brakeman 2.0.0.pre2 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA512:
|
3
|
-
|
4
|
-
|
3
|
+
metadata.gz: 95e0a31af1fc7aa297e1f155cb6218de1fe20d7d9eddcaf786eda7ef1f933bf7c70381abb4db3062a04c74929be0e852056c1b227b304fe72727a8493b57c501
|
4
|
+
data.tar.gz: d12356b9a94db23b53e3e554818a2dc3e6f04e64caa8b6d8764c93c20da885166f4f2e580e7291c76c4da2225d8c5d8bcbb85d17c6345dea5f73fbddc6229423
|
5
5
|
SHA1:
|
6
|
-
|
7
|
-
|
6
|
+
metadata.gz: 1e770b74ee4544b1b2187fd7db6e828769db0e97
|
7
|
+
data.tar.gz: 621f6b0a236d44ac7828d32b64bd46d56effae2f
|
data/CHANGES
CHANGED
@@ -8,6 +8,8 @@
|
|
8
8
|
* Medium confidence for mass assignment to attr_protected models
|
9
9
|
* Remove "timestamp" key from JSON reports
|
10
10
|
* Remove deprecated config file locations
|
11
|
+
* Relative paths are used by default in JSON reports
|
12
|
+
* `--absolute-paths` replaces `--relative-paths`
|
11
13
|
* Only treat classes with names containing `Controller` like controllers
|
12
14
|
* Better handling of classes nested inside controllers
|
13
15
|
* Better handling of controller classes nested in classes/modules
|
@@ -24,6 +26,7 @@
|
|
24
26
|
* Fix model path guesses to use "models/" instead of "controllers/"
|
25
27
|
* Clean up SQL CVE warning messages
|
26
28
|
* Use exceptions instead of abort in brakeman lib
|
29
|
+
* Update to Ruby2Ruby 2.0.5
|
27
30
|
|
28
31
|
# 1.9.5
|
29
32
|
|
@@ -77,13 +77,12 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
|
|
77
77
|
end
|
78
78
|
|
79
79
|
tracker.each_template do |name, template|
|
80
|
+
Brakeman.debug "Checking #{name} for XSS"
|
81
|
+
|
80
82
|
@current_template = template
|
81
|
-
template[:outputs].each do |out|
|
82
|
-
Brakeman.debug "Checking #{name} for direct XSS"
|
83
83
|
|
84
|
+
template[:outputs].each do |out|
|
84
85
|
unless check_for_immediate_xss out
|
85
|
-
Brakeman.debug "Checking #{name} for indirect XSS"
|
86
|
-
|
87
86
|
@matched = false
|
88
87
|
@mark = false
|
89
88
|
process out
|
@@ -74,6 +74,8 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
|
|
74
74
|
def process_methdef exp
|
75
75
|
meth_name = exp.method_name
|
76
76
|
|
77
|
+
Brakeman.debug "Processing #{@current_class}##{meth_name}"
|
78
|
+
|
77
79
|
#Skip if instructed to only process a specific method
|
78
80
|
#(but don't skip if this method was called from elsewhere)
|
79
81
|
return exp if @current_method.nil? and @only_method and @only_method != meth_name
|
data/lib/brakeman/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: brakeman
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.0
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Collins
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2013-05-
|
12
|
+
date: 2013-05-20 00:00:00 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: ruby_parser
|
@@ -232,7 +232,6 @@ files:
|
|
232
232
|
- lib/ruby_parser/bm_sexp.rb
|
233
233
|
- lib/ruby_parser/bm_sexp_processor.rb
|
234
234
|
- lib/brakeman.rb
|
235
|
-
- lib/tasks/brakeman.rake
|
236
235
|
homepage: http://brakemanscanner.org
|
237
236
|
licenses:
|
238
237
|
- MIT
|
@@ -245,14 +244,13 @@ require_paths:
|
|
245
244
|
- lib
|
246
245
|
required_ruby_version: !ruby/object:Gem::Requirement
|
247
246
|
requirements:
|
248
|
-
-
|
247
|
+
- &id011
|
248
|
+
- ">="
|
249
249
|
- !ruby/object:Gem::Version
|
250
250
|
version: "0"
|
251
251
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
252
252
|
requirements:
|
253
|
-
-
|
254
|
-
- !ruby/object:Gem::Version
|
255
|
-
version: 1.3.1
|
253
|
+
- *id011
|
256
254
|
requirements: []
|
257
255
|
|
258
256
|
rubyforge_project:
|
data/lib/tasks/brakeman.rake
DELETED
@@ -1,10 +0,0 @@
|
|
1
|
-
namespace :brakeman do
|
2
|
-
|
3
|
-
desc "Run Brakeman"
|
4
|
-
task :run, :output_files do |t, args|
|
5
|
-
require 'brakeman'
|
6
|
-
|
7
|
-
files = args[:output_files].split(' ') if args[:output_files]
|
8
|
-
Brakeman.run :app_path => ".", :output_files => files, :print_report => true
|
9
|
-
end
|
10
|
-
end
|