brakeman 2.6.3 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (61) hide show
  1. checksums.yaml +5 -13
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/CHANGES +19 -0
  5. data/bin/brakeman +1 -1
  6. data/lib/brakeman.rb +4 -2
  7. data/lib/brakeman/app_tree.rb +1 -1
  8. data/lib/brakeman/checks/base_check.rb +9 -7
  9. data/lib/brakeman/checks/check_create_with.rb +1 -1
  10. data/lib/brakeman/checks/check_cross_site_scripting.rb +46 -42
  11. data/lib/brakeman/checks/check_digest_dos.rb +1 -1
  12. data/lib/brakeman/checks/check_escape_function.rb +3 -3
  13. data/lib/brakeman/checks/check_file_disclosure.rb +35 -0
  14. data/lib/brakeman/checks/check_filter_skipping.rb +1 -1
  15. data/lib/brakeman/checks/check_forgery_setting.rb +2 -2
  16. data/lib/brakeman/checks/check_header_dos.rb +1 -1
  17. data/lib/brakeman/checks/check_i18n_xss.rb +2 -3
  18. data/lib/brakeman/checks/check_jruby_xml.rb +1 -1
  19. data/lib/brakeman/checks/check_json_parsing.rb +9 -4
  20. data/lib/brakeman/checks/check_mail_to.rb +1 -1
  21. data/lib/brakeman/checks/check_nested_attributes.rb +1 -1
  22. data/lib/brakeman/checks/check_number_to_currency.rb +1 -1
  23. data/lib/brakeman/checks/check_quote_table_name.rb +1 -1
  24. data/lib/brakeman/checks/check_render.rb +3 -3
  25. data/lib/brakeman/checks/check_render_dos.rb +1 -1
  26. data/lib/brakeman/checks/check_render_inline.rb +42 -0
  27. data/lib/brakeman/checks/check_response_splitting.rb +1 -1
  28. data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +1 -1
  29. data/lib/brakeman/checks/check_simple_format.rb +2 -2
  30. data/lib/brakeman/checks/check_single_quotes.rb +1 -1
  31. data/lib/brakeman/checks/check_skip_before_filter.rb +1 -1
  32. data/lib/brakeman/checks/check_sql_cves.rb +2 -2
  33. data/lib/brakeman/checks/check_strip_tags.rb +2 -2
  34. data/lib/brakeman/checks/check_symbol_dos.rb +2 -23
  35. data/lib/brakeman/checks/check_symbol_dos_cve.rb +30 -0
  36. data/lib/brakeman/checks/check_translate_bug.rb +1 -1
  37. data/lib/brakeman/checks/check_yaml_parsing.rb +2 -2
  38. data/lib/brakeman/options.rb +6 -2
  39. data/lib/brakeman/parsers/rails3_erubis.rb +2 -2
  40. data/lib/brakeman/processors/alias_processor.rb +54 -1
  41. data/lib/brakeman/processors/base_processor.rb +0 -8
  42. data/lib/brakeman/processors/controller_alias_processor.rb +40 -2
  43. data/lib/brakeman/processors/controller_processor.rb +5 -3
  44. data/lib/brakeman/processors/gem_processor.rb +13 -9
  45. data/lib/brakeman/processors/lib/basic_processor.rb +17 -0
  46. data/lib/brakeman/processors/lib/find_all_calls.rb +2 -2
  47. data/lib/brakeman/processors/lib/find_call.rb +2 -2
  48. data/lib/brakeman/processors/lib/processor_helper.rb +9 -0
  49. data/lib/brakeman/processors/lib/rails2_config_processor.rb +3 -1
  50. data/lib/brakeman/processors/lib/rails2_route_processor.rb +3 -3
  51. data/lib/brakeman/processors/lib/rails3_config_processor.rb +4 -1
  52. data/lib/brakeman/processors/lib/rails3_route_processor.rb +4 -2
  53. data/lib/brakeman/processors/output_processor.rb +1 -7
  54. data/lib/brakeman/report/report_json.rb +1 -1
  55. data/lib/brakeman/tracker.rb +7 -1
  56. data/lib/brakeman/version.rb +1 -1
  57. data/lib/brakeman/warning.rb +15 -1
  58. data/lib/brakeman/warning_codes.rb +3 -0
  59. data/lib/ruby_parser/bm_sexp.rb +17 -5
  60. metadata +55 -56
  61. metadata.gz.sig +0 -0
metadata.gz.sig CHANGED
Binary file