brakeman 3.0.5 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (94) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES +19 -0
  3. data/README.md +3 -13
  4. data/lib/brakeman.rb +3 -0
  5. data/lib/brakeman/checks/base_check.rb +19 -47
  6. data/lib/brakeman/checks/check_basic_auth.rb +3 -3
  7. data/lib/brakeman/checks/check_cross_site_scripting.rb +26 -12
  8. data/lib/brakeman/checks/check_default_routes.rb +1 -1
  9. data/lib/brakeman/checks/check_detailed_exceptions.rb +2 -2
  10. data/lib/brakeman/checks/check_evaluation.rb +3 -0
  11. data/lib/brakeman/checks/check_execute.rb +3 -3
  12. data/lib/brakeman/checks/check_file_disclosure.rb +2 -2
  13. data/lib/brakeman/checks/check_forgery_setting.rb +9 -12
  14. data/lib/brakeman/checks/check_header_dos.rb +1 -1
  15. data/lib/brakeman/checks/check_i18n_xss.rb +2 -2
  16. data/lib/brakeman/checks/check_jruby_xml.rb +1 -1
  17. data/lib/brakeman/checks/check_json_encoding.rb +1 -1
  18. data/lib/brakeman/checks/check_json_parsing.rb +3 -3
  19. data/lib/brakeman/checks/check_link_to.rb +1 -1
  20. data/lib/brakeman/checks/check_link_to_href.rb +9 -2
  21. data/lib/brakeman/checks/check_mass_assignment.rb +5 -2
  22. data/lib/brakeman/checks/check_model_attr_accessible.rb +4 -4
  23. data/lib/brakeman/checks/check_model_attributes.rb +7 -7
  24. data/lib/brakeman/checks/check_model_serialize.rb +6 -6
  25. data/lib/brakeman/checks/check_nested_attributes.rb +2 -2
  26. data/lib/brakeman/checks/check_number_to_currency.rb +2 -2
  27. data/lib/brakeman/checks/check_quote_table_name.rb +1 -1
  28. data/lib/brakeman/checks/check_redirect.rb +2 -10
  29. data/lib/brakeman/checks/check_render.rb +1 -1
  30. data/lib/brakeman/checks/check_render_dos.rb +1 -1
  31. data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +1 -1
  32. data/lib/brakeman/checks/check_sanitize_methods.rb +1 -1
  33. data/lib/brakeman/checks/check_select_tag.rb +1 -1
  34. data/lib/brakeman/checks/check_select_vulnerability.rb +2 -2
  35. data/lib/brakeman/checks/check_session_settings.rb +1 -2
  36. data/lib/brakeman/checks/check_simple_format.rb +2 -2
  37. data/lib/brakeman/checks/check_single_quotes.rb +3 -3
  38. data/lib/brakeman/checks/check_skip_before_filter.rb +5 -7
  39. data/lib/brakeman/checks/check_sql.rb +10 -14
  40. data/lib/brakeman/checks/check_sql_cves.rb +4 -4
  41. data/lib/brakeman/checks/check_ssl_verify.rb +27 -9
  42. data/lib/brakeman/checks/check_strip_tags.rb +5 -5
  43. data/lib/brakeman/checks/check_symbol_dos_cve.rb +1 -1
  44. data/lib/brakeman/checks/check_translate_bug.rb +3 -4
  45. data/lib/brakeman/checks/check_unscoped_find.rb +1 -1
  46. data/lib/brakeman/checks/check_validation_regex.rb +2 -2
  47. data/lib/brakeman/checks/check_xml_dos.rb +1 -1
  48. data/lib/brakeman/checks/check_yaml_parsing.rb +1 -1
  49. data/lib/brakeman/file_parser.rb +1 -0
  50. data/lib/brakeman/parsers/template_parser.rb +6 -5
  51. data/lib/brakeman/processor.rb +7 -7
  52. data/lib/brakeman/processors/alias_processor.rb +30 -12
  53. data/lib/brakeman/processors/base_processor.rb +4 -8
  54. data/lib/brakeman/processors/controller_alias_processor.rb +33 -132
  55. data/lib/brakeman/processors/controller_processor.rb +29 -53
  56. data/lib/brakeman/processors/erb_template_processor.rb +4 -6
  57. data/lib/brakeman/processors/erubis_template_processor.rb +8 -11
  58. data/lib/brakeman/processors/gem_processor.rb +19 -35
  59. data/lib/brakeman/processors/haml_template_processor.rb +10 -12
  60. data/lib/brakeman/processors/lib/find_all_calls.rb +3 -5
  61. data/lib/brakeman/processors/lib/find_call.rb +2 -2
  62. data/lib/brakeman/processors/lib/find_return_value.rb +1 -1
  63. data/lib/brakeman/processors/lib/rails2_config_processor.rb +7 -8
  64. data/lib/brakeman/processors/lib/rails3_config_processor.rb +6 -7
  65. data/lib/brakeman/processors/lib/render_helper.rb +15 -14
  66. data/lib/brakeman/processors/lib/render_path.rb +11 -5
  67. data/lib/brakeman/processors/library_processor.rb +13 -35
  68. data/lib/brakeman/processors/model_processor.rb +22 -64
  69. data/lib/brakeman/processors/output_processor.rb +1 -37
  70. data/lib/brakeman/processors/slim_template_processor.rb +6 -8
  71. data/lib/brakeman/processors/template_alias_processor.rb +9 -9
  72. data/lib/brakeman/processors/template_processor.rb +5 -9
  73. data/lib/brakeman/report/report_base.rb +7 -7
  74. data/lib/brakeman/report/report_html.rb +5 -7
  75. data/lib/brakeman/report/report_markdown.rb +4 -6
  76. data/lib/brakeman/report/report_table.rb +4 -6
  77. data/lib/brakeman/rescanner.rb +29 -31
  78. data/lib/brakeman/scanner.rb +17 -8
  79. data/lib/brakeman/tracker.rb +24 -34
  80. data/lib/brakeman/tracker/collection.rb +77 -0
  81. data/lib/brakeman/tracker/config.rb +93 -0
  82. data/lib/brakeman/tracker/controller.rb +161 -0
  83. data/lib/brakeman/tracker/library.rb +17 -0
  84. data/lib/brakeman/tracker/model.rb +90 -0
  85. data/lib/brakeman/tracker/template.rb +33 -0
  86. data/lib/brakeman/util.rb +17 -9
  87. data/lib/brakeman/version.rb +1 -1
  88. data/lib/brakeman/warning.rb +8 -9
  89. data/lib/ruby_parser/bm_sexp.rb +16 -16
  90. data/lib/ruby_parser/bm_sexp_processor.rb +1 -120
  91. metadata +42 -31
  92. checksums.yaml.gz.sig +0 -1
  93. data.tar.gz.sig +0 -0
  94. metadata.gz.sig +0 -0
checksums.yaml.gz.sig DELETED
@@ -1 +0,0 @@
1
- l���.����nT7ٝ�t�x v�1����;͸_*�(��m���w:��V�̼���_N]I(�/�U�,V~�"4e��d1x�Wl���Q���y�^�h��V��1�-���ٵ;(@`���� �U���H�z3foFD��73������:�ɢih��X��QX+�Rɕ�g�A�7 �%F��~d���":�6k��`�;?��1���x�Yfz��_��kܕ��]�쯔?埅�>U����;Eȯ
data.tar.gz.sig DELETED
Binary file
metadata.gz.sig DELETED
Binary file