brakeman 0.8.0 → 0.8.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/bin/brakeman +4 -0
  2. data/lib/processors/controller_alias_processor.rb +1 -1
  3. data/lib/scanner.rb +7 -1
  4. data/lib/version.rb +1 -1
  5. metadata +3 -3
data/bin/brakeman CHANGED
@@ -34,6 +34,10 @@ OptionParser.new do |opts|
34
34
  opts.separator ""
35
35
  opts.separator "Scanning options:"
36
36
 
37
+ opts.on "-a", "--assume-routes", "Assume all controller methods are actions" do
38
+ options[:assume_all_routes] = true
39
+ end
40
+
37
41
  opts.on "--ignore-model-output", "Consider model attributes XSS-safe" do
38
42
  options[:ignore_model_output] = true
39
43
  end
data/lib/processors/controller_alias_processor.rb CHANGED
@@ -131,7 +131,7 @@ class ControllerAliasProcessor < AliasProcessor
131
131
 
132
132
  #Returns true if the given method name is also a route
133
133
  def route? method
134
- return true if @tracker.routes[:allow_all_actions]
134
+ return true if @tracker.routes[:allow_all_actions] or OPTIONS[:assume_all_routes]
135
135
  routes = @tracker.routes[@current_class]
136
136
  routes and (routes == :allow_all_actions or routes.include? method)
137
137
  end
data/lib/scanner.rb CHANGED
@@ -129,7 +129,13 @@ class Scanner
129
129
  #Adds parsed information to tracker.routes
130
130
  def process_routes
131
131
  if File.exists? "#@path/config/routes.rb"
132
- @processor.process_routes RubyParser.new.parse(File.read("#@path/config/routes.rb"))
132
+ begin
133
+ @processor.process_routes RubyParser.new.parse(File.read("#@path/config/routes.rb"))
134
+ rescue Exception => e
135
+ tracker.error e.exception(e.message + "\nWhile processing routes.rb"), e.backtrace
136
+ warn "[Notice] Error while processing routes - assuming all public controller methods are actions."
137
+ OPTIONS[:assume_all_routes] = true
138
+ end
133
139
  else
134
140
  warn "[Notice] No route information found"
135
141
  end
data/lib/version.rb CHANGED
@@ -1 +1 @@
1
- Version = "0.8.0"
1
+ Version = "0.8.1"
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 8
8
- - 0
9
- version: 0.8.0
8
+ - 1
9
+ version: 0.8.1
10
10
  platform: ruby
11
11
  authors:
12
12
  - Justin Collins
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2011-09-15 00:00:00 -07:00
17
+ date: 2011-09-28 00:00:00 -07:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency