brakeman 3.0.0 → 3.0.1

data/CHANGES

@@ -1,3 +1,12 @@
+# 3.0.1
+
+* Avoid protect_from_forgery warning unless ApplicationController inherits from ActionController::Base
+* Properly format command interpolation (again)
+* Remove Slim dependency (Casey West)
+* Allow for controllers/models/templates in directories under `app/` (Neal Harris)
+* Add `--add-libs-path` for additional libraries (Patrick Toomey)
+* Properly process libraries (Patrick Toomey)
+
 # 3.0.0
 
 * Add check for CVE-2014-7829

data/README.md

@@ -40,6 +40,15 @@ From source:
     gem build brakeman.gemspec
     gem install brakeman*.gem
 
+## For Slim Users
+
+[Slim v3.0.0](https://github.com/slim-template/slim/blob/master/CHANGES#L12) dropped support for Ruby 1.8.7. Install a version of [`slim`](http://slim-lang.com/) compatible with your Ruby.
+
+| Ruby Version |       `Gemfile`       |              Command Line              |
+|--------------|-----------------------|----------------------------------------|
+| Ruby 1.8.7   | `gem 'slim', '< 3.0'` | `$ gem install slim --version '< 3.0'` |
+| Ruby 1.9+    | `gem 'slim'`          | `$ gem install slim`                   |
+
 # Usage
 
     brakeman [app_path]

data/lib/brakeman.rb

@@ -17,6 +17,8 @@ module Brakeman
   #Options:
   #
   #  * :app_path - path to root of Rails app (required)
+  #  * :additional_checks_path - array of additional directories containing additional out-of-tree checks to run
+  #  * :additional_libs_path - array of additional application relative lib directories (ex. app/mailers) to process
   #  * :assume_all_routes - assume all methods are routes (default: true)
   #  * :check_arguments - check arguments of methods (default: true)
   #  * :collapse_mass_assignment - report unprotected models in single warning (default: false)
@@ -420,7 +422,7 @@ module Brakeman
       require name
     rescue LoadError => e
       $stderr.puts e.message
-      $stderr.puts "Please install the appropriate dependency."
+      $stderr.puts "Please install the appropriate dependency: #{name}."
       exit! -1
     end
   end

data/lib/brakeman/app_tree.rb

@@ -15,6 +15,7 @@ module Brakeman
       if options[:only_files]
         init_options[:only_files] = Regexp.new("(?:" << options[:only_files].map { |f| Regexp.escape f }.join("|") << ")")
       end
+      init_options[:additional_libs_path] = options[:additional_libs_path]
       new(root, init_options)
     end
 
@@ -22,6 +23,7 @@ module Brakeman
       @root = root
       @skip_files = init_options[:skip_files]
       @only_files = init_options[:only_files]
+      @additional_libs_path = init_options[:additional_libs_path] || []
     end
 
     def expand_path(path)
@@ -54,15 +56,15 @@ module Brakeman
     end
 
     def controller_paths
-      @controller_paths ||= find_paths("app/controllers")
+      @controller_paths ||= find_paths("app/**/controllers")
     end
 
     def model_paths
-      @model_paths ||= find_paths("app/models")
+      @model_paths ||= find_paths("app/**/models")
     end
 
     def template_paths
-      @template_paths ||= find_paths("app/views", "*.{#{VIEW_EXTENSIONS}}")
+      @template_paths ||= find_paths("app/**/views", "*.{#{VIEW_EXTENSIONS}}")
     end
 
     def layout_exists?(name)
@@ -71,11 +73,16 @@ module Brakeman
     end
 
     def lib_paths
-      @lib_files ||= find_paths("lib").reject { |path| path.include? "/generators/" or path.include? "lib/tasks/" }
+      @lib_files ||= find_paths("lib").reject { |path| path.include? "/generators/" or path.include? "lib/tasks/" } +
+                     find_additional_lib_paths
     end
 
   private
 
+    def find_additional_lib_paths
+      @additional_libs_path.collect{ |path| find_paths path }.flatten
+    end
+
     def find_paths(directory, extensions = "*.rb")
       pattern = @root + "/{engines/*/,}#{directory}/**/#{extensions}"
 

data/lib/brakeman/checks/check_forgery_setting.rb

@@ -11,6 +11,9 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
 
   def run_check
     app_controller = tracker.controllers[:ApplicationController]
+
+    return unless ancestor? app_controller, :"ActionController::Base"
+
     if tracker.config[:rails][:action_controller] and
       tracker.config[:rails][:action_controller][:allow_forgery_protection] == Sexp.new(:false)
 

data/lib/brakeman/options.rb

@@ -124,6 +124,11 @@ module Brakeman::Options
           options[:skip_libs] = true
         end
 
