brakeman 3.0.5 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES +19 -0
- data/README.md +3 -13
- data/lib/brakeman.rb +3 -0
- data/lib/brakeman/checks/base_check.rb +19 -47
- data/lib/brakeman/checks/check_basic_auth.rb +3 -3
- data/lib/brakeman/checks/check_cross_site_scripting.rb +26 -12
- data/lib/brakeman/checks/check_default_routes.rb +1 -1
- data/lib/brakeman/checks/check_detailed_exceptions.rb +2 -2
- data/lib/brakeman/checks/check_evaluation.rb +3 -0
- data/lib/brakeman/checks/check_execute.rb +3 -3
- data/lib/brakeman/checks/check_file_disclosure.rb +2 -2
- data/lib/brakeman/checks/check_forgery_setting.rb +9 -12
- data/lib/brakeman/checks/check_header_dos.rb +1 -1
- data/lib/brakeman/checks/check_i18n_xss.rb +2 -2
- data/lib/brakeman/checks/check_jruby_xml.rb +1 -1
- data/lib/brakeman/checks/check_json_encoding.rb +1 -1
- data/lib/brakeman/checks/check_json_parsing.rb +3 -3
- data/lib/brakeman/checks/check_link_to.rb +1 -1
- data/lib/brakeman/checks/check_link_to_href.rb +9 -2
- data/lib/brakeman/checks/check_mass_assignment.rb +5 -2
- data/lib/brakeman/checks/check_model_attr_accessible.rb +4 -4
- data/lib/brakeman/checks/check_model_attributes.rb +7 -7
- data/lib/brakeman/checks/check_model_serialize.rb +6 -6
- data/lib/brakeman/checks/check_nested_attributes.rb +2 -2
- data/lib/brakeman/checks/check_number_to_currency.rb +2 -2
- data/lib/brakeman/checks/check_quote_table_name.rb +1 -1
- data/lib/brakeman/checks/check_redirect.rb +2 -10
- data/lib/brakeman/checks/check_render.rb +1 -1
- data/lib/brakeman/checks/check_render_dos.rb +1 -1
- data/lib/brakeman/checks/check_safe_buffer_manipulation.rb +1 -1
- data/lib/brakeman/checks/check_sanitize_methods.rb +1 -1
- data/lib/brakeman/checks/check_select_tag.rb +1 -1
- data/lib/brakeman/checks/check_select_vulnerability.rb +2 -2
- data/lib/brakeman/checks/check_session_settings.rb +1 -2
- data/lib/brakeman/checks/check_simple_format.rb +2 -2
- data/lib/brakeman/checks/check_single_quotes.rb +3 -3
- data/lib/brakeman/checks/check_skip_before_filter.rb +5 -7
- data/lib/brakeman/checks/check_sql.rb +10 -14
- data/lib/brakeman/checks/check_sql_cves.rb +4 -4
- data/lib/brakeman/checks/check_ssl_verify.rb +27 -9
- data/lib/brakeman/checks/check_strip_tags.rb +5 -5
- data/lib/brakeman/checks/check_symbol_dos_cve.rb +1 -1
- data/lib/brakeman/checks/check_translate_bug.rb +3 -4
- data/lib/brakeman/checks/check_unscoped_find.rb +1 -1
- data/lib/brakeman/checks/check_validation_regex.rb +2 -2
- data/lib/brakeman/checks/check_xml_dos.rb +1 -1
- data/lib/brakeman/checks/check_yaml_parsing.rb +1 -1
- data/lib/brakeman/file_parser.rb +1 -0
- data/lib/brakeman/parsers/template_parser.rb +6 -5
- data/lib/brakeman/processor.rb +7 -7
- data/lib/brakeman/processors/alias_processor.rb +30 -12
- data/lib/brakeman/processors/base_processor.rb +4 -8
