brakeman 2.6.0 → 2.6.1
Sign up to get free protection for your applications and to get access to all the features.
- data.tar.gz.sig +0 -0
- data/CHANGES +6 -0
- data/lib/brakeman/checks/check_sql_cves.rb +12 -0
- data/lib/brakeman/processors/alias_processor.rb +2 -0
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning_codes.rb +6 -3
- metadata +42 -76
- metadata.gz.sig +0 -0
- checksums.yaml +0 -15
- checksums.yaml.gz.sig +0 -0
data.tar.gz.sig
CHANGED
|
Binary file
|
data/CHANGES
CHANGED
|
@@ -48,6 +48,18 @@ class Brakeman::CheckSQLCVEs < Brakeman::BaseCheck
|
|
|
48
48
|
}
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
+
if tracker.config[:gems] and tracker.config[:gems][:pg]
|
|
52
|
+
issues << {
|
|
53
|
+
:cve => "CVE-2014-3482",
|
|
54
|
+
:versions => [%w[2.0.0 2.9.9 3.2.19], %w[3.0.0 3.2.18 3.2.19], %w[4.0.0 4.0.6 4.0.7], %w[4.1.0 4.1.2 4.1.3]],
|
|
55
|
+
:url => "https://groups.google.com/d/msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J"
|
|
56
|
+
} <<
|
|
57
|
+
{
|
|
58
|
+
:cve => "CVE-2014-3483",
|
|
59
|
+
:versions => [%w[2.0.0 2.9.9 3.2.19], %w[3.0.0 3.2.18 3.2.19], %w[4.0.0 4.0.6 4.0.7], %w[4.1.0 4.1.2 4.1.3]],
|
|
60
|
+
:url => "https://groups.google.com/d/msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }
|
|
61
|
+
end
|
|
62
|
+
|
|
51
63
|
issues.each do |cve_issue|
|
|
52
64
|
cve_warning_for cve_issue[:versions], cve_issue[:cve], cve_issue[:url]
|
|
53
65
|
end
|
|
@@ -180,6 +180,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
|
180
180
|
#Force block arg(s) to be local
|
|
181
181
|
if node_type? e, :lasgn
|
|
182
182
|
env.current[Sexp.new(:lvar, e.lhs)] = e.rhs
|
|
183
|
+
elsif node_type? e, :kwarg
|
|
184
|
+
env.current[Sexp.new(:lvar, e[1])] = e[2]
|
|
183
185
|
elsif node_type? e, :masgn
|
|
184
186
|
e[1..-1].each do |var|
|
|
185
187
|
local = Sexp.new(:lvar, var)
|
data/lib/brakeman/version.rb
CHANGED
|
@@ -41,7 +41,7 @@ module Brakeman::WarningCodes
|
|
|
41
41
|
:CVE_2012_2660 => 38,
|
|
42
42
|
:CVE_2012_2661 => 39,
|
|
43
43
|
:CVE_2012_2695 => 40,
|
|
44
|
-
|
|
44
|
+
#:CVE_2012_2931 => 41,
|
|
45
45
|
:CVE_2012_3424 => 42,
|
|
46
46
|
:CVE_2012_3463 => 43,
|
|
47
47
|
:CVE_2012_3464 => 44,
|
|
@@ -65,8 +65,9 @@ module Brakeman::WarningCodes
|
|
|
65
65
|
:detailed_exceptions => 62,
|
|
66
66
|
:CVE_2013_4491 => 63,
|
|
67
67
|
:CVE_2013_6414 => 64,
|
|
68
|
-
|
|
69
|
-
|
|
68
|
+
# Replaced by CVE_2014_0081
|
|
69
|
+
#:CVE_2013_6415 => 65,
|
|
70
|
+
#:CVE_2013_6415_call => 66,
|
|
70
71
|
:CVE_2013_6416 => 67,
|
|
71
72
|
:CVE_2013_6416_call => 68,
|
|
72
73
|
:CVE_2013_6417 => 69,
|
|
@@ -78,6 +79,8 @@ module Brakeman::WarningCodes
|
|
|
78
79
|
:CVE_2014_0082 => 75,
|
|
79
80
|
:regex_dos => 76,
|
|
80
81
|
:CVE_2014_0130 => 77,
|
|
82
|
+
:CVE_2014_3482 => 78,
|
|
83
|
+
:CVE_2014_3483 => 79,
|
|
81
84
|
}
|
|
82
85
|
|
|
83
86
|
def self.code name
|
metadata
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: brakeman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.6.