+        opts.on "--add-libs-path path1,path2,etc", Array, "An application relative lib directory (ex. app/mailers) to process" do |paths|
+          options[:additional_libs_path] ||= Set.new
+          options[:additional_libs_path].merge paths
+        end
+
         opts.on "-t", "--test Check1,Check2,etc", Array, "Only run the specified checks" do |checks|
           checks.each_with_index do |s, index|
             if s[0,5] != "Check"

data/lib/brakeman/processors/library_processor.rb

@@ -106,8 +106,10 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
     exp.node_type = :methdef
 
     if @current_class
+      exp.body = process_all! exp.body
       @current_class[:public][exp.method_name] = { :src => exp, :file => @file_name }
     elsif @current_module
+      exp.body = process_all! exp.body
       @current_module[:public][exp.method_name] = { :src => exp, :file => @file_name }
     end
 
@@ -119,8 +121,10 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
     exp.node_type = :selfdef
 
     if @current_class
+      exp.body = process_all! exp.body
       @current_class[:public][exp.method_name] = { :src => exp, :file => @file_name }
     elsif @current_module
+      exp.body = process_all! exp.body
       @current_module[:public][exp.method_name] = { :src => exp, :file => @file_name }
     end
 

data/lib/brakeman/processors/output_processor.rb

@@ -43,41 +43,8 @@ class Brakeman::OutputProcessor < Ruby2Ruby
     "cookies"
   end
 
-  def process_string_interp exp
-    out = '"'
-    exp.each do |e|
-      if e.is_a? String
-        out << e
-      else
-        res = process e
-        out << res unless res == "" 
-      end
-    end
-    out << '"'
-    exp.clear
-    out
-  end
-
-  def process_string_eval exp
-    out = "\#{#{process(exp[0])}}"
-    exp.clear
-    out
-  end
-
-  def process_dxstr exp
-    out = "`"
-    out << exp.map! do |e|
-      if e.is_a? String
-        e
-      elsif string? e
-        e[1]
-      else
-        "\#{#{process e}}"
-      end
-    end.join
-    exp.clear
-    out << "`"
-  end
+  alias process_string_interp process_dstr
+  alias process_string_eval process_evstr
 
   def process_rlist exp
     out = exp.map do |e|
@@ -226,6 +193,8 @@ class Brakeman::OutputProcessor < Ruby2Ruby
         else
           raise "unknown type: #{pt.inspect}"
         end
+      when String then
+        s << pt
       else
         # HACK: raise "huh?: #{pt.inspect}" -- hitting # constants in regexps
         # do nothing for now

data/lib/brakeman/version.rb

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "3.0.0"
+  Version = "3.0.1"
 end