- data/lib/brakeman/processors/controller_alias_processor.rb +33 -132
- data/lib/brakeman/processors/controller_processor.rb +29 -53
- data/lib/brakeman/processors/erb_template_processor.rb +4 -6
- data/lib/brakeman/processors/erubis_template_processor.rb +8 -11
- data/lib/brakeman/processors/gem_processor.rb +19 -35
- data/lib/brakeman/processors/haml_template_processor.rb +10 -12
- data/lib/brakeman/processors/lib/find_all_calls.rb +3 -5
- data/lib/brakeman/processors/lib/find_call.rb +2 -2
- data/lib/brakeman/processors/lib/find_return_value.rb +1 -1
- data/lib/brakeman/processors/lib/rails2_config_processor.rb +7 -8
- data/lib/brakeman/processors/lib/rails3_config_processor.rb +6 -7
- data/lib/brakeman/processors/lib/render_helper.rb +15 -14
- data/lib/brakeman/processors/lib/render_path.rb +11 -5
- data/lib/brakeman/processors/library_processor.rb +13 -35
- data/lib/brakeman/processors/model_processor.rb +22 -64
- data/lib/brakeman/processors/output_processor.rb +1 -37
- data/lib/brakeman/processors/slim_template_processor.rb +6 -8
- data/lib/brakeman/processors/template_alias_processor.rb +9 -9
- data/lib/brakeman/processors/template_processor.rb +5 -9
- data/lib/brakeman/report/report_base.rb +7 -7
- data/lib/brakeman/report/report_html.rb +5 -7
- data/lib/brakeman/report/report_markdown.rb +4 -6
- data/lib/brakeman/report/report_table.rb +4 -6
- data/lib/brakeman/rescanner.rb +29 -31
- data/lib/brakeman/scanner.rb +17 -8
- data/lib/brakeman/tracker.rb +24 -34
- data/lib/brakeman/tracker/collection.rb +77 -0
- data/lib/brakeman/tracker/config.rb +93 -0
- data/lib/brakeman/tracker/controller.rb +161 -0
- data/lib/brakeman/tracker/library.rb +17 -0
- data/lib/brakeman/tracker/model.rb +90 -0
- data/lib/brakeman/tracker/template.rb +33 -0
- data/lib/brakeman/util.rb +17 -9
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +8 -9
- data/lib/ruby_parser/bm_sexp.rb +16 -16
- data/lib/ruby_parser/bm_sexp_processor.rb +1 -120
- metadata +42 -31
- checksums.yaml.gz.sig +0 -1
- data.tar.gz.sig +0 -0
- metadata.gz.sig +0 -0
data/lib/brakeman/util.rb
CHANGED
@@ -129,6 +129,10 @@ module Brakeman::Util
|
|
129
129
|
exp.is_a? Sexp and exp.node_type == :str
|
130
130
|
end
|
131
131
|
|
132
|
+
def string_interp? exp
|
133
|
+
exp.is_a? Sexp and exp.node_type == :dstr
|
134
|
+
end
|
135
|
+
|
132
136
|
#Check if _exp_ represents a Symbol: s(:lit, :...)
|
133
137
|
def symbol? exp
|
134
138
|
exp.is_a? Sexp and exp.node_type == :lit and exp[1].is_a? Symbol
|
@@ -267,6 +271,10 @@ module Brakeman::Util
|
|
267
271
|
call
|
268
272
|
end
|
269
273
|
|
274
|
+
def rails_version
|
275
|
+
@tracker.config.rails_version
|
276
|
+
end
|
277
|
+
|
270
278
|
#Return file name related to given warning. Uses +warning.file+ if it exists
|
271
279
|
def file_for warning, tracker = nil
|
272
280
|
if tracker.nil?
