brakeman 3.2.0.pre1 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES +4 -1
- data/lib/brakeman/checks/check_symbol_dos.rb +2 -0
- data/lib/brakeman/report/ignore/config.rb +9 -4
- data/lib/brakeman/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 29cc8c4c02ffe39935546b7fec4aea86bb445538
|
|
4
|
+
data.tar.gz: e7a969565a996a37c76ea94acb6f8011ca8ff6eb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fc5dff0ab0695c08c08b76e596cf1353f4dbb36ad6e09542f524fc10aa271105672ba16ce89bc747f11dd85d34eb83c412ce962596554b0cc3ffba5f33075b4b
|
|
7
|
+
data.tar.gz: 7e4ba7803effc7765b7c7b699d4dc1d20516a9579df83783ec4c4cfde98c33761160e0aad8ca19b4d5284bb8b76aa019b1aecb9a1720c4e74d720674e681049e
|
data/CHANGES
CHANGED
|
@@ -8,6 +8,8 @@ class Brakeman::CheckSymbolDoS < Brakeman::BaseCheck
|
|
|
8
8
|
@description = "Checks for symbol denial of service"
|
|
9
9
|
|
|
10
10
|
def run_check
|
|
11
|
+
return if rails_version > "5.0.0"
|
|
12
|
+
|
|
11
13
|
tracker.find_call(:methods => UNSAFE_METHODS, :nested => true).each do |result|
|
|
12
14
|
check_unsafe_symbol_creation(result)
|
|
13
15
|
end
|
|
@@ -13,6 +13,7 @@ module Brakeman
|
|
|
13
13
|
@ignored_fingerprints = Set.new
|
|
14
14
|
@notes = {}
|
|
15
15
|
@shown_warnings = @ignored_warnings = nil
|
|
16
|
+
@changed = false
|
|
16
17
|
end
|
|
17
18
|
|
|
18
19
|
# Populate ignored_warnings and shown_warnings based on ignore
|
|
@@ -35,8 +36,8 @@ module Brakeman
|
|
|
35
36
|
# Remove warning from ignored list
|
|
36
37
|
def unignore warning
|
|
37
38
|
@ignored_fingerprints.delete warning.fingerprint
|
|
38
|
-
@already_ignored.reject!
|
|
39
|
-
|
|
39
|
+
if @already_ignored.reject! { |w|w[:fingerprint] == warning.fingerprint }
|
|
40
|
+
@changed = true
|
|
40
41
|
end
|
|
41
42
|
end
|
|
42
43
|
|
|
@@ -46,11 +47,13 @@ module Brakeman
|
|
|
46
47
|
end
|
|
47
48
|
|
|
48
49
|
def ignore warning
|
|
50
|
+
@changed = true unless ignored? warning
|
|
49
51
|
@ignored_fingerprints << warning.fingerprint
|
|
50
52
|
end
|
|
51
53
|
|
|
52
54
|
# Add note for warning
|
|
53
55
|
def add_note warning, note
|
|
56
|
+
@changed = true
|
|
54
57
|
@notes[warning.fingerprint] = note
|
|
55
58
|
end
|
|
56
59
|
|
|
@@ -98,7 +101,7 @@ module Brakeman
|
|
|
98
101
|
|
|
99
102
|
w[:note] = @notes[w[:fingerprint]] || ""
|
|
100
103
|
w
|
|
101
|
-
end
|
|
104
|
+
end.sort_by { |w| w[:fingerprint] }
|
|
102
105
|
|
|
103
106
|
output = {
|
|
104
107
|
:ignored_warnings => warnings,
|
|
@@ -124,7 +127,9 @@ module Brakeman
|
|
|
124
127
|
end
|
|
125
128
|
end
|
|
126
129
|
|
|
127
|
-
|
|
130
|
+
if @changed
|
|
131
|
+
save_to_file warnings
|
|
132
|
+
end
|
|
128
133
|
end
|
|
129
134
|
end
|
|
130
135
|
end
|
data/lib/brakeman/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: brakeman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.2.0
|
|
4
|
+
version: 3.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Justin Collins
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain:
|
|
11
11
|
- brakeman-public_cert.pem
|
|
12
|
-
date: 2016-02-
|
|
12
|
+
date: 2016-02-25 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: test-unit
|
|
@@ -346,9 +346,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
346
346
|
version: '0'
|
|
347
347
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
348
348
|
requirements:
|
|
349
|
-
- - "
|
|
349
|
+
- - ">="
|
|
350
350
|
- !ruby/object:Gem::Version
|
|
351
|
-
version:
|
|
351
|
+
version: '0'
|
|
352
352
|
requirements: []
|
|
353
353
|
rubyforge_project:
|
|
354
354
|
rubygems_version: 2.4.8
|