brakeman 2.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. data/CHANGES +20 -0
  2. data/README.md +6 -1
  3. data/bin/brakeman +13 -3
  4. data/lib/brakeman.rb +64 -7
  5. data/lib/brakeman/call_index.rb +6 -4
  6. data/lib/brakeman/checks/check_basic_auth.rb +47 -2
  7. data/lib/brakeman/checks/check_cross_site_scripting.rb +50 -12
  8. data/lib/brakeman/checks/check_execute.rb +4 -1
  9. data/lib/brakeman/checks/check_model_attr_accessible.rb +48 -0
  10. data/lib/brakeman/checks/check_sql.rb +101 -154
  11. data/lib/brakeman/options.rb +16 -0
  12. data/lib/brakeman/parsers/rails2_erubis.rb +2 -0
  13. data/lib/brakeman/parsers/rails2_xss_plugin_erubis.rb +2 -0
  14. data/lib/brakeman/parsers/rails3_erubis.rb +2 -0
  15. data/lib/brakeman/processors/alias_processor.rb +19 -4
  16. data/lib/brakeman/processors/controller_alias_processor.rb +2 -3
  17. data/lib/brakeman/processors/gem_processor.rb +5 -4
  18. data/lib/brakeman/processors/lib/find_all_calls.rb +43 -16
  19. data/lib/brakeman/report.rb +39 -640
  20. data/lib/brakeman/report/ignore/config.rb +130 -0
  21. data/lib/brakeman/report/ignore/interactive.rb +311 -0
  22. data/lib/brakeman/report/renderer.rb +2 -0
  23. data/lib/brakeman/report/report_base.rb +279 -0
  24. data/lib/brakeman/report/report_csv.rb +56 -0
  25. data/lib/brakeman/report/report_hash.rb +22 -0
  26. data/lib/brakeman/report/report_html.rb +203 -0
  27. data/lib/brakeman/report/report_json.rb +46 -0
  28. data/lib/brakeman/report/report_table.rb +109 -0
  29. data/lib/brakeman/report/report_tabs.rb +17 -0
  30. data/lib/brakeman/report/templates/ignored_warnings.html.erb +21 -0
  31. data/lib/brakeman/report/templates/overview.html.erb +6 -0
  32. data/lib/brakeman/report/templates/security_warnings.html.erb +1 -1
  33. data/lib/brakeman/scanner.rb +14 -12
  34. data/lib/brakeman/tracker.rb +5 -1
  35. data/lib/brakeman/util.rb +2 -0
  36. data/lib/brakeman/version.rb +1 -1
  37. data/lib/ruby_parser/bm_sexp.rb +12 -1
  38. metadata +179 -90
  39. checksums.yaml +0 -7
@@ -0,0 +1,21 @@
1
+ <div onClick="toggle('ignored_table');"> <h2><%= warnings.length %> Ignored Warnings (click to see them)</h2 ></div>
2
+ <div>
3
+ <table style="display:none" id="ignored_table">
4
+ <tr>
5
+ <th>Confidence</th>
6
+ <th>File</th>
7
+ <th>Warning Type</th>
8
+ <th>Message</th>
9
+ <th>Note</th>
10
+ </tr>
11
+ <% warnings.each do |warning| %>
12
+ <tr>
13
+ <td><%= warning['Confidence']%></td>
14
+ <td><%= warning['File']%></td>
15
+ <td><%= warning['Warning Type']%></td>
16
+ <td><%= warning['Message']%></td>
17
+ <td><%= warning['Note']%></td>
18
+ </tr>
19
+ <% end %>
20
+ </table>
21
+ </div>
@@ -24,5 +24,11 @@
24
24
  <td>Security Warnings</td>
25
25
  <td><%= warnings %> <span class='high-confidence'>(<%= warnings_summary[:high_confidence] %>)</span></td>
26
26
  </tr>
27
+ <% if warnings_summary['Ignored Warnings'] %>
28
+ <tr>
29
+ <td>Ignored Warnings</td>
30
+ <td><%= ignored_warnings %></td>
31
+ </tr>
32
+ <% end %>
27
33
  </table>
28
34
  <br>
@@ -7,7 +7,7 @@
7
7
  <th>Warning Type</th>
8
8
  <th>Message</th>
9
9
  </tr>
10
- <% warning_messages.each do |warning| %>
10
+ <% warnings.each do |warning| %>
11
11
  <tr>
12
12
  <td><%= warning['Confidence']%></td>
13
13
  <td><%= warning['Class']%></td>
@@ -1,19 +1,11 @@
1
1
  require 'rubygems'
2
+
2
3
  begin
3
4
  require 'ruby_parser'
4
5
  require 'ruby_parser/bm_sexp.rb'
5
6
  require 'ruby_parser/bm_sexp_processor.rb'
6
-
7
- require 'haml'
8
- require 'sass'
9
- require 'erb'
10
- require 'erubis'
11
- require 'slim'
12
7
  require 'brakeman/processor'
13
8
  require 'brakeman/app_tree'
14
- require 'brakeman/parsers/rails2_erubis'
15
- require 'brakeman/parsers/rails2_xss_plugin_erubis'
16
- require 'brakeman/parsers/rails3_erubis'
17
9
  rescue LoadError => e
18
10
  $stderr.puts e.message
19
11
  $stderr.puts "Please install the appropriate dependency."
@@ -33,7 +25,7 @@ class Brakeman::Scanner
33
25
  @app_tree = Brakeman::AppTree.from_options(options)
34
26
 