|
|
4
|
+
version: 2.6.1
|
|
5
|
+
prerelease:
|
|
5
6
|
platform: ruby
|
|
6
7
|
authors:
|
|
7
8
|
- Justin Collins
|
|
@@ -35,95 +36,78 @@ cert_chain:
|
|
|
35
36
|
Q0c3bUZaNnhnaDAxZXFuWlVzTmQ4dk0rNlY2djIzVnUKamsydE1qRlQ0TDFk
|
|
36
37
|
QTNNRXN6MytNUDE0NFBEaFBDaDd0UGU2eXk4MUJPdnlZVFZrS3pyQWtnS3dI
|
|
37
38
|
RDFDdXZzSApiZHc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
|
38
|
-
date: 2014-
|
|
39
|
+
date: 2014-07-02 00:00:00.000000000 Z
|
|
39
40
|
dependencies:
|
|
40
41
|
- !ruby/object:Gem::Dependency
|
|
41
42
|
name: ruby_parser
|
|
42
|
-
requirement: !ruby/object:Gem::Requirement
|
|
43
|
+
requirement: &70322329568880 !ruby/object:Gem::Requirement
|
|
44
|
+
none: false
|
|
43
45
|
requirements:
|
|
44
46
|
- - ~>
|
|
45
47
|
- !ruby/object:Gem::Version
|
|
46
48
|
version: 3.5.0
|
|
47
49
|
type: :runtime
|
|
48
50
|
prerelease: false
|
|
49
|
-
version_requirements:
|
|
50
|
-
requirements:
|
|
51
|
-
- - ~>
|
|
52
|
-
- !ruby/object:Gem::Version
|
|
53
|
-
version: 3.5.0
|
|
51
|
+
version_requirements: *70322329568880
|
|
54
52
|
- !ruby/object:Gem::Dependency
|
|
55
53
|
name: ruby2ruby
|
|
56
|
-
requirement: !ruby/object:Gem::Requirement
|
|
54
|
+
requirement: &70322329568380 !ruby/object:Gem::Requirement
|
|
55
|
+
none: false
|
|
57
56
|
requirements:
|
|
58
57
|
- - ~>
|
|
59
58
|
- !ruby/object:Gem::Version
|
|
60
59
|
version: 2.0.5
|
|
61
60
|
type: :runtime
|
|
62
61
|
prerelease: false
|
|
63
|
-
version_requirements:
|
|
64
|
-
requirements:
|
|
65
|
-
- - ~>
|
|
66
|
-
- !ruby/object:Gem::Version
|
|
67
|
-
version: 2.0.5
|
|
62
|
+
version_requirements: *70322329568380
|
|
68
63
|
- !ruby/object:Gem::Dependency
|
|
69
64
|
name: terminal-table
|
|
70
|
-
requirement: !ruby/object:Gem::Requirement
|
|
65
|
+
requirement: &70322329567880 !ruby/object:Gem::Requirement
|
|
66
|
+
none: false
|
|
71
67
|
requirements:
|
|
72
68
|
- - ~>
|
|
73
69
|
- !ruby/object:Gem::Version
|
|
74
70
|
version: '1.4'
|
|
75
71
|
type: :runtime
|
|
76
72
|
prerelease: false
|
|
77
|
-
version_requirements:
|
|
78
|
-
requirements:
|
|
79
|
-
- - ~>
|
|
80
|
-
- !ruby/object:Gem::Version
|
|
81
|
-
version: '1.4'
|
|
73
|
+
version_requirements: *70322329567880
|
|
82
74
|
- !ruby/object:Gem::Dependency
|
|
83
75
|
name: fastercsv
|
|
84
|
-
requirement: !ruby/object:Gem::Requirement
|
|
76
|
+
requirement: &70322329567300 !ruby/object:Gem::Requirement
|
|
77
|
+
none: false
|
|
85
78
|
requirements:
|
|
86
79
|
- - ~>
|
|
87
80
|
- !ruby/object:Gem::Version
|
|
88
81
|
version: '1.5'
|
|
89
82
|
type: :runtime
|
|
90
83
|
prerelease: false
|
|
91
|
-
version_requirements:
|
|
92
|
-
requirements:
|
|
93
|
-
- - ~>
|
|
94
|
-
- !ruby/object:Gem::Version
|
|
95
|
-
version: '1.5'
|
|
84
|
+
version_requirements: *70322329567300
|
|
96
85
|
- !ruby/object:Gem::Dependency
|
|
97
86
|
name: highline
|
|
98
|
-
requirement: !ruby/object:Gem::Requirement
|
|
87
|
+
requirement: &70322329566800 !ruby/object:Gem::Requirement
|
|
88
|
+
none: false
|
|
99
89
|
requirements:
|
|
100
90
|
- - ~>
|
|
101
91
|
- !ruby/object:Gem::Version
|
|
102
92
|
version: 1.6.20
|
|
103
93
|
type: :runtime
|
|
104
94
|
prerelease: false
|
|
105
|
-
version_requirements:
|
|
106
|
-
requirements:
|
|
107
|
-
- - ~>
|
|
108
|
-
- !ruby/object:Gem::Version
|
|
109
|
-
version: 1.6.20
|
|
95
|
+
version_requirements: *70322329566800
|
|
110
96
|
- !ruby/object:Gem::Dependency
|
|
111
97
|
name: erubis
|
|
112
|
-
requirement: !ruby/object:Gem::Requirement
|
|
98
|
+
requirement: &70322329566300 !ruby/object:Gem::Requirement
|
|
99
|
+
none: false
|
|
113
100
|
requirements:
|
|
114
101
|
- - ~>
|
|
115
102
|
- !ruby/object:Gem::Version
|
|
116
103
|
version: '2.6'
|
|
117
104
|
type: :runtime
|
|
118
105
|
prerelease: false
|
|
119
|
-
version_requirements:
|
|
120
|
-
requirements:
|
|
121
|
-
- - ~>
|
|
122
|
-
- !ruby/object:Gem::Version
|
|
123
|
-
version: '2.6'
|
|
106
|
+
version_requirements: *70322329566300
|
|
124
107
|
- !ruby/object:Gem::Dependency
|
|
125
108
|
name: haml
|
|
126
|
-
requirement: !ruby/object:Gem::Requirement
|
|
109
|
+
requirement: &70322329565820 !ruby/object:Gem::Requirement
|
|
110
|
+
none: false
|
|
127
111
|
requirements:
|
|
128
112
|
- - ! '>='
|
|
129
113
|
- !ruby/object:Gem::Version
|
|
@@ -133,31 +117,22 @@ dependencies:
|
|
|
133
117
|
version: '5.0'
|
|
134
118
|
type: :runtime
|
|
135
119
|
prerelease: false
|
|
136
|
-
version_requirements:
|
|
137
|
-
requirements:
|
|
138
|
-
- - ! '>='
|
|
139
|
-
- !ruby/object:Gem::Version
|
|
140
|
-
version: '3.0'
|
|
141
|
-
- - <
|
|
142
|
-
- !ruby/object:Gem::Version
|
|
143
|
-
version: '5.0'
|
|
120
|
+
version_requirements: *70322329565820
|
|
144
121
|
- !ruby/object:Gem::Dependency
|
|
145
122
|
name: sass
|
|
146
|
-
requirement: !ruby/object:Gem::Requirement
|
|
123
|
+
requirement: &70322329565100 !ruby/object:Gem::Requirement
|
|
124
|
+
none: false
|
|
147
125
|
requirements:
|
|
148
126
|
- - ~>
|
|
149
127
|
- !ruby/object:Gem::Version
|
|
150
128
|
version: '3.0'
|
|
151
129
|
type: :runtime
|
|
152
130
|
prerelease: false
|
|
153
|
-
version_requirements:
|
|
154
|
-
requirements:
|
|
155
|
-
- - ~>
|
|
156
|
-
- !ruby/object:Gem::Version
|
|
157
|
-
version: '3.0'
|
|
131
|
+
version_requirements: *70322329565100
|
|
158
132
|
- !ruby/object:Gem::Dependency
|
|
159
133
|
name: slim
|
|
160
|
-
requirement: !ruby/object:Gem::Requirement