metadata

@@ -1,13 +1,14 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification 
 name: brakeman
-version: !ruby/object:Gem::Version
-  version: 3.0.0
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 3.0.1
 platform: ruby
-authors:
+authors: 
 - Justin Collins
 autorequire: 
 bindir: bin
-cert_chain:
+cert_chain: 
 - |
   -----BEGIN CERTIFICATE-----
   MIIDijCCAnKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQ8wDQYDVQQDDAZqdXN0
@@ -30,328 +31,295 @@ cert_chain:
   bxoxp9KNxkO+709YwLO1rYfmcGghg8WV6MYz3PSHdlgWF4KrjRFc/00hXHqVk0Sf
   mREEv2LPwHH2SgpSSab+iawnX4l6lV8XcIrmp/HSMySsPVFBeOmB0c05LpEN8w==
   -----END CERTIFICATE-----
-date: 2015-01-03 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+
+date: 2015-01-23 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: test-unit
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
   name: ruby_parser
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 3.5.0
-  type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
         version: 3.5.0
-- !ruby/object:Gem::Dependency
-  name: ruby2ruby
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 2.1.1
   type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: ruby2ruby
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
         version: 2.1.1
-- !ruby/object:Gem::Dependency
-  name: terminal-table
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.4'
   type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: terminal-table
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.4'
-- !ruby/object:Gem::Dependency
-  name: fastercsv
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "1.4"
   type: :runtime
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: fastercsv
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
-- !ruby/object:Gem::Dependency
-  name: highline
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.6.20
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "1.5"
   type: :runtime
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: highline
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
         version: 1.6.20
-- !ruby/object:Gem::Dependency
-  name: erubis
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.6'
   type: :runtime
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: erubis
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.6'
-- !ruby/object:Gem::Dependency
-  name: haml
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '3.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '5.0'
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "2.6"
   type: :runtime
+  version_requirements: *id007
+- !ruby/object:Gem::Dependency 
+  name: haml
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
+  requirement: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
     - - ">="
-      - !ruby/object:Gem::Version
-        version: '3.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '5.0'
-- !ruby/object:Gem::Dependency
-  name: sass
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
+      - !ruby/object:Gem::Version 
+        version: "3.0"
+    - - <
+      - !ruby/object:Gem::Version 
+        version: "5.0"
   type: :runtime
+  version_requirements: *id008
+- !ruby/object:Gem::Dependency 
+  name: sass
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: slim
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.3.6
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '3.0'
+  requirement: &id009 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "3.0"
   type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.3.6
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '3.0'
-- !ruby/object:Gem::Dependency
+  version_requirements: *id009
+- !ruby/object:Gem::Dependency 
   name: multi_json
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.2'
-  type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.2'
-description: Brakeman detects security vulnerabilities in Ruby on Rails applications
-  via static analysis.
+  requirement: &id010 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "1.2"
+  type: :runtime
+  version_requirements: *id010
+description: Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
 email: gem@brakeman.org
-executables:
+executables: 
 - brakeman
 extensions: []
+
 extra_rdoc_files: []
-files:
+
+files: 
+- bin/brakeman
 - CHANGES
+- WARNING_TYPES
 - FEATURES
 - README.md
-- WARNING_TYPES
-- bin/brakeman
 - lib/brakeman.rb
+- lib/ruby_parser/bm_sexp.rb
+- lib/ruby_parser/bm_sexp_processor.rb
 - lib/brakeman/app_tree.rb
-- lib/brakeman/brakeman.rake
 - lib/brakeman/call_index.rb
-- lib/brakeman/checks.rb
-- lib/brakeman/checks/base_check.rb
-- lib/brakeman/checks/check_basic_auth.rb
-- lib/brakeman/checks/check_content_tag.rb
-- lib/brakeman/checks/check_create_with.rb
-- lib/brakeman/checks/check_cross_site_scripting.rb
-- lib/brakeman/checks/check_default_routes.rb
-- lib/brakeman/checks/check_deserialize.rb
-- lib/brakeman/checks/check_detailed_exceptions.rb
-- lib/brakeman/checks/check_digest_dos.rb
-- lib/brakeman/checks/check_escape_function.rb
-- lib/brakeman/checks/check_evaluation.rb
-- lib/brakeman/checks/check_execute.rb
-- lib/brakeman/checks/check_file_access.rb
-- lib/brakeman/checks/check_file_disclosure.rb
-- lib/brakeman/checks/check_filter_skipping.rb
-- lib/brakeman/checks/check_forgery_setting.rb
-- lib/brakeman/checks/check_header_dos.rb
-- lib/brakeman/checks/check_i18n_xss.rb
-- lib/brakeman/checks/check_jruby_xml.rb
-- lib/brakeman/checks/check_json_parsing.rb
-- lib/brakeman/checks/check_link_to.rb
-- lib/brakeman/checks/check_link_to_href.rb
-- lib/brakeman/checks/check_mail_to.rb
-- lib/brakeman/checks/check_mass_assignment.rb
+- lib/brakeman/brakeman.rake
+- lib/brakeman/scanner.rb
+- lib/brakeman/options.rb
+- lib/brakeman/warning_codes.rb
+- lib/brakeman/differ.rb
 - lib/brakeman/checks/check_model_attr_accessible.rb
-- lib/brakeman/checks/check_model_attributes.rb
-- lib/brakeman/checks/check_model_serialize.rb
-- lib/brakeman/checks/check_nested_attributes.rb
-- lib/brakeman/checks/check_number_to_currency.rb
-- lib/brakeman/checks/check_quote_table_name.rb
+- lib/brakeman/checks/check_i18n_xss.rb
+- lib/brakeman/checks/check_digest_dos.rb
+- lib/brakeman/checks/check_session_settings.rb
 - lib/brakeman/checks/check_redirect.rb
+- lib/brakeman/checks/check_model_serialize.rb
 - lib/brakeman/checks/check_regex_dos.rb
-- lib/brakeman/checks/check_render.rb
-- lib/brakeman/checks/check_render_dos.rb
-- lib/brakeman/checks/check_render_inline.rb
-- lib/brakeman/checks/check_response_splitting.rb
+- lib/brakeman/checks/check_validation_regex.rb
+- lib/brakeman/checks/check_single_quotes.rb
+- lib/brakeman/checks/check_detailed_exceptions.rb
+- lib/brakeman/checks/check_file_access.rb
+- lib/brakeman/checks/check_unscoped_find.rb
+- lib/brakeman/checks/check_forgery_setting.rb
+- lib/brakeman/checks/check_symbol_dos.rb
+- lib/brakeman/checks/check_execute.rb
 - lib/brakeman/checks/check_safe_buffer_manipulation.rb
+- lib/brakeman/checks/check_skip_before_filter.rb
+- lib/brakeman/checks/check_default_routes.rb
+- lib/brakeman/checks/check_file_disclosure.rb
+- lib/brakeman/checks/check_basic_auth.rb
+- lib/brakeman/checks/check_render.rb
+- lib/brakeman/checks/base_check.rb
+- lib/brakeman/checks/check_mass_assignment.rb
 - lib/brakeman/checks/check_sanitize_methods.rb
-- lib/brakeman/checks/check_select_tag.rb
+- lib/brakeman/checks/check_simple_format.rb
 - lib/brakeman/checks/check_select_vulnerability.rb
-- lib/brakeman/checks/check_send.rb
 - lib/brakeman/checks/check_send_file.rb
-- lib/brakeman/checks/check_session_settings.rb
-- lib/brakeman/checks/check_simple_format.rb
-- lib/brakeman/checks/check_single_quotes.rb
-- lib/brakeman/checks/check_skip_before_filter.rb
-- lib/brakeman/checks/check_sql.rb
-- lib/brakeman/checks/check_sql_cves.rb
+- lib/brakeman/checks/check_response_splitting.rb
