brakeman 3.6.2 → 3.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES +9 -0
- data/bundle/load.rb +1 -1
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/rp_extensions.rb +5 -1
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby18_parser.rb +1617 -1613
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby18_parser.y +15 -9
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby19_parser.rb +1572 -1570
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby19_parser.y +19 -15
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby20_parser.rb +2415 -2413
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby20_parser.y +34 -23
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby21_parser.rb +2535 -2515
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby21_parser.y +34 -23
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby22_parser.rb +2558 -2543
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby22_parser.y +35 -24
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby23_parser.rb +2504 -2483
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby23_parser.y +35 -24
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby24_parser.rb +2504 -2483
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby24_parser.y +35 -24
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby_lexer.rb +84 -11
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby_parser.yy +35 -24
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/lib/ruby_parser_extras.rb +112 -89
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/test/test_ruby_lexer.rb +67 -0
- data/bundle/ruby/2.3.0/gems/ruby_parser-3.9.0/test/test_ruby_parser.rb +32 -1
- data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/CHANGELOG.md +4 -0
- data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/MIT-LICENSE.txt +0 -0
- data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/README.md +1 -1
- data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/Rakefile +0 -0
- data/bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/data/display_width.marshal.gz +0 -0
- data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/lib/unicode/display_width.rb +0 -0
- data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/lib/unicode/display_width/constants.rb +2 -2
- data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/lib/unicode/display_width/index.rb +0 -0
- data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/lib/unicode/display_width/no_string_ext.rb +0 -0
- data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/lib/unicode/display_width/string_ext.rb +0 -0
- data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/spec/display_width_spec.rb +0 -0
- data/bundle/ruby/2.3.0/gems/{unicode-display_width-1.2.1 → unicode-display_width-1.3.0}/unicode-display_width.gemspec +0 -0
- data/lib/brakeman.rb +7 -0
- data/lib/brakeman/checks/check_redirect.rb +26 -3
- data/lib/brakeman/processors/alias_processor.rb +91 -3
- data/lib/brakeman/processors/base_processor.rb +9 -1
- data/lib/brakeman/report/ignore/interactive.rb +9 -4
- data/lib/brakeman/tracker/constants.rb +11 -2
- data/lib/brakeman/version.rb +1 -1
- data/lib/ruby_parser/bm_sexp.rb +0 -8
- metadata +14 -14
- data/bundle/ruby/2.3.0/gems/unicode-display_width-1.2.1/data/display_width.marshal.gz +0 -0
|
@@ -2,14 +2,18 @@ require 'brakeman/processors/output_processor'
|
|
|
2
2
|
|
|
3
3
|
module Brakeman
|
|
4
4
|
class Constant
|
|
5
|
-
attr_reader :name, :name_array, :file, :value
|
|
5
|
+
attr_reader :name, :name_array, :file, :value, :context
|
|
6
6
|
|
|
7
|
-
def initialize name, value
|
|
7
|
+
def initialize name, value, context = {}
|
|
8
8
|
set_name name, context
|
|
9
9
|
@value = value
|
|
10
10
|
@context = context
|
|
11
11
|
|
|
12
12
|
if @context
|
|
13
|
+
if @context[:class].is_a? Brakeman::Controller
|
|
14
|
+
@context[:class] = @context[:class].name
|
|
15
|
+
end
|
|
16
|
+
|
|
13
17
|
@file = @context[:file]
|
|
14
18
|
end
|
|
15
19
|
end
|
|
@@ -88,6 +92,11 @@ module Brakeman
|
|
|
88
92
|
nil
|
|
89
93
|
end
|
|
90
94
|
|
|
95
|
+
def find_all exp
|
|
96
|
+
base_name = Constants.get_constant_base_name(exp)
|
|
97
|
+
@constants[base_name]
|
|
98
|
+
end
|
|
99
|
+
|
|
91
100
|
def add name, value, context = nil
|
|
92
101
|
if call? value and value.method == :freeze
|
|
93
102
|
value = value.target
|
data/lib/brakeman/version.rb
CHANGED
data/lib/ruby_parser/bm_sexp.rb
CHANGED
|
@@ -120,14 +120,6 @@ class Sexp
|
|
|
120
120
|
old_find_node(*args)
|
|
121
121
|
end
|
|
122
122
|
|
|
123
|
-
#Iterates over the Sexps in an Sexp, skipping values that are not
|
|
124
|
-
#an Sexp.
|
|
125
|
-
def each_sexp
|
|
126
|
-
self.each do |e|
|
|
127
|
-
yield e if Sexp === e
|
|
128
|
-
end
|
|
129
|
-
end
|
|
130
|
-
|
|
131
123
|
#Raise a WrongSexpError if the nodes type does not match one of the expected
|
|
132
124
|
#types.
|
|
133
125
|
def expect *types
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: brakeman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Justin Collins
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain:
|
|
11
11
|
- brakeman-public_cert.pem
|
|
12
|
-
date: 2017-
|
|
12
|
+
date: 2017-06-30 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
|
15
15
|
via static analysis.
|
|
@@ -1216,18 +1216,18 @@ files:
|
|
|
1216
1216
|
- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_wikiclothtemplate_test.rb
|
|
1217
1217
|
- bundle/ruby/2.3.0/gems/tilt-2.0.7/test/tilt_yajltemplate_test.rb
|
|
1218
1218
|
- bundle/ruby/2.3.0/gems/tilt-2.0.7/tilt.gemspec
|
|
1219
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1220
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1221
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1222
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1223
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1224
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1225
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1226
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1227
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1228
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1229
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1230
|
-
- bundle/ruby/2.3.0/gems/unicode-display_width-1.
|
|
1219
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/CHANGELOG.md
|
|
1220
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/MIT-LICENSE.txt
|
|
1221
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/README.md
|
|
1222
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/Rakefile
|
|
1223
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/data/display_width.marshal.gz
|
|
1224
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/lib/unicode/display_width.rb
|
|
1225
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/lib/unicode/display_width/constants.rb
|
|
1226
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/lib/unicode/display_width/index.rb
|
|
1227
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/lib/unicode/display_width/no_string_ext.rb
|
|
1228
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/lib/unicode/display_width/string_ext.rb
|
|
1229
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/spec/display_width_spec.rb
|
|
1230
|
+
- bundle/ruby/2.3.0/gems/unicode-display_width-1.3.0/unicode-display_width.gemspec
|
|
1231
1231
|
- lib/brakeman.rb
|
|
1232
1232
|
- lib/brakeman/app_tree.rb
|
|
1233
1233
|
- lib/brakeman/call_index.rb
|