brakeman 2.6.0 → 2.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data.tar.gz.sig +0 -0
- data/CHANGES +6 -0
- data/lib/brakeman/checks/check_sql_cves.rb +12 -0
- data/lib/brakeman/processors/alias_processor.rb +2 -0
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning_codes.rb +6 -3
- metadata +42 -76
- metadata.gz.sig +0 -0
- checksums.yaml +0 -15
- checksums.yaml.gz.sig +0 -0
data.tar.gz.sig
CHANGED
|
Binary file
|
data/CHANGES
CHANGED
|
@@ -48,6 +48,18 @@ class Brakeman::CheckSQLCVEs < Brakeman::BaseCheck
|
|
|
48
48
|
}
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
+
if tracker.config[:gems] and tracker.config[:gems][:pg]
|
|
52
|
+
issues << {
|
|
53
|
+
:cve => "CVE-2014-3482",
|
|
54
|
+
:versions => [%w[2.0.0 2.9.9 3.2.19], %w[3.0.0 3.2.18 3.2.19], %w[4.0.0 4.0.6 4.0.7], %w[4.1.0 4.1.2 4.1.3]],
|
|
55
|
+
:url => "https://groups.google.com/d/msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J"
|
|
56
|
+
} <<
|
|
57
|
+
{
|
|
58
|
+
:cve => "CVE-2014-3483",
|
|
59
|
+
:versions => [%w[2.0.0 2.9.9 3.2.19], %w[3.0.0 3.2.18 3.2.19], %w[4.0.0 4.0.6 4.0.7], %w[4.1.0 4.1.2 4.1.3]],
|
|
60
|
+
:url => "https://groups.google.com/d/msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }
|
|
61
|
+
end
|
|
62
|
+
|
|
51
63
|
issues.each do |cve_issue|
|
|
52
64
|
cve_warning_for cve_issue[:versions], cve_issue[:cve], cve_issue[:url]
|
|
53
65
|
end
|
|
@@ -180,6 +180,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
|
180
180
|
#Force block arg(s) to be local
|
|
181
181
|
if node_type? e, :lasgn
|
|
182
182
|
env.current[Sexp.new(:lvar, e.lhs)] = e.rhs
|
|
183
|
+
elsif node_type? e, :kwarg
|
|
184
|
+
env.current[Sexp.new(:lvar, e[1])] = e[2]
|
|
183
185
|
elsif node_type? e, :masgn
|
|
184
186
|
e[1..-1].each do |var|
|
|
185
187
|
local = Sexp.new(:lvar, var)
|
data/lib/brakeman/version.rb
CHANGED
|
@@ -41,7 +41,7 @@ module Brakeman::WarningCodes
|
|
|
41
41
|
:CVE_2012_2660 => 38,
|
|
42
42
|
:CVE_2012_2661 => 39,
|
|
43
43
|
:CVE_2012_2695 => 40,
|
|
44
|
-
|
|
44
|
+
#:CVE_2012_2931 => 41,
|
|
45
45
|
:CVE_2012_3424 => 42,
|
|
46
46
|
:CVE_2012_3463 => 43,
|
|
47
47
|
:CVE_2012_3464 => 44,
|
|
@@ -65,8 +65,9 @@ module Brakeman::WarningCodes
|
|
|
65
65
|
:detailed_exceptions => 62,
|
|
66
66
|
:CVE_2013_4491 => 63,
|
|
67
67
|
:CVE_2013_6414 => 64,
|
|
68
|
-
|
|
69
|
-
|
|
68
|
+
# Replaced by CVE_2014_0081
|
|
69
|
+
#:CVE_2013_6415 => 65,
|
|
70
|
+
#:CVE_2013_6415_call => 66,
|
|
70
71
|
:CVE_2013_6416 => 67,
|
|
71
72
|
:CVE_2013_6416_call => 68,
|
|
72
73
|
:CVE_2013_6417 => 69,
|
|
@@ -78,6 +79,8 @@ module Brakeman::WarningCodes
|
|
|
78
79
|
:CVE_2014_0082 => 75,
|
|
79
80
|
:regex_dos => 76,
|
|
80
81
|
:CVE_2014_0130 => 77,
|
|
82
|
+
:CVE_2014_3482 => 78,
|
|
83
|
+
:CVE_2014_3483 => 79,
|
|
81
84
|
}
|
|
82
85
|
|
|
83
86
|
def self.code name
|
metadata
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: brakeman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.6.
|
|
4
|
+
version: 2.6.1
|
|
5
|
+
prerelease:
|
|
5
6
|
platform: ruby
|
|
6
7
|
authors:
|
|
7
8
|
- Justin Collins
|
|
@@ -35,95 +36,78 @@ cert_chain:
|
|
|
35
36
|
Q0c3bUZaNnhnaDAxZXFuWlVzTmQ4dk0rNlY2djIzVnUKamsydE1qRlQ0TDFk
|
|
36
37
|
QTNNRXN6MytNUDE0NFBEaFBDaDd0UGU2eXk4MUJPdnlZVFZrS3pyQWtnS3dI
|
|
37
38
|
RDFDdXZzSApiZHc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
|
38
|
-
date: 2014-
|
|
39
|
+
date: 2014-07-02 00:00:00.000000000 Z
|
|
39
40
|
dependencies:
|
|
40
41
|
- !ruby/object:Gem::Dependency
|
|
41
42
|
name: ruby_parser
|
|
42
|
-
requirement: !ruby/object:Gem::Requirement
|
|
43
|
+
requirement: &70322329568880 !ruby/object:Gem::Requirement
|
|
44
|
+
none: false
|
|
43
45
|
requirements:
|
|
44
46
|
- - ~>
|
|
45
47
|
- !ruby/object:Gem::Version
|
|
46
48
|
version: 3.5.0
|
|
47
49
|
type: :runtime
|
|
48
50
|
prerelease: false
|
|
49
|
-
version_requirements:
|
|
50
|
-
requirements:
|
|
51
|
-
- - ~>
|
|
52
|
-
- !ruby/object:Gem::Version
|
|
53
|
-
version: 3.5.0
|
|
51
|
+
version_requirements: *70322329568880
|
|
54
52
|
- !ruby/object:Gem::Dependency
|
|
55
53
|
name: ruby2ruby
|
|
56
|
-
requirement: !ruby/object:Gem::Requirement
|
|
54
|
+
requirement: &70322329568380 !ruby/object:Gem::Requirement
|
|
55
|
+
none: false
|
|
57
56
|
requirements:
|
|
58
57
|
- - ~>
|
|
59
58
|
- !ruby/object:Gem::Version
|
|
60
59
|
version: 2.0.5
|
|
61
60
|
type: :runtime
|
|
62
61
|
prerelease: false
|
|
63
|
-
version_requirements:
|
|
64
|
-
requirements:
|
|
65
|
-
- - ~>
|
|
66
|
-
- !ruby/object:Gem::Version
|
|
67
|
-
version: 2.0.5
|
|
62
|
+
version_requirements: *70322329568380
|
|
68
63
|
- !ruby/object:Gem::Dependency
|
|
69
64
|
name: terminal-table
|
|
70
|
-
requirement: !ruby/object:Gem::Requirement
|
|
65
|
+
requirement: &70322329567880 !ruby/object:Gem::Requirement
|
|
66
|
+
none: false
|
|
71
67
|
requirements:
|
|
72
68
|
- - ~>
|
|
73
69
|
- !ruby/object:Gem::Version
|
|
74
70
|
version: '1.4'
|
|
75
71
|
type: :runtime
|
|
76
72
|
prerelease: false
|
|
77
|
-
version_requirements:
|
|
78
|
-
requirements:
|
|
79
|
-
- - ~>
|
|
80
|
-
- !ruby/object:Gem::Version
|
|
81
|
-
version: '1.4'
|
|
73
|
+
version_requirements: *70322329567880
|
|
82
74
|
- !ruby/object:Gem::Dependency
|
|
83
75
|
name: fastercsv
|
|
84
|
-
requirement: !ruby/object:Gem::Requirement
|
|
76
|
+
requirement: &70322329567300 !ruby/object:Gem::Requirement
|
|
77
|
+
none: false
|
|
85
78
|
requirements:
|
|
86
79
|
- - ~>
|
|
87
80
|
- !ruby/object:Gem::Version
|
|
88
81
|
version: '1.5'
|
|
89
82
|
type: :runtime
|
|
90
83
|
prerelease: false
|
|
91
|
-
version_requirements:
|
|
92
|
-
requirements:
|
|
93
|
-
- - ~>
|
|
94
|
-
- !ruby/object:Gem::Version