|
@@ -275,14 +283,14 @@ module Brakeman::Util
|
|
275
283
|
|
276
284
|
if warning.file
|
277
285
|
File.expand_path warning.file, tracker.app_path
|
278
|
-
elsif warning.template
|
279
|
-
warning.template
|
286
|
+
elsif warning.template and warning.template.file
|
287
|
+
warning.template.file
|
280
288
|
else
|
281
289
|
case warning.warning_set
|
282
290
|
when :controller
|
283
291
|
file_by_name warning.controller, :controller, tracker
|
284
292
|
when :template
|
285
|
-
file_by_name warning.template
|
293
|
+
file_by_name warning.template.name, :template, tracker
|
286
294
|
when :model
|
287
295
|
file_by_name warning.model, :model, tracker
|
288
296
|
when :warning
|
@@ -318,20 +326,20 @@ module Brakeman::Util
|
|
318
326
|
|
319
327
|
case type
|
320
328
|
when :controller
|
321
|
-
if tracker.controllers[name]
|
322
|
-
path = tracker.controllers[name]
|
329
|
+
if tracker.controllers[name]
|
330
|
+
path = tracker.controllers[name].file
|
323
331
|
else
|
324
332
|
path += "/app/controllers/#{underscore(string_name)}.rb"
|
325
333
|
end
|
326
334
|
when :model
|
327
|
-
if tracker.models[name]
|
328
|
-
path = tracker.models[name]
|
335
|
+
if tracker.models[name]
|
336
|
+
path = tracker.models[name].file
|
329
337
|
else
|
330
338
|
path += "/app/models/#{underscore(string_name)}.rb"
|
331
339
|
end
|
332
340
|
when :template
|
333
|
-
if tracker.templates[name] and tracker.templates[name]
|
334
|
-
path = tracker.templates[name]
|
341
|
+
if tracker.templates[name] and tracker.templates[name].file
|
342
|
+
path = tracker.templates[name].file
|
335
343
|
elsif string_name.include? " "
|
336
344
|
name = string_name.split[0].to_sym
|
337
345
|
path = file_for tracker, name, :template
|
data/lib/brakeman/version.rb
CHANGED
data/lib/brakeman/warning.rb
CHANGED
@@ -62,7 +62,7 @@ class Brakeman::Warning
|
|
62
62
|
@warning_set = :model
|
63
63
|
elsif self.template
|
64
64
|
@warning_set = :template
|
65
|
-
@called_from = self.template
|
65
|
+
@called_from = self.template.render_path
|
66
66
|
elsif self.controller
|
67
67
|
@warning_set = :controller
|
68
68
|
else
|
@@ -89,12 +89,11 @@ class Brakeman::Warning
|
|
89
89
|
end
|
90
90
|
|
91
91
|
#Returns name of a view, including where it was rendered from
|
92
|
-
def view_name
|
93
|
-
|
94
|
-
|
95
|
-
@view_name = "#{template[:name]} (#{called_from.last})"
|
92
|
+
def view_name(include_renderer = true)
|
93
|
+
if called_from and include_renderer
|
94
|
+
@view_name = "#{template.name} (#{called_from.last})"
|
96
95
|
else
|
97
|
-
@view_name = template
|
96
|
+
@view_name = template.name
|
98
97
|
end
|
99
98
|
end
|
100
99
|
|
@@ -183,10 +182,10 @@ class Brakeman::Warning
|
|
183
182
|
Digest::SHA2.new(256).update("#{warning_code_string}#{code_string}#{location_string}#{@relative_path}#{self.confidence}").to_s
|
184
183
|
end
|
185
184
|
|
186
|
-
def location
|
185
|
+
def location include_renderer = true
|
187
186
|
case @warning_set
|
188
187
|
when :template
|
189
|
-
location = { :type => :template, :template => self.view_name }
|
188
|
+
location = { :type => :template, :template => self.view_name(include_renderer) }
|
190
189
|
when :model
|
191
190
|
location = { :type => :model, :model => self.model }
|
192
191
|
when :controller
|
@@ -210,7 +209,7 @@ class Brakeman::Warning
|
|
210
209
|
:link => self.link,
|
211
210
|
:code => (@code && self.format_code(false)),
|
212
211
|
:render_path => self.called_from,
|
213
|
-
:location => self.location,
|
212
|
+
:location => self.location(false),
|
214
213
|
:user_input => (@user_input && self.format_user_input(false)),
|
215
214
|
:confidence => TEXT_CONFIDENCE[self.confidence]
|
216
215
|
}
|
data/lib/ruby_parser/bm_sexp.rb
CHANGED
@@ -357,7 +357,7 @@ class Sexp
|
|
357
357
|
# s(:lasgn, :y),
|
358
358
|
# s(:block, s(:lvar, :y), s(:call, nil, :z, s(:arglist))))
|
359
359
|
def block_call
|
360
|
-
expect :iter
|
360
|
+
expect :iter
|
361
361
|
self[1]
|
362
362
|
end
|
363
363
|
|
@@ -374,10 +374,10 @@ class Sexp
|
|
374
374
|
return find_node :block, delete
|
375
375
|
end
|
376
376
|
|
377
|
-
expect :iter, :
|
377
|
+
expect :iter, :scope, :resbody
|
378
378
|
|
379
379
|
case self.node_type
|
380
|
-
when :iter
|
380
|
+
when :iter
|
381
381
|
self[3]
|
382
382
|
when :scope
|
383
383
|
self[1]
|
@@ -394,7 +394,7 @@ class Sexp
|
|
394
394
|
# s(:lasgn, :y), <- block_args
|
395
395
|
# s(:call, nil, :p, s(:arglist, s(:lvar, :y))))
|
396
396
|
def block_args
|
397
|
-
expect :iter
|
397
|
+
expect :iter
|
398
398
|
if self[2] == 0 # ?! See https://github.com/presidentbeef/brakeman/issues/331
|
399
399
|
return Sexp.new(:args)
|
400
400
|
else
|
@@ -451,23 +451,23 @@ class Sexp
|
|
451
451
|
|
452
452
|
#Returns name of method being defined in a method definition.