35
27
  if !@app_tree.root || !@app_tree.exists?("app")
36
- raise NoApplication, "Please supply the path to a Rails application."
28
+ raise Brakeman::NoApplication, "Please supply the path to a Rails application."
37
29
  end
38
30
 
39
31
  if @app_tree.exists?("script/rails")
@@ -272,24 +264,33 @@ class Brakeman::Scanner
272
264
  if tracker.config[:escape_html]
273
265
  type = :erubis
274
266
  if options[:rails3]
267
+ require 'brakeman/parsers/rails3_erubis'
275
268
  src = Brakeman::Rails3Erubis.new(text).src
276
269
  else
270
+ require 'brakeman/parsers/rails2_xss_plugin_erubis'
277
271
  src = Brakeman::Rails2XSSPluginErubis.new(text).src
278
272
  end
279
273
  elsif tracker.config[:erubis]
274
+ require 'brakeman/parsers/rails2_erubis'
280
275
  type = :erubis
281
276
  src = Brakeman::ScannerErubis.new(text).src
282
277
  else
278
+ require 'erb'
283
279
  src = ERB.new(text, nil, "-").src
284
280
  src.sub!(/^#.*\n/, '') if RUBY_1_9
285
281
  end
286
282
 
287
283
  parsed = parse_ruby src
288
284
  elsif type == :haml
285
+ Brakeman.load_dependency 'haml'
286
+ Brakeman.load_dependency 'sass'
287
+
289
288
  src = Haml::Engine.new(text,
290
289
  :escape_html => !!tracker.config[:escape_html]).precompiled
291
290
  parsed = parse_ruby src
292
291
  elsif type == :slim
292
+ Brakeman.load_dependency 'slim'
293
+
293
294
  src = Slim::Template.new(:disable_capture => true,
294
295
  :generator => Temple::Generators::RailsOutputBuffer) { text }.precompiled_template
295
296
 
@@ -355,6 +356,7 @@ class Brakeman::Scanner
355
356
  def parse_ruby input
356
357
  @ruby_parser.new.parse input
357
358
  end
358
-
359
- class NoApplication < RuntimeError; end
360
359
  end
360
+
361
+ # This is to allow operation without loading the Haml library
362
+ module Haml; class Error < StandardError; end; end
@@ -10,7 +10,7 @@ class Brakeman::Tracker
10
10
  attr_accessor :controllers, :templates, :models, :errors,
11
11
  :checks, :initializers, :config, :routes, :processor, :libs,
12
12
  :template_cache, :options, :filter_cache, :start_time, :end_time,
13
- :duration
13
+ :duration, :ignored_filter
14
14
 
15
15
  #Place holder when there should be a model, but it is not
16
16
  #clear what model it will be.
@@ -152,6 +152,10 @@ class Brakeman::Tracker
152
152
  Brakeman::Report.new(@app_tree, self)
153
153
  end
154
154
 
155
+ def warnings
156
+ self.checks.all_warnings
157
+ end
158
+
155
159
  def index_call_sites
156
160
  finder = Brakeman::FindAllCalls.new self
157
161
 
