brakeman 0.8.2 → 0.8.3
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/brakeman +4 -0
- data/lib/report.rb +9 -1
- data/lib/scanner.rb +5 -0
- data/lib/version.rb +1 -1
- metadata +26 -10
data/bin/brakeman
CHANGED
|
@@ -59,6 +59,10 @@ OptionParser.new do |opts|
|
|
|
59
59
|
options[:safe_methods].merge methods.map {|e| e.to_sym }
|
|
60
60
|
end
|
|
61
61
|
|
|
62
|
+
opts.on "--skip-libs", "Skip processing lib directory" do
|
|
63
|
+
options[:skip_libs] = true
|
|
64
|
+
end
|
|
65
|
+
|
|
62
66
|
opts.on "-t", "--test Check1,Check2,etc", Array, "Only run the specified checks" do |checks|
|
|
63
67
|
checks.each_with_index do |s, index|
|
|
64
68
|
if s[0,5] != "Check"
|
data/lib/report.rb
CHANGED
|
@@ -70,8 +70,15 @@ class Report
|
|
|
70
70
|
def generate_errors
|
|
71
71
|
unless tracker.errors.empty?
|
|
72
72
|
table = Ruport::Data::Table(["Error", "Location"])
|
|
73
|
+
|
|
74
|
+
|
|
73
75
|
tracker.errors.each do |w|
|
|
74
76
|
p w if OPTIONS[:debug]
|
|
77
|
+
|
|
78
|
+
if OPTIONS[:output_format] == :to_html
|
|
79
|
+
w[:error] = CGI.escapeHTML w[:error]
|
|
80
|
+
end
|
|
81
|
+
|
|
75
82
|
table << { "Error" => w[:error], "Location" => w[:backtrace][0] }
|
|
76
83
|
end
|
|
77
84
|
|
|
@@ -275,7 +282,7 @@ class Report
|
|
|
275
282
|
|
|
276
283
|
res = generate_errors
|
|
277
284
|
if res
|
|
278
|
-
out << "<div onClick=\"toggle('errors_table');\"> <h2>Exceptions raised during the analysis (click to see them)</h2 ></div> <div id='errors_table' style='display:none'>" << res.to_html<< '</div>'
|
|
285
|
+
out << "<div onClick=\"toggle('errors_table');\"> <h2>Exceptions raised during the analysis (click to see them)</h2 ></div> <div id='errors_table' style='display:none'>" << res.to_html << '</div>'
|
|
279
286
|
end
|
|
280
287
|
|
|
281
288
|
res = generate_warnings
|
|
@@ -647,6 +654,7 @@ class Report
|
|
|
647
654
|
[:model_warnings, "Model"], [:template_warnings, "Template"]].map do |meth, category|
|
|
648
655
|
|
|
649
656
|
checks.send(meth).map do |w|
|
|
657
|
+
next if w.confidence > OPTIONS[:min_confidence]
|
|
650
658
|
line = w.line || 0
|
|
651
659
|
w.warning_type.gsub!(/[^\w\s]/, ' ')
|
|
652
660
|
"#{file_for w}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
|
data/lib/scanner.rb
CHANGED
|
@@ -113,6 +113,11 @@ class Scanner
|
|
|
113
113
|
#
|
|
114
114
|
#Adds parsed information to tracker.libs.
|
|
115
115
|
def process_libs
|
|
116
|
+
if OPTIONS[:skip_libs]
|
|
117
|
+
warn '[Skipping]'
|
|
118
|
+
return
|
|
119
|
+
end
|
|
120
|
+
|
|
116
121
|
Dir.glob(@path + "/lib/**/*.rb").sort.each do |f|
|
|
117
122
|
begin
|
|
118
123
|
@processor.process_lib RubyParser.new.parse(File.read(f)), f
|
data/lib/version.rb
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Version = "0.8.
|
|
1
|
+
Version = "0.8.3"
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: brakeman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 57
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 8
|
|
9
|
-
-
|
|
10
|
-
version: 0.8.
|
|
9
|
+
- 3
|
|
10
|
+
version: 0.8.3
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Justin Collins
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-
|
|
18
|
+
date: 2011-10-25 00:00:00 -07:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|
|
@@ -50,9 +50,25 @@ dependencies:
|
|
|
50
50
|
type: :runtime
|
|
51
51
|
version_requirements: *id002
|
|
52
52
|
- !ruby/object:Gem::Dependency
|
|
53
|
-
name:
|
|
53
|
+
name: ruby_parser
|
|
54
54
|
prerelease: false
|
|
55
55
|
requirement: &id003 !ruby/object:Gem::Requirement
|
|
56
|
+
none: false
|
|
57
|
+
requirements:
|
|
58
|
+
- - ">="
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
hash: 3
|
|
61
|
+
segments:
|
|
62
|
+
- 2
|
|
63
|
+
- 3
|
|
64
|
+
- 0
|
|
65
|
+
version: 2.3.0
|
|
66
|
+
type: :runtime
|
|
67
|
+
version_requirements: *id003
|
|
68
|
+
- !ruby/object:Gem::Dependency
|
|
69
|
+
name: ruport
|
|
70
|
+
prerelease: false
|
|
71
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
|
56
72
|
none: false
|
|
57
73
|
requirements:
|
|
58
74
|
- - ~>
|
|
@@ -64,11 +80,11 @@ dependencies:
|
|
|
64
80
|
- 3
|
|
65
81
|
version: 1.6.3
|
|
66
82
|
type: :runtime
|
|
67
|
-
version_requirements: *
|
|
83
|
+
version_requirements: *id004
|
|
68
84
|
- !ruby/object:Gem::Dependency
|
|
69
85
|
name: erubis
|
|
70
86
|
prerelease: false
|
|
71
|
-
requirement: &
|
|
87
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
|
72
88
|
none: false
|
|
73
89
|
requirements:
|
|
74
90
|
- - ~>
|
|
@@ -80,11 +96,11 @@ dependencies:
|
|
|
80
96
|
- 5
|
|
81
97
|
version: 2.6.5
|
|
82
98
|
type: :runtime
|
|
83
|
-
version_requirements: *
|
|
99
|
+
version_requirements: *id005
|
|
84
100
|
- !ruby/object:Gem::Dependency
|
|
85
101
|
name: haml
|
|
86
102
|
prerelease: false
|
|
87
|
-
requirement: &
|
|
103
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
|
88
104
|
none: false
|
|
89
105
|
requirements:
|
|
90
106
|
- - ~>
|
|
@@ -96,7 +112,7 @@ dependencies:
|
|
|
96
112
|
- 12
|
|
97
113
|
version: 3.0.12
|
|
98
114
|
type: :runtime
|
|
99
|
-
version_requirements: *
|
|
115
|
+
version_requirements: *id006
|
|
100
116
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
|
|
101
117
|
email:
|
|
102
118
|
executables:
|