|
453
453
|
def method_name
|
454
|
-
expect :defn, :defs
|
454
|
+
expect :defn, :defs
|
455
455
|
|
456
456
|
case self.node_type
|
457
|
-
when :defn
|
457
|
+
when :defn
|
458
458
|
self[1]
|
459
|
-
when :defs
|
459
|
+
when :defs
|
460
460
|
self[2]
|
461
461
|
end
|
462
462
|
end
|
463
463
|
|
464
464
|
def formal_args
|
465
|
-
expect :defn, :defs
|
465
|
+
expect :defn, :defs
|
466
466
|
|
467
467
|
case self.node_type
|
468
|
-
when :defn
|
468
|
+
when :defn
|
469
469
|
self[2]
|
470
|
-
when :defs
|
470
|
+
when :defs
|
471
471
|
self[3]
|
472
472
|
end
|
473
473
|
end
|
@@ -475,13 +475,13 @@ class Sexp
|
|
475
475
|
#Sets body, which is now a complicated process because the body is no longer
|
476
476
|
#a separate Sexp, but just a list of Sexps.
|
477
477
|
def body= exp
|
478
|
-
expect :defn, :defs, :
|
478
|
+
expect :defn, :defs, :class, :module
|
479
479
|
@my_hash_value = nil
|
480
480
|
|
481
481
|
case self.node_type
|
482
|
-
when :defn, :
|
482
|
+
when :defn, :class
|
483
483
|
index = 3
|
484
|
-
when :defs
|
484
|
+
when :defs
|
485
485
|
index = 4
|
486
486
|
when :module
|
487
487
|
index = 2
|
@@ -499,12 +499,12 @@ class Sexp
|
|
499
499
|
#Returns body of a method definition, class, or module.
|
500
500
|
#This will be an untyped Sexp containing a list of Sexps from the body.
|
501
501
|
def body
|
502
|
-
expect :defn, :defs, :
|
502
|
+
expect :defn, :defs, :class, :module
|
503
503
|
|
504
504
|
case self.node_type
|
505
|
-
when :defn, :
|
505
|
+
when :defn, :class
|
506
506
|
self[3..-1]
|
507
|
-
when :defs
|
507
|
+
when :defs
|
508
508
|
self[4..-1]
|
509
509
|
when :module
|
510
510
|
self[2..-1]
|
@@ -72,14 +72,7 @@ class Brakeman::SexpProcessor
|
|
72
72
|
# now do a pass with the real processor (or generic)
|
73
73
|
meth = @processors[type]
|
74
74
|
if meth then
|
75
|
-
|
76
|
-
result = error_handler(type) do
|
77
|
-
self.send(meth, exp)
|
78
|
-
end
|
79
|
-
else
|
80
|
-
result = self.send(meth, exp)
|
81
|
-
end
|
82
|
-
|
75
|
+
result = self.send(meth, exp)
|
83
76
|
else
|
84
77
|
result = self.process_default(exp)
|
85
78
|
end
|
@@ -90,36 +83,6 @@ class Brakeman::SexpProcessor
|
|
90
83
|
result
|
91
84
|
end
|
92
85
|
|
93
|
-
def error_handler(type, exp=nil) # :nodoc:
|
94
|
-
begin
|
95
|
-
return yield
|
96
|
-
rescue => err
|
97
|
-
warn "#{err.class} Exception thrown while processing #{type} for sexp #{exp.inspect} #{caller.inspect}" if $DEBUG