@@ -385,6 +385,7 @@ module Brakeman::Util
385
385
 
386
386
  def truncate_table str
387
387
  @terminal_width ||= if $stdin && $stdin.tty?
388
+ Brakeman.load_dependency 'highline'
388
389
  ::HighLine.new.terminal_size[0]
389
390
  else
390
391
  80
@@ -402,6 +403,7 @@ module Brakeman::Util
402
403
 
403
404
  # rely on Terminal::Table to build the structure, extract the data out in CSV format
404
405
  def table_to_csv table
406
+ Brakeman.load_dependency 'terminal-table'
405
407
  output = CSV.generate_line(table.headings.cells.map{|cell| cell.to_s.strip})
406
408
  table.rows.each do |row|
407
409
  output << CSV.generate_line(row.cells.map{|cell| cell.to_s.strip})
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "2.0.0"
2
+ Version = "2.1.0"
3
3
  end
@@ -3,7 +3,7 @@
3
3
  #of a Sexp.
4
4
  class Sexp
5
5
  attr_reader :paren
6
- attr_accessor :original_line
6
+ attr_accessor :original_line, :or_depth
7
7
  ASSIGNMENT_BOOL = [:gasgn, :iasgn, :lasgn, :cvdecl, :cdecl, :or, :and, :colon2]
8
8
 
9
9
  def method_missing name, *args
@@ -67,6 +67,17 @@ class Sexp
67
67
  self[0] = type
68
68
  end
69
69
 
70
+ #Join self and exp into an :or Sexp.
71
+ #Sets or_depth.
72
+ #Used for combining "branched" values in AliasProcessor.
73
+ def combine exp, line = nil
74
+ combined = Sexp.new(:or, self, exp).line(line || -2)
75
+
76
+ combined.or_depth = [self.or_depth, exp.or_depth].compact.reduce(0, :+) + 1
77
+
78
+ combined
79
+ end
80
+
70
81
  alias :node_type :sexp_type
71
82
  alias :values :sexp_body # TODO: retire
72
83
 
metadata CHANGED
@@ -1,7 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ hash: 11
5
+ prerelease:
6
+ segments:
7
+ - 2
8
+ - 1
9
+ - 0
10
+ version: 2.1.0
5
11
  platform: ruby
6
12
  authors:
7
13
  - Justin Collins
@@ -9,25 +15,37 @@ autorequire:
9
15
  bindir: bin
10
16
  cert_chain: []
11
17
 