 - lib/brakeman/checks/check_ssl_verify.rb
+- lib/brakeman/checks/check_filter_skipping.rb
+- lib/brakeman/checks/check_jruby_xml.rb
+- lib/brakeman/checks/check_escape_function.rb
 - lib/brakeman/checks/check_strip_tags.rb
-- lib/brakeman/checks/check_symbol_dos.rb
-- lib/brakeman/checks/check_symbol_dos_cve.rb
+- lib/brakeman/checks/check_json_parsing.rb
+- lib/brakeman/checks/check_select_tag.rb
 - lib/brakeman/checks/check_translate_bug.rb
+- lib/brakeman/checks/check_quote_table_name.rb
+- lib/brakeman/checks/check_sql.rb
+- lib/brakeman/checks/check_yaml_parsing.rb
+- lib/brakeman/checks/check_render_inline.rb
+- lib/brakeman/checks/check_cross_site_scripting.rb
+- lib/brakeman/checks/check_link_to_href.rb
+- lib/brakeman/checks/check_deserialize.rb
+- lib/brakeman/checks/check_model_attributes.rb
+- lib/brakeman/checks/check_number_to_currency.rb
+- lib/brakeman/checks/check_content_tag.rb
+- lib/brakeman/checks/check_symbol_dos_cve.rb
+- lib/brakeman/checks/check_nested_attributes.rb
+- lib/brakeman/checks/check_send.rb
 - lib/brakeman/checks/check_unsafe_reflection.rb
-- lib/brakeman/checks/check_unscoped_find.rb
-- lib/brakeman/checks/check_validation_regex.rb
+- lib/brakeman/checks/check_evaluation.rb
+- lib/brakeman/checks/check_sql_cves.rb
+- lib/brakeman/checks/check_mail_to.rb
 - lib/brakeman/checks/check_without_protection.rb
-- lib/brakeman/checks/check_yaml_parsing.rb
-- lib/brakeman/differ.rb
+- lib/brakeman/checks/check_create_with.rb
+- lib/brakeman/checks/check_header_dos.rb
+- lib/brakeman/checks/check_link_to.rb
+- lib/brakeman/checks/check_render_dos.rb
+- lib/brakeman/processor.rb
 - lib/brakeman/file_parser.rb
+- lib/brakeman/version.rb
 - lib/brakeman/format/style.css
-- lib/brakeman/options.rb
-- lib/brakeman/parsers/rails2_erubis.rb
-- lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
+- lib/brakeman/checks.rb
+- lib/brakeman/tracker.rb
 - lib/brakeman/parsers/rails3_erubis.rb
+- lib/brakeman/parsers/rails2_erubis.rb
 - lib/brakeman/parsers/template_parser.rb
-- lib/brakeman/processor.rb
+- lib/brakeman/parsers/rails2_xss_plugin_erubis.rb
+- lib/brakeman/util.rb
+- lib/brakeman/report.rb
+- lib/brakeman/warning.rb
 - lib/brakeman/processors/alias_processor.rb
-- lib/brakeman/processors/base_processor.rb
+- lib/brakeman/processors/output_processor.rb
+- lib/brakeman/processors/template_processor.rb
+- lib/brakeman/processors/erubis_template_processor.rb
+- lib/brakeman/processors/erb_template_processor.rb
+- lib/brakeman/processors/model_processor.rb
+- lib/brakeman/processors/template_alias_processor.rb
 - lib/brakeman/processors/config_processor.rb
 - lib/brakeman/processors/controller_alias_processor.rb
-- lib/brakeman/processors/controller_processor.rb
-- lib/brakeman/processors/erb_template_processor.rb
-- lib/brakeman/processors/erubis_template_processor.rb
-- lib/brakeman/processors/gem_processor.rb
 - lib/brakeman/processors/haml_template_processor.rb
-- lib/brakeman/processors/lib/basic_processor.rb
-- lib/brakeman/processors/lib/find_all_calls.rb
-- lib/brakeman/processors/lib/find_call.rb
+- lib/brakeman/processors/base_processor.rb
 - lib/brakeman/processors/lib/find_return_value.rb
-- lib/brakeman/processors/lib/processor_helper.rb
-- lib/brakeman/processors/lib/rails2_config_processor.rb
-- lib/brakeman/processors/lib/rails2_route_processor.rb
-- lib/brakeman/processors/lib/rails3_config_processor.rb
 - lib/brakeman/processors/lib/rails3_route_processor.rb
-- lib/brakeman/processors/lib/render_helper.rb
+- lib/brakeman/processors/lib/find_all_calls.rb
+- lib/brakeman/processors/lib/basic_processor.rb
+- lib/brakeman/processors/lib/rails2_route_processor.rb
 - lib/brakeman/processors/lib/route_helper.rb
+- lib/brakeman/processors/lib/find_call.rb
+- lib/brakeman/processors/lib/render_helper.rb
+- lib/brakeman/processors/lib/rails3_config_processor.rb
+- lib/brakeman/processors/lib/rails2_config_processor.rb