|
98
|
-
raise
|
99
|
-
end
|
100
|
-
end
|
101
|
-
|
102
|
-
##
|
103
|
-
# A fairly generic processor for a dummy node. Dummy nodes are used
|
104
|
-
# when your processor is doing a complicated rewrite that replaces
|
105
|
-
# the current sexp with multiple sexps.
|
106
|
-
#
|
107
|
-
# Bogus Example:
|
108
|
-
#
|
109
|
-
# def process_something(exp)
|
110
|
-
# return s(:dummy, process(exp), s(:extra, 42))
|
111
|
-
# end
|
112
|
-
|
113
|
-
def process_dummy(exp)
|
114
|
-
result = @expected.new(:dummy) rescue @expected.new
|
115
|
-
|
116
|
-
until exp.empty? do
|
117
|
-
result << self.process(exp.shift)
|
118
|
-
end
|
119
|
-
|
120
|
-
result
|
121
|
-
end
|
122
|
-
|
123
86
|
##
|
124
87
|
# Add a scope level to the current env. Eg:
|
125
88
|
#
|
@@ -150,86 +113,4 @@ class Brakeman::SexpProcessor
|
|
150
113
|
|
151
114
|
self.context.shift
|
152
115
|
end
|
153
|
-
|
154
|
-
##
|
155
|
-
# I really hate this here, but I hate subdirs in my lib dir more...
|
156
|
-
# I guess it is kinda like shaving... I'll split this out when it
|
157
|
-
# itches too much...
|
158
|
-
|
159
|
-
class Environment
|
160
|
-
def initialize
|
161
|
-
@env = []
|
162
|
-
@env.unshift({})
|
163
|
-
end
|
164
|
-
|
165
|
-
def all
|
166
|
-
@env.reverse.inject { |env, scope| env.merge scope }
|
167
|
-
end
|
168
|
-
|
169
|
-
def depth
|
170
|
-
@env.length
|
171
|
-
end
|
172
|
-
|
173
|
-
# TODO: depth_of
|
174
|
-
|
175
|
-
def [] name
|
176
|
-
hash = @env.find { |closure| closure.has_key? name }
|
177
|
-
hash[name] if hash
|
178
|
-
end
|
179
|
-
|
180
|
-
def []= name, val
|
181
|
-
hash = @env.find { |closure| closure.has_key? name } || @env.first
|
182
|
-
hash[name] = val
|
183
|
-
end
|
184
|
-
|
185
|
-
def scope
|
186
|
-
@env.unshift({})
|
187
|
-
begin
|
188
|
-
yield
|
189
|
-
ensure
|
190
|
-
@env.shift
|
191
|
-
raise "You went too far unextending env" if @env.empty?
|
192
|
-
end
|
193
|
-
end
|
194
|
-
end
|
195
116
|
end
|
196
|
-
|
197
|
-
class Object
|
198
|
-
|
199
|
-
##
|
200
|
-
# deep_clone is the usual Marshalling hack to make a deep copy.
|
201
|
-
# It is rather slow, so use it sparingly. Helps with debugging
|
202
|
-
# SexpProcessors since you usually shift off sexps.
|
203
|
-
|
204
|
-
def deep_clone
|
205
|
-
Marshal.load(Marshal.dump(self))