12
- date: 2013-05-20 00:00:00 Z
18
+ date: 2013-07-17 00:00:00 Z
13
19
  dependencies:
14
20
  - !ruby/object:Gem::Dependency
15
21
  name: ruby_parser
16
22
  prerelease: false
17
23
  requirement: &id001 !ruby/object:Gem::Requirement
24
+ none: false
18
25
  requirements:
19
26
  - - ~>
20
27
  - !ruby/object:Gem::Version
21
- version: 3.1.1
28
+ hash: 11
29
+ segments:
30
+ - 3
31
+ - 2
32
+ - 2
33
+ version: 3.2.2
22
34
  type: :runtime
23
35
  version_requirements: *id001
24
36
  - !ruby/object:Gem::Dependency
25
37
  name: ruby2ruby
26
38
  prerelease: false
27
39
  requirement: &id002 !ruby/object:Gem::Requirement
40
+ none: false
28
41
  requirements:
29
42
  - - ~>
30
43
  - !ruby/object:Gem::Version
44
+ hash: 5
45
+ segments:
46
+ - 2
47
+ - 0
48
+ - 5
31
49
  version: 2.0.5
32
50
  type: :runtime
33
51
  version_requirements: *id002
@@ -35,9 +53,14 @@ dependencies:
35
53
  name: terminal-table
36
54
  prerelease: false
37
55
  requirement: &id003 !ruby/object:Gem::Requirement
56
+ none: false
38
57
  requirements:
39
58
  - - ~>
40
59
  - !ruby/object:Gem::Version
60
+ hash: 7
61
+ segments:
62
+ - 1
63
+ - 4
41
64
  version: "1.4"
42
65
  type: :runtime
43
66
  version_requirements: *id003
@@ -45,9 +68,14 @@ dependencies:
45
68
  name: fastercsv
46
69
  prerelease: false
47
70
  requirement: &id004 !ruby/object:Gem::Requirement
71
+ none: false
48
72
  requirements:
49
73
  - - ~>
50
74
  - !ruby/object:Gem::Version
75
+ hash: 5
76
+ segments:
77
+ - 1
78
+ - 5
51
79
  version: "1.5"
52
80
  type: :runtime
53
81
  version_requirements: *id004
@@ -55,9 +83,15 @@ dependencies:
55
83
  name: highline
56
84
  prerelease: false
57
85
  requirement: &id005 !ruby/object:Gem::Requirement
86
+ none: false
58
87
  requirements:
59
88
  - - ~>
60
89
  - !ruby/object:Gem::Version
90
+ hash: 41
91
+ segments:
92
+ - 1
93
+ - 6
94
+ - 19
61
95
  version: 1.6.19
62
96
  type: :runtime
63
97
  version_requirements: *id005
@@ -65,9 +99,14 @@ dependencies:
65
99
  name: erubis
66
100
  prerelease: false
67
101
  requirement: &id006 !ruby/object:Gem::Requirement
102
+ none: false
68
103
  requirements:
69
104
  - - ~>
70
105
  - !ruby/object:Gem::Version
106
+ hash: 15
107
+ segments:
108
+ - 2
109
+ - 6
71
110
  version: "2.6"
72
111
  type: :runtime
73
112
  version_requirements: *id006
@@ -75,12 +114,21 @@ dependencies:
75
114
  name: haml
76
115
  prerelease: false
77
116
  requirement: &id007 !ruby/object:Gem::Requirement
117
+ none: false
78
118
  requirements:
79
119
  - - ">="
80
120
  - !ruby/object:Gem::Version
121
+ hash: 7
122
+ segments:
123
+ - 3
124
+ - 0
81
125
  version: "3.0"
82
126
  - - <
83
127
  - !ruby/object:Gem::Version
128
+ hash: 31
129
+ segments:
130
+ - 5
131
+ - 0
84
132
  version: "5.0"
85
133
  type: :runtime
86
134
  version_requirements: *id007
@@ -88,9 +136,14 @@ dependencies:
88
136
  name: sass
89
137
  prerelease: false
90
138
  requirement: &id008 !ruby/object:Gem::Requirement
139
+ none: false
91
140
  requirements:
92
141
  - - ~>
93
142
  - !ruby/object:Gem::Version
143
+ hash: 7
144
+ segments:
145
+ - 3
146
+ - 0
94
147
  version: "3.0"
95
148
  type: :runtime
96
149
  version_requirements: *id008
@@ -98,19 +151,37 @@ dependencies:
98
151
  name: slim
99
152
  prerelease: false
100
153
  requirement: &id009 !ruby/object:Gem::Requirement
154
+ none: false
101
155
  requirements:
102
- - - ~>
156
+ - - ">="
103
157
  - !ruby/object:Gem::Version
158
+ hash: 23
159
+ segments:
160
+ - 1
161
+ - 3
162
+ - 6
104
163
  version: 1.3.6
164
+ - - <
165
+ - !ruby/object:Gem::Version
166
+ hash: 7
167
+ segments:
168
+ - 3
169
+ - 0
170
+ version: "3.0"
105
171
  type: :runtime
106
172
  version_requirements: *id009
107
173
  - !ruby/object:Gem::Dependency
108
174
  name: multi_json
109
175
  prerelease: false
110
176
  requirement: &id010 !ruby/object:Gem::Requirement
177
+ none: false
111
178
  requirements:
112
179
  - - ~>
113
180
  - !ruby/object:Gem::Version
181
+ hash: 11
182
+ segments:
183
+ - 1
184
+ - 2
114
185
  version: "1.2"
115
186
  type: :runtime
116
187
  version_requirements: *id010
@@ -128,135 +199,153 @@ files:
128
199
  - WARNING_TYPES
129
200
  - FEATURES
130
201
  - README.md
131
- - lib/brakeman/version.rb
132
- - lib/brakeman/differ.rb
133
- - lib/brakeman/util.rb
202
+ - lib/brakeman/app_tree.rb
134
203
  - lib/brakeman/brakeman.rake
135
204
  - lib/brakeman/call_index.rb
136
- - lib/brakeman/report/renderer.rb
137
- - lib/brakeman/report/templates/controller_overview.html.erb
138
- - lib/brakeman/report/templates/model_warnings.html.erb
139
- - lib/brakeman/report/templates/template_overview.html.erb
140
- - lib/brakeman/report/templates/view_warnings.html.erb
141
- - lib/brakeman/report/templates/overview.html.erb
142
- - lib/brakeman/report/templates/controller_warnings.html.erb
143
- - lib/brakeman/report/templates/header.html.erb
144
- - lib/brakeman/report/templates/error_overview.html.erb
145
- - lib/brakeman/report/templates/security_warnings.html.erb
146
- - lib/brakeman/report/templates/warning_overview.html.erb
147
- - lib/brakeman/report/initializers/faster_csv.rb
148
- - lib/brakeman/report/initializers/multi_json.rb
149
- - lib/brakeman/tracker.rb
150
- - lib/brakeman/report.rb
151
- - lib/brakeman/scanner.rb
152
- - lib/brakeman/processor.rb
153
- - lib/brakeman/format/style.css
154
- - lib/brakeman/warning_codes.rb
155
- - lib/brakeman/app_tree.rb
156
- - lib/brakeman/checks/check_select_vulnerability.rb
157
- - lib/brakeman/checks/check_escape_function.rb
158
- - lib/brakeman/checks/check_single_quotes.rb
159
- - lib/brakeman/checks/check_model_serialize.rb
205
+ - lib/brakeman/checks/base_check.rb
160
206
  - lib/brakeman/checks/check_basic_auth.rb
161
- - lib/brakeman/checks/check_safe_buffer_manipulation.rb
162
- - lib/brakeman/checks/check_forgery_setting.rb
163
- - lib/brakeman/checks/check_session_settings.rb
164
- - lib/brakeman/checks/check_model_attributes.rb
165
- - lib/brakeman/checks/check_redirect.rb
166
- - lib/brakeman/checks/check_yaml_parsing.rb
167
- - lib/brakeman/checks/check_skip_before_filter.rb
168
- - lib/brakeman/checks/check_response_splitting.rb
169
- - lib/brakeman/checks/check_mail_to.rb
170
207
  - lib/brakeman/checks/check_content_tag.rb
171
- - lib/brakeman/checks/check_unsafe_reflection.rb
172
- - lib/brakeman/checks/check_sql.rb
173
- - lib/brakeman/checks/check_select_tag.rb
174
- - lib/brakeman/checks/check_mass_assignment.rb
175
- - lib/brakeman/checks/check_link_to_href.rb
176
- - lib/brakeman/checks/check_filter_skipping.rb
177
- - lib/brakeman/checks/check_symbol_dos.rb
178
- - lib/brakeman/checks/check_sanitize_methods.rb
179
- - lib/brakeman/checks/check_file_access.rb
208
+ - lib/brakeman/checks/check_cross_site_scripting.rb
209
+ - lib/brakeman/checks/check_default_routes.rb
180
210
  - lib/brakeman/checks/check_deserialize.rb
181
- - lib/brakeman/checks/base_check.rb
182
- - lib/brakeman/checks/check_validation_regex.rb
183
- - lib/brakeman/checks/check_evaluation.rb
184
211
  - lib/brakeman/checks/check_digest_dos.rb
185
- - lib/brakeman/checks/check_render.rb
186
- - lib/brakeman/checks/check_send_file.rb
187
- - lib/brakeman/checks/check_json_parsing.rb
212
+ - lib/brakeman/checks/check_escape_function.rb
213
+ - lib/brakeman/checks/check_evaluation.rb
188
214
  - lib/brakeman/checks/check_execute.rb
189
- - lib/brakeman/checks/check_translate_bug.rb
215
+ - lib/brakeman/checks/check_file_access.rb
216
+ - lib/brakeman/checks/check_filter_skipping.rb
