb
|
236
|
+
- lib/brakeman/checks/check_nested_attributes.rb
|
237
|
+
- lib/brakeman/checks/check_without_protection.rb
|
238
|
+
- lib/brakeman/checks.rb
|
239
|
+
- lib/brakeman/templates/controller_overview.html.erb
|
240
|
+
- lib/brakeman/templates/model_warnings.html.erb
|
241
|
+
- lib/brakeman/templates/template_overview.html.erb
|
242
|
+
- lib/brakeman/templates/view_warnings.html.erb
|
266
243
|
- lib/brakeman/templates/overview.html.erb
|
267
244
|
- lib/brakeman/templates/controller_warnings.html.erb
|
245
|
+
- lib/brakeman/templates/header.html.erb
|
268
246
|
- lib/brakeman/templates/error_overview.html.erb
|
269
|
-
- lib/brakeman/templates/controller_overview.html.erb
|
270
247
|
- lib/brakeman/templates/security_warnings.html.erb
|
271
|
-
- lib/brakeman/templates/
|
272
|
-
- lib/brakeman/
|
273
|
-
- lib/brakeman/
|
248
|
+
- lib/brakeman/templates/warning_overview.html.erb
|
249
|
+
- lib/brakeman/processors/controller_alias_processor.rb
|
250
|
+
- lib/brakeman/processors/lib/route_helper.rb
|
251
|
+
- lib/brakeman/processors/lib/rails2_route_processor.rb
|
252
|
+
- lib/brakeman/processors/lib/render_helper.rb
|
253
|
+
- lib/brakeman/processors/lib/rails2_config_processor.rb
|
254
|
+
- lib/brakeman/processors/lib/rails3_route_processor.rb
|
255
|
+
- lib/brakeman/processors/lib/processor_helper.rb
|
256
|
+
- lib/brakeman/processors/lib/rails3_config_processor.rb
|
257
|
+
- lib/brakeman/processors/lib/find_all_calls.rb
|
258
|
+
- lib/brakeman/processors/lib/find_call.rb
|
259
|
+
- lib/brakeman/processors/template_alias_processor.rb
|
260
|
+
- lib/brakeman/processors/model_processor.rb
|
261
|
+
- lib/brakeman/processors/output_processor.rb
|
262
|
+
- lib/brakeman/processors/library_processor.rb
|
263
|
+
- lib/brakeman/processors/erb_template_processor.rb
|
264
|
+
- lib/brakeman/processors/template_processor.rb
|
265
|
+
- lib/brakeman/processors/alias_processor.rb
|
266
|
+
- lib/brakeman/processors/config_processor.rb
|
267
|
+
- lib/brakeman/processors/gem_processor.rb
|
268
|
+
- lib/brakeman/processors/erubis_template_processor.rb
|
269
|
+
- lib/brakeman/processors/route_processor.rb
|
270
|
+
- lib/brakeman/processors/controller_processor.rb
|
271
|
+
- lib/brakeman/processors/haml_template_processor.rb
|
272
|
+
- lib/brakeman/processors/base_processor.rb
|
273
|
+
- lib/brakeman/warning.rb
|
274
|
+
- lib/brakeman/options.rb
|
275
|
+
- lib/brakeman/rescanner.rb
|
276
|
+
- lib/brakeman/parsers/rails2_erubis.rb
|
274
277
|
- lib/brakeman/parsers/rails3_erubis.rb
|
275
278
|
- lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
|
276
|
-
- lib/
|
277
|
-
- lib/
|
278
|
-
- lib/
|
279
|
-
- lib/
|
280
|
-
- lib/
|
281
|
-
- lib/
|
282
|
-
- lib/
|
283
|
-
- lib/brakeman/processor.rb
|
279
|
+
- lib/ruby_parser/ruby_lexer.rb
|
280
|
+
- lib/ruby_parser/bm_sexp.rb
|
281
|
+
- lib/ruby_parser/ruby_parser_extras.rb
|
282
|
+
- lib/ruby_parser/ruby_parser.rb
|
283
|
+
- lib/ruby_parser/ruby19_parser.rb
|
284
|
+
- lib/ruby_parser/ruby18_parser.rb
|
285
|
+
- lib/ruby_parser/bm_sexp_processor.rb
|
284
286
|
- lib/brakeman.rb
|
285
287
|
homepage: http://brakemanscanner.org
|
286
288
|
licenses: []
|
@@ -311,7 +313,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
311
313
|
requirements: []
|
312
314
|
|
313
315
|
rubyforge_project:
|
314
|
-
rubygems_version: 1.8.
|
316
|
+
rubygems_version: 1.8.24
|
315
317
|
signing_key:
|
316
318
|
specification_version: 3
|
317
319
|
summary: Security vulnerability scanner for Ruby on Rails.
|