brakeman 2.5.0 → 2.6.0

data/lib/brakeman/tracker.rb

@@ -37,7 +37,8 @@ class Brakeman::Tracker
         :public => {},
         :private => {},
         :protected => {},
-        :options => {} } }
+        :options => {},
+        :files => [] } }
     @routes = {}
     @initializers = {}
     @errors = []
@@ -82,11 +83,12 @@ class Brakeman::Tracker
       set.each do |set_name, info|
         [:private, :public, :protected].each do |visibility|
           info[visibility].each do |method_name, definition|
-            if definition.node_type == :selfdef
-              method_name = "#{definition[1]}.#{method_name}"
+            src = definition[:src]
+            if src.node_type == :selfdef
+              method_name = "#{src[1]}.#{method_name}"
             end
 
-            yield definition, set_name, method_name, info[:file]
+            yield src, set_name, method_name, definition[:file]
 
           end
         end
@@ -218,11 +220,12 @@ class Brakeman::Tracker
       set.each do |set_name, info|
         [:private, :public, :protected].each do |visibility|
           info[visibility].each do |method_name, definition|
-            if definition.node_type == :selfdef
-              method_name = "#{definition[1]}.#{method_name}"
+            src = definition[:src]
+            if src.node_type == :selfdef
+              method_name = "#{src[1]}.#{method_name}"
             end
 
-            finder.process_source definition, :class => set_name, :method => method_name, :file => info[:file]
+            finder.process_source src, :class => set_name, :method => method_name, :file => definition[:file]
 
           end
         end
@@ -268,7 +271,7 @@ class Brakeman::Tracker
     model_name = nil
 
     @models.each do |name, model|
-      if model[:file] == path
+      if model[:files].include?(path)
         model_name = name
         break
       end
@@ -277,10 +280,27 @@ class Brakeman::Tracker
     @models.delete model_name
   end
 
+  #Clear information related to model
+  def reset_lib path
+    lib_name = nil
+
+    @libs.each do |name, lib|
+      if lib[:files].include?(path)
+        lib_name = name
+        break
+      end
+    end
+
+    @libs.delete lib_name
+  end
+
   def reset_controller path
+    controller_name = nil
+
     #Remove from controller
-    @controllers.delete_if do |name, controller|
-      if controller[:file] == path
+    @controllers.each do |name, controller|
+      if controller[:files].include?(path)
+        controller_name = name
         template_matcher = /^#{name}#/
 
         #Remove templates rendered from this controller
@@ -293,10 +313,10 @@ class Brakeman::Tracker
 
         #Remove calls indexed from this controller
         @call_index.remove_indexes_by_class [name]
-
-        true
+        break
       end
     end
+    @controllers.delete controller_name
   end
 
   #Clear information about routes

data/lib/brakeman/util.rb

@@ -318,14 +318,14 @@ module Brakeman::Util
 
     case type
     when :controller
-      if tracker.controllers[name] and tracker.controllers[name][:file]
-        path = tracker.controllers[name][:file]
+      if tracker.controllers[name] and tracker.controllers[name][:files]
+        path = tracker.controllers[name][:files].first
       else
         path += "/app/controllers/#{underscore(string_name)}.rb"
       end
     when :model
-      if tracker.models[name] and tracker.models[name][:file]
-        path = tracker.models[name][:file]
+      if tracker.models[name] and tracker.models[name][:files]
+        path = tracker.models[name][:files].first
       else
         path += "/app/models/#{underscore(string_name)}.rb"
       end
@@ -383,6 +383,15 @@ module Brakeman::Util
     end
   end
 
+  #Convert path/filename to view name
+  #
+  # views/test/something.html.erb -> test/something
+  def template_path_to_name path
+    names = path.split("/")
+    names.last.gsub!(/(\.(html|js)\..*|\.rhtml)$/, '')
+    names[(names.index("views") + 1)..-1].join("/").to_sym
+  end
+
   def github_url file, line=nil
     if repo_url = @tracker.options[:github_url] and file and not file.empty? and file.start_with? '/'
       url = "#{repo_url}/#{relative_path(file)}"

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "2.5.0"
+  Version = "2.6.0"
 end

data/lib/brakeman/warning_codes.rb

@@ -76,7 +76,8 @@ module Brakeman::WarningCodes
     :CVE_2014_0081 => 73,
     :CVE_2014_0081_call => 74,
     :CVE_2014_0082 => 75,
-    :regex_dos => 76
+    :regex_dos => 76,
+    :CVE_2014_0130 => 77,
   }
 
   def self.code name

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: brakeman
 version: !ruby/object:Gem::Version
-  version: 2.5.0
+  version: 2.6.0
 platform: ruby
 authors:
 - Justin Collins
@@ -35,7 +35,7 @@ cert_chain:
   Q0c3bUZaNnhnaDAxZXFuWlVzTmQ4dk0rNlY2djIzVnUKamsydE1qRlQ0TDFk
   QTNNRXN6MytNUDE0NFBEaFBDaDd0UGU2eXk4MUJPdnlZVFZrS3pyQWtnS3dI
   RDFDdXZzSApiZHc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-date: 2014-04-30 00:00:00.000000000 Z
+date: 2014-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby_parser
@@ -43,14 +43,14 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 3.4.0
+        version: 3.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 3.4.0
+        version: 3.5.0
 - !ruby/object:Gem::Dependency
   name: ruby2ruby
   requirement: !ruby/object:Gem::Requirement
@@ -261,11 +261,13 @@ files:
 - lib/brakeman/checks/check_without_protection.rb
 - lib/brakeman/checks/check_yaml_parsing.rb
 - lib/brakeman/differ.rb
+- lib/brakeman/file_parser.rb
 - lib/brakeman/format/style.css
 - lib/brakeman/options.rb
 - lib/brakeman/parsers/rails2_erubis.rb
 - lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
 - lib/brakeman/parsers/rails3_erubis.rb
+- lib/brakeman/parsers/template_parser.rb
 - lib/brakeman/processor.rb
 - lib/brakeman/processors/alias_processor.rb
 - lib/brakeman/processors/base_processor.rb