|
|
95
|
-
version: '1.5'
|
|
84
|
+
version_requirements: *70322329567300
|
|
96
85
|
- !ruby/object:Gem::Dependency
|
|
97
86
|
name: highline
|
|
98
|
-
requirement: !ruby/object:Gem::Requirement
|
|
87
|
+
requirement: &70322329566800 !ruby/object:Gem::Requirement
|
|
88
|
+
none: false
|
|
99
89
|
requirements:
|
|
100
90
|
- - ~>
|
|
101
91
|
- !ruby/object:Gem::Version
|
|
102
92
|
version: 1.6.20
|
|
103
93
|
type: :runtime
|
|
104
94
|
prerelease: false
|
|
105
|
-
version_requirements:
|
|
106
|
-
requirements:
|
|
107
|
-
- - ~>
|
|
108
|
-
- !ruby/object:Gem::Version
|
|
109
|
-
version: 1.6.20
|
|
95
|
+
version_requirements: *70322329566800
|
|
110
96
|
- !ruby/object:Gem::Dependency
|
|
111
97
|
name: erubis
|
|
112
|
-
requirement: !ruby/object:Gem::Requirement
|
|
98
|
+
requirement: &70322329566300 !ruby/object:Gem::Requirement
|
|
99
|
+
none: false
|
|
113
100
|
requirements:
|
|
114
101
|
- - ~>
|
|
115
102
|
- !ruby/object:Gem::Version
|
|
116
103
|
version: '2.6'
|
|
117
104
|
type: :runtime
|
|
118
105
|
prerelease: false
|
|
119
|
-
version_requirements:
|
|
120
|
-
requirements:
|
|
121
|
-
- - ~>
|
|
122
|
-
- !ruby/object:Gem::Version
|
|
123
|
-
version: '2.6'
|
|
106
|
+
version_requirements: *70322329566300
|
|
124
107
|
- !ruby/object:Gem::Dependency
|
|
125
108
|
name: haml
|
|
126
|
-
requirement: !ruby/object:Gem::Requirement
|
|
109
|
+
requirement: &70322329565820 !ruby/object:Gem::Requirement
|
|
110
|
+
none: false
|
|
127
111
|
requirements:
|
|
128
112
|
- - ! '>='
|
|
129
113
|
- !ruby/object:Gem::Version
|
|
@@ -133,31 +117,22 @@ dependencies:
|
|
|
133
117
|
version: '5.0'
|
|
134
118
|
type: :runtime
|
|
135
119
|
prerelease: false
|
|
136
|
-
version_requirements:
|
|
137
|
-
requirements:
|
|
138
|
-
- - ! '>='
|
|
139
|
-
- !ruby/object:Gem::Version
|
|
140
|
-
version: '3.0'
|
|
141
|
-
- - <
|
|
142
|
-
- !ruby/object:Gem::Version
|
|
143
|
-
version: '5.0'
|
|
120
|
+
version_requirements: *70322329565820
|
|
144
121
|
- !ruby/object:Gem::Dependency
|
|
145
122
|
name: sass
|
|
146
|
-
requirement: !ruby/object:Gem::Requirement
|
|
123
|
+
requirement: &70322329565100 !ruby/object:Gem::Requirement
|
|
124
|
+
none: false
|
|
147
125
|
requirements:
|
|
148
126
|
- - ~>
|
|
149
127
|
- !ruby/object:Gem::Version
|
|
150
128
|
version: '3.0'
|
|
151
129
|
type: :runtime
|
|
152
130
|
prerelease: false
|
|
153
|
-
version_requirements:
|
|
154
|
-
requirements:
|
|
155
|
-
- - ~>
|
|
156
|
-
- !ruby/object:Gem::Version
|
|
157
|
-
version: '3.0'
|
|
131
|
+
version_requirements: *70322329565100
|
|
158
132
|
- !ruby/object:Gem::Dependency
|
|
159
133
|
name: slim
|
|
160
|
-
requirement: !ruby/object:Gem::Requirement