217
+ - lib/brakeman/checks/check_forgery_setting.rb
190
218
  - lib/brakeman/checks/check_jruby_xml.rb
191
- - lib/brakeman/checks/check_default_routes.rb
219
+ - lib/brakeman/checks/check_json_parsing.rb
192
220
  - lib/brakeman/checks/check_link_to.rb
221
+ - lib/brakeman/checks/check_link_to_href.rb
222
+ - lib/brakeman/checks/check_mail_to.rb
223
+ - lib/brakeman/checks/check_mass_assignment.rb
224
+ - lib/brakeman/checks/check_model_attr_accessible.rb
225
+ - lib/brakeman/checks/check_model_attributes.rb
226
+ - lib/brakeman/checks/check_model_serialize.rb
227
+ - lib/brakeman/checks/check_nested_attributes.rb
193
228
  - lib/brakeman/checks/check_quote_table_name.rb
229
+ - lib/brakeman/checks/check_redirect.rb
230
+ - lib/brakeman/checks/check_render.rb
231
+ - lib/brakeman/checks/check_response_splitting.rb
232
+ - lib/brakeman/checks/check_safe_buffer_manipulation.rb
233
+ - lib/brakeman/checks/check_sanitize_methods.rb
234
+ - lib/brakeman/checks/check_select_tag.rb
235
+ - lib/brakeman/checks/check_select_vulnerability.rb
194
236
  - lib/brakeman/checks/check_send.rb
195
- - lib/brakeman/checks/check_cross_site_scripting.rb
237
+ - lib/brakeman/checks/check_send_file.rb
238
+ - lib/brakeman/checks/check_session_settings.rb
239
+ - lib/brakeman/checks/check_single_quotes.rb
240
+ - lib/brakeman/checks/check_skip_before_filter.rb
241
+ - lib/brakeman/checks/check_sql.rb
196
242
  - lib/brakeman/checks/check_strip_tags.rb
197
- - lib/brakeman/checks/check_nested_attributes.rb
243
+ - lib/brakeman/checks/check_symbol_dos.rb
244
+ - lib/brakeman/checks/check_translate_bug.rb
245
+ - lib/brakeman/checks/check_unsafe_reflection.rb
246
+ - lib/brakeman/checks/check_validation_regex.rb
198
247
  - lib/brakeman/checks/check_without_protection.rb
248
+ - lib/brakeman/checks/check_yaml_parsing.rb
199
249
  - lib/brakeman/checks.rb
250
+ - lib/brakeman/differ.rb
251
+ - lib/brakeman/format/style.css
252
+ - lib/brakeman/options.rb
253
+ - lib/brakeman/parsers/rails2_erubis.rb
254
+ - lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
255
+ - lib/brakeman/parsers/rails3_erubis.rb
256
+ - lib/brakeman/processor.rb
257
+ - lib/brakeman/processors/alias_processor.rb
258
+ - lib/brakeman/processors/base_processor.rb
259
+ - lib/brakeman/processors/config_processor.rb
200
260
  - lib/brakeman/processors/controller_alias_processor.rb
261
+ - lib/brakeman/processors/controller_processor.rb
262
+ - lib/brakeman/processors/erb_template_processor.rb
263
+ - lib/brakeman/processors/erubis_template_processor.rb
264
+ - lib/brakeman/processors/gem_processor.rb
265
+ - lib/brakeman/processors/haml_template_processor.rb
266
+ - lib/brakeman/processors/lib/find_all_calls.rb
267
+ - lib/brakeman/processors/lib/find_call.rb
201
268
  - lib/brakeman/processors/lib/find_return_value.rb
202
- - lib/brakeman/processors/lib/route_helper.rb
203
- - lib/brakeman/processors/lib/rails2_route_processor.rb
204
- - lib/brakeman/processors/lib/render_helper.rb
205
- - lib/brakeman/processors/lib/rails2_config_processor.rb
206
- - lib/brakeman/processors/lib/rails3_route_processor.rb
207
269
  - lib/brakeman/processors/lib/processor_helper.rb
270
+ - lib/brakeman/processors/lib/rails2_config_processor.rb
271
+ - lib/brakeman/processors/lib/rails2_route_processor.rb
208
272
  - lib/brakeman/processors/lib/rails3_config_processor.rb
209
- - lib/brakeman/processors/lib/find_all_calls.rb
210
- - lib/brakeman/processors/lib/find_call.rb
211
- - lib/brakeman/processors/template_alias_processor.rb
273
+ - lib/brakeman/processors/lib/rails3_route_processor.rb
274
+ - lib/brakeman/processors/lib/render_helper.rb
275
+ - lib/brakeman/processors/lib/route_helper.rb
276
+ - lib/brakeman/processors/library_processor.rb