+- lib/brakeman/processors/lib/processor_helper.rb
+- lib/brakeman/processors/controller_processor.rb
+- lib/brakeman/processors/slim_template_processor.rb
 - lib/brakeman/processors/library_processor.rb
-- lib/brakeman/processors/model_processor.rb
-- lib/brakeman/processors/output_processor.rb
+- lib/brakeman/processors/gem_processor.rb
 - lib/brakeman/processors/route_processor.rb
-- lib/brakeman/processors/slim_template_processor.rb
-- lib/brakeman/processors/template_alias_processor.rb
-- lib/brakeman/processors/template_processor.rb
-- lib/brakeman/report.rb
-- lib/brakeman/report/ignore/config.rb
-- lib/brakeman/report/ignore/interactive.rb
-- lib/brakeman/report/initializers/faster_csv.rb
-- lib/brakeman/report/initializers/multi_json.rb
-- lib/brakeman/report/renderer.rb
+- lib/brakeman/report/report_markdown.rb
 - lib/brakeman/report/report_base.rb
-- lib/brakeman/report/report_csv.rb
 - lib/brakeman/report/report_hash.rb
-- lib/brakeman/report/report_html.rb
-- lib/brakeman/report/report_json.rb
-- lib/brakeman/report/report_markdown.rb
-- lib/brakeman/report/report_table.rb
-- lib/brakeman/report/report_tabs.rb
 - lib/brakeman/report/templates/controller_overview.html.erb
-- lib/brakeman/report/templates/controller_warnings.html.erb
-- lib/brakeman/report/templates/error_overview.html.erb
-- lib/brakeman/report/templates/header.html.erb
+- lib/brakeman/report/templates/security_warnings.html.erb
+- lib/brakeman/report/templates/warning_overview.html.erb
 - lib/brakeman/report/templates/ignored_warnings.html.erb
 - lib/brakeman/report/templates/model_warnings.html.erb
+- lib/brakeman/report/templates/controller_warnings.html.erb
 - lib/brakeman/report/templates/overview.html.erb
-- lib/brakeman/report/templates/security_warnings.html.erb
-- lib/brakeman/report/templates/template_overview.html.erb
+- lib/brakeman/report/templates/error_overview.html.erb
 - lib/brakeman/report/templates/view_warnings.html.erb
-- lib/brakeman/report/templates/warning_overview.html.erb
+- lib/brakeman/report/templates/header.html.erb
+- lib/brakeman/report/templates/template_overview.html.erb
+- lib/brakeman/report/ignore/config.rb
+- lib/brakeman/report/ignore/interactive.rb
+- lib/brakeman/report/renderer.rb
+- lib/brakeman/report/report_table.rb
+- lib/brakeman/report/report_html.rb
+- lib/brakeman/report/report_csv.rb
+- lib/brakeman/report/report_tabs.rb
+- lib/brakeman/report/initializers/faster_csv.rb
+- lib/brakeman/report/initializers/multi_json.rb
+- lib/brakeman/report/report_json.rb
 - lib/brakeman/rescanner.rb
-- lib/brakeman/scanner.rb
-- lib/brakeman/tracker.rb
-- lib/brakeman/util.rb
-- lib/brakeman/version.rb
-- lib/brakeman/warning.rb
-- lib/brakeman/warning_codes.rb
-- lib/ruby_parser/bm_sexp.rb
-- lib/ruby_parser/bm_sexp_processor.rb
 homepage: http://brakemanscanner.org
-licenses:
+licenses: 
 - MIT
-metadata: {}
 post_install_message: 
 rdoc_options: []
-require_paths:
+
+require_paths: 
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
   - - ">="
-    - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
-  requirements:
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
   - - ">="
-    - !ruby/object:Gem::Version
-      version: '0'
+    - !ruby/object:Gem::Version 
+      version: "0"
 requirements: []
+
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 1.8.5
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: Security vulnerability scanner for Ruby on Rails.
 test_files: []
+

checksums.yaml

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: 8e036c60e03551ca1b437c9c0ba69ba388ec0bf1
-  data.tar.gz: 1b2cd12bd7417aa8409dc36d978d40557363c6d6
-SHA512:
-  metadata.gz: cf9478f1fa9747f397f1c614ee4058f1de4b0c99dc0c444d2ac169ec0d1aa5adf895ea0e804761d148cd7779fcb2f1a9fd6bc1dec73c99beaf005aa5c45ad1c7
-  data.tar.gz: 4b71efa6cf9e69e771d4698364d4ec2a7b19c05a1f3d24d8cd72a9e8e8bcb384143c5e06f8b7865d66bfa96ef52ae8a0dc7e302ddd7a65cdb15c8f0ffa21ee7b