|
|
134
|
+
requirement: &70322329564620 !ruby/object:Gem::Requirement
|
|
135
|
+
none: false
|
|
161
136
|
requirements:
|
|
162
137
|
- - ! '>='
|
|
163
138
|
- !ruby/object:Gem::Version
|
|
@@ -167,28 +142,18 @@ dependencies:
|
|
|
167
142
|
version: '3.0'
|
|
168
143
|
type: :runtime
|
|
169
144
|
prerelease: false
|
|
170
|
-
version_requirements:
|
|
171
|
-
requirements:
|
|
172
|
-
- - ! '>='
|
|
173
|
-
- !ruby/object:Gem::Version
|
|
174
|
-
version: 1.3.6
|
|
175
|
-
- - <
|
|
176
|
-
- !ruby/object:Gem::Version
|
|
177
|
-
version: '3.0'
|
|
145
|
+
version_requirements: *70322329564620
|
|
178
146
|
- !ruby/object:Gem::Dependency
|
|
179
147
|
name: multi_json
|
|
180
|
-
requirement: !ruby/object:Gem::Requirement
|
|
148
|
+
requirement: &70322329580140 !ruby/object:Gem::Requirement
|
|
149
|
+
none: false
|
|
181
150
|
requirements:
|
|
182
151
|
- - ~>
|
|
183
152
|
- !ruby/object:Gem::Version
|
|
184
153
|
version: '1.2'
|
|
185
154
|
type: :runtime
|
|
186
155
|
prerelease: false
|
|
187
|
-
version_requirements:
|
|
188
|
-
requirements:
|
|
189
|
-
- - ~>
|
|
190
|
-
- !ruby/object:Gem::Version
|
|
191
|
-
version: '1.2'
|
|
156
|
+
version_requirements: *70322329580140
|
|
192
157
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
|
193
158
|
via static analysis.
|
|
194
159
|
email: gem@brakeman.org
|
|
@@ -197,16 +162,14 @@ executables:
|
|
|
197
162
|
extensions: []
|
|
198
163
|
extra_rdoc_files: []
|
|
199
164
|
files:
|
|
165
|
+
- bin/brakeman
|
|
200
166
|
- CHANGES
|
|
167
|
+
- WARNING_TYPES
|
|
201
168
|
- FEATURES
|
|
202
169
|
- README.md
|
|
203
|
-
- WARNING_TYPES
|
|
204
|
-
- bin/brakeman
|
|
205
|
-
- lib/brakeman.rb
|
|
206
170
|
- lib/brakeman/app_tree.rb
|
|
207
171
|
- lib/brakeman/brakeman.rake
|
|
208
172
|
- lib/brakeman/call_index.rb
|
|
209
|
-
- lib/brakeman/checks.rb
|
|
210
173
|
- lib/brakeman/checks/base_check.rb
|
|
211
174
|
- lib/brakeman/checks/check_basic_auth.rb
|
|
212
175
|
- lib/brakeman/checks/check_content_tag.rb
|
|
@@ -260,6 +223,7 @@ files:
|
|
|
260
223
|
- lib/brakeman/checks/check_validation_regex.rb
|
|
261
224
|
- lib/brakeman/checks/check_without_protection.rb
|
|
262
225
|
- lib/brakeman/checks/check_yaml_parsing.rb
|
|
226
|
+
- lib/brakeman/checks.rb
|
|
263
227
|
- lib/brakeman/differ.rb
|
|
264
228
|
- lib/brakeman/file_parser.rb
|
|
265
229
|
- lib/brakeman/format/style.css
|
|
@@ -295,7 +259,6 @@ files:
|
|
|
295
259
|
- lib/brakeman/processors/slim_template_processor.rb
|
|
296
260
|
- lib/brakeman/processors/template_alias_processor.rb
|
|
297
261
|
- lib/brakeman/processors/template_processor.rb
|
|
298
|
-
- lib/brakeman/report.rb
|
|
299
262
|
