paraxial 0.5.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/paraxial/cli.rb +26 -1
- data/lib/paraxial/version.rb +1 -1
- data/lib/paraxial.rb +1 -0
- data/lib/rubocop/cop/paraxial/raw.rb +22 -0
- metadata +17 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2ef49572c0555fdaea4bc13d94f4faa2d771a9919ee54304d832b5b97306cc09
|
|
4
|
+
data.tar.gz: 3bd3f48e2517d1c309e8c57ec8814a6bf9077506c461904c5f38f1ecc7e35dd3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6ed1f565c95cffdc6e8940d2c92c1cee7c7cd6157fe5da9f304746a65c1687ca74141483add2ca13616cfe82371a27b396ae4fcb178dffb80cac014ace5ac152
|
|
7
|
+
data.tar.gz: aa3ab3d9ff75cd0ff804a859eebd847ca60d2be053dd004c963d7ed612296d7a574691accfdd26b2788126c94ad9d6311a0f77d9d4dc44d97cb169bd26f6d015
|
data/lib/paraxial/cli.rb
CHANGED
|
@@ -18,6 +18,15 @@ module Paraxial
|
|
|
18
18
|
|
|
19
19
|
def scan
|
|
20
20
|
puts '[Paraxial] Scan starting...'
|
|
21
|
+
if check_rubocop_configuration
|
|
22
|
+
puts '[Paraxial] .rubocop.yml is valid.'
|
|
23
|
+
else
|
|
24
|
+
puts '[Paraxial] .rubocop.yml is missing rubocop-erb. To scan embedded Ruby files for security problems, add:'
|
|
25
|
+
puts '.rubocop.yml'
|
|
26
|
+
puts 'require:'
|
|
27
|
+
puts '- rubocop-erb'
|
|
28
|
+
end
|
|
29
|
+
|
|
21
30
|
|
|
22
31
|
if Paraxial::Helpers.get_api_key.nil?
|
|
23
32
|
puts '[Paraxial] Environment variable PARAXIAL_API_KEY not found'
|
|
@@ -40,7 +49,7 @@ module Paraxial
|
|
|
40
49
|
m = JSON.parse(response.body)
|
|
41
50
|
findings = m['ok']['findings']
|
|
42
51
|
puts
|
|
43
|
-
puts "[Paraxial] Scan count #{findings.length}"
|
|
52
|
+
puts "[Paraxial] Scan count: #{findings.length}"
|
|
44
53
|
puts
|
|
45
54
|
findings.each do |finding|
|
|
46
55
|
puts finding
|
|
@@ -89,5 +98,21 @@ module Paraxial
|
|
|
89
98
|
end
|
|
90
99
|
end
|
|
91
100
|
|
|
101
|
+
private
|
|
102
|
+
|
|
103
|
+
def check_rubocop_configuration
|
|
104
|
+
rubocop_file = File.join(Dir.pwd, '.rubocop.yml')
|
|
105
|
+
|
|
106
|
+
return false unless File.exist?(rubocop_file)
|
|
107
|
+
|
|
108
|
+
config = YAML.load_file(rubocop_file)
|
|
109
|
+
required_key = 'require'
|
|
110
|
+
|
|
111
|
+
if config.is_a?(Hash) && config[required_key].is_a?(Array)
|
|
112
|
+
config[required_key].include?('rubocop-erb')
|
|
113
|
+
else
|
|
114
|
+
false
|
|
115
|
+
end
|
|
116
|
+
end
|
|
92
117
|
end
|
|
93
118
|
end
|
data/lib/paraxial/version.rb
CHANGED
data/lib/paraxial.rb
CHANGED
|
@@ -8,6 +8,7 @@ require_relative 'rubocop/cop/paraxial/system'
|
|
|
8
8
|
require_relative 'rubocop/cop/paraxial/send'
|
|
9
9
|
require_relative 'rubocop/cop/paraxial/constantize'
|
|
10
10
|
require_relative 'rubocop/cop/paraxial/html_safe'
|
|
11
|
+
require_relative 'rubocop/cop/paraxial/raw'
|
|
11
12
|
require_relative 'rubocop/cop/paraxial/sql'
|
|
12
13
|
require_relative 'paraxial/version'
|
|
13
14
|
require_relative 'paraxial/cli'
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
module RuboCop
|
|
2
|
+
module Cop
|
|
3
|
+
module Paraxial
|
|
4
|
+
class Raw < Base
|
|
5
|
+
MSG = '`raw` leads to XSS when called on user input'
|
|
6
|
+
|
|
7
|
+
def on_send(node)
|
|
8
|
+
method_name = node.method_name
|
|
9
|
+
return unless send_methods.include?(method_name)
|
|
10
|
+
|
|
11
|
+
add_offense(node, message: format(MSG, method: method_name))
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
|
|
16
|
+
def send_methods
|
|
17
|
+
[:raw]
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: paraxial
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael Lubas
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-09-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -66,6 +66,20 @@ dependencies:
|
|
|
66
66
|
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: rubocop-erb
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - ">="
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '0'
|
|
76
|
+
type: :runtime
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - ">="
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '0'
|
|
69
83
|
description:
|
|
70
84
|
email:
|
|
71
85
|
- michael@paraxial.io
|
|
@@ -90,6 +104,7 @@ files:
|
|
|
90
104
|
- lib/rubocop/cop/paraxial/constantize.rb
|
|
91
105
|
- lib/rubocop/cop/paraxial/csrf.rb
|
|
92
106
|
- lib/rubocop/cop/paraxial/html_safe.rb
|
|
107
|
+
- lib/rubocop/cop/paraxial/raw.rb
|
|
93
108
|
- lib/rubocop/cop/paraxial/send.rb
|
|
94
109
|
- lib/rubocop/cop/paraxial/sql.rb
|
|
95
110
|
- lib/rubocop/cop/paraxial/system.rb
|