|
206
|
-
end
|
207
|
-
end
|
208
|
-
|
209
|
-
##
|
210
|
-
# SexpProcessor base exception class.
|
211
|
-
|
212
|
-
class SexpProcessorError < StandardError; end
|
213
|
-
|
214
|
-
##
|
215
|
-
# Raised by SexpProcessor if it sees a node type listed in its
|
216
|
-
# unsupported list.
|
217
|
-
|
218
|
-
class UnsupportedNodeError < SexpProcessorError; end
|
219
|
-
|
220
|
-
##
|
221
|
-
# Raised by SexpProcessor if it is in strict mode and sees a node for
|
222
|
-
# which there is no processor available.
|
223
|
-
|
224
|
-
class UnknownNodeError < SexpProcessorError; end
|
225
|
-
|
226
|
-
##
|
227
|
-
# Raised by SexpProcessor if a processor did not process every node in
|
228
|
-
# a sexp and @require_empty is true.
|
229
|
-
|
230
|
-
class NotEmptyError < SexpProcessorError; end
|
231
|
-
|
232
|
-
##
|
233
|
-
# Raised if assert_type encounters an unexpected sexp type.
|
234
|
-
|
235
|
-
class SexpTypeError < SexpProcessorError; end
|
metadata
CHANGED
@@ -1,36 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0
|
4
|
+
version: 3.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Collins
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain:
|
11
|
-
-
|
12
|
-
|
13
|
-
MIIDijCCAnKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQ8wDQYDVQQDDAZqdXN0
|
14
|
-
aW4xHTAbBgoJkiaJk/IsZAEZFg1wcmVzaWRlbnRiZWVmMRMwEQYKCZImiZPyLGQB
|
15
|
-
GRYDY29tMB4XDTE1MDEwMzAxMjI0NFoXDTE2MDEwMzAxMjI0NFowRTEPMA0GA1UE
|
16
|
-
AwwGanVzdGluMR0wGwYKCZImiZPyLGQBGRYNcHJlc2lkZW50YmVlZjETMBEGCgmS
|
17
|
-
JomT8ixkARkWA2NvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMjt
|
18
|
-
xjn8ArkEqQNrRjEeyZAOyr0O8+WZ54AcObsKg2osrcAW6iFd7tjnTFclQHmZgje+
|
19
|
-
cwxeF/YG4PbA72ElmCvjn8vQJkdgHspKds1otSozvTF2VDnyAEg0nDTMgkQGQy4R
|
20
|
-
HX3NHXMJ8UCAJv2IV/FsItzcPzPmhhf6vu/QaNrmAm3/nF52EsMSEJNC9eTPWudC
|
21
|
-
kPgt19T9LRKMk5YbXDM6jWGRubusE03bTwY3RThqYM5ra1DwI/HpWKsKdmNrBbse
|
22
|
-
f065WyR7RNAxindc2wMyq1EaInmO7Vds+rsOFZ4ZnO90z046ywmTLTadqlfuc9Qo
|
23
|
-
CEw/AhYB6f6DLH8ICkMCAwEAAaOBhDCBgTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE
|
24
|
-
sDAdBgNVHQ4EFgQUmIuIvxLr7ziB52LOpVgd694EfaEwIwYDVR0RBBwwGoEYanVz
|
25
|
-
dGluQHByZXNpZGVudGJlZWYuY29tMCMGA1UdEgQcMBqBGGp1c3RpbkBwcmVzaWRl
|
26
|
-
bnRiZWVmLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAbgSKdn/VSDdl5H2ayE+OM662
|
27
|
-
gTJWP1CWfbcRVJW/UDjDucEF42t6V/dZTDmwyYTR8Qv+5FsQoPHsDsD3Jr1E62dl
|
28
|
-
VYDeUkbmiV5f8fANbvnGUknzrHwp2T0/URxiIY8oFcaCGT+iua9zlNU20+XhB9JN
|
29
|
-
fsOSUNBuuE/MYGA37MR1sP7lFHr5e7I1Qk1x3HvjNB/kSv1+Cj26Lde1ehvMqpmi
|
30
|
-
bxoxp9KNxkO+709YwLO1rYfmcGghg8WV6MYz3PSHdlgWF4KrjRFc/00hXHqVk0Sf
|
31
|
-
mREEv2LPwHH2SgpSSab+iawnX4l6lV8XcIrmp/HSMySsPVFBeOmB0c05LpEN8w==
|
32
|
-
-----END CERTIFICATE-----
|
33
|
-
date: 2015-06-20 00:00:00.000000000 Z
|
11
|
+
- brakeman-public_cert.pem
|
12
|
+
date: 2015-08-31 00:00:00.000000000 Z
|
34
13
|
dependencies:
|
35
14
|
- !ruby/object:Gem::Dependency
|
36
15
|
name: test-unit
|
@@ -64,30 +43,36 @@ dependencies:
|
|
64
43
|
name: ruby2ruby
|
65
44
|
requirement: !ruby/object:Gem::Requirement
|
66
45
|
requirements:
|
67
|
-
- - "
|
46
|
+
- - ">="
|
68
47
|
- !ruby/object:Gem::Version
|
69
48
|
version: 2.1.1
|
49
|
+
- - "<"
|
50
|
+
- !ruby/object:Gem::Version