- lib/brakeman/report/ignore/config.rb
|
|
300
263
|
- lib/brakeman/report/ignore/interactive.rb
|
|
301
264
|
- lib/brakeman/report/initializers/faster_csv.rb
|
|
@@ -320,6 +283,7 @@ files:
|
|
|
320
283
|
- lib/brakeman/report/templates/template_overview.html.erb
|
|
321
284
|
- lib/brakeman/report/templates/view_warnings.html.erb
|
|
322
285
|
- lib/brakeman/report/templates/warning_overview.html.erb
|
|
286
|
+
- lib/brakeman/report.rb
|
|
323
287
|
- lib/brakeman/rescanner.rb
|
|
324
288
|
- lib/brakeman/scanner.rb
|
|
325
289
|
- lib/brakeman/tracker.rb
|
|
@@ -327,30 +291,32 @@ files:
|
|
|
327
291
|
- lib/brakeman/version.rb
|
|
328
292
|
- lib/brakeman/warning.rb
|
|
329
293
|
- lib/brakeman/warning_codes.rb
|
|
294
|
+
- lib/brakeman.rb
|
|
330
295
|
- lib/ruby_parser/bm_sexp.rb
|
|
331
296
|
- lib/ruby_parser/bm_sexp_processor.rb
|
|
332
297
|
homepage: http://brakemanscanner.org
|
|
333
298
|
licenses:
|
|
334
299
|
- MIT
|
|
335
|
-
metadata: {}
|
|
336
300
|
post_install_message:
|
|
337
301
|
rdoc_options: []
|
|
338
302
|
require_paths:
|
|
339
303
|
- lib
|
|
340
304
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
305
|
+
none: false
|
|
341
306
|
requirements:
|
|
342
307
|
- - ! '>='
|
|
343
308
|
- !ruby/object:Gem::Version
|
|
344
309
|
version: '0'
|
|
345
310
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
311
|
+
none: false
|
|
346
312
|
requirements:
|
|
347
313
|
- - ! '>='
|
|
348
314
|
- !ruby/object:Gem::Version
|
|
349
315
|
version: '0'
|
|
350
316
|
requirements: []
|
|
351
317
|
rubyforge_project:
|
|
352
|
-
rubygems_version:
|
|
318
|
+
rubygems_version: 1.8.9
|
|
353
319
|
signing_key:
|
|
354
|
-
specification_version:
|
|
320
|
+
specification_version: 3
|
|
355
321
|
summary: Security vulnerability scanner for Ruby on Rails.
|
|
356
322
|
test_files: []
|
metadata.gz.sig
CHANGED
|
Binary file
|
checksums.yaml
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
!binary "U0hBMQ==":
|
|
3
|
-
metadata.gz: !binary |-
|
|
4
|
-
MTMyMjhjZTg2NjUzNjM4Zjg4MjkxMDY3YjljM2RlMzYxNDE1MTcwMg==
|
|
5
|
-
data.tar.gz: !binary |-
|
|
6
|
-
ODU3OTE0NjFjODgzZWRlODMyZDViZTQwNjUzYTQ0MzNhZjEzNjMyYQ==
|
|
7
|
-
SHA512:
|
|
8
|
-
metadata.gz: !binary |-
|
|
9
|
-
YTAzY2FlZWRiZTYwODMwZmQ5YmQ2YTI3M2VjMmJjMTM3Y2YxNDM5NDU3MDYw
|
|
10
|
-
ODJlMGNiYWM0ZDExYzU3NjI1NzY4ZWE2ZDg1MTQ2NzBiYTJkM2E4YzMwNWUw
|
|
11
|
-
OGVhYjU5ZDk0MzY4Njk2MzhmYzk0NGQ1YWEzNWFmMzUzMGY5MzA=
|
|
12
|
-
data.tar.gz: !binary |-
|
|
13
|
-
YmVmZTkxZTQxZDNmODJkNGMyYmE2NDdkNDI1Yjk1NmRlNjlhZGRmYjgzZjY0
|
|
14
|
-
NGVhZDYwZGM1MWQ5MGYxMDQ4MWNmNWIxOTkwMDgxNWI3YTIzYjQ0OTQ3ODZk
|
|
15
|
-
MmU2ZTI5YWE3YjQ2OTczMTg3M2NiZWUxYjIxMjhiZWM4NjhhMWY=
|
checksums.yaml.gz.sig
DELETED
|
Binary file
|