brakeman 0.8.2 → 0.8.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/brakeman +4 -0
- data/lib/report.rb +9 -1
- data/lib/scanner.rb +5 -0
- data/lib/version.rb +1 -1
- metadata +26 -10
data/bin/brakeman
CHANGED
|
@@ -59,6 +59,10 @@ OptionParser.new do |opts|
|
|
|
59
59
|
options[:safe_methods].merge methods.map {|e| e.to_sym }
|
|
60
60
|
end
|
|
61
61
|
|
|
62
|
+
opts.on "--skip-libs", "Skip processing lib directory" do
|
|
63
|
+
options[:skip_libs] = true
|
|
64
|
+
end
|
|
65
|
+
|
|
62
66
|
opts.on "-t", "--test Check1,Check2,etc", Array, "Only run the specified checks" do |checks|
|
|
63
67
|
checks.each_with_index do |s, index|
|
|
64
68
|
if s[0,5] != "Check"
|
data/lib/report.rb
CHANGED
|
@@ -70,8 +70,15 @@ class Report
|
|
|
70
70
|
def generate_errors
|
|
71
71
|
unless tracker.errors.empty?
|
|
72
72
|
table = Ruport::Data::Table(["Error", "Location"])
|
|
73
|
+
|
|
74
|
+
|
|
73
75
|
tracker.errors.each do |w|
|
|
74
76
|
p w if OPTIONS[:debug]
|
|
77
|
+
|
|
78
|
+
if OPTIONS[:output_format] == :to_html
|
|
79
|
+
w[:error] = CGI.escapeHTML w[:error]
|
|
80
|
+
end
|
|
81
|
+
|
|
75
82
|
table << { "Error" => w[:error], "Location" => w[:backtrace][0] }
|
|
76
83
|
end
|
|
77
84
|
|
|
@@ -275,7 +282,7 @@ class Report
|
|
|
275
282
|
|
|
276
283
|
res = generate_errors
|
|
277
284
|
if res
|
|
278
|
-
out << "<div onClick=\"toggle('errors_table');\"> <h2>Exceptions raised during the analysis (click to see them)</h2 ></div> <div id='errors_table' style='display:none'>" << res.to_html<< '</div>'
|
|
285
|
+
out << "<div onClick=\"toggle('errors_table');\"> <h2>Exceptions raised during the analysis (click to see them)</h2 ></div> <div id='errors_table' style='display:none'>" << res.to_html << '</div>'
|
|
279
286
|
end
|
|
280
287
|
|
|
281
288
|
res = generate_warnings
|
|
@@ -647,6 +654,7 @@ class Report
|
|
|
647
654
|
[:model_warnings, "Model"], [:template_warnings, "Template"]].map do |meth, category|
|
|
648
655
|
|
|
649
656
|
checks.send(meth).map do |w|
|
|
657
|
+
next if w.confidence > OPTIONS[:min_confidence]
|
|
650
658
|
line = w.line || 0
|
|
651
659
|
w.warning_type.gsub!(/[^\w\s]/, ' ')
|
|
652
660
|
"#{file_for w}\t#{line}\t#{w.warning_type}\t#{category}\t#{w.format_message}\t#{TEXT_CONFIDENCE[w.confidence]}"
|
data/lib/scanner.rb
CHANGED
|
@@ -113,6 +113,11 @@ class Scanner
|
|
|
113
113
|
#
|
|
114
114
|
#Adds parsed information to tracker.libs.
|
|
115
115
|
def process_libs
|
|
116
|
+
if OPTIONS[:skip_libs]
|
|
117
|
+
warn '[Skipping]'
|
|
118
|
+
return
|
|
119
|
+
end
|
|
120
|
+
|
|
116
121
|
Dir.glob(@path + "/lib/**/*.rb").sort.each do |f|
|
|
117
122
|
begin
|
|
118
123
|
@processor.process_lib RubyParser.new.parse(File.read(f)), f
|
data/lib/version.rb
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Version = "0.8.
|
|
1
|
+
Version = "0.8.3"
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: brakeman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 57
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 8
|
|
9
|
-
-
|
|
10
|
-
version: 0.8.
|
|
9
|
+
- 3
|
|
10
|
+
version: 0.8.3
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Justin Collins
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-
|
|
18
|
+
date: 2011-10-25 00:00:00 -07:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|
|
@@ -50,9 +50,25 @@ dependencies:
|
|
|
50
50
|
type: :runtime
|
|
51
51
|
version_requirements: *id002
|
|
52
52
|
- !ruby/object:Gem::Dependency
|
|
53
|
-
name:
|
|
53
|
+
name: ruby_parser
|
|
54
54
|
prerelease: false
|
|
55
55
|
requirement: &id003 !ruby/object:Gem::Requirement
|
|
56
|
+
none: false
|
|
57
|
+
requirements:
|
|
58
|
+
- - ">="
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
hash: 3
|
|
61
|
+
segments:
|
|
62
|
+
- 2
|
|
63
|
+
- 3
|
|
64
|
+
- 0
|
|
65
|
+
version: 2.3.0
|
|
66
|
+
type: :runtime
|
|
67
|
+
version_requirements: *id003
|
|
68
|
+
- !ruby/object:Gem::Dependency
|
|
69
|
+
name: ruport
|
|
70
|
+
prerelease: false
|
|
71
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
|
56
72
|
none: false
|
|
57
73
|
requirements:
|
|
58
74
|
- - ~>
|
|
@@ -64,11 +80,11 @@ dependencies:
|
|
|
64
80
|
- 3
|
|
65
81
|
version: 1.6.3
|
|
66
82
|
type: :runtime
|
|
67
|
-
version_requirements: *
|
|
83
|
+
version_requirements: *id004
|
|
68
84
|
- !ruby/object:Gem::Dependency
|
|
69
85
|
name: erubis
|
|
70
86
|
prerelease: false
|
|
71
|
-
requirement: &
|
|
87
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
|
72
88
|
none: false
|
|
73
89
|
requirements:
|
|
74
90
|
- - ~>
|
|
@@ -80,11 +96,11 @@ dependencies:
|
|
|
80
96
|
- 5
|
|
81
97
|
version: 2.6.5
|
|
82
98
|
type: :runtime
|
|
83
|
-
version_requirements: *
|
|
99
|
+
version_requirements: *id005
|
|
84
100
|
- !ruby/object:Gem::Dependency
|
|
85
101
|
name: haml
|
|
86
102
|
prerelease: false
|
|
87
|
-
requirement: &
|
|
103
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
|
88
104
|
none: false
|
|
89
105
|
requirements:
|
|
90
106
|
- - ~>
|
|
@@ -96,7 +112,7 @@ dependencies:
|
|
|
96
112
|
- 12
|
|
97
113
|
version: 3.0.12
|
|
98
114
|
type: :runtime
|
|
99
|
-
version_requirements: *
|
|
115
|
+
version_requirements: *id006
|
|
100
116
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
|
|
101
117
|
email:
|
|
102
118
|
executables:
|