|
|
134
|
+
requirement: &70322329564620 !ruby/object:Gem::Requirement
|
|
135
|
+
none: false
|
|
161
136
|
requirements:
|
|
162
137
|
- - ! '>='
|
|
163
138
|
- !ruby/object:Gem::Version
|
|
@@ -167,28 +142,18 @@ dependencies:
|
|
|
167
142
|
version: '3.0'
|
|
168
143
|
type: :runtime
|
|
169
144
|
prerelease: false
|
|
170
|
-
version_requirements:
|
|
171
|
-
requirements:
|
|
172
|
-
- - ! '>='
|
|
173
|
-
- !ruby/object:Gem::Version
|
|
174
|
-
version: 1.3.6
|
|
175
|
-
- - <
|
|
176
|
-
- !ruby/object:Gem::Version
|
|
177
|
-
version: '3.0'
|
|
145
|
+
version_requirements: *70322329564620
|
|
178
146
|
- !ruby/object:Gem::Dependency
|
|
179
147
|
name: multi_json
|
|
180
|
-
requirement: !ruby/object:Gem::Requirement
|
|
148
|
+
requirement: &70322329580140 !ruby/object:Gem::Requirement
|
|
149
|
+
none: false
|
|
181
150
|
requirements:
|
|
182
151
|
- - ~>
|
|
183
152
|
- !ruby/object:Gem::Version
|
|
184
153
|
version: '1.2'
|
|
185
154
|
type: :runtime
|
|
186
155
|
prerelease: false
|
|
187
|
-
version_requirements:
|
|
188
|
-
requirements:
|
|
189
|
-
- - ~>
|
|
190
|
-
- !ruby/object:Gem::Version
|
|
191
|
-
version: '1.2'
|
|
156
|
+
version_requirements: *70322329580140
|
|
192
157
|
description: Brakeman detects security vulnerabilities in Ruby on Rails applications
|
|
193
158
|
via static analysis.
|
|
194
159
|
email: gem@brakeman.org
|
|
@@ -197,16 +162,14 @@ executables:
|
|
|
197
162
|
extensions: []
|
|
198
163
|
extra_rdoc_files: []
|
|
199
164
|
files:
|
|
165
|
+
- bin/brakeman
|
|
200
166
|
- CHANGES
|
|
167
|
+
- WARNING_TYPES
|
|
201
168
|
- FEATURES
|
|
202
169
|
- README.md
|
|
203
|
-
- WARNING_TYPES
|
|
204
|
-
- bin/brakeman
|
|
205
|
-
- lib/brakeman.rb
|
|
206
170
|
- lib/brakeman/app_tree.rb
|
|
207
171
|
- lib/brakeman/brakeman.rake
|
|
208
172
|
- lib/brakeman/call_index.rb
|
|
209
|
-
- lib/brakeman/checks.rb
|
|
210
173
|
- lib/brakeman/checks/base_check.rb
|
|
211
174
|
- lib/brakeman/checks/check_basic_auth.rb
|
|
212
175
|
- lib/brakeman/checks/check_content_tag.rb
|
|
@@ -260,6 +223,7 @@ files:
|
|
|
260
223
|
- lib/brakeman/checks/check_validation_regex.rb
|
|
261
224
|
- lib/brakeman/checks/check_without_protection.rb
|
|
262
225
|
- lib/brakeman/checks/check_yaml_parsing.rb
|
|
226
|
+
- lib/brakeman/checks.rb
|
|
263
227
|
- lib/brakeman/differ.rb
|
|
264
228
|
- lib/brakeman/file_parser.rb
|
|
265
229
|
- lib/brakeman/format/style.css
|
|
@@ -295,7 +259,6 @@ files:
|
|
|
295
259
|
- lib/brakeman/processors/slim_template_processor.rb
|
|
296
260
|
- lib/brakeman/processors/template_alias_processor.rb
|
|
297
261
|
- lib/brakeman/processors/template_processor.rb
|
|
298
|
-
- lib/brakeman/report.rb
|
|
299
262
|