212
277
  - lib/brakeman/processors/model_processor.rb
213
278
  - lib/brakeman/processors/output_processor.rb
214
- - lib/brakeman/processors/library_processor.rb
215
- - lib/brakeman/processors/erb_template_processor.rb
216
- - lib/brakeman/processors/template_processor.rb
217
- - lib/brakeman/processors/alias_processor.rb
218
- - lib/brakeman/processors/config_processor.rb
219
- - lib/brakeman/processors/gem_processor.rb
220
- - lib/brakeman/processors/erubis_template_processor.rb
221
279
  - lib/brakeman/processors/route_processor.rb
222
- - lib/brakeman/processors/controller_processor.rb
223
280
  - lib/brakeman/processors/slim_template_processor.rb
224
- - lib/brakeman/processors/haml_template_processor.rb
225
- - lib/brakeman/processors/base_processor.rb
226
- - lib/brakeman/warning.rb
227
- - lib/brakeman/options.rb
281
+ - lib/brakeman/processors/template_alias_processor.rb
282
+ - lib/brakeman/processors/template_processor.rb
283
+ - lib/brakeman/report/ignore/config.rb
284
+ - lib/brakeman/report/ignore/interactive.rb
285
+ - lib/brakeman/report/initializers/faster_csv.rb
286
+ - lib/brakeman/report/initializers/multi_json.rb
287
+ - lib/brakeman/report/renderer.rb
288
+ - lib/brakeman/report/report_base.rb
289
+ - lib/brakeman/report/report_csv.rb
290
+ - lib/brakeman/report/report_hash.rb
291
+ - lib/brakeman/report/report_html.rb
292
+ - lib/brakeman/report/report_json.rb
293
+ - lib/brakeman/report/report_table.rb
294
+ - lib/brakeman/report/report_tabs.rb
295
+ - lib/brakeman/report/templates/controller_overview.html.erb
296
+ - lib/brakeman/report/templates/controller_warnings.html.erb
297
+ - lib/brakeman/report/templates/error_overview.html.erb
298
+ - lib/brakeman/report/templates/header.html.erb
299
+ - lib/brakeman/report/templates/ignored_warnings.html.erb
300
+ - lib/brakeman/report/templates/model_warnings.html.erb
301
+ - lib/brakeman/report/templates/overview.html.erb
302
+ - lib/brakeman/report/templates/security_warnings.html.erb
303
+ - lib/brakeman/report/templates/template_overview.html.erb
304
+ - lib/brakeman/report/templates/view_warnings.html.erb
305
+ - lib/brakeman/report/templates/warning_overview.html.erb
306
+ - lib/brakeman/report.rb
228
307
  - lib/brakeman/rescanner.rb
229
- - lib/brakeman/parsers/rails2_erubis.rb
230
- - lib/brakeman/parsers/rails3_erubis.rb
231
- - lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
308
+ - lib/brakeman/scanner.rb
309
+ - lib/brakeman/tracker.rb
310
+ - lib/brakeman/util.rb
311
+ - lib/brakeman/version.rb
312
+ - lib/brakeman/warning.rb
313
+ - lib/brakeman/warning_codes.rb
314
+ - lib/brakeman.rb
232
315
  - lib/ruby_parser/bm_sexp.rb
233
316
  - lib/ruby_parser/bm_sexp_processor.rb
234
- - lib/brakeman.rb
235
317
  homepage: http://brakemanscanner.org
236
318
  licenses:
237
319
  - MIT
238
- metadata: {}
239
-
240
320
  post_install_message:
241
321
  rdoc_options: []
242
322
 
243
323
  require_paths:
244
324
  - lib
245
325
  required_ruby_version: !ruby/object:Gem::Requirement
326
+ none: false
246
327
  requirements:
247
- - &id011
248
- - ">="
328
+ - - ">="
249
329
  - !ruby/object:Gem::Version
330
+ hash: 3
331
+ segments:
332
+ - 0
250
333
  version: "0"
251
334
  required_rubygems_version: !ruby/object:Gem::Requirement
335
+ none: false
252
336
  requirements:
253
- - *id011
337
+ - - ">="
338
+ - !ruby/object:Gem::Version
339
+ hash: 3
340
+ segments:
341
+ - 0
342
+ version: "0"
254
343
  requirements: []
255
344
 
256
345
  rubyforge_project:
257
- rubygems_version: 2.0.0
346
+ rubygems_version: 1.8.25
258
347
  signing_key:
259
- specification_version: 4
348
+ specification_version: 3
260
349
  summary: Security vulnerability scanner for Ruby on Rails.
261
350
  test_files: []
262
351