brakeman 4.1.0 → 4.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +5 -0
  3. data/lib/brakeman/checks/check_divide_by_zero.rb +2 -0
  4. data/lib/brakeman/checks/check_permit_attributes.rb +2 -2
  5. data/lib/brakeman/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5473cad261403087ab82423bcb64eab734d11e8c
4
- data.tar.gz: 59a9f5320cdd156c0d6202cd950238ce05a7b92f
3
+ metadata.gz: 8415945622378ed5786ec1a2f6a95e43da5c78dd
4
+ data.tar.gz: d2e4f64d195384e14dd9629af3b858a2137a631f
5
5
  SHA512:
6
- metadata.gz: 72a9fc46b9385feddcb5ef032794470d68c2ce52f551f3eed00157c24e2f36015dff891f6c409a3862f78ec649c8aee2f3d373d5654f1fcfa3769d3cbf90f67c
7
- data.tar.gz: 2fb4b886463bea09c6a46b78b83a507d1312d1d2f68df7d94df364d2eb374ea758f9f7fb959299a632d089288bc0b4304ec04f793708505b76f450c7e639ac9d
6
+ metadata.gz: 80f963fb7bea3911adb45e90648b02e105087511163568e8f6eac7b1a4efac72878fa266614f44b8483491d39be3f381f6ad55e17ae41afa82c4194116f5a635
7
+ data.tar.gz: 34e491a6927e409a6cc1e80c4b2c21c152aaee8ab67e9b8cbff3b5e79dd50dc66052843106964eab1e161ecc64bc3121271f7847466caaa8d348bd9c74f6aa0e
data/CHANGES.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 4.1.1
2
+
3
+ * Remove check for use of `permit` with `*_id` keys
4
+ * Avoid duplicate warnings about permitted attributes
5
+
1
6
  # 4.1.0
2
7
 
3
8
  * Process models as root sexp instead of each sexp
data/lib/brakeman/checks/check_divide_by_zero.rb CHANGED
@@ -12,6 +12,8 @@ class Brakeman::CheckDivideByZero < Brakeman::BaseCheck
12
12
  end
13
13
 
14
14
  def check_division result
15
+ return unless original? result
16
+
15
17
  call = result[:call]
16
18
 
17
19
  denominator = call.first_arg
data/lib/brakeman/checks/check_permit_attributes.rb CHANGED
@@ -19,14 +19,14 @@ class Brakeman::CheckPermitAttributes < Brakeman::BaseCheck
19
19
  end
20
20
 
21
21
  def check_permit result
22
+ return unless original? result
23
+
22
24
  call = result[:call]
23
25
 
24
26
  call.each_arg do |arg|
25
27
  if symbol? arg
26
28
  if SUSPICIOUS_KEYS.key? arg.value
27
29
  warn_on_permit_key result, arg
28
- elsif arg.value.match /_id$/
29
- warn_on_permit_key result, arg, :medium
30
30
  end
31
31
  end
32
32
  end
data/lib/brakeman/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Brakeman
2
- Version = "4.1.0"
2
+ Version = "4.1.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brakeman
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.1.0
4
+ version: 4.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Collins
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain:
11
11
  - brakeman-public_cert.pem
12
- date: 2017-12-14 00:00:00.000000000 Z
12
+ date: 2017-12-19 00:00:00.000000000 Z
13
13
  dependencies: []
14
14
  description: Brakeman detects security vulnerabilities in Ruby on Rails applications
15
15
  via static analysis.