|
51
|
+
version: 2.3.0
|
70
52
|
type: :runtime
|
71
53
|
prerelease: false
|
72
54
|
version_requirements: !ruby/object:Gem::Requirement
|
73
55
|
requirements:
|
74
|
-
- - "
|
56
|
+
- - ">="
|
75
57
|
- !ruby/object:Gem::Version
|
76
58
|
version: 2.1.1
|
59
|
+
- - "<"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 2.3.0
|
77
62
|
- !ruby/object:Gem::Dependency
|
78
63
|
name: terminal-table
|
79
64
|
requirement: !ruby/object:Gem::Requirement
|
80
65
|
requirements:
|
81
66
|
- - "~>"
|
82
67
|
- !ruby/object:Gem::Version
|
83
|
-
version:
|
68
|
+
version: 1.4.5
|
84
69
|
type: :runtime
|
85
70
|
prerelease: false
|
86
71
|
version_requirements: !ruby/object:Gem::Requirement
|
87
72
|
requirements:
|
88
73
|
- - "~>"
|
89
74
|
- !ruby/object:Gem::Version
|
90
|
-
version:
|
75
|
+
version: 1.4.5
|
91
76
|
- !ruby/object:Gem::Dependency
|
92
77
|
name: fastercsv
|
93
78
|
requirement: !ruby/object:Gem::Requirement
|
@@ -108,14 +93,14 @@ dependencies:
|
|
108
93
|
requirements:
|
109
94
|
- - "~>"
|
110
95
|
- !ruby/object:Gem::Version
|
111
|
-
version: 1.6
|
96
|
+
version: '1.6'
|
112
97
|
type: :runtime
|
113
98
|
prerelease: false
|
114
99
|
version_requirements: !ruby/object:Gem::Requirement
|
115
100
|
requirements:
|
116
101
|
- - "~>"
|
117
102
|
- !ruby/object:Gem::Version
|
118
|
-
version: 1.6
|
103
|
+
version: '1.6'
|
119
104
|
- !ruby/object:Gem::Dependency
|
120
105
|
name: erubis
|
121
106
|
requirement: !ruby/object:Gem::Requirement
|
@@ -164,6 +149,26 @@ dependencies:
|
|
164
149
|
- - "~>"
|
165
150
|
- !ruby/object:Gem::Version
|
166
151
|
version: '3.0'
|
152
|
+
- !ruby/object:Gem::Dependency
|
153
|
+
name: slim
|
154
|
+
requirement: !ruby/object:Gem::Requirement
|
155
|
+
requirements:
|
156
|
+
- - ">="
|
157
|
+
- !ruby/object:Gem::Version
|
158
|
+
version: 1.3.6
|
159
|
+
- - "<"
|
160
|
+
- !ruby/object:Gem::Version
|
161
|
+
version: '4.0'
|
162
|
+
type: :runtime
|
163
|
+
prerelease: false
|
164
|
+
version_requirements: !ruby/object:Gem::Requirement
|
165
|
+
requirements:
|
166
|
+
- - ">="
|
167
|
+
- !ruby/object:Gem::Version
|
168
|
+
version: 1.3.6
|
169
|
+
- - "<"
|
170
|
+
- !ruby/object:Gem::Version
|
171
|
+
version: '4.0'
|
167
172
|
- !ruby/object:Gem::Dependency
|
168
173
|
name: multi_json
|
169
174
|
requirement: !ruby/object:Gem::Requirement
|
@@ -321,6 +326,12 @@ files:
|
|
321
326
|
- lib/brakeman/rescanner.rb
|
322
327
|
- lib/brakeman/scanner.rb
|
323
328
|
- lib/brakeman/tracker.rb
|
329
|
+
- lib/brakeman/tracker/collection.rb
|
330
|
+
- lib/brakeman/tracker/config.rb
|
331
|
+
- lib/brakeman/tracker/controller.rb
|
332
|
+
- lib/brakeman/tracker/library.rb
|
333
|
+
- lib/brakeman/tracker/model.rb
|
334
|
+
- lib/brakeman/tracker/template.rb
|
324
335
|
- lib/brakeman/util.rb
|
325
336
|
- lib/brakeman/version.rb
|
326
337
|
- lib/brakeman/warning.rb
|
@@ -347,7 +358,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
347
358
|
version: '0'
|
348
359
|
requirements: []
|
349
360
|
rubyforge_project:
|
350
|
-
rubygems_version: 2.4.
|
361
|
+
rubygems_version: 2.4.8
|
351
362
|
signing_key:
|
352
363
|
specification_version: 4
|
353
364
|
summary: Security vulnerability scanner for Ruby on Rails.
|