- lib/brakeman/report/ignore/config.rb
|
|
300
263
|
- lib/brakeman/report/ignore/interactive.rb
|
|
301
264
|
- lib/brakeman/report/initializers/faster_csv.rb
|
|
@@ -320,6 +283,7 @@ files:
|
|
|
320
283
|
- lib/brakeman/report/templates/template_overview.html.erb
|
|
321
284
|
- lib/brakeman/report/templates/view_warnings.html.erb
|
|
322
285
|
- lib/brakeman/report/templates/warning_overview.html.erb
|
|
286
|
+
- lib/brakeman/report.rb
|
|
323
287
|
- lib/brakeman/rescanner.rb
|
|
324
288
|
- lib/brakeman/scanner.rb
|
|
325
289
|
- lib/brakeman/tracker.rb
|
|
@@ -327,30 +291,32 @@ files:
|
|
|
327
291
|
- lib/brakeman/version.rb
|
|
328
292
|
- lib/brakeman/warning.rb
|
|
329
293
|
- lib/brakeman/warning_codes.rb
|
|
294
|
+
- lib/brakeman.rb
|
|
330
295
|
- lib/ruby_parser/bm_sexp.rb
|
|
331
296
|
- lib/ruby_parser/bm_sexp_processor.rb
|
|
332
297
|
homepage: http://brakemanscanner.org
|
|
333
298
|
licenses:
|
|
334
299
|
- MIT
|
|
335
|
-
metadata: {}
|
|
336
300
|
post_install_message:
|
|
337
301
|
rdoc_options: []
|
|
338
302
|
require_paths:
|
|
339
303
|
- lib
|
|
340
304
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
305
|
+
none: false
|
|
341
306
|
requirements:
|
|
342
307
|
- - ! '>='
|
|
343
308
|
- !ruby/object:Gem::Version
|
|
344
309
|
version: '0'
|
|
345
310
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
311
|
+
none: false
|
|
346
312
|
requirements:
|
|
347
313
|
- - ! '>='
|
|
348
314
|
- !ruby/object:Gem::Version
|
|
349
315
|
version: '0'
|
|
350
316
|
requirements: []
|
|
351
317
|
rubyforge_project:
|
|
352
|
-
rubygems_version:
|
|
318
|
+
rubygems_version: 1.8.9
|
|
353
319
|
signing_key:
|
|
354
|
-
specification_version:
|
|
320
|
+
specification_version: 3
|
|
355
321
|
summary: Security vulnerability scanner for Ruby on Rails.
|
|
356
322
|
test_files: []
|
metadata.gz.sig
CHANGED
|
Binary file
|
checksums.yaml
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
!binary "U0hBMQ==":
|
|
3
|
-
metadata.gz: !binary |-
|
|
4
|
-
MTMyMjhjZTg2NjUzNjM4Zjg4MjkxMDY3YjljM2RlMzYxNDE1MTcwMg==
|
|
5
|
-
data.tar.gz: !binary |-
|
|
6
|
-
ODU3OTE0NjFjODgzZWRlODMyZDViZTQwNjUzYTQ0MzNhZjEzNjMyYQ==
|
|
7
|
-
SHA512:
|
|
8
|
-
metadata.gz: !binary |-
|
|
9
|
-
YTAzY2FlZWRiZTYwODMwZmQ5YmQ2YTI3M2VjMmJjMTM3Y2YxNDM5NDU3MDYw
|
|
10
|
-
ODJlMGNiYWM0ZDExYzU3NjI1NzY4ZWE2ZDg1MTQ2NzBiYTJkM2E4YzMwNWUw
|
|
11
|
-
OGVhYjU5ZDk0MzY4Njk2MzhmYzk0NGQ1YWEzNWFmMzUzMGY5MzA=
|
|
12
|
-
data.tar.gz: !binary |-
|
|
13
|
-
YmVmZTkxZTQxZDNmODJkNGMyYmE2NDdkNDI1Yjk1NmRlNjlhZGRmYjgzZjY0
|
|
14
|
-
NGVhZDYwZGM1MWQ5MGYxMDQ4MWNmNWIxOTkwMDgxNWI3YTIzYjQ0OTQ3ODZk
|
|
15
|
-
MmU2ZTI5YWE3YjQ2OTczMTg3M2NiZWUxYjIxMjhiZWM4NjhhMWY=
|
checksums.yaml.gz.sig
DELETED
|